Application Session (Hands-on) Athanassios Liakopoulos (GRNET) version 1.01

Similar documents
DNS Configuration Guide. Open Telekom Cloud

2 nd SEE 6DISS Workshop Plovdiv June Host Configuration (Windows XP) Athanassios Liakopoulos

OPS535 Lab 5. Dynamic DNS. RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE)

Hands-on Session Applications

RHCE BOOT CAMP BIND. Wednesday, November 28, 12

Linux Network Administration

CIA Lab Assignment: Domain Name System (1)

Web Server rpm. Web Server. #rpm q apache apache sis. package apache not installed CD-ROM

S Computer Networks - Spring What and why? Structure of DNS Management of Domain Names Name Service in Practice

Domain Name System - Advanced Computer Networks

Prepared by Shiba Ratna Tamrakar

ENUM Dialing on Cisco Expressway

Managing Zones. Staged and Synchronous Modes CHAPTER. See Also

Services: DNS domain name system

Lesson 9: Configuring DNS Records. MOAC : Administering Windows Server 2012

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1

Reverse DNS Overview

Cisco Expressway ENUM Dialing

Advanced SUSE Linux Enterprise Server Administration (Course 3038) Chapter 3 Configure Network Services

IPv6 Support in the DNS. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

CSCE 463/612 Networks and Distributed Processing Spring 2018

How to Configure DNS Zones

DNS. Introduction To. everything you never wanted to know about IP directory services

A case study of IPv6 deployment. tcd.ie. David Malone. 22 May 2003

Answer: B. Answer: D. Answer: C

Agha Mohammad Haidari General ICT Manager in Ministry of Communication & IT Cell#

DEPLOY A DNS SERVER IN A SECURE WAY

DNS Session 2: DNS cache operation and DNS debugging. Joe Abley AfNOG 2006 workshop

This video will look at how to create some of the more common DNS records on Windows Server using Remote Administration Tools for Windows 8.

Central America Workshop - Guatemala City Guatemala 30 January - 1 February 07 Stateless and Stateful Auto-configuration using Router Advertisements

CSE 265: System & Network Administration

Setting up DHCP, DNS and NFS on the CLTC Server

How to Add Domains and DNS Records

Network+ Guide to Networks, Seventh Edition Chapter 2, Solutions

DNS, DHCP and Auto- Configuration. IPv6 Training Day 18 th September 2012 Philip Smith APNIC

Building and Modifying DNS Rules

Configure IBM Security Identity Manager Virtual Appliance in Cloud

Lab 3.4.2: Managing a Web Server

BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario

DNS / DNSSEC Workshop. bdnog November 2017, Dhaka, Bangladesh

ECE 650 Systems Programming & Engineering. Spring 2018

Secured Dynamic Updates

Lab - Using Wireshark to Examine a UDP DNS Capture

DNS Session 2: DNS cache operation and DNS debugging. How caching NS works (1) What if the answer is not in the cache? How caching NS works (2)

Lab - Using Wireshark to Examine a UDP DNS Capture

Much is done on the Server, it20:

Managing Caching DNS Server

Problem Max. Points Act. Points Grader

Configuration of Authoritative Nameservice

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

Networking Applications

Cisco Network Address Translation (NAT)

Network+ Guide to Networks, Seventh Edition Chapter 2, Solutions

Platform Administration

APNIC elearning: DNS Concepts

Examination 2D1392 Protocols and Principles of the Internet 2E1605 Internetworking. Date: March 9 th 2007 at 8:00 13:00 SOLUTIONS

IPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping

INF204x Module 1 Lab 1: Configuring and Troubleshooting Networking Part 1

IT341 Introduction to System Administration Project V Implementing DNS

521262S Computer Networks 2 (fall 2007) Laboratory exercise #4: Multimedia, QoS and testing

DNS & DHCP CONFIGURATION

IT Domain Name System Revisited

ICS 351: Networking Protocols

Lab Using Wireshark to Examine Ethernet Frames

BIG-IP DNS: Implementations. Version 12.0

A Case Study of IPv6 Deployment in tcd.ie

QUICK START GUIDE Cisco Internet Streamer CDS

Chapter 10: Application Layer CCENT Routing and Switching Introduction to Networks v6.0

IPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping

Course Outline: Linux Professional Institute-LPI 202. Learning Method: Instructor-led Classroom Learning. Duration: 5.00 Day(s)/ 40 hrs.

