Showing posts with label dns. Show all posts
Showing posts with label dns. Show all posts

Thursday, 11 October 2018

How to Create and Configure an iocage Jail on FreeNAS 11.1

بسم الله الرحمن الرحيم


Abstract


Tutorial on how to create and configure an iocage jail on FreeNAS 11.1.

Assumptions and Prerequisites


  • OS: FreeNAS 11.1-U6
  • FreeNAS Host: fn
  • FreeNAS Network Interface: igb0
  • FreeNAS IP: 10.0.0.2
  • FreeNAS Subnet Mask: 24
  • Jail Container: iocage
  • iocage Version: 1.0 Alpha
  • Jail Release: 11.1-RELEASE
  • Jail Name: test
  • Jail Network Interface: vnet0
  • Jail Network Config: DHCP | STATIC
  • Jail IP: 10.0.0.3
  • Jail Default Route: 10.0.0.1
  • IP Version: IPv4
  • Bridge Network Interface: bridge0
  • DNS 1: 10.0.0.1 
  • Domain: example.com
  • ZPool Volume: tank
  • Dataset: /mnt/tank/share

Instructions


List iocage Commands


root@fn:~ # iocage

Activate iocage zpool volume


Set iocage to use the default volume, use the following command.
root@fn:~ # iocage activate
    or
Set iocage to use a zpool volume if more than one exist on the FreeNAS
iocage activate [zpool]
root@fn:~ # iocage activate tank

Fetch/Download a Release Image


Fetch a release which will be used to create a jail.

Fetch a release from a list
root@fn:~ # iocage fetch

Fetch a release by name
iocage fetch -r [RELEASE IMAGE NAME]
root@fn:~ # iocage fetch -r 11.1-RELEASE


Create a Jail with VNET/VIMAGE (Virtual Network Interface Stack) and DHCP


Command Example:  iocage create -n "[Name]" -r [Release] vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" interfaces="vnet[N]:bridge[N]" resolver="search [DOMAIN];domain [DOMAIN];nameserver [DNS1 IP]

The following command creates a jail "test" from the "11.1-RELEASE" image with the following jail properties enabled, vnet/vimage network stack, Start on boot, and dhcp.

root@fn:~ # iocage create -n "test" -r 11.1-RELEASE vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" interfaces="vnet0:bridge0" resolver="search example.com;domain example.com;nameserver 10.0.0.1"


Create a Jail with VNET/VIMAGE (Virtual Network Interface Stack) and Static IP Configuration


Command Example: iocage create -n "[Name]" -r [Release] ip4_addr="vnet[N]|[IP]/[Mask]" defaultrouter="[IP]" vnet="on" allow_raw_sockets="1" boot="on" interfaces="vnet[N]:bridge[N]" resolver="search [DOMAIN];domain [DOMAIN];nameserver [DNS1 IP]"


root@fn:~ # iocage create -n "test" -r 11.1-RELEASE vnet="on" ip4_addr="vnet0|10.0.0.3/24" defaultrouter="10.0.0.1" vnet="on" allow_raw_sockets="1" boot="on" interfaces="vnet0:bridge0" resolver="search example.com;domain example.com;nameserver 10.0.0.1"


Create a Jail with a Shared IP


Command Example: iocage create -n "[Name]" -r [Release] ip4_addr="[IF]|[IP]/[MASK]" defaultrouter="[IP]" vnet="off" allow_raw_sockets="1" boot="on" resolver="search [DOMAIN];domain [DOMAIN];nameserver [DNS1 IP]"

root@fn:~ # iocage create -n "test" -r 11.1-RELEASE ip4_addr="igb0|10.0.0.100/24" defaultrouter="10.0.0.1" vnet="off" allow_raw_sockets="1" boot="on" resolver="search example.com;domain example.com;nameserver 10.0.0.1"

List Jails, Releases, and Plugins


List all Jails
root@fn:~ # iocage list

List all downloaded Releases
root@fn:~ # iocage list -r

List all available Templates
root@fn:~ # iocage list -t

List Remote Plugins
iocage list -PR
or
iocage list --plugins --remote

List Installed Plugins
iocage list -P
or
iocage list --plugins

Start, Stop, or Restart a Jail


Start a Jail
iocage start [JAIL NAME]
root@fn:~ # iocage start test

Stop a Jail
iocage stop [JAIL NAME]
root@fn:~ # iocage stop test

Restart a Jail
iocage restart [JAIL NAME]
root@fn:~ # iocage restart test

Configure a Jail


Set Jail Property
iocage set [PROPERTY]="[ARG]" [JAIL NAME]
root@fn:~ # iocage set notes="This is a test jail." test

