NetworkNamespaceDNS.DE.html

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2024-02-29 Do 11:02 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Virtuelle Netzwerke (Teil II): DNS</title>
<meta name="author" content="Sebastian Meisel" />
<meta name="generator" content="Org Mode" />
<style>
  #content { max-width: 60em; margin: auto; }
  .title  { text-align: center;
             margin-bottom: .2em; }
  .subtitle { text-align: center;
              font-size: medium;
              font-weight: bold;
              margin-top:0; }
  .todo   { font-family: monospace; color: red; }
  .done   { font-family: monospace; color: green; }
  .priority { font-family: monospace; color: orange; }
  .tag    { background-color: #eee; font-family: monospace;
            padding: 2px; font-size: 80%; font-weight: normal; }
  .timestamp { color: #bebebe; }
  .timestamp-kwd { color: #5f9ea0; }
  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
  .underline { text-decoration: underline; }
  #postamble p, #preamble p { font-size: 90%; margin: .2em; }
  p.verse { margin-left: 3%; }
  pre {
    border: 1px solid #e6e6e6;
    border-radius: 3px;
    background-color: #f2f2f2;
    padding: 8pt;
    font-family: monospace;
    overflow: auto;
    margin: 1.2em;
  }
  pre.src {
    position: relative;
    overflow: auto;
  }
  pre.src:before {
    display: none;
    position: absolute;
    top: -8px;
    right: 12px;
    padding: 3px;
    color: #555;
    background-color: #f2f2f299;
  }
  pre.src:hover:before { display: inline; margin-top: 14px;}
  /* Languages per Org manual */
  pre.src-asymptote:before { content: 'Asymptote'; }
  pre.src-awk:before { content: 'Awk'; }
  pre.src-authinfo::before { content: 'Authinfo'; }
  pre.src-C:before { content: 'C'; }
  /* pre.src-C++ doesn't work in CSS */
  pre.src-clojure:before { content: 'Clojure'; }
  pre.src-css:before { content: 'CSS'; }
  pre.src-D:before { content: 'D'; }
  pre.src-ditaa:before { content: 'ditaa'; }
  pre.src-dot:before { content: 'Graphviz'; }
  pre.src-calc:before { content: 'Emacs Calc'; }
  pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
  pre.src-fortran:before { content: 'Fortran'; }
  pre.src-gnuplot:before { content: 'gnuplot'; }
  pre.src-haskell:before { content: 'Haskell'; }
  pre.src-hledger:before { content: 'hledger'; }
  pre.src-java:before { content: 'Java'; }
  pre.src-js:before { content: 'Javascript'; }
  pre.src-latex:before { content: 'LaTeX'; }
  pre.src-ledger:before { content: 'Ledger'; }
  pre.src-lisp:before { content: 'Lisp'; }
  pre.src-lilypond:before { content: 'Lilypond'; }
  pre.src-lua:before { content: 'Lua'; }
  pre.src-matlab:before { content: 'MATLAB'; }
  pre.src-mscgen:before { content: 'Mscgen'; }
  pre.src-ocaml:before { content: 'Objective Caml'; }
  pre.src-octave:before { content: 'Octave'; }
  pre.src-org:before { content: 'Org mode'; }
  pre.src-oz:before { content: 'OZ'; }
  pre.src-plantuml:before { content: 'Plantuml'; }
  pre.src-processing:before { content: 'Processing.js'; }
  pre.src-python:before { content: 'Python'; }
  pre.src-R:before { content: 'R'; }
  pre.src-ruby:before { content: 'Ruby'; }
  pre.src-sass:before { content: 'Sass'; }
  pre.src-scheme:before { content: 'Scheme'; }
  pre.src-screen:before { content: 'Gnu Screen'; }
  pre.src-sed:before { content: 'Sed'; }
  pre.src-sh:before { content: 'shell'; }
  pre.src-sql:before { content: 'SQL'; }
  pre.src-sqlite:before { content: 'SQLite'; }
  /* additional languages in org.el's org-babel-load-languages alist */
  pre.src-forth:before { content: 'Forth'; }
  pre.src-io:before { content: 'IO'; }
  pre.src-J:before { content: 'J'; }
  pre.src-makefile:before { content: 'Makefile'; }
  pre.src-maxima:before { content: 'Maxima'; }
  pre.src-perl:before { content: 'Perl'; }
  pre.src-picolisp:before { content: 'Pico Lisp'; }
  pre.src-scala:before { content: 'Scala'; }
  pre.src-shell:before { content: 'Shell Script'; }
  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
  /* additional language identifiers per "defun org-babel-execute"
       in ob-*.el */
  pre.src-cpp:before  { content: 'C++'; }
  pre.src-abc:before  { content: 'ABC'; }
  pre.src-coq:before  { content: 'Coq'; }
  pre.src-groovy:before  { content: 'Groovy'; }
  /* additional language identifiers from org-babel-shell-names in
     ob-shell.el: ob-shell is the only babel language using a lambda to put
     the execution function name together. */
  pre.src-bash:before  { content: 'bash'; }
  pre.src-csh:before  { content: 'csh'; }
  pre.src-ash:before  { content: 'ash'; }
  pre.src-dash:before  { content: 'dash'; }
  pre.src-ksh:before  { content: 'ksh'; }
  pre.src-mksh:before  { content: 'mksh'; }
  pre.src-posh:before  { content: 'posh'; }
  /* Additional Emacs modes also supported by the LaTeX listings package */
  pre.src-ada:before { content: 'Ada'; }
  pre.src-asm:before { content: 'Assembler'; }
  pre.src-caml:before { content: 'Caml'; }
  pre.src-delphi:before { content: 'Delphi'; }
  pre.src-html:before { content: 'HTML'; }
  pre.src-idl:before { content: 'IDL'; }
  pre.src-mercury:before { content: 'Mercury'; }
  pre.src-metapost:before { content: 'MetaPost'; }
  pre.src-modula-2:before { content: 'Modula-2'; }
  pre.src-pascal:before { content: 'Pascal'; }
  pre.src-ps:before { content: 'PostScript'; }
  pre.src-prolog:before { content: 'Prolog'; }
  pre.src-simula:before { content: 'Simula'; }
  pre.src-tcl:before { content: 'tcl'; }
  pre.src-tex:before { content: 'TeX'; }
  pre.src-plain-tex:before { content: 'Plain TeX'; }
  pre.src-verilog:before { content: 'Verilog'; }
  pre.src-vhdl:before { content: 'VHDL'; }
  pre.src-xml:before { content: 'XML'; }
  pre.src-nxml:before { content: 'XML'; }
  /* add a generic configuration mode; LaTeX export needs an additional
     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
  pre.src-conf:before { content: 'Configuration File'; }

