DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be...
-
Upload
darren-arnold -
Category
Documents
-
view
308 -
download
2
Transcript of DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be...
![Page 1: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/1.jpg)
DNS Setup
DNS CONFIGURATION
![Page 2: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/2.jpg)
DNS Configuration
DNS Setup
named daemon is used
A DNS Server may be caching/master/slave server
The named.ca file has information of all Root Servers.
There is a Forward Zone file and a Reverse Zone file for every domain.
Configuration file:
/var/named/chroot/etc/named.conf
Forward Zone File:
/var/named/chroot/var/named/<forward_zone_file>
Reverse Zone File:
/var/named/chroot/var/named/<reverse_zone_file>
![Page 3: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/3.jpg)
Sample Master named.confDNS Setup
zone "." { type hint; file "named.ca";};zone "0.0.127.in-addr.arpa" { type master; file "named.local"; allow-query {any;};};zone "iitk.ac.in" { type master; file "hosts.db"; allow-query {any;};};zone "95.200.203.IN-ADDR.ARPA" { type master; file "hosts.rev.203.200.95"; allow-query {any;};};
zone "iitk.ernet.in" {
type slave;
file "hosts.iitk.ernet.in";
masters { 202.141.40.10; };
allow-query {any;};
![Page 4: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/4.jpg)
Sample Forward Zone File
DNS Setup
$TTL 86400
@ IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. (
200605091 ; Serial
10800 ; Refresh - 3 hours
3600 ; Retry - 1 hour
1209600 ;Expire - 1 week
43200 ) ; Minimum TTL for negative answers - 12 hours
IN NS ns1.iitk.ac.in.
IN NS ns2.iitk.ac.in.
IN MX 5 mail0.iitk.ac.in.
IN MX 10 mail1.iitk.ac.in.
IN MX 20 mail2.iitk.ac.in.
$ORIGIN iitk.ac.in.
ns1 IN A 203.200.95.142
mail0 IN A 203.200.95.144
proxy IN CNAME mail0
![Page 5: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/5.jpg)
Sample Reverse Zone FileDNS Setup
$TTL 86400$ORIGIN 200.203.in-addr.arpa.95 IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 5 minutes 3600 ; Retry - 1 minute 1209600 ; Expire - 1 weeks 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns1.iitk.ac.in. IN NS ns2.iitk.ac.in.
$ORIGIN 95.200.203.in-addr.arpa.;;142 IN PTR ns1.iitk.ac.in.144 IN PTR mail0.iitk.ac.in.
![Page 6: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/6.jpg)
Configuring Local ResolverDNS Setup
/etc/resolv.conf
server 127.0.0.1
![Page 7: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/7.jpg)
Test DNSDNS Setup
nslookup
host
dig
Test your DNS with the following DNS diagnostics web site: dnsstuff.com
![Page 8: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/8.jpg)
Apache Setup
APACHE SETUP
![Page 9: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/9.jpg)
Web ServerWeb Server Setup
Apache Web Server is used
Daemon is httpd (service httpd start/stop/restart)
![Page 10: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/10.jpg)
Files used by ApacheWeb Server Setup
Configuration file: /etc/httpd/conf/httpd.conf
Log files: /var/log/httpd/access_log and /var/log/httpd/error_log
Modules /etc/httpd/modules
Default Document Root /var/www/html
Default CGI Root /var/www/cgi-bin
![Page 11: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/11.jpg)
Apache Configuration Directives
Web Server Setup
Server Name
Min and Max Servers
Document Root
CGI Enable/Disable
User Directory
Directory Index
Mime Types
Modules
Access Restrictions
Secure Server
Virtual Hosting
![Page 12: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/12.jpg)
Basic SettingsWeb Server Setup
Change the default value for ServerName www.<your-domain.com> in httpd.conf and put the website content in /var/www/html
Additionally you can configure Name based Virtual Hosting (allow more than one websites to run on the same server)
![Page 13: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/13.jpg)
Virtual HostingWeb Server Setup
NameVirtualHost *:80
<VirtualHost *:80>
ServerName server-name
DocumentRoot path-to-virtual-document-root
</VirtualHost>
<VirtualHost *:80>
ServerName server-name
DocumentRoot path-to-virtual-document-root
</VirtualHost>
![Page 14: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/14.jpg)
Squid Setup
SQUID SETUP
![Page 15: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/15.jpg)
