ApA

Hacer para Aprender

DHCP & DNS
Laboratorio de Redes y Comunicaciones

Profesor: Ing. Abel Crespo

Agenda
 Introducción a DHCP
 PDU DHCP

 Un servidor DHCP en un segmento de red
 Configuración de clientes dinámicos

 Configuración de clientes fijos
 Opciones de configuración

 DHCP RELAY
 Ejemplo con dos subredes

 DHCP Failover
 Configuración en dos subredes  Configuración de NTP (Network Time Protocol)

INTRODUCCION A DHCP

0 7 15 HARDWARE TYPE HARDWARE LENGTH HOP COUNT 31 OPERATION CODE TRANSACTION ID SECONDS ELAPSED MUST BE ZERO (MBZ) CLIENT IP ADDRESS YOU IP ADDRESS SERVER IP ADDRESS CLIENT HARDWARE ADDRESS (64 BYTES) BOOT FILE NAME (128 BYTES) OPTIONS (UP TO 312 BYTES) .

168.2/24 eth0 SW DHCP SERVER eth0 DHCP CLIENT PC1 .1.DHCP .1.Servicio Básico R 192.168.1/24 eth1 192.

0.255. # Default DNS to be used by DHCP clients option netbios-name-servers 192.120.your-domain.42.1.42. # option ipforwarding off.255.254.255.org".168.com. # Range of IP addresses to be issued to DHCP clients option subnet-mask 255.168. option time-offset -18000.168.175.175.1.0 { range 192. hardware ethernet 00:02:c3:d0:e5:83. # Name server with this specified MAC address will recieve this IP.Selects point-to-point node (default is hybrid). # (Optional.255.168. # Required for dhcp 3. fixed-address 40. option domain-name-servers 40.1. subnet 192.254. # Default subnet mask to be used by DHCP clients option broadcast-address 192. Specify if used on your network) # DHCP requests are not forwarded.253. # Default broadcast address to be used by DHCP clients option routers 192.168. host ns2 { next-server ns2.1.1.168.1. # Default gateway to be used by DHCP clients option domain-name "your-domain. # Eastern Standard Time # option ntp-servers 192.254.168.1.1.100. 40.1.DHCP_SERVER # dhcpd.175. } } . Applies when there is more than one ethernet device and forwarding is configured. This assures that the # printer with this MAC address will get this IP address every time.255.0+ ignore client-updates.conf') ddns-update-style interim. # Amount of time in seconds that a client may keep the IP max-lease-time 43200. # Specify a WINS server for MS/Windows clients. # We want the nameserver "ns2" to appear at a fixed address. # Don't change this unless you understand Netbios very # option netbios-node-type 2.1. # Default NTP server to be used by DHCP clients # option netbios-name-servers 192. # --.168.42.128 192. default-lease-time 21600.0 netmask 255.168. host laser-printer-lex1 { hardware ethernet 08:00:2b:4c:a3:82. } # Laser printer obtains IP address via DHCP.1. fixed-address 192.conf # Configuration file for ISC dhcpd (see 'man dhcpd.1.

All rights reserved.org/sw/dhcp/ WARNING: Host declarations are global.DHCP SERVER root@DHCP_SERVER:~# dhcpd Internet Systems Consortium DHCP Server V3.isc. Wrote 0 deleted host decls to leases file.168.2p1 Copyright 2004-2009 Internet Systems Consortium.1/24 Sending on Socket/fallback/fallback-net root@DHCP_SERVER:~# netstat -uta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address tcp 0 0 *:time *:* tcp 0 0 *:auth *:* tcp 0 0 *:ssh *:* tcp 0 0 *:telnet *:* tcp6 0 0 [::]:ssh [::]:* udp 0 0 *:biff *:* udp 0 0 *:time *:* udp 0 0 *:bootps *:* root@DHCP_SERVER:~# State LISTEN LISTEN LISTEN LISTEN LISTEN .168. Wrote 0 new dynamic host decls to leases file.1. They are not limited to the scope you declared them in. Wrote 0 leases to leases file. For info. please visit http://www.1/24 Sending on LPF/eth0/7a:71:c6:80:89:66/192. Listening on LPF/eth0/7a:71:c6:80:89:66/192.

168.org/sw/dhcp/ Listening on LPF/eth0/22:6b:a7:cb:6d:72 Sending on LPF/eth0/22:6b:a7:cb:6d:72 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.PC1 root@PC1:~# tcpdump -w dhcp. root@PC1:~# .255.1.168.2 bound to 192.2 DHCPREQUEST on eth0 to 255. please visit http://www.255.255 port 67 DHCPACK from 192.cap -s0 port 67 or port 68 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0. For info.2p1 Copyright 2004-2009 Internet Systems Consortium.168.128 -.1. All rights reserved.255 port 67 interval 5 DHCPOFFER from 192.renewal in 10208 seconds.1. capture size 65535 bytes 4 packets captured 4 packets received by filter 0 packets dropped by kernel root@PC1:~# PC1 root@PC1:~# dhclient eth0 Internet Systems Consortium DHCP Client V3.1.isc.255.255. link-type EN10MB (Ethernet).

ends 2 2010/08/31 08:51:35.leases~ root@DHCP_SERVER /var/state/dhcp~# nano dhcpd. } root@DHCP_SERVER /var/state/dhcp~# .leases # The format of this file is documented in the dhcpd.2p1 lease 192.leases dhcpd.168.leases(5) manual page. binding state active. next binding state free.1. cltt 2 2010/08/31 02:51:35.leases dhcpd.128 { starts 2 2010/08/31 02:51:35. # This lease file was written by isc-dhcp-V3.DHCP_SERVER root@DHCP_SERVER /var/state/dhcp~# ls dhclient.1. hardware ethernet 22:6b:a7:cb:6d:72.

PC1 192.168.1/24 R eth1 192.168.1.2/24 eth0 SW DHCP SERVER eth0 DHCP CLIENT PC1 .1.

.0.0 (0. .0.l=1) DHCP Message Type = DHCP Discover Option: (53) DHCP Message Type Length: 1 Value: 01 Option: (t=55.0) Relay agent IP address: 0.0..000 0000 0000 0000 = Reserved flags: 0x0000 Client IP address: 0.l=7) Parameter Request List Option: (55) Parameter Request List Length: 7 Value: 011C02030F060C 1 = Subnet Mask 28 = Broadcast Address 2 = Time Offset 3 = Router 15 = Domain Name 6 = Domain Name Server 12 = Host Name End Option Padding .0 (0.255..255 Protocol DHCP Info DHCP Discover – Transaction ID 0x4a402d53 Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) 0.0.0..0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53.0.0. = Broadcast flag: Unicast .255..0) Next server IP address: 0.No.0.0) Your (client) IP address: 0.0 (0. .0.0 Destination 255.0..000000 Source 0.0..0.0. .. 1 Time 0.0 (0.0...0.0..0.0.

168.0 (0.Transaction ID 0x4a402d53 Option: (t=2.168.l=15) Domain Name = "your-domain.0 Option: (1) Subnet Mask Length: 4 Value: FFFFFF00 Option: (t=28.1.168.l=1) DHCP Message Type = DHCP Offer Option: (53) DHCP Message Type Length: 1 Value: 02 Option: (t=54.128) Next server IP address: 0.168.0) Relay agent IP address: 0.2 Destination 192.No.0.l=8) Domain Name Server Option: (6) Domain Name Server Length: 8 Value: 28AF2AFE28AF2AFD IP Address: 40.l=4) Time Offset = -5 hours Option: (2) Time Offset Length: 4 Value: FFFFB9B0 Option: (t=3.168. 2 Time 0.l=4) IP Address Lease Time = 6 hours Option: (51) IP Address Lease Time Length: 4 Value: 00005460 Option: (t=1.org" Option: (15) Domain Name Length: 15 Value: 796F75722D646F6D61696E2E6F7267 Option: (t=6.l=4) Router = 192.0.0 (0.0.0.253 End Option Bootstrap Protocol Message type: Boot Reply (2) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) Client IP address: 0.0.0.0.l=4) DHCP Server Identifier = 192.795182 Source 192.0.128 (192.42.168.0.255 Option: (28) Broadcast Address Length: 4 Value: C0A801FF .1 Option: (3) Router Length: 4 Value: C0A80101 Option: (t=15.175.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53.l=4) Subnet Mask = 255.l=4) Broadcast Address = 192.1.175.255.1.2 Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=51.1.0.0) Your (client) IP address: 192.254 IP Address: 40.0.1.168.255.0 (0.1.42.1.128 Protocol Info DHCP DHCP Offer .0.

