CompTIA Linux+ XK0-005 – Unit 09 – Networking Part 7

  • By
  • August 2, 2023
0 Comment

50. Resource Records

Now within those zones, as I said before, we have what’s called resource records. The resource records have different types because, as I said, some might be hosts, some might be aliases, mail exchanges, all those types of things. And they often are configured by a couple of letters, a little acronym, if you would, that refers to the different types of resource records. So when you look at the zone file and you’re wanting to read it, A stands for Host Records. It doesn’t say host, it just says A records. CNAME stood for Canonical Name, which is a nice way, I guess, of saying alias. The CNAME often points to an A record because the A record points to the IP address.

MX would be the mail exchange entry. NS is the name server entry. It could be you could be another machine that you have running in your same zone because you can have primary and secondary domain servers within your zone. It could be a PTR or a pointer record. A pointer is where it’s the opposite. I have the IP address. What’s the host name? Now, we also had to talk about who is authoritative for the zone, that is the SOA record or the start of authority. So we have one of those as well, and we have a number of different types. Beyond that, it just continues to go on.

So I would encourage you, if you really need to dig in there and understand these different types, to put them in there. In fact, one of them I mentioned that you might not even see here was a service record, an SRV. That’s where we can say here’s my Kerberos ticket granter, or here’s my directory server. And those types of things are also mapped within the zones. So you have the options to have a lot of different types. Now, out of all of that, the only ones I would tell you, you really want to make sure you understand are A records because that’s what 99% of the requests are. What is the IP address of this host?

51. Demo – Installing BIND and Examining its Configuration Files

All right. Our goal here is to actually make our system here be a DNS server. So we’re going to go and install that as a package. We’re going to use the bind as our method or the software that we use. Let’s just see if I can go and find bind going through this list. I’m considering that since it’s alphabetical, this ought to be an easy thing to do. And we’re wow, can you believe how many different packages you have here? It’s kind of nice. Okay, so we’re going to install the bind nine and mark all of that and it tells you what it is, the Berkeley Internet name domain. And we’re going to add the bind Nine dock with the documentation for it as well, in case you wanted to get any help. Going to click apply and apply, and we’re going to let this thing install and then we’re going to take a look at some of the base configurations that it has.

Now of course, at this point, I’m not expecting DNS on this server to have any records because we just turned it on. But one of the things that it should have is what we call a root table. And the root table is a table that helps us with the forward lookup query process. So we’re going to start off, first of all, just to see what the default configuration looks like. So now we’re in the Etsy bind. We’re going to use the named configuration file using the Less command. And here we’re going to see just the types of things that it sets up. So here it says the prime server with knowledge of root service is going to be this configuration file that we’re going to look at called DB root.

So again, that’s a very important part of what we do is if the address you’re wanting, the name, is not in my database, we’re going to start with the hierarchy of a fully qualified domain name and look for the root servers or the root hint servers and then move from there. We also know that if we create our own zones, that those zones will have names by default. We have one called Local Host. It’s the master of the local host zone and it’s got a configuration of its information in the DB local I want to kind of hit down. And you can see different zones. These are just default zones. You can certainly make your own zones if you wanted to be responsible for different domains within your network’s infrastructure. So I’m going to hit the Q to quit out of that location. And we’re going to use the Less command, go to Etsy bind.

And DV Root is one that I kind of talked about that’s the root hints file. And those root servers are kind of important to us, especially when we’re a brand new DNS server. In fact, most of you, if you even at home, set up let’s say your local internet router to be your DNS server as so many times they do, they actually just use the same list that you see here of these root servers and just forward their requests right on their way. I can keep paging down through here, but these are just root servers that are going to help you find the authoritative servers. And so you could add new root hints if you want to. You can edit these files, but generally speaking, for most of what we need, this is going to suffice to be able to help us keeping our own DNS records locally and still be able to use the same server to get to the public names that we find out on the Internet.

52. Managing BIND

Now as any service, if you’re running bind DNS, it’s going to have to occasionally be started or stopped or restarted. I’ve yet to find the perfect software solution that every now and then did need a swift kick in the power cable. So what happens? That just means that if DNS isn’t responding, if it’s behaving irrationally like I’m giving it like people types of feelings, sometimes just something happens and we have to restart or something could have caused the service to stop on its own or whatever the case may be. As with any service, you can start it, stop it, or restart it as needed. Now depending on the version that you have, as far as the actual version of Linux, the path by which you go to make the change could be a little bit different.

But in most cases it somewhere follows the init D. Remember the init daemon, the one that is process ID number one and then the name of the service that you want to start or stop. Like for bind it might be bind Nine. And then you put in the command stop or restart or start or whatever you wanted to do might be a little different. When you go to Red Hat, there they may have an RC followed by the initd and then the name of the service. In some cases you might also have an actual command that allows you to make the change, like the RNDC command to be able to go out there and say I want to make this thing restart.

53. Demo – Managing BIND

All right. Now that we have bind installed on our systems, it’s kind of nice to know what you would do to start it. And basically all you have to do to start the service is go into its path. So I’m going to put in the etsy the initd the path of the initialization. This is bind nine and start. And just like that, it’ll use that default config duration that we saw in a different demo to start that service up. And because there are no records and no zones and anything else that we’ve done, we are technically called a caching DNS server. In other words, we have to ask everybody for help. We have to do a forward look up on everything that’s out there.

But once we learn it, we will cache that information for whatever time you configure. I think the default is 30 minutes. If there’s a problem with the daemon and you need to restart it, or if you change the bind configuration file, sometimes a restart is needed. So there I typed in literally the same command with the restart. So you saw that it was waiting for the process to die and then it started it back up again. If you’re curious about the status, you can do the RNDC status and it’ll show you what’s running out there. Number of zones. Anyway for this service, again, we don’t really have any real zones. These are just default zones.

