Tuesday, August 19, 2014

Setup DNS server on Linux

DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa. For example if we type http://www.ostechnix.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.
DNS Server Installation in CentOS 6.5
This how-to tutorial will show you how to install and configure Primary and Secondary DNS server. The steps provided here were tested in CentOS 6.5 32 bit edition, but it should work in RHEL 6.x(x stands for version) and Scientific Linux 6.x too.
Scenario
Here are my test setup scenario
[A] Primary(Master) DNS Server Details:

Operating System : CentOS 6.5 32 bit (Minimal Server)
Hostname : masterdns.ostechnix.com
IP Address : 192.168.1.200/24

[B] Secondary(Slave) DNS Server Details:

Operating System : CentOS 6.5 32 bit (Minimal Server)
Hostname : slavedns.ostechnix.com
IP Address : 192.168.1.201/24

Setup Primary(Master) DNS Server

[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server
The main configuration of the DNS will look like below. Edit and add the entries below which were marked as bold in this configuration files.

[root@masterdns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; }; ## Slave DNS IP ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type master;
file "fwd.ostechnix.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.ostechnix.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files
Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
[A] Create Forward Zone
Create ‘fwd.ostechnix.com’ file in the ‘/var/named’ directory and add the entries for forward zone as shown below.

[root@masterdns ~]# vi /var/named/fwd.ostechnix.com
$TTL 86400
@ IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS masterdns.ostechnix.com.
@IN NS slavedns.ostechnix.com.masterdns IN A 192.168.1.200
slavedns IN A 192.168.1.201

[B] Create Reverse Zone
Create ‘rev.ostechnix.com’ file in the ‘/var/named’ directory and add the entries for reverse zone as shown below.

[root@masterdns ~]# vi /var/named/rev.ostechnix.com
$TTL 86400
@ IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS masterdns.ostechnix.com.
@IN NS slavedns.ostechnix.com.
masterdnsIN A 192.168.1.200
slavedns IN A 192.168.1.201
200 IN PTR masterdns.ostechnix.com.
201 IN PTR slavedns.ostechnix.com.

3. Start the bind service

[root@masterdns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@masterdns ~]# chkconfig named on

4. Allow DNS Server through iptables
Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.

[root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables to save the changes

[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

6. Test syntax errors of DNS configuration and zone files
[A] Check DNS Config file

[root@masterdns ~]# named-checkconf /etc/named.conf
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones

[B] Check zone files

[root@masterdns ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#

7. Test DNS Server
Method A:

[root@masterdns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.ostechnix.com.INA ;; ANSWER SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 ;; AUTHORITY SECTION: ostechnix.com.86400INNSmasterdns.ostechnix.com. ostechnix.com.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 5 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 12:48:35 2013 ;; MSG SIZE rcvd: 110 Method B: [root@masterdns ~]# dig -x 192.168.1.200 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;200.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com. 1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 6 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 12:49:53 2013 ;; MSG SIZE rcvd: 150 Method C: [root@masterdns ~]# nslookup masterdns Server:192.168.1.200 Address:192.168.1.200#53 Name:masterdns.ostechnix.com Address: 192.168.1.200 Thats it. Now the Primary DNS server is ready Setup Secondary(Slave) DNS Server [root@slavedns ~]# yum install bind* -y 1. Configure Slave DNS Server Open the main configuration file ‘/etc/named.conf’ and add the lines as shown in bold letters. [root@slavedns ~]# vi /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.1.201; }; ## Slve DNS IP ## listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; ## IP Range ## recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone"ostechnix.com" IN { type slave; file "slaves/ostechnix.fwd"; masters { 192.168.1.200; }; }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/ostechnix.rev"; masters { 192.168.1.200; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 2. Start the DNS Service [root@slavedns ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [root@slavedns ~]# chkconfig named on Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS server. To verify, goto DNS database location(i.e ‘/var/named/slaves’) and use command ‘ls’. [root@slavedns ~]# cd /var/named/slaves/ [root@slavedns slaves]# ls ostechnix.fwd ostechnix.rev The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files whether the correct zone files are replicated or not. [A] Check Forward zone: [root@slavedns slaves]# cat ostechnix.fwd $ORIGIN . $TTL 86400; 1 day ostechnix.comIN SOAmasterdns.ostechnix.com. root.ostechnix.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NSmasterdns.ostechnix.com. NSslavedns.ostechnix.com. $ORIGIN ostechnix.com. masterdnsA192.168.1.200 slavedns A192.168.1.201 [B] Check Reverse zone: [root@slavedns slaves]# cat ostechnix.rev $ORIGIN . $TTL 86400; 1 day 1.168.192.in-addr.arpaIN SOAmasterdns.ostechnix.com. root.ostechnix.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NSmasterdns.ostechnix.com. NSslavedns.ostechnix.com. $ORIGIN 1.168.192.in-addr.arpa. 200PTRmasterdns.ostechnix.com. 201PTRslavedns.ostechnix.com. masterdnsA192.168.1.200 slavedns A192.168.1.201 3. Add the DNS Server details to all systems [root@slavedns ~]# vi /etc/resolv.conf # Generated by NetworkManager search ostechnix.com nameserver 192.168.1.200 nameserver 192.168.1.201 nameserver 8.8.8.8 4. Test DNS Server Method A: [root@slavedns ~]# dig slavedns.ostechnix.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;slavedns.ostechnix.com.INA ;; ANSWER SECTION: slavedns.ostechnix.com.86400INA192.168.1.201 ;; AUTHORITY SECTION: ostechnix.com.86400INNSmasterdns.ostechnix.com. ostechnix.com.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 ;; Query time: 7 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:00:17 2013 ;; MSG SIZE rcvd: 110 Method B: [root@slavedns ~]# dig masterdns.ostechnix.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.ostechnix.com.INA ;; ANSWER SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 ;; AUTHORITY SECTION: ostechnix.com.86400INNSmasterdns.ostechnix.com. ostechnix.com.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 13 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:01:02 2013 ;; MSG SIZE rcvd: 110 Method C: [root@slavedns ~]# nslookup slavedns Server:192.168.1.200 Address:192.168.1.200#53 Name:slavedns.ostechnix.com Address: 192.168.1.201 Method D: [root@slavedns ~]# nslookup masterdns Server:192.168.1.200 Address:192.168.1.200#53 Name:masterdns.ostechnix.com Address: 192.168.1.200 Method E: [root@slavedns ~]# dig -x 192.168.1.201 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;201.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.ostechnix.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com. 1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 6 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:03:39 2013 ;; MSG SIZE rcvd: 150 Method F: [root@slavedns ~]# dig -x 192.168.1.200 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;200.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com. 1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 4 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:04:15 2013 ;; MSG SIZE rcvd: 150

Posted by at No comments:

Tuesday, April 16, 2013

Setup Swap file on Linux

Create Swap File on Linux

Step 1
Create Storage File
Type the following command to create 512MB swap file (1024 * 512MB = 524288 block size):
# dd if=/dev/zero of=/swapfile1 bs=1024 count=524288

Where,

    if=/dev/zero : Read from /dev/zero file. /dev/zero is a special file in that provides as many null characters to build storage file called /swapfile1.
    of=/swapfile1 : Read from /dev/zero write stoage file to /swapfile1.
    bs=1024 : Read and write 1024 BYTES bytes at a time.
    count=524288 : Copy only 523288 BLOCKS input blocks.

Step 2
 Set Up a Linux Swap Area
# mkswap /swapfile1
# chown root:root /swapfile1
# chmod 0600 /swapfile1
# swapon /swapfile1

Step 3
Activate Swap in fstab

 vi /etc/fstab

/swapfile1 swap swap defaults 0 0

Step 4

 Boot the system


$ free -m
Posted by at No comments:

Wednesday, January 9, 2013

LFS is FUN

Started LFS
Posted by at No comments:

Friday, January 4, 2013

Setup DHCP server

A simple DHCP server setup on RHEL Clones like WBEL, Centos, TaoLinux

This guide is how to setup a simple DHCP server to run on a RHEL Clone like WBEL, Centos, TaoLinux. The guide is based on having at least a minimal installation of one of the supported OSes. See this guide to install a minimal version of a supported OS if required.

What is DHCP?

DHCP is an acronym that stands for "Dynamic Host Configuration Protocol". DHCP's purpose is to enable individual computers on an IP network to automatically obtain their network configurations from a server, instead of requiring each PC's network configuration to be completed manually. The overall purpose of this is to reduce the work necessary to administer a large IP network. DHCP runs over UDP, utilizing ports 67 and 68.


How do I setup DHCP on a RHEL clone like White Box Enterprise Linux (WBEL), CentOS, or TaoLinux?

1. Do the above mentioned minimal install, if required.

2. After updating your linux install, install the programs required for the DHCP server with this command:

yum install dhcp

Important Files:
To configure a DHCP server we will modify the configuration file /etc/dhcpd.conf. DHCP also uses the file /var/lib/dhcp/dhcpd.leases to store the client lease database.

