Scribd Logo
Upload

Welcome to Scribd!

  • DNS Configuration

    Uploaded by

    omkar
    79 views30 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    79 views30 pages

    DNS Configuration

    Uploaded by

    omkar

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    DNS Setup

    DNS CONFIGURATION
    DNS Setup

    DNS Configuration
    named daemon is used
    A DNS Server may be caching/master/slave server
    The named.ca file has information of all Root Servers.
    There is a Forward Zone file and a Reverse Zone file for
    every domain.
    Configuration file:
    /var/named/chroot/etc/named.conf
    Forward Zone File:
    /var/named/chroot/var/named/<forward_zone_file>
    Reverse Zone File:
    /var/named/chroot/var/named/<reverse_zone_file>
    DNS Setup

    Sample Master named.conf


    zone "." {
    type hint;
    file "named.ca";
    };
    zone "0.0.127.in-addr.arpa" {
    type master;
    file "named.local";
    allow-query {any;};
    };
    zone "iitk.ac.in" {
    type master;
    file "hosts.db";
    allow-query {any;};
    };
    zone "95.200.203.IN-ADDR.ARPA" {
    type master;
    file "hosts.rev.203.200.95";
    allow-query {any;};
    };
    zone "iitk.ernet.in" {
    type slave;
    file "hosts.iitk.ernet.in";
    masters { 202.141.40.10; };
    allow-query {any;};
    DNS Setup

    Sample Forward Zone File


    $TTL 86400
    @ IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. (
    200605091 ; Serial
    10800 ; Refresh - 3 hours
    3600 ; Retry - 1 hour
    1209600 ;Expire - 1 week
    43200 ) ; Minimum TTL for negative answers - 12 hours
    IN NS ns1.iitk.ac.in.
    IN NS ns2.iitk.ac.in.
    IN MX 5 mail0.iitk.ac.in.
    IN MX 10 mail1.iitk.ac.in.
    IN MX 20 mail2.iitk.ac.in.

    $ORIGIN iitk.ac.in.
    ns1 IN A 203.200.95.142
    mail0 IN A 203.200.95.144
    proxy IN CNAME mail0
    DNS Setup

    Sample Reverse Zone File


    $TTL 86400
    $ORIGIN 200.203.in-addr.arpa.
    95 IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. (
    200605091 ; Serial
    10800 ; Refresh - 5 minutes
    3600 ; Retry - 1 minute
    1209600 ; Expire - 1 weeks
    43200 ) ; Minimum TTL for negative answers - 12 hours
    IN NS ns1.iitk.ac.in.
    IN NS ns2.iitk.ac.in.

    $ORIGIN 95.200.203.in-addr.arpa.
    ;
    ;
    142 IN PTR ns1.iitk.ac.in.
    144 IN PTR mail0.iitk.ac.in.
    DNS Setup

    Configuring Local Resolver

    /etc/resolv.conf

    server 127.0.0.1
    DNS Setup

    Test DNS

    nslookup
    host
    dig
    Test your DNS with the following DNS diagnostics
    web site: dnsstuff.com
    Apache Setup

    APACHE SETUP
    Web Server Setup

    Web Server

    Apache Web Server is used


    Daemon is httpd (service httpd start/stop/restart)
    Web Server Setup

    Files used by Apache

    Configuration file: /etc/httpd/conf/httpd.conf


    Log files: /var/log/httpd/access_log and
    /var/log/httpd/error_log
    Modules /etc/httpd/modules
    Default Document Root /var/www/html
    Default CGI Root /var/www/cgi-bin
    Web Server Setup

    Apache Configuration Directives


    Server Name
    Min and Max Servers
    Document Root
    CGI Enable/Disable
    User Directory
    Directory Index
    Mime Types
    Modules
    Access Restrictions
    Secure Server
    Virtual Hosting
    Web Server Setup

    Basic Settings
    Change the default value for ServerName
    www.<your-domain.com> in httpd.conf and put the
    website content in /var/www/html
    Additionally you can configure Name based Virtual
    Hosting (allow more than one websites to run on
    the same server)
    Web Server Setup

