Data Networking/Fall 2015/56 Clearway

Group members

1.	Shubham Singh

2.	Suraj Bhatia

3.	Sanchit Rathi

DNS Server

A DNS server provides look-up tables to resolve hostnames, alias names, canonical names into their respective IP address and vice versa depending upon the resource record used.

DNS Server Functioning

DNS server follows the following hierarchy to resolve queries:

1.	As the client sends a query, the query is first routed to the local DNS server (i.e. cache).

2.	If the entry is not available in the cache, the query is redirected to the Root Server which further directs it to respective TLD server and ultimately the TLD server contains the information of the authoritative server containing the resolve. Configuration

To build our DNS server we have installed UBUNTU 14.04 and run it on VM Workstation on Windows. Also to build DNS server we have used Bind version 9.5(bind9).To configure and install the DNS server the following commands were executed on the terminal

1.This command ensures our Ubuntu has installed all updates.

sudo apt-get update

2.This command when run on the terminal downloads Bind. After building the tree, it ask for root permission before downloading the packages.

sudo apt-get install bind9

3.This command defines a local domain which will be the web address of our DNS server.

sudo cp /etc/bind/db.local /etc/bind/db.56clearway

4.Using this command we can make changes in db.56clearway which is actually the forward zone of our DNS. Resource records are written for domain servers, web, mail, etc pointing to their respective IP addresses. These records makes the server authoritative.

sudo nano /etc/bind/db.56clearway

5.This command creates the reverse zone file and binds it to the reverse localhost domain.

sudo cp /etc/bind/db.127 /etc/bind/db.192

6.This command helps us edit the db.192 file. Under this file we Using PTR resource record reverse IP mapping (obtaining hostname for respective IP addresses) is conducted.

sudo nano /etc/bind/db.192

7.This command helps us list the forward and reverse zones along with the file path where the information is stored.

sudo nano /etc/bind/named.conf.local

8.This command allows us to edit our forwarders. WE have added our own gateway address to the list of forwarders.

sudo nano /etc/bind/named.conf.option

9.This command allows us to change the nameserver IP address and defines search within our specific domain.

sudo nano /etc/resolv.conf

10.In order for the changes to bind, a bind9 restart is necessary. There would be an error in bind if there is any error in configuring the DNS server.

sudo service bind9 restart

TESTING We can check whether DNS is working or not by typing nslookup and then our IP address.

DHCP IPv4 and IPv6

Install DHCP server on Ubuntu 14.04

sudo apt-get install isc-dhcp-server –y

Configure DHCP server

sudo nano /etc/default/isc-dhcp-server

Assign network interface as “eth0”.

1.Enter below command and define parameters in the dhcpd.conf file:

sudo nano /etc/dhcp/dhcpd.conf

After adding the parameters, save and close the dhcpd.conf file.

2.Restart the dhcp service by entering the following command:

sudo service isc-dhcp-server restart

3.Install DHCPv6 on Ubuntu 14.04:

sudo apt-get install wide-dhcpv6-server

4.Make copy of the dhcp6s.conf file in another destination:

sudo cp /usr/share/doc/wide-dhcpv6-server/examples/dhcp6s.conf.sample /etc/wide-dhcpv6/dhcp6s.conf

Define parameters and create pool or host to assign IPv6 address based on client ID:

5.Make changes in the sysctl.conf file as follows:

sudo /etc/sysctl.conf

net.ipv6.conf.all.autoconf=1

net.ipv6.conf.all.accept_ra=1

6.Restart dhcpv6 with command:

sudo service isc-dhcpv6-server restart

WEBSERVER AND FIREWALL:

Webserver

Webservers are used to access the web pages. Every webserver has the IP address of all the domains in the world. Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet.

