DNS utilities and daemons

The following daemon and utilities form the heart of DNS operations:

named

This daemon must be running for DNS to be operational on all but remote servers. After you enable your server, named is invoked each time your system enters multiuser mode. It reads information found in the configuration file, named.conf(4tcp), and takes appropriate actions: priming the cache, accessing zone files, and so on. named can also be invoked from the command line; see named(1Mtcp) for more information.

named-xfer

This command enables you to transfer a DNS zone from one server to another in asynchronous mode so that named can continue processing requests. See the manual page for named-xfer(1Mtcp) for more information.

nslookup

This command allows you to request DNS information, including names, addresses, and other resource records, from any server you can reach from your computer. You can use nslookup to request a single record or start an nslookup session to request multiple records from one or more servers. See nslookup(1Mtcp) or “BIND 9 Administrator’s Guide” for more information.

dig

This command is similar to nslookup but with a slightly different syntax. See dig(1Mtcp) for more information.

host

This command is useful for finding out information about individual or multiple hosts. See host(1Mtcp) for more information.

Source: http://docsrv.sco.com/NET_tcpip/dnsC.daemons.html

Set Up a Primary Master Name Server Using BIND9

This is a step by step guide on how to configure BIND9 as a Primary Master Name Server.

A Primary Master Name Server reads data for a domain zone from a file located on it’s host and is authoritative for that zone. Every zone needs to have at least one DNS name server that is responsible for it. When any device on the Internet wants to know something about a zone, it consults one of its authoritative servers.

The steps will configure your name server as a Primary Master for engrdhee.com. Replace engrdhee.com with your own FQDN (Fully Qualified Domain Name).

Name Server Configuration

Step 1: Configure your Local Network.
Set up the name server’s IP configuration in /etc/network/interfaces.

Step 2: Edit host settings on the name server. Edit /etc/hosts.

[Internet address] [official hostname] [alias1]
127.0.0.1       ns1     localhost.localdomain   localhost
192.168.1.4     ns1.engrdhee.com                 ns1

/etc/hosts file contains IP addresses associated on each host names. The file is accessed by commands that use the network in the absence of a name server.

Step 3: Create a zone file on /etc/bind directory.

sudo nano db.engrdhee.com
; BIND data file for local loopback interface
$TTL    604800
@       IN      SOA     ns1.engrdhee.com. root.engrdhee.com. (
                              4         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
                        NS      ns1.engrdhee.com.

router  IN      A       192.168.1.1
ns1     IN      A       192.168.1.4
laptop          A       192.168.1.2

A zone file is a text file containing a list of all the hosts in your domain, and their corresponding IP address.
DNS records are listed at the bottom of the zone. Here’s a list of DNS records and their meaning:
SOA – Start of Authority. The record that states that this server is authorative for the specified domain.
NS – Name server: Specifies the name server to use to look up a domain
MX – Mail Exchange: Specifies mail server(s) for the domain.
A – A Record: Used for linking a FQDN to an IP address
CNAME – Canoical name: Used to assign aliases to existing A records.
PTR – Used to reveres map IP addresses to a FQDN.

Step 4: Create a reverse zone file.

sudo nano rev.1.168.192.in-addr.arpa
; BIND reverse data file for local loopback interface
$TTL    604800
@       IN      SOA     ns1.engrdhee.com. root.engrdhee.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
        IN      NS      ns1.engrdhee.com
1       IN      PTR     router.engrdhee.com
2       IN      PTR     laptop.engrdhee.com

A Reverse zone allows DNS to conversion from an address to a name.

Increment the serial every time changes are made in the zone and reverse zone file.

Step 5: Edit /etc/bind/named.conf.local.

zone "engrdhee.com" {
        type master;
        file "/etc/bind/db.engrdhee.com";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/rev.1.168.192.in-addr.arpa";
};

The configuration will tell bind to use the files we created.

Step 6: Configure server firewall, if any.
Open port 53 to accept DNS requests. For ufw, use:

sudo ufw allow 53
sudo ufw allow bind9

sudo ufw app list will list available apps.

Step 7: Reload service.

sudo service bind9 reload

Client Configuration

Step 1: Configure each clients with their correct name server. Edit /etc/resolv.conf.

domain engrdhee.com
search engrdhee.com
nameserver 192.168.1.4
nameserver 192.168.1.1

Testing

tail -f /var/log/syslog
Output should be:

Sep 28 17:57:04 dhee-engr named[3047]: received control channel command 'reload'
Sep 28 17:57:04 dhee-engr named[3047]: loading configuration from '/etc/bind/named.conf'
Sep 28 17:57:04 dhee-engr named[3047]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Sep 28 17:57:04 dhee-engr named[3047]: using default UDP/IPv4 port range: [1024, 65535]
Sep 28 17:57:04 dhee-engr named[3047]: using default UDP/IPv6 port range: [1024, 65535]
Sep 28 17:57:04 dhee-engr named[3047]: reloading configuration succeeded

Use DNS utilities, daemons and other commands to test.
e.g.:

dig engdrhee.com
nsllookup engrdhee.com
route -n 
ping engrdhee.com 
named-checkzone engrdhee.com /etc/bind/db.engrdhee.com
named-checkzone engrdhee.com /etc/bind/rev.1.168.192.in-addr.arpa
dig rev.1.168.192.in-addr.arpa. AXFR

Set Up a Caching Name Server Using BIND9

This is a guide on how to configure BIND9 as a Caching Name Server. BIND9 is set-up as a caching name server by default.