l=7) Parameter Request List Option: (55) Parameter Request List Length: 7 Value: 011C02030F060C 1 = Subnet Mask 28 = Broadcast Address 2 = Time Offset 3 = Router 15 = Domain Name 6 = Domain Name Server 12 = Host Name End Option Padding . ...255..255 Protocol DHCP Info DHCP Request .Transaction ID 0x4a402d53 Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) 0..0.0.0.0.0.1..l=1) DHCP Message Type = DHCP Request Option: (53) DHCP Message Type Length: 1 Value: 03 Option: (t=54. = Broadcast flag: Unicast .1.0.000 0000 0000 0000 = Reserved flags: 0x0000 Client IP address: 0..l=4) DHCP Server Identifier = 192.0.0.0) Next server IP address: 0.0.0.0.0 (0.0 (0.0 (0.168..0) Your (client) IP address: 0.0.796066 Source 0.0.0.0.128 Option: (50) Requested IP Address Length: 4 Value: C0A80180 Option: (t=55. 3 Time 0.168.0.255.l=4) Requested IP Address = 192.0 (0..0 Destination 255.2 Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=50..0.0.. .No.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53. .0) Relay agent IP address: 0..

l=4) Time Offset = -5 hours Seconds elapsed: 0 Option: (2) Time Offset Bootp flags: 0x0000 (Unicast) Length: 4 0...l=4) Subnet Mask = 255...000 0000 0000 0000 = Reserved flags: 0x0000 Option: (t=3... .Transaction ID 0x4a402d53 Bootstrap Protocol Message type: Boot Reply (2) Option: (t=28.168.0.1.128 Protocol DHCP Info DHCP ACK .0.255.l=15) Domain Name = "your-domain.175.l=1) DHCP Message Type = DHCP ACK Length: 8 Option: (53) DHCP Message Type Value: 28AF2AFE28AF2AFD Length: 1 IP Address: 40.168.0 Option: (1) Subnet Mask Length: 4 Value: FFFFFF00 .253 Option: (t=54.0.128 (192.0) Option: (3) Router Your (client) IP address: 192.255.42.0. 4 Time 0. = Broadcast flag: Unicast Value: FFFFB9B0 .2 Destination 192.1..0.0.175.128) Length: 4 Next server IP address: 0.2 End Option Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=51.1.l=4) Broadcast Address = 192.0.0 (0.1 Client IP address: 0.168.168.0.1.0.l=4) IP Address Lease Time = 6 hours Option: (51) IP Address Lease Time Length: 4 Value: 00005460 Option: (t=1..168.838925 Source 192.42.l=4) Router = 192.254 Value: 05 IP Address: 40.168.l=8) Domain Name Server Magic cookie: (OK) Option: (6) Domain Name Server Option: (t=53.1.1.0 (0.0) Value: C0A80101 Relay agent IP address: 0...org" Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Option: (15) Domain Name Client hardware address padding: 00000000000000000000 Length: 15 Server host name not given Value: 796F75722D646F6D61696E2E6F7267 Boot file name not given Option: (t=6.255 Hardware type: Ethernet Option: (28) Broadcast Address Hardware address length: 6 Length: 4 Hops: 0 Value: C0A801FF Transaction ID: 0x4a402d53 Option: (t=2.0.l=4) DHCP Server Identifier = 192. .0) Option: (t=15.No. .168.0..1.0 (0.0.

168.168.129/25 eth1 192.168.2/24 eth0 SW1 DHCP SERVER eth0 DHCP CLIENT PC1 .1.DHCRELAY ENTRE 2 SUBREDES eth0 02:00:00:11:11:11 SW2 192.1/25 eth0 PRINTER R 192.1.1.

168. option subnet-mask option broadcast-address option routers option domain-name option domain-name-servers option netbios-name-servers default-lease-time 21600. # Default broadcast address to be used by DHCP clients 192.254.255. option routers 192. # Default DNS to be used by DHCP clients 192.253.1. # Default gateway to be used by DHCP clients "your-domain. 40.1. option time-offset -18000.168. option subnet-mask 255.100.168.0+ # Range of IP addresses to be issued to DHCP clients 255.255.1.128 { range 192. max-lease-time 43200.org".255.168.1.128 netmask 255.1.140.128. subnet 192.129.255.1.0 netmask 255.255.1.42.255.1. option time-offset # Required for dhcp 3.128 { range 192.42.175.168. host printer { hardware ethernet 02:00:00:11:11:11.1. 40. 40.42.168.130 192. # Eastern Standard Time } subnet 192.0+ / Red Hat 8.150. # (Optional. Specify if used on your network) # Amount of time in seconds that a client # may keep the IP address -18000.DHCP SERVER ddns-update-style interim.42.168. } } .168. max-lease-time 43200.254. fixed-address 192.175. option domain-name-servers 40.3 192.254.168.128.255.175.175.255. option broadcast-address 192.1. default-lease-time 21600. # Default subnet mask to be used by DHCP clients 192.1.168.168.255.1. # option netbios-name-servers 192. # Specify a WINS server for MS/Windows clients.1.20.168.127.1. ignore client-updates.168. option domain-name "your-domain.org".253.

1.net/faq.2 root 1403 0.168. please visit http://www.2 Internet Systems Consortium DHCP Relay Agent V3. perhaps a bogus '-'? See http://procps.R root@R:~# dhcrelay 192.2p1 Copyright 2004-2009 Internet Systems Consortium.isc.org/sw/dhcp/ Listening on LPF/eth1/3a:97:4c:da:17:32 Sending on LPF/eth1/3a:97:4c:da:17:32 Listening on LPF/eth0/fa:ae:81:8f:d6:42 Sending on LPF/eth0/fa:ae:81:8f:d6:42 Sending on Socket/fallback root@R:~# ps -aux | grep dhcrelay Warning: bad ps syntax.2 2260 620 tty2 S+ 03:12 0:00 grep dhcrelay root@R:~# .1. For info. All rights reserved.0 2.sf.html root 1401 0.168.1 2004 316 ? Ss 03:12 0:00 dhcrelay 192.1.0 1.

1 4 5 8 SW R SW eth0 2 3 6 7 .

1.168.1.1.168.2/25 DHCP FAILOVER DHCP SERVER eth0 DHCP CLIENT PC1 .168.130/25 R SW1 eth0 192.129/25 eth1 192.1.DHCP FAILOVER eth0 02:00:00:11:11:11 SW2 192.168.1/25 eth0 PC2 eth0 192.

# Default gateway to be used by DHCP clients option domain-name "your-domain. peer address 192. # Default DNS to be used by DHCP clients default-lease-time 21600. } subnet 192.168. # Range of IPaddresses to be issued to DHCP clients option subnet-mask 255.1.168.2.1.1. failover peer "dhcp-failover" { primary. peer port 647. split 128.168.1.255. mclt 1800.1.2. load balance max seconds 3. deny dynamic bootp clients. range 192.127.168.255.conf # # Configuration file for ISC dhcpd (see 'man dhcpd.1. # Default NTP server to be used by DHCP clients } } CONTINÚA >>>>>> .255. option time-offset -18000.conf') # authoritative.128 { pool { failover peer "dhcp-failover".168. # Amount of time in seconds that a client may keep the IP address max-lease-time 43200.1.3 192. max-response-delay 30.0 netmask 255.168. option domain-name-servers 40.1.42. # Default broadcastaddress to be used by DHCP clients option routers 192.168.168.253.254.42. 40. # Eastern Standard Time option ntp-servers 192. max-unacked-updates 10.org". port 647.5.DHCP_SERVER #dhcpd. ddns-update-style interim.1.130. address 192.255. # Default subnet mask to be used by DHCP clients option broadcast-address 192.175.175.128.

