1.Master and slave configuration
2.acl setting
3.view setting
For making the Dns a Master dns server we give the type master and for making that slave we give type slaves. And by defaults in slaves the files will be copied from master to slaves defautl /var/named/slaves/ directory.
Acl setting acl setting is used to group a set of networks or individual ip's under a single name.
View setting is used to isolate the dns zones for a specific network as per acl or given ip's.we could give the ip's or network or acl which has access to the view in match-client {;}; option inside the view option .
-----------------------------------------------------------------------------
MASTERS-configuration file
-----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "example" { 192.168.122.0/24 ; 127/8 ; };
acl "virtual" { 192.168.100.0/24 ; 127/8 ; };
options {
listen-on port 53 { 127.0.0.1; example ; virtual ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; example; virtual; };
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view mixed {
match-clients { 192.168.122.2; 192.168.100.1; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
view internal {
match-clients { example; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
};
view external {
match-clients { virtual; };
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
#i:nclude "/etc/named.rfc1912.zones";
-----------------------------------------------------------------------------
SLAVES-configuration file
In salves the zones will have the entry
-----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.100.0/24 ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.100.0/24 ; };
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view external {
match-clients { 192.168.100.0/24; };
zone "virtual.com" IN {
type slave;
masters { 192.168.100.1 ; };
file "slaves/forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.100.1 ; };
file "slaves/reversevir.zone";
allow-update { none; };
};
};
Monday, October 22, 2012
Friday, October 19, 2012
Setting sendmail as default
alternatives --display mta
yum install sendmail
service postfix stop
chkconfig postfix off
vim /etc/mail/sendmail.mc
disable the line starting with DEAMON like below
dnl # DEAMON
make -C /etc/mail
alternatives --set Mta /usr/sbin/sendmail
service sendmail start
service sendmail restart
chkconfig sendmail on
yum install sendmail
service postfix stop
chkconfig postfix off
vim /etc/mail/sendmail.mc
disable the line starting with DEAMON like below
dnl # DEAMON
make -C /etc/mail
alternatives --set Mta /usr/sbin/sendmail
service sendmail start
service sendmail restart
chkconfig sendmail on
Wednesday, October 10, 2012
Apache + SSL = https
Here all my package are place in /apache directory
cd /apache
echo "Switching OFF httpd"
sleep 2
service httpd stop
chkconfig httpd off
echo "Installing needed packages..."
sleep 2
yum install -y pcre*
yum install -y gcc*
yum install -y libtool
yum install -y mod_ssl
yum install -y openssl*
yum install -y libxml*
updatedb
echo "Untaring apache..."
sleep 2
tar zxvf httpd-2.4.3.tar.gz
tar zxvf apr-1.4.6.tar.gz
tar zxvf apr-util-1.4.1.tar.gz
cd /apache
echo "Moving APR to directories..."
sleep 2
mv apr-1.4.6 /apache/httpd-2.4.3/srclib/apr
mv apr-util-1.4.1 /apache/httpd-2.4.3/srclib/apr-util
mkdir -p /http
cd httpd-2.4.3
echo "Compiling Apache..."
sleep 2
./configure --prefix=/http/ --enable-module=so --enable-rewrite=shared --with-included-apr --enable-cgi --enable-ssl
echo "Installing Apache..."
make
make install
echo "INSTALLATION COMPLETED...."
sleep 2
echo "Time for manual configuration..."
sleep 2
echo "Creating the SSL certificate and key"
sleep 2
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
echo "Copying the files to /http/conf"
sleep 2
cp server * /http/conf
echo "configure the ssl in apache"
gedit /http/conf/extra/httpd-ssl.conf
we should edit the ssl conf file to correct certificate and key file
echo "
#SSLEngine on
#SSLCertificateFile
#SSLCertificateKeyFile
" >> /http/conf/httpd.conf
tail -n 7 /etc/httpd/conf/httpd.conf >> /http/conf/httpd.conf
gedit /http/conf/httpd.conf
in httpd conf file we need to give the above 3 lines and path to certificate and key .we need to check whether the module is loaded or hashed ,if hashed we need to un hash it
the a proper service restart will ask for password
/http/bin/apachectl restart
cd /apache
echo "Switching OFF httpd"
sleep 2
service httpd stop
chkconfig httpd off
echo "Installing needed packages..."
sleep 2
yum install -y pcre*
yum install -y gcc*
yum install -y libtool
yum install -y mod_ssl
yum install -y openssl*
yum install -y libxml*
updatedb
echo "Untaring apache..."
sleep 2
tar zxvf httpd-2.4.3.tar.gz
tar zxvf apr-1.4.6.tar.gz
tar zxvf apr-util-1.4.1.tar.gz
cd /apache
echo "Moving APR to directories..."
sleep 2
mv apr-1.4.6 /apache/httpd-2.4.3/srclib/apr
mv apr-util-1.4.1 /apache/httpd-2.4.3/srclib/apr-util
mkdir -p /http
cd httpd-2.4.3
echo "Compiling Apache..."
sleep 2
./configure --prefix=/http/ --enable-module=so --enable-rewrite=shared --with-included-apr --enable-cgi --enable-ssl
echo "Installing Apache..."
make
make install
echo "INSTALLATION COMPLETED...."
sleep 2
echo "Time for manual configuration..."
sleep 2
echo "Creating the SSL certificate and key"
sleep 2
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
echo "Copying the files to /http/conf"
sleep 2
cp server * /http/conf
echo "configure the ssl in apache"
gedit /http/conf/extra/httpd-ssl.conf
we should edit the ssl conf file to correct certificate and key file
echo "
#SSLEngine on
#SSLCertificateFile
#SSLCertificateKeyFile
" >> /http/conf/httpd.conf
tail -n 7 /etc/httpd/conf/httpd.conf >> /http/conf/httpd.conf
gedit /http/conf/httpd.conf
in httpd conf file we need to give the above 3 lines and path to certificate and key .we need to check whether the module is loaded or hashed ,if hashed we need to un hash it
the a proper service restart will ask for password
/http/bin/apachectl restart
Subscribe to:
Posts (Atom)