Query logging is off. No start of authority, no recursive clients, no TCP clients. Again, we’re not doing a whole lot. We are just being a Caching server. We can also use that same RNDC command to reload. So if somebody had changed the configuration file similar by the way, if I just did the restart but if they did that, I could reload the server information so that that configuration file and information would be there. That might be like having added some new zone or some more information. And then finally, since we’re not using this DNS service, it would probably be good to turn it off. So you also have the stop command which will turn that off. And just like that, it was as though bind never existed.

54. Local Name Resolution

Now, beyond the DNS service is this idea of local name resolution. I kind of hinted at it when I talked about this host file that exists on almost every operating system I’ve seen. The host file is a static list, a text file that has the actual name of a server and the IP address statically defined. The problem is that if either the name of the server changes or if the IP address changes, this file doesn’t automatically update. You’ve got to take care of it. But the good part is, is that it helps you in a couple of areas. Number one with bootstrapping. So now bootstrapping, I look at bootstrapping and that’s often the starting up procedure of any system. So if I am booting my system up and I need to be able to connect to certain critical servers, one of the issues that can come up is to say, well, you know, the network card has yet to get its address or get its information, to even know which DNS server to hit, or whatever the case may be.

Having that local database may help you in that bootstrap process. But in general, the reason we like the host file is because it makes the lookups much faster. I don’t have to wait for that forward lookup query to finish. I have it right there in my list. The downside, as I said, is that if there is a change, I have to manually change it on everybody using the host file. Now, it is important to know that if you have an entry in the host file, whether it’s right or wrong, that’s the entry you use. If it’s in the host file, you’ll never do a DNS lookup. So whenever you put those in there, you are short circuiting the normal process of going to DNS by just taking whatever’s. Net file right or wrong.

55. Default /etc/hosts File

Now that location by default is in the Etsy directory and it’s called the host file. When you open up that host file, you’ll often see IP addresses and the names. Now there are two default things that you’ll often see. The most often is the entry for what’s called local host. In the world of IP, the address for the local host is with the that means is that if you had services running on your server and you wanted to access the services that you have, but you want to do it in a remote way, you see that’s the problem. How can you be remote if you’re already on the server? Well, what you do is you say, like, for instance, you want to look at your web page from the point of view of opening it as though you were somewhere else.

So you would say http localhost and it actually says, okay, go look it up in the host file. That’s the local loop back address, go make that connection. And it actually literally is coming out and back into your system as those coming from the outside. Now, some systems might not actually loop it through the network card, some would do that, but conceptually that’s the idea of local host. Okay? So anyway, you might see some of those entries. You’ll also possibly see now if you have IP version six, running some entries for different types of services like local host and all routers and all nodes and all hosts, and those type of entries that have been predefined in IP six, that might also show up in your list.

56. The nssswitch.conf File

Now, one of the things I said that you can do with DNS is look up services. Well, you can also statically configure services with the names of the host running it in a file called the NSS switch. Has too many SS in a row there for me. The NSS switch config file is just that a file that can help you map services to host names. And then, of course, you’re recursively would have to look up those host names to see what their IP addresses are.

57. Demo – Examining Local Name Resolution

Well, as we’ve talked about, one of the things that most every operating system does is when it comes to trying to resolve a name to an IP address is it consult its hosts file. Well, here’s a host file here and you can see that local host and the host name debian that’s the name of the system resolved to an internal loopback address and we don’t have anything else exciting. Now, if I had one wanted to, I could actually put in here a new entry, let’s say to some news website and put in this loopback address. And what would happen is if somebody opened their Web Explorer and went to that news site, it would actually redirect it back to us because this is the first file in which we try to resolve IP addresses and if it’s successful, we don’t look any further.

So how does that determination that list? Well, that’s done through this Etsyns switch file. And what this is, this is the configuration for the name service switch and it basically is telling us how we should do all of our lookups. And what we see is that if it’s a host, it’s going to consult our local files first. If that doesn’t work, it will go to this minimal cache information. If that’s not found, then it’s going to go to your configured DNS server and just continue through this list and you can change this. If you didn’t want it to look at the host file, you could edit this and throw that right out of there if you’d like. So that’s kind of the idea is knowing.

And by the way, you notice that they also talk about the files that we would use for different types of looking for users, looking for groups, for network groups, using the NIS server. All of these are just kind of options that tell us basically how we want to go, what order do we want to follow to do these verifications or these lookups. And the one we’re focusing on, of course, here, as I just said, was the host file or the host information and files means that it is first looking at the host file, if you took that out, then you could just go straight to DNS each time and actually skip the Etsy host file that I just showed you.

58. Unit 09 Review

All right. There was a lot of information about networking services, and as I said, I’m going to cover the basics. And that’s what we did. We reviewed the basics, the basic terms, try to give you a good foundation for what’s really going out there, how to configure your network connections, how to have services out there help you in making those network configurations, and then some other services that help you manage things like DNS, which are crucial in over all network communications. I probably left you saying, wow, I wish I knew more about some of this stuff, and if I did that good, I’m not going to apologize for it.

I think networking is a very crucial part of the knowledge that all of us should have as server admins, because it’s nice to know what’s happening behind the scenes, especially later on when it comes to some troubleshooting stuff. Anyway, so that was our goal, is to make sure we talked about all of those layers of the OSI model, the layers of TCPIP, how they basically interact, and what some of the more crucial lower layer stuff means to us in our communications.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img