Data Networking/Spring 2016/Spartans

Group Members
- Amey Uchagaonkar - Sooraj Shetty - Thiyagarajan Anandan

This project is about integrating and make different components work together in the network. Four network components: Domain Name Server, Dynamic Host Configuration Protocol, Web server/ Firewall, Backup/ Client – are created on four virtual machines. Steps: 1. Client takes an IP address from the DHCP server. 2. Client makes a page request, request proceeds to DNS for look up. 3. DNS resolves the IP address/Name and request is send to web server. 4. Web server sends back the requested page to client.

Working of Protocols
Domain Name System (DNS) DNS is used to translate IP address to hostname and vice versa. Rather than implementing centralized architecture for DNS, which creates a possibility of single point of failure, DNS is implemented in hierarchy. At the top of hierarchy are the root DNS servers, then comes the Top Level Domain (TLDs) and then authoritative DNS servers. Client first invokes the host side of DNS to request IP for a hostname. Local DNS then contacts root server for query. Root server forwards information about all the TLD servers after looking at the suffix. TLD then directs local DNS to the authoritative server responsible for that hostname.

Dynamic Host Control Protocol (DHCP) DHCP is used to allocate IP addresses to various hosts connected in a network. It automatically assigns IP addresses to all the hosts in the network of a specified range, a proper subnet mask, gateway, and DNS server of the network.

Firewall Firewalls are used to avoid unauthorized access to our network i.e. we can control incoming and outgoing traffic of our organization using firewalls. Firewall filters the packets on the basis of either Source IP, Destination IP, Port or all of them.

Backup It is a server used to back up all the data of a particular host, generally a web server or the whole network. It can also back up the required data to a different location, so that the data can be retrieved in case of failure of even back-up server.

Domain Name System (DNS)
Commands Used Installing DNS Step 1 : To change the interface settings- sudo nano /etc/network/interfaces auto eth0 iface eth0 inet static address 10.0.0.2 netmast 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255 Step2 : Install BIND9 which is used to implement DNS sudo apt-get install bind9 Step3 : Include the Ips of Google public DNS servers in the forwarders section. sudo nano named.conf.options Remove the // comments and include 8.8.8.8 and 8.8.4.4 Step4 : Write the entries of forward and reverse lookup zones in named.conf.local file Define these zones in both master and slave machines #FORWARD LOOKUP ZONE - Holds A records, map hostnames to IPs

In the forward lookup zone write the following commands:

zone "spartans.com" {                                 zone "spartans.com" { type master;                                           type slave; file "/etc/bind/spartans.com.db";                     masters { IP of master; }; allow-transfer { IP of slave; };                       file "/var/cache/bind/db.spartans.com"; };                                                     };

In the reverse lookup zone write the following commands

zone "0.0.10.in-addr.arpa" {                       zone "0.0.10.in-addr.arpa" { type master;                                           type slave; allow-transfer {IP of slave; };                        masters { IP of master; }; file "/etc/bind/0.0.10.in-addr.arpa";              file "/var/cache/bind/db.spartans.rev"; };                                                     }; For IPv6 write the following commands zone "0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ipv6.arpa" { type master; notify no; }; Step5 : Forward look-up zone @      IN      SOA     spartans.com. admin.spartans.com. (           2007031001;            28800;            3600;            604800;            38400;            );            @               IN      NS      spartans.com. @              IN      A       10.0.0.3 Step6 : Reverse Look-up zone file

$TTL 3D $TTL 3D @      IN      SOA     spartans.com. admin.spartans.com. (            2007031001;             28800;             3600;             604800;             38400;             );             @               IN      NS      spartans.com. 3              IN      PTR     spartans.com. Step7 : Make changes to resolv.conf search spartans.com nameserver 10.0.0.3 Step8 : To make the changes effective, restart bind9 sudo /etc/init.d/bind9 restart

