■GNS3のルータからDNSサーバ、クライアントを設定する。
以下の環境
debian stretchのホストとGNS3内のルータをブリッジとタップで接続する。
http://labunix.hateblo.jp/entry/20171210/1512898268
デバッグ用ACL定義Cisco IOS IP アドレッシング サービス コンフィギュ レーション ガイド リリース 15.1S
https://www.cisco.com/c/ja_jp/td/docs/ugas/as5200universalaccessservers/as5200universalaccessserv/rcs/001/iad-15-1s/iad-config-dns.html
■デバッグ用ACL定義
Extended IP access list 101
10 permit tcp 172.31.31.0 0.0.0.255 host 172.31.31.21
20 permit tcp host 172.31.31.21 172.31.31.0 0.0.0.255
30 permit udp 172.31.31.0 0.0.0.255 host 172.31.31.21
40 permit udp host 172.31.31.21 172.31.31.0 0.0.0.255
Translating "google.com"...domain server (172.31.31.251)
(172.31.31.251)
Translating "google.com"...domain server (172.31.31.251) [OK]
Trying google.com (216.58.199.238)...
% Destination unreachable; gateway or host down
Dec 10 14:48:35.235: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), routed via FIB
Dec 10 14:48:35.235: IP: s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), len 56, sending
Dec 10 14:48:35.311: IP: tableid=0, s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:48:35.315: IP: s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 106, rcvd 3
Dec 10 14:48:35.315: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), routed via FIB
Dec 10 14:48:35.315: IP: s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), len 56, sending
Dec 10 14:48:35.391: IP: tableid=0, s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:48:35.391: IP: s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 106, rcvd 3
Dec 10 14:48:35.395: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), routed via FIB
Dec 10 14:48:35.395: IP: s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), len 56, sending
Dec 10 14:48:35.427: IP: tableid=0, s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:48:35.427: IP: s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 208, rcvd 3
Translating "fortinet.com"...domain server (172.31.31.251)
(172.31.31.251)
Translating "fortinet.com"...domain server (172.31.31.251) [OK]
Trying fortinet.com (208.91.114.181)...
% Destination unreachable; gateway or host down
Dec 10 14:48:55.191: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), routed via FIB
Dec 10 14:48:55.191: IP: s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), len 58, sending
Dec 10 14:48:55.323: IP: tableid=0, s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:48:55.327: IP: s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 102, rcvd 3
Dec 10 14:48:55.327: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), routed via FIB
Dec 10 14:48:55.327: IP: s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), len 58, sending
Dec 10 14:48:55.475: IP: tableid=0, s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:48:55.475: IP: s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 102, rcvd 3
Dec 10 14:48:55.479: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), routed via FIB
Dec 10 14:48:55.479: IP: s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), len 58, sending
Dec 10 14:48:55.631: IP: tableid=0, s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:48:55.631: IP: s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 176, rcvd 3
■DNSサーバの有効化
ip dns server
end
■LinuxからDNSサーバの確認
$ nslookup google.co.jp 172.31.31.21
Server: 172.31.31.21
Address: 172.31.31.21#53
Non-authoritative answer:
Name: google.co.jp
Address: 172.217.27.67
Dec 10 14:49:04.423: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.60 (FastEthernet0/0), routed via FIB
Dec 10 14:49:04.423: IP: s=172.31.31.21 (local), d=172.31.31.60 (FastEthernet0/0), len 76, sending
Dec 10 14:49:04.423: IP: tableid=0, s=172.31.31.60 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:49:04.423: IP: s=172.31.31.60 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 76, rcvd 3
Dec 10 14:49:18.163: IP: tableid=0, s=172.31.31.90 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:49:18.167: IP: s=172.31.31.90 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 58, rcvd 3
Dec 10 14:49:18.167: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), routed via FIB
Dec 10 14:49:18.167: IP: s=172.31.31.21 (local), d=172.31.31.251 (FastEthernet0/0), len 58, sending
Dec 10 14:49:18.195: IP: tableid=0, s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), routed via RIB