255. 40.255.168. # Default gateway to be used by DHCP clients option domain-name "your-domain.175. deny dynamic bootp clients.255.255.org".168.175.DHCP_SERVER subnet 192.1. option subnet-mask 255.168.42. # Eastern Standard Time option ntp-servers 192. max-lease-time 1800.168. # Default subnet mask to be used by DHCP clients option broadcast-address 192.128 { pool { failover peer "dhcp-failover". # Default DNS to be used by DHCP clients default-lease-time 21600.128 netmask 255.255. range 192.168.2.131 192.168.128. option time-offset -18000. # Default broadcastaddress to be used by DHCP clients option routers 192.1. # Default NTP server to be used by DHCP clients } } } .1.1.254. option domain-name-servers 40.133.1.1.253.129. # Amount of time in seconds that a client may keep the IP address max-lease-time 43200.42.

unless the kernel modifications are in use and declare an unsynchronized condition. but in this case we elect to use stratum 0. The default stratum is usually 3. such as an external oscillator or another protocol. or remote # systems might be able to reset your clock at will. In case the local host is controlled by some external source. this driver is never used for synchronization.127. If you want to diddle your server at run time.1. Undisciplined Local Clock. the prefer keyword would cause the local host to disregard all other synchronization sources. Put this in a directory which the daemon can write to.1.1. since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. unless no other other synchronization source is available.org # Drift file. This is a fake driver intended for backup and when no outside source of synchronized time is available. Since the server line does not have the prefer keyword.conf: Configuration file for ntpd.127. server 127. Pick your own.1 broadcastdelay 0. # #keys /etc/ntp/keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 # Don't serve time or stats to anyone else by default (more secure) restrict default noquery nomodify # Trust ourselves.0.008 # Keys file. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. make a # keys file (mode 600 for sure) and define the key number to be # used for making requests.0 stratum 10 #server pool.ntp. either.0 # local clock #fudge 127.DHCP_SERVER # # # # # # # # Sample /etc/ntp. :-) . # driftfile /etc/ntp/drift multicastclient # listen on default 224. # No symbolic links allowed.

168.1.DHCP_SERVER root@DHCP_SERVER:~# /etc/rc. please visit http://www.d/rc.0/25 Sending on Socket/fallback/fallback-net failover peer dhcp-failover: I move from recover to startup root@DHCP_SERVER:~# .2p1 Copyright 2004-2009 Internet Systems Consortium.0/25 Sending on LPF/eth0/8e:2c:61:3d:2a:e8/192. All rights reserved.org/sw/dhcp/ Wrote 0 leases to leases file. Listening on LPF/eth0/8e:2c:61:3d:2a:e8/192. For info.1.isc.ntpd start Starting NTP daemon: /usr/sbin/ntpd –g root@DHCP_SERVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.168.

server 192. but in this case we elect to use stratum 0. # driftfile /etc/ntp/drift multicastclient # listen on default 224. the prefer keyword would cause the local host to disregard all other synchronization sources.conf: Configuration file for ntpd. # #keys /etc/ntp/keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 # Don't serve time or stats to anyone else by default (more secure) restrict default noquery nomodify # Trust ourselves.1. The default stratum is usually 3. unless the kernel modifications are in use and declare an unsynchronized condition.ntp.168.2 # local clock fudge 127. Undisciplined Local Clock. In case the local host is controlled by some external source. Put this in a directory which the daemon can write to. or remote # systems might be able to reset your clock at will. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. :-) . unless no other other synchronization source is available.1 broadcastdelay 0.127. This is a fake driver intended for backup and when no outside source of synchronized time is available. If you want to diddle your server at run time. such as an external oscillator or another protocol.org # Drift file. # No symbolic links allowed. Since the server line does not have the prefer keyword.0 stratum 10 #server pool.008 # Keys file. either.DHCP_FAILOVER # # # # # # # # Sample /etc/ntp.1. make a # keys file (mode 600 for sure) and define the key number to be # used for making requests.0.1. Pick your own. this driver is never used for synchronization. since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file.

default-lease-time 21600.1. port 647.168.127.1.255. option subnet-mask 255. address 192. deny dynamic bootp clients.168. # Eastern Standard Time option ntp-servers 192.128. option routers 192.1. failover peer "dhcp-failover" { secondary.1.255.130.254.1.2.1.168.conf CONTINÚA # # Configuration file for ISC dhcpd (see 'man dhcpd.1.175.2. # } } >>>>>> . option broadcast-address 192. peer port 647. ddns-update-style interim.1.conf') # authoritative.128 { pool { failover peer "dhcp-failover".168. 40.42. option domain-name-servers 40.3 192. option time-offset -18000. max-lease-time 43200.175.org".DHCP_FAILOVER #dhcpd. range 192.168. peer address 192.42. } subnet 192.168. load balance max seconds 3. max-unacked-updates 10. option domain-name "your-domain.255.5.253.168.1.255. max-response-delay 30.168.0 netmask 255.

175. # Default broadcastaddress to be used by DHCP clients option routers 192. option time-offset -18000.128 netmask 255. max-lease-time 1800.1.42.133.1.org".253.2. # Default gateway to be used by DHCP clients option domain-name "your-domain.255.255.DHCP_FAILOVER subnet 192. range 192.255. # Eastern Standard Time option ntp-servers 192.168. option subnet-mask 255. # Default NTP server to be used by DHCP clients } } } .255.168.1.168.1.1.255.128.168. deny dynamic bootp clients.131 192. option domain-name-servers 40. # Amount of time in seconds that a client may keep the IP address max-lease-time 43200.168. # Default subnet mask to be used by DHCP clients option broadcast-address 192.1.128 { pool { failover peer "dhcp-failover".254.129.42.175.168. 40. # Default DNS to be used by DHCP clients default-lease-time 21600.

please visit http://www.2 offset -0.1.1.1. All rights reserved.org/sw/dhcp/ Wrote 3 leases to leases file.168.168.168.1.168. Listening on LPF/eth0/02:97:ce:7c:8a:a9/192.ntpd start Starting NTP daemon: /usr/sbin/ntpd –g root@FAILOVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.2 14 Sep 21:22:16 ntpdate[1549]: adjust time server 192.DHCP_FAILOVER root@FAILOVER:~# /etc/rc.128/25 Sending on LPF/eth0/02:97:ce:7c:8a:a9/192.2p1 Copyright 2004-2009 Internet Systems Consortium. For info.000304 sec root@FAILOVER:~# .d/rc.128/25 Sending on Socket/fallback/fallback-net failover peer dhcp-failover: I move from normal to startup root@FAILOVER:~# ntpdate -u 192.isc.

255.168.2p1 Copyright 2004-2009 Internet Systems Consortium.ROUTER root@R:~# dhcrelay 192. For info.255 port 67 DHCPACK from 192.1.org/sw/dhcp/ Listening on LPF/eth1/3a:97:4c:da:17:32 Sending on LPF/eth1/3a:97:4c:da:17:32 Listening on LPF/eth0/fa:ae:81:8f:d6:42 Sending on LPF/eth0/fa:ae:81:8f:d6:42 Sending on Socket/fallback root@R:~# PC1 root@PC1:~# dhclient eth0 Internet Systems Consortium DHCP Client V3.org/sw/dhcp/ Listening on LPF/eth0/5e:dc:d1:06:fc:d4 Sending on LPF/eth0/5e:dc:d1:06:fc:d4 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.renewal in 712 seconds.168. All rights reserved.1 DHCPREQUEST on eth0 to 255.1.255.isc.1.1 bound to 192.168.130 Internet Systems Consortium DHCP Relay Agent V3.2p1 Copyright 2004-2009 Internet Systems Consortium.168.255.2 192.isc. please visit http://www.1. root@PC1:~# .1. All rights reserved.1.1.168.255. please visit http://www.3 -.255 port 67 interval 4 DHCPOFFER from 192. For info.

1.168.1/25 SW1 FAILOVER 192.1.168.168.2/25 PC1 DHCP SERVER PC1 .eth0 R & FAILOVER SW2 192.130/25 R eth0 192.1.168.1.129/25 eth1 PC2 192.

