Tag Archives: DNS

sage on ipv6.he.net

http://ipv6.he.net/certification/

This was really fun!

If you complete this with your own domain and server you’ll learn to set up these:

  • set up IPv6 address and routing
  • point your DNS to the IPv6 address – this would applies mostly if you have your own nameserver
  • point the IPv6 address to the DNS – rDNS – requires quite long entries!
  • set up e-mail – both receiving (imap/pop3) and sending (smtp)
  • slightly more advanced use of dig :)

The e-mail part was the trickiest for me as I hadn’t done that before. Used courier and exim4 to set this up on a Debian Virtual Machine.

Red Hat Certification – RHCE – Network Services – DNS

1st post – System Management and Configuration

Objectives

Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service.
  • Configure SELinux to support the service.
  • Configure the service to start when the system is booted.
  • Configure the service for basic operation.
  • Configure host-based and user-based security for the service.

User should be able to do the following for all these services:

DNS:

A DNS-server is quite easy to test as well, just point a client to the IP of your local DNS server and check /var/log/messages on the DNS-server.

  • Install the packages needed to provide the service.
    • yum install bind
  • Configure SELinux to support the service
    • working from scratch, after adding new zones and things you may need to add correct context to the files
  • Configure the service to start when the system is booted.
    • chkconfig named on
  • Configure the service for basic operation.
    • /etc/named.conf
      • after editing you need to restart named
    • edit ‘allow-query’ and ‘listen-on port 53’ – update firewall, start named
    • configure a client to use it with /etc/resolv.conf
    • see examples in: /usr/share/doc/bind*/
  • Configure host-based and user-based security for the service
    • host-based can be done via firewall (port 53 UDP and TCP)
    • host-based: allow-query { localhost; };
    • but user-based??

Extra

  • Configure a caching-only name server.
    • This is what the default /etc/named.conf does it – (this is also stored in the /usr/shar/doc/bind*/ – but, it a good thing to try would be to try to configure this from an empty named.conf
  • Configure a caching-only name server to forward DNS queries.
    • Almost same config as caching-only, except for the addition of two lines:
      • forward only;
      • forwarders  { dns.ip; dns.ip2 }
  • Note: Candidates are not expected to configure master or slave name servers.

 

Ubuntu 10.10 Minimal Virtual Kernel + VMWare Workstation

To install Ubuntu 10.10 with a virtual kernel instead of the normal one = good, less stuff installed that you may not need.

  1. When setting up the install, do not use the easy install. Chose to install an OS later. Set up bridged/nat depending on which one you want.
  2. Add the install .iso to the CD-drive in the VM
  3. Select a language
  4. Press F4 (it didn’t work in the first screen)
  5. Chose – install a minimal virtual machine
  6. Install Ubuntu Server
  7. Chose language again
  8. Chose key map – (I chose English and had to browse to Finland)
  9. Asked to press some buttons, wanted Swedish (but have an English keyboard) so tried to press the right ones :p
  10. Then time zone Helsinki/Finland was found.
  11. Using default (whole disk, no encryption or lvm) for partitioning.
  12. set up users
  13. set up encryption on home dir
  14. proxy setup
  15. installing security updates automagically
  16. any extra packages (DNS, LAMP, Mail, OpenSSH, etc)? – I chose no, want to chose this myself later.
  17. yes I want grub (it finds only one OS on the virtual disk ;)

Then I see the login prompt! Obviously the easy-install in VMWare Workstation has a lot less steps :)

But on the other hand you could install OpenSSH directly through the install and then you do not have to log on to the VM via VMWare Workstation, but can do it via your favorite ssh program instead.

Post install

What I want installed every time after an uninstall.
After install it is a very very small installation.
Not even ‘man’ is installed.

sudo apt-get install openssh-server ntp nano

edit /etc/network/interfaces – configure static ip
edit /etc/ntp.conf – add time servers
edit ~/.bashrc – change colors in the prompt and add color

Kernel difference you can see when running uname: 2.6.35-22-virtual in comparison to 2.6.35-22-generic

There!

Now you can set up whatever you want on it! Of course you may want to do more things, set up iptables or you could use it like it is before the things I do after each install. You can use vi instead of nano/pico and use dhcp instead, depends on what you are going to do with your VM.

EyeOS – Cloud Desktop in your browser – Part 2

After my first comment ever by Adrian from the eyeOS forum I will now try this again and try not to install eyeOS wrongly by following a guide!

1/ Because I also tried to install cactii on the same VM the other day – and after that I saw some nasty out of memory messages. I will create a new VM – fresh, and with only 256MB RAM!

However, the guide is only for 2.x – So I will freestyle this time too. But follow the installation instructions on eyes.org :)

Overview

1/ Install Ubuntu 10.10
2/ Follow guide Not possible because uh, there is none for Ubuntu. There is one that begins with graphic interface for Debian.
3/ Win!

Requirements – PHP5

Installing Ubuntu

I use VMWare Workstation.
File -> New VM. Typical, installer disc image.
I used ubuntu-10.10-server-amd64 – I have an intel core i7.. (this is the one I used before, tried to find on ubuntu.com which one I should use but it says if you have a 64-bit, you’ll get the amd64..). Anyway. and also apparently it’s possible to press F4 during install and it will install a ‘virtual kernel’ which is good for when running in a virtualized environment! I had to change memory down to 256MB and then I also set the network type to “bridged” – so that it gets IP/DNS settings from my router instead of from my computer.

Also found a forum post that confirms, if you have an Intel 64-bit CPU – it is the “amd64” version you want to install.

