SDI exercises related DNS server

In this part you'll transfer your current DNS configuration to a dedicated MI nameserver This one being connected to the global DNS system allows for publishing your records worldwide.

Figure 1019. Subdomain per group Slide presentation
  • Dedicated lecture related DNS server

  • One subdomain per group e.g. corresponding to group 3.

  • Zone edits require a subdomain specific hmac secret key being provided as dnsupdate.sec file in your personal group entry below the SDI course:



    The per zone secrets are being created using tsig-keygen. Value appearing here do not reflect production settings.

  • Edits become globally visible. Mind the TTL setting: A higher value means you'll have to wait longer until updates become visible.

Figure 1020. Key file location Slide presentation

Key file available in your working group below 113475 Software defined Infrastructure.

Figure 1021. Querying DNS by zone transfer Slide presentation
$ export HMAC=hmac-sha512:g03.key:YXWSeh3l... 
$ dig -y $HMAC -t AXFR 
... 10 IN      SOA 2024051551 10 10 10 10 10 IN      NS 10 IN      TXT     "Hello Nerds, how are you going? :-)" 10 IN  A 10 IN      SOA 2024051551 10 10 10 10

Figure 1022. Creating an A record Slide presentation
export HMAC=hmac-sha512:g03.key:YXWSeh3l... 

$ nsupdate -y $HMAC
> server
> update add 10 A 
> send
> quit
$ dig +noall +answer 10 IN  A
$ dig  +noall +answer @ 10 IN  A

Figure 1023. Modify by delete/create Slide presentation
$ nsupdate -y $HMAC
> server
> update delete 10 IN  A
> send
> quit
$ dig  +noall +answer @


Examples at DNS Updates with nsupdate

Due to caching it'll however take up to you SOA or record specific settings for this deletion to be reflected globally. The subsequent query result indicates another 7069 seconds to go before issuing the next update:

goik>dig +noall +answer 7069 IN A