Get Jail Property
iocage get [PROPERTY] [JAIL NAME]
root@fn:~ # iocage get notes test

Get All Properties of a Jail
iocage get all [JAIL NAME]
root@fn:~ # iocage get all test

Delete/Destroy a Jail


iocage destroy [JAIL NAME]
root@fn:~ # iocage destroy test

Rename a Jail


iocage rename [OLD JAIL NAME] [NEW JAIL NAME]
root@fn:~ # iocage rename test test2

Log in to a Jail


iocage console [JAIL NAME]
root@fn:~ # iocage console test

Run a command inside a Jail


iocage exec [JAIL NAME] "[COMMAND]"
root@fn:~ # iocage exec test "ls -lfa /etc"

Mount Dataset inside a Jail as Read Only


iocage fstab -a [JAIL NAME] /source/folder  /destination/folder/in/jail  nullfs  ro  0  0
root@fn:~ # iocage fstab -a test /mnt/tank/share /mnt/share nullfs ro  0  0

Mount Dataset inside a Jail as Read and Write


iocage fstab -a [JAIL NAME] /source/folder  /destination/folder/in/jail  nullfs  rw  0  0
root@fn:~ # iocage fstab -a test /mnt/tank/share /mnt/share nullfs rw  0  0

List Jail Mount Entries


iocage fstab -l [JAIL NAME]
root@fn:~ # iocage fstab -l test

Edit Jail Mount Entries


iocage fstab -e [JAIL NAME]
root@fn:~ # iocage fstab -e test

Remove a Jail Mount Entry


iocage fstab -r [JAIL NAME] [INDEX]
root@fn:~ # iocage fstab -r test 0

Create Jail Snapshot


iocage snapshot -n "[SNAPSHOT NAME]" [JAIL]
root@fn:~ # iocage snapshot -n "Recent Upgrade" test

List Jail Snapshots


iocage snaplist [JAIL]
root@fn:~ # iocage snaplist test

Remove/Delete Jail Snapshot


iocage snapremove -n "[SNAPSHOT NAME]" [JAIL]
root@fn:~ # iocage snapremove -n "Recent Upgrade" test

Rollback Jail to a Snapshot


iocage rollback -n "[SNAPSHOT NAME]" [JAIL]
root@fn:~ # iocage rollback -n "Recent Upgrade" test


Observations


DNS Resolver


When you create a Jail in iocage and skip to define the 'resolver' property, the iocage uses the host system's (in this case the FreeNAS host) default DNS settings defined in the '/etc/resolv.conf'.

If your FreeNAS has been configured as a Domain Controller, it resets the DNS setting in the '/etc/resolv.conf' to point to itself. Example: "nameserver 127.0.0.1". Incidentally, the iocage jail DNS is also set to 127.0.0.1. As a result, all the DNS queries within the jail fail because the jail points to itself as a nameserver where a name service does not exits. So, in order for the jail's DNS to work, we will need to manually define the resolver property for the jail.

And if you have a complicated network setup, like a switch with multiple VLANs. You will also need to define the 'defaultrouter' and 'interfaces' property so that the vnet interface is linked to the correct bridge interface and the bridge interface is link to the correct VLAN interface.



Helpful Commands


Check iocage version
root@fn:~ # iocage -v

iocage Help command
root@fn:~ # iocage --help

List all zpools on the FreeNAS
root@fn:~ # zpool list

Delete Release
iocage destroy -r [RELEASE NAME]
root@fn:~ # iocage destroy -r 11.0-RELEASE

Links and Resources




Posted by at No comments:
Labels: , , , , , , , , , ,

Friday, 11 November 2016

How to Install and Setup Samba4 DC in a FreeNAS 9.10 Jail

بسم الله الرحمن الرحيم



Abstract 


  • A tutorial to install Samba 4.3 as an Active Directory Domain Controller in a FreeNAS 9.10 Jail.
  • Configure and enable SSL for Samba's LDAP backend.