A Caching Name Server caches a received information about a IP-address and FQDN (Fully Qualified Domain Name) mapping. It will reduce the search cost, reducing bandwidth and latency.

Name Server Configuration

Step 1: Add the IP address of your ISP’s DNS servers on /etc/bind/named.conf.options.

        forwarders {
             8.8.8.8;
             8.8.4.4;
        };

In this case, google’s public dns is used. You can replace them with your ISP’s DNS servers.

Step 2: Restart the BIND daemon.

sudo /etc/init.d/bind9 restart

Client Configuration

Step 1: Add the IP Address of your Name Server on /etc/resov.conf.

nameserver 192.168.1.2

Testing

dig -x 127.0.0.1
Output should be:

; <> DiG 9.4.1-P1 <> -x 127.0.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
[...]
;; Query time: 1 msec
;; SERVER: 172.18.100.80#53(172.18.100.80)
;; WHEN: Mon Nov 26 23:22:53 2007
;; MSG SIZE  rcvd: 93

dig google.com twice
Compare the query time. The second query time should improve. This is because your server cache the query.

DNS Server – BIND9

http://www.google.com is actually 74.125.71.104. Thanks to the power of DNS Servers! We do not have to remember the numeric address 74.125.71.104 just to visit google.com. A DNS Server, a Name Server as we may call it, contains a record of ip addresses and their equivalent domain name.

BIND (Berkley Internet Naming Daemon) is the most widely used DNS software on the Internet. It provides various services such as caching Name Server and serving DNS Zones for a domain name.

BIND9 Configuration Files

Configuration files are stored in /etc/bind.
Main configuration files are:

/etc/bind/named.conf
/etc/bind/named.conf.options
/etc/bind/named.conf.local

How to Install BIND9

sudo apt-get install BIND9

sudo apt-get install dnsutils

A useful package for testing and troubleshooting DNS issues.

Find System Up Time on Windows

To see the system up time, follow the steps below.

Step 1: Type cmd on run.

Step 2: Enter the following command at the command prompt:

systeminfo|find "Time:"

But it is easier to see the system up time in Windows 7. Here are the steps.

Step 1: Lunch Task Manager.

Ctrl+Alt+Delete
Right Click and select Task Manager
Ctrl+Shift+Escape

Step 2: Click on the Performance Tab.

The system’s up-time is displayed next to Up Time in the format of Days:Hours:Minutes:Seconds.

Configuring Network Interfaces

Step1: Edit etc/network/interfaces
e.g.:

sudo vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 10.50.15.12
netmask 255.255.255.192.
gateway 10.50.26.1

Disable Network Manager first. Unless, your configuration will be ignored.

Step 2: Start networking

sudo /etc/init.d/networking start

Step 3: Check your network information

ifconfig

Other than editing /etc/network/interfaces, here’s another way to configure your network interface:
The following are low-level commands.

$ sudo ifconfig eth0 192.168.7.26 netmask 255.255.255.0 broadcast 192.168.7.255 ←
$ sudo ifconfig eth0 down ←
$ sudo route add -net 192.168.7.0 netmask 255.255.255.0 dev eth0 ←
$ sudo route add default gw 192.168.7.1 ←

Network Configuration (Files and Commands)

Files

/etc/hostname – holds the hostname
/etc/hosts – file mapping of IP addresses – hostnames
/etc/networks – maps network addresses -names
/etc/host.conf – replaced by nsswitch
/etc/resolv.conf – client dns configuration
/etc/services – maps port numbers to names
/etc/nsswich.conf – name service switch configuration file, determines how system looks up name and various other things.

Commands

ifconfig – show and configure network interfaces
route – show and configure network routes
dhcpcd, dhcpclient, pmp – DHCP clients
dig – tests DNS servers
host – query and debug DNS servers
hostname – display hostname, and NIS domaind setting
netstat – shows what service is listening on what port
ping – sends ICMP echo request to hosts
traceroute – show the path (display routes) that a network connection takes.
mtr – works like traceroute in real time
tcpdump – packet sniffer command that displays the contents of packets received on a network interface.
route -n – view the routing table
whois – queries information about the owner of the domain

Netstat
netstat -a -u -t – Prints ports in use
netstat -r – Prints routing table
netstat -i – Prints interfaces
netstat -g – Prints multicast groups
netstat -M – Prints masqueraded connections
netstat -s – Prints statistics

