Advanced Configurations
5.3 Support services
• Destination port: 443;
• Identifier: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);
NOTE: To route other services for the new internet access (local and remote port), the idea is the same.
5.3 Support services
5.3.1 LDAP
Figure 5.17: Support Services - LDAP
In this section is presented a list of the machines registered in the LDAP service of IPBrick. To insert a new machine in the LDAP domain of IPBrick is necessary to click Insert. It is also possible to Modify or Delete LDAP registers.
The insertion of machines in LDAP from here is useful, when there are IP networks different from the internal interface of IPBrick, since there is no need to indicate the IP.
5.3.2 DNS
DNS4 is a name resolution service in IP addresses and vice-versa, and it is im-plemented in IPBrick by the software Bind using door 53 UDP/TCP. The majority of queries consists of a simple UDP request by the client, followed by a UDP an-swer of the server. There are two situations where the TCP is used: when the data to be sent by the user exceed 512 bytes or at the transference of zones. Some op-erating systems (HP-UX, for ex:), even adopt DNS implementations always using TCP, thus increasing reliability. The service acts like a database with information about the connections of a IP network, and that information is organized into domains. The used notation represents FQDN5:
servername.company.region
Being the ”servername.company.region” the FQDN, the ”company.region” des-ignated as the domain, ”company” the sub-domain and ”region” the top domain (Top Level Domain), which is administrated by an entity denominated ICANN6. A DNS server generates a database about a certain part of the domain, what is normally designated by zone, and there are two types of servers:
• master: It obtains the data from a zone which it manages from its own database;
• slave: It obtains the data from the primary master, existing one or more in a network. Whenever there are changes in the configuration of the areas served by the master, this server is always notified, proceeding to the update of database.
The DNS server allows the resolution of names in a reverse mode, that is, an-swer with the name - FQDN from a certain IP address. This device allows the confirmation of the authenticity of an IP address, important aspect in the email service.
Presentation This is the main section of DNS configuration. Here you can manage the domains served by the machine and change the machines, alias (CNAME) and the MX7 registrations.
Top Menu Here you have a link to Insert a new domain (Figure 5.18)
Body Here you have a list of several forward and reverse name resolution zones registered in IPBrick. You can access the interface management of these areas by clicking on one of them. (Figure 5.19 and Figure 5.20)
5.3 Support services 189
Figure 5.18: Support Services - DNS - Name resolution zones
Domains Insert Zones
Top Menu Here you have a link to get Back to the previous list and cancel the current process of introducing a new zone.
Body Here you see a register form for forward and/or reverse name resolution zones. You find the following fields:
1. Domain name of the new registration; e.g. empresa.pt; porto.empresa.pt;
acme.inc;
2. Network the associated IP network for which you are going to create regis-trations of reverse name resolution PTR8;
3. Zone type field that allows you to create a master or secondary zone. A secondary zone is a copy of another DNS server master zone;
4Domain Name System
5Fully Qualified Domain Name
6Internet Corporation For Assigned Names and Numbers
7Mail Exchange record - used to indicate the e-mail servers of a domain
8Pointer
4. Server name of the machine that will serve9this domain (e.g. ipbrick.domain.com) (this field is only applied on master zones);
5. Email e-mail of the responsible for this domain. This e-mail is registered in the DNS under the name of the responsible technician for this domain (this field is only applied on master zones);
6. Refresh time he time of a secondary zone to see if there are any changes in the master zone (this field is only applied on master zones);
7. Transfer retry time the time a secondary zone has to wait to retry the connection to the master zone, that is, if the last refresh was unsuccessfully (this field is only applied on master zones);
8. Expiry time the time a secondary zone has to consider the dates of a zone as valid since the last successful refresh (this field is only applied on master zones);
9. Default time-to-live the time in which the other DNS servers have to consider the dates of this zone as valid (this field is only applied on master zones);
10. Master servers zone master server IP (this field is only applied on sec-ondary zones)
11. Insert Button Domains Management
Presentation In this section you control all DNS records of a selected zone.
Top Menu Here you have a link to get Back to the zones list and see dates of a selected domain. Here you can change or delete a domain registration.
