Configuring Your DNS Server for DNS Routing

Document Sample
Configuring Your DNS Server for DNS Routing Powered By Docstoc
					                                                       Configuring watermark
A-PDF Watermark DEMO: Purchase from www.A-PDF.com to remove theYour DNS Server for DNS Routing


          Configuring Your DNS Server for DNS Routing
                               DNS routing is one way to prevent employees from directly connecting to IM
                               networks for which the Server is a proxy. It involves the following actions:
                                      Blocking destinations at the firewall that IM clients could use to connect
                                      directly to the IM network server. For a list of the destinations to block,
                                      please contact FaceTime Customer Support.
                                      Configuring your DNS server to resolve the default domain names for
                                      the IM network server to the IP address for the Server. This section
                                      describes how to do this configuration.

                                         Caution: Be sure that the server on which you install the Server points
                                         to a valid DNS server, not to the one you are configuring in this
                                         section. Otherwise, an infinite loop results in which no messages are
                                         routed to the IM networks.

                               To configure your DNS server for DNS routing:
                                 1.   On the Windows Start menu, select Start Programs
                                      Administrative Tools DNS. The DNS window appears (see
                                      Figure 1-65).
                               Figure 1-65: DNS Window




          © 2001—2008, FaceTime® Communications, Inc.     259 of 384 IMAuditor Planning and Implementation Guide Vol. III
Chapter 1 Deployment



                        2.   Right-click Forward Lookup Zones, and then click New Zone. The
                             Zone Type window appears (see Figure 1-66).
                       Figure 1-66: Zone Type Window




                        3.   Select Standard primary, and then click Next.

                        4.   Type a valid domain name (see list in Table 1-7) in the Name box and
                             click Next.
                       Table 1-7: List of Domain Names
                       IM Network                        Domain Name

                       AOL Instant Messenger (AIM)        ars.oscar.aol.com
                                                          login.oscar.aol.com
                       AIM Pro                           <fully-qualified domain name of the
                                                         Server>




© 2001—2008, FaceTime® Communications, Inc.    260 of 384 IMAuditor Planning and Implementation Guide Vol. III
                                                               Configuring Your DNS Server for DNS Routing



                     Table 1-7: List of Domain Names
                      IM Network                       Domain Name

                      Yahoo! Messenger                  relay.msg.yahoo.com
                                                        scs.msg.yahoo.com
                                                        scsa.msg.yahoo.com
                                                        scsb.msg.yahoo.com
                                                        scsc.msg.yahoo.com
                                                        scsd.msg.yahoo.com
                                                        scse.msg.yahoo.com
                                                        scsf.msg.yahoo.com
                                                        scsg.msg.yahoo.com
                      MSN Messenger                     messenger.hotmail.com
                                                        messenger.msn.com
                                                        gateway.messenger.hotmail.com
                      Google Talk                      talk.google.com
                      IBM Lotus                        <host name of Lotus IM server>
                      Jabber                           <host name of Jabber IM server>


                       5.   The Zone Name dialog box appears with default settings (see
                            Figure 1-67).
                     Figure 1-67: Zone Name Dialog Box




© 2001—2008, FaceTime® Communications, Inc.   261 of 384 IMAuditor Planning and Implementation Guide Vol. III
Chapter 1 Deployment



                        6.   In the Name box, enter the default domain name that clients use to
                             connect to the IM network server.

                        7.   Click Next to accept the settings. The Zone File dialog box appears
                             (see Figure 1-68).
                       Figure 1-68: Zone File Dialog Box




                        8.   Select the Create a new file with this name option button. The
                             value in preceding box is automatically filled in.

                        9.   Click Next to finish creating the zone.




© 2001—2008, FaceTime® Communications, Inc.     262 of 384 IMAuditor Planning and Implementation Guide Vol. III
                                                               Configuring Your DNS Server for DNS Routing



                     10.   Information about the new zone is displayed in the screen that appears
                           (see Figure 1-69). If you need to change the information, click Back. If
                           the information is correct, click Next.
                     Figure 1-69: New Zone Wizard Window




© 2001—2008, FaceTime® Communications, Inc.   263 of 384 IMAuditor Planning and Implementation Guide Vol. III
Chapter 1 Deployment



                       11.   The new zone you created appears in the left pane of the DNS window
                             (see Figure 1-70).
                       Figure 1-70: DNS Window




                       12.   Right-click the zone, and then click New Host. The New Host window
                             appears (see Figure 1-71).
                                  Figure 1-71: New Host Dialog Box




                       13.   Leave the Name box empty.



© 2001—2008, FaceTime® Communications, Inc.    264 of 384 IMAuditor Planning and Implementation Guide Vol. III
                                                                 Configuring Your DNS Server for DNS Routing



                     14.    Type the IP address of the Server in the IP address box.

                     15.    Click Add Host. If you have more than one Server, repeat steps 11 and
                            for each server.

                     16.    Repeat steps 2 through for each relevant IM network server.

                     17.    If you have more than one Server and want to use round robin, make
                            sure that it is enabled:

                             a.   Right-click the server in the DNS Manager window, and then click
                                  Properties.

                             b.   Click the Advanced tab, and make sure Enable round robin is
                                  selected.