Abel Crespo .HpA Hacer para Aprender DNS Laboratorio de Redes y Comunicaciones Profesor: Ing.

Recursivas  Resolución Inversa . Zonas  Creación de zonas  Delegación de Dominios  Consultas: Iterativas.AGENDA  Introducción a DNS  Topología de Experimentación  Construcción de la topología  Configuración de Routers  BIND  Archivos de configuración  Dominios.

 La raíz del árbol es root y se escribe como “.”  Bajo la raíz se hallan los dominios de más alto nivel (TLD. del inglés. net y mil.INTRODUCCIÓN  DNS es un sistema jerárquico con estructura de árbol. cuyos ejemplos más representativos son org. edu. Top Level Domain). com. si bien existen muchos más. .

root (.) TLD´s ar net com edu edu unlpam fchst ing vet .

EDU.AR Zona EDU.AR Zona ING.AR <NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <NOMBRE N> <ADDRESS 1> <ADDRESS 2> <ADDRESS 3> <ADDRESS N> .) Zona AR <NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1> <ADDRESS 2> <ADDRESS 3> <AR> <COM> <EDU> <ADDRESS NS> <ADDRESS NS> <ADDRESS NS> DELEGACIÓN ZONES TLD DELEGACIÓN ZONE EDU.AR <NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1> <ADDRESS 2> <ADDRESS 3> DELEGACIÓN ZONE ING.Zona (.EDU. UNLPAM.EDU.UNLPAM.AR Zona UNLPAM.AR <NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1> <ADDRESS 2> <ADDRESS 3> COM EDU MIL NET ORG GOV DELEGACIÓN ZONE UNLPAM.EDU.

RECURSIVO 2Q 3R www.ar 5R ar 6Q 7R edu.gov.ar ? 1Q 4Q NO RECURSIVO root (“.”) Resolver 10 A ns.uba.edu.ar Q R A QUERY REFERRAL ANSWER PETICIÓN REFERENCIA RESPUESTA .edu.ar 9A 8Q uba.

allow-query { any. file "caching-example/localhost. }. allow-update { none.in-addr. zone "localhost" IN { type master. La sentencia zone especifica las zonas de resolución directa y/o resolución inversa. }. }.root@ns:~# cat named. allow-update { none.conf options { directory "/var/named". Bajo la sentencia options se declara un conjunto de opciones globales.arpa" IN { type master.127. zone "0. file "named. Sin embargo ellas pueden ser sobrescritas por nuevas en la sección de declaración de zonas.local". }. allow-recursion { any." IN { type hint.ca“. }. zone ". version "no disponible". file "caching-example/named. }. }. }.0. La ubicación de los archivos de zona son relativos al path especificado en directory .zone".

root@dns:/var/named# cat org.zone $TTL ; @ 825225 IN SOA org. posmaster.org. 2010101801 10800 900 604800 86400 (

) ; dns.org. pc1.org. IN IN IN NS A A dns.org. 10.3.0.2 10.3.0.3

root@dns:/var/named#

TOPOLOGÍA LÓGICA PARA EXPERIMENTACIÓN

root
( )

ar org

arpa

edu

in-addr

TOPOLOGÍA DE EXPERIMENTACIÓN .

2/24 SW5 10.2.16.0.0.168.edu.1/16 10.ar pc1.3.SW3 10.in-addr.3/16 RC 192.2/16 10.168.ar 172.1.0.2/16 dns.2.3/16 pc1.0.arpa 10.org SW7 eth1 172.1.0.2.0.1/16 eth0 eth2 192.edu.1.2/16 eth1 RB eth0 SW6 192.0.16.4/24 SW8 dns.2.1/24 10.1/16 dns.0.1/24 SW1 dns.2/24 eth0 pc1.0.0.3/24 192.2/16 dns_org.1/16 SW4 eth3 10.0.2/16 (.0.1/16 eth2 10.ar 172.168.0.4.168.168.4.org 10.16.ar .0.2.) eth1 192.2.2.1/16 eth0 RD 192.1.arpa 10.168.2/16 eth1 RA SW2 10.2.3.3.

CONFIGURACIÓN DE RUTAS .

4.) eth1 192.2 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward dns.0.org 10.0.0.0.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 ip link set eth0 up ip addr add 192.255.ar 172.168.168.168.0.1/16 brd 255.2.arpa 10.0.2/16 10.1/16 brd 255.5.org RA SW7 eth1 172.0.SW3 10.edu.3.in-addr.3/16 RC 192.1.1/16 10.d/rc.1/16 eth2 10.255.2/16 #!/bin/sh # /etc/rc.2/16 dns_org.2/24 SW5 10.1.0.16.16.1.edu.2/16 eth1 RA SW2 10.255.0.0.0.2.0.ar .1/16 eth0 eth2 192.168.2.3.1.2.0.3.2.5.0.2/16 (.1/16 brd 255.0 dev eth ip route add default via 10.0.ar set eth1 up ip addr add 10.0.4.2.arpa 10.16.0.0 dev eth2 ip link set eth3 up ip addr add 10.0.ar 172.168.0.2/24 eth0 pc1.0 dev eth0 ip link pc1.1/16 eth0 RE 192.1/16 dns.4.0.4/24 10.2/16 eth1 RB eth0 SW6 192.0.168.0.5.1.1/16 brd 255.3/24 SW8 dns.2.1/24 SW1 dns.5.0 dev eth1 ip link set eth2 up ip addr add 10.0.3/16 pc1.255.1/24 10.1/16 SW4 eth3 10.

16.2.5.SW3 10.0/16 via 10.2/16 dns_org.0 dev eth2 ip route add 10.2/16 eth1 RA SW2 10.3.5.255.1.168.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 ip link set eth0 up ip addr add 192.16.0.0.1 dev eth2 ip route add 10.1/24 10.2/16 (.) eth1 192.1/16 dns.0.2/16 eth1 RB eth0 SW6 192.5.0/16 via 10.2 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward .4.255.168.4.2/24 SW5 10.0.168.0.1.0.1 dev eth2 ip route add 10.0.0.0.arpa 10.168.1.in-addr.0.0.0 dev eth0 ip link pc1.0.168.1/24 brd 255.3.5.1/16 eth2 10.ar 172.4/24 10.3/16 pc1.0/16 via 10.0.0.1 dev eth2 ip route add default via 192.255.ar 172.org RB SW7 eth1 172.5.1/16 SW4 eth3 10.4.arpa 10.255.168.2.1.2.1/16 brd 255.d/rc.0.2/24 eth0 pc1.ar #!/bin/sh # /etc/rc.1/16 eth0 RE 192.2.3/24 SW8 dns.2/16 brd 255.3.edu.16.1.3.2.edu.0.1/16 eth0 eth2 192.1.1/24 SW1 dns.2/16 dns.2/16 10.0 dev eth1 ip link set eth2 up ip addr add 10.1/16 10.2.0.0.0.0.0.ar set eth1 up ip addr add 192.org 10.0.0.2.0.5.3/16 RC 192.1.168.168.

3.0.0.4/24 eth0 up ip link set pc1.5.org RC SW7 eth1 172.4.2.16.255.ar 172.0.168.1/16 eth2 10.2.0.1/24 SW1 dns.16.2.ar 172.2.edu.0.5.1.168.2.1.1/16 eth0 eth2 192.2/24 brd 255.0.arpa 10.2.0.0.3.1.2 dev eth0 ip route add default via 192.2/24 eth0 pc1.org 10.2/16 dns.edu.0.1/24 brd 255.1.2/16 dns_org.0.2.d/rc.ar .3.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 192.16.168.0/16 via 192.168.0 dev eth1 ip route add 172.4.168.0.3/24 SW8 dns.2/16 eth1 RA SW2 10.255.1/16 dns.168.168.0.1 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward pc1.0.in-addr.168.1/16 eth0 RE 192.1.arpa 10.) eth1 192.ar add 192.0.1.0.2/24 SW5 10.255.3/16 RC 192.1/16 10.3/16 #!/bin/sh # # /etc/rc.2/16 10.2/16 eth1 RB eth0 SW6 192.255.0 dev eth0 ip addr ip link set eth1 up ip addr add 192.168.2/16 (.1/24 10.2.SW3 10.1/16 SW4 eth3 10.168.16.