Dec 10 14:49:18.195: IP: s=172.31.31.251 (FastEthernet0/0), d=172.31.31.21 (FastEthernet0/0), len 220, rcvd 3
Dec 10 14:49:18.199: IP: tableid=0, s=172.31.31.21 (local), d=172.31.31.90 (FastEthernet0/0), routed via FIB
Dec 10 14:49:18.199: IP: s=172.31.31.21 (local), d=172.31.31.90 (FastEthernet0/0), len 220, sending
■DNSフォワーディングの有効化
ip dns view default
dns forwarder 172.31.31.251
end
■内部ホストの設定
ip host vmx-rdebian 172.31.31.90
end
■Linuxからホストの確認
$ dig vmx-rdebian @172.31.31.21
; <<>> DiG 9.10.3-P4-Debian <<>> vmx-rdebian @172.31.31.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3935
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;vmx-rdebian. IN A
;; ANSWER SECTION:
vmx-rdebian. 10 IN A 172.31.31.90
;; Query time: 16 msec
;; SERVER: 172.31.31.21#53(172.31.31.21)
;; WHEN: Sun Dec 10 23:26:21 JST 2017
;; MSG SIZE rcvd: 45
# no debug ip packet 101
#debug domain
Domain Name System debugging is on
Dec 10 14:29:56.621: DNS: Incoming UDP query (id#36182)
Dec 10 14:29:56.625: DNS: Type 1 DNS query (id#36182) for host 'vmx-rdebian' from 172.31.31.90(55165)
Dec 10 14:29:56.629: DNS: Servicing request using view default
Dec 10 14:29:56.633: DNS: Reply to client 172.31.31.90/55165 query A
Dec 10 14:29:56.633: DNS: Finished processing query (id#36182) in 0.012 secs
Dec 10 14:29:56.637: DNS: Sending response to 172.31.31.90/55165, len 45
Dec 10 14:30:34.133: DNS: Incoming UDP query (id#21951)
Dec 10 14:30:34.137: DNS: Type 1 DNS query (id#21951) for host 'google.com' from 172.31.31.90(49381)
Dec 10 14:30:34.137: DNS: Servicing request using view default
Dec 10 14:30:34.137: DNS: Re-sending DNS query (type 1, id#18066) to 172.31.31.251
Dec 10 14:30:34.197: DNS: Incoming UDP query (id#18066)
Dec 10 14:30:34.197: DNS: Type 1 response (id#18066) for host <google.com> from 172.31.31.251(53)
Dec 10 14:30:34.197: DOM: dom2cache: hostname is google.com, RR type=1, class=1, ttl=236, n=4
Dec 10 14:30:34.197: DNS: Forwarding back A response - no director required
Dec 10 14:30:34.197: DNS: Finished processing query (id#21951) in 0.064 secs
Dec 10 14:30:34.197: DNS: Forwarding back reply to 172.31.31.90/49381
Dec 10 14:31:15.585: DNS: Incoming UDP query (id#61475)
Dec 10 14:31:15.585: DNS: Type 1 DNS query (id#61475) for host 'ntp.nict.jp' from 172.31.31.90(45160)
Dec 10 14:31:15.589: DNS: Servicing request using view default
Dec 10 14:31:15.589: DNS: Re-sending DNS query (type 1, id#24497) to 172.31.31.251
Dec 10 14:31:15.629: DNS: Incoming UDP query (id#24497)
Dec 10 14:31:15.633: DNS: Type 1 response (id#24497) for host <ntp.nict.jp> from 172.31.31.251(53)
Dec 10 14:31:15.633: DOM: dom2cache: hostname is ntp.nict.jp, RR type=1, class=1, ttl=41146, n=4
Dec 10 14:31:15.633: DOM: dom2cache: hostname is ntp.nict.jp, RR type=1, class=1, ttl=41146, n=4
Dec 10 14:31:15.633: DOM: dom2cache: hostname is ntp.nict.jp, RR type=1, class=1, ttl=41146, n=4
Dec 10 14:31:15.633: DOM: dom2cache: hostname is ntp.nict.jp, RR type=1, class=1, ttl=41146, n=4
Dec 10 14:31:15.633: DNS: Forwarding back A response - no director required
Dec 10 14:31:15.633: DNS: Finished processing query (id#61475) in 0.048 secs
Dec 10 14:31:15.633: DNS: Forwarding back reply to 172.31.31.90/45160
#no debug domain
■キャッシュを確認
#show hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 172.31.31.251
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
ns2.nict.jp None (temp, OK) 1 IP 133.243.3.2
ns1.nict.jp None (temp, OK) 1 IP 133.243.3.1
ntp.nict.jp None (temp, OK) 0 IP 133.243.238.163
133.243.238.244
133.243.238.243
133.243.238.164
vmx-rdebian None (perm, OK) 0 IP 172.31.31.90
ns3.fortigate.com None (temp, OK) 1 IP 208.91.113.63
ns2.fortigate.com None (temp, OK) 1 IP 66.171.121.39
ns1.fortigate.com None (temp, OK) 1 IP 65.39.139.161
fortigate.com None (temp, OK) 1 IP 96.45.36.230
■簡単なACLをインターフェイスに定義
#show ip access-lists 102
Extended IP access list 102
10 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 eq ntp
20 permit udp 172.31.31.0 0.0.0.255 eq domain 172.31.31.0 0.0.0.255
30 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 eq domain
40 permit icmp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255
50 permit tcp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255
#show run | section interface FastEthernet0/0
interface FastEthernet0/0
ip address 172.31.31.21 255.255.255.0
ip access-group 102 in
ip access-group 102 out
duplex auto
speed auto