Dynamic Host Control Protocol (DHCP)
Step 1 : Installing DHCP sudo apt-get install isc-dhcp-server Step 2 :Edit the interface file sudo nano /etc/network/interfaces auto eth0    #interface configuration iface eth0 inet static address 10.0.0.1 netmask 255.0.0.0 network 10.0.0.0 broadcast 10.0.0.255 Step 3 : Restart with the new config sudo nano /etc/init.d/networking restart Step 4 : Edit dhcpd conf file/set range and other paramteres sudo nano /etc/dhcp/dhcpd.conf default-lease-time 600; max-lease-time 7200; option subnet-mask 255.0.0.0; option broadcast-address 10.0.0.255; #option domain-name-servers 10.0.0.2; option domain-name "spartans.com"; subnet 10.0.0.0 netmask 255.0.0.0 { range 10.0.0.10 10.0.0.100; }           host dns { hardware ethernet 00:0c:29:5e:72:3c; fixed-address 10.0.0.2; }           host webserver { hardware ethernet 00:0c:29:c7:ea:81; fixed-address 10.0.0.3; } Step 6 : Restart DHCP

Webserver
Step1 : Install apache2 web server sudo apt-get install apache2 Step2 : To check if webserver is listening on which port Netstat –a |more Netstat – an | more Step3 : Restart the web server sudo /etc/init.d/apache2 stop sudo /etc/init.d/apache2 start Step4 : To put the webpage on the server cd /var/www www$ sudo nano index.html

Firewall
Step1 : Block a host to telnet into webserver sudo ufw deny telnet Step2 : Allow a host to Web request sudo ufw allow 80

Backup
In order for a Linux Web server to automate our task of sending backup, we need an automatic login from our web server to host on which the backup is being copied. We don't want to enter any password. Step1 : Log onto web server and generate a pair of authentication keys sudo ssh-keygen -t rsa Step2 : Now use ssh to create a directory ~/.ssh on the host machine. ssh linuxhost@10.0.0.10 mkdir -p .ssh Step3 : Finally append Web server's public key to host cat .ssh/id_rsa.pub | ssh linuxhost@10.0.0.10 'cat >> .ssh/authorized_keys' Step4 :Now we will compress the file that we need to make the backup sudo tar -cvpzf minutebackup.tar.gz /var/www/html/index.html Step5 :Using the cron jobs we will schedule the backup for every minute sudo crontab -e * * * * * sudo tar -cvpzf /home/pratik/backupfolder/minutebackup.tar.gz /var/www/html/index.html * * * * * sudo scp /home/pratik/backupfolder/minutebackup.tar.gz linuxhost@10.0.0.10:

Mail Server
Step1 : Install the postfix package first with defaults sudo apt-get install postfix Step 2 : Detailed configuration is done here. Select Internet Site as General type of mail config. System mail name -> FQDN name. Define the local Networks. sudo dpkg-reconfigure postfix Step 3 : Edit edit /etc/postfix/sasl/smtpd.conf file and put these lines in it. pwcheck_method: saslauthd mech_list: plain login Step 4 :Restart postfix daemon sudo /etc/init.d/postfix restart

Testing
Testing DNS We basically use nslookup command to test DNS. Try nslookup  from all PCs in the network and it should show the translated IP. Also test reverse lookup. Apart from nslookup we can also use dig, host commands to test DNS. Testing DHCP Connect client PC to the network and it should be assigned with a IP address automatically. This can be checked by ifconfig. Testing WebServer Test by entrring hostname or IP address in any web browser. Testing Firewall Telnet to webserver is blocked. Try to telnet its Ip and it should show timeout. Testing backup Check the backup file on destination location by typing ls -l command and check the time when the last file backup was done.

Future Improvements
1)Digital Signatures, symmetric key encryption, authentication can provide extra security to DNS. 2)Using DHCP to assign IP address for different subnets. This is possible with the use of relay agents. 3)Dynamic DNS helps to update records with dynamic IP address.