|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NetMAX DNS (Domains) SETUP HOW-TO GUIDE Description:
Revision Date: 4/25/01 Requirements:
Let's start with the main NetMAX interface and some of its features. We start from the Home page as displayed after logging in to the NetMAX web based interface. You should see something similar to the following screen shot: (Note: depending on what version of the NetMAX you have, some features may not be present.)
Throughout this document you will notice that we have placed letters, number and arrows next to important menu items in the diagrams for easier reference. You will not see these references in your actual interface. Here are brief descriptions of what each menu item does: A) PERSONAL: This is where all the local NetMAX user's can access and display their personal user information (home directory, file management, available shares). Remember, if you only have a FireWall product, this menu will have fewer items listed. This the first screen that is displayed after log in. B) USERS: Here is where users are created, modified and stored. This includes creating new users (FireWall products have one user, the administrator), groups and passwords. You can also change the user's home directory, what groups they belong to, permissions, enable email, and other miscellaneous user settings. Again, FireWall products will have very limited options here. C) SERVICES: This is where you set up subsystems like WWW (Apache), FTP, Proxy Server (Squid), Traffic Monitor, VPN (isakmpd), eMail (Sendmail), etc. Again, FireWall products will have limited options on configuring these services, though most of them will still be running, please see our FAQ for information on how these services can be shutdown from the command line. D) REPORTS: This should be your first place to look when troubleshooting a problem. Reports will give you the ability to check system logs, daemon logs, current users, proxy cache, alerts etc. Basically, this is where to go to find out how your system is doing or what, if any, problems there are. E) NETWORK: Just as the name implies, this is where to go to configure your NetMAX's network settings such as interfaces, and routing. You can set up the DNS server/resolver, firewalls, hosts for your DNS server, and advanced networking such as proxy ARPing, bridging, traffic rerouting, IP NAT, etc. F) SHARING: For those who have this option, it is a place to set up shares, add volumes (new drives), mount removable media (CD-ROM, floppy drives), and share printers. If you have this link, you might not have others inside, e.g. WebServer products will have Home|Sharing, but no Printer Sharing option inside. G) SYSTEM: This is for system changes only, i.e. Shutdown, Package Management (older versions have this under Home|Services), UPS support (again if available on your system). Back
to Top
SECTION 2. DOMAIN NAME SERVER - THE READERS DIGEST EXPLANATION This guide is intended for instruction to configure domains only. It assumes that your NetMAX has already been implemented, and the network functions are working properly. If your NetMAX is not set up correctly on the network, then you will need to do so before proceeding. If
you have the firewall product you should ensure that you have the "Firewall
Configuration" on all of your interfaces set to "None"
to test network functionality. After you have verified that your NetMAX
is properly configured, you can begin to design the "Independent
Configuration" of your firewall, if applicable. DNS (Short for Domain Name Service) is an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they are easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.netmax.com might translate to 192.168.0.0. The Internet runs on IP addresses. These are 32 bit addresses represented as 4 octets: e.g. 192.168.0.0 is really 11000000.10101000.00000000.00000000. Not very friendly is it? Most people do not talk or write things in binary, as numbers get long very fast, so the octet system is used to shorten the numbers into a more useable size. Each octet represents 8 bits of the whole 32 bits. That is why addresses only go as high as 255 (255base 10=11111111base 2). Every NetMAX product is running a DNS server. For the products that do not have firewall functionality, the DNS services are only for local NetMAX server functions and for identifying and addressing systems on the internal IP network. For products that include firewall services the DNS functionality can also include providing full Internet DNS services for it client devices (workstations, Hosts, etc.). After installing and configuring the basic NetMAX server you must enter the domain that the NetMAX is a part of. (Note: Do not confuse this with a Microsoft networking domain - one that uses a PDC, as this is different). Every computer, whether it is on the Internet or inside a local network is part of some domain. For example, your computer name might be joescomputer, but the full name is really something like joescomputer.intdomain.com. If it is in an internal domain only, then the "domain part" (intdomain.com) could be any name of your choice. Domains for computers on the Internet must be named what they are "registered as". How does this registration work? What exactly happens when you type "www.netmax.com" in your browser or telnet? Here are the steps: The first thing that happens is that the client (Host or client device) must resolve the domain name (i.e. netmax.com). The client sends a request to it's own identified DNS server. This may be the NetMAX (if you have the firewall or professional product) or your ISP's DNS server depending on how your network is setup.
Once the DNS server gets the request it will check it's cache first to see if it has the information stored there. If the name and address information is stored in it's cache it will answer with the IP address without checking with other DNS servers for the information. If the name is not stored in cache the DNS server will attempt to contact another DNS server to lookup the domain name. IF that DNS server does not have the information and has another DNS it can check, it will go and ask that DNS server for the information and so forth until a DNS server that does not have another DNS server to ask is reached. At that point the DNS will ask the ROOT servers. Note: This updating of information in each DNS servers local cache is why when you change your IP on the internet it make take 24-72 hours for the information to propagate through the internet. This basically means letting the DNS servers clear their cache of the old information and add the new Internet address information. In this example lets assume that it does not have this cached.
We will not go into great detail on these root servers, but basically these are the servers that are responsible for all domains on the internet, when you register a domain you are paying to have an entry in these servers. The root servers DO NOT STORE THE IP ADDRESS OF THE DOMAIN. Rather the record they keep basically states who is the authoritative DNS for that domain. That is why when you register your domain you must give them (the registrars) a DNS server for that domain. So when the DNS asks the ROOT servers they will get a response back similar to this (this has been simplified): Domain
Name: NETMAX.COM Notice that there is no place that it actually gives www.netmax.com's IP. ROOT servers will only give the authoritative name server for the domain, in this case netmax.com. So now the Client's DNS has the authoritative name servers IP's for the domain netmax.com. This means any requests it gets for anything in the NetMAX domain (ie. www.netmax.com, ftp.netmax.com, anything.netmax.com, etc.), it will ask either GATEWAY.CYBERNET.COM (192.245.33.1) or SPIFFY.CYBERNET.COM (192.245.33.55). So now it will ask 192.245.33.1 what IP is www.netmax.com:
Once gateway.cybernet.com gets this request it will then respond with the proper address. Because gateway.cybernet.com knows it is the authoritative name server it will never ask anyone else about the netmax.com domain. With that very brief DNS explanation out of the way lets look at how to configure domain on the NetMAX. Back
to Top
SECTION 3. DOMAIN CONFIGURATION As previously mentioned, the NetMAX products all run a DNS service. Only FireWall, VPN and Professional products can actually be used as a DNS server. This capability is setup through links under Home->Network (click on the Network link from the first NetMAX screen diagram 1-1 that was shown):
Here is the Network screen and the links that pertain to domain set-up. Again you might not have all the links that are shown or even all the links that have been marked (like machines). Below is a brief explanation on what each link is for. We will go into more detail of each link later. A) Domains - This is where it all begins. This is where you enter the Domain information whether or not the NetMAX is authoritative for that domain. It is required though that at least one domain be listed there. This is necessary to configure the NetMAX, even if you only have the File Server product you will need to have a domain listed. B) Naming - In a typical URL for example, www.netmax.com, there are several different parts. Netmax.com is what is called the domain name, www is referred to as the host name for that computer. So the web server that is hosting www.netmax.com has a host computer named "www". To enter these host names for the NetMAX itself (i.e. what the NetMAX computer will be called) you would click on naming. C) Machines - Basically the same as naming except this is where you would give host entries for machines other than the NetMAX. If you are using the NetMAX as a DNS server and another computer or another IP (other then the one(s) assigned to the NetMAX) has the name "www", this is where you would go to enter this. It most cases you will not need this. D) DNS - The reason this is highlighted in red in the figure is that this really has nothing to do with setting up a domain on the NetMAX. The name might be a little misleading but it real purpose is to set-up a DNS client for the NetMAX, i.e. where the NetMAX will look to for domains it is not authoritative for. This is where you would enter your ISP's DNS just like you would for any other client on your network. The first place to start the configuration is in the Domains link as everything is based on what is entered there. All NetMAX products will have the Domains link. Click on the Domain link (A) to go to the next page. Once you have clicked on the Domains link (Home->Network->Domains) you should see something like this:
This is a list of all domains entered on the NetMAX. This screen will list all the currently entered domains; you will always have at least one domain listed here. Right now we will create a domain and we will assume that this domain is a "real" (Internet) domain, we will use the domain netmax.com as an example, your domain and information will be different. Click on the CREATE button. You now see this screen:
Your screen will have no information in it to begin with, but that will soon change. Lets take a look at what each one of these fields are and what you enter into them. First you should notice that there are three tabs located at the top of the screen: 1) GENERAL - This is where you enter general information for the Domain, like the name and the responsible person for that domain. This is where you also enter the Primary IP for the domain, we will get to what this means shortly. 2) NETWORKING - This is where you enter the network information for DNS for this domain. Remember we are setting up a domain so most information on these tabs is regarding DNS information only! 3) MAIL - This tab is for setting up mail information, again DNS information (i.e. MX records) Now lets look at the item on the GENERAL tab. A) Domain Name - This is where you would enter the actual domain name. Remember if you are setting up a Web server and it will be named something like www.mydomain.com only "mydomain.com" is the domain name: "www" is the host name and will be enter under Home->Network->Naming. We will cover this later. B) Email Address of Responsible Person - This will add an entry in the DNS record. People will see this if they do the proper inquiry about your domain. C) Primary IP Address - This is the IP address that should resolve if some one looks up the domain. Just the domain, in other words if you resolved just netmax.com (notice there was no host name), what would it resolve too. D)
Netmask - The notation here is for
the bit representation, this was explained in the previous page. Basically
this is the number of zeros in the mask bit representation. Note: The mask is for how many IPs are under this domain not what your ISP gave you!!!! So if the NetMAX domain encompassed an entire class c domain then it would be /24. In the case where this it is just one IP, then it would be /32. E) Actions - This button adds this address to the domain. You click on the "+" sign to add the IP. Once you have added the IP it will be listed like you see on the screen shot. If this domain will resolve to multiple domains then DNS will "round robin" between them. Though these are not related to configuring the Domain, it would be good to look at them now: F) ? (help) - This button is available on every screen and by pressing it it will automatically give you help items regarding the screen you are on, as well as the ability to search or move to different section of the NetMAX help system. G) STORE - Once you have entered all (in all three tabs) the information for the Domain you would need to click on this. If you do not, you will have to re-enter everything again. After which you will be brought back to the network menu screen, you will notice that the commit light is blinking indicating that you have stored but have not committed. Once committed the changes will be applied to the system. Now lets click on the Network tab. You will only be able to go to this screen if you have entered all the information on the first screen (the GENERAL TAB). Here is the screen you should see on the NETWORK tab:
Here is what should be entered in each one of these fields: A) Act as the Primary Name Server for this Domain - You only want to check this if the NetMAX is going to be the Authoritative DNS for this (in this case netmax.com) domain. If you told your domain register that this is your name server, then check this box. Note: If you check this and the NetMAX is not the Authoritive name server then you will not resolve any names in this domain!! (only Firewall products and Professional Suite will have this option). B) Additional Name Servers for this Domains - This is where you will be entering the additional authoritative name server for this domain. This may or may not be the same one your ISP gave you! The NetMAX will automatically fill in the FQDN (Fully Qualified Domain Name) for the DNS server as you click the plus on the IPs. If you are not getting the FQDN then either the DNS servers are not responding properly or your NetMAX can't connect to them. Again you will need to check this with your registar as to who is listed as Authoritative, or check yourself through nslookup tools. Notice how in this example we entered the name servers that came up when we did the DNS inquiry for the netmax.com domain in the previous page. C) Networks allowed to perform Zone Transfers - This will bascially allow DNS servers to transfer "zones" (basically domain information) between them. Both servers must be set-up to allow the other to do this. If you are not familiar with this, you should leave this blank. At this point we have set-up the domain in the NetMAX properly for the netmax.com domain. You will notice that almost all the information came from the DNS lookup we did on the NetMAX domain. Lets click on the MAIL tab for setting information on mail for this domain:
This is where you would enter the mail information of the domain (i.e. MX records): A) Handle Mail For This Domain - By checking this you are indicating that the NetMAX is acting as a mail server and if it receives mail for this domain it should except it. If you have set the NetMAX up as the authoritative DNS for this domain, it will generate an MX record for mail servers to point to the NetMAX. NOTE: This will only generate a MX record. If you want to accept MAIL you MUST also choose the option below that will add the entry to Sendmail for this domain. Consider all mail local for this domain - This sub option means that if your NetMAX (which is acting like a mail server if you have this checked) has a name like mail.netmax.com then by just checking the first option it will only accept mail for mail.netmax.com (i.e. joe@mail.netmax.com). If you check this option it will allow mail for both mail.netmax.com and netmax.com (i.e joe@mail.netmax.com AND joe@netmax.com) so in most cases if you are running a mail server on the NetMAX you would want to check this. (This will add the entries necessary to receive mail through Sendmail). B) Route mail for this domain to different machine - If the NetMAX is not going to be the mail server, you can either enter the machine name or the FQDN (see above) of the mail server that will handle the mail for this domain. In our example we use a different mail server so for the netmax.com domain you would enter mail.cybernet.com . C) Additional Mail Exchangers - This will add additional name servers to the MX record and set preferences by 10 (i.e. first MX record will be preference =0 , next one will pref=10, then pref=20 etc.). You can set this regardless of whether you picked A or B above. Once you have entered this information in, click on the STORE then click on COMMIT, then COMMIT again (to actually commit the changes). Once the commit is done you have successfully added your domain!!! You have just identified a domain. Nothing else has been done including making the NetMAX part of the domain. Now you can place the NetMAX in that domain and add machines (other hosts beside the NetMAX). If you are planning to add the NetMAX to this domain continue below. Otherwise you are done! Back
to Top of the Document
SECTION 4. ADDING THE NetMAX TO THE DOMAIN Now
that you have created your domain, if you plan on having the NetMAX
host a web site, mail, ftp or need to tell the NetMAX it is in a domain,
you need to give it a host name. In the previous example we used netmax.com
as our domain. We will set-up host names for the domain using that same
example. By giving the NetMAX the host name "www" we would
create the machine called www.netmax.com. Lets take a look at how to
do this.
You should see at least one name in here from the initial commit. The top name listed is what the NetMAX considers it's primary name (what it will call itself if anyone logs in). Lets assume that you are going to set-up a web server. First you click on the CREATE button. You should now see this screen:
Here are the different parts of the name: A) Host Name - This is where you would enter the hostname for the NetMAX, so for a web server you would more than likely call it "www", you don't have too but this is common practice. B) Domain Name - This pull down is getting it's information directly from what is listed under Home->Network->Domain. That is why we completed the Domain section first. It is crucial that the right information is entered under domains. For example if you enter www.netmax.com instead of netmax.com under domains and then enter a host name of www you will actually be creating www.www.netmax.com! C) IP Address - Again this is crucial that you enter the correct IP here, for everything from traffic re-routing to the web and email servers. If you are providing services for the external IP then you MUST have the External IP here, this information is coming directly from Home->Network->Interfaces (all the IPs you have listed there). Once you have entered the proper host name click on RETURN in the upper right hand corner of the screen. This will bring you back to the naming list with your new name being listed:
Again the first name listed is what the NetMAX will consider your primary name. There may be instances where it is critical to have a specific host name listed first as the primary. An example of this would be a mail servers SMTP functions. If some one were to connect to this machines SMTP server the reply would look like this: 220 skywalker.netmax.cybernet.com ESMTP Sendmail 8.11.0/8.11.0; Wed, 21 Mar 2001 16:24:24 -0500 Lets assume for our example that www.netmax.com is our mail server. Because skywalker.netmax.cybernet.com is the first name listed, there is the possibility that the requesting SMTP mail server may be confused by the response that it receives. This does not mean that mail will not work, however if the other SMTP server is expecting something else it might cause problems. You can only have one primary name, so pick the one you want the NetMAX to respond as when someone connects to it. The order in which the servers are listed can be re-arranged by using the arrows pointed to in diagram 1-9. With this you can move the names to whatever order you want, the arrow pointing up with a bar going across it will bring that name to the top. Once this screen is configured the way you want it, click on STORE then COMMIT then COMMIT again to apply these settings to the system. You can add as many name as you want, so to add mail.netmax.com you would follow those steps outlined above etc. It is always a good idea to give these names even if you are not the authoritative name server (and for the reason mentioned above with SMTP) for this domain, but it will be imperative to have them if you are authoritative. Of course if you plan to set-up mail and web on the NetMAX you will also have to have these names as they (the NetMAX web and mail servers) get their information from here. That is all you need to do add host names to the NetMAX! Otherwise you are done! Back
to Top of the Document
SECTION 5. ADDING OTHER MACHINE NAMES TO THE DOMAIN We are now going to set-up host names for machines other than the NetMAX. To add hosts in the already created domain go to: Home page ->Networks->Machines. Note: Only Firewall products and Professional Suite have this capability. Below is the Machines screen: Note: If you only have one domain listed in home->networks->domains you will not get this screen. Instead you will get the screen following this - diagram 1-11.
You will notice that it will list all the domains you have entered under Home->Network->Domain. We are now going to enter the individual hosts (machines) under one of these domains. In this case we want to enter a host under the NetMAX domain. Click on the "netmax.com". Again remember if you only have one host listed under Home->Network->Domain then you will NOT get this screen instead the NetMAX will assume that you mean the only domain it knows about and will take directly to the next screen shown here (Diagram 1-11).
If you notice there are no machines listed, not even the NetMAX even though we added it under Home->Network->Naming. This page will ONLY list other machines not the NetMAX itself. It is ONLY listed under naming page. We want to add the Host "ftp" to the netmax.com domain. If you want to re-route traffic or if you are the authoritative name server you will need to have this entry if you want people to be able to resolve "ftp.netmax.com". If you are not the authoritative name server this might not be necessary, since no one will ask this NetMAX about the netmax.com domain. Lets create a machine. Click on the CREATE Button and you should now get this screen:
We have again placed letters or numbers next to each menu choice in the diagram 1-12, to make things easier to reference. You will not have these letters in your interface. There are some tabs listed on the top of the screen we have marked. Lets just briefly review the tabs: A) GENERAL - This is the basic information of the Host you are entering for this domain. In most cases you will only need to enter information on this screen. B) ALIASES - This is where you enter another name for the same host. If "ftp.netmax.com" is the same machine as "ftp2.netmax.com" you enter ftp2 under ALIASES. C) MAIL - The mail forwarding address specified here is used only is special cases when the specified machine cannot accept mail sent using the SMTP (Simple Mail Transfer Protocol). Note: do not confuse this with re-routing mail. This is for actual machines not individual users. D) GROUPS - Just like users, machines (hosts) can also be linked or "grouped" together for easier reference. Now let's take a look at the Options for the GENERAL tab: 1) Name - This is the actual name of the host we wanted to add to the "netmax.com" domain. The name of that host in this case is ftp (i.e. ftp.netmax.com). 2) Type - This is the type of host we want this to be:
3) Description - This is the description of the host. You would enter a description here for reference only. 4) Email Address of Responsible Person - When a record is made for this host it will add this as the email contact. 5) MAC Address - If the network device is running, the NetMAX server will determine the MAC address and display it, otherwise you will see n/a. The MAC address is not required to add the device to the network, but may be required by the DHCP Server. In general you will not use this. 6) IP Addresses - This is where you would enter the IP address of this host machine. In our example we will use the IP for ftp.netmax.com. NOTE: If you are not the authoritative name server, when you clicking on IP address lookup the NetMAX will actually do a DNS lookup of the host with the domain, i.e. ftp.netmax.com. If no response comes back you will not get an IP. Also this IP MUST be in the domain as you specified it under Home->Network->Domains, otherwise you will get an error. For example if you chose /32 (only one IP) as the netmask, you will not be able to enter any other IP as you defined the domain to only include one IP. 7) Restrictions - These will actually generate firewall rules to stop traffic as described in the choices:
This sets up the basics for adding another machine host in the domain. The other tabs listed here are for extra features and are fairly simple. Click on the ALIASES tab:
This is where you would enter any aliases, for example if this host was also called ftp2.netmax.com then you would enter ftp2 and click on the "+". This would add cname, alias, record for this host. Click on the MAIL tab.
If there was SMTP traffic headed to this host and was not able to get to it, then the NetMAX would try sending it to any other hostname listed here. Note: Please do NOT confuse this with forwarding email for a domain or user. This is done under Home->Services->Mail, NOT here. This option is used only in specialized cases for machine traffic forwarding. Typically you will not use this so do NOT enter anything in here. Click on the GROUPS:
If you have entered Machine Groups under Home-.Network->Machine Groups, then you will be able to select the machine groups that you want this machine to be a part of. This is just for reference only to help you better keep track of the machines on the NetMAX. Once you have entered all the configuration information, click on STORE then COMMIT then COMMIT again. You
have successfully set-up a domain, a host for that domain and the NetMAX
as a machine on that domain. That is all it takes to set-up the DNS
server on the NetMAX!!! |
All
NetMAX materials are copyright, Cybernet Systems Corporation. Copyright
Notice 
