NSP655 - Lab Assignment 3

Configuring DHCP and DNS servers in Linux

In this lab, we will examine how to configure Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) server services under Linux.

PART 0: Configuring vNICs on the guest VMs for host-only mode

§ On the Linux server VM, add an additional virtual NIC by selecting VM – Settings from the VMware WS main menu. Click on Add at the bottom of the window, select Network Adapter and click Finish. On the right-hand side, select the Host-only mode for this network connection and click OK. This will configure the vNIC using a separate Host-only virtual network (VMnet1) in VMware on the host OS.

§ In older versions of VMware WS, the newly added adapter (ens224) may have a separate IP address given by virtual DHCP. To shut down the virtual DHCP server (since we will set up our own DHCP service on the Linux server), select from the VMware WS main menu Edit – Virtual Network Editor. Click Change Settings on the bottom and click Yes to allow VMware to make changes (NOTE: at this point, the Virtual Network Editor window may disappear from the foreground, just minimize the VMware WS application to reveal the window). Next, select VMnet1 (Host-only) from the top pane, and uncheck the box at the bottom of the window (Use local DHCP service to distribute IP address to VMs). Note that, if this box is already unchecked (VMware WS 17 default), then there is no need to make any changes. Click OK to save the settings and then bring your Fedora 38 VM back to the foreground again, if necessary.

§ Open a terminal and type the command ifconfig. You should see a new network interface (e.g. ens224) that is connected to the Host-only virtual network. This is a virtual interface in the guest VM; we will assign a static IP to this interface in the next part.

§ Similarly, add an additional host-only vNIC for the Linux client system and the Windows 10 system (for which you will see a new Intel 82574L NIC appear as Ethernet1).

PART 1: Configuring the Dynamic Host Configuration Protocol server service (DHCPD)

Follow the procedure outlined below to set up and test a DHCP server. You will need to configure both the Linux server VM and the Windows 10 VM to complete this part.

§ First, we will assign an IP address in the 192.168.100.0/24 network to the newly added vNIC on the Linux server VM. To do this, click the top right of the desktop (network/volume/ power icon) and click on the arrow next to Wired (blue colour). You will notice that Ethernet (ens224) is not connected. Click on Wired Settings below this and click the small gear icon on the right edge of the Ethernet (ens224) connection/speed field to configure the settings. From the selection area at the top, click IPv4, select the Manual IPv4 Method, specify the Address as 192.168.100.10 with Netmask 255.255.255.0 (leave the Gateway blank), specify the DNS address as 127.0.0.1 (disable the Automatic DNS mode) and click Apply at the top of the window. Use the toggle control to activate Ethernet (ens224). Close the Network Settings window and check to see if the virtual interface now has been assigned an IP address, using the ifconfig command. If not, click the top right of the desktop (network/volume/power icon) again, click on the arrow next to Wired (blue colour) and click Ethernet (ens224) to connect.

§ Once the VM is restored and you log into Windows, a new Intel 82574L Gigabit Network Connection should be detected automatically. This will be the Ethernet1 connection (verify this by navigating to File Explorer – right-click on Network then select Properties – select Change adapter settings on the left). This network interface does not have an IP address yet but will obtain one automatically from the Linux server VM once we have configured a DHCP server.

§ Back at the Linux server VM, since the DHCP server package is not installed on the system (to see this, type rpm -qa | grep dhcp at the command prompt), we will start by installing this package. Open a terminal window, switch user to root and issue the command dnf  install  dhcp-server. Type y and press enter when prompted to download the package.

§ To set up the DHCP server we first must configure the file /etc/dhcp/dhcpd.conf and then start the service. Open a terminal window, switch user to root, and back up the existing configuration file by typing

cp  /etc/dhcp/dhcpd.conf  /etc/dhcp/dhcpd.conf.bak. Now copy the sample dhcpd configuration file to /etc/dhcp by typing

cp  /usr/share/doc/dhcp-server/dhcpd.conf.example  /etc/dhcp/dhcpd.conf. Answer yes, if the system asks you to overwrite the existing file (we already have a backup). MAKE SURE YOU TYPE THIS COMMAND CAREFULLY!

