Difference between revisions of "DNS"

From CSCWiki
Jump to navigation Jump to search
(SSHFP records)
 
(20 intermediate revisions by 4 users not shown)
Line 1: Line 1:
The University of Waterloo's DNS is managed through [http://maintain.uwaterloo.ca Maintain].
+
== IST DNS ==
  
People who have access to Maintain:
+
The University of Waterloo's DNS is managed through [https://nsbuild.uwaterloo.ca Infoblox].
* daltenty
 
* dtbartle
 
* hkarau
 
* mspang
 
  
== LOC Recrds ==
+
People who have access to Infoblox:
  
If we really cared, we might add a [http://en.wikipedia.org/wiki/LOC_record LOC record] for csclub.uwaterloo.ca.
+
* ztseguin
 +
* jxpryde
 +
* mtrberzi
 +
* API account located in the standard syscom place
 +
 
 +
== CSC DNS ==
 +
 
 +
CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20).
 +
 
 +
Current authoritative domains:
 +
 
 +
* csclub.cloud
 +
* uwaterloo.club
 +
* csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the Infoblox records.
 +
* Any zone added to Designate DNS service on CSC Cloud
 +
 
 +
 
 +
 
 +
Those DNS servers are also recursive for machines located on the University network.
 +
 
 +
=== Infoblox ===
 +
 
 +
The main DNS zone for the club (csclub.uwaterloo.ca) is managed using the University's Infoblox system.
 +
 
 +
To add a new record:
 +
 
 +
# Visit [https://nsbuild.uwaterloo.ca Infoblox]
 +
# Locate the desired network
 +
# Find a free IP address (ping and reverse DNS it to make sure it's unused)
 +
# Click add host (+)
 +
# Set the zone to csclub.uwaterloo.ca
 +
# Set the name
 +
# Add the IPv4 address, if it is not set
 +
# Add the IPv6 address, typically in the format of (2620:101:f000:$SUBNET:c5c::$LAST_OCTET_OF_V4_ADDRESS)
 +
# Click "Next"
 +
# Set Pol8 Classification to "Public"
 +
# Set Primary OU to "CS"
 +
# Set Technical Contact to "syscom@csclub.uwaterloo.ca"
 +
# Click "Save & Close"
 +
 
 +
The CSC DNS servers will update within 10 minutes with the new information.
  
== SSHFP ==
+
=== Updating records ===
 +
If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run <code>rndc reload</code>.
  
We should look into [http://tools.ietf.org/html/rfc4255 SSHFP] records. Apparently OpenSSH supports these.
+
== Miscellaneous ==
  
== SRV Records ==
+
=== LOC Records ===
  
There is currently no way to create or modify SRV records in Maintain. Hence we need to email hostmaster@ist.uwaterloo.ca to get SRV records in UW's DNS servers. The following are a list of SRV records that the CSC plans to create or has created.
+
If we really cared, we might add a [http://en.wikipedia.org/wiki/LOC_record LOC record] for csclub.uwaterloo.ca.
  
'''Kerberos'''
+
=== SSHFP ===
* _kerberos._udp.csclub.uwaterloo.ca 600 IN SRV 0 0 88 caffeine.csclub.uwaterloo.ca.
 
* _kerberos._udp.csclub.uwaterloo.ca 600 IN SRV 10 0 88 perpugilliam.csclub.uwaterloo.ca.
 
* _kerberos-master._udp.csclub.uwaterloo.ca 600 IN SRV 0 0 88 caffeine.csclub.uwaterloo.ca.
 
* _kerberos-adm._tcp.csclub.uwaterloo.ca 600 IN SRV 0 0 749 caffeine.csclub.uwaterloo.ca.
 
* _kpasswd._udp.csclub.uwaterloo.ca 600 IN SRV 0 0 464 caffeine.csclub.uwaterloo.ca.
 
  
'''LDAP'''
+
We could look into [http://tools.ietf.org/html/rfc4255 SSHFP] records. Apparently OpenSSH supports these. (Discussion moved to [[Talk:DNS]].)
* _ldap._tcp.csclub.uwaterloo.ca 600 IN SRV 0 0 389 caffeine.csclub.uwaterloo.ca.
 
* _ldap._tcp.csclub.uwaterloo.ca 600 IN SRV 10 0 389 perpugilliam.csclub.uwaterloo.ca.
 
* _ldaps._tcp.csclub.uwaterloo.ca 600 IN SRV 0 0 636 caffeine.csclub.uwaterloo.ca.
 
* _ldaps._tcp.csclub.uwaterloo.ca 600 IN SRV 10 0 636 perpugilliam.csclub.uwaterloo.ca.
 
  
'''Jabber''' (already present, but should get updated as they point to peri)
+
[[Category:Systems]]
* _xmpp-server._tcp.csclub.uwaterloo.ca 600 IN SRV 0 0 5269 caffeine.csclub.uwaterloo.ca.
 
* _xmpp-client._tcp.csclub.uwaterloo.ca 600 IN SRV 0 0 5222 caffeine.csclub.uwaterloo.ca.
 
* _jabber._tcp.csclub.uwaterloo.ca 600 IN SRV 0 0 5269 caffeine.csclub.uwaterloo.ca.
 

Latest revision as of 15:01, 14 May 2021

IST DNS

The University of Waterloo's DNS is managed through Infoblox.

People who have access to Infoblox:

  • ztseguin
  • jxpryde
  • mtrberzi
  • API account located in the standard syscom place

CSC DNS

CSC hosts some authoritative dns services on ext-dns1.csclub.uwaterloo.ca (129.97.134.4/2620:101:f000:4901:c5c::4) and ext-dns2.csclub.uwaterloo.ca (129.97.18.20/2620:101:f000:7300:c5c::20).

Current authoritative domains:

  • csclub.cloud
  • uwaterloo.club
  • csclub.uwaterloo.ca: A script (/opt/bindify/update-dns on dns1) runs every 10 minutes to populate this zone from the Infoblox records.
  • Any zone added to Designate DNS service on CSC Cloud


Those DNS servers are also recursive for machines located on the University network.

Infoblox

The main DNS zone for the club (csclub.uwaterloo.ca) is managed using the University's Infoblox system.

To add a new record:

  1. Visit Infoblox
  2. Locate the desired network
  3. Find a free IP address (ping and reverse DNS it to make sure it's unused)
  4. Click add host (+)
  5. Set the zone to csclub.uwaterloo.ca
  6. Set the name
  7. Add the IPv4 address, if it is not set
  8. Add the IPv6 address, typically in the format of (2620:101:f000:$SUBNET:c5c::$LAST_OCTET_OF_V4_ADDRESS)
  9. Click "Next"
  10. Set Pol8 Classification to "Public"
  11. Set Primary OU to "CS"
  12. Set Technical Contact to "syscom@csclub.uwaterloo.ca"
  13. Click "Save & Close"

The CSC DNS servers will update within 10 minutes with the new information.

Updating records

If you manually update a record in the dns1 container (somewhere in /etc/bind), make sure you also update the serial number for the SOA record for the corresponding zone. Then, run rndc reload.

Miscellaneous

LOC Records

If we really cared, we might add a LOC record for csclub.uwaterloo.ca.

SSHFP

We could look into SSHFP records. Apparently OpenSSH supports these. (Discussion moved to Talk:DNS.)