DNS (Doman Name Service): Difference between revisions
Jump to navigation
Jump to search
(Created page with "== DNS (Domain Name Service) == === DNS servers === Each site has its own local DNS server(s). There are a few reasons for this, one of which is subtle but important: # Have master zone files and be able to respond authoritatively for CSE DNS zones. # The important but subtle reason: all DNS queries regarding “unsw.edu.au” are redirected to UNSW's own '''internal''' DNS servers so that these queries appear to be coming from hosts inside UNSW.<p>This is so that the...") |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== DNS servers == | |||
Each site has its own local DNS server(s). There are a few reasons for this, one of which is subtle but important: | Each site has its own local DNS server(s). There are a few reasons for this, one of which is subtle but important: | ||
| Line 9: | Line 7: | ||
# Provide forwarding of non-CSE and non-UNSW zone queries to the local AWS DNS server in each VPC. | # Provide forwarding of non-CSE and non-UNSW zone queries to the local AWS DNS server in each VPC. | ||
== DNS server setup (building it) == | |||
# Start from [[ | |||
# Start from [[Initial setup of a Debian AMI instance]] | |||
# Install Debian packages: | # Install Debian packages: | ||
#* bind9 | #* bind9 | ||
# Install cfengine for AWS clients. See [[ | # Install cfengine for AWS clients. See [[cfengine]] | ||
== Zone use policies == | |||
=== <code>cse.unsw.edu.au</code> === | |||
* Names (A) and alias (CNAME) records for public-facing roles. E.g., <code>www</code>, <code>smtp</code>, <code>cgi</code>, <code>login</code> | * Names (A) and alias (CNAME) records for public-facing roles. E.g., <code>www</code>, <code>smtp</code>, <code>cgi</code>, <code>login</code> | ||
* Roles are intended for use by people outside of CSE/UNSW | * Roles are intended for use by people outside of CSE/UNSW | ||
=== <code>cseunsw.site</code> === | |||
* Internal names (A) and aliases (CNAME) records not intended for visibility outside of CSE. E.g., individual lab computer names, server names, network node names, etc. | * Internal names (A) and aliases (CNAME) records not intended for visibility outside of CSE. E.g., individual lab computer names, server names, network node names, etc. | ||
* For management by CSG | * For management by CSG | ||
=== <code>cseunsw.tech</code> === | |||
* External-facing technical function names (not records pertaining to individual hosts) | * External-facing technical function names (not records pertaining to individual hosts) | ||
* Roles are intended for use by CSE staff, CSE students and other CSE users | * Roles are intended for use by CSE staff, CSE students and other CSE users | ||
=== <code>cseunsw.online</code> === | |||
* Event-based names (A) and aliases (CNAME) records for promotion and marketing, probably exclusively referring to web pages or web sites. E.g.: | * Event-based names (A) and aliases (CNAME) records for promotion and marketing, probably exclusively referring to web pages or web sites. E.g.: | ||
** Conference names (“ABCD2021” → https://abcd2021.cseunsw.online), or | ** Conference names (“ABCD2021” → https://abcd2021.cseunsw.online), or | ||
** Possibly class and/or course names for class web pages (“COMP1234” → https://comp1234.cseunsw.online) | ** Possibly class and/or course names for class web pages (“COMP1234” → https://comp1234.cseunsw.online) | ||
[[Category:Pages needing work]] | |||
Latest revision as of 10:42, 20 Haziran 2022
DNS servers
Each site has its own local DNS server(s). There are a few reasons for this, one of which is subtle but important:
- Have master zone files and be able to respond authoritatively for CSE DNS zones.
- The important but subtle reason: all DNS queries regarding “unsw.edu.au” are redirected to UNSW's own internal DNS servers so that these queries appear to be coming from hosts inside UNSW.
This is so that the replies are relevant to hosts which should nominally be considered to be inside UNSW and which connect to UNSW services via internal UNSW networking rather than through the public Internet.
This is particularly the case, for example, with queries regarding the UNSW Active Directory (AD) servers (“ad.unsw.edu.au”) where if we queried via the public Internet we'd get the IP address of a non-informative public-facing server, but when we query internally to UNSW we would get a full list of AD servers addresses.
- Provide forwarding of non-CSE and non-UNSW zone queries to the local AWS DNS server in each VPC.
DNS server setup (building it)
- Start from Initial setup of a Debian AMI instance
- Install Debian packages:
- bind9
- Install cfengine for AWS clients. See cfengine
Zone use policies
cse.unsw.edu.au
- Names (A) and alias (CNAME) records for public-facing roles. E.g.,
www,smtp,cgi,login - Roles are intended for use by people outside of CSE/UNSW
cseunsw.site
- Internal names (A) and aliases (CNAME) records not intended for visibility outside of CSE. E.g., individual lab computer names, server names, network node names, etc.
- For management by CSG
cseunsw.tech
- External-facing technical function names (not records pertaining to individual hosts)
- Roles are intended for use by CSE staff, CSE students and other CSE users
cseunsw.online
- Event-based names (A) and aliases (CNAME) records for promotion and marketing, probably exclusively referring to web pages or web sites. E.g.:
- Conference names (“ABCD2021” → https://abcd2021.cseunsw.online), or
- Possibly class and/or course names for class web pages (“COMP1234” → https://comp1234.cseunsw.online)