Saturday, August 21, 2010

Configuring BIND on CentOS 5

1. Install packages :
yum install bind bind-chroot bind-libs bind-utils caching-nameserver
2. Configure RNDC :
cd /var/named/chroot/etc
rndc-confgen > rndc.key
chown root:named rndc.key
Edit rndc.key so it looks like this :
key "rndckey" {
algorithm hmac-md5;
secret "SGsvd1dF+mv+yU4ywCCkkg==";
};
You DON’T NEED anything else in the file (you must remove some option lines!)
A symlink in /etc exists and points to the rndc.key file we’ve just created, named expects that file there in order to be able to authenticate against rndc.
3. Configure /var/named/chroot/etc/named.conf
// we include the rndckey (copy-paste from rndc.key created earlier)
key "rndckey" {
algorithm hmac-md5;
secret "SGsvd1dF+mv+yU4ywCCkkg==";
};

// we assume our server has the IP 192.168.254.207 serving the 192.168.10.0/24 subnet
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
inet 192.168.10.10 allow { 192.168.10.0/24; } keys { "rndckey"; };
};

options {
directory "/var/named";
pid-file "/var/run/named/named.pid";

recursion yes;

allow-recursion {
127.0.0.1;
192.168.10.0/24;
};

// these are the opendns servers (optional)
forwarders {
208.67.222.222;
208.67.220.220;
};

listen-on {
127.0.0.1;
192.168.10.10;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;

// so people can't try to guess what version you're running
version "REFUSED";

allow-query {
127.0.0.1;
192.168.10.0/24;
};
};

server 192.168.10.10 {
keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

// forward zone
zone "example.com" IN {
type master;
file "data/example.zone";
allow-update { none; };
// we assume we have a slave dns server with the IP 192.168.10.11
allow-transfer { 192.168.10.11; };
};

// reverse zone
zone "10.168.192.in-addr.arpa" IN {
type master;
file "data/192.168.10.zone";
allow-update { none; };
allow-transfer { 192.168.10.11; };
};
4. Our first zone
Let’s say I own the domain example.com
We create our first zone under /var/named/chroot/var/named/data/example.zone
Here’s an example :
$ttl 38400
example.com. IN SOA ns.example.com. admin.example.com. (
2007020400 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
example.com. IN NS ns.example.com.

example.com. IN MX 1 mx.example.com.
example.com. IN MX 5 mx2.example.com.

www.example.com. IN A 192.168.10.5
ns.example.com. IN A 192.168.10.10
mx.example.com. IN A 192.168.10.20
mx2.example.com. IN A 192.168.10.21
mail.example.com. IN CNAME mx.example.com.
Here’s the corresponding reverse zone under /var/named/chroot/var/named/data/192.168.10.zone :
$TTL 86400
10.168.192.in-addr.arpa. IN SOA ns.example.com. admin.example.com. (
2007032000
10800
900
604800
3600 )

10.168.192.in-addr.arpa. IN NS ns.example.com.

20.10.168.192.in-addr.arpa. IN PTR mx.example.com.
5.10.168.192.in-addr.arpa. IN PTR www.example.com.
5. Start the service and make sure it’ll start at boot
service named start
chkconfig named on
Make sure it’s running:
# rndc status
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
6. Query
# nslookup mx.example.com. 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: mx.example.com
Address: 192.168.10.20

# nslookup www.google.com. 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 216.239.59.99
Name: www.l.google.com
Address: 216.239.59.103
Name: www.l.google.com
Address: 216.239.59.104
Name: www.l.google.com
Address: 216.239.59.147
7. /etc/resolv.conf
If the query made on the previous point is working, you can set up /etc/resolv.conf on the server.
It should look like this :
search example.com
nameserver 127.0.0.1

Subscribe to: Posts (Atom)

Introduction to Linux for beginners

History

UNIX

In order to understand the popularity of Linux, we need to travel back in time, about 30 years ago, imagine computers as big as houses, even stadiums. While the sizes of those computers posed substantial problems, there was one thing that made this even worse: every computer had a different operating system. Software was always customized to serve a specific purpose, and software for one given system didn’t run on another system. Being able to work with one system didn’t automatically mean that you could work with another. It was difficult, both for the users and the system administrators. Computers were extremely expensive then, and sacrifices had to be made even after the original purchases just get the users to understand how they worked. The total cost of IT was enormous. Technologically the world was not quite that advanced, so they had to live with the size for another decade. In 1969, a team of developers in the Bell Labs laboratories started working on a solution for the software problem, to address these compatibility issues.