Body Here you have a list of several DNS sections
1. Machines: Machines addresses in the current domain (name associated to an IP - machine). e.g.:
www -> 192.168.2.1
2. Aliases10: Alias registration for domain machines (this option is only avail-able for a forward name resolution zone) e.g.:
www2 -> www
9SOA - Start of Authority
10Alternative names
5.3 Support services 191
3. Name Servers registration of FQDN addresses of machines that serve this domain (DNS). e.g.:
domain.com -> www.domain.com
4. Mail Servers e-mail server registration for this domain. You can have sev-eral registrations each with different internal positive values. The values indi-cate which registration to use first. The registration with the lowest value is always the first one to be used. The value to be introduced here must always be the e-mail server FQDN, no matter if it is a server of the domain itself, like .domain.com., or an internet server, like mail.saturno.com.. This option is only available for a forward name resolution zone. For example:
20 mail.saturno.com 10 ipbrick.domain.com
5. VoIP Servers registration of VoIP servers for this domain. The value to be introduced here is the FQDN of the VoIP server, like for example voip.
domain.com. This option is only available for a forward name resolution zone. For example:
voip.domain.com
6. Instant Message Server: Prefix of the address for the instant message service.
Forwarders
If a DNS server receives a request for a domain which he neither serves nor has in cache, then the server has to forward this request to other DNS servers in the Internet. The forwarders should be the nearest ones, normally the DNS servers of ISP. If the forwarders field is empty the DNS still working because the server use the internet gateway to do the DNS search. If in the same network exists a IPBrick.I and a IPBrick.C, the IPBrick.I must have the IPBrick.C eth0 address in the forwarder field. Here you have the most appropriate interface to register the nearest DNS servers. (Figure 5.21).
Name Resolution
No matter if the DNS service is being executed or not in this server you can configure the server to handle its DNS requests in another server. You can apply this configuration to all server services (with the obvious exception of the DNS server which uses its forwarders for requests he does not know). In order to make the server use its own DNS you have to configure the IP address of the localhost11, 127.0.0.1 - by the way, its the default configuration. (Figure 5.22).
11local server
Figure 5.19: Support Services - DNS - Zone Management 1/2
5.3.3 DHCP
The DHCP12 service may be defined as a protocol of dynamic attribution of parameters for configuration of network and workstations (door 67 and 68 UDP), an evolution of the BOOTP protocol. Basically, a DHCP client sends a broadcast packet to a network asking an IP address, and it obtains an answer if there is a DHCP server active in the network. The server not only attributes it an IP but also: Network mask, route by default, DNS server and WINS server.
DHCP allows two ways of attributing the IP addresses:
• Address manual or reserve: there an association between the MAC address of a client machine and the IP address to supply, and that machine stays with that same IP address;
• Dynamic: the client obtains the address from a range of address previously defined by the IPBrick administrator, for a defined period of time;
NOTE: There is a mechanism that allows to have the DHCP server in a IP network distinct from the clients, this mechanism is known by DHCP relay. The DHCP relay is assured by an agent installed in the post(s) present in the remote
12Dynamic Host Configuration Protocol
5.3 Support services 193
Figure 5.20: Support Services - DNS - Zone Management 2/2
network(s), this agent receives the DHCP clients requests and routes them to the configured DHCP server.
Subnets
This menu permit the definition of subnets to be served and the parameters of the network configurations to attribute to the workstations. (Figure 5.23)
At top menu you have a link to Insert new subnets, configure Redundancy parameters and define General Options by default. (Figure 5.24)
At body you have a list of the inserted subnets. Each line is a link that opens a configuration form with options for each subnet. (Figure 5.25)
It allows the insertion of the subnet parameters, which shall be attributed to the clients:
• Network Address: It allows to indicate the address of the network and the respective mask;
• Dynamic addresses range: Which range of addresses is reserved to at-tribute the clients;
Figure 5.21: Support Services - DNS - Forwarders
• Clients mask: Mask of the network to attribute the clients;
• Broadcast address: Address of broadcast to attribute the clients;
• Default lease time: Default lease time during which the address can be lent;
• Max lease time: Max lease time of an IP address for the machines. This value surpassed, the IP address is renewed;
• Option Router: Address of the router which will serve as the default route (by default 192.168.69.199);
• DNS Servers: List (one per line) of the DNS servers to be used by the clients (by default ipbrick.domain.com);
• NetBios servers: List (one per line) of the NetBios servers to be used by the clients (by default ipbrick.domain.com);
• DNS domain: Name of the domain indicated to the clients (by default do-main.com).
