Data Networking/Spring 2015/PABR
Project Team Members
[edit | edit source]- Preetam Patil
- Apurva Sharma
- Bhaskar Balasubramanyam
- Renjith Prasad
Overview of the project
[edit | edit source]Project is to build a DNS Server, DHCP server and a WEB server hosting a web page using Linux. DHCP server will provide IP address to all the devices connected in its network. DNS server will resolve the IP address of the given domain name so that the client computer could start its communication. Web Server will host a HTML page. We have also implement security by adding firewalls at webserver in order to make the system secure and reliable
Requirement of the Project
[edit | edit source]We need to have a Linux based OS. We need to install bind9 for DNS server ,apache2 for webserver and ISC-DHCP-SERVER for DHCP server.
Step-by-Step Procedure to implement the project
[edit | edit source]Domain Name Server (DNS):
[edit | edit source]- Implementation of DNS server.
Commands used for Implementation of DNS server
Step 1:
For this project the BIND9 DNS server is used. Below command is used to Setting up a Bind DNS server on Ubuntu
sudo apt-get install bind9
Step 2:
Make changes in named.conf.options and named.conf.local files for the configuration of DNS server:
Configuration in named.conf.options file:
forwarders { 8.7.8.8; 8.8.4.4; };
Step 3:
Create the forward lookup zone and for the reverse lookup zone in named.conf.local file
Configuration in named.conf.local file:
1)FORWARD look up zones zone "DNlinux.com" { type master; file "/etc/bind/db.DNlinux.com"; allow-transfer {192.168.43.3;}; };
2)REVERSE look up zones zone "43.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; allow-transfer {192.168.43.3;}; };
Step 4: Create a Forward lookup zone file: db.DNlinux.com. The forward lookup zone is created in directory /etc/bind/
Configuration in forward lookup zone file db.DNlinux.com:
$TTL 86400 @ IN SOA DNlinux.com. root.DNlinux.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS DNlinux.com. @ IN A 192.168.43.118 name IN A 192.168.43.9 www IN CNAME name
Step 5: Create a reverse lookup zone file: db.192. The reverse lookup zone is created in directory /etc/bind/
Configuration in reverse lookup zone file db.192:
$TTL 604800 @ IN SOA DNlinux.com. root.DNlinux.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS DNlinux.com. 118 IN PTR DNlinux.com. 9 IN PTR mail.DNlinux.com. 9 IN PTR www.DNlinux.com.
Dynamic Host Configuration Protocol (DHCP):
[edit | edit source]Commands used for implementation of DHCP:
Step 1:
Install the isc-dhcp-server package
sudo apt-get install isc-dhcp-server <br>
Step 2:
Edit the Configuration file to configure the DHCP server with information for the Scope, Superscope, Address Pool, Exclusion Range, Reservation and lease.
sudo cp dhcpd.conf dhcpd-backup.conf sudo gedit dhcpd.conf
{ ddns-update-style none; shared-network foo.foo { For Wifi Hot spot A slightly different configuration for an internal subnet. subnet 192.168.43.0 netmask 255.255.255.0 { range 192.168.43.10 192.168.43.150; range 192.168.43.170 192.168.43.220; so 151 to 169 is excluded option domain-name-servers 192.168.43.2, 192.168.43.3; option domain-name "internal.example.org"; option routers 192.168.43.1; option broadcast-address 192.168.43.255; default-lease-time 600; max-lease-time 7200; } For #1115A slightly different configuration for an internal subnet. subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; option domain-name-servers 192.168.1.1, 8.8.4.4; option domain-name "internal.example.org"; option routers 192.168.1.1; option broadcast-address 192.168.1.255; default-lease-time 600; max-lease-time 7200; } } end of foo.foo host apurva { hardware ethernet 00:0c:29:2d:04:9b; fixed-address 192.168.43.2; for dns option domain-name-servers 192.168.43.2, 192.168.43.3; } host apurva-slave { hardware ethernet 00:0c:29:98:82:29; fixed-address 192.168.43.3; --for slave dns option domain-name-servers 192.168.43.2, 192.168.43.3; } <br> host renjith-WS { hardware ethernet 00:0c:29:c3:71:73; fixed-address 192.168.43.118; option domain-name-servers 192.168.43.2, 192.168.43.3; } }
Step 3:
Configure the interfaces file to include the interface (eth0) along with the ip address, gateway, dns-nameservers.
sudo gedit /etc/network/interfaces
Step 4:
Add the interface (eth0) to the isc-dhcp-server file
sudo gedit /etc/default/isc-dhcp-server
Step 5:
Start the dhcp service
sudo service isc-dhcp-server start
Step 6: – You can check the leased addresses in the /var/lib/dhcp/dhcp-leases file
Web Server
[edit | edit source]Step 1:
Commands used for implementation of Web server:
The command sudo apt-get install apache2 will install the apache2 web server software on the host machine. The apache2 web server comes with a basic html page, which will be your localhost webpage
Step 2: Editing the Webpage
In order to edit the webpage for creating own user interface, the command cd /var/www/html/index.html is used.
Firewall
[edit | edit source]Firewall is configured using iptables , which is easy to use, and it used iptables for storing its rules. The commands used for configuring and setting rules are: Initially, the firewall is configured so as to accept all connections. For that
sudo iptables – A INPUT –m conntrack -–ctstate ESTABLISHED,RELATED –j ACCEPT command is queried. Sudo iptables –A INPUT –p tcp –dport 22 –j ACCEPT, Sudo iptables –A INPUT –p tcp –dport 80 –j ACCEPT, Sudo iptables –A INPUT –j DROP, Sudo iptables –I INPUT 1 –i lo –j ACCEPT, Sudo Iptables –N port –scan
Future Implementation
[edit | edit source]1) Increasing the security of the DNS server by providing Digital certificate and access authentications.
2) Increasing the cache rate of the DNS server by implementing the concept of piggybacking.
3) Increase the security at web servers by implementing SSL service.
4) Implementation of the backup server for DHCP. Whenever the primary DHCP server fails we can use the secondary backup server.
5) Implementation of proxy server in order reduce the network traffic and RTT time to load the page.
6) Implementation of IPV6 protocol. IPV6 allows to send larger datagram as compared to IPV4.
References
[edit | edit source]1) https://help.ubuntu.com/community/BIND9ServerHowto
2) https://ubuntuforums.org
3) Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross
4) Computer Networks (5th Edition) Andrew S. Tanenbaum