System Logs

Files

/etc/syslog.conf – configuration file for sysylogd in Red Hat
/etc/rsyslog.conf – configuration file for syslogs in Debian. Consists rules of the form: (facility) .(level ) (action)

rsyslog.conf contains:

# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
less 50   
...
...
...
/var/log/* # log files are found

syslog facility shows where the log messages come from:
authpriv — security/authorization messages (private)
cron — clock daemon (cron and at)
daemon — system daemons without separate facility
value
ftp — ftp daemon
kern — kernel messages
local0. . . local7 — reserved for local use
lpr — line printer subsystem
mail — mail subsystem
news — USENET news subsystem
syslog — messages generated internally by syslogd
user — generic user-level message
uucp — UUCP subsystem

security threshhold beyond which messages are logged in decreasing importance:
emerg — system is unusable
alert — action must be taken immediately
crit — critical conditions
err — error conditions
warning — warning conditions
notice — normal, but significant, condition
info — informational message
debug — debug-level message

syslog actions can be:
– filename (with full pathname), or
– a hostname preceded with ‘@’, or
– a comma-separated list of users, or
– an asterisk ‘*’ meaning all logged in users

logrotate

logrotate rotates, compresses, and mails system logs. Main configuration file is stored in /etc/logrotate.conf but most configuration belongs to the software packages, which put a file into directory /etc/logrotate.d/.

Examining Log Files

tail -f – watch log files in real time
e.g.:

sudo tail -f /var/log/messages
sudo less /var/log/messages

each syslog message contains:
date and time – machine’s local time
hostname – hostname of the ,achine that generated the message
program or user – that generates the message
message text

Scheduling Jobs

at

at runs a command once. at takes a time and a list of commands to run. Any output to STDOUT or STDERR will be mailed to the user running at.

e.g.:

at 5pm
at> date
at> ^D

Commands:
atrm – remove jobs, identified by job number
syntax:
atrm job#

atq – lists a user’s pending jobs
syntax:
atq

at -c – to dump the job on STDOUT
syntax
at -c job#

at File Formats:
17:36 – Run at 5:36pm today or tomorrow.
9pm May 8 – Run at 9pm on May 8th.
noon tomorrow – Run at 12pm tomorrow.
now + 2 hours – Run in 2 hours.

cron

cron runs a command periodically.

crond is a daemon that reads everyone’s crontab information. crontab is located in /etc/crontab.

/etc/crontab contains:

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

Commands:
crontab file – replace crontab file with file.
crontab -l – list crontab.
crontab -r -remove crontab.
crontab -e – edit crontab (with $EDITOR).

crontab File Format
minute (0-59)
hour (0-23)
day of month (1-31)
month (1-12 or jan-dec)
day of week (0-7 or sun-sat)

e.g.:

0 7 1 jan * echo "sleep in, you dont feel so good"
# gratuitous noise
0 17 * * mon,wed,fri wall%meeting in 5 minutes%
0 9-18/2 * * mon-fri $HOME/bin/cron.bihourly

anacron

anacron runs any missed jobs after reboot. It is located in /etc/anacrontab.

/etc/anacrontab contains:

# /etc/anacrontab: configuration file for anacron

# See anacron(8) and anacrontab(5) for details.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# These replace cron's entries
1       5       cron.daily       nice run-parts --report /etc/cron.daily
7       10      cron.weekly      nice run-parts --report /etc/cron.weekly
@monthly        15      cron.monthly nice run-parts --report /etc/cron.monthly

Frequency of anacron jobs can only be specified in days.

NTP Server and Client Configuration

NTP stands for Network Time Protocol, and it is an Internet protocol used to synchronize the clocks of computers to some time reference. NTP is an Internet standard protocol that is implemented via UDP over port 123. It is the best way to set your system clock correctly.

According to a Survey of the NTP Network, there were at least 175,000 hosts running NTP in the Internet. Source: http://alumni.media.mit.edu/~nelson/research/ntp-survey99/

Here is a step by step guide on how to configure NTP on your Ubuntu machine. Please read my previous post to better understand this guide for NTP Server and Client Configuration.

NTP Server Configuration

Step 1: Install NTP server on your machine.

sudo apt-get install ntp

Step 2: Configure NTP server. NTP’s default main configuration file is located at /etc/ntp.conf.
a: add a number of servers to the server list

server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org

b: restrict the server’s type of access

restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery

Servers are not allowed to modify the run-time configuration or query your own NTP server.

c: set the localhost to have full access without any restricting keywords

restrict 127.0.0.1

d: define the network where NTP synchronization requests are accecpted by the NTP server

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Step 3: Stop NTP.

/etc/init.d/ntp stop

Step 4: Run ntpdate command.

ntpdate 192.168.1.1

Step 5: Start NTP for the settings to take effect.

/etc/init.d/ntp restart

Step 6: Check if NTP is synchronized.

ntpq -p

Configured time servers are listed. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.

NTP Client Configuration

Follow the same steps provided above and set your server configuration setting to your own server’s current ip address.
server configuration settings on ntp.conf

#server 192.168.1.1