Testing DNS Routing
                     To test DNS routing:

                       1.   Type a valid command (see list in Table 1-8) at the command prompt
                            and press ENTER.
                     Table 1-8: Commands
                      On a computer running          Type this command

                      AIM client                      nslookup login.oscar.aol.com
                                                      nslookup ars.oscar.aol.com
                      AIM Pro                        nslookup <fully-qualified domain name of the
                                                     Server>
                      Yahoo! Messenger client        nslookup scs.msg.yahoo.com
                      MSN Messenger client           nslookup messenger.hotmail.com
                      Lotus IM Connect client        nslookup <Lotus IM server domain name>
                      Google Talk                    talk.google.com


                            The IP address of the Server should be displayed as a result.

                       2.   Repeat this procedure for each IM network server you configured for
                            DNS routing.




© 2001—2008, FaceTime® Communications, Inc.     265 of 384 IMAuditor Planning and Implementation Guide Vol. III
Chapter 1 Deployment



Setting up DNS Redirect for UNIX BIND
                       This section provides the following sample codes to set up DNS redirection
                       with BIND 9.2.1 for MSN Messenger, AOL Instant Messenger, and Yahoo!
                       Messenger:

                           Sample Named.Conf File: This file contains all the customizations
                           required to set up DNS redirection with BIND 9.2.1 for MSN Messenger,
                           AOL Instant Messenger, and Yahoo! Messenger (see Figure 1-72).
                           Sample Zone File (Standard): This file returns a record for
                           messenger.hotmail.com. This is the standard zone file that can be used
                           for all IM services except for msg.yahoo.com. zone (see Figure 1-73).
                           Sample Zone File (Specific): This file contains sub domains and is
                           specific to msg.yahoo.com. zone (see Figure 1-74).
                                 Figure 1-72: Sample Named.Conf file
                         // generated by named-bootconf.pl
                         };
                         zone "." IN {
                         type hint;
                         file "named.ca";
                         };
                         zone "localhost" IN {
                         type master;
                         file "localhost.zone";
                         allow-update { none; };
                         };
                         zone "0.0.127.in-addr.arpa" IN {
                         type master;
                         file "named.local"; allow-update { none; }; };
                         //
                         // These zones are for MSN IM traffic
                         //
                         zone "messenger.hotmail.com" IN {
                         type master;
                         file "messenger.hotmail.com.zone";
                         allow-update { none; };
                         };




© 2001—2008, FaceTime® Communications, Inc.   266 of 384 IMAuditor Planning and Implementation Guide Vol. III
                                                               Configuring Your DNS Server for DNS Routing



                     Figure 1-72: Sample Named.Conf file (Continued)
                      //
                      // These zones are for AOL IM traffic
                      //
                      zone "login.oscar.aol.com" IN {
                      type master;
                      file "login.oscar.aol.com.zone";
                      allow-update { none; };
                      };
                      zone "toc.oscar.aol.com" IN {
                      type master;
                      file "toc.oscar.aol.com.zone";
                      allow-update { none; };
                      };
                      zone "aimexpress.aol.com" IN {
                      type master;
                      file "aimexpress.aol.com.zone";
                      allow-update { none; };
                      };
                      // These zones are for Yahoo IM traffic
                      //
                      zone "scs.msg.yahoo.com" IN {
                      type master;
                      file "scs.yahoo.com.zone";
                      allow-update { none; };
                      };
                      zone "scsa.msg.yahoo.com" IN {
                      type master;
                      file "scsa.yahoo.com.zone";
                      allow-update { none; };
                      };
                      zone "scsb.msg.yahoo.com" IN {
                      type master;
                      file "scsb.yahoo.com.zone";
                      allow-update { none; };
                      };
                      zone "scsc.msg.yahoo.com" IN {
                      type master;
                      file "scsc.yahoo.com.zone";
                      allow-update { none; };
                      };
                      include "/etc/rndc.key";




© 2001—2008, FaceTime® Communications, Inc.   267 of 384 IMAuditor Planning and Implementation Guide Vol. III
Chapter 1 Deployment



                                Figure 1-73: Sample Zone File (Standard)
                       $TTL 86400
                       @ 1D IN SOA @ root (
                       2 ; serial (d. adams)
                       3H ; refresh
                       15M ; retry
                       1W ; expiry
                       1D ) ; minimum
                       @ IN NS 192.168.1.2
                       @ 1d IN A 192.168.1.100

                                Figure 1-74: Sample Zone File (Specific)
                       $TTL 86400
                       @ 1D IN SOA @ root (
                       2 ; serial (d. adams)
                       3H ; refresh
                       15M ; retry
                       1W ; expiry
                       1D ) ; minimum
                       @ IN NS 192.168.1.2
                       @ 1d IN A 192.168.1.100
                       scs 1d IN A 192.168.1.100
                       scsa 1d IN A 192.168.1.100
                       scsb 1d IN A 192.168.1.100
                       scsc 1d IN A 192.168.1.100




© 2001—2008, FaceTime® Communications, Inc.   268 of 384 IMAuditor Planning and Implementation Guide Vol. III

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:51
posted:5/31/2010
language:English
pages:10