Monday, November 14, 2011

Fedora Core DNS Server using BIND



Setting and configure BIND as and Domain Name Sever (DNS) on Fedora Core Linux machine.

1. DNS (domain name system)
Correspondence of IP address and hostname
The  /etc/hosts file example

# IP Address Hostname Alias
127.0.0.1 localhost
192.168.42.1 apple www
192.168.42.2 desk desk.domain.cxm

Installation of BIND


BIND (Berkeley Internet Name Domain)

[root@tenouk ~]# mount /mnt/cdrom
[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS
[root@tenouk ~]# rpm –Uhv bind-9.2.0-8.i386.rpm
[root@tenouk ~]# rpm –Uhv caching-nameserver-7.2.1.noarch.rpm
[root@tenouk ~]# cd /
[root@tenouk ~]# umount /dev/cdrom


Setting of client and server


edit the resolf.conf file to enable the client or server to find the DSN server.

[root@tenouk ~]# vi /etc/resolv.conf
search kimura.com
nameserver 10.10.0.235

Definition of IP address of DNS server which client uses

Setting the DNS server.


[root@tenouk ~]# vi /etc/named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
// The following code is added
zone "kimura.com" IN {
type master;
file "named.kimura.com";
allow-update { none; };
};

zone "0.10.10.in-addr.arpa" IN {
type master;
file "named.10.10.0";
allow-update { none; };
};

include "/etc/rndc.key";


[root@tenouk ~]# cp /var/named/named.local /var/named/named.10.10.0
[root@tenouk ~]# vi /var/named/named.10.10.0

$TTL 86400
@ IN SOA jmtist20.kimura.com. root.jmtist20.kimura.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS jmtist20.kimura.com.

235 IN PTR jmtist20.kimura.com.
236 IN PTR compaq.kimura.com.


[root@tenouk ~]# cp /var/named/named.local /var/named/named.kimura.com
[root@tenouk ~]# vi /var/named/named.kimura.com

$TTL 86400
@ IN SOA jmtist20.kimura.com. root.jmtist20.kimura.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS jmtist20.kimura.com

IN MX 10 jmtist20.kimura.com

jmtist20 IN A 10.10.0.235
compaq IN A 10.10.0.236

Start BIND service


Start, stop and restart the named service.

[root@tenouk ~]# /etc/rc.d/init.d/named start
[root@tenouk ~]# /etc/rc.d/init.d/named stop
[root@tenouk ~]# /etc/rc.d/init.d/named restart

or

[root@tenouk ~]# /sbin/service named start
[root@tenouk ~]# /sbin/service named stop
[root@tenouk ~]# /sbin/service named restart

Setting automatic start for named on runlavel 3 and runlevel 5..

[root@tenouk ~]# /sbin/chkconfig --level 35 named on

Confirmation of automatic start.

[root@tenouk ~]# /sbin/chkconfig --list named

Confirmation of bind.


Use the command example below to test your DNS server functionality.

[root@tenouk ~]# ping 10.10.0.235
[root@tenouk ~]# ping 10.10.0.236
[root@tenouk ~]# ping jmtist20
[root@tenouk ~]# ping compaq
[root@tenouk ~]# ping jmtist20.kimura.com
[root@tenouk ~]# ping compaq.kimura.com
[root@tenouk ~]# nslookup jmtist20.kimura.com
[root@tenouk ~]# nslookup compaq.kimura.com
[root@tenouk ~]# nslookup 10.10.0.235
[root@tenouk ~]# nslookup 10.10.0.236

Note:
SOA - Start of authority
NS - Name server
A - Address record
PTR - Pointer record
MX - Mail exchanger

Configure NFS server and Configure NFS client - Network File System



NFS offers service which can use the file which other remote hosts have as well as the file which a local host has.  Portmapper should should be install and configure in order to start NFS service.  The article below show the step by step NFS installation, the NFS server configuration and NFS client configuration.

Installation of NFS server


[root@tenouk ~]# mount /dev/cdrom
[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS
[root@tenouk ~]# rpm –Uhv nfs-utils-0.3.1-13.i386.rpm
[root@tenouk ~]# cd /
[root@tenouk ~]# umount /dev/cdrom

Start and stop NFS service


[root@tenouk ~]# /sbin/service nfs start
[root@tenouk ~]# /sbin/service nfs stop

Setting of automatic start for NFS


Set automatically start for nfs on runlevel 3 and runlevel 5.

[root@tenouk ~]# /sbin/chkconfig –level 35 nfs on

Confirmation of automatic start

[root@tenouk ~]# /sbin/chkconfig --list nfs
nfs 0:off 1: off 2: off 3: on 4: off 5:on 6: off
[root@tenouk ~]#

Configure /etc/exports


File which sets which file or directory on NFS server other hosts can share
It is called export to put out permission to other hosts.