Obtaining Squid
Squid Setup
Source code (in C) from www.squid-cache.org
Binary executables
Linux (comes with RedHat and others)
FreeBSD
Windows
Pre-installed in Fedora/Enterprise Linux
![Page 16: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/16.jpg)
Basic Settings
Squid Setup
Edit the /etc/squid/squid.conf file to configure squid
Configuration options:
Disk Cache size and location
Authentication
Allowed Hosts
Any other access restrictions (sites, content, size, time of access etc.) using ACL
service squid start/stop/restart
![Page 17: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/17.jpg)
Disc Requirements
Squid Setup
Squid makes very heavy use of disc because of heavy read/write in cache
Needs discs with low seek times
SCSI is better
Can spread cache over 2 or more discs
Raid not recommended
Cached data is not critical
![Page 18: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/18.jpg)
Calculating Disc Space
Squid Setup
Recommend keeping at least 2 days worth of objects
10 days may be better
Example:
256Kbps link loaded 10 hrs/day ~= 1GB
assume 50% cacheable - .5GB / day
2 days objects - 1GB
10 days objects - 5 GB
![Page 19: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/19.jpg)
Squid.conf Basic Configuration
Squid Setup
cache_dir ufs /var/spool/squid/cache 100 16 256
auth_param basic program /usr/lib/squid/ncsa_auth /etc/shadow
acl sidbiusers proxy_auth required
http_access allow sidbiusers
acl our_network src 172.28.250.0/24
http_access allow our_network
(Note: use squid –z for the first time to create the cache directory and its subdirectories)
![Page 20: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/20.jpg)
Sendmail Setup
SENDMAIL SETUP
![Page 21: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/21.jpg)
Sendmail ConfigurationMail Server Setup
Daemon: sendmailConfiguration File: /etc/mail/sendmail.mcEdit the following lines
LOCAL_DOMAIN(`localhost.localdomain')dnl(Replace localhost.localdomain by the domain name for which the mail server is being configured)DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl(comment this line by adding dnl at the start of the line)
dnl MASQUERADE_AS(`mydomain.com')dnl (remove dnl & replace mydomain.com by the domain name)
![Page 22: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/22.jpg)
Sendmail Configuration
Sendmail Setup
Add the range of IP addresses of your network in access file
(e.g. 172.31. Relay)
Run “make –C /etc/mail” command to compile sendmail.mc and generate sendmail.cf file.
Restart sendmail and watch for errors
![Page 23: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/23.jpg)
PoP & IMAP Server
Sendmail Setup
PoP3 & IMAP Server can be started using dovecot server. (service dovecot start)
![Page 24: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/24.jpg)
![Page 25: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/25.jpg)
Firewall
FIREWALL
![Page 26: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/26.jpg)
Basic Setup
Firewall
Internet
Database
ApplicationWeb Server
Firewall
![Page 27: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/27.jpg)
Firewall RulesIP Address of Source (Allow from Trusted Sources)
IP Address of Destination (Allow to trusted Destinations)
Application Port Number (Allow Mail but restrict Telnet)
Direction of Traffic (Allow outgoing traffic but restrict incoming traffic)
Firewall
![Page 28: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/28.jpg)
Firewall ImplementationHardware Firewall: Dedicated Hardware Box (Cisco PIX, Netscreen )
Software Firewall: Installable on a Server ( )
Host OSs (Windows XP/Linux) also provide software firewall features to protect the host
These days Firewalls provide IDS/IPS (Intrusion Detection System/Intrusion Prevention System) services also.
Firewall
![Page 29: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/29.jpg)
LINUX Firewall
Linux Security
Use GUI (Applications ->System Settings-> Security Level) to activate the firewall
Allow standard services and any specific port based application
All other services and ports are blocked
![Page 30: DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.](https://reader036.fdocuments.net/reader036/viewer/2022081503/56649d9d5503460f94a86882/html5/thumbnails/30.jpg)
LINUX Firewall
Linux Security