CS 480 M01 Fall 2022 - Homework Assignment #7

Points: 90 points total

In your report describe ALL relevant steps needed to accomplish the tasks below!

New virtual machine is ready for you for this lab assignment.
You should see it in VMware as yourcsusername_lab7_480fa22 once you connect to csvm3.cs.nmsu.edu .
The root's password is your standard root password.
The hostname of the new virtual machine as known by csvm3 is yournamelab7 and you can ssh into the new machine from csvm3 similar to
csvm3_prompt% ssh root@johnlab7

These are the IP addresses and host names:

	192.168.8.81    ariyalab7
	192.168.8.82    benjaminlab7
	192.168.8.83    hunterlab7
	192.168.8.84    joshlab7
	192.168.8.85    loganlab7
	192.168.8.86    marcolab7
	192.168.8.87    shannonlab7
	192.168.8.88    stephenlab7
	192.168.8.89    timothylab7
		

1. 5 pts: Install, if necessary, BIND, its documentation, yast2-dns-server (search for bind, named, dns, ...),
   and NFS server related packages (yast2-nfs-server, nfs-kernel-server )
2. 15 pts: Man Pages
   Read all man pages listed below (from sections 1 , 5, or 8; try the commands, look into the files, ... while reading) and in a short paragraph (3-5 lines per man page in your words - do not just copy parts of the man page) describe what is each of them for. Also, for the commands choose an extra option (not the help nor version options) and in few more lines describe situations in which you would use the selected option. In case of the commands with long man pages and many options, choose at least two extra options and describe situations in which you would use them.

   dig
   exportfs
   mountd
   named
   nsswitch.conf
   resolv.conf
   rpc (5)
   rpcbind
   rpcinfo
   showmount
   

3. 12 pts DNS configuration through YaST
   • Configure DNS server through YAST : Network Services -> DNS Server (you may need to restart yast first after installing yast2-dns) :
     • DNS Server Installation: Forwarder Settings with custom configuration and 192.168.8.1 as the static forwarder server
     • Add / Create two new master (primary) zones: cs480.cs.nmsu.edu. and 8.168.192.in-addr.arpa.   and modify them both so that
       • Your host will be the master server
       • Do not allow dynamic updates and disable the zone transport.
       • Use your host as the name server
       • No ACLs nor TSIG keys
       • Change the default TTL to two hours.
       • Add couple of A / PTR records (your host's names and addresses similar to ariya, ariyatemp, ariyalab6, ariyalab7, ... 192.168.8.11, 192.168.8.51, 192.168.8.71, 192.168.8.81, ...)
     • Make sure that named gets enabled, starts, and will always start after reboots
     • Make sure that firewall port is open
     • Set logging to log all DNS queries as well as zone transfers and updates through syslog
   • Make sure that named is running (and in your report describe how did you make sure )

4. 8 pts Check and explore your DNS server
   • Find out which DNS related files in /etc and /var/lib/named have been modified by yast when the DNS server was configured. What did you find? What can you learn from it?
   • Observe  /var/log/messages   :  
     • What DNS related info can you find in the file?
     • Does it show any errors?
     • Fix whatever is necessary to have named started without serious complaints.
       You do not need to worry about errors related to the fact that our virtual network is not connected to internet and therefore other dns servers cannot be reached and hosts cannot resolve.
       BUT for example "zone cs480.cs.nmsu.edu/IN: not loaded due to errors." is a serious problem that would need a fix.
     • If everything works correctly then you should see messages similar to these
       

       2022-11-18T14:50:26.320645-07:00 ivanlab7 named[2852]: zone 8.168.192.in-addr.arpa/IN: loaded serial 2022111800
       2022-11-18T14:50:26.320880-07:00 ivanlab7 named[2852]: zone cs480.cs.nmsu.edu/IN: loaded serial 2022111800
       

   • What file/s contain/s the actual records?