  table { border-collapse:collapse; }
  caption.t-above { caption-side: top; }
  caption.t-bottom { caption-side: bottom; }
  td, th { vertical-align:top;  }
  th.org-right  { text-align: center;  }
  th.org-left   { text-align: center;   }
  th.org-center { text-align: center; }
  td.org-right  { text-align: right;  }
  td.org-left   { text-align: left;   }
  td.org-center { text-align: center; }
  dt { font-weight: bold; }
  .footpara { display: inline; }
  .footdef  { margin-bottom: 1em; }
  .figure { padding: 1em; }
  .figure p { text-align: center; }
  .equation-container {
    display: table;
    text-align: center;
    width: 100%;
  }
  .equation {
    vertical-align: middle;
  }
  .equation-label {
    display: table-cell;
    text-align: right;
    vertical-align: middle;
  }
  .inlinetask {
    padding: 10px;
    border: 2px solid gray;
    margin: 10px;
    background: #ffffcc;
  }
  #org-div-home-and-up
   { text-align: right; font-size: 70%; white-space: nowrap; }
  textarea { overflow-x: auto; }
  .linenr { font-size: smaller }
  .code-highlighted { background-color: #ffff00; }
  .org-info-js_info-navigation { border-style: none; }
  #org-info-js_console-label
    { font-size: 10px; font-weight: bold; white-space: nowrap; }
  .org-info-js_search-highlight
    { background-color: #ffff00; color: #000000; font-weight: bold; }
  .org-svg { }
</style>
<link rel="stylesheet" type="text/css" href="mystyle.css" />
</head>
<body>
<div id="content" class="content">
<h1 class="title">Virtuelle Netzwerke (Teil II): DNS</h1>


<div id="org32bbaa4" class="figure">
<p><img src="img/Ostseepinguin.png" alt="Das Ostseepinguin-Banner zeigt einen Ostseepinguin am Strand." width="100%" />
</p>
</div>