§ Using the gedit editor, edit the /etc/dhcp/dhcpd.conf file and make the following changes:

1. At the top of the file, set the domain-name global DHCP option to nspdomN.local (do not remove the quotes; N is your unique number), and comment out the domain-name-servers global DHCP option (by inserting a # character in front of the option).

2. Near the top of the file, uncomment the line containing the word authoritative.

3. Delete the first “subnet” section (2 lines); edit the second “subnet” section and specify the network subnet as

subnet  192.168.100.0  netmask  255.255.255.0 {

and the DHCP address range as

range 192.168.100.50  192.168.100.100;

which is consistent with the subnet above.

4. In the subnet section above, comment out the routers local DHCP option (we will set this later for the final project).

5. Delete all remaining “subnet” and “host” sections, leaving only the section for host fantasia { … }. For this section, comment out all the corresponding statements, including the brackets ({}) and the word fantasia. Also, delete any lines listed after this entry.

6. Save the file and exit.

§ From a terminal window as user root, start the DHCP server service by typing

systemctl  start  dhcpd.service. If you don’t see any error messages, the service should now be running (verify this using the same command with the status option); if there is an error message, check the dhcpd.conf file for syntax errors like missing semicolons or end brackets. You can also check the dhcpd status log for any useful hints as to what went wrong.

§ To test this out, disable and then re-enable the Ethernet1 interface in the Windows 10 VM, to force it to obtain an address from the DHCP server running on the Linux server VM. Verify the IP address obtained by opening a command window and typing ipconfig. You can also verify the DHCP server operation by checking the dhcpd status log (look at the last few lines of output).

WHAT TO SHOW/SUBMIT: Show (capture) terminal window on Linux server with output from ifconfig command, after new vNIC is added and IP address is configured. Show (capture) gedit window showing contents of dhcpd.conf configuration file. Show (capture) terminal window on Windows 10 VM showing output of ipconfig command with IP address and domain name obtained automatically from Linux server.

3 captures total.

PART 2: Configuring the Berkley Internet Name Domain (BIND) DNS server service (NAMED)

Boot your system into Fedora Linux and follow the procedure outlined below to configure the BIND DNS server service. You will need to use the two Fedora VMs to complete this part.

§ Before we start, we will prepare the Linux client VM, i.e., the cloned F38 VM from lab 1. Log into the client VM and complete the first step from part 1 above to assign an IP address of 192.168.100.20 with mask 255.255.255.0, and a DNS server address of 192.168.100.10, i.e., the address of the Linux server VM that will be running the DNS server (do not forget to disable the Automatic DNS mode). Finally, disable the primary (ens160) interface; that is, click the top right of the desktop (network/volume/power icon), click the arrow next to Wired and click Ethernet (ens160). (We do this to avoid having the College/ISP DNS server appear in the system configuration. DO NOT FORGET TO DISABLE THIS!)

§ Boot into the Linux server VM that you used to configure DHCP in part 1 above. Open a terminal and switch user to root. Issue the command dnf  install  bind to install the BIND server package as well as other supporting packages. When prompted type y and press enter to complete the installation.

§ To set up the DNS service, we first need to make a few changes to the BIND configuration file. To edit the file issue (as root) the command gedit  /etc/named.conf. Near the top of the file make the following changes under the options section:

1. In the first line, listen-on port option, append 192.168.100.10; (including the semicolon) after 127.0.0.1 to allow the server to listen for requests on the virtual network interface in addition to the loopback address.

2. In the line that contains the allow-query option, append 192.168.100.0/24; (including the semicolon) after localhost to allow the server to accept queries from the entire virtual network subnet in addition to local queries.

Near the bottom of the file, after the zone “.” IN declaration, add the following sections to define a FORWARD zone called nspdomN.local and a REVERSE zone for the 192.168.100.0 address space:

zone "nspdomN.local" IN {

type master;

file "nspdomN.local.db";

notify NO;

};

zone "100.168.192.in-addr.arpa" IN {

type master;

file "192.168.100.db";

notify NO;

};

Make sure not to make mistakes (e.g., N should be your unique number, not the letter) and, when done, use the command named-checkconf  /etc/named.conf to check the file for errors. If there is no output, the file is OK, otherwise fix the indicated syntax errors and try again.

