2011年5月31日 星期二

add route in linux

1.add new route
#route add -net 172.16.0.0. netmask 255.255.0.0 gw 172.16.1.1

2.del route
#route del -net 172.16.0.0 netmask 255.255.0.0 gw 172.16.1.1

3.modify default route
#route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.10.10.1

2011年5月23日 星期一

bind chroot setting

1.stop bind9 service
#/etc/init.d/bind9 stop

2.modify /etc/default/bind9 and add -t agrument
#vim /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"


3.create necessary folder
#mkdir -p /var/lib/named/etc
#mkdir /var/lib/named/dev
#mkdir -p /var/lib/named/var/cache/bind
#mkdir -p /var/lib/named/var/run/bind/run

4.move /etc/bind to /var/lib/name/etc/
#mv /etc/bind /var/lib/named/etc

5.mkdir software link to /etc/bind
#ln -s /var/lib/named/etc/bind /etc/bind

6.mkdir two char device and grant some permission
#mknod /var/lib/named/dev/null c 1 3
#mknod /var/lib/named/dev/random c 1 8
#chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
#chown -R bind:bind /var/lib/named/var/*
#chown -R bind:bind /var/lib/named/etc/bind

7.create one file to log import message and add one line on it
#vim /etc/rsyslog.d/bind-chroot.conf
$AddUnixListenSocket /var/lib/named/dev/log

8.add some lines on /etc/apparmor.d/usr.sbin.named
#vim /etc/apparmor.d/usr.sbin.named
/var/lib/named/etc/bind/* rw,
/var/lib/named/var/run/bind/run/named.pid w,
/var/lib/named/var/run/bind/named.options r,
/var/lib/named/dev/null rw,
/var/lib/named/dev/random rw,


9.restart rsyslog and bind9 serivice
#/etc/init.d/rsyslog restart
#/etc/init.d/apparmor restart
#/etc/init.d/bind9 start

2011年5月12日 星期四

bind9 enable logging for dns query everything

1.modify /etc/bind/named.conf.options
#vim /etc/bind/named.conf.options

logging{
channel dns_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category lame-servers{
null;
};
category default{
dns_log;
};
category xfer-out{
dns_log;
};
category queries{
dns_log;
};
};

2.make a folder name named in /var/log and give bind write permission
#cd /var/log
#mkdir named
#cd named
#touch bind.log
#cd ../..
#chown bind:bind -Rf named/
#chmod 775 -Rf named/

3.restart bind service
#/etc/init.d/bind9 restart

ntp server in taiwan

server 1.tw.pool.ntp.org
server 0.asia.pool.ntp.org
server 2.asia.pool.ntp.org

2011年5月11日 星期三

Bind9 dns system with master and slave

1.install bind9 system packages on master and slave server
#apt-get update
#apt-get upgrade
#apt-get install bind9 bind9-doc


2.modify /etc/hosts and add two server record like this
#vim /etc/hosts
127.0.0.1 localhost
192.168.11.111 master.csp.com.tw master
192.168.11.50 slave.csp.com.tw slave

3.modify /etc/resolv.conf and add nameserver setting about master and slave
#vim /etc/resolv.conf
nameserver 192.168.11.111
nameserver 192.168.11.50


4.modify /etc/bind/named.conf.local on master to add new zone to allow transfer
#vim /etc/bind/named.conf.local
zone "csp.com.tw" {
type master;
file "/etc/bind/db.csp.com.tw";
allow-transfer {
192.168.11.50;
};
notify yes;
};

zone "2.10.10.in-addr.arpa" {
type master;
file "/etc/bind/db.10.10.2";
allow-transfer {
192.168.11.50;
};
notify yes;
};

5.add new file name db.csp.com.tw and db.10.10.2 about setting zone csp.com.tw
#vim /etc/bind/db.csp.com.tw

; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA csp.com.tw. admin. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
@ IN MX 5 mail1.csp.com.tw.
@ IN MX 10 mail2.csp.com.tw.

www1 IN A 66.77.88.120
www2 IN A 66.77.88.120
dns IN A 10.10.2.171
ftp IN A 10.10.2.172
mail1 IN A 10.10.2.200
mail2 IN A 10.10.2.201
webapp1 IN CNAME www1.csp.com.tw.
webapp2 IN CNAME www2.csp.com.tw.
================db.10.10.2=======================
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA csp.com.tw. admin. (
2011052301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.csp.com.tw.

172 IN PTR ftp.csp.com.tw.

6.modify /etc/bind/named.conf.options
#vim /etc/bind/named.conf.options

acl "trusted" { 127.0.0.1; 192.168.11.0/24; };

options {
directory "/var/cache/bind";

allow-recursion { trusted; };
allow-transfer { none; };
notify no;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

7.restart bind service on master server
#/etc/init.d/bind9 restart

8.modify /etc/bind/named.conf.local on slave server

#vim /etc/bind/named.conf.local

zone "csp.com.tw" {
type slave;
file "db.csp.com.tw";
masters {
192.168.11.111;
};
};

zone "2.10.10.in-addr.arpa" {
type slave;
file "db.10.10.2";
masters {
192.168.11.111;
};
};



9.restart bind service on slave server

10.check /var/cache/bind to find new file named db.csp.com.tw transfered from master server

how to find installed packages on ubuntu system

root@django:/etc/bind# dpkg --get-selections | grep bind
bind9 install
bind9-doc install
bind9-host install
bind9utils install
libbind9-60 install

it will list all packags about bind installed in your system


root@django:/etc/bind# dpkg -L bind9
/etc
/etc/ufw
/etc/ufw/applications.d
/etc/ufw/applications.d/bind9
/etc/apparmor.d
/etc/apparmor.d/force-complain
/etc/apparmor.d/usr.sbin.named
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/zones.rfc1918
/etc/bind/db.127
/etc/bind/db.local
/etc/bind/db.root

it will show files within the packages you search