Assumptions and Prerequisites


  • Domain: example.com
  • Hostname: dc.example.com
  • OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
  • Container: Warden Jail
  • Jail Name: dc
  • Private IP: 10.0.0.58
  • Subnet Mask: 255.255.255.0/24
  • Main Router IP: 10.0.0.1
  • DNS Forwarder IP: 10.0.0.1 (main router)
  • Service: Samba 4.3.11
  • DNS: Internal Samba DNS 
  • NTP Host IP: 10.0.0.1 (main router)
  • CA Certificate File: /usr/local/etc/ssl/certs/ca.pem
  • SSL Certificate File: /usr/local/etc/ssl/certs/dc.example.com.crt
  • SSL Key File: /usr/local/etc/ssl/private/dc.example.com.key


Instructions


Pre-installation setup

- Edit file /etc/rc.conf and change hostname to dc.example.com.
# vi /etc/rc.conf
  (7)    hostname="dc.example.com"

- Edit file /etc/hosts file and change the 10.0.0.58 -> dc.example.com dc
# vi /etc/hosts
  (14)   127.0.0.1               localhost localhost.localdomain dc
  (15)   10.0.0.58       dc.example.com dc

Installation 

- Install samba43. Don't install samba44 or a newer version of samba than 4.3 because the newer versions doesn't come with ntvfs option anymore. i.e no --use-ntvfs option for zfs.
# pkg install samba43

- Provision Samba as an Active Directory Domain Controller
# samba-tool domain provision --use-ntvfs --use-rfc2307 --interactive
Realm [EXAMPLE.COM]:  (press Enter)
 Domain [EXAMPLE]:  (press Enter)
 Server Role (dc, member, standalone) [dc]: (press Enter)
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: (press Enter)
 DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.1]:  (press Enter)
Administrator password: (enter password)
Retype password: (re-enter password)

Query Result:    
Looking up IPv4 addresses 
Looking up IPv6 addresses  
No IPv6 address will be assigned 
Setting up share.ldb 
Setting up secrets.ldb  
Setting up the registry 
Setting up the privileges database 
Setting up idmap db  
Setting up SAM db      
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema 
Adding DomainDN: DC=example,DC=com 
Adding configuration container  
Setting up sam.ldb schema  
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers 
Adding users container 
Modifying users container 
Adding computers container
Modifying computers container 
Setting up sam.ldb data  
Setting up well known security principals 
Setting up sam.ldb users and groups 
Setting up self join 
Adding DNS accounts 
Creating CN=MicrosoftDNS,CN=System,DC=example,DC=com
Creating DomainDnsZones and ForestDnsZones partitions 
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized 
Fixing provision GUIDs 
A Kerberos configuration suitable for Samba 4 has been generated at /var/db/samba4/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use  
Server Role:           active directory domain controller   
Hostname:              dc
NetBIOS Domain:        EXAMPLE
DNS Domain:            example.com
DOMAIN SID:            S-1-5-21-458877043-2880298934-1173284452

- Edit the /etc/resolv.conf file for host dns to point to the samba DNS.
# vi /etc/resolv.conf
  (1)   search example.com
  (2)   domain example.com
  (3)   nameserver 127.0.0.1

- Create symbolic links for the kerberos keytab and config files in the /usr/local/etc directory.
# ln -s /var/db/samba4/private/krb5.conf /usr/local/etc/krb5.conf
# ln -s /var/db/samba4/private/dns.keytab /usr/local/etc/krb5.keytab

- Enable samba to run and also start at boot
# sysrc samba_server_enable="YES"

- Start samba server
# service samba_server start

Test Samba Server

- Verify LDAP Service DNS Record
# host -t SRV _ldap._tcp.example.com
Query Result: _ldap._tcp.example.com has SRV record 0 100 389 dc.example.com.

- Verify Kerberos Service DNS Record
# host -t SRV _kerberos._udp.example.com
Query Result: _kerberos._udp.example.com has SRV record 0 100 88 dc.example.com.

- Verify Domain Controller DNS Record
# host -t A dc.example.com
Query Result: dc.example.com has address 10.0.0.58

- Test Kerberos Authentication
# kinit administrator@EXAMPLE.COM
# klist
Query Result:
Credentials cache: FILE:/tmp/krb5cc_0 
        Principal: administrator@EXAMPLE.COM  
                      
  Issued                Expires               Principal 
Nov  6 21:16:46 2016  Nov  7 07:16:46 2016  krbtgt/EXAMPLE.COM@EXAMPLE.COM 

- Test Samba File Server
# smbclient -L localhost -U%
Query Result:
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 4.3.11]   
                      
        Sharename       Type      Comment 
        ---------       ----      -------  
        netlogon        Disk                
        sysvol          Disk               
        IPC$            IPC       IPC Service 
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 4.3.11]                                                                                     
        Server               Comment  
        ---------            -------   
                      
        Workgroup            Master  
        ---------            -------

- Test Samba User Logon
# smbclient //localhost/netlogon -Uadministrator
Query Result:
Enter administrator's password:   
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 4.3.11] 
smb: \>    

- List Domain Users
# wbinfo -u | sort

- List Domain Groups
# wbinfo -g | sort  

Enable SSL for LDAP Backend

- Generate Self-Signed Certificate Authority, Server Certificate and Key.