Behavior of protocol

The Hypertext Transfer Protocol (HTTP) is an application and is the foundation of data communication for the World Wide Web. Signaling

1. The DHCP server is used to assign the client ip address.

2. Client has to initiate a TCP connection by sending SYN message to server on port 80.

3. The server replies to the client by SYN-ACK message.

4. The client sends an ACK message and completes the three way handshake and requests the web page.

Webserver configuration

We have used Apache for web server configuration because it provides us flexibility and speed in the small network that we have created. Following are the commands we have used on Linux machine.

1. We install apache on our machine:

sudo apt-get update

sudo apt-get install apache2

2. Create our own directory:

sudo mkdir -p /var/www/56clearway.com/public_html

3. Grant permission as we are not the root users:

sudo chown -R $USER:$USER /var/www/56clearway.com/public_html

4. Then we create an html page for web server:

sudo nano /var/www/56clearway.com/public_html/index.html

5. We will create a virtual host file:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/56clearway.com.conf

6. We will now open this file with root privileges:

sudo nano /etc/apache2/sites-available/56clearway.conf

7. We will enable our website by:

sudo a2ensite 56clearway.com.conf

8. Then we will re-start the web server:

sudo service apache2 restart Testing

1.	Open the web browser and on typing the ip address our webpage should open.

2.	By typing our website name our webpage should open; that means our web page is working fine.

Web page opened with URL as well as IP address on client machine.

FIREWALL

1.Install UFW- Uncomplicated firewall with following command on Ubuntu machine:

sudo apt-get install ufw

2.To enable firewall with IPv6, enter below command:

sudo nano /etc/default/ufw

Make sure the line IPV6=yes is uncommented.

3.Check UFW status:

dnsserver@ubuntu:~sudo ufw status verbose

4.Set up default policies:

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow ssh

sudo ufw allow 22

sudo ufw enable

5.Check status after enabling:

sudo ufw status verbose

6.Other options:

sudo ufw allow http

sudo ufw allow 80

sudo ufw allow ftp

sudo ufw status numbered

WEB SERVER BACKUP

1.Install rsync feature on Ubuntu 14.04:

sudo apt-get install rsync

2.To synchronize a directory from local system with a remote system, enter the following command:

rsync -azvh /var/www client@10.0.0.40:/home/

3.To verify, go to the remote system and check the contents using command below:

ls /home/sk/sync/ 4.To synchronize directories securely over SSH, enter following command:

rsync -azvr /var/www -e ssh client@10.0.0.40 :/home/

5.To synchronize directories password less, create a key and share it with the remote user: ssh-keygen -t rsa

ssh-copy-id -i /var/www/. ssh/id_rsa.pub client@10.0.0.40

ADD-ONS

NFS- Network File System

NFS, or Network File System, is a distributed filesystem protocol that allows you to mount remote directories on your server. NFS works well for the directory that needs to be accessed regularly.

Configuration

For server -

1. We need to install nfs-kernel-package:

sudo apt-get install nfs-kernel-server

2. Now we are creating two directories:

sudo mkdir /var/nfs

sudo mkdir /home

3. Now we will share the resources:

sudo nano /etc/exports

And our file will look this:

/home      10.0.0.40(rw, sync, no_root_squash, no_subtree_check)

/var/nfs   10.0.0.40(rw,sync, no_subtree_check)

4. Now we will create NFS table:

sudo exportfs -a

For client-

1. For the client we will install package nfs common:

sudo apt-get install nfs-common

2. Creating directories on the client:

sudo mkdir -p /mnt/nfs/home

sudo mkdir -p /mnt/nfs/var/nfs

3. Creating mount point on the client:

sudo mount 10.0.0.75:/home /mnt/nfs/home

sudo mount 10.0.0.75:/var/nfs /mnt/nfs/var/nfs

4. We can see all NFS share by command:

mount -t nfs

5. We can make the mount automatically by the command:

sudo nano /etc/fstab

MAIL SERVER

Configuration

To implement mail server we have used

1.	Postfix

2.	Dovecot

3.	Squirrelmail

The following commands have to be executed:-

1.This command is used to install updates

sudo apt-get update

2.This command is used to install bind9, apache2, php5, postfix, dovecot common ,dovecot imapd ,dovecot pop3d, squirrelmail

sudo apt-get install bind9 dnsutils apache2 php5 postfix dovecot-common dovecot-imapd doecot-pop3d squirrelmail