Bell Labs

UNIX was originally developed for internal use at AT&T Bell Labs by researchers Ken Thompson and Dennis Ritchie. AT&T licensed the source code, widely allowing many companies to modify and produce UNIX-like operating systems. Because AT&T held the UNIX name, other companies had to create their own names to brand the modifications ad additions they had made: AIX from IBM, HP/UX from Hewlett-Packard, SunOS (later Solaris) from Sun, and Mac from Apple.

They developed a new operating system, which was Simple and elegant.

Features

Written in the C programming language instead of in assembly code.
Able to recycle code.
the Bell Labs developers named their project “UNIX”

The code recycling features were very important. Until then, all commercially available computer system were written in code specifically developed for one system. UNIX on the other hand needed only a small piece of that special code, which is now commonly named the kernel. This kernel is the only piece of code that needs to be adapted for every specific system and forms the base of the UNIX system. The operating system and all other functions were built around this kernel and written in a higher programming language ‘C’.

This language was especially developed for creating the UNIX system. Using this new technique, it was much easier to develop an operating system that could run on many different types of hardware.

The software vendors were quick to adapt, since they could sell ten times more software almost effortlessly. Weird new software came in existence: imagine for instances computers from different vendors communicating in the same network, or users working on different systems without the need for extra education to use another computer. UNIX did a great deal to help users become compatible with different systems. Throughout the next couple of decades the development of UNIX continued. More things became possible to do and more hardware and software vendors added support for UNIX to their products. UNIX was initially found only in very large environments with mainframes and minicomputers (note that a PC a “micro” computer). You had to work at a university, for the government or for large financial corporations on order to get your hands on UNIX system. But smaller computers were being developed, and by end of the 80s, many people had home computers. By that time, there were several versions of UNIX available for the PC architecture, but none of them were truly free.

GNU Project/FSF

GNU project started in 1984 by Richard Mathew Stallman. Project goals were to create “free” UNIX clone, by 1990, nearly all required user space applications created and FSF stands for Free Software Foundation is non-profit organization that manages GNU project.

Philosophy

The term free software may have a different meaning than you expect. The term doesn’t refer to the cost of the software, but the fact that end user has the freedom to modify and change the program.

“Free software” refers to the users’ freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software:

The freedom to run the program, for any purpose.
The freedom to study how the program works, and adapt it to your needs
The freedom to redistribute codes (software) so you can help your neighbor.
The freedom to improve program, and release your improvements to public, so that the whole community benefits.

Linus and Linux

Linus Torvalds, a young man studying computer science at the University of Helsinki, thought it would be a good idea to have some sort of freely available academic version of UNIX, and promptly stared to code.

He started to ask questions, looking for answers and solutions that would help him get UNIX on his PC.

From the start, it was Linus’ goal to have free system that was completely compliant with the original UNIX.

That is why he asked for POSIX standards, POSIX still being the standard for UNIX.

In those days plug-and-play wasn’t invented yet, but so many people were interested in having a UNIX system of their own, that was only a small obstacle. New drivers became available for all kind of new hardware, at a continuously rising speed. Almost as soon as new piece of hardware became available, someone bought it and submitted it to the Linux test, as the systems was gradually being called, releasing more free code for an ever wider range of hardware. These coders didn’t stop at their PC’s, every piece of hardware they could find was useful for Linux. Back then, those people were called “nerds” or “freaks”, but it didn’t matter to them, as long as the supported hardware list grew longer and longer. Thanks to these people, Linux is now not only ideal to run on new PC’s but it also the system of choice for old and exotic hardware that would be useless if Linux didn’t exist.

