DNS: Difference between revisions
No edit summary |
(Add instructions for the new IPAM system) |
||
(26 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
⚫ | |||
The University of Waterloo's DNS is managed through [http://maintain.uwaterloo.ca Maintain]. |
|||
The University of Waterloo's DNS is managed through it's [https://ipam.private.uwaterloo.ca IP Address Management system]. IST has published some information on the [https://uwaterloo.atlassian.net/wiki/spaces/ISTKB/pages/43401052394/IP+Address+Management IST Knowledge Base]. |
|||
⚫ | |||
* daltenty |
|||
* dtbartle |
|||
* hkarau |
|||
* mspang |
|||
⚫ | |||
⚫ | |||
* ztseguin |
|||
⚫ | |||
* API account located in the standard syscom place |
|||
== |
=== Managing Records === |
||
There are two primary types of records that are maintained: Hosts and Aliases. |
|||
''Note: Use the v4 and v6 toggles in the top left to switch between IPv4 and IPv6 networks.'' |
|||
There is currently no way to create or modify SRV records in Maintain. Hence we need to email hostmaster@ist.uwaterloo.ca to get SRV records in UW's DNS servers. The following are a list of SRV records that the CSC plans to create or has created. Records are formatted as: |
|||
==== Add a new host ==== |
|||
Priority Weight Port Target |
|||
⚫ | |||
'''Kerberos''' |
|||
# Click on IPAM -> Networks |
|||
* _kerberos._udp.csclub.uwaterloo.ca |
|||
# Locate the appropriate network for the server |
|||
⚫ | |||
# Click on the IP address that you want to register |
|||
** 10 0 88 perpugilliam.csclub.uwaterloo.ca |
|||
# Set the appropriate information |
|||
* _kerberos-master._udp |
|||
## Set the "MAC" address of the machine (''note: CSC networks don't use the IST DHCP system, so this is effectively ignored'') |
|||
** 0 0 88 caffeine.csclub.uwaterloo.ca |
|||
## Under "IPAM to DNS replication" |
|||
* _kerberos-adm._tcp |
|||
### Domain: Click the grey button next to the text box and change "Inherit" to "Set". Then select the "csclub.uwaterloo.ca" domain (or other as appropriate) |
|||
** 0 0 749 caffeine.csclub.uwaterloo.ca |
|||
### Shortname: The machine's name (e.g., caffeine) |
|||
* _kpasswd._udp |
|||
## At the bottom |
|||
** 0 0 464 caffeine.csclub.uwaterloo.ca |
|||
### Add "systems-committee@csclub.uwaterloo.ca" as a Technical Contact |
|||
### Select the appropriate Pol8 Classification (usually Public) |
|||
# Click "Next" |
|||
# Click "Next" |
|||
# Add any aliases for the host (these will be created as CNAME records) |
|||
# Click "OK" |
|||
Repeat the instructions for the IPv6 entry, however you may need to click the "+" to add the IP address on the network. |
|||
'''LDAP''' |
|||
* _ldap._tcp.csclub.uwaterloo.ca |
|||
** 0 0 389 caffeine.csclub.uwaterloo.ca |
|||
** 10 0 389 perpugilliam.csclub.uwaterloo.ca |
|||
* _ldaps._tcp.cslcub.uwaterloo.ca |
|||
** 0 0 636 caffeine.csclub.uwaterloo.ca |
|||
** 10 0 636 perpugilliam.csclub.uwaterloo.ca |
|||
* _ldaps._tcp.cslcub.uwaterloo.ca |
|||
==== Add/remove an alias to an existing host ==== |
|||
'''Jabber''' (already present, but should get updated as they point to peri) |
|||
* _xmpp-server._tcp.csclub.uwaterloo.ca |
|||
* Go to https://ipam.private.uwaterloo.ca |
|||
* Click on IPAM -> Networks |
|||
* _xmpp-client._tcp.csclub.uwaterloo.ca |
|||
* Locate the appropriate network for the server |
|||
** 0 0 5222 caffeine.csclub.uwaterloo.ca |
|||
* Click on the IP address associated with the '''destination''' server (e.g., caffeine) |
|||
* _jabber._tcp.csclub.uwaterloo.ca |
|||
* If you get sent to a blank list.. click the "Address" object in the breadcrumb |
|||
** 0 0 5269 caffeine.csclub.uwaterloo.ca |
|||
* Click "Edit" under the ALIASES section on the screen |
|||
* Click "Next" twice |
|||
* Add or remove the alias to the list |
|||
* Click "OK" |
|||
== CSC DNS == |
|||
CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20). |
|||
Current authoritative domains: |
|||
* csclub.cloud |
|||
* uwaterloo.club |
|||
* csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the IPAM records. |
|||
Those DNS servers are also recursive for machines located on the University network. |
|||
=== Updating records === |
|||
If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run <code>rndc reload</code>. |
|||
== Miscellaneous == |
|||
=== LOC Records === |
|||
⚫ | |||
=== SSHFP === |
|||
We could look into [http://tools.ietf.org/html/rfc4255 SSHFP] records. Apparently OpenSSH supports these. (Discussion moved to [[Talk:DNS]].) |
|||
[[Category:Systems]] |
Latest revision as of 18:00, 16 March 2024
IST DNS
The University of Waterloo's DNS is managed through it's IP Address Management system. IST has published some information on the IST Knowledge Base.
People who have access to Infoblox:
- ztseguin
- API account located in the standard syscom place
Managing Records
There are two primary types of records that are maintained: Hosts and Aliases.
Note: Use the v4 and v6 toggles in the top left to switch between IPv4 and IPv6 networks.
Add a new host
- Go to https://ipam.private.uwaterloo.ca
- Click on IPAM -> Networks
- Locate the appropriate network for the server
- Click on the IP address that you want to register
- Set the appropriate information
- Set the "MAC" address of the machine (note: CSC networks don't use the IST DHCP system, so this is effectively ignored)
- Under "IPAM to DNS replication"
- Domain: Click the grey button next to the text box and change "Inherit" to "Set". Then select the "csclub.uwaterloo.ca" domain (or other as appropriate)
- Shortname: The machine's name (e.g., caffeine)
- At the bottom
- Add "systems-committee@csclub.uwaterloo.ca" as a Technical Contact
- Select the appropriate Pol8 Classification (usually Public)
- Click "Next"
- Click "Next"
- Add any aliases for the host (these will be created as CNAME records)
- Click "OK"
Repeat the instructions for the IPv6 entry, however you may need to click the "+" to add the IP address on the network.
Add/remove an alias to an existing host
- Go to https://ipam.private.uwaterloo.ca
- Click on IPAM -> Networks
- Locate the appropriate network for the server
- Click on the IP address associated with the destination server (e.g., caffeine)
- If you get sent to a blank list.. click the "Address" object in the breadcrumb
- Click "Edit" under the ALIASES section on the screen
- Click "Next" twice
- Add or remove the alias to the list
- Click "OK"
CSC DNS
CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20).
Current authoritative domains:
- csclub.cloud
- uwaterloo.club
- csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the IPAM records.
Those DNS servers are also recursive for machines located on the University network.
Updating records
If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run rndc reload
.
Miscellaneous
LOC Records
If we really cared, we might add a LOC record for csclub.uwaterloo.ca.
SSHFP
We could look into SSHFP records. Apparently OpenSSH supports these. (Discussion moved to Talk:DNS.)