2016/01/17 04:04 1/9 Basic Routing Lab

ECE 435 Network Engineering Lecture 7

Configuring DNS. Finding Feature Information

Lab Using Wireshark to Examine Ethernet Frames

[ Due: N.A ] [ Points: PRICELESS ] [ Date: 2/9/2016] [ Goings, Jesse ] Computer Network Specialist Center For Arts and Technology College Kelowna BC

How to Setup an Arabic Root Server

APACHE INSTALLATION & BASIC CONFIGURATION. Thursday, November 8, 12

Configure Wildcard-Based Subdomains

Presenter. Xiaolong Li, Assistant Professor Department of Industrial and Engineering Technology Morehead State University

SOA Software API Gateway Appliance 6.3 Administration Guide

Resource Records. Host Address Name-to-address mapping for the zone. Table 1: Resource Records

Resource Records APPENDIX

Resource Records APPENDIXA

Hands-On TCP/IP Networking

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Module 11a MPLS VPWS Configuration Lab (LDP)

iptables and ip6tables An introduction to LINUX firewall

Building and Modifying DNS Rules

Internet Load Balancing Guide. Peplink Balance Series. Peplink Balance. Internet Load Balancing Solution Guide

Introduction. An introduction to the equipment and organization of the Internet Lab.

Goal of this session

Lab Configuring and Verifying Extended ACLs Topology

NETWORK PACKET ANALYSIS PROGRAM

Web Portal User Manual for

CCNA Exploration Network Fundamentals. Chapter 03 Application Functionality and Protocols

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

CS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS

DNS Management with Blue Cat Networks at PSU

SJTU 2018 Fall Computer Networking. Wireless Communication

Transcription:

Application Session (Hands-on) Athanassios Liakopoulos (GRNET) aliako@grnet.gr version 1.01 1. Lab information Network Topology The network topology is shown in Figure 1. PCs belong to different VLANs, each of them having a different IPv6 address prefix. For example, the first three PCs in the 2 nd row belong in the VLAN 3 and use the 2001:w:z:3::/64 1 address space. IPv6 address space 2001:w:z::/48 (w=1a70, z=ff10) VLAN X address space: 2001:w:z:X::/64 Presenters Laptops Linux Server 2001:w:z::1/128 a.b.c.240/27 Access point Mediterranean 6DISS Workshop IPv4 address space a.b.c.0/24 (a=193, b=188, c=33) VLAN 100 (Management & Wireless) 2001:w:z::/64 Row No 1 Ethernet Local router VLAN 1 2001:w:z:1::/64 VLAN 2 Row No 2 VLAN 3 2001:w:z:3::/64 VLAN 3 2001:w:z:4::/64 Row No 3 IPv6 Internet VLAN 5 2001:w:z:5::/64 VLAN 6 Row No 4 Row No 5 VLAN 7 2001:w:z:7::/64 VLAN 9 2001:w:z:9::/64 VLAN 8 VLAN 10 VLAN IPv4 addressing Vlan 1 193.188.33.0/29 (gw.6) Vlan 2 193.188.33.8/29 (gw.14) Vlan 3 193.188.33.16/29 (gw.22) Vlan 4 193.188.33.24/29 (gw.30) Vlan 5 193.188.33.32/29 (gw.28) Vlan 6 193.188.33.40/29 (gw.46) Vlan 7 193.188.33.48/29 (gw.54) Vlan 8 193.188.33.56/29 (gw.62) Vlan 9 193.188.33.64/29 (gw.70) Vlan 10 193.188.33.72/29 (gw.78) Vlan 100 193.188.33.92/27 (gw.200) Figure 1: 6DISS lab topology. Linux Server Α PC having Scientific Linux 4.2 (https://www.scientificlinux.org/) is running BIND 9.2.4 (http://www.isc.org/sw/bind/) and Apache HTTP Web Server 2.0.55 (http://httpd.apache.org/). Access to the linux server is allowed via SSH/FTP at the IPv6 address 2001:w:z:100::1/64 (or the IPv4 address a.b.c.240) using the login/password: root/6diss. 1 Please refer to Figure 1 for the values of w and z at the IPv6 address. 1/7