- Edit file /usr/local/etc/smb4.conf to configure SSL certs
# vi /usr/local/etc/smb4.conf
  (13)   tls enabled  = yes
  (14)   tls cafile   = /usr/local/etc/ssl/certs/ca.pem
  (15)   tls certfile = /usr/local/etc/ssl/certs/dc.example.com.crt
  (16)   tls keyfile  = /usr/local/etc/ssl/private/dc.example.com.key

- Restart samba server
# service samba_server restart

Samba Administration

- Download and Install Remote Server Administration Tools (RSAT) for Administration for Windows

Posted by at 1 comment:
Labels: , , , , , , , , , , , , , , , ,

Thursday, 11 October 2012

How To Configure Network Setting on CentOS 6.3


بسم الله الرحمن الرحيم
In the Name of Allah. The Most gracious, The Most Merciful

Synopsis:


A short tutorial on how to configure network settings on CentOS 6.3 machine.

Assumptions and Prerequisites:



  • OS: CentOS 6.3 x64
  • Server Name: mujahid
  • Subnet: 192.168.1.0/24
  • Server IP: 192.168.1.20
  • Subnet Mask: 255.255.255.0
  • DNS IP: 192.168.1.15
  • Gateway IP: 192.168.1.1
  • Domain: houseofjaleel.com.au
  • Network Device/Interface: eth0 
  • Text Editor: vi
  • Firewall (IPTables) is disabled.
  • SELinux is disabled.
  • '#' - Script Comment.
  • This machine is a Server; therefore has a fixed IP settings. It is not assigned any network settings from any DHCP or BOOTP service.

Step-by-Step Instructions:


1. Create the network configuration file /etc/sysconfig/network-scripts/ifcfg-eth0 with the following configurations and save it.

DEVICE="eth0"       # Device name
HWADDR="00:0C:29:7D:A0:62"    # eth0's MAC address. This may be different on your machine.  
NM_CONTROLLED="no"   # Settings are not controlled by the Network Manager service. 
BOOTPROTO="none"   # This device does not receive network settings from any dhcp service on the network.
ONBOOT="yes"            # Service starts at boot time.
TYPE="Ethernet"    # Device type is of Ethernet.
IPADDR="192.168.1.20"               # IP Address of this Network device.
NETMASK="255.255.255.0"     # Subnet Mask
GATEWAY="192.168.1.1"         # IP Address to access the Internet (usually it's a Router).
DNS1="192.168.1.15"       # IP Address of the machine hosting the DNS on the LAN.
DOMAIN="houseofjaleel.com.au"     # Name of the Domain this server belongs to. Omit if no domain configured on Network.
IPV6INIT="no"    # ipv6 is not enabled on this server machine.
USERCTL="no"   # Except for root user, users can't alter network setting for this device.


Clean (without comments) version of the file /etc/sysconfig/network-scripts/ifcfg-eth0


DEVICE="eth0"
HWADDR="00:0C:29:7D:A0:62"  
NM_CONTROLLED="no"  
BOOTPROTO="none"  
ONBOOT="yes" 
TYPE="Ethernet"
IPADDR="192.168.1.20" 
NETMASK="255.255.255.0" 
GATEWAY="192.168.1.1" 
DNS1="192.168.1.15" 
DOMAIN="houseofjaleel.com.au" 
IPV6INIT="no" 
USERCTL="no"


2. Restart Network service.
# /etc/rc.d/init.d/network restart

3. Enable Network Service to start at boot time.
# chkconfig network on

4. Check to see if network settings have been loaded from the configuration file for 'eth0'.
# ifconfig

5. Disable ipv6 device driver on this server machine from loading at boot time.
# echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf 

6. Restart server.
# reboot

 7. Login as root and check network settings. It should show that there is no "inet6" setting anymore.
# ifconfig

Conclusion:


Change the "DNS1" configuration to "127.0.0.1" or "192.168.1.20", if DNS is configured on the local machine.

Use 'DNS2' to add a secondary DNS host (eg. DNS2="192.168.1.16").

IPV6 is outside of the scope of this tutorial.
Posted by at No comments:
Labels: , , , , , , ,

Tuesday, 9 October 2012

How To Install and Configure DNS (Bind) on CentOS 6.3

Synopsis:


A short tutorial on how to Install and Configure a DNS service on CentOS 6.3 x64 using Webmin.