5.3 Support services 195
Figure 5.22: Support Services - DNS - Name resolution
It allows the insertion of general DHCP parameters, which shall be attributed by default to the clients:
• Base domain: Domain where the DHCP is operating;
• DNS servers: DNS servers to be used by the DHCP server;
• NetBios servers: NetBios servers to be used by the DHCP server;
• Clients mask: Mask to be used by the clients of the DHCP service;
• Default lease time: Default lease time during which the ’lease’ of the address is valid for the clients;
• Max lease time: Max lease time of an IP address for the machines. When this value is surpassed, the IP address is renewed.
If you want the DNS Dynamic Update, it is necessary to choose ”Yes” in the respective box. This feature is used to update dynamically a machine IP in the DNS record if that machine is not registered with MAC address
Figure 5.23: Support Services - DHCP - Subnets
Presentation It is possible for a IP network to configure two DHCP servers, one as main (primary) server and the other as secondary. During the normal working only the primary server answers the requests, while the secondary one synchronizes its BD with the primary, if the primary fails the secondary shall assume its service.
Communication between the servers is made from the network ports which may be customized. One of the ports shall be attending the connections from the secondary server and the other one shall be attending the connections from the main server. (Figure 5.26)
Top Menu Here you have a link to get Back and Insert a new connection.
Body Body
The following fields are presented in the insertion of redundancy and fault:
• Name: Name of the redundant connection;
• Configuration: here you can see if the server is the primary or secondary DHCP;
• Local IP: Servers internal IP address;
5.3 Support services 197
Figure 5.24: Support Services - DHCP - General Options
• Local gate: Local gate where the service is running;
• Remote IP: Remote IP address from the server of the other extreme;
• Remote gate: Remote gate where the service in the other extreme is running;
• Max answering time: Max time that the DHCP server can wait for a mes-sage from the other peer. When that is out, the server assumes that the other has failed and assumes itself as the network DHCP server;
• Max Unpacked Updates: Max Unpacked Updates (BNDUPD) non-confirmed that the server can receive from other peer.
Machines
Presentation Here you see a list of the registered machines with their MAC ad-dresses in the DHCP service. You can register the machines in Machines Management (see section 3.2, page 18) or directly in this section (Figure 5.27).
Figure 5.25: Support Services - DHCP - Subnets Definition
Figure 5.26: Support Services - DHCP - Redundancy
5.3.4 ENUM
The ENUM13 service allows the mapping of telephone numbers (Rule E.164) in names associated to IP addresses, using an architecture based on the DNS
ser-13Telephone Number Mapping
5.3 Support services 199
Figure 5.27: Support Services - DHCP - Machines
vice. Those names may be from the protocol SIP, H.323, Email etc. In order to consult the DNS, ENUM inverts the telephone numbers, giving them the prefix e164.arpa. which is the root of the tree. This tree ´e delegated to all countries of the world taking into account their codes E.164. this way, the Portuguese delega-tion shall be the inverted 351 - 1.5.3.e164.arpa.
The ENUM zones may be defined in IPBrick where the research shall be made.
For that you have to click the connection Insert and insert the ENUM zone domain.
In Order is possible to define which are the priority zones where the research of numbers shall be made. In Figure 5.28 a list of the ENUM zones may be visualized.
Once the list of the ENUM zones is defined, where to search numbers, the ENUM may be used in VoIP routes. Next, an example is given:
1. In IPBrick.C - VoIP - Routes Management, there is a Output Route for Sip Servers - VoIPBuster.
There it is necessary to activate the option Activate ENUM Search in the Route Definitions;
2. A certain user of the network calls through the SIP/PBX to number +351253593112;
3. Automatically, a research is made in the ENUM zones specified in the present menu for 2.1.1.3.9.5.3.5.2.1.5.3.e164.arpa, in order to obtain the cor-respondence of that number in a certain IP address/name;
4. Supposing that the research results in the SIP address [email protected], a SIP call is made to the address [email protected];
Figure 5.28: Support Services - ENUM