    Virtual Hosting

    NameVirtualHost *:80

    <VirtualHost *:80>
    ServerName server-name
    DocumentRoot path-to-virtual-document-root
    </VirtualHost>

    <VirtualHost *:80>
    ServerName server-name
    DocumentRoot path-to-virtual-document-root
    </VirtualHost>
    Squid Setup

    SQUID SETUP
    Squid Setup

    Obtaining Squid
    Source code (in C) from www.squid-cache.org
    Binary executables
    Linux (comes with RedHat and others)
    FreeBSD
    Windows
    Pre-installed in Fedora/Enterprise Linux
    Squid Setup

    Basic Settings
    Edit the /etc/squid/squid.conf file to configure squid
    Configuration options:
    Disk Cache size and location
    Authentication
    Allowed Hosts
    Any other access restrictions (sites, content, size,
    time of access etc.) using ACL
    service squid start/stop/restart
    Squid Setup

    Disc Requirements
    Squid makes very heavy use of disc because of
    heavy read/write in cache
    Needs discs with low seek times
    SCSI is better
    Can spread cache over 2 or more discs
    Raid not recommended
    Cached data is not critical
    Squid Setup

    Calculating Disc Space


    Recommend keeping at least 2 days worth of
    objects
    10 days may be better
    Example:
    256Kbps link loaded 10 hrs/day ~= 1GB
    assume 50% cacheable - .5GB / day
    2 days objects - 1GB
    10 days objects - 5 GB
    Squid Setup

    Squid.conf Basic Configuration


    cache_dir ufs /var/spool/squid/cache 100 16 256
    auth_param basic program /usr/lib/squid/ncsa_auth
    /etc/shadow
    acl sidbiusers proxy_auth required
    http_access allow sidbiusers
    acl our_network src 172.28.250.0/24
    http_access allow our_network
    (Note: use squid –z for the first time to create the cache
    directory and its subdirectories)
    Sendmail Setup

    SENDMAIL SETUP
    Mail Server Setup

    Sendmail Configuration
    Daemon: sendmail
    Configuration File: /etc/mail/sendmail.mc
    Edit the following lines

    LOCAL_DOMAIN(`localhost.localdomain')dnl
    (Replace localhost.localdomain by the domain name for which
    the mail server is being configured)
    DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,
    Name=MTA')dnl
    (comment this line by adding dnl at the start of the line)
    dnl MASQUERADE_AS(`mydomain.com')dnl
    (remove dnl & replace mydomain.com by the domain name)
    Sendmail Setup

    Sendmail Configuration
    Add the range of IP addresses of your network in
    access file
    (e.g. 172.31. Relay)
    Run “make –C /etc/mail” command to compile
    sendmail.mc and generate sendmail.cf file.
    Restart sendmail and watch for errors
    Sendmail Setup

    PoP & IMAP Server


    PoP3 & IMAP Server can be started using dovecot
    server. (service dovecot start)
    Firewall

    FIREWALL
    Firewall

    Basic Setup

    Internet
    Application Firewall
    Web Server

    Database
    Firewall

    Firewall Rules
    IP Address of Source (Allow from Trusted Sources)
    IP Address of Destination (Allow to trusted
    Destinations)
    Application Port Number (Allow Mail but restrict
    Telnet)
    Direction of Traffic (Allow outgoing traffic but
    restrict incoming traffic)
    Firewall

    Firewall Implementation
    Hardware Firewall: Dedicated Hardware Box (Cisco
    PIX, Netscreen )
    Software Firewall: Installable on a Server ( )
    Host OSs (Windows XP/Linux) also provide
    software firewall features to protect the host

    These days Firewalls provide IDS/IPS (Intrusion


    Detection System/Intrusion Prevention System)
    services also.
    Linux Security

    LINUX Firewall

    Use GUI (Applications ->System Settings->


    Security Level) to activate the firewall
    Allow standard services and any specific port
    based application
    All other services and ports are blocked
    Linux Security

    LINUX Firewall

    You might also like