1 / 17

CSE591 Project

Dynamic and Secure DNS. CSE591 Project. Tianyi Xing. Project Goal. Establish a dynamic and secure DNS service in the mobicloud system. Roadmap. By mid-term Establish a DNSSEC server within the mobicloud system Successfully installed at configuration stage

aviv
Download Presentation

CSE591 Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dynamic and Secure DNS CSE591 Project Tianyi Xing

  2. Project Goal • Establish a dynamic and secure DNS service in the mobicloud system

  3. Roadmap • By mid-term • Establish a DNSSEC server within the mobicloud system • Successfully installed • at configuration stage • Configure the network to make sure DNSSEC server serve the right purpose in the mobicloud system • By Final • Perfect its function • Dynamically cooperate with the user ID and IP address • Dynamically update the ip(ID) and domain pair • Documentation

  4. System Setup • Hardware • Dell Rack Server • Switches • Software • Ubuntu 10.10 • Xenserver 5.6 • Xencenter • Dnssec-keygen • Bind9 • dhcpd

  5. Solutions • 1. Semi-automatically DNS • Everytime VM is created, backend part of the mobicloud system reads UserID from the DB and register “UserID.mobicloud.asu.edu” in DNS server. • 2. Dynamic secure DNS+DHCP • Everytime VM is created, DHCP will automatically register “hostname.mobicloud.asu.edu” at the DNS.

  6. Solution1 - Work Flow

  7. Work Flow

  8. Work Flow • Create VM • VM Get ip addresses from DHCP • DHCP assign the DNS to VM as the Default DNS • We retrieve the ip addresses from the VM (vm.getrecord())and save it into a string • We get userName and userID from web session and pass that into the DNSupdate method

  9. Work Flow • Generate the domain name based on the userName. (i.e., terry.mobicloud.asu.edu) • SSH on to the DNS server and write all the command into a script file. • Run that script with nsupdate command • Use ping to check, ping terry.mobicloud.asu.edu , then it works !!!

  10. Solution 1 - Pros and Cons • Pros • Mobicloud system has more flexibility on the domain name. Not just like the hostname.domain.com • Backend part has more control on update DNS • Mobicloudsystem can directly run command on the DNS server anytime it wants • Cons • Inconvenient • More workload at the backend part • Once the ip is changed, the mobicloud system has trouble on updating the new domain and ip pair

  11. Solution 2 Dynamic Secure DNS • Define a class in DHCP server to identify the template VM • Assign a temporary IP address • User Hostname as the identifier • It is also allowed to use mac address to identify VM • Once ip is updated from DHCP, DHCP will register the VM in DNS again

  12. Dynamic Update From DHCP

  13. Work Flow

  14. Work Flow • Create VM • Get ip from DHCP server • Backend sent the UserName and Label to SSH server • Let the SSH server change the hostname(UserID and Label) of the VM • Send the DHCP request again with new hostname • Update DNS with key

  15. Solution 2 – pros and cons • Pros • Backend do not need to read from the Database and get the userID and define the schema of the domainname, once the VM is created, “hostname.mobicloud.asu.edu” is registered. • Whenever VM get new ip, the DHCP will dynamically update the zone entry in the DNS • Cons • Only when ip is updated, the DNS is updated

  16. Demo – Everything is automatically • Clone a new VM • New VM gets a short term ip from DHCP server • Check the domain name ”hostname.mobicloud.asu.edu” • Change the hostname to newhostname • DHCP request • Check with the domain newhostname.mobicloud.asu.edu

  17. Thanks

More Related