3.1.ar .ar 172.2/16 dns.) eth1 192.0.2/24 SW5 10.1.5.16.2.4.1 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward pc1.2.168.3/16 RC 192.16.0.3/16 #!/bin/sh # # /etc/rc.1/16 brd 255.255.2/16 eth1 RA SW2 10.arpa 10.4/24 eth0 up ip link set pc1.0 dev eth0 ip addr ip link set eth1 up ip addr add 192.1/24 SW1 dns.2/24 brd 255.1/16 eth0 eth2 192.2.168.d/rc.3.168.4.1.ar 172.0.org RE SW7 eth1 172.255.1/16 SW4 eth3 10.0.edu.2/16 dns_org.168.0.0.1/24 10.in-addr.3.1/16 dns.0.3/24 SW8 dns.16.2.2/16 eth1 RB eth0 SW6 192.2/16 (.1/16 eth2 10.168.0.0.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 192.2/16 10.1/16 eth0 RE 192.org 10.SW3 10.2.ar add 172.0 dev eth1 ip route add default via 192.0.0.0.0.168.5.168.2.arpa 10.edu.255.168.0.0.2/24 eth0 pc1.1.2.2.16.1/16 10.0.

DEL SERVIDOR RAÍZ .CONFIG.

allow-update { none.conf in /etc/named.zone". zone "localhost" IN { type master.conf options { directory "/var/named". }. }.local". }. }.arpa" IN { type master.in-addr. file "raiz.RAIZ // named.127. allow-update { none. allow-transfer { none. }. }. . file "caching-example/named. allow-query { any. recursion no." IN { type master.0. zone ". file "caching-example/localhost. }. zone "0. }.zone".

2 .org. IN A 10.1. IN NS dns. IN NS dns. IN A 10. IN A 192.1.zone $TTL 86400 . Entrada para el registro SOA (Start of Authority) . dns. ( 2010091801 10800 3600 604800 86400 ) .0.ar. dns.arpa. IN SOA raiz. IN NS raiz.0.168. IN A 10. IN NS dns.2 .3 .3. ar.0.3 Definición del servidor autorizado en la zona raíz Delegación de TLDs . arpa.arpa. /var/named/raiz. dns.ar.org.2.RAIZ . org. postmaster.raiz. raiz.

CONFIG. DEL SERVIDOR ORG .

local_shutdown script and put those # commands in there.local: Local system initialization script.2/16 brd 255.local DNS_ORG #!/bin/sh # # /etc/rc.3. # # Put any local startup commands in here.0.d/rc. Also.1 dev eth0 .d/rc.255. ip link set eth0 up ip addr add 10. if you have # anything that needs to be run at shutdown time you can # make an /etc/rc.Configuración de parámetros de red en el servidor dns_org en /etc/rc.0.0 dev eth0 ip route add default via 10.3.0.d/rc.

10. allow-query { any.zone".in-addr. zone ".ca“. allow-update { none. allow-update { none. zone "3.arpa" IN { type master. }.arpa. }.127. Definición de la zona “org” y la especificación del archivo de zona Definición de la zona de resolución inversa y la especificación del archivo de zona . zone "0. allow-recursion { any. }. version "no disponible". file "3. allow-update { none. file "caching-example/named. }. }." IN { type hint. file "named. }.0. zone "org" IN { type master.local". }. }.10.in-addr. allow-update { none.DNS_ORG options { directory "/var/named". }.zone". zone "localhost" IN { type master.arpa" IN { type master.zone". }.in-addr. file "org. }. }. file "caching-example/localhost.

zone root@dns:/var/named# cat org.10.2 10.Definición del servidor autorizado en la zona org y nombres de dominio que la zona resuelve DNS_ORG root@dns:/var/named# ls 3.3 root@dns:/var/named# .in-addr.3.arpa.org.0.zone $TTL .org.ca org. posmaster. pc1. 10.org. 2010101801 10800 900 604800 86400 ( ) .zone caching-example/ named.org.3.0. @ 825225 IN SOA org. dns. IN IN IN NS A A dns.

10.org.arpa.0.in-addr.Configuración del archivo de resolución inversa en la zona .0 3. raiz.0.2 dns.10.org. 2.arpa.0 .org. ( 2010101801 caching-example/ named.zone root@dns:/var/named# cat 3.ca org.zone Configuración del archivo named.10.org DNS_ORG root@dns:/var/named# ls 3.3.ca que contiene información para que el servidor DNS en org puede alcanzar al servidor raíz (. 10800 900 604800 86400 ) IN dns.zone $TTL @ 86400 IN SOA org.1. 10.in-addr.) root@dns:/var/named# cat named.2 root.org. pc1. NS A raiz.ca root@dns:/var/named# . IN IN IN 3600000 3600000 NS A PTR PTR IN IN dns.org.

CONFIG. DEL SERVIDOR AR .

recursion yes. }. zone "localhost" IN { type master.zone Definición de zona para la resolución inversa a través del archivo 2.168.in-addr. file "caching-example/named. root@dns:~# Definición de zona .conf options { directory "/var/named".0.192. zone "ar" IN { type master.in-addr.arpa" IN { type master. allow-query { any.ca". allow-update { none. }.127. zone "0. }.168. }.DNS_AR root@dns:~# cat /etc/named.arpa. }.zone". }. zone ". file "named. allow-update { none.ar y datos para la zona en el archivo /var/named/ar. }. file "ar.arpa . allow-update { none.in-addr.192. }. }. zone "2. version "get lost".zone". allow-update { none. }.zone"." IN { type hint. }. file "caching-example/localhost.in-addr.local".arpa" IN { type master.192.168. file "2.

ar.zone caching-example/ root@dns:/var/named# cat ar. 192.ar.192.zone $TTL 86400 .ar.ar.ar al servidor dns.ar. 172. . IN dns.2.ar NS A dns.edu.2 root@dns:/var/named# . IN IN IN IN NS A A dns. dns.168.arpa.168.DELEGACIÓN EDU.ca 2. 2010091806 10800 900 604800 86400 root. @ IN SOA ar.AR .in-addr.4 Delegación del dominio edu. .3 192. ( Servidor autorizado en la zona ar y nombres de dominio en la misma zona ) .zone named.ar.168. pc1.ar. edu.16.2.0.edu.edu.DNS_AR root@dns:/var/named# ls ar.

4 IN PTR pc1.0.ca para alcanzar la zona raíz .ca .DNS_AR root@dns:/var/named# cat 2.192.ar.2. 3 IN PTR dns. root@dns:/var/named# cat named. IN NS dns.ar. IN A 192. ( Datos para resolución inversa en el dominio ar ) .2 root@dns:/var/named# named. 3600000 IN A 10.3 .1.in-addr. dns. 3600000 IN NS raiz.168.168.ar. raiz. @ IN SOA ar.ar. 2010091806 10800 900 604800 86400 root.arpa.zone $TTL 86400 .ar. .

AR . DEL SERVIDOR EDU.CONFIG.

ca". root@dns:~# Definición de zona . file "edu.ar y datos para la zona en el archivo edu. allow-query { any. zone "0.arpa. zone "localhost" IN { type master.zone".arpa" IN { type master. }.172. }. Zona allow-update { none. }. inversa en edu. }. de resolución file "caching-example/named.ar.zone".ar. zone ". }. }. }.in-addr.127. allow-update { none.0." IN { type hint. }.conf options { directory "/var/named". version “versión desconocida".ar. zone "edu.local".172. file "16. zone "16.zone".ar" IN { type master. allow-update { none.edu.zone . }.in-addr.arpa" IN { type master. file "named. }. file "caching-example/localhost. allow-update { none.DNS_EDU_AR root@dns:~# cat /etc/named. }.in-addr.

ar.ar.16.172.arpa.edu. root. pc1.edu.edu.ar.edu.zone caching-example/ named. IN edu.edu.ar.edu.ar.2 dns.ar. ) dns.zone SOA edu.ar. . IN A 172.DNS_EDU_AR root@dns:~# cd /var/named root@dns:/var/named# ls 16.ar.edu.edu.zone $TTL @ 86400.in-addr.ar.0.ca root@dns:/var/named# cat edu.3 Archivo de zona para resolución inversa en edu.ar.edu.ar.0 3.ar.0. $TTL @ 86400 IN SOA dns. pc1.2 IN A 172.ar. 172. hostmaster. 2. ( 2010091806 10800 900 604800 86400 IN IN IN IN NS A PTR PTR dns.in-addr.0.16.172.arpa.16. ( 2010091806 10800 900 604800 86400 ) IN NS dns.0 root@dns:/var/named# .zone Archivo edu.ar.edu. root@dns:/var/named# cat 16. de zona dns.ar.