Introduction to Linux

Two years after Linus’ post, there were 12000 Linux users. The project, popular with hobbyists, grew steadily, all the while staying within the bounds of the POSIX standard. All the features of the UNIX were added over the next couple of years, resulting in the mature operating system Linux has become today. Linux is a full UNIX clone, fit for use on workstations s well as on middle-range and high-end servers. Today, all the important players on the hard and software market each have their team of Linux developers, at your local dealer’s you can even buy pre-installed Linux systems with official support.

Why Linux is better?

Cost -- Linux is free, and that includes all the apps. Microsoft is greedy. Vista Home Premium and Ultimate cost hundreds of dollars, even when upgrading from Windows XP. Moving up to Office 2007 involves handing over another bundle of dollars.
Resources -- Even the most lavishly equipped Linux distros demand no more resources than Windows XP. Vista is greedy: a single-user PC operating system that needs 2GB of RAM to run at acceptable speed, and 15GB of hard disk space, is grossly obese.
Performance -- Linux worked faster on my Dell Inspiron Core Duo than XP, at least the way XP worked out of the box. After cleaning out the bloatware and trading McAfee's Abrams Tank for the lightweight NOD32, XP and Linux (with Guarddog and Clam-AV) perform at similar speed.
No bloat ware -- Linux is free from adware, trialware, shovelware, and bloat ware. Running Linux is like watching the public TV network.
Security -- Last year, 48,000 new virus signatures were documented for Windows, compared to 40 for Linux. Still, most bistros come with firewalls and anti virus (AV) software. Programs like Guard dog and Clam-AV are free, of course.
Dual booting -- The best Linux distros make dual booting a simple affair, along with the required disk partitioning (so you don't need to buy partitioning software). Windows on my Dell laptop is still intact after installing and uninstalling a dozen distros.
Installation -- Anyone who's done it once knows that installing Windows from scratch takes hours or even days by the time you get all your apps up and running. With Linux, it can take as little as half an hour to install the operating system, utilities, and a full set of applications. No registration or activation is required, no paperwork, and no excruciating pack drill.
Reinstalling the OS -- You can't just download an updated version of Windows. You have to use the CD that came with your PC and download all the patches Microsoft has issued since the CD was made. With Linux, you simply download the latest version of your distro (no questions asked) and, assuming your data files live in a separate disk partition, there's no need to reinstall them. You only need to re-install the extra programs you added to the ones that came with the distro.
Keeping track of software -- Like most Windows users, I have a shelf full of software CDs and keep a little book with serial numbers under my bed in case I have to reinstall the lot. With Linux, there are no serial numbers or passwords to lose or worry about. Not a single one.
Updating software -- Linux updates all the software on your system whenever updates are available online, including all applications programs. Microsoft does that for Windows software but you have to update each program you've added from other sources. That's about 60 on each of my PCs. More icing on the Linux cake is that it doesn't ask you to reboot after updates. XP nags you every ten minutes until you curse and reboot your machine. If you choose "custom install" to select only the updates you want, XP hounds you like a mangy neighborhood dog until you give in.
More security -- These days, operating systems are less vulnerable than the applications that run on them. Therefore a vital aspect of PC security is keeping your apps up-to-date with the latest security patches. That's hard manual labor in Windows, but with Linux it's automatic.
No need to defrag disks -- Linux uses different file systems that don't need defragging. NTFS was going to be replaced in Vista, but Microsoft's new file system didn't make the final cut. Instead, Vista does scheduled disk defragging by default, but the defrag utility is a sad affair.
A wealth of built-in utilities -- The utilities supplied with Windows are pretty ordinary on the whole, that's why so many small software firms have made a nice living writing better ones. Linux programs are comparable with the best Windows freeware, from CD burners to photo managers, memory monitors and disk utilities. PDF conversion is built-in, both into OpenOffice Writer and into the DTP application Scribus. All you do is click a button on the task bar.