We have a secret (therefore, widely known and very popular) stash of films and TV series episodes somewhere in the office. This clandestine repository is an FTP server, which probably gets more traffic than the various issue tracking and CRM systems we use around here.
Sometimes, though, it gets tedious logging on to the server, checking for new additions, before finding out what new files to download. Good thing the pirates were sane enough to come up with a “What’s new” page in the root of the FTP server’s public directory. So, I whipped up a very simple script that would fetch this file:
#!/bin/sh
ftp pirate.ftp <<EOT
user username password
get whatsnew.txt
quit
EOT
I placed the above in a crontab, executed daily at early dawn. Then, it’s just a matter of grepping for my faves and downloading them promptly. The download could be automated as well, but it’s a bit tedious and requires more braincells than I can dedicate for this sort of work — much easier to just eyeballing what files I particularly like from the text file.
I’m coaching a new engineer on Linux- and systems administration-related tasks. Here’s a set of exercises I did for DNS.
- Install BIND. By default, what packages does Red Hat (RH) install? How would you find out? Hint:
`man rpm`.
- View the configuration file in
/etc/named.conf. Describe what each section is for:
options { }controls { }key "rndc_key" { }zone "." { }zone "0.0.127.in-addr.arpa" { }
- What is the
/var/named/named.ca file? How do you update this file? Hint: `dig` it up.
- Describe the function of each record in
/var/named/named.local:
SOANSPTR
Notice the ‘.‘ at the end of the domain name? What is it for? What will happen if you take it out?
- Configure your box to use your recently installed DNS server.
- Edit
/etc/resolv.conf. Add your nameserver. (Don’t forget to restart the networking service.)
- Start BIND. How? What would you check to see if BIND starts at boot?
- Test your nameserver. Hint:
`man dig`.
- Do a DNS lookup for an external domain:
$ dig google.com
$ dig google.com
What’s the difference between the two commands above? Hint: It has something to do with the way DNS works.
- Create your own domain.How will you do that? Hint: Copy, edit and rename
named.local.
- Create a new zone in
named.conf.
- Edit the zone file. It should contain something like this:
; Zone - iandexter.net
$TTL 3D
@ IN SOA hiraya.iandexter.net. hostname.iandexter.net. (
20060901 ; serial
8H ; refresh
2H ; retry
4W ; expire
1D) ; minimum
;
NS hiraya. ; name server
MX 5 padme.iandexter.net
MX 10 arwen.iandexter.net.
MX 15 eowyn.iandexter.net.
MX 20 mail.
;
localhost A 127.0.0.1
hiraya A 192.168.1.101
ns CNAME hiraya
mail CNAME hiraya
pop CNAME hiraya
www CNAME hiraya
proxy CNAME hiraya
ftp CNAME hiraya
padme A 192.168.1.51
arwen A 192.168.1.150
eowyn A 192.168.1.153
Explain what the following means:
AMX What about the number beside it?CNAMEserialrefreshretryexpireminimumTTL
- Restart BIND.
# rndc reload
- Test your new domain.
$ dig any your.domain
What do you notice? Hint: Something’s awfully wrong. (Look at step 4 above.) Correct it, then test your domain again.
# rndc reload; dig axfr your.domain
- Create a reverse zone. Why do you need it? You should have something like this:
; Reverse zone - 1.168.192
$TTL 3d
@ IN SOA hiraya.iandexter.net. hostmaster.iandexter.net. (
20060901 ; serial
8H ; refresh
2H ; retry
4W ; expire
1D) ; minimum
;
NS hiraya.iandexter.net.
;
101 PTR hiraya.iandexter.net.
102 PTR mithi.iandexter.net.
150 PTR arwen.iandexter.net.
151 PTR padme.iandexter.net.
152 PTR mathilda.iandexter.net.
153 PTR eowyn.iandexter.net.
154 PTR evey.iandexter.net.
155 PTR galadriel.
Notice the last line above: it’s just another way of writing it — saves typing, too. Test your reverse zone.
# rndc reload; dig -x your.server.ip
# dig axfr your.reverse.zone
- Test your new domain on another machine.
- In Windows, add your nameserver in the DNS list. Try to look up records in your domain.
C:\> nslookup
> server your.nameserver.ip
> set type=all
> your.domain
- Ping your nameserver (or hosts you have added to that zone) using fully qualified domain names.
- Secure your nameserver.
- Disable queries from domains you don’t own, except from your servers or subnet.
- Disable recursive queries, except internally.
- By default, RH runs BIND in a
chroot jail. Why?
Bonus question:
Why go through all this trouble when you can have Linux (even Windows, actually) resolve hostnames to their IP addresses? How do you do that?
Just got out of a gruelling panel interview — part of my new engineer evaluation here at work. Man, those were tough questions they asked. As I think about it, the questions touched on mostly basic stuff: HTTP, SMTP, and all the other Ps.
I need to study some more. I do know the basics and can confidently cover most other intermediate to advanced topics. But after that interview, I’m having second thoughts.
I’m here in a new workplace. The work is okay, so far (going on one and a half months now). Got several machines to tinker with. Oh, I do get to fuddle with Linux (Red Hat and Suse Enterprise, with Centos, Fedora Core, and Debian thrown in the mix), but not as full-time as before.
So, in one of my Windows boxes, I got me:
I.T. policies are not that strict when it comes to what we can install in our machines, but there are obligatory software, on top of the only supported OS (Windows 2000 Professional and XP Professional) — Outlook, for one. I have yet to find a way to get Thunderbird to authenticate via the company’s Active Directory.
I’ve installed several open source software. Scintilla text editor works great (they prefer UltraEdit), but I miss the command line so Vim was it. I’ll be doing lots of IM so I got me Gaim for Windows — what better way to integrate all those protocols (I have accounts in AIM, Yahoo!, GTalk and MSN). Too bad, there’s no integration for Skype yet. Of course, there’s the ever trustworthy Firefox. FileZilla is in the mix, too, and so is Ethereal.
Now, I’m a bit more comfy in my cube. Back to my reading…
Via Boing Boing:
At the recent KinnerNet 2005 [Israeli version of Foo Camp], [co-founder Yossi] Vardi and his pals Shimon Schocken and Ami Ben-Basat demonstrated that snails can be faster at data delivery than both ADSL and pigeons.
Called SNAP (SNAil-based data transfer Protocol), the system uses “biological carriers, and, for the first time, taking advantages of the unique merits of the wheel for data transfer.” Test results showed that SNAP (at 37,000 kbps) is significantly faster than ADSL (1,500 kbps) and WiFly TCP (Transmission by Carrier Pigeons, also known as “IP over Avian Carrier”) (2,270 kbps), which has a glaring limitation of not being able to “fly through Windows”.
A distinct disadvantage of SNAP is the risk of DOS (denial-of-service), “most notably in France, (where) culinary habits may pose a risk — French users will have to choose whether they want to be served data-ex-cargo or an escargot.”
