Professional Documents
Culture Documents
Linux Unit 4
Linux Unit 4
• Understanding DNS
• Setting Up a DNS Server
• Understanding DHCP
• Setting Up a DHCP Server
Understanding DNS
• Domain Name System (DN S) is the system that associates hostnames with
IP addresses.
• common top-level
domains are .org, .gov,
.edu, .mil
Cont..
• many top-level domains that exist for countries, such as .uk, .ca, .in, .cn,
and .nl
• These are the servers that have information on the hosts within the
domain.
• The root domain is at the top of the DNS hierarchy. This is the domain that
is not directly visible in DNS names but is used to connect all of the top-
level domains together.
Cont..
• The entire portion of DNS for which a name server is responsible is
referred to as a zone.
DNS Server Types
1. primary name server, also referred to as the master name server
2. secondary or slave name server
3. Cache only name server
• The name server for this zone would be configured to know the
names of all IP addresses within that zone.
Setting Up a DNS Server
• The Berkeley Internet Name Domain (BIND) service is used to offer
DNS services on Red Hat Enterprise Linux
Setting Up a Cache-Only Name Server
• Running a cache-only name server can be useful when optimizing
DNS requests in your network.
• This means that the next time a client needs the same information, it
can be provided much faster.
Cont….
• Change the file named.conf to include the following parameters:
listen-on port 53 { any; }; and allow-query { any; };.
• Finally, insert the line forwarders x.x.x.x in the same configuration file,
and give it the value of the IP address of the DNS server you normally
use for your Internet connection.
• This ensures that the DNS server of your Internet provider is used for
DNS recursion and that requests are not sent directly to the name
servers of the root domain.
Setting Up a Primary Name Server
• options {
• listen-on port 53 { any; };
• listen-on-v6 port 53 { ::1; };
• directory "/var/named";
• dump-file "/var/named/data/cache_dump.db";
• statistics-file "/var/named/data/named_stats.txt";
• memstatistics-file "/var/named/data/named_mem_stats.txt";
• allow-query { any; };
• forwarders { 8.8.8.8; };
• };
Cont..
• zone "localhost.localdomain" IN {
• type master;
• file "named.localhost";
• allow-update { none; };
• };
Cont..
• zone "1.0.0.127.in-addr.arpa" IN {
• type master;
• file "named.loopback";
• allow-update { none; };
•}
Cont…
• A zone file consists of two parts. The first part is the header, which
provides generic information about the timeouts that should be used
for this zone
• important part in the header file is where the SOA is defied. This line
specifies which name server is authoritative for this DNS domain:
• NS Name server Tells DNS the name of name servers responsible for subdomains
• MX Mail exchange Tells DNS which servers are available as SMTP mail servers
• SRV Service record Used by some operating systems to store service information
Configuring an in-addr.arpa Zone
• Creating an in-addr.arpa zone works similarly to the creation of a
regular zone in DNS. You’ll need to modify the
/etc/named.rfc1912.zones fi le to define the in-addr.arpa zone
• zone "100.173.193.in-addr.arpa" {
• type master;
• file "193.173.100.zone";
• };
Setting Up a Secondary Name Server
• zone “it.com" IN {
• type master;
• file “forward.zone";
• allow-update { none; };
• };
Cont…
• zone “it.com" IN {
• type slave;
• masters {192.168.1.3;};
• file “forward.zone(named.localhost).slave";
• };
Understanding DHCP
• The Dynamic Host Configuration Protocol (DHCP) is used to assign IP-
related configuration to hosts in your network.
• # If this DHCP server is the official DHCP server for the local
• # network, the authoritative directive should be uncommented.
• #authoritative;
Cont…
• subnet 192.168.1.0 netmask 255.255.255.0 {
• range 192.168.1.10 192.168.1.20;
• option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
•}
Setting Up a Mail Server
Message Transfer Agent
• Three components play a role in the process of Internet mail. First there is
the message transfer agent (MTA).
• The MTA uses the Simple Mail Transfer Protocol (SMTP) to exchange mail
messages with other MTAs on the Internet.
• MTA of the other domain and deliver the message there. To find out which
MTA serves the other domain, the DNS MX record is used.
Cont..
• Upon receiving a message, the MTA checks whether it is the final destination.
• If it is, it will deliver the message to the local message delivery agent (MDA), which takes
care of delivering the message to the mailbox of the user.
• If, for some reason, the MTA cannot deliver the message to the other MTA, it will queue
it.
• Queuing means that the MTA stores the message in a local directory and will try to
deliver it again later.
• As an administrator, you can flush the queues, which means that you can tell the MTA to
send all queued messages now.
Cont..
• Upon delivery, it sometimes happens that the MTA, which contacted
an exterior MTA and delivered the message there, receives it back.
• This is the software component that takes care of delivering the mail
message to the destination user.
• Typically, the MDA delivers mail to the recipient’s local message store,
which by default on Red Hat Enterprise Linux is the directory
/var/spool/mail/$USER.
• In the Postfix mail server, an MDA is included in the form of the local
program.