Exercise A: IPv6 DNS Objectives There are IPv4 DNS (A, PTR) entries in the /var/named/ directory for all lab PCs. Participants are asked to create the relevant IPv6 DNS (AAAA, PTR) entries. Requirements Participant should have basic knowledge of DNS and the BIND application. DNS configuration basics A DNS server is configured via the /etc/named.conf file. The forwardor reverse-zone files, i.e. the files that contain the (IPv4) DNS entries, are defined using via the following syntax in the /etc/named.conf: zone "testbed.6diss.org" in { type master file "db.6diss" } zone "<c>.<b>.<a>.in-addr.arpa" in { type master file "db.<a>.<b>.<c>" } In order to add IPv6 DNS entries for PCs belong in VLAN X, the zone file db.6dissx 2 and the reverse-zone db.x.z.w 3.2001 have to be created by the system administrator. Furthermore, the file /etc/named.conf should also contain the appropriate entries for the aforementioned files, as follows: zone "testbed.6dissx.org" in { type master file "db.6dissx" } zone "X.0.0.0.<z>.<w> 4.1.0.0.2.ip6.arpa" in { type master file "db.x.<z>.<w>.2001" } Exercises steps 1. Reboot one PC per VLAN using the Scientific Linux partition and install BIND 9.2.4 (http://www.isc.org/index.pl?/sw/bind/). This PC will become the server for the group. 2 The IPv4 and IPv6 forward zone files could be the same. However, in the 6DISS training the forwardzone files for IPv4 and IPv6 are separated in order to allow different groups to create their own configuration. 3 Please refer to Figure 1 for the values of w and z at the IPv6 address. 4 Example: zone "1.0.0.0.0.1.f.f.0.7.a.1.1.0.0.2.ip6.arpa" 2/7

Make sure that you removed any configuration from the previous exercise that could harm the IPv6 connectivity or routing. Set the IPv6 address of the linux server as 2001:w:z:VLAN_X:1 Note down the IPv4 address of the server. 2. Create and populate the files "testbed.6dissx.org" and "X.0.0.0.<z>.<w>.1.0.0.2.ip6.arpa" (Tip: See configuration examples at the end of the document) 3. Validate the configuration files using the command named-checkzone (Tip (example): # named-checkzone testbed.6diss1.org db.6diss1) 4. Restart DNS server (Tip: kill -HUP `cat /var/run/named/named.pid` or rndc reload) 5. Check DNS server logs (Tip: grep named /var/log/messages) 6. Validate DNS queries using the other PC in the VLAN. Do the same using the local linux server. What is the transport protocol for the DNS queries? (Tip: Use the nslookup and change the DNS server to IPv4 address of the local linux server in the VLAN) 7. Use IPv6 as DNS queries transport protocol. What is the problem in the DNS queries at the PCs with WinXP? Is there the same problem in DNS queries in the Linux machines? (Tip: Add the following configuration lines at the named configuration file Allow IPv6 transport listen-on-v6 port 53 {any}) (Tip: Use the nslookup and change the DNS server to 2001:w:z:VLAN_X:1) Exercise B: Enable an Apache server Objectives Lab participants are asked to set up and IPv6-enabled server. In addition, different IPv6 and IPv4 web pages are created while IPv4-only web sites are accessed via an IPv6 proxy. Apache HTTP configuration basics An Apache web server is configured via the /etc/httpd/conf/http.conf file. Access privileges to pages are defined in the /etc/httpd/conf.d directory. Further information can be found at http://httpd.apache.org/docs-2.0/. Exercises steps 1. Reboot at least one PC per VLAN using the Scientific Linux partition. Install the Apache HTTP server 2.0.55 (http://httpd.apache.org/). As the server supports both IPv6/4, you do not have to do any change in the configuration. Make sure that you removed any configuration from the previous exercise that could harm the IPv6 connectivity or routing. Set the IPv6 address of the linux server as 2001:w:z:VLAN_X::1 Note down the IPv4 address of the server. 3/7