§ To add IPv4 address (A) records and reverse pointer (PTR) records to the newly created zone, we need to create the zone files nspdomN.local.db and 192.168.100.db specified in named.conf above. To do that, first switch to the /var/named directory as root. Then create the first file using the command gedit  nspdomN.local.db (N is your unique number) with the following contents:

;zone "nspdomN.local"

;

$TTL 1H

;

@ IN SOA localhost. root.localhost. (

1 ;serial

3H ;refresh

1H ;retry

1W ;expire

1H ) ;caching TTL

@ IN NS localhost.

;

F38server IN A 192.168.100.10

F38client IN A 192.168.100.20

Use the command named-checkzone  nspdomN.local.db /var/named/nspdomN.local.db (N is your unique number) to check the file for syntax errors. If an error is reported, correct it and try again until the command returns OK.

To create the second file use gedit  192.168.100.db and add the following contents:

;zone "100.168.192.in-addr.arpa"

;

$TTL 1H

;

@ IN SOA localhost. root.localhost. (

1 ;serial

3H ;refresh

1H ;retry

1W ;expire

1H ) ;caching TTL

@ IN NS localhost.

;

10 IN PTR F38server.nspdomN.local.

20 IN PTR F38client.nspdomN.local.

To avoid excessive typing, you can use copy and paste, or copy the first file to create the second one and change the required lines. Use a similar command as above to check for syntax errors and correct as necessary. Now start the DNS service by issuing the command systemctl  start  named.service as user root. Note that you will have to restart the service every time you make a change to the DNS configuration.

§ Before testing the DNS service, we need to make a small change to the configuration file of the system-resolved service that Fedora uses to provide network name resolution to local applications. On the Linux server VM as root, edit the file /etc/systemd/resolved.conf and add the lines DNS=127.0.0.1 and Domains=nspdomN.local under the [Resolve] section (N is your unique number). HINT: these lines already exist, so you just need to uncomment them (remove # at the front) and change them to add the address and domain specified. Restart the service using the command systemctl  restart  systemd-resolved and enter the command resolvectl  status to verify that the changes appear under the Global section. Do the same procedure on the Linux client VM but use DNS=192.168.100.10 instead.

§ To test DNS, at the command prompt on the Linux client VM, type nslookup  F38server. The DNS server (F38server) should return the IP address 192.168.100.10. Now try a reverse resolution lookup by typing nslookup  192.168.100.10. You should receive the hostname F38server.nspdomN.local in response.

§ Finally, we will edit the zone files to add an entry for the Windows 10 VM (stationN-Win10) using the IP address obtained by the DHCP server in part 1. Edit the zone files nspdomN.local.db and 192.168.100.db to add the appropriate lines at the end of each file for the A record and PTR record that is required (N is your unique number). Also, DO NOT forget to increase the serial number from 1 to 2 as this is a new change (i.e., change           1 ;serial to 2  ;serial near the top of each file). As before, verify that the files are syntactically correct and restart the named service using systemctl  restart  named to make sure the changes take effect. You should now be able to get a valid answer using the command nslookup  stationN-Win10 on the Linux client. You can also try the command ping  stationN-Win10 (i.e., try to ping the Windows VM virtual network interface; note that you may have to turn off the Windows firewall to be able to do so) to verify that you can ping another system using the domain name instead of the IP address.

§ The BIND DNS server will not start automatically when the system or VM boots unless you issue the command (as root) systemctl  enable   named. Carry this out to make sure the DNS service is always running when the system starts up.

WHAT TO SHOW/SUBMIT: Show (capture) terminal window on Linux client with output from ifconfig command, after new vNIC is added and IP address is configured. Show (capture) contents of nspdomN.local.db forward zone file, showing all 3 A record entries. Show (capture) contents of 192.168.100.db reverse zone file, showing all 3 PTR records. Show (capture) contents of named.conf configuration file, showing changes. Show (capture) terminal window on Linux client showing output of multiple nslookup commands (forward and reverse resolution) and successful pinging of the Windows 10 VM.

5 captures total.