DNS by wangnianwu

VIEWS: 0 PAGES: 17

									Dynamic and Secure DNS




   Tianyi Xing
   Establish a dynamic and secure DNS service
    in the mobicloud system
   By mid-term
     Establish a DNSSEC server within the mobicloud
      system
      ▪ Successfully installed
      ▪ at configuration stage
     Configure the network to make sure DNSSEC server
      serve the right purpose in the mobicloud system
   By Final
     Perfect its function
      ▪ Dynamically cooperate with the user ID and IP address
      ▪ Dynamically update the ip(ID) and domain pair
     Documentation

                                                                3
   Hardware
     Dell Rack Server
     Switches

   Software
       Ubuntu 10.10
       Xenserver 5.6
       Xencenter
       Dnssec-keygen
       Bind9
       dhcpd
                         4
   1. Semi-automatically DNS
     Everytime VM is created, backend part of the
     mobicloud system reads UserID from the DB and
     register “UserID.mobicloud.asu.edu” in DNS
     server.
   2. Dynamic secure DNS+DHCP
     Everytime VM is created, DHCP will automatically
     register “hostname.mobicloud.asu.edu” at the
     DNS.
   Create VM
   VM Get ip addresses from DHCP
   DHCP assign the DNS to VM as the Default
    DNS
   We retrieve the ip addresses from the VM
    (vm.getrecord())and save it into a string
   We get userName and userID from web
    session and pass that into the DNSupdate
    method
   Generate the domain name based on the
    userName. (i.e., terry.mobicloud.asu.edu)
   SSH on to the DNS server and write all the
    command into a script file.
   Run that script with nsupdate command
   Use ping to check, ping
    terry.mobicloud.asu.edu , then it works !!!
 Pros
  ▪ Mobicloud system has more flexibility on the domain
    name. Not just like the hostname.domain.com
  ▪ Backend part has more control on update DNS
  ▪ Mobicloud system can directly run command on the
    DNS server anytime it wants
 Cons
  ▪ Inconvenient
  ▪ More workload at the backend part
  ▪ Once the ip is changed, the mobicloud system has
    trouble on updating the new domain and ip pair
   Define a class in DHCP server to identify the
    template VM
     Assign a temporary IP address
   User Hostname as the identifier
     It is also allowed to use mac address to identify
     VM
   Once ip is updated from DHCP, DHCP will
    register the VM in DNS again
   Create VM
   Get ip from DHCP server
   Backend sent the UserName and Label to
    SSH server
   Let the SSH server change the
    hostname(UserID and Label) of the VM
   Send the DHCP request again with new
    hostname
   Update DNS with key
   Pros
     Backend do not need to read from the Database
      and get the userID and define the schema of the
      domainname, once the VM is created,
      “hostname.mobicloud.asu.edu” is registered.
     Whenever VM get new ip, the DHCP will
      dynamically update the zone entry in the DNS
   Cons
     Only when ip is updated, the DNS is updated
   Clone a new VM
   New VM gets a short term ip from DHCP
    server
   Check the domain name
    ”hostname.mobicloud.asu.edu”
   Change the hostname to newhostname
   DHCP request
   Check with the domain
    newhostname.mobicloud.asu.edu

								
To top