3.This command is used to enter the directory /etc/bind

cd /etc/bind

4.This command is used to define forward and reverse zones

sudo nano named.conf.local (add and edit forward and reverse zone for your domain)

5.This command binds data from our DNS serer to the localhost

sudo cp db.local db.56clearway

6.The following commands are used to test DNS server nslookup mail.56clearway.com

dig mail.56clearway.com

7.cd /etc/apache2/sites-available/

8.sudo cp 000-default.conf mail.conf

9.sudo nano mail.conf (add and edit: ServerName and document root for squirrelmail)

10.a2ensite squirrelmail (enabling squirrelmail)

11.sudo service apache2 restart (restart apache2 services)

12.sudo nano /etc/squirrelmail/apache.conf (add & edit: document root and domain name)

13.sudo nano /etc/dovecot/dovecot.conf (Inside the conf file add protocols IMAP & POP3 and set mail_location: MailDir)

To stop all related services execute the following commands

killall named

killall apache2

killall dovecot

To change interfaces on network

sudo nano /etc/network/interfaces (define static IP with netmask and default gateway for Mail server)

14.Stopping and restarting the following services

sudo service bind9 restart

sudo service apache2 restart

sudo service postfix restart

sudo service dovecot restart

Add users and test working of mail server using squirrel mail.

Testing

1.Testing postfix and dovecot

2.Opening squirrelmail on Mozilla Firefox

NIS – NETWORK INFORMATION SYSTEM

Signaling

NIS stands for Network Information Service. It is a client-server protocol used to distribute system configuration such as hostnames and users to other users on the network. It is generally employed for small scale network.

NIS configurations

1. Installing nis and portmap

sudo apt-get install nis portmap

2. Edit domain as well as server name and refresh the database.

sudo nano /etc/default/nis


 * 1) set nisserver=master

sudo nano /etc/yp.conf

domain 56clearway.com server NIS sudo nano /etc/ypserv.securenets

“255.255.255.0 10.0.0.*” (add list of acceptable hosts)

Restart the server database

sudo /user/lib/yp/ypinit -m

3. For NIS client, type following command

sudo apt-get install portmap nis

4. Edit domain & server name

sudo nano /etc/passwd

Add a line +: : : : : :

sudo nano /etc/group

Add a line +: : :

sudo nano /etc/shadow

Add a line +: : : : : : : :

sudo nano /etc/yp.conf

set the ypserver’s IP address <192.168.3.75>

After making the changes, update the server.

Testing

Commands ‘yptest ypswitch’ and ‘ypcat –x’ is used test NIS.

NTP - Network Time Protocol

NTP CONFIGURATION

1. To install ntpd:

sudo apt-get install ntpd

2. Then edit the conf file:

sudo nano /etc/ntp.conf

3. After this then reload ntp:

sudo restart ntpd

4. View the status of ntpd by: sudo nap –p

VPN – VIRTUAL PRIVATE NETWORK

VPN enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It is use to extend private network over public network.

VPN CONFIGURATION

1. First we will install pptp server:

sudo apt-get install pptpd

2. We need to configure pptpd where we will add server IP and Client IP:

sudo nano /etc/pptpd.conf

3. Configure DNS servers:

sudo nano /etc/ppp/pptpd-options

4. Now we will add VPN user:

sudo nano /etc/ppp/pptpd-secrets

FUTURE SCOPE

•	Creating a more decentralized network

•	Creating better firewall to block serious external threat and secure network

•	Creating efficient mail server

•	Upgrading NIS to NIS+

REFERENCES

•	https://help.ubuntu.com/lts/serverguide/dhcp.html

•	https://help.ubuntu.com/lts/serverguide/dns-configuration.html

•	https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts

•	https://help.ubuntu.com/lts/serverguide/firewall.html