Assumptions and Prerequisites:


  • OS: CentOS 6.3 x64.
  • Server Name: tyrion
  • The Server [tyrion] hosts all services on the same machine (e.g. DHCP, Postfix, HTTP, and FTP).
  • Webmin is already installed and the DNS configuration will be done via Webmin.
  • The DNS for both internal (LAN) and external (WAN) IPs will be hosted on the same Server Machine.
  • There are no DNS Slaves.
  • IPv6 is disabled.
  • Firewall (IPTables) is disabled.
  • SELinux is disabled.
  • Subnet: 192.168.1.0/24
  • Domain: kingslanding.com.au
  • WAN IP: 110.92.81.14
  • Gateway (Router IP Address): 192.168.1.1
  • Local ISP (TPG) DNS are used as forwarders. (203.12.160.35 and 203.12.160.36) 
  • DHCP is installed and a couple of IP addresses are reserved.
  • Dynamic DNS is not enabled for the DHCP Server.
  • Text Editor: Nano
  • Server Location: Melbourne, Australia.

Step-by-Step Instructions:


1. Install DNS packages. Run the following command in terminal.
# yum -y install bind bind-utils

2. Disable IPV6 for the named deamon
# echo 'OPTIONS="-4"' >>  /etc/sysconfig/named

3. Configure Bind (named) via Webmin

4. Create views "lan" and "wan". "lan" is for internal clients i.e. Private Machines. "wan" is for external clients that reside outside the router i.e. Internet.

5. Move all the zones to "lan" i.e. "Root Zone", "0", "127.0.0.1", "localhost", "localhost.localdomain". 
 a. Set "allow queries" to "localhost" and "192.168.1.0/24" under "Zone Defaults".
 b. Add 203.12.160.35 and 203.12.160.36 to "Forwarders and Transfers".
 c. Comment out "Listen on port 53 {127.0.0.1;}" because we want the 'named" service to listen on all interfaces.
 d. Set "listen-on-v6 port 53" to 'none' because we are not using IPv6.
 e. Set "recursion" to 'yes' because we want all devices on the LAN to be able to list all the devices listed on the DNS service.

 f. Set "recursion" to 'no' only for the "wan" view because we don't want users from the Internet to find out the IP addresses of our local machines on the LAN.   

6. Create Master Zone "kingslanding.com.au" of Forward type in the "lan" view with the following details:
 a. Domain = kingslanding.com.au
 b. Master server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

7. Add "Address (A)" record "kingslanding.com.au." -> 192.168.1.11

8. Add "Mail (MX)" record "kingslanding.com.au." -> "tyrion.kingslanding.com.au." with 10 priority.

9. Add "Address (A)" record "tyrion" -> 192.168.1.11

10. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

11. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au." 

12. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au." 

13. Add "Address (A)" record "jamie" -> 192.168.1.12

14. Add "Address (A)" record "tywin" -> 192.168.1.10

15. Add "Address (A)" record "cersei" -> 192.168.1.13

16. Add "Address (A)" record "joffery" -> 192.168.1.14

17. Create Master Zone "192.168.1" of Reverse type in the "lan" view with the following details:
 a. Domain name / network = 192.168.1
 b. Master Server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

18. Add "Reverse Address (PTR)" record "192.168.1.11" -> "tyrion.kingslanding.com.au."

19. Add "Reverse Address (PTR)" record "192.168.1.10" -> "tywin.kingslanding.com.au."

20. Add "Reverse Address (PTR)" record "192.168.1.12" -> "jamie.kingslanding.com.au."

21. Add "Reverse Address (PTR)" record "192.168.1.13" -> "cersei.kingslanding.com.au."

22. Add "Reverse Address (PTR)" record "192.168.1.14" -> "joffery.kingslanding.com.au."

23. Create Master Zone "kingslanding.com.au" of Forward type in the "wan" view with the following details:
 a. Domain = kingslanding.com.au
 b. Master server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

24. Add "Address (A)" record "kingslanding.com.au." -> "110.92.81.14"

25. Add "Address (A)" record "tyrion.kingslanding.com.au." -> "110.92.81.14"

26. Add "Mail (MX)" record "kingslanding.com.au." -> "kingslanding.com.au." with 10 priority.

27. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au."

28. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au."

29. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

30. Add "Alias (CNAME)" record "ns1" -> "kingslanding.com.au."

31. Add