5. 8 pts Add A and PTR records manually
   • Make all other changes necessary to make your computer the authoritative name server for the cs480.cs.nmsu.edu domain and to respond correctly to clients providing the right A and PTR responses for all hosts on our network = the 4 host names listed above (ariya, ariyatemp, ariyalab6, ariyalab7) for each host on our virtual network (itest,ariya, benjamin, ...)
     (to accomplish this it may be fastest to extract the names and IP addresses from /etc/hosts file and add them to the right DNS files with a simple script )
   • Query your server using the dig command and make sure that it responds correctly for both A and PTR queries. List the commands including all options in your report.
   • Describe the whole process above in your report (what did you do, commands & options used, list and / or discuss the outputs you've got, modifications to config files made, problems encountered and solved, ....)
6. 2 pts: Stop and Disable firewalld Service.
7. 20 pts: NFS Server
   
   • Export /extra/cs480/forall directory
     Use YaST / NFS Server to start NFS server and export /extra/cs480/forall (keep the default options : localdomain for NFSv4, read only, root squash, ..) to all IP addresses on 192.168.8.0/24 subnet (only to this subnet - do not export it to other hosts or networks) .
   • To check that your nfs server is running you may check its status with systemctl and also your processes with ps and should see something similar to this:

     	# systemctl status nfs-server
     	...
     	# ps aux | egrep '(nfs|rpc|map)'
     	rpc        2094  0.0  0.3  65912  6264 ?        Ss   15:31   0:00 /sbin/rpcbind -w -f
     	statd      2112  0.0  2.6  99076 51948 ?        Ss   15:31   0:00 /usr/sbin/rpc.statd
     	root       2113  0.0  0.0      0     0 ?        I<   15:31   0:00 [rpciod]
     	root       2117  0.0  0.0  15800   180 ?        Ss   15:31   0:00 /usr/sbin/rpc.idmapd
     	root       2119  0.0  1.2  74968 25292 ?        Ss   15:31   0:00 /usr/sbin/rpc.mountd
     	root       2128  0.0  0.0      0     0 ?        S    15:31   0:00 [nfsd]
     	root       2129  0.0  0.0      0     0 ?        S    15:31   0:00 [nfsd]
     	root       2130  0.0  0.0      0     0 ?        S    15:31   0:00 [nfsd]
     	root       2131  0.0  0.0      0     0 ?        S    15:31   0:00 [nfsd]
     	root       2153  0.0  0.0   7680   844 pts/0    S+   15:32   0:00 grep -E --color=auto (nfs|rpc|map)
     

   • Test your NFS server from your own host simlar to this:

     	ivanlab7:~ # showmount -e ivanlab7
     	Export list for ivanlab7:
     	/extra/cs480/forall 192.168.8.0/24
     	ivanlab7:~ # mount ivanlab7:/extra/cs480/forall /mnt
     	ivanlab7:~ # ls -al /mnt
     	total 8
     	drwxr-xr-x 3 root   root  4096 Nov 18 16:11 .
     	drwxr-xr-x 1 root   root   146 Aug 15 09:28 ..
     	drwx------ 2 jclass users 4096 Nov 18 16:02 jclass
     	ivanlab7:~ # touch /mnt/sdfeaf
     	touch: cannot touch '/mnt/sdfeaf': Read-only file system
     	ivanlab7:~ # touch /extra/cs480/forall/sfaefq
     	ivanlab7:~ # ls -al /mnt
     	total 8
     	drwxr-xr-x 3 root   root  4096 Nov 18 16:12 .
     	drwxr-xr-x 1 root   root   146 Aug 15 09:28 ..
     	drwx------ 2 jclass users 4096 Nov 18 16:02 jclass
     	-rw-r--r-- 1 root   root     0 Nov 18 16:12 sfaefq
     	ivanlab7:~ # rm /extra/cs480/forall/sfaefq
     	ivanlab7:~ # umount /mnt
       

   • You may NOT use yast nor yast2 to accomplish the following NFS related tasks.
   • Create /extra/cs480/roots_export directory and modify the server's configuration in such a way that
     • the /extra/cs480/forall directory can be mounted read/write from other computers on the cs480 network (192.168.8.0/24)
     • only lbc and your lab6 VM (the one that you used for previous assignments) should be able to mount and have root access to the /extra/cs480/roots_export directory
   • Use your other hosts (yournamelab6 , yournamemid) and make sure that it works:
     • On your lab7 computer create a subdirectory under /extra/cs480/forall owned by one of the users from your other VM (lab6).
     • On your lab6 and midterm computers add your lab7 machine into /etc/hosts , mount this new directory, and check that non-root user (with UID != 0 ) can create new files there.
     • Do similar tests for root (root on the lab6 computer will have root access into mounted lab7:/extra/cs480/roots_export BUT root on your midterm computer will not have the root access into the directory)
     • Example:

