We will explore rndc, which is a new tool with BIND 9 that takes the place of ndc in BIND 8. First we need to create a key using dnssec-keygen: [root@srv-3 /root]# dnssec-keygen -a hmac-md5 -b 256 -n user rndc Krndc.+157+34404 [root@srv-3 /root]# ls Krndc.+157+34404.key Krndc.+157+34404.private [root@srv-3 /root]# cat *.private Private-key-format: v1.2 Algorithm: 157 (HMAC_MD5) […]
Using rndc to Administer BIND
BIND Administration with Webmin
We will use Webmin to automate updates of forward and reverse zones. Webmin will automatically update both, as well as restart your services and increment your serial number. Webmin is much more than just a DNS tool. It can be used to administer many services. Since Webmin is Open Source, released under the BSD license, […]
DNS/BIND TTL Settings During Domain Migrations
There are two different default DNS/BIND TTL settings you need to switch when moving domains to a different IP address. One is the negative caching setting in the SOA record, and the other is the default ttl at the top of the file ($ttl).. If you have different TTL settings for your indidual record, you […]
Logging With BIND 9
We talked in this article about setting the TTLs for DNS records in BIND for the purposes of moving a website, or, more specifically, changing the IP address of an authoritative DNS server. In this article, we will show you how to turn up the logging and output the results to a file. Again, this […]
Restricting Recursive Lookups with BIND 8/9
When you allow recursive lookups, you open yourself up to various security risks and performance issues, so you should only allow recursion when needed. Recursive lookups are lookups for domains you are not authoritative for. That is, if you are authoritative for mycompany.com, and you don’t allow recursion, then if somebody queries your server for […]
Example Domain for Documentation
If you need to put a domain name in documentation, example.net, example.com, and example.org are reserved for this purpose as defined in this RFC. This will prevent an inadvertently run script from causing trouble, as well as avoiding an association with a seemingly arbitrary host.
Replace Aging BIND on Virtual Dedicated Host – Part 1 – Compile BIND 9.5.0-P2
>1< | 2 | 3 We were checking out the various servers that we administer and noticed that one of our hosts is not up to the latest version of BIND. Yum update wasn’t giving us joy, so we grabbed the latest version of BIND: # wget http://ftp.isc.org/isc/bind9/9.5.0-P2/bind-9.5.0-P2.tar.gz –07:10:17– http://ftp.isc.org/isc/bind9/9.5.0-P2/bind-9.5.0-P2.tar.gz Resolving ftp.isc.org… 204.152.184.110, 2001:4f8:0:2::18 Connecting […]
Replace Aging BIND on Virtual Dedicated Host – Part 2 – Rip Out Old RPMs
1 | >2< | 3 We are ripping out the old RPMs. Let’s figure out what RPMs they are: # rpm -qa | grep bind bind-9.3.4-8.P1.fc6 bind-libs-9.3.4-8.P1.fc6 Let’s start removing them: # rpm -e bind-libs-9.3.4-8.P1.fc6 error: Failed dependencies: libbind9.so.0 is needed by (installed) bind-9.3.4-8.P1.fc6.i386 libdns.so.22 is needed by (installed) bind-9.3.4-8.P1.fc6.i386 libisc.so.11 is needed by (installed) […]
Replace Aging BIND on Virtual Dedicated Host – Part 3 – Modify SysV Init Scripts and PID Home
1 | 2 | >3< We need a directory for the PID, and put it in /var/run/named: # mkdir /var/run/named # ls -ld /var/run/named drwxr-xr-x 2 root root 4096 Aug 3 07:58 /var/run/named # chown named /var/run/named # chgrp named /var/run/named # ls -ld /var/run/named drwxr-xr-x 2 named named 4096 Aug 3 07:58 /var/run/named # […]
Verifying and Setting Recursion with DiG and BIND
There is another flurry of interest in DNS cache poisoning. The first thing that you should do is turn off recursion if you don’t need it. One way to determine this is with DiG: $ dig -v DiG 9.5.0-P2 $ Verizon operates a well known server that does recursive lookups: $ dig @4.2.2.3 example.com ; […]
Troubleshooting RAS with Device and PPP logs
Two files can be used to troubleshoot RAS problems: device.log and ppp.log. These files need to be enabled in the registry. For device.log, set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\Logging to 1. (default is 0) This will show you the communication between the server and the modem. For ppp.log, set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\Logging to 1. (default is 0) This will help you […]
LDAP / Palm OS integration
One problem we’ve always had here at NetAdminTools is the management of our various contacts databases. For the most part we use our Palm OS databases. The problem is that it is difficult to synchronize between various Palm OS databases. An even more nasty problem is that it is quite difficult under Linux to synchronize […]
Ports Used For Active Directory Authentication and Resource Access
We wondered just exactly what ports were being used by Active Directory and associated resource access. This can be monitored using TCPDump. If we run the following commands: [root@srv-34 root]# kinit administrator@SIGNALQINT.COM Password for administrator@SIGNALQINT.COM: [root@srv-34 root]# smbclient //10.50.100.36/public -k added interface ip=10.50.100.53 bcast=10.50.100.255 nmask=255.255.255.0 Doing spnego session setup (blob length=106) Doing kerberos session setup […]
Configuring Windows 2000 Telnet Service For Non-MS Clients
In this article we discussed how to install the telnet service on NT 4. Windows 2000 comes with a telnet service. Now, telnet is nasty, because it does not provide encryption like SSH does. One cool thing about telnet, though, is that it is great for testing layer 4 stuff. We will use this in […]
Using Network Load Balancing With Terminal Services
In this article we showed how to set up the Network Load Balancing service on Windows 2000 Advanced Server. In this article, we will show how to set up Terminal Services to use Network Load Balancing. One big limitation with running Terminal Services with network load balacing on Windows 2000 Advanced Server is that the […]
Importing Palm PDB files into SquirrelMail
In LDAP / Palm OS integration, we struggled with one of our favorite problems: integrating our Palm OS address database with email. Well, since then, we have been using SquirrelMail for most everything. We still do use our Palms as well. SquirrelMail can be configured to share the address book simply by creating a symbolic […]
Installing and Configuring SnipSnap
SnipSnap is a multi-purpose tool for collaborating. What attracts us to this particular Wiki implementation is the ease in which it deals with code snippets. It is also written in Java. For a couple awesome demos of how this can work in collaborative dev environments, see: expTaskDemo_v2 SnipSnap_Project_Demo Let’s install it and run it: u-1@srv-1 […]
Configuring Vsftpd
Vsftpd is claimed to be,”Probably the most secure and fastest FTP server for UNIX-like systems.” Well. That makes us want to look at it. What we need in this case, is for users with accounts on our system to have the ability to upload and download files without any other required client utilities; however, we […]
Windows Server Simple TCP/IP Services
Have you ever wondered just what the Simple TCP/IP Services did? Well, we did. On Windows Server 2003, you can add this service under Control Panel, Add or Remove programs, Windows Components, Networking Services: Here are the associated RFCs for the services: Quote of the Day Protocol Daytime Protocol Character Generator Protocol Echo Protocol Discard […]
Configuring Root Access for SSH
Most systems these days disable root access for good reasons. To change this setting, look in: /etc/ssh/sshd_config Of course, your location may be different. To enable root access change this line: PermitRootLogin yes To disable root access change this line: PermitRootLogin no For the changes to take effect, restart sshd: [root@srv-1 ssh]# /etc/init.d/sshd restart Stopping […]