DEL SERVIDOR ARPA .CONFIG.

zone "arpa" IN { Definición type master. zone "0.arpa" IN { type master. allow-update { none. file "named. root@dns:~# de la .zone".0. }.ca".local". }. zone ". zona arpa.127." IN { type hint. }. }. allow-update { none.conf options { directory "/var/named". zone "localhost" IN { type master. file "arpa. }. file "caching-example/localhost. }.in-addr.DNS_ARPA root@dns:~# cat /etc/named.zone". }. file "caching-example/named.

2 .arpa.0.arpa.2 root@dns:/var/named# Delegación del subdominio in-addr en arpa.0. dns.4. @ IN SOA arpa. IN NS dns. in-addr. IN A 10.zone $TTL 86400 . .arpa.in-addr.arpa. ( 2010091801 10800 900 604800 86400 ) . root. dns.arpa. IN NS dns. IN A 10.2.in-addr.arpa.DNS_ARPA root@dns:/var/named# cat arpa.

DEL SERVIDOR IN-ADDR.ARPA .CONFIG.

DNS_IN-ADDR options { directory "/var/named". }. }. zone "0. Declaración de la zona para delegación de servidores de resolución inversa . allow-update { none. }.ca". }." IN { type hint.local". zone "in-addr. file "caching-example/localhost.arpa" IN { type master.127. file "arpa. }.zone".zone". }. }. file "named.in-addr. file "caching-example/named. allow-update { none.arpa" IN { type master. zone ". zone "localhost" IN { type master.0.in-addr.

org. IN 16. dns.168. ) IN dns.arpa. IN 3.10.arpa.192. @ IN SOA in-addr.in-addr.arpa.arpa.ar.in-addr. IN root@dns:/var/named# .edu.arpa.0.in-addr.zone $TTL 86400 .in-addr.arpa. IN 2. ( Delegación de dominios de resolución inversa desde in-addr. dns.2 dns.arpa. 10. 2010061801 10800 3600 604800 86400 NS A NS NS NS root.in-addr.ar.in-addr.4.arpa.in-addr. dns.DNS_IN-ADDR root@dns:/var/named# cat arpa.172.

CHEQUEAR ARCHIVOS DE CONFIGURACIÓN .

conf root@dns:/var/named# zona archivo de zona .in-addr. así como también el archivo de configuración named.arpa /var/named/arpa.conf . A continuación se muestra la aplicación de los comandos en IN-ADDR DNS_IN-ADDR root@dns:/var/named# named-checkzone in-addr.Es muy importante utilizar los comandos de BIND para chequear tanto los archivos de zonas.arpa/IN: loaded serial 2010061801 OK root@dns:/var/named# named-checkconf /etc/named.zone zone in-addr.

RESOLUCIÓN DIRECTA .

org (10.0.1/16 eth2 10.0.3.2/24 SW5 10.2/16 eth1 RB eth0 SW6 192.2/16 dns_org.1/24 SW1 dns.3.0.4/24 eth1 172.5.0.org ping statistics --1 packets transmitted.0.871/0.SW3 10.000 ms pc1.org pc1.ar root@pc1:~# dns.1.3.0.2.168.edu. 0% packet loss.org (10.org SW7 PC1_EDU_AR 192.871/21.in-addr.168.) eth1 192.1/16 SW4 eth3 10.3/16 RC 192.2/24 eth0 pc1.0.2/16 eth1 RA SW2 10.1/16 10.3/24 64 bytes from pc1.2/16 10.16.0.0.0.3.arpa 10.2.2.2.3/16 rtt min/avg/max/mdev = 21.168.1/24 10.1.8 ms dns.168.arpa 10.168.pc1.ar .3): icmp_seq=1 ttl=63 time=21.16.3.5. time 0ms 172.1/16 dns.4.ar PING pc1. 192.2/16 (.2/16 root@pc1:~# ping -c 1 pc1.0.0.16.1.871/21.3) 56(84) bytes of data.0.1.0.1/16 eth0 eth2 192.edu.ar --. 1 received.2.org 10.0.2.1/16 eth0 RE SW8 172.168.0.4.

.

RESOLUCIÓN INVERSA .

org.AR root@pc1:~# host 10.0.arpa domain name pointer pc1.ar PC1.eth0 en dns.in-addr.EDU.0.10.3.3.edu.3 3. root@pc1:~# .

edu.ar eth0 en dns.in-addr.arpa .eth0 en pc1.

) .eth0 en dns.org eth0 en (.

XX_W`[a^_ WU[ZV_ WS\_WV .

\`[Z ´W.

XX_W` [[`\ XSY_ ZUS_`´ WZY` ^[SVUS_` XSYZUS_` SaW       W_W^bWV XSY_ .

\`[Z`Ÿ´[a`W^     WZ` SVV^W__        ´ .

\`[Z´[a`W^ [a^ UWZ`´ SVV^W__        ´ WZY` W ` _W^bW^ SVV^W__        ´ SaW  WS SYWZ` SVV^W__        ´ .

\`[Z` Ÿ ´[SZ SW û [a^V[SZ[^Yû WZ` SVV^W__ TSUTV  TSUTV ´ .

\`[Z ´[SZ SW WZ` S^VcS^WSVV^W__ \SVVZY WZY`  W^bW^[_`ZSW Z[` YbWZ SaW          [[` XW ZSW Z[` YbWZ .

\`[Z`Ÿ´[SZ SW W^bW^ SYU U[[W.

´ .

\`[Z´[SZ SW W^bW^ .

\`[Z`Ÿ ´   W__SYW  \W    WZY` .

\`[Z´   W__SYW  \W SaW       WZY` VV^W__     SaW  VV^W__     .

\`[Z`Ÿ´  W^bW^ VWZ`XW^     ZV .

\`[Z .

\`[Z´  W^bW^ VWZ`XW^ WZY` SaW  .

\`[Z` Ÿ´ VV^W__ WS_W W[a^_ .

\`[Z ´ VV^W__ WS_W W WZY` SaW  .

\`[Z` Ÿ´aTZW` S_     .

\`[Z ´aTZW` S_ WZY` SaW .

#%# $&#$ W`          W` ¯     ¯  W`       ¯  W`     W`       .

!$#'# VVZ_a\VS`W_` WZ`W^ W]a^WVX[^VU\  ¯WV S`  YZ[^WUWZ`a\VS`W_ _aTZW`    ZW`S_     » ^SZYW        SZYW[X SVV^W__W_`[TW__aWV`[  UWZ`_ [\`[Z_aTZW`S_     WXSa`_aTZW`S_`[TWa_WVT   UWZ`_ [\`[ZT^[SVUS_`SVV^W__     WXSa`T^[SVUS_`SVV^W__`[TWa_WVT   UWZ`_ [\`[Z^[a`W^_     WXSa`YS`WcS `[TWa_WVT   UWZ`_ [\`[ZV[SZZSWû [a^V[SZ[^Yû [\`[ZV[SZZSW_W^bW^_    Ÿ     WXSa` `[TWa_WVT   UWZ`_ [\`[ZZW`T[_ZSW_W^bW^_     \WUX S _W^bW^X[^ ¯ZV[c_UWZ`_ .

