Data Networking/Fall 2015/Manan2912
Project Objective
[edit | edit source]To build a robust, secure, dynamic and intelligent network consisting of a DHCP server, DNS server, Web server with firewall and a client for a start-up company.
Project Team members
[edit | edit source]Manan Mehta
Jagruti Belani
Harsh Chheda
Network elements
[edit | edit source]Implemented demo network consists of following elements:
- DHCP (Dynamic Host Configuration Protocol)
- DNS (Domain Name System)
- WEB SERVER AND FIREWALL
Dynamic Host Configuration Protocol (DHCP)
[edit | edit source]DHCP is a client/server protocol which dynamically assigns IP addresses to clients connected to the network along with other network information such as DNS IP address, default gateway etc. It lets network administrator to centrally manage and allocate IP addresses within the network.
Behavior of the protocol
[edit | edit source]It is a client-server protocol; which uses UDP at port 67. The server dynamically assigns IP addresses, subnet mask and gateways to clients from a pool of IP addresses given to it.
Signaling
[edit | edit source]Following steps taken place in a DHCP scenario:
- First, all newly entered host have to locate DHCP server. For that, client sends a discovery request with client id 0.0.0.0 and destination address of 255.255.255.255
- When DHCP server receives a discovery request from client it sends DHCP offer message with valid subnet IP addresses in response.
- Newly arrived client will choose one offer from a number of available offers from different DHCP servers and send request to that particular server.
- That DHCP server will assign the IP address to the client and send an acknowledgement to the client.
DHCP Configuration
[edit | edit source]Most widely used DHCP servers are
- Windows DHCP server
- ISC-DHCP server
We have used ISC-DHCP as it is open source software; which can be freely run on Linux machine and it’s mostly matches its performance environment. Following commands are used to implement DHCP server on ubuntu Linux machine.
1. Update package list
sudo apt-get update
2. Install DHCP server
sudo apt-get install isc-dhcp-server -y
3. Make changes into DHCP configuration file
sudo nano /etc/dhcp/dhcpd.conf
Following changes are made in DHCP file:
- While inspecting the dhcpd.conf file locate simple subnet configuration
- Here, mention Subnet mask, Gateway router, leasing address range for subnet, broadcast address and Default and Max lease time as per your network need
4. Configure static IP addresses for Web server and DNS server (as we don’t want DHCP to allocate dynamic IP addresses to these everytime)
sudo nano /etc/dhcp/dhcpd.conf
After doing all changes the DHCP configuration file will look like this.
5. Restart DHCP server to apply the changes.
sudo service isc-dhcp-server restart
After entering this command in terminal; the server must be in ok/started state, otherwise recheck the dhcpd.conf file.
Testing
[edit | edit source]1. DHCP leasing: - the leases on the DHCP server and the IP addresses that has been leased to the client can be verified by using the following command.
sudo tail /var/lib/dhcp/dhcpd.leases
2. DHCP LOG: - the log output of DHCP can be verified using this command.
sudo tail –f /var/log/syslog
Domain Name System (DNS)
[edit | edit source]The Domain Name System is a hierarchical database, its responsibility is to provide name against each public domain IP address and vice –versa for websites on Internet. It is an overhead application layer protocol. It is defined by RFC 1034 & RFC 1035.
Behaviour of Protocol
[edit | edit source]DNS is a client-server type application layer protocol which uses UDP port 53. DNS client requests host mapping with a DNS request packet and the DNS server fetches the corresponding record, encapsulates it in a reply packet and sends it over UDP.
DNS Server
[edit | edit source]The authoritative name server of a company holds the records for its web servers, mail servers and canonical names of the servers. These records are configured in the DNS server by registrars certified by Internet Corporation for Assigned Names and Numbers (ICANN).
Signaling
[edit | edit source]Following steps are performed in DNS request-reply cycle:
1. The client sends a DNS query to the LOCAL DNS.
2. The LOCAL DNS forwards query to the ROOT server and reply will be sent to LOCAL DNS containing NS and A records of corresponding TLD server.
3. The reply will be sent to ROOT DNS server containing NS and A records of corresponding AUTHORATIVE Name Server.
4. The ROOT server will then send a query to the AUTHORITATIVE server & will forward the reply to the LOCAL server.
DNS Configuration
[edit | edit source]As explained in DHCP section, the DNS server is given a static IP address.
Some of the DNS software packages available are BIND, Power DNS and Posadis. Among all BIND is widely used and it fulfils all native requirement of DNS functionality like recursive, authoritative, cacheing name-server and it also contains a resolver client library. Whereas, Power DNS contains two different packages namely “PowerDNS Authoritative Server” & “PowerDNS Recursor”. The later package is more vulnerable (resolved as of now but still not recommended by network administrators). Posadis ,an open source DNS package, but it’s not maintained by any community and hence not preferable.
We have used BIND software. The latest version is Bind9.4 which supports a compile-time option for zone strategy in a variety of database formats. Moreover Bind9 also overcomes some serious security issues which were present in Bind 4 and Bind 8. Thus, Bind9 provides a robust architecture for our DNS server. Following steps are used to implement DNS server.
1.Update the package list.
sudo apt-get update
2.Install bind9.
sudo apt-get install bind9
3. Create a forward zone file.
sudo cp /etc/bind/db.local /etc/bind/db.linuxproject4.com
4. Open file /etc/bind/db.linuxproject4.com and edit it. After edition the file will look like below.
5. Create reverse zone file
sudo cp /etc/bind/db.127 /etc/bind/db.192
6. Open file /etc/bind/db.192 & edit it as below.
7. Open /etc/bind/named.conf.local file & add forward and reverse zones.
8. Change nameserver.
sudo nano /etc/resolv.conf