<input type="checkbox" id="darkmode-toggle">
<label for="darkmode-toggle"></label></input>
<script src="script.js"></script>

<div class="menu" id="orgd2073d1">
<p>
<a href="NetworkNamespaceDNS.html">🇺🇸 EN</a>
</p>
<ul class="org-ul">
<li>&gt; <a href="index.DE.html">Home</a></li>
<li>&gt; <a href="NetworkNamespace.DE.html">Part I</a></li>
</ul>

<hr />
<p width="16px" alt="Mastodon">
<img src="img/Mastodon.png" alt="Mastodon" width="16px" /> <a href="https://emacs.ch/@SebasTEAan">https://emacs.ch/@SebasTEAan</a>
</p>

<p>
📧 <a href="mailto:sebastian.meisel+ostseepinguin@gmail.com">sebastian.meisel at gmail.com</a>
</p>

</div>

<div id="outline-container-org543153e" class="outline-2">
<h2 id="org543153e">DNS zum virtuellen Netzwerk hinzufügen</h2>
<div class="outline-text-2" id="text-org543153e">
<p>
In Teil I haben wir ein kleines geswitchtes Netzwerk zwischen drei virtuellen Geräten erstellt, von denen jedes in seiner eigenen Namensraum (<code>red</code>, <code>green</code> und <code>blue</code>) platziert wurde. Wir haben sie mit einem (Open) Virtual Switch mit drei Ports (<code>veth-r</code>, <code>veth-g</code> und <code>veth-b</code>) verbunden. Die gesamte Topologie sieht wie folgt aus:
</p>


<div id="orgf573070" class="figure">
<p><img src="img/ovs-net.png" alt="Netzwerkdiagramm, das die Beziehung zwischen den Namensräumen gemäß des obigen Absatzes zeigt." width="50%" />
</p>
<p><span class="figure-number">Figure 1: </span>Netzwerkdiagramm</p>
</div>

<p>
Nun möchten wir DNS<sup><a id="fnr.1" class="footref" href="#fn.1" role="doc-backlink">1</a></sup> hinzufügen.
</p>
</div>

<div id="outline-container-org7676e82" class="outline-3">
<h3 id="org7676e82">Installation von Bind</h3>
<div class="outline-text-3" id="text-org7676e82">
<p>
Dafür müssen wir zuerst einen DNS-Server installieren. Es gibt einige Optionen wie <a href="https://thekelleys.org.uk/dnsmasq/doc.html">dnsmasq</a> oder <a href="https://cr.yp.to/djbdns/">djbdns</a>, aber wir bleiben bei <a href="https://www.isc.org/bind/">bind9</a> als dem quasi Standard für DNS-Server.
</p>

<div class="org-src-container">
<pre class="src src-bash"><span style="color: #b6a0ff;">if</span> [ -f /etc/os-release ]; <span style="color: #b6a0ff;">then</span>
    <span style="color: #f78fe7;">.</span> /etc/os-release
<span style="color: #b6a0ff;">else</span>
    <span style="color: #f78fe7;">echo</span> <span style="color: #79a8ff;">"Die Linux-Distribution konnte nicht bestimmt werden."</span>
    <span style="color: #b6a0ff;">exit</span> 1
<span style="color: #b6a0ff;">fi</span>

<span style="color: #b6a0ff;">case</span> ${<span style="color: #00d3d0;">ID_LIKE</span>%% *} <span style="color: #b6a0ff;">in</span>
  debian|ubuntu)
      sudo apt install -y bind  
      ;;
  fedora|rhel|centos)
      sudo yum install -y bind
      ;;
  suse|opensuse)
      sudo zypper install -y bind 
      ;;
  arch)
      sudo pacman -Syu bind
      ;;
  *)
      <span style="color: #f78fe7;">echo</span> <span style="color: #79a8ff;">"Nicht unterst&#252;tzte Distribution."</span>
      <span style="color: #b6a0ff;">exit</span> 1
    ;;
<span style="color: #b6a0ff;">esac</span>
<span style="color: #b6a0ff;">if</span>  [[ $<span style="color: #00d3d0;">ID</span> == arch ]]; <span style="color: #b6a0ff;">then</span>
    sudo pacman -Syu bind
<span style="color: #b6a0ff;">else</span>    
    <span style="color: #f78fe7;">echo</span> <span style="color: #79a8ff;">"Nicht unterst&#252;tzte Distribution."</span>
    <span style="color: #b6a0ff;">exit</span> 1
<span style="color: #b6a0ff;">fi</span>
</pre>
</div>
</div>
</div>