\`[ZS\WUX Xa_WV[Z [a^ZW`c[^´ VWXSa`WS_W`W   [aZ`[X`WZ_WU[ZV_`S`SUWZ` S WW\`W SVV^W__ S WS_W`W  [\`[Z`W[XX_W`   S_`W^Z`SZVS^VW ¼ _aTZW`    ZW`S_     » ^SZYW           [\`[Z_aTZW`S_     [\`[ZT^[SVUS_`SVV^W__     [\`[Z^[a`W^_     [\`[ZV[SZZSWû [a^V[SZ[^Yû [\`[ZV[SZZSW_W^bW^_    Ÿ      [\`[ZZW`T[_ZSW_W^bW^_     VWXSa`WS_W`W   S WS_W`W  [\`[Z`W[XX_W`   [_`\^Z`W^» S^VcS^WW`W^ZW`     X WVSVV^W__      ¼ ¼   .

# ^[[`ü VU^WS     Z`W^ZW` _`W_[Z_[^`a  WS YWZ`  \ [\ ^Y`   Z`W^ZW` _`W_[Z_[^`a ^Y`_^W_W^bWV [^ZX[Ÿ\WS_Wb_```\¯¯ccc_U[^Y¯_c¯VU\¯ _`WZZY[Z ¯W` ¯S UVS  WZVZY[Z ¯W` ¯S UVS  _`WZZY[Z ¯W` ¯XSSW XV WZVZY[Z ¯W` ¯XSSW XV WZVZY[Z[UW`¯XSTSU ^[[`ü \_ Sa °Y^W\ VU^WS S^ZZYTSV\_ _ Z`S Ÿ\W^S\_ST[Ya_úú£WW``\¯¯\^[U\__XZW`¯XS]` ^[[`        £_    VU^WS    ^[[`         ``     Y^W\ VU^WS ^[[`ü .

       W`     .

! '# W`          W` ¯     ¯  W`  W`     ¯    W`    ¯     .

    W`       .

!*$#'# VU\VU[ZX [ZXYa^S`[Z XW X[^ VU\V _WW úSZ VU\VU[ZXú´ Sa`[^`S`bW VVZ_a\VS`W_` W Z`W^ XS[bW^ \WW^ûVU\XS[bW^û» \^S^  SVV^W__     \[^`  \WW^SVV^W__      \WW^\[^`  S ^W_\[Z_WVWS   S aZSUWVa\VS`W_  [SVTSSZUWS _WU[ZV_  U`   _\`  ¼ _aTZW`    ZW`S_     » \[[ » XS[bW^ \WW^ûVU\XS[bW^û VWZ V ZSU T[[`\ UWZ`_ ^SZYW       SZYW [X SVV^W__W_ `[ TW __aWV `[   UWZ`_ [\`[Z _aTZW`S_     WXSa`_aTZW` S_ `[ TW a_WV T   UWZ`_ [\`[Z T^[SVUS_`SVV^W__     WXSa`T^[SVUS_`SVV^W__ `[ TW a_WV T   UWZ`_ [\`[Z ^[a`W^_     WXSa`YS`WcS `[ TW a_WV T   UWZ`_ [\`[Z V[SZZSW û [a^V[SZ[^Yû [\`[Z V[SZZSW_W^bW^_    Ÿ     WXSa` `[ TW a_WV T   UWZ`_ VWXSa`WS_W`W   [aZ` [X`WZ_WU[ZV_ `S` SUWZ` S WW\ `W SVV^W__ S WS_W`W  [\`[Z `W[XX_W`   S_`W^Z`SZVS^VW [\`[Z Z`\_W^bW^_     WXSa`  _W^bW^`[ TW a_WV T   UWZ`_ ¼ ¼ .

  .

!*$#'# _aTZW` » \[[ » XS[bW^\WW^ûVU\XS[bW^û VWZ V ZSUT[[`\ UWZ`_ S WS_W`W   ^SZYW          [\`[Z_aTZW`S_     WXSa`_aTZW`S_`[TWa_WVT   UWZ`_ [\`[ZT^[SVUS_`SVV^W__     WXSa`T^[SVUS_`SVV^W__ `[TWa_WVT   UWZ`_ [\`[Z^[a`W^_     WXSa`YS`WcS `[TWa_WVT   UWZ`_ [\`[ZV[SZZSWû [a^V[SZ[^Yû [\`[ZV[SZZSW_W^bW^_    Ÿ     WXSa` `[TWa_WVT   UWZ`_ VWXSa`WS_W`W   [aZ`[X`WZ_WU[ZV_`S`SUWZ`S WW\`W SVV^W__ S WS_W`W  [\`[Z`W[XX_W`   S_`W^Z`SZVS^VW [\`[ZZ`\_W^bW^_     WXSa`  _W^bW^`[TWa_WVT   UWZ`_¼ ¼ ¼    ZW`S_     .

!*$#'# S\W¯W`U¯Z`\U[ZX[ZXYa^S`[ZXWX[^Z`\V ZV_U\ZWV [US[U__SXSWV^bW^Z`WZVWVX[^TSUa\SZVcWZZ[[a`_VW_[a^UW[X_ ZU^[Z WV `W_SbSSTWWVWXSa`_`^S`a_a_aS ŸTa`Z`_US_WcWWWU``[a_W_`^S`a ZUW`W _W^bW^ZWV[W_Z[`SbW`W\^WXW^W c[^VŸ`_V^bW^_ZWbW^a_WVX[^_ ZU^[Z S`[ZŸaZW__Z[[`W^ [`W^_ ZU^[Z S`[Z_[a^UW_SbSSTW ZUS_W`W[US[_`_U[Z`^[WVT _[WW `W^ZS_[a^UWŸ_aU S_SZW `W^ZS[_US`[^[^SZ[`W^\^[`[U[Ÿ`W\^WXW^W c[^Vc[aVUSa_W`W[US[_``[V_^WYS^VS [`W^_ ZU^[Z S`[Z_[a^UW_ŸaZW__`WW^ZW[VXUS`[Z_S^WZa_WSZVVWUS^WSZaZ_ ZU^[Z WVU[ZV`[Z _W^bW^     [USU[U XaVYW    _`^S`a _W^bW^\[[Z`\[^Y ^X`XW a``_ZSV^WU`[^ cU`WVSW[ZUSZc^`W`[  [_ T[UZ_S[cWVŸW`W^Ÿ_ZUW`WVSW[Za\VS`W_`WXW T U^WS`ZYS`W\[^S^ Z`W_SWV^WU`[^ SZV`WZ^WZSW´úZY ``[`WXW V^X`XW ¯W`U¯Z`\¯V^X` a`US_`UWZ` T^[SVUS_`VWS   _`WZ[ZVWXSa`     W _XW X [acSZ``[VVVW [a^_W^bW^S`^aZ`WŸSWS W _XW[VW X[^_a^W´SZVVWXZW`WW ZaTW^`[TW a_WVX[^SZY^W]aW_`_  .

 .

      U [a^[cZŸ[^^W[`W _ _`W_Y`TWSTW`[^W_W` [a^U[US`c W _¯W`U¯Z`\¯W _ `^a_`WVW  ^W]aW_`W  U[Z`^[W  [Zú`_W^bW`W[^_`S`_`[SZ [ZWW_WT VWXSa`[^W_WUa^W´^W_`^U`VWXSa`Z[]aW^ Z[[VX ^a_`[a^_WbW_´ .

!*$#'# ^[[`ü   ¯W`U¯^UV¯^UZ`\V _`S^` `S^`ZY  VSW[Z¯a_^¯_TZ¯Z`\V ±Y ^[[`ü   VU\V Z`W^ZW` _`W_[Z_[^`a  W^bW^  \ [\ ^Y`   Z`W^ZW` _`W_[Z_[^`a ^Y`_^W_W^bWV [^ZX[Ÿ\WS_Wb_```\¯¯ccc_U[^Y¯_c¯VU\¯ ^[`W WS_W_`[WS_W_XW _`WZZY[Z ¯W` ¯W U V SW¯    ¯  WZVZY[Z ¯W` ¯W U V SW¯    ¯  WZVZY[Z[UW`¯XSTSU¯XSTSUZW` XS[bW^\WW^VU\XS[bW^ [bWX^[^WU[bW^`[_`S^`a\ ^[[`ü   .