So first time when I entered the VM through the VMWare shell everything worked fine.
Except that they keyboard was a bit messed up. When I pressed down it sent an enter.
In SSH via PuTty it’s working so I’ll do it that way instead. If you have this problem, check out this post – might be a VMWare bug or you may fix it with some CLI magic.

sshd is not installed by default -> sudo apt-get install openssh-server

Also probably good to change IP in the beginning, in case you want it on a static IP.
See my previous post how to set that. It’s a at the bottom of the post.

Time

Another good thing would be to set the time zone on the VM. You can find out how to do that in this post about lifehack/currency exchange rate.

To sync the time – so that it is up to date (mine was 30mins off) –

Edit /etc/default/ntpdate
Add a pool or use the default one – http://www.pool.ntp.org/zone/fi for Finnish ones.
Then run sudo ntpdate-debian

Do I really need to run this anymore? I’ll just let it be and try to keep track of it :p

*** Update: Just checked in on the time some 2 hours later and:

4 Feb 14:43:45 ntpdate[2494]: step time server 194.100.2.198 offset 910.266238 sec

So we need to have this executed every now and then, especially if it’s off 15minutes in just a couple of hours!!

Also found post on debian.org which clearly says that ntpd is awesome for fixing this. Especially in my case where the clock appears to be going slowly.

sudo apt-get install ntp
sudo pico /etc/ntp.conf

add your NTP-servers in there, I added those from the link above on ntp.org

then if you run this: sudo /etc/init.d/ntp status
it will tell you if it is running or not

I’ll check back tomorrow to see if this improved things ;)

*** 0847 unfortunately time is by now almost an hour off (0757).

martbhell@ubuntu:/var/www$ sudo /etc/init.d/ntp status
* NTP server is running

martbhell@ubuntu:/var/log$ ntpq –peers
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
europium.canoni 193.79.237.14    2 u   12   64  377   44.012  2995645 13778.9

but supposedly this only runs once a day?

there is a program called ntp under /etc/cron.daily/

i’ll wait until today afternoon

** 2045  – it is now over an hour late..
** rebooted, now time is 2215.. 23 minutes too much!
** rebooted again, now time is good, 2054. :s

** a day later (maybe more)- and now it’s 3 hours behind.

supposedly ntpd will catch the drift after a while.

stopped VM and made a copy of hostname.vmx

then edited this with pspad and and changed

tools.syncTime = “FALSE”

to

tools.syncTime = “TRUE”

now time is good (Tue Feb  8 15:12:34 EET 2011), is that because of the reboot? Probably. That’s how it looks in syslog anyway.

Checking back in a day or two.

*** Wed Feb  9 06:45:09 EET 2011 – now 45minutes late.

*** Set up a script that monitors the offset. Looks like this:

offset = 3287.419925,;Tue Feb 15 04:30:01 EET 2011;
offset = 3634.005591,;Tue Feb 15 06:30:01 EET 2011;
offset = 3980.517817,;Tue Feb 15 08:30:01 EET 2011;

347,346,374

From /etc/ntp.conf I found that the drift file is this:

/var/lib/ntp/ntp.drift

it contains this value: 0.000

Manually changing this to -346.500

Also changed the default values to this in /etc/ntp.conf

restrict -4 default kod notrap nomodify
restrict -6 default kod notrap nomodify

#restrict 127.0.0.1
#restrict ::1

and rebooting the server, again.

bbl.

ok, this is bs.

sudo apt-get remove ntp

then running this:

sudo ntpdate 0.fi.pool.ntp.org

confirmed it updates time

44 * * * * /usr/sbin/ntpdate 0.fi.pool.ntp.org >> /home/user/tid/tid.log

bbl

ok, looked one hour later at 1445 and the time was right.
can now keep an eye on that tid.log file instead :)

don’t forget to add that to the root user crontab, with ‘sudo crontab -e’

*** a week later

ok that was an ugly fix and I do not condone doing that, that was me being a little frustrated :)

See http://www.guldmyr.com/blog/time-sync-for-linux-vms-in-vmware-workstation/ for how it worked out..

lamp

Download 1.x

install LAMP -> sudo apt-get install lamp-server^
The ^ needs to be there! All you need to do is to insert a mysql root password.

After this you can surf into http://localhost or http://ip of the VM.

phpymadmin

I also want to put in phpmyadmin (sudo apt-get install phpmyadmin) as well, this is nice tool to manage the mysql db. In that installation, choose apache2 by pressing space, then tab to get to the OK button. Then it asks about dbconfig-common, I chose no here because the db(mysql) is already installed. Then surf to http://ip/phpmyadmin/ and log on. If you see any databases there already -> you are now connected to the mysql you created before! Woop!

EyeOS Install

cd – this gets you to your homedir
mkdir eyeos
cd eyeos
wget $URL of eyeOS
install unzip -> sudo apt-get install unzip
unzip $FILENAME
put this in your web dir.
by default this is /var/www
by default you do not have permission to put files there, so use sudo to put the eyeOS folder in there.

sudo mv eyeOS /var/www
after this the user you have logged on with have ownership inside /var/www/eyeOS – means you don’t have to write sudo all the time :)

point your web browser to http://ip/eyeOS (note that it is case sensitive)
it will tell you that you need to chmod 777 some files, do that.

Then it will tell you to install these packages: SQLite and IMAP if you want mail client.

sudo apt-get install php5-sqlite (restart apache with ‘sudo apachectl restart’ and hit F5 on the installation page to see that the installation script now finds it)
sudo apt-get install php5-imap (free-styled that, worked out well ;)

put in a password and then hit install

then it’s installed!

eyeOS – nice!

It’s a lot slimmer than eyeOS 2.x and stuff appears to be working just off the bat.
Everything runs so fast too, in comparison to 2.x.

1.9.x for the win!

Do I really want to use this? Would I find it useful? Honestly I am a little scared by running this on my own pc.