Help for DHCP
Help is available from the following man pages:

man dhcp-eval
man dhcpd.conf
man dhcpd.leases
man dhcpd
man dhcrelay

3. Next we need to configure the DHCP server. First we need to know some information that we are going to assign. We need to know:

a. The range of IP addresses we want to assign to our computers. I normally use the 192.168.x.x networks for my internal LANs. In our example, we will use 192.168.0.0/255.255.255.0 as our network (that is the network that starts with 192.168.0.1 and ends with 192.168.0.254). We will save IPs 192.168.0.1 to 192.168.0.50 for servers and static addresses. We will pick the addresses 192.168.0.51 to 192.168.0.100 to assign to computers via DHCP.

b. The IP address of the DNS server(s) we will use for name lookups for our clients that we assign with DHCP. In my case, I will use the DNS server that I have setup on IP address 192.168.0.2. (You can use your ISP's DNS server if you don't have one ... see the ISP's site for details. You can also build your own internal DNS server on this machine or another internal machine by following this guide.

c. The Default Gateway of the computers that we are going to serve. In our example, this will be the IP address 192.168.0.1, which has been setup as the default gateway for our internal network.

d. The length of the lease (default and maximum). This is very subjective. If you have more PCs than IP addresses to give out, you want this to be a short time (600 seconds). If you have more IPs to give out than PCs (most likely the case), you can use a larger number. Microsoft defaults to 3 days (259200 seconds) with their DHCP servers. RedHat recommends 12 hours (43200 seconds). I will go with the RedHat default of 43200 seconds for default length and 86400 seconds for maximum length.

e. If we have a WINS server setup on the network (microsoft or samba only), we would need to know it's IP address. I have one, it is 192.168.0.2 (on the same machine as my DNS server).

f. We need a domain name to give out as well. If you are using real IP addresses, you can use a real domain name as well ... in our case, we are using an internal network (192.168.0.x) behind a single IP address from an ISP, so we will use the fictitious domain name home.local. If you are using an internal IP network, don't use a real external domain name, or you may not be able to talk to real PCs on that external network.

The DHCP Server configuration file (/etc/dhcpd.conf)

1. Now we have our information, so let's configure the server by creating a text file named /etc/dhcpd.conf. The first line in the file must be the DNS update scheme. There are 2 choices, but only one that works reliably ... so we will use that one smile.gif. Here is the first line:
CODE
ddns-update-style interim;


2. The second line is whether to allow the DHCP to update client info to a Dynamic DNS server. In our example, we are not going to try and update a Dynamic DNS via our DHCP server, so we will not allow client updates. Here is our line 2:
CODE
ignore client-updates;


3. The next section of our file will be the subnet section ... we will define the network, and input the info we gathered above (see section 3 {a-f} above). Here is the subnet section:
CODE
subnet 192.168.0.0 netmask 255.255.255.0 {
       option routers                  192.168.0.1; #Default Gateway
       option subnet-mask              255.255.255.0;
       option domain-name              "home.local";
       option domain-name-servers      192.168.0.2;
       option netbios-name-servers     192.168.0.2; #WINS Server      
    range dynamic-bootp 192.168.0.51 192.168.0.100;  #DHCP Range to assign
       default-lease-time 43200;
       max-lease-time 86400;
}


4. Put all that together and we have the /etc/dhcpd.conf file. Here is a text file containing our example information.

example dhcpd.conf

5. If you have more than one ethernet adapter, you must specify which one to listen on in the file /etc/sysconfig/dhcpd. To listen on eth0, you would use the line:
CODE
DHCPDARGS=eth0


6. To start the dhcp server now for testing, issue the command:

/etc/init.d/dhcpd start

To make the dhcp server restart at boot time, issue the commands:

chkconfig --level 2345 dhcpd on
chkconfig --level 016 dhcpd off

Then check to make sure it is correct with the command:

chkconfig --list dhcpd

the output should be

dhcpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

7. If you are using a software firewall like iptables, you will need to allow all tcp and udp traffic into ports 67 and 68 into this machine.

8. Here are some good references:

DHCP Server Setup (some paths are different, but still good info)

RHEL - Configuring a DHCP Server <--excellent br="br" reference="reference">
Using DHCP on Linux/FreeBSD <--info and="and" br="br" dhcp="dhcp" dns="dns" dynamic="dynamic" on="on">
TCP/IP Network Administration - DHCP
Posted by at No comments:
Subscribe to: Comments (Atom)