Data Networking/Fall 2015/Manan2912

Project Objective
To build a robust, secure, dynamic and intelligent network consisting of a DHCP server, DNS server, Web server with firewall and a client for a start-up company.

Project Team members
Manan Mehta

Jagruti Belani

Harsh Chheda

Network elements
Implemented demo network consists of following elements:
 * DHCP (Dynamic Host Configuration Protocol)
 * DNS (Domain Name System)
 * WEB SERVER AND FIREWALL

Dynamic Host Configuration Protocol (DHCP)
DHCP is a client/server protocol which dynamically assigns IP addresses to clients connected to the network along with other network information such as DNS IP address, default gateway etc. It lets network administrator to centrally manage and allocate IP addresses within the network.

Behavior of the protocol
It is a client-server protocol; which uses UDP at port 67. The server dynamically assigns IP addresses, subnet mask and gateways to clients from a pool of IP addresses given to it.

Signaling
Following steps taken place in a DHCP scenario:
 * 1) 	First, all newly entered host have to locate DHCP server. For that, client sends a discovery request with client id 0.0.0.0 and destination address of 255.255.255.255
 * 2) 	When DHCP server receives a discovery request from client it sends DHCP offer message with valid subnet IP addresses in response.
 * 3) 	Newly arrived client will choose one offer from a number of available offers from different DHCP servers and send request to that particular server.
 * 4) 	That DHCP server will assign the IP address to the client and send an acknowledgement to the client.

DHCP Configuration
Most widely used DHCP servers are
 * Windows DHCP server
 * ISC-DHCP server

We have used ISC-DHCP as it is open source software; which can be freely run on Linux machine and it’s mostly matches its performance environment. Following commands are used to implement DHCP server on ubuntu Linux machine.

1. Update package list sudo apt-get update 2. Install DHCP server sudo apt-get install isc-dhcp-server -y 3. Make changes into DHCP configuration file sudo nano /etc/dhcp/dhcpd.conf

Following changes are made in DHCP file:
 * While inspecting the dhcpd.conf file locate simple subnet configuration
 * Here, mention Subnet mask, Gateway router, leasing address range for subnet, broadcast address and Default and Max lease time as per your network need

4.	Configure static IP addresses for Web server and DNS server (as we don’t want DHCP to allocate dynamic IP addresses to these everytime) sudo nano /etc/dhcp/dhcpd.conf

After doing all changes the DHCP configuration file will look like this. 5.	Restart DHCP server to apply the changes. sudo service isc-dhcp-server restart

After entering this command in terminal; the server must be in ok/started state, otherwise recheck the dhcpd.conf file.

Testing
1. DHCP leasing: - the leases on the DHCP server and the IP addresses that has been leased to the client can be verified by using the following command. sudo tail /var/lib/dhcp/dhcpd.leases

2. DHCP LOG: - the log output of DHCP can be verified using this command.

sudo tail –f /var/log/syslog

Domain Name System (DNS)
The Domain Name System is a hierarchical database, its responsibility is to provide name against each public domain IP address and vice –versa for websites on Internet. It is an overhead application layer protocol. It is defined by &.

Behaviour of Protocol
DNS is a client-server type application layer protocol which uses UDP port 53. DNS client requests host mapping with a DNS request packet and the DNS server fetches the corresponding record, encapsulates it in a reply packet and sends it over UDP.

DNS Server
The authoritative name server of a company holds the records for its web servers, mail servers and canonical names of the servers. These records are configured in the DNS server by registrars certified by Internet Corporation for Assigned Names and Numbers (ICANN).

Signaling
Following steps are performed in DNS request-reply cycle:

1. The client sends a DNS query to the LOCAL DNS.

2. The LOCAL DNS forwards query to the ROOT server and reply will be sent to LOCAL DNS containing NS and A records of corresponding TLD server.

3. The reply will be sent to ROOT DNS server containing NS and A records of corresponding AUTHORATIVE Name Server.

4. The ROOT server will then send a query to the AUTHORITATIVE server & will forward the reply to the LOCAL server.

DNS Configuration
As explained in DHCP section, the DNS server is given a static IP address.



Some of the DNS software packages available are BIND, Power DNS and Posadis. Among all BIND is widely used and it fulfils all native requirement of DNS functionality like recursive, authoritative, cacheing name-server and it also contains a resolver client library. Whereas, Power DNS contains two different packages namely “PowerDNS Authoritative Server” & “PowerDNS Recursor”. The later package is more vulnerable (resolved as of now but still not recommended by network administrators). Posadis ,an open source DNS package, but it’s not maintained by any community and hence not preferable. We have used BIND software. The latest version is Bind9.4 which supports a compile-time option for zone strategy in a variety of database formats. Moreover Bind9 also overcomes some serious security issues which were present in Bind 4 and Bind 8. Thus, Bind9 provides a robust architecture for our DNS server. Following steps are used to implement DNS server.

1.Update the package list. sudo apt-get update 2.Install bind9. sudo apt-get install bind9 3. Create a forward zone file. sudo cp /etc/bind/db.local /etc/bind/db.linuxproject4.com 4. Open file /etc/bind/db.linuxproject4.com and edit it. After edition the file will look like below.



5. Create reverse zone file sudo cp /etc/bind/db.127 /etc/bind/db.192

6. Open file /etc/bind/db.192 & edit it as below.



7. Open /etc/bind/named.conf.local file & add forward and reverse zones.



8. Change nameserver. sudo nano /etc/resolv.conf