<div id="outline-container-org136c88f" class="outline-3">
<h3 id="org136c88f">Erstellen von Konfigurationsverzeichnissen für Namensräume</h3>
<div class="outline-text-3" id="text-org136c88f">
<p>
Als Nächstes benötigen wir ein Konfigurationsverzeichnis für jeden Netzwerk-Namensraum. Darin suchen alle Anwendungen, die Netzwerk-Namensräume kennen, nach Konfigurationsdateien, relativ zu ihrem 'normalen' Platz im <code>/etc/</code> Verzeichnis.
</p>

<div class="org-src-container">
<pre class="src src-bash">sudo mkdir -p /etc/netns/{red,green,blue}
</pre>
</div>
</div>
</div>

<div id="outline-container-orgd6ce65f" class="outline-3">
<h3 id="orgd6ce65f">Erstellen der Konfigurationsdateien für Bind</h3>
<div class="outline-text-3" id="text-orgd6ce65f">
<p>
Wir möchten den DNS im <code>blue</code> Namensraum ausführen. Daher erstellen wir zuerst das <code>bind</code> Verzeichnis in <code>/etc/netns/blue/</code>.
</p>

<div class="org-src-container">
<pre class="src src-bash">sudo mkdir -p /etc/netns/blue/bind/zones
</pre>
</div>

<p>
Jetzt müssen wir die Datei <code>/etc/netns/blue/bind/named.conf.local</code> erstellen und bearbeiten, zuerst eine <code>forward zone</code> hinzufügen.
</p>

<div class="org-src-container">
<pre class="src src-config">zone "col.or" {
    type master;
    file "/etc/bind/zones/db.col.or";
};
</pre>
</div>

<p>
Jetzt fügen wir die <code>reverse zone</code> für unser virtuelles Netzwerk (<code>10.0.0.0/24</code>) hinzu:
</p>

<div class="org-src-container">
<pre class="src src-config">zone "0.0.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.0.0.10";
};
</pre>
</div>

<p>
Schließlich müssen wir DNSSEC deaktivieren, da wir keine Berechtigung für das zugehörige Schlüsselverzeichnis haben.
</p>

<div class="org-src-container">
<pre class="src src-config">dnssec-enable no
</pre>
</div>
</div>

<div id="outline-container-org14d3298" class="outline-4">
<h4 id="org14d3298">Forward-Zone</h4>
<div class="outline-text-4" id="text-org14d3298">
<p>
Wir müssen die tatsächlichen Zonendateien erstellen und bearbeiten. Zuerst <code>/etc/netns/blue/bind/zone/db.col.or</code>.
</p>

<div class="org-src-container">
<pre class="src src-config">; BIND-Datendatei für die lokale Loopback-Schnittstelle

$TTL    604800
@       IN      SOA           col.or. admin.col.or. (
                            205         ; Seriennummer
                         604800         ; Aktualisierung
                          86400         ; Wiederholung
                        2419200         ; Ablauf
                         604800 )       ; Negative Cache-TTL

@      IN      NS          ns.col.or.

ns     IN      A       10.0.0.4

red    IN      A       10.0.0.2
green  IN      A       10.0.0.3
blue   IN      CNAME   ns.col.or.
</pre>
</div>
</div>
</div>

<div id="outline-container-org6828d44" class="outline-4">
<h4 id="org6828d44">Reverse Zone</h4>
<div class="outline-text-4" id="text-org6828d44">
<p>
Wir benötigen auch die Datei <code>/etc/netns/blue/bind/zone/db.0.0.10</code>.
</p>

<div class="org-src-container">
<pre class="src src-config">; BIND-Reverse-Daten-Datei für die lokale Loopback-Schnittstelle

$TTL    604800
@    IN    SOA    col.or. admin.col.or. (
                200        ; Seriennummer
             604800        ; Aktualisierung
              86400        ; Wiederholung
            2419200        ; Ablauf
             604800 )    ; Negative Cache-TTL


@    IN      NS      ns.col.or.
ns   IN      A       10.0.0.4

4    IN      PTR     ns.col.or.
2    IN      PTR     red.col.or.
3    IN      PTR     green.col.or.
</pre>
</div>
</div>
</div>
</div>

