Google+
ITS and UVa logos for printed output

Domain Name System (DNS)

Network Host Administration Guide: Managing and Configuring Your Machine on the UVA Network

Preliminary Tasks

Before you can begin to actually configure the software on your host, you must select a name for the machine and receive a network address. The host’s name is used by humans and the mail system to access your computer while the IP address provides an analogous function for computer-to-computer communication.

Computer System Names

The University follows the Internet standard Domain Name System (DNS). DNS is a distributed hierarchical scheme which breaks down the full name of a University host into three components. The first part of name is chosen by the host administrator. This name must be unique across all hosts in your department. The second component of the host name is fixed by the name of your department. The third part of the name is the same for all University hosts and specifies that the host is operated by the University of Virginia. For example, the host name juno.acc.virginia.edu has the following components:

  • juno - the name of the host
  • acc - the department that operates the system
  • virginia.edu - the host belongs to UVA (Virginia), part of the Education (edu) domain

The name of the host is chosen by the host administrator. Problems associated with duplicate names are resolved by the department Chairman or administrator. The department designation is taken from the course catalog abbreviation when possible and is otherwise selected by the department on an availability basis. These designations are administered by ITS.

Network Address Administration

For proper operation, the TCP/IP protocol suite requires that each host on a network have a unique IP address. Some portions of this address are specified by the University’s network administration while other parts are assigned to the University by the national network administrators.

IP Addresses

An IP address is a four byte number which is usually specified with each byte expressed individually, in decimal, separated by dots. The first two bytes of most IP addresses at UVA were specified by the national network as 128 and 143. The third byte is used to specify which subnet the computer system is attached to. A subnet typically describes the physical ethernet that the host is attached to. The final byte selects an individual host. For example, juno.acc.Virginia.EDU, a primary UVA server machine, has an IP address of 128.143.22.119. The first field (128.143) specifies that juno is a system at the University of Virginia. This is roughly analogous to a telephone area code. The next field (22) explains that the host is connected to a network in Carruthers Hall. The telephone analogy for this portion of the address is the exchange part of the phone number. Finally, the host number for the computer is 119.

Obtaining an IP Address

Due to the shortage of IP address space and the rapidly growing number of hosts, current ITS policy is that static IP addresses will be assigned only to those machines that must have one in order to operate properly. All other hosts must obtain their IP address from the DHCP server. This means that most PCs, Macintoshes, and machines using the Linux operating system will obtain an IP address from the DHCP server. Software licensing that depends on a static IP address should be avoided, and cannot be supported. If you believe that an IP address obtained from the DHCP server will not serve your needs, send email to hostmaster@virginia.edu explaining why it will not serve your needs.

Configuring Your Host

Since the commands used to perform the actual network configuration vary from host to host, this section discusses the configuration process in terms of concepts rather than commands. The network configuration manual from your vendor, coupled with this document, should enable you to properly configure your host.

Address Resolution Protocol

The Address Resolution Protocol (ARP) is used by the host to map ethernet addresses to IP addresses. The vast majority of hosts always have ARP enabled. If your host has a configuration option for ARP, you should enable it.

The Network Mask and Subnetting

The network mask is used by the host to distinguish the subnet part of the IP address from the host number. The network mask on many UVA subnets is 255.255.0.0. This is set automatically with DHCP; when a static address has been assigned the email from hostmaster will contain the correct subnet mask.

On some hosts, you may need to specify this number as a hexidecimal string (for example, 0xFFFFFF00).

Routing, RIP, and the Default Gateway

To communicate with computers attached to different networks at UVA and around the world, your host will need to route its traffic through your local network’s gateway. Your host can learn the address of this gateway by either using the RIP routing protocol or with a static configuration.

The recommended procedure is to configure a default route to the gateway address.

In general, the gateway address will be 128.143.xxx.1, where xxx is the quartet representing the subnet your machine is on. The gateway address is set automatically with DHCP. When a static address is assigned, the email from hostmaster will contain the appropriate gateway address.

Nameservers

Most networking software is capable of accessing the Domain Name System (DNS), the Internet’s distributed host name database. If you are not familiar with the details of the DNS, you should configure your host to use only a resolver. This is typically done on UNIX systems by placing the IP addresses of UVA domain name servers in the file /etc/resolv.conf. Other operating systems usually provide a similar mechanism to enter the server addresses. The following addresses, shown in the format of an /etc/resolv.conf file should be used in the order listed below:

  1. nameserver 128.143.2.7
  2. nameserver 128.143.22.119
  3. nameserver 128.143.3.7

The first two of these servers are located directly on the primary network backbone and thus have high availability. Some UVA departments operate name servers for their subdomains. If your department operates such a server, the hostmaster will provide you with the necessary information to access it.

Unfortunately, some implementations of the TCP/IP protocol suite do not provide access to the DNS. If you have such an implementation, the first thing to do is to complain to the vendor and demand that they provide functional networking software. If all of your attempts to get better software from the vendor fail, contact hostmaster@virginia.edu for instructions.

Because of the potential for abuse, DNS nameservers at UVA should not provide recursive query service to clients from outside the UVA network. If your machine is running a caching name server, you should restrict it to answering queries only from itself and whatever networks you need to provide service to.

This can be accomplished within ISC BIND (versions 8 and 9) with the following statements in the named.conf file:

acl "dorms" { 199.111.160/19; 199.111.192/18; };
  acl "UVA" { localhost; 128.143/16; 137.54/16; 172.16/12; };
options
  allow-query { "UVA"; "dorms"; };
  };

A caching server that is needed only by the box it is running on should be restricted further:

options {
  allow-query { localhost; };
  };

Other Helpful Information

Time Servers

Many hosts support time-of-day synchronization over their TCP/IP networks. UVA provides four public servers which are kept synchronized to within less than one second of the official time according to NIST (the National Institute for Standards and Time.) These servers are:

  • ntp1.Virginia.EDU
  • ntp2.Virginia.EDU
  • ntp3.Virginia.EDU
  • ntp4.Virginia.EDU

These hosts support the Network Time Protocol (NTP) for precise synchronization along with answering the standard UDP time-of-day request on port 37. The hostmaster can direct you to unix software which will access these servers with either protocol. Users may also telnet to port 13 on either of these hosts to receive a human readable version of the time.

Security

The general topics of network and computer security are beyond the scope of this guide. This section simply discusses a few factors to keep in mind when adding a host to the network.

Make sure that all accounts on your system have passwords. Once your system is added to the UVA network, it can be accessed from many thousands of computers around the world. Passworded accounts are a reasonable precaution against unauthorized access.

Disable the Trivial File Transfer Protocol (TFTP). Many TFTP implementations leave your system vulnerable to both accidental and deliberate abuse. If you must use it and your system supports a security mode limiting information access use that configuration.

Electronic Mail

The university offers centrally-provisioned email systems that can be used by any member of the UVA community. Those systems feature virus protection mechanisms with daily updates, as well as enterprise-grade spam reduction service.

Due to issues of both security and reliability, therefore, ITS recommends using our University-wide email services rather than configuring a local server as an email host.

  Page Updated: Tuesday 2017-10-17 12:26:23 EDT