!* '# S\W¯W`U¯Z`\U[ZX[ZXYa^S`[ZXWX[^Z`\V ZV_U\ZWV [US[U__SXSWV^bW^Z`WZVWVX[^TSUa\SZVcWZZ[[a`_VW_[a^UW[X_ ZU^[Z WV `W_SbSSTWWVWXSa`_`^S`a_a_aS ŸTa`Z`_US_WcWWWU``[a_W_`^S`a ZUW`W _W^bW^ZWV[W_Z[`SbW`W\^WXW^W c[^VŸ`_V^bW^_ZWbW^a_WVX[^_ ZU^[Z S`[ZŸaZW__Z[[`W^ [`W^_ ZU^[Z S`[Z_[a^UW_SbSSTW ZUS_W`W[US[_`_U[Z`^[WVT _[WW `W^ZS_[a^UWŸ_aU S_SZW `W^ZS[_US`[^[^SZ[`W^\^[`[U[Ÿ`W\^WXW^W c[^Vc[aVUSa_W`W[US[_``[V_^WYS^VS [`W^_ ZU^[Z S`[Z_[a^UW_ŸaZW__`WW^ZW[VXUS`[Z_S^WZa_WSZVVWUS^WSZaZ_ ZU^[Z WVU[ZV`[Z _W^bW^     [USU[U XaVYW    _`^S`a _W^bW^\[[Z`\[^Y ^X`XW a``_ZSV^WU`[^ cU`WVSW[ZUSZc^`W`[  [_ T[UZ_S[cWVŸW`W^Ÿ_ZUW`WVSW[Za\VS`W_`WXW T U^WS`ZYS`W\[^S^ Z`W_SWV^WU`[^ SZV`WZ^WZSW´úZY ``[`WXW V^X`XW ¯W`U¯Z`\¯V^X` a`US_`UWZ` T^[SVUS_`VWS   _`WZ[ZVWXSa`     W _XW X [acSZ``[VVVW [a^_W^bW^S`^aZ`WŸSWS W _XW[VW X[^_a^W´SZVVWXZW`WW ZaTW^`[TW a_WVX[^SZY^W]aW_`_  .

 .

      U [a^[cZŸ[^^W[`W _ _`W_Y`TWSTW`[^W_W` [a^U[US`c W _¯W`U¯Z`\¯W _ `^a_`WVW  ^W]aW_`W  U[Z`^[W  [Zú`_W^bW`W[^_`S`_`[SZ [ZWW_WT VWXSa`[^W_WUa^W´^W_`^U`VWXSa`Z[]aW^ Z[[VX ^a_`[a^_WbW_´ .

!* '# VU\VU[ZX [ZXYa^S`[ZXWX[^ VU\V _WWúSZVU\VU[ZXú´ Sa`[^`S`bW VVZ_a\VS`W_` W Z`W^ XS[bW^ \WW^ûVU\XS[bW^û » _WU[ZVS^  SVV^W__      \[^`  \WW^SVV^W__     \WW^\[^`  S ^W_\[Z_WVWS   S aZSUWVa\VS`W_  [SVTSSZUWS _WU[ZV_  ¼ _aTZW`    ZW`S_     » \[[ » XS[bW^ \WW^ûVU\XS[bW^û VWZ V ZSU T[[`\ UWZ`_ ^SZYW       [\`[Z_aTZW`S_     [\`[ZT^[SVUS_`SVV^W__     [\`[Z^[a`W^_     [\`[Z V[SZZSW û [a^V[SZ[^Yû [\`[ZV[SZZSW_W^bW^_    Ÿ     VWXSa`WS_W`W   S WS_W`W  [\`[Z`W[XX_W`   S_`W^Z`SZVS^VW [\`[ZZ`\_W^bW^_     ¼ ¼ .

  .

!* '# _aTZW` » \[[ » XS[bW^\WW^ûVU\XS[bW^û VWZ V ZSUT[[`\ UWZ`_ S WS_W`W   ^SZYW          [\`[Z_aTZW`S_     WXSa`_aTZW`S_`[TWa_WVT   UWZ`_ [\`[ZT^[SVUS_`SVV^W__     WXSa`T^[SVUS_`SVV^W__ `[TWa_WVT   UWZ`_ [\`[Z^[a`W^_     WXSa`YS`WcS `[TWa_WVT   UWZ`_ [\`[ZV[SZZSWû [a^V[SZ[^Yû [\`[ZV[SZZSW_W^bW^_    Ÿ     WXSa` `[TWa_WVT   UWZ`_ VWXSa`WS_W`W   [aZ`[X`WZ_WU[ZV_`S`SUWZ`S WW\`W SVV^W__ S WS_W`W  [\`[Z`W[XX_W`   S_`W^Z`SZVS^VW [\`[ZZ`\_W^bW^_     WXSa`  _W^bW^`[TWa_WVT   UWZ`_¼ ¼ ¼    ZW`S_     .

!* '# ^[[`ü  .

 ¯W`U¯^UV¯^UZ`\V _`S^` `S^`ZY  VSW[Z¯a_^¯_TZ¯Z`\V ±Y ^[[`ü  .

 VU\V Z`W^ZW` _`W_[Z_[^`a  W^bW^  \ [\ ^Y`   Z`W^ZW` _`W_[Z_[^`a ^Y`_^W_W^bWV [^ZX[Ÿ\WS_Wb_```\¯¯ccc_U[^Y¯_c¯VU\¯ ^[`WWS_W_`[WS_W_XW _`WZZY[Z ¯W` ¯  UWUSS ¯    ¯  WZVZY[Z ¯W` ¯  UWUSS ¯    ¯  WZVZY[Z[UW`¯XSTSU¯XSTSUZW` XS[bW^\WW^VU\XS[bW^ [bWX^[Z[^S`[_`S^`a\ ^[[`ü  .

 Z`\VS`W a    W\   Z`\VS`W·  ¸SVa_``W_W^bW^    [XX_W`  ^[[`ü  .

  _WU .

# &%# ^[[`ü VU^WS          Z`W^ZW` _`W_[Z_[^`a  WS YWZ`  \ [\ ^Y`   Z`W^ZW` _`W_[Z_[^`a ^Y`_^W_W^bWV [^ZX[Ÿ\WS_Wb_```\¯¯ccc_U[^Y¯_c¯VU\¯ _`WZZY[Z ¯W` ¯S UVS  WZVZY[Z ¯W` ¯S UVS  _`WZZY[Z ¯W` ¯XSSW XV WZVZY[Z ¯W` ¯XSSW XV WZVZY[Z[UW`¯XSTSU ^[[`ü ! ^[[`ü   VUWZ` W` Z`W^ZW` _`W_[Z_[^`a  WZ`  \ [\ ^Y`   Z`W^ZW` _`W_[Z_[^`a  ^Y`_ ^W_W^bWV [^ZX[Ÿ\WS_Wb_```\¯¯ccc_U[^Y¯_c¯VU\¯ _`WZZY [Z ¯W` ¯WVUV  XUV WZVZY [Z ¯W` ¯WVUV  XUV WZVZY [Z [UW`¯XSTSU    .

[ZW` `[    \[^`Z`W^bS   .

X^[      [Z W` `[    \[^`     X^[    T[aZV`[    ^WZWcSZ _WU[ZV_ ^[[`ü   .

W`   .

     W` ¯       ¯   W`    ¯    .

     ¯      .

..5703/07 $ .5 .-47.075..4308 !74108473 -070854 .9474/0#0/0842:3.7.

.. 431:7.8 00.O3 /0 #4:9078  7. /0 5072039..O3 .O3 /0 .078.48 /0 .O3 42348 43. ..9.:78.8 #084:...8 70.O3 43897:.431:7.8 907.. 3974/:..O3 /0 43.8 #0. $ %4544J.. 94544J.O3 /0 42348 438:9..O3 3.

:48 002548 2E8 705708039.7-0 .48 2E8 .94 3.3 .4 .9. 07E76:.4 .0 42..%# &  $ 08 :3 88902.3 48 /42348 /0 2E8 .424 .48 843 [^YŸ U[Ÿ WVaŸ ZW`  8 -03 08903 2:.0 % /0 3F8 %45 0. /0 E7-4 . 7. 7.9:7.J /0 E7-4 08 7449  80 08.43 0897:.J 80 .

´ ZW` U[ WVa ZY .