SDI exercises related DNS server

In this part you'll transfer your current DNS configuration to a dedicated MI nameserver This one being connected to the global DNS system allows for publishing your records worldwide.

Figure 1005. Subdomain per group Slide presentation
  • Dedicated lecture related DNS server

  • One subdomain per group e.g. corresponding to group 7.

  • Zone edits require a subdomain specific hmac secret key being provided as dnsupdate.sec file in your personal group entry below the SDI course:



    The per zone secrets are being created using tsig-keygen. The value appearing here does not reflect a production setting.

  • Edits become globally visible. Mind the TTL setting: A higher value means you'll have to wait longer until error corrections become visible.

Figure 1006. Querying DNS zone Slide presentation
$ export HMAC=hmac-sha256:mykey.g7:YXWSeh3l... 
$ dig -y $HMAC -t AXFR 
... 86400 IN	SOA ... 5000 IN CNAME 5000 IN CNAME 5000 IN CNAME

Figure 1007. Creating an A record Slide presentation
export HMAC=hmac-sha256:mykey.g7:YXWSeh3l... 

goik>nsupdate -y $HMAC
> server
> update add 86400 A
> send
> quit
goik>dig +noall +answer 86400	IN A

This entry should now be globally visible:

>dig +noall +answer 7069 IN A
Figure 1008. Modify by delete/create Slide presentation
$ nsupdate -y $HMAC
> server
> update delete 3600 IN	CNAME
> update add 7200 IN	CNAME
> send
> quit


Examples at DNS Updates with nsupdate

Due to caching it'll however take up to you SOA or record specific settings for this deletion to be reflected globally. The subsequent query result indicates another 7069 seconds to go before issuing the next update:

goik>dig +noall +answer 7069 IN A