<div id="outline-container-orgdb9a194" class="outline-3">
<h3 id="orgdb9a194">(Wieder)Generieren des virtuellen Netzwerks</h3>
<div class="outline-text-3" id="text-orgdb9a194">
<p>
Nun ist es an der Zeit, das virtuelle Netzwerk aus dem ersten Teil (neu) zu generieren. Dazu müssen wir <a href="https://github.com/SebastianMeisel/Ostseepinguin/blob/main/files/ovs.sh">ovs.sh</a> einbinden.
</p>

<div class="org-src-container">
<pre class="src src-bash"><span style="color: #00d3d0;">CWD</span>=$(<span style="color: #f78fe7;">dirname $(find /home/ -type f -name db.col.or</span>))
<span style="color: #f78fe7;">.</span> ${<span style="color: #00d3d0;">CWD</span>}/files/ovs.sh
</pre>
</div>

<p>
Wir können jetzt die Zonen-Dateien auf Syntaxfehler überprüfen und hoffen, keine Fehlermeldungen zu erhalten:
</p>

<div class="org-src-container">
<pre class="src src-bash">blue named-checkzone col.or db.col.or
blue named-checkzone col.or db.0.0.10
</pre>
</div>
</div>
</div>

<div id="outline-container-org431abcd" class="outline-3">
<h3 id="org431abcd">Erstellen von resolv.conf-Dateien</h3>
<div class="outline-text-3" id="text-org431abcd">
<p>
Schließlich müssen wir den virtuellen Hosts mitteilen, wo der Nameserver zu finden ist, indem wir <code>resolv.conf</code> in <code>/etc/netns/red/</code>, <code>/etc/netns/green/</code> und <code>/etc/netns/blue/</code> erstellen.
</p>

<div class="org-src-container">
<pre class="src src-config">nameserver 10.0.0.4
</pre>
</div>
</div>
</div>

<div id="outline-container-org7f6a3c0" class="outline-3">
<h3 id="org7f6a3c0">Starten des named-Dienstes</h3>
<div class="outline-text-3" id="text-org7f6a3c0">
<p>
Es ist nun an der Zeit, den DNS-Server im blauen Namensraum zu starten und zu testen. Dafür müssen wir ihn aus einem global beschreibbaren Verzeichnis starten.
</p>

<div class="org-src-container">
<pre class="src src-bash"><span style="color: #00d3d0;">RUNDIR</span>=$(<span style="color: #f78fe7;">mktemp -d blue_named_run_XXXXX</span>)
chmod 777 ${<span style="color: #00d3d0;">RUNDIR</span>}
<span style="color: #f78fe7;">cd</span> ${<span style="color: #00d3d0;">RUNDIR</span>}
blue named -c /etc/bind/named.conf.local
</pre>
</div>

<div class="org-src-container">
<pre class="src src-bash">red nslookup green.col.or
</pre>
</div>
</div>
</div>
</div>


<div id="outline-container-org10b96d7" class="outline-2">
<h2 id="org10b96d7">Anerkennung</h2>
<div class="outline-text-2" id="text-org10b96d7">
<p>
Das meiste von dem, was ich in diesem Teil getan habe, basiert auf <a href="https://ba1ajinaidu.hashnode.dev/how-to-configure-bind-as-a-private-network-dns-server-on-linux-network-namespaces">Balajinaidus Blog</a> zu diesem Thema.
</p>
</div>
</div>

<div id="outline-container-org0df0dfe" class="outline-2">
<h2 id="org0df0dfe">Fußnoten</h2>
<div class="outline-text-2" id="text-org0df0dfe">
</div>
</div>
<div id="footnotes">
<h2 class="footnotes">Footnotes: </h2>
<div id="text-footnotes">

<div class="footdef"><sup><a id="fn.1" class="footnum" href="#fnr.1" role="doc-backlink">1</a></sup> <div class="footpara" role="doc-footnote"><p class="footpara">
<b>Domain Name Service:</b> ordnet einem Full-Qualified-Domainnamen wie <code>www.kernel.org</code> eine IP-Adresse zu.
</p></div></div>


</div>
</div></div>
<div id="postamble" class="status">
<p class="author">Author: Sebastian Meisel</p>
<p class="date">Created: 2024-02-29 Do 11:02</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
</html>