       ivanlab6:~ # mount ivanlab7:/extra/cs480/forall /mnt
       ivanlab6:~ # mkdir /mnt2
       ivanlab6:~ # mount ivanlab7:/extra/cs480/roots_export /mnt2
       ivanlab6:~ # ls -al /mnt
       total 8
       drwxr-xr-x 3 root root  4096 Nov 18 16:13 .
       drwxr-xr-x 1 root root   210 Nov 18 15:51 ..
       drwx------ 2 jclass users 4096 Nov 18 16:02 jclass
       ivanlab6:~ # ls -al /mnt/jclass/
       ls: cannot open directory '/mnt/jclass/': Permission denied
       ivanlab6:~ # touch /mnt/rootsfile
       touch: cannot touch '/mnt/rootsfile': Permission denied
       ivanlab6:~ # su - jclass
       jclass@ivanlab6:~> cd /mnt/jclass/
       jclass@ivanlab6:/mnt/jclass> touch js_file
       jclass@ivanlab6:/mnt/jclass> ls -al
       total 8
       drwx------ 2 jclass users 4096 Nov 18 16:26 .
       drwxr-xr-x 3 root   root  4096 Nov 18 16:13 ..
       -rw-r--r-- 1 jclass users    0 Nov 18 16:26 js_file
       jclass@ivanlab6:/mnt/jclass> logout
       ivanlab6:~ # ls -al /mnt2
       total 4
       drwxr-xr-x 2 root root 4096 Nov 18 15:34 .
       drwxr-xr-x 1 root root  210 Nov 18 15:51 ..
       ivanlab6:~ # touch /mnt2/roots_file
       ivanlab6:~ # ls -al /mnt2
       total 4
       drwxr-xr-x 2 root root 4096 Nov 18 16:27 .
       drwxr-xr-x 1 root root  210 Nov 18 15:51 ..
       -rw-r--r-- 1 root root    0 Nov 18 16:27 roots_file
       					

     • What files did you modify, how ?
     • Describe all other relevant steps that you made.

   Submitted files, overall quality, length, and feedback:

   8. 5 points : Submit all relevant files you modified during the lab (into the /home/CS480/yourcsloginname directory as part of the tar.bz2 file) . Exactly two files need to be submitted: One file being your report in PDF is to be submitted on the Blackboard. The other file is the tar.bz2 file containing everything else and it gets submitted into /home/CS480 (Pack the files together using tar and bzip2, and copy them using scp from your computer into your cs account )
   9.  10 points : Submit your report as a PDF document through learn.nmsu.edu and all supporting documents, programs, and execution transcripts as part of the tar.bz2 file in your directory under /home/CS480. The report has to contain answers to all questions above, and for the practical problems on your computer describe in detail choices you made, difficulties you encountered, and how did you deal with them.
   10. 5 points : Feedback:In the last paragraph of your report estimate how much time you spent on this assignment. Describe what was hard, easy, interesting, boring or confusing.

   Please remember the submission requirements:

   Two files need to be submitted for every assignment :
   1. The first file is your typed report .
      It has to be submitted through http://learn.nmsu.edu as one file / document and it has to be in the PDF format.
      No other format will be accepted. The name of the file has to contain your name and assignment/lab number separated by "_" (If your name is John Smith then the name of the document submitted for this assignment needs to be John_Smith_HW07.pdf).  
   2. The second file to be submitted into your directory under /home/CS480 directory has to be a tar.bz2 file that contains all other files related to the assignment.
      It will contain all relevant files that you modified for the assignment. Everything that was done to finish the lab, modify your system, write, run and verify submitted programs and scripts used needs to be included in the submitted tar.bz2 file. That includes all your system configuration files modified for the lab/assignment as well as programs and scripts written (including complete source code, supporting shell scripts, test data input files, ...). The name of the tar.bz2 file has to contain your CS login name and the lab number separated by "_" (if your cs login name was jsmith then the file's name for this assignment will be jsmith_Lab07.tar.bz2 ).   The files submitted as part of the tar.bz2 file have to be exact copies as found on your cs480 lab system.

   If you want to correct or add something to already submitted assignment than you need to do so before the deadline and resubmit the whole report again and also resubmit your new tar.bz2 file .

   Please remember that late submissions are penalized 20% / day and NO submissions that are late 3 or more days will be accepted. You can be late at most 2 days to receive any points.