SDI exercises related DNS server

In this part you'll transfer your current DNS configuration to a dedicated MI nameserver nssdi.mi.hdm-stuttgart.de. This one being connected to the global DNS system allows for publishing your records worldwide.

Figure 975. Subdomain per group Slide presentation

  • Dedicated lecture related DNS server ns1.sdi.hdm-stuttgart.cloud.

  • One subdomain per group e.g. g03.sdi.hdm-stuttgart.cloud corresponding to group 3.

  • Zone edits require a subdomain specific hmac secret key being provided as dnsupdate.sec file in your personal group entry below the SDI course: 

    hmac-sha512:g03.key:I5sDDS3L1BU...

    Note

    The per zone secrets are being created using tsig-keygen. Value appearing here do not reflect production settings.

  • Edits become globally visible. Mind the TTL setting: A higher value means you'll have to wait longer until updates become visible.


Figure 976. Key file location Slide presentation

Key file available in your working group below 113475 Software defined Infrastructure.


Figure 977. Querying DNS by zone transfer Slide presentation 
$ export HMAC=hmac-sha512:g03.key:YXWSeh3l... 
$ dig @ns1.sdi.hdm-stuttgart.cloud -y $HMAC -t AXFR g03.sdi.hdm-stuttgart.cloud 
...
g03.sdi.hdm-stuttgart.cloud. 10 IN      SOA     ns1.g03.sdi.hdm-stuttgart.cloud. goik.hdm-stuttgart.de. 2024051551 10 10 10 10
g03.sdi.hdm-stuttgart.cloud. 10 IN      NS      ns1.g03.sdi.hdm-stuttgart.cloud.
g03.sdi.hdm-stuttgart.cloud. 10 IN      TXT     "Hello Nerds, how are you going? :-)"
ns1.g03.sdi.hdm-stuttgart.cloud. 10 IN  A       195.201.113.223
g03.sdi.hdm-stuttgart.cloud. 10 IN      SOA     ns1.g03.sdi.hdm-stuttgart.cloud. goik.hdm-stuttgart.de. 2024051551 10 10 10 10
...

See AXFR for details.


Figure 978. Creating an A record Slide presentation 
export HMAC=hmac-sha512:g03.key:YXWSeh3l... 

$ nsupdate -y $HMAC
> server ns1.sdi.hdm-stuttgart.cloud
> update add www.g03.sdi.hdm-stuttgart.cloud 10 A 141.62.75.114 
> send
> quit
$ dig +noall +answer @ns1.sdi.hdm-stuttgart.cloud www.g03.sdi.hdm-stuttgart.cloud
www.g03.sdi.hdm-stuttgart.cloud. 10 IN  A       141.62.75.114
$ dig  +noall +answer @8.8.8.8  www.g03.sdi.hdm-stuttgart.cloud
www.g03.sdi.hdm-stuttgart.cloud. 10 IN  A       141.62.75.114

Figure 979. Modify by delete/create Slide presentation 
$ nsupdate -y $HMAC
> server ns1.sdi.hdm-stuttgart.cloud
> update delete www.g03.sdi.hdm-stuttgart.cloud. 10 IN  A       141.62.75.114
> send
> quit
>
$ dig  +noall +answer @8.8.8.8  www.g03.sdi.hdm-stuttgart.cloud
$

Note

Examples at DNS Updates with nsupdate


Due to caching it'll however take up to you SOA or record specific settings for this deletion to be reflected globally. The subsequent query result indicates another 7069 seconds to go before issuing the next update: 

goik>dig +noall +answer  vm2.g03.sdi.hdm-stuttgart.cloud
vm2.g03.sdi.hdm-stuttgart.cloud. 7069 IN A	141.62.75.114

exercise No. 5

Enhancing your web server.

Q:

Enhance your web server from Improve your server's security! by:

  1. Providing a proper DNS name e.g. http://www.gXY.sdi.hdm-stuttgart.cloud.

  2. Configuring TLS allowing for e.g. https://www.gXY.sdi.hdm-stuttgart.cloud.

    Tip

    You may follow How To Secure Nginx with Let's Encrypt on Debian 11.

    Caution

    Avoid becoming a Letsencrypt rate limit victim. Letsencrypt's staging environment is far more lenient with respect to e.g. a failed validation limit of 60 per hour versus 5.

    After successfully creating and installing a Letsencrypt staging certificate you should then be able to create your »real« certificate without further problems.

Prev  Up  Next
Hetzner cloud administration GUI  Home  Working with Terraform