Data Networking/Spring 2015/PABR


Project Team Members

edit
  1. Preetam Patil
  2. Apurva Sharma
  3. Bhaskar Balasubramanyam
  4. Renjith Prasad

Overview of the project

edit

Project is to build a DNS Server, DHCP server and a WEB server hosting a web page using Linux. DHCP server will provide IP address to all the devices connected in its network. DNS server will resolve the IP address of the given domain name so that the client computer could start its communication. Web Server will host a HTML page. We have also implement security by adding firewalls at webserver in order to make the system secure and reliable

Requirement of the Project

edit

We need to have a Linux based OS. We need to install bind9 for DNS server ,apache2 for webserver and ISC-DHCP-SERVER for DHCP server.

Step-by-Step Procedure to implement the project

edit
Domain Name Server (DNS):
edit
  • Implementation of DNS server.

Commands used for Implementation of DNS server

Step 1: For this project the BIND9 DNS server is used. Below command is used to Setting up a Bind DNS server on Ubuntu

sudo apt-get install bind9

Step 2: Make changes in named.conf.options and named.conf.local files for the configuration of DNS server:
Configuration in named.conf.options file:

forwarders { 
                8.7.8.8; 
                8.8.4.4; 
           }; 

Step 3: Create the forward lookup zone and for the reverse lookup zone in named.conf.local file

Configuration in named.conf.local file:

1)FORWARD look up zones 
zone "DNlinux.com" { 
        type master; 
        file "/etc/bind/db.DNlinux.com"; 
        allow-transfer {192.168.43.3;}; 
}; 
2)REVERSE look up zones
zone "43.168.192.in-addr.arpa" { 
        type master; 
        file "/etc/bind/db.192"; 
        allow-transfer {192.168.43.3;}; 
}; 

Step 4: Create a Forward lookup zone file: db.DNlinux.com. The forward lookup zone is created in directory /etc/bind/

Configuration in forward lookup zone file db.DNlinux.com:

$TTL    86400 
@       IN      SOA     DNlinux.com. root.DNlinux.com. ( 
                              2         ; Serial 
                         604800         ; Refresh 
                          86400         ; Retry 
                        2419200         ; Expire 
                          86400 )       ; Negative Cache TTL 
; 
@       IN      NS      DNlinux.com. 
@       IN      A       192.168.43.118 
name    IN      A       192.168.43.9 
www     IN      CNAME   name 

Step 5: Create a reverse lookup zone file: db.192. The reverse lookup zone is created in directory /etc/bind/

Configuration in reverse lookup zone file db.192:

$TTL    604800 
@       IN      SOA     DNlinux.com. root.DNlinux.com. ( 
                              2         ; Serial 
                         604800         ; Refresh 
                          86400         ; Retry 
                        2419200         ; Expire 
                         604800 )       ; Negative Cache TTL 
; 
@       IN      NS      DNlinux.com. 
118     IN      PTR     DNlinux.com. 
9      IN      PTR      mail.DNlinux.com. 
9      IN      PTR     www.DNlinux.com. 

Dynamic Host Configuration Protocol (DHCP):
edit

Commands used for implementation of DHCP:

Step 1: Install the isc-dhcp-server package

sudo apt-get install isc-dhcp-server <br>

Step 2: Edit the Configuration file to configure the DHCP server with information for the Scope, Superscope, Address Pool, Exclusion Range, Reservation and lease.

sudo cp dhcpd.conf dhcpd-backup.conf
sudo gedit dhcpd.conf
{
ddns-update-style none; 
shared-network foo.foo { 
For Wifi Hot spot 
A slightly different configuration for an internal subnet. 
subnet 192.168.43.0 netmask 255.255.255.0 { 
range 192.168.43.10 192.168.43.150;
range 192.168.43.170 192.168.43.220;
so 151 to 169 is excluded 
option domain-name-servers 192.168.43.2, 192.168.43.3; 
option domain-name "internal.example.org";
option routers 192.168.43.1;
option broadcast-address 192.168.43.255;
default-lease-time 600;
max-lease-time 7200; }
For #1115A slightly different configuration for an internal subnet.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
option domain-name-servers 192.168.1.1, 8.8.4.4; 
option domain-name "internal.example.org";
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;  
default-lease-time 600;
max-lease-time 7200; 
}
}  end of foo.foo
host apurva {   hardware ethernet 00:0c:29:2d:04:9b;    
fixed-address 192.168.43.2;
for dns    option domain-name-servers 192.168.43.2, 192.168.43.3; } 
host apurva-slave
{   
hardware ethernet 00:0c:29:98:82:29;    
fixed-address 192.168.43.3;

--for slave dns 
option domain-name-servers 192.168.43.2, 192.168.43.3; } <br>  
host renjith-WS
{   
hardware ethernet 00:0c:29:c3:71:73;    
fixed-address 192.168.43.118;
option domain-name-servers 192.168.43.2, 192.168.43.3; }
}

Step 3: Configure the interfaces file to include the interface (eth0) along with the ip address, gateway, dns-nameservers.

sudo gedit /etc/network/interfaces 

Step 4: Add the interface (eth0) to the isc-dhcp-server file

sudo gedit /etc/default/isc-dhcp-server 

Step 5: Start the dhcp service

sudo service isc-dhcp-server start 

Step 6: – You can check the leased addresses in the /var/lib/dhcp/dhcp-leases file

Web Server
edit

Step 1: Commands used for implementation of Web server:

The command sudo apt-get install apache2 will install the apache2 web server software on the host machine. The apache2 web server comes with a basic html page, which will be your localhost webpage

Step 2: Editing the Webpage

In order to edit the webpage for creating own user interface, the command cd /var/www/html/index.html is used. 


Firewall
edit

Firewall is configured using iptables , which is easy to use, and it used iptables for storing its rules. The commands used for configuring and setting rules are: Initially, the firewall is configured so as to accept all connections. For that

sudo iptables – A INPUT –m conntrack -–ctstate ESTABLISHED,RELATED –j ACCEPT command is queried. 
Sudo iptables –A INPUT –p tcp –dport 22 –j ACCEPT,  
Sudo iptables –A INPUT –p tcp –dport 80 –j ACCEPT,  
Sudo iptables –A INPUT –j DROP, 
Sudo iptables –I INPUT 1 –i lo –j ACCEPT, 
Sudo Iptables –N port –scan 

Future Implementation

edit

1) Increasing the security of the DNS server by providing Digital certificate and access authentications.
2) Increasing the cache rate of the DNS server by implementing the concept of piggybacking.
3) Increase the security at web servers by implementing SSL service.
4) Implementation of the backup server for DHCP. Whenever the primary DHCP server fails we can use the secondary backup server.
5) Implementation of proxy server in order reduce the network traffic and RTT time to load the page.
6) Implementation of IPV6 protocol. IPV6 allows to send larger datagram as compared to IPV4.

References

edit

1) https://help.ubuntu.com/community/BIND9ServerHowto
2) https://ubuntuforums.org
3) Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross
4) Computer Networks (5th Edition) Andrew S. Tanenbaum