[root@tenouk ~]# vi /etc/exports
/home 10.10.0.0/255.255.0.0(rw)

The NFS mount is permitted to be done to the host who has belonged to 10.10.0.0/255.255.0.0 while possible to be read and written.

Configure /usr/sbin/exportfs


The content written in /etc/exports is moved to the export table.

[root@tenouk ~]# /usr/sbin/exportfs –a

All content written in /etc/exports is made effective.

[root@tenouk ~]# /usr/sbin/exportfs –v

The content of a present export table is displayed.

Confirmation of NFS mount


Which client does the NFS mount is confirmed.

[root@tenouk ~]# showmount
Host on localhost
192.168.0.199
[root@tenouk ~]#

Display the NFS mount directory.

[root@tenouk ~]# showmount –d
/home
/export
[root@tenouk ~]#

The directory and the client that the NFS mount is done are displayed.

[root@tenouk ~]# showmount –a
hostA:/home
192.168.0.2:/export
192.168.0.3:/export
[root@tenouk ~]#

Setting of NFS client


[root@tenouk ~]# mount –t nfs compaq:/export /mnt/nfs
(type)

Directory /export on NFS server compaq is done and the NFS mount is done to local host's /mnt/nfs.

Un mount NFS.


[root@tenouk ~]# umount /mnt/nfs

Automatic mount NFS filesystem


When starting, the mount is done when the NFS mount is described in /etc/fstab.

[root@tenouk ~]# vi /etc/fstab
hostA:/export /mnt/nfs mfs soft 0 0

The first field : Directory name on NFS server
The second field : Mount point on local host
The third field : Kind of filesystem
The fourth field : Mount option
The fifth field :
The sixth field :

Automount NFS


Installation of autofs is needed to make sure that the NFS is aoutmatically mount.

Confirmation on autofs installation.

[root@tenouk ~]# rpm -q autofs 

Installation of autofs.


Install autofs using rpm package.

[root@tenouk ~]# mount /dev/cdrom
[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS
[root@tenouk ~]# rpm -Uhv autofs-3.1.7-28.i386.rpm
[root@tenouk ~]# cd /
[root@tenouk ~]# umont /dev/cdrom

Start, stop and restart autofs.

[root@tenouk ~]# /sbin/service autofs start
[root@tenouk ~]# /sbin/service autofs stop
[root@tenouk ~]# /sbin/service autofs restart

Setting of autofs automatic start.

[root@tenouk ~]# /sbin/chkconfig --level 35 autofs on

Confirmation of autofs automatic start

[root@tenouk ~]# /sbin/chkconfig --list autofs

Setting which uses NIS


The configuration on the NIS server

[root@tenouk ~]# vi /etc/auto.master
/nfs /etc/auto.home --timeout 60

[root@tenouk ~]# vi /etc/auto.home
home -rw,hard,intr,nolock compaq:/home

[root@tenouk ~]# vi /var/yp/Makefile
all: passwd group hosts rpc services netid protocols mail \
shadow auto.home \
# netgrp shadow publickey networks ethers bootparams printcap \
# amd.home auto.master auto.home auto.local passwd.adjunct \
# timezone locale netmasks

Update of NIS data base


[root@tenouk ~]# cd /var/yp
[root@tenouk ~]# make

Setting on the NIS / NFS client side


Confirmation of auto.home

[root@tenouk ~]# ypcat auto.home
-rw,hard,intr,nolock compaq:/home

[root@tenouk ~]# vi /etc/auto.master
/nfs auto.home --timeout 60

Setup and configure NIS server and NIS client on Fedora Core Linux operating system.


 NIS required only when NIS (Network Information Service) is used, Nis involve only with the user registration etc. only to the server.  The article below the step by step setup and configure the NIS server and NIS client on Fedora operating system, the article also include the setup of portmap, nsswitch and using tools such as ypwhich, ypcat and ypmatch.

Setting of NIS domain server and client
The following line is added to /etc/sysconfig/network.

NISDOMAIN=nisdomain.com

Portmapper should start to operate NIS and NFS.
Portmapper allocates the TCP/UDP port number in the RPC service program.
The main RPC service program PORTMAPPER,NFS,YPSERV,MOUNTD,YPBIND,YPPASSWDD

Portmap installation


[root@tenouk ~]# mount /dev/cdrom
[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS
[root@tenouk ~]# rpm –Uhv portmap-4.0-38.i386.rpm
[root@tenouk ~]# cd /
[root@tenouk ~]# umount /dev/cdrom

Start  and stop portmap service


[root@tenouk ~]# /sbin/service portmap start
[root@tenouk ~]# /sbin/service portmap stop

Confirmation of automatic start of portmap


List the automatic start for portmap service.