2. Create two directories to store HTML files. The directory /var/www/html6 will be used for accessing the server via IPv6 while the directory /var/www/html4 will be used for accessing the server via IPv4. a) Create the following HTML files: a) <html> <body> You have successfully accessed an HTML page over <b>ipv6</b>! <br> 6DISS Workshop In Malta </body></html> b) <html> <body> ERROR: THIS PAGE IS ACCESSED OVER IPv4. PLEASE USE an <a href=http://[2001:648:2320:1000::1]><b>ipv6</b></a> LINK TO SEE THE CONTENT OF THIS WEB SITE <br> </body></html> 3. Create a virtual host for accessing the web server via IPv4. (Tip: Add the following lines to httpd.conf file: <VirtualHost a.b.c.k 5 :80> DocumentRoot /var/www/html4 </VirtualHost> 4. Restart the server and access the HTTP server over IPv4 (Tip: Use the command # service httpd restart or # apachectl restart) 5. Allow proxying to another web site. (Tip: Add the following lines to httpd.conf file: ProxyPass /6diss/ http://www.6diss.org/ <Location /6diss/> ProxyPassReverse / </Location> 6. Restart the server. Exercise C: Examples of various IPv6 applications Objectives Lab participants are asked to use simple IPv6 applications and verify their proper operation. Exercises steps 1. Access an IPv6 web site and capture traffic using ethereal tool. 2. Access an IPv6-enabled FTP server. Verify that the connection is established via IPv6. Which FTP server is IPv6-enables ftp.ntua.gr or ftp.auth.gr? 3. Access an AS Path web site. Find the number of IPv6 AS numbers and the number of routing entries in the IPv6 routing table. Identify the IPv6 upstream provider for local NREN. What is worth noticing? (Tip: http://www.join.uni-muenster.de/bgp/bgp.html) 4. Use a Looking Glass web site. Identify the same information as in previous step. (Tip: http:// http://netmon.grnet.gr/lg.shtml) 5 Use the IPv4 address noted in step 1. 4/7

Supporting info Appendix A: DNS supporting info Examples BIND files Forward-zone file for testdomain.org testdomain.org. IN SOA server.testdomain.org. root.server.testdomain.org. ( 1 Serial 10800 Refresh after 3 hours 3600 Retry after 1 hour 604800 Expire after 1 week 86400 ) Minimum TTL of 1 day Name servers testdomain.org. IN NS server.testdomain.org. Define $ORIGIN $ORIGIN testdomain.org. If an $ORIGIN directive is not defined - BIND uses the zone name in the named.conf file as the initial ORIGIN @ IN NS server.testdomain.org. Host addresses localhost.testdomain.org. IN A 127.0.0.1 laptop.testdomain.org. IN A 10.10.10.1 server.testdomain.org. IN A 10.10.10.202 camera.testdomain.org. IN A 10.10.10.201 Multi-homed hosts router.testdomain.org. IN A 10.10.10.200 Aliases www IN CNAME server IPv6 host addresses localhost.testdomain.org. IN AAAA ::1 laptop.testdomain.org. IN AAAA 2001:648:E000:1000::1 server.testdomain.org. IN AAAA 2001:648:E000:1000::2 Reverse-zone file for testdomain.org 0.0.0.1.0.0.0.E.8.4.6.0.1.0.0.2.ip6.arpa. IN SOA server.testdomain.org. root.server.testdomain.org. ( 1 Serial 10800 Refresh after 3 hours 3600 Retry after 1 hour 604800 Expire after 1 week 86400 ) Minimum TTL of 1 day Name servers 0.0.0.1.0.2.3.2.8.4.6.0.1.0.0.2.ip6.arpa. IN NS server.testdomain.org. Addresses point to canonical name 5/7

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.E.8.4.6.0.1.0.0.2.ip6.arpa. laptop.testdomain.org. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.E.8.4.6.0.1.0.0.2.ip6.arpa. server.testdomain.org. IN PTR IN PTR Localhost 0.0.0.0.ip6.arpa. IN SOA server.aliako.gr. root.server.aliako.gr ( 1 Serial 10800 Refresh after 3 hours 3600 Retry after 1 hour 604800 Expire after 1 week 86400 ) Minimum TTL of 1 day 0.0.0.0.ip6.arpa. IN NS server.aliako.gr. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. IN PTR localhost. Appendix B: Compact Ethereal documentation Ethereal is used by network professionals around the world for troubleshooting, protocol analysis, software and protocol development, and education. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows. See further information at http://www.ethereal.com/. In order to capture packets, use the menu (Capture -> Start) If you want to capture only a specific set of packets, use capture filters (Capture- >Options), as shown in Figure 2. Figure 2: Ethereal packet capture filters (Tip: Use the capture filter ip6 to capture only IPv6 packets or icmp6 capture only ICMPv6 packets) After having captured some traffic, you can also filter the results using the Filter option, as shown in the Figure 3. 6/7

Figure 3: Ethereal interface (Tip: Use the filter ip6 to show only IPv6 packets, icmpv6.code==0 to show ICMP packets of specific code or http to show HTTP traffic.) Appendix C: Lab specifications PCs are running WinXP (SP2) and Scientific Linux 4.2. Workshop local router is a Cisco 1811 using c181x-advipservicesk9-mz.124-2.xa.bin. Ethereal Version 0.10.13 is also installed at the WinXP partition. 7/7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback