Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

using the dns/dhcp administrative interface - OIT Help

advertisement 
USING THE DNS/DHCP ADMINISTRATIVE INTERFACE Last Updated: 2012-3-5
Using the DNS/DHCP Administrative Interface TABLE OF CONTENTS When is registration needed? What about the zoned network? .............................................................................................................. 3 What about guests? ................................................................................................................................................................................... 3 Explaining split horizon DNS ...................................................................................................................................................................... 3 Accessing the DNS/DHCP administrative interface.................................................................................................................................... 4 The home screen ....................................................................................................................................................................................... 5 Static host entries vs. roaming host entries............................................................................................................................................... 9 Creating a roaming host entry ................................................................................................................................................................... 9 Creating a static host entry with static DHCP .......................................................................................................................................... 14 Using search ............................................................................................................................................................................................. 21 Appendix A: Temporary network registration while zoned network is rolled out to campus................................................................. .22 Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 2 of 23
Using the DNS/DHCP Administrative Interface WHEN IS REGISTRATION NEEDED? WHAT ABOUT THE ZONED NETWORK? The University of Notre Dame’s network infrastructure is amidst many changes to improve both the security and reliability of its network services. During this transitional period, there will be slight differences in the user experience between various network mediums. This transitional period is required in order to ensure the availability of legacy networks and services while OIT deploys the Zoned Network project and finalizes ND‐secure and ND‐guest wireless networks. When connecting a new device to a legacy network (Nomad or legacy wired connections) users will continue to experience a mandatory registration process. This will provision their device for use on all legacy networks, but will not register them a hostname (i.e. yourmachine.campus.nd.edu). Users connecting to the new networks (ND‐secure, ND‐guest, or Wired Zoned networks) will authenticate to the network in order to achieve access. Authentication will occur via various methods including: captive portal, 802.1X, Cisco Clean Access agent. Users on these networks will also not automatically be given a hostname. Once a user has connected to one of the available campus networks, they can choose to request a hostname for their device. Users desiring a hostname for their machine can self‐register a hostname via https://webreg.nd.edu or by contacting their department IT staff or the OIT Help Desk at 574.631.8111 or oithelp@nd.edu. Registration Required
Network
Registration Optional
ND‐secure
X
ND‐guest
X
Nomad
Authentication Required
X (via 802.1X)
X (via web page or Cisco Clean Access Agent)
X
Wired Zoned Networks
Legacy Wired Networks
X
X (via web page or Cisco Clean Access Agent)
X
WHAT ABOUT GUESTS? Guests should use the ND‐guest network with an account authorized and created by an active faculty, staff, or student. Guests do not need to register their computers/devices or have static hostnames or IP addresses. Accounts can be created at https://guestaccess.nd.edu. You can find complete details about guest access at http://oit.nd.edu/guest. EXPLAINING SPLIT HORIZON DNS The Office of Information Technology is replacing its legacy DNS and DHCP infrastructure with an appliance based solution. The new infrastructure will provide the University’s networks with greater reliability and security, as well as providing resiliency in regards to disaster recovery. The new design will incorporate many industry best practices including an important methodology called “Split‐ Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 3 of 23
Using the DNS/DHCP Administrative Interface Horizon DNS”. Split Horizon DNS allows for the separation of DNS information based on the user requesting the information. In the case of a University, the DNS information available to the users on campus will be on separate hardware and contain separate information than the DNS information available to the Internet. This technology allows for University to properly protect it internal resources, while also providing the flexibility to deliver a service differently depending on a user’s location or affiliation. For more information regarding Split‐Horizon DNS, please refer to http://en.wikipedia.org/wiki/Split‐horizon_DNS or contact OIT Network Engineering. ACCESSING THE DNS/DHCP ADMINISTRATIVE INTERFACE 1. In a web browser, visit https://dnsadmin.nd.edu to access the DNS/DHCP production environment. The current version of Infoblox Grid Manager is web‐based user interface that replaces the previous java‐client‐based user interface. 2. Enter your NetID and password to login to Grid Manager. 3. Upon successfully logging in, you will be presented with the Home screen of the DNS/DHCP administrative interface. Note:  Javascript must be enabled on your browser for Grid Manager to function properly.  On Windows 7, Grid Manager supports IE 8.x, Firefox 3.6.x and 4.x, Chrome 7.x and 10.x. On Red Hat Enterprise Linux 6.x, Grid Manager supports Firefox 3.6.x and 4.x, Chrome 7.x and 10.x. On Mac OS 10.6.x, Grid Manager supports Safari 5.x, Firefox 3.6.x and 4.x, Chrome 10.x. For updated support information, please read “Infoblox NIOS Administrator Guide” (Page 19).  Infoblox strongly recommends that you do not log in to Grid Manager from different browser windows using the same user account. Depending on the browser you use, it may cache user information in one session and apply it to another session. This can cause inconsistent behaviors within the browser sessions. Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 4 of 23
Using the DNS/DHCP Administrative Interface
THE HOME SCREEN
1.
A typical layout of Grid Manager Interface is shown here. It identifies common elements of the interface and features
that you can use.
2.
Starting with version 6.3.x, the “Tasks Dashboard” is your home page on Grid Manager. It provides easy access to several
commonly performed tasks.
You may click on the “Status” Tab to go to “Status Dashboard” – the home page in version 6.2.x.
Last Updated: 2012-3-5
dns‐dhcp admin documentation.docx
Copyright © 2011 – University of Notre Dame ‐ Office of Information Technologies
Page 5 of 23
Using the DNS/DHCP Administrative Interface
3.
“Status Dashboard” provides access to the status of your Grid and networks.
4.
The “Dashboard” provides various widgets for viewing and managing data. You can select the widgets that you need and
configure them to provide relevant data. You may click “Add Content”, select and drag a widget to the desired location on
your “Dashboard”. You can also move a widget, by selecting and dragging it to its new location on your “Dashboard”. Grid
Manager saves your “Dashboard” configuration and displays it the next time you log in. For example, the “Grid Status”
widget provides status information about the Grid members and services. You may want to configure “My Commands”
widget to add a few frequently‐used commands to the widget. Note that you must have at least read‐only permission to the
objects that a widget displays. Otherwise, though you are allowed to select and place the widget on the “Dashboard”, it does
not display any information.
5.
“Data Management” tab provides navigation access point to view and manage IPAM (IP Address Management), DHCP, and
DNS data. The center part of Grid manager interface is called “Workspace” for you view and manage DNS and DHCP data.
Last Updated: 2012-3-5
dns‐dhcp admin documentation.docx
Copyright © 2011 – University of Notre Dame ‐ Office of Information Technologies
Page 6 of 23
Using the DNS/DHCP Administrative Interface 4. You can also see “Finder Panel”, “Toolbar Panel”, and “Help Panel” on Grid Manager interface.  “Finder Panel” provides tools of “Smart Folders”, “Bookmarks”, “Recycle Bin”, and “URL Links”.  “Toolbar Panel” provides easy access to commands.  “Help Panel” provides “Help” information about the window currently displayed, “Documentation” about latest version of Infoblox Administrator Guide, “Support” to Infoblox web site, and “About” to view the NIOS software version. 5. One useful tool in “Finder panel” is to create and use “Smart Folders” to organize your core network services data. See basic steps in the graph shown above. The important step is to choose proper filter to organize the data you need to manage. Each smart folder you create can contain up to 2,000 objects. When the number of objects exceeds 2,000, Grid Manager sorts and displays the first 2,000 objects only. It also displays a warning message at the top of the panel. In this case, you may want to redefine your filter criteria to further refine the filtered data in your smart folders. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 7 of 23
Using the DNS/DHCP Administrative Interface 6. You may use “Bookmarks” for easy retrieval of your data. Suppose you manage DNS zone of “cc.nd.edu”. To access data of “cc.nd.edu”, what you need to do are: click “Data Management” tab ‐> click “DNS” tab ‐> choose “ND Campus” view on the up left corner selection field ‐> click “ND Campus” under “Zone” and “DNS View” ‐> find “nd.edu” zone and click on it ‐> Click on “Subzones” (on lower left corner of “Workspace”) ‐> find “cc.nd.edu” zone and click on it ‐> click on “Records” and you will have access to records in “cc.nd.edu”. If you click on “Bookmark” icon, the “ND Campus‐>cc.nd.edu” object will be saved in “Bookmarks” under “Finder Panel”. You can create up to 500 bookmarks. Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 8 of 23
Using the DNS/DHCP Administrative Interface STATIC HOST ENTRIES VS. ROAMING HOST ENTRIES Static host entry – is an entry in DNS that maps a Fully Qualified Domain Name (FQDN) (hostname.domain.nd.edu) to an IP address for a given device. This is commonly needed when a device requires a specific IP address to be accessed by other devices in a given network such as a file server or web server. Roaming host entry – is an entry in DHCP that maps a given FQDN to a MAC address (00:11:22:33:44:55). This is commonly needed when a device requires a specific hostname to be accessed by other devices in a given network, but will be continuously changing IP addresses. A roaming host entry is also commonly referred to as a “Static Name.” Registering a roaming host entry will ensure that a FQDN will correspond to a unique device regardless of its network or IP address. This is the type of entry most devices at Notre Dame use. CREATING A ROAMING HOST ENTRY This is the type of entry most devices at Notre Dame use. 1. With Grid Manger open, from the “Data Management” tab, select the “DHCP” tab and click the “Networks” tab ‐> “Roaming Hosts". Then click on “+” (Add) icon to add a new roaming host. 2. Select “Add Roaming Host” on the dialog box, and click “Next” button. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 9 of 23
Using the DNS/DHCP Administrative Interface 3. On the next dialog box, enter in the specific FQDN for the roaming host entry in the Roaming Host “Name” field. In the “MAC Address” field, enter in the corresponding MAC address. 4. On the next dialog box, click the “Override” button in the “Domain Name” row. Enter just your domain (e.g., cc.nd.edu – NOT THE FQDN) in the “Domain Name” field. Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 10 of 23
Using the DNS/DHCP Administrative Interface 5. In the “Extensible Attributes” dialog box, fill in the NetID for the both “Admin” and “User” attributes. These are required fields and must be entered. Also, enter in the FQDN in the “Host” field. Then click “Save & Close” button. 6. To ensure dynamic DNS for your roaming host, go back to the list of “Roaming Host” and find the entry you just created. Then click on “Edit” icon. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 11 of 23
Using the DNS/DHCP Administrative Interface
7.
On the “Roaming Host” dialog box, toggle to “Advanced Mode”, then click on “IPv4 DHCP Options” tab.
8.
In the “Custom DHCP Options” field of “IPv4 DHCP Options” dialog box, choose “host-name (12) string” option, and enter the
host name of the roaming host. This field is necessary for correct DDNS configuration.
Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf
Copyright © 2012 – University of Notre Dame ‐ Office of Information Technologies
Page 12 of 23
Using the DNS/DHCP Administrative Interface
9.
Then click on “IPv4 DDNS” tab. On the next dialog box, click “Override” button to “DDNS Updates” and check “Enable DDNS
Updates” checkbox. Then click “Override” button to “DDNS Domain Name” and enter in the DDNS domain name. Click “Save &
Close” button.
10. Alternatively, you may use https://webreg.nd.edu site to register a roaming host.
Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf
Copyright © 2012 – University of Notre Dame ‐ Office of Information Technologies
Page 13 of 23
Using the DNS/DHCP Administrative Interface CREATING A STATIC HOST ENTRY WITH STATIC DHCP 1. There are two ways to find out available IP address for you to assign a static host entry. The first one is to start with IPAM. For example, you need to find out available IP address in 129.74.34.0/24 network. You can start from “Data Management” tab ‐> “IPAM” ‐> “ND Campus” view, and click on the network container of 129.74.0.0/16. 2. Then, view the “List” of 129.74.34.0/24 network. From the list of all IP address usage, you can pick and choose one “Unused” IP address for your new host entry. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 14 0f 23
Using the DNS/DHCP Administrative Interface 3. After you select an IP address, click on “+” (Add) ‐> “Host Record”. 4. The first step to “Add Host Record” is to click on “Select Zone” button. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 15 of 23
Using the DNS/DHCP Administrative Interface 5. In “Zone Selector” dialog box, enter the zone name, i.e. domain name, and click on “Go” button. Then click on “OK” button. 6. When you are back to “Add Host Record” dialog box, enter the specific hostname for the static host entry in the “Name” field. Then in the “MAC Address” field, enter the device’s corresponding MAC address. If you need to reserve the static IP address in DHCP service and to set dynamic DNS, check “DHCP” checkbox and select the row, and click on “Edit” icon to edit DHCP options. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 16 of 23
Using the DNS/DHCP Administrative Interface If the MAC address is not known, the device must be hard‐coded with its IP address since DHCP will not function for that device. If the IP address to be assigned is inside a DHCP range, you need to put MAC address as “00:00:00:00:00:00” to reserve the IP address. DHCP server will not hand out an IP associated with all‐0’s MAC as DHCP lease. 7. Let us return to the scenario that you check “DHCP” checkbox and edit DHCP options. The options for DDNS are “Domain Name” and “host‐name”. After entering those fields, click on “Save & Close” button. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 17 of 23
Using the DNS/DHCP Administrative Interface 8. Now we return to “Add Host Record” dialog box. Click on “Next” button. 9. The next step in “Add Host Record” dialog box is to enter Extensible Attributes of “Admin”, “Host”, and “User”. Then click on “Save & Close” button. Last Updated:2012-3-5
dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 18 of 23
Using the DNS/DHCP Administrative Interface 10. Alternatively, you can start with “Data Management” ‐> “DNS” until you reach the appropriate subdomain, i.e. subzone, that you would like to add a static host entry. Then select “+” (Add) ‐> “Host” ‐> “Host Record”. 11. In “Host Record” dialog box, you may choose “Add Address” if you know what static IP address will be assigned for your host entry, or you can choose “Next Available IP Address” to find out an unused IP address for your host entry. The rest steps and similar to steps 4‐9 above. Last Updated: 2012-3-5
dnsadmin_guide_v6.pdf
Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 19 of 23
Using the DNS/DHCP Administrative Interface 12. If an alias is required for the static host entry, find the host record, and click on “Edit” icon. 13. In the “Host Record” edit dialog box, click on “Aliases” button, click on “+” (Add) icon, enter in the corresponding alias for the static host entry, and click on “Save & Close” button. Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 20 of 23
Using the DNS/DHCP Administrative Interface 14. If you would like this record viewable from off‐campus, then you will also need to publish the record in the “ND External” view. Select “ND External” view, and repeat the same steps to add the static host entry. Please note that there is no DHCP for “ND External” view. USING SEARCH 1. With Grid Manger open, click on the “Global Search” icon on the far right of the toolbar. In the “Search” dialog box, you can enter any information you currently know about an entry including: MAC address, hostname, domain name, IP address, comment fields, User/Admin entries. You may also choose filter rule with selection of “Type”, operator, and attribute value to speed search. Optionally, click the ‘+” icon to add another rule. You can add up 10 filter rules. 2. From search results, you may select the entry, and click the “Edit” icon to modify the existing entry, or click “Delete” icon to delete the existing entry. At any point when you use Grid Manager Interface, you may click “Help Panel” ‐> “Help” to view information about the window displayed. For complete information about Grid Manager Interface, please read “Infoblox NIOS Administrator Guide” from “Help Panel” ‐> “Documentation”. Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 21 of 23
Using the DNS/DHCP Administrative Interface APPENDIX A: TEMPORARY NETWORK REGISTRATION WHILE ZONED NETWORK IS ROLLED OUT TO CAMPUS While the zoned network is rolled out to campus, users who are not yet on the zoned network will be required to register their computers as they have in the past. Please note: registration is ONLY REQUIRED if the computer or device is not on the zoned network or if a device is on the Nomad wireless network. Computers and devices on ND‐secure and ND‐guest wireless networks do not need to register. To register, users will need to launch a web browser, and they will be automatically redirected to the network registration site. After clicking Accept, people will need to login with their NetID and password. Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 22 of 23
Using the DNS/DHCP Administrative Interface After clicking Register, they will be shown a confirmation page. They must close and restart their browser, and then they can continue using the Internet as they normally would. Last Updated: 2012-3-5 dnsadmin_guide_v6.pdf
Copyright © 2012 – Uni versity of Notre Dame ‐ Office of Information Technologies Page 23 of 23
Related documents
DHCP Security Analysis
DHCP Security Analysis
PowerPoint Slides
PowerPoint Slides
Michael Moran bio - Notre Dame Club of Chicago
Michael Moran bio - Notre Dame Club of Chicago
Being the one eyed man
Being the one eyed man
Jonathon Brewis - Notre Dame Club of Detroit
Jonathon Brewis - Notre Dame Club of Detroit
What to Bring to UNDERC-West
What to Bring to UNDERC-West
A Practical Guide to Red Hat® Linux® College Edition
A Practical Guide to Red Hat® Linux® College Edition
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
Download
advertisement