[root@tenouk ~]# /sbin/chkconfig --list portmap

Setting of automatic start of portmap.

[root@tenouk ~]# /sbin/chkconfig --level 35 portmap on

Setting of NIS Server


NIS installation


[root@tenouk ~]# mount /dev/cdrom
[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS
[root@tenouk ~]# rpm –Uhv ypserv-1.3.12-2.i386.rpm
[root@tenouk ~]# cd /
[root@tenouk ~]# umount /dev/cdrom

Control of ypserv

[root@tenouk ~]# /sbin/service ypserv start
[root@tenouk ~]# /sbin/service ypserv stopt

Setting of automatic start of ypserv

[root@tenouk ~]# /sbin/chkconfig --level 35 ypserv on

Confirmation of automatic start of ypserv

[root@tenouk ~]# /sbin/chkconfig --list ypserv

Ypserv controls the access by /var/yp/securenets.

[root@tenouk ~]# vi /var/yp/securenets

0.0.0.0 0.0.0.0 //The access from all hosts is permitted.
255.255.255.0 192.168.0.0

Ypserv responds only from the host who belongs to 192.168.0.0/24.

NIS Map


   One NIS server or more is necessary to use NIS. NIS data bases contains user information and host information, etc. are put on the NIS server. One of NIS must becomes a master server when two or more NIS servers are prepared, and the remain becomes a slave server.  All information is set on the master server, and the slave server maintains the copy.  The file such as /etc/passwd on the master server is converted into the NIS map.

Example of NIS map

(file) (nis map)
passwd passwd.byname passwd.byuid
hosts hosts.byname hosts.byaddr

Making NIS map


1. Information necessary for the file is written If it is for instance /etc/hosts, the host name and Internet Protocol address are written.
2. The NIS data base is made from these files.

[root@tenouk ~]# cd /var/yp
[root@tenouk ~]# make

Setting of master server


Information in the NIS map is reflected in the mastering server.

[root@tenouk ~]# /usr/lib/yp/ypinit –m

The NIS slave server name is heard when executing.
Besides, when the NIS server does not exist, ends if CTRL+D is input.

Setting of slave server


[root@tenouk ~]# /usr/lib/yp/ypinit –s masterservername

Information in the NIS map is automatically copied from the master server.

Setting of NIS client


The installation process of ypbind and yp-tools.

[root@tenouk ~]# mount /dev/cdrom
[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS
[root@tenouk ~]# rpm –Uhv ypbind-1.8-1.i386.rpm
[root@tenouk ~]# rpm –Uhv yp-tools-2.5-1.i386.rpm
[root@tenouk ~]# cd /
[root@tenouk ~]# umount /dev/cdrom

Beginning and stop of ypbind)

[root@tenouk ~]# /sbin/service ypbind start
[root@tenouk ~]# /sbin/service ypbind stop

Setting of automatic start)

[root@tenouk ~]# /sbin/chkconfig --level 35 ypbind on

Confirmation of automatic start

[root@tenouk ~]# /sbin/chkconfig --list ypbind

Specification of nis server


Open and edirt yp.conf file.

[root@tenouk ~]# vi /etc/yp.conf

# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
#domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
#domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
#ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#

Setting of name service switch


   For instance, information on the user has two of information from /etc/passwd and NIS of each client. Moreover, the host name has three of information from /etc/hosts, NIS, and DNS of each client. By what priority level these information is used specifies the name service switch depending.

[root@tenouk ~]# vi /etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files nisplus
shadow: files nisplus
group: files nisplus

#hosts: db files nisplus nis dns
hosts: files nisplus dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files nisplus
rpc: files
services: files nisplus

netgroup: files nisplus

publickey: nisplus

automount: files nisplus
aliases: files nisplus

Using ypwhich


Ypwhich displays which NIS server to be used.

[root@tenouk ~]# ypwhich
nisdomainA
[root@tenouk ~]#

The list of the data base map is output

[root@tenouk ~]# ypwhich –x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
$

Using ypcat


Display the content of the NIS data base output.

Nis passwd

[root@tenouk ~]# ypcat passwd
nfsnobody:!!:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
kimura:$1$e9/Rybex$xgn0t2ioIJuCjzLOiFIua1:500:500::/home/kimura:/bin/bash
[root@tenouk ~]#

hosts file

[root@tenouk ~]# ypcat hosts
10.10.0.234 nt
127.0.0.1 RedHatA localhost.localdomain localhost
127.0.0.1 RedHatA localhost.localdomain localhost
10.10.0.235 RedHatA
[root@tenouk ~]#

Using ypmatch


A specific key word of the NIS data base is retrieved, and the result is output.

[root@tenouk ~]# ypmatch nt hosts
10.10.0.234 nt
[root@tenouk ~]#