Today we start looking at networking, and in particular focus on DNS, the domain name system that maps hostnames to network IP addresses.
Wireshark (formerly known as Ethereal) is a popular cross-platform packet sniffer --- it can record the packets that your network adapter sees on the network. Under normal circumstances, your adapter sees only the traffic that is sent to or from your computer. When you use a shared medium (such as a wireless network or a hub instead of a switch) you'll also be able to see packets belonging to other computers.
Packet sniffers such as wireshark and tcpdump are valuable tools to understand exactly what traffic is flowing on a link, and to debug network applications. However, in a non-switched environment it can enable you to see other people's traffic, and even in a switched environment you will be able to see other people's traffic if they are logged into the same machine. As a result, use of such tools should be determined carefully, and with respect to any AUP.
Use wireshark to monitor your computer's traffic on the network. Since you likely don't have wireshark installed in /usr/sbin/wireshark, you'll need to install it first. Run yum install wireshark-gnome to install the gnome-based front-end to wireshark (say yes to install the packages requested and any dependencies).
Run wireshark. Note that this program requires root access (and so will ask you for the root password when started from a regular account). If you are unable to click on anything in wireshark after starting it, look for a hidden dialog box behind wireshark. Click on the Capture Options icon (second from left) and click the Pseudo-device that captures on all interfaces --- it will start capturing traffic, and show the count of the number of ethernet frames captured of varying types. Stop after you've captured a few hundred and take a look at the kinds of traffic. If you aren't seeing any traffic, open a browser and start accessing some Web sites.
Use wireshark to capture just DNS packets (which are UDP packets on port 53). To do that, put "port 53" into the capture filter box (not display filter) that is visible from Capture->Options. Now visit a new site, such as http://www.cs.vu.nl/ and capture a few dozen DNS requests and responses. You'll likely see a number of AAAA queries. What are they?
Bind is likely not installed (type rpm -q bind to see what version is installed; if not installed, install bind and bind-chroot). Use the CentOS/RHEL tool to configure which services are running. Menu item System->Administration->Services is how to start it (or system-config-services from the shell). This tool manages the set of /etc/rc.d/ scripts for you for the current run-level. Make named start at boot, start it now and save changes.
OK, now named should be running. Use dig to get SOA records for cse.lehigh.edu, specifying localhost as the resolver. This request goes through the server you just started, and you can tell even now that the server is a caching server. (How?)
Now we will add our own domain as an authoritative zone that this nameserver will manage for us. You should make up any (non-existent) domain name you like (e.g., lehighrules.edu) and then a few hostnames to go within that domain (e.g., www.lehighrules.edu). You'll be creating a zone file that maps those hostnames to IP addresses, and another zone file to map your local IP address to one of those names. You might want to reference a sample domain zone file, supplied as part of an online book about DNS.
For increased system security, we are running named within a chroot environment. (Make sure to click through on the link on the person who was an early user of the term "jail" for chroot and note where he went to school!) All files for named are found within the /var/named/chroot/ directory. The zone files for named are thus located in /var/named/chroot/var/named/. You should see a number of files there, including one for forward lookups of localhost (named.localhost), one for all root servers (named.ca), etc. We need to add two more files: one for the forward lookups of our new domain, and one for the reverse lookup of our IP address into that new domain.
Using the named.localhost as an example, create a new file, perhaps called mynet.zone. Edit that file. When complete, your revised file should have (at least) three entries -- two A records, one pointing to your current IP address, and one pointing to 127.0.0.1; the third entry should be a CNAME for www.lehigh.edu. Remember that whenever you make a change to a zone file, you need to increase the serial number -- which is 0 in the default named.localhost file.
However, there is more to be done before you can test it. You'll need to edit /etc/named.conf to include entries for your new file(s). In addition, in order for the changes to be used by the name server, you'll need to make it re-read the files. I suggest restarting it using the named script in init.d (as you would restart any other service). You'll also want (at some point) to create the reverse zone file for your IP address.
Once you have made all the changes (and updated the serial numbers), restart named and then use dig (or nslookup or host) to verify that you can resolve the new names correctly using your nameserver. If named has a problem with the files you have created, where do you think it'll send warnings and errors? In order for applications on your machine to automatically start using the nameserver, though, you'll need to change /etc/resolv.conf -- put the IP address for localhost as the first nameserver (the system will only use the first, as long as it is a working nameserver).
You should now be able to use a web browser (you might need to restart it) and visit the hostname you created that points to www.lehigh.edu. To verify that everything works, also use dig to see the results of reverse name resolution. To really see everything in action, use wireshark on the lo interface to see the requests that your applications use, and the responses generated by your local nameserver, and the external interface to see the requests made by your nameserver to the rest of the world.
Use any remaining time in lab to finish project #1.