Tag Archive for 'coredump'

BIND in a jiffy

Published
by
Ian Dexter
on 1 September 2006
in Work
. Comments

I’m coaching a new engineer on Linux- and systems administration-related tasks. Here’s a set of exercises I did for DNS.

  1. Install BIND. By default, what packages does Red Hat (RH) install? How would you find out? Hint: `man rpm`.
  2. View the configuration file in /etc/named.conf. Describe what each section is for:
    1. options { }
    2. controls { }
    3. key "rndc_key" { }
    4. zone "." { }
    5. zone "0.0.127.in-addr.arpa" { }
  3. What is the /var/named/named.ca file? How do you update this file? Hint: `dig` it up.
  4. Describe the function of each record in /var/named/named.local:
    1. SOA
    2. NS
    3. PTR

    Notice the ‘.‘ at the end of the domain name? What is it for? What will happen if you take it out?

  5. Configure your box to use your recently installed DNS server.
    1. Edit /etc/resolv.conf. Add your nameserver. (Don’t forget to restart the networking service.)
    2. Start BIND. How? What would you check to see if BIND starts at boot?
    3. Test your nameserver. Hint: `man dig`.
    4. Do a DNS lookup for an external domain: 
      $ dig google.com
$ dig google.com

      What’s the difference between the two commands above? Hint: It has something to do with the way DNS works.

  6. Create your own domain.How will you do that? Hint: Copy, edit and rename named.local.
    1. Create a new zone in named.conf.
    2. Edit the zone file. It should contain something like this: 
      ; Zone - iandexter.net
$TTL 3D
@   IN   SOA   hiraya.iandexter.net. hostname.iandexter.net. (
   20060901   ; serial
   8H      ; refresh
   2H      ; retry
   4W      ; expire
   1D)      ; minimum
;
   NS   hiraya.   ; name server
   MX   5 padme.iandexter.net
   MX   10 arwen.iandexter.net.
   MX   15 eowyn.iandexter.net.
   MX   20 mail.
;
localhost   A   127.0.0.1
hiraya   A   192.168.1.101
ns   CNAME   hiraya
mail   CNAME   hiraya
pop   CNAME   hiraya
www   CNAME   hiraya
proxy   CNAME   hiraya
ftp   CNAME   hiraya
padme   A   192.168.1.51
arwen   A   192.168.1.150
eowyn   A   192.168.1.153

      Explain what the following means:

      1. A
      2. MX What about the number beside it?
      3. CNAME
      4. serial
      5. refresh
      6. retry
      7. expire
      8. minimum
      9. TTL
    3. Restart BIND. 
      # rndc reload
  7. Test your new domain. 
    $ dig any your.domain

    What do you notice? Hint: Something’s awfully wrong. (Look at step 4 above.) Correct it, then test your domain again.

    # rndc reload; dig axfr your.domain
  8. Create a reverse zone. Why do you need it? You should have something like this: 
    ; Reverse zone - 1.168.192
$TTL 3d
@   IN   SOA   hiraya.iandexter.net. hostmaster.iandexter.net. (
   20060901   ; serial
   8H      ; refresh
   2H      ; retry
   4W      ; expire
   1D)      ; minimum
;
   NS   hiraya.iandexter.net.
;
101   PTR   hiraya.iandexter.net.
102   PTR   mithi.iandexter.net.
150   PTR   arwen.iandexter.net.
151   PTR   padme.iandexter.net.
152   PTR   mathilda.iandexter.net.
153   PTR   eowyn.iandexter.net.
154   PTR   evey.iandexter.net.
155   PTR   galadriel.

    Notice the last line above: it’s just another way of writing it — saves typing, too. Test your reverse zone.

    # rndc reload; dig -x your.server.ip
# dig axfr your.reverse.zone
  9. Test your new domain on another machine.
    1. In Windows, add your nameserver in the DNS list. Try to look up records in your domain.

      C:\> nslookup
> server your.nameserver.ip
> set type=all
> your.domain
    2. Ping your nameserver (or hosts you have added to that zone) using fully qualified domain names.
  10. Secure your nameserver.
    1. Disable queries from domains you don’t own, except from your servers or subnet.
    2. Disable recursive queries, except internally.
    3. By default, RH runs BIND in a chroot jail. Why?

Bonus question:
Why go through all this trouble when you can have Linux (even Windows, actually) resolve hostnames to their IP addresses? How do you do that?

Cut and paste!

Published
by
Ian Dexter
on 4 January 2006
in Play
. Comments

Just got myself SuprGlued.

Sorry, I was looking for a catchier line, but hey, I’m excited over this thing. In a previous post, I was ranting about how to “leverage” Web 2.0 for work, when I stumbled upon SuprGlu. As their blurb says, it is “about bringing the pieces of your web content together into one central place for you, your friends, and maybe even your friends to-be.”

What SuprGlu does is gather data from various sources (Blogger, delicious, Flickr, and other Web 2.0-ish sites), using those sources’ RSS feeds, and display them in pretty themeable pages. Super! (Sorry, got carried away.) Think: feed aggregator, prettified and webified. :)

Now, if only it will also accept OPML files like regular readers… [via cut-and-paste! on SuprGlu]