DNS: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
No edit summary
(Add instructions for the new IPAM system)
 
(26 intermediate revisions by 6 users not shown)
Line 1: Line 1:
== IST DNS ==
The University of Waterloo's DNS is managed through [http://maintain.uwaterloo.ca Maintain].


The University of Waterloo's DNS is managed through it's [https://ipam.private.uwaterloo.ca IP Address Management system]. IST has published some information on the [https://uwaterloo.atlassian.net/wiki/spaces/ISTKB/pages/43401052394/IP+Address+Management IST Knowledge Base].
People who have access to Maintain:
* daltenty
* dtbartle
* hkarau
* mspang


People who have access to Infoblox:
== LOC Recrds ==


* ztseguin
If really cared, we might add a [http://en.wikipedia.org/wiki/LOC_record LOC record] for csclub.uwaterloo.ca.
* API account located in the standard syscom place


== SRV Records ==
=== Managing Records ===
There are two primary types of records that are maintained: Hosts and Aliases.


''Note: Use the v4 and v6 toggles in the top left to switch between IPv4 and IPv6 networks.''
There is currently no way to create or modify SRV records in Maintain. Hence we need to email hostmaster@ist.uwaterloo.ca to get SRV records in UW's DNS servers. The following are a list of SRV records that the CSC plans to create or has created. Records are formatted as:


==== Add a new host ====
Priority Weight Port Target


# Go to https://ipam.private.uwaterloo.ca
'''Kerberos'''
# Click on IPAM -> Networks
* _kerberos._udp.csclub.uwaterloo.ca
# Locate the appropriate network for the server
** 0 0 88 caffeine.csclub.uwaterloo.ca
# Click on the IP address that you want to register
** 10 0 88 perpugilliam.csclub.uwaterloo.ca
# Set the appropriate information
* _kerberos-master._udp
## Set the "MAC" address of the machine (''note: CSC networks don't use the IST DHCP system, so this is effectively ignored'')
** 0 0 88 caffeine.csclub.uwaterloo.ca
## Under "IPAM to DNS replication"
* _kerberos-adm._tcp
### Domain: Click the grey button next to the text box and change "Inherit" to "Set". Then select the "csclub.uwaterloo.ca" domain (or other as appropriate)
** 0 0 749 caffeine.csclub.uwaterloo.ca
### Shortname: The machine's name (e.g., caffeine)
* _kpasswd._udp
## At the bottom
** 0 0 464 caffeine.csclub.uwaterloo.ca
### Add "systems-committee@csclub.uwaterloo.ca" as a Technical Contact
### Select the appropriate Pol8 Classification (usually Public)
# Click "Next"
# Click "Next"
# Add any aliases for the host (these will be created as CNAME records)
# Click "OK"


Repeat the instructions for the IPv6 entry, however you may need to click the "+" to add the IP address on the network.
'''LDAP'''
* _ldap._tcp.csclub.uwaterloo.ca
** 0 0 389 caffeine.csclub.uwaterloo.ca
** 10 0 389 perpugilliam.csclub.uwaterloo.ca
* _ldaps._tcp.cslcub.uwaterloo.ca
** 0 0 636 caffeine.csclub.uwaterloo.ca
** 10 0 636 perpugilliam.csclub.uwaterloo.ca
* _ldaps._tcp.cslcub.uwaterloo.ca


==== Add/remove an alias to an existing host ====
'''Jabber''' (already present, but should get updated as they point to peri)

* _xmpp-server._tcp.csclub.uwaterloo.ca
** 0 0 5269 caffeine.csclub.uwaterloo.ca
* Go to https://ipam.private.uwaterloo.ca
* Click on IPAM -> Networks
* _xmpp-client._tcp.csclub.uwaterloo.ca
* Locate the appropriate network for the server
** 0 0 5222 caffeine.csclub.uwaterloo.ca
* Click on the IP address associated with the '''destination''' server (e.g., caffeine)
* _jabber._tcp.csclub.uwaterloo.ca
* If you get sent to a blank list.. click the "Address" object in the breadcrumb
** 0 0 5269 caffeine.csclub.uwaterloo.ca
* Click "Edit" under the ALIASES section on the screen
* Click "Next" twice
* Add or remove the alias to the list
* Click "OK"

== CSC DNS ==

CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20).

Current authoritative domains:

* csclub.cloud
* uwaterloo.club
* csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the IPAM records.

Those DNS servers are also recursive for machines located on the University network.

=== Updating records ===
If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run <code>rndc reload</code>.

== Miscellaneous ==

=== LOC Records ===

If we really cared, we might add a [http://en.wikipedia.org/wiki/LOC_record LOC record] for csclub.uwaterloo.ca.

=== SSHFP ===

We could look into [http://tools.ietf.org/html/rfc4255 SSHFP] records. Apparently OpenSSH supports these. (Discussion moved to [[Talk:DNS]].)

[[Category:Systems]]

Latest revision as of 18:00, 16 March 2024

IST DNS

The University of Waterloo's DNS is managed through it's IP Address Management system. IST has published some information on the IST Knowledge Base.

People who have access to Infoblox:

  • ztseguin
  • API account located in the standard syscom place

Managing Records

There are two primary types of records that are maintained: Hosts and Aliases.

Note: Use the v4 and v6 toggles in the top left to switch between IPv4 and IPv6 networks.

Add a new host

  1. Go to https://ipam.private.uwaterloo.ca
  2. Click on IPAM -> Networks
  3. Locate the appropriate network for the server
  4. Click on the IP address that you want to register
  5. Set the appropriate information
    1. Set the "MAC" address of the machine (note: CSC networks don't use the IST DHCP system, so this is effectively ignored)
    2. Under "IPAM to DNS replication"
      1. Domain: Click the grey button next to the text box and change "Inherit" to "Set". Then select the "csclub.uwaterloo.ca" domain (or other as appropriate)
      2. Shortname: The machine's name (e.g., caffeine)
    3. At the bottom
      1. Add "systems-committee@csclub.uwaterloo.ca" as a Technical Contact
      2. Select the appropriate Pol8 Classification (usually Public)
  6. Click "Next"
  7. Click "Next"
  8. Add any aliases for the host (these will be created as CNAME records)
  9. Click "OK"

Repeat the instructions for the IPv6 entry, however you may need to click the "+" to add the IP address on the network.

Add/remove an alias to an existing host

  • Go to https://ipam.private.uwaterloo.ca
  • Click on IPAM -> Networks
  • Locate the appropriate network for the server
  • Click on the IP address associated with the destination server (e.g., caffeine)
  • If you get sent to a blank list.. click the "Address" object in the breadcrumb
  • Click "Edit" under the ALIASES section on the screen
  • Click "Next" twice
  • Add or remove the alias to the list
  • Click "OK"

CSC DNS

CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20).

Current authoritative domains:

  • csclub.cloud
  • uwaterloo.club
  • csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the IPAM records.

Those DNS servers are also recursive for machines located on the University network.

Updating records

If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run rndc reload.

Miscellaneous

LOC Records

If we really cared, we might add a LOC record for csclub.uwaterloo.ca.

SSHFP

We could look into SSHFP records. Apparently OpenSSH supports these. (Discussion moved to Talk:DNS.)