Mail User Agent
• Finally, the mail message arrives in the mail user agent (MUA).
• This is the mail client that end users use to read their messages or to
compose new messages.
• As a mail server administrator, you typically don’t care much about the
MUA.
• Another common task you’ll use in both configuration scenarios is checking the
mail queue.
• The mail queue is the list of messages that haven’t been sent yet because there
was some kind of problem.
Cont…
• As an administrator, use the mailq command to check the current
contents of the mail queue or use the postfix flush command to flush
the entire mail queue.
• This means that you’ll tell Postfix to process all messages that are
currently in the mail queue and try to deliver them now.
Mutt mail client
• The Mutt MUA is available in the default Red Hat Enterprise Linux
repositories, but you’ll have to install it.
• Interface
Internet Configuration
• There are a few more steps to take to configure a mail server, which is
going to handle messages from the Internet.
• You’ll need to make sure your mail server has at least a minimum level of
protection against spam and other email abuses.
• When using IMAP, users connect to the mail server and edit their
messages on that mail server.
• POP works fi ne for users who have one device to handle mail. IMAP
works better for users who have multiple devices to handle their mail.
Cont..
• After a default installation of Dovecot, it will offer POP and IMAP.
• By default, Dovecot offers POP and IMAP over both a secure and an
unsecure port.
• The default Dovecot certifi cate and private key are in the fi les
/etc/pki/dovecot/certs /dovecot.pem and
/etc/pki/dovecot/private/dovecot.pem.
Configuring Apache
on Red Hat Enterprise
Linux
Chpter3
Topics
• Configuring the Apache Web Server
• Working with Virtual Hosts
• Securing the Web Server with TLS Certificates
• Configuring Authentication
• Setting Up MySQL
Configuring the Apache Web Server
• Apache is one of the most used services on Red Hat Enterprise Linux.
• Just put a file in this directory with the name index.html, and it will be
served by your Apache server.
Understanding the Apache Configuration Files
• Everything related to the configuration of your Apache server is in the
/etc/httpd directory.
• From the httpd.conf file, many configuration files are included, and by
default, they are in /etc/httpd/conf.d.
Cont..
• Many modules are available for Apache to provide different kinds of
functionality.
• Each module normally has its own configuration file, which is stored
in the /etc/httpd/conf.d directory.
• The names of these modules have to end with .conf to ensure they
are included by your web server
Generic Parameters
• configuration file starts with some generic configuration settings.
• An important directive is ServerRoot.
1. PidFile (a file that contains the PID of the httpd process), which is
set to run/httpd.pid. This filename must be related to the server
root directory; hence, the full name is /etc/httpd/run/httpd.pid.
2. Listen:it directs httpd to listen at port 80
3. User and Group: which specify the user and group that should be
used to run the Apache server.
4. DocumentRoot:This specifies where Apache should look for its
content.
Apache Mode
• Apache can be star ted in two different modes:
1. prefork mode
2. worker mode.
• The prefork mode is the default mode. In this mode, a master httpd
process is started, and this master process will start different httpd servers
• In worker mode, one httpd process is active, and it uses different threads
to serve client requests.
• Even if the worker mode is a bit more efficient with regard to resource
usage, some modules cannot handle it, and therefore the prefork mode is
used as default
Cont…
• To change the default mode that Apache uses, you can modify the
HTTPD parameter in /etc/sysconfig/httpd.
• HTTPD= /usr/sbin/httpd.worker
• To tell Apache that it should load a specific module, you need to use the
LoadModule directive.
• With this directive, you’ll specify the order in which allow and deny
commands are used.
• To handle more than one site from an Apache server, you can create virtual
hosts.
• You can include this definition in the main Apache configuration file
/etc/httpd/conf/httpd.conf or in separate files that you’ll create in the
/etc/httpd/conf.d/ directory.
Cont…(hosts)
• Before you can start working with virtual hosts, you’ll need to make
sure that hostname resolving works.
• That means you’ll need to make sure the virtual host can be reached
by its name.
• IP-virtual hosts are often used if SSL is needed on a website, because in SSL it is
beneficial if a connection can be traced back to its original unique IP address.
• So, you must set up IP-based virtual hosting to get SSL working.
Securing the Web Server with
TLS Certificates
• TLS security guarantees that sensitive data can be encrypted while in
transit.
• After installing mod_ssl, you’ll find its configuration file ssl.conf in the
/etc/httpd/conf.d directory.
Cont..
• listen 443 This line tells mod_ssl to offer TLS services on port 443.
• Make sure that the file is in a directory where web users will never find it to
read its contents!
• To add user accounts to the .htpasswd file, use the htpasswd command.
• htpasswd /etc/httpd/.htpasswd linda
• htpasswd /etc/httpd/.htpasswd leo
Cont..
• AuthName: Specifies a name that is displayed when a user tries to access
the restricted directory.
• AuthUserFile: Tells Apache which file to use to find the user accounts and
passwords.
• Use mysql -u root –p, and enter the root password. You’ll now enter a M
ySQL prompt.