DNS: Difference between revisions
(→CSC DNS: gone) |
(Add instructions for the new IPAM system) |
||
(9 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
== IST DNS == |
== IST DNS == |
||
The University of Waterloo's DNS is managed through [ |
The University of Waterloo's DNS is managed through it's [https://ipam.private.uwaterloo.ca IP Address Management system]. IST has published some information on the [https://uwaterloo.atlassian.net/wiki/spaces/ISTKB/pages/43401052394/IP+Address+Management IST Knowledge Base]. |
||
People who have access to |
People who have access to Infoblox: |
||
* mspang |
|||
* ztseguin |
|||
* API account located in the standard syscom place |
|||
=== Managing Records === |
|||
There are two primary types of records that are maintained: Hosts and Aliases. |
|||
''Note: Use the v4 and v6 toggles in the top left to switch between IPv4 and IPv6 networks.'' |
|||
==== Add a new host ==== |
|||
# Go to https://ipam.private.uwaterloo.ca |
|||
# Click on IPAM -> Networks |
|||
# Locate the appropriate network for the server |
|||
# Click on the IP address that you want to register |
|||
# Set the appropriate information |
|||
## Set the "MAC" address of the machine (''note: CSC networks don't use the IST DHCP system, so this is effectively ignored'') |
|||
## Under "IPAM to DNS replication" |
|||
### Domain: Click the grey button next to the text box and change "Inherit" to "Set". Then select the "csclub.uwaterloo.ca" domain (or other as appropriate) |
|||
### Shortname: The machine's name (e.g., caffeine) |
|||
## At the bottom |
|||
### Add "systems-committee@csclub.uwaterloo.ca" as a Technical Contact |
|||
### Select the appropriate Pol8 Classification (usually Public) |
|||
# Click "Next" |
|||
# Click "Next" |
|||
# Add any aliases for the host (these will be created as CNAME records) |
|||
# Click "OK" |
|||
Repeat the instructions for the IPv6 entry, however you may need to click the "+" to add the IP address on the network. |
|||
==== Add/remove an alias to an existing host ==== |
|||
* Go to https://ipam.private.uwaterloo.ca |
|||
* Click on IPAM -> Networks |
|||
* Locate the appropriate network for the server |
|||
* Click on the IP address associated with the '''destination''' server (e.g., caffeine) |
|||
* If you get sent to a blank list.. click the "Address" object in the breadcrumb |
|||
* Click "Edit" under the ALIASES section on the screen |
|||
* Click "Next" twice |
|||
* Add or remove the alias to the list |
|||
* Click "OK" |
|||
== CSC DNS == |
== CSC DNS == |
||
CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20). |
|||
DNS service was terminated because it didn't work well (some problem with additional work needing to be done for some nameservers to accept delegating authority to us), nobody used it and it caused a potential security problem (which could have been fixed, but removing it was easier for the preceding reasons). |
|||
Current authoritative domains: |
|||
* csclub.cloud |
|||
* uwaterloo.club |
|||
* csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the IPAM records. |
|||
Those DNS servers are also recursive for machines located on the University network. |
|||
=== Updating records === |
|||
See an old revision of this article for more detail. |
|||
If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run <code>rndc reload</code>. |
|||
== Miscellaneous == |
== Miscellaneous == |
Latest revision as of 18:00, 16 March 2024
IST DNS
The University of Waterloo's DNS is managed through it's IP Address Management system. IST has published some information on the IST Knowledge Base.
People who have access to Infoblox:
- ztseguin
- API account located in the standard syscom place
Managing Records
There are two primary types of records that are maintained: Hosts and Aliases.
Note: Use the v4 and v6 toggles in the top left to switch between IPv4 and IPv6 networks.
Add a new host
- Go to https://ipam.private.uwaterloo.ca
- Click on IPAM -> Networks
- Locate the appropriate network for the server
- Click on the IP address that you want to register
- Set the appropriate information
- Set the "MAC" address of the machine (note: CSC networks don't use the IST DHCP system, so this is effectively ignored)
- Under "IPAM to DNS replication"
- Domain: Click the grey button next to the text box and change "Inherit" to "Set". Then select the "csclub.uwaterloo.ca" domain (or other as appropriate)
- Shortname: The machine's name (e.g., caffeine)
- At the bottom
- Add "systems-committee@csclub.uwaterloo.ca" as a Technical Contact
- Select the appropriate Pol8 Classification (usually Public)
- Click "Next"
- Click "Next"
- Add any aliases for the host (these will be created as CNAME records)
- Click "OK"
Repeat the instructions for the IPv6 entry, however you may need to click the "+" to add the IP address on the network.
Add/remove an alias to an existing host
- Go to https://ipam.private.uwaterloo.ca
- Click on IPAM -> Networks
- Locate the appropriate network for the server
- Click on the IP address associated with the destination server (e.g., caffeine)
- If you get sent to a blank list.. click the "Address" object in the breadcrumb
- Click "Edit" under the ALIASES section on the screen
- Click "Next" twice
- Add or remove the alias to the list
- Click "OK"
CSC DNS
CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20).
Current authoritative domains:
- csclub.cloud
- uwaterloo.club
- csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the IPAM records.
Those DNS servers are also recursive for machines located on the University network.
Updating records
If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run rndc reload
.
Miscellaneous
LOC Records
If we really cared, we might add a LOC record for csclub.uwaterloo.ca.
SSHFP
We could look into SSHFP records. Apparently OpenSSH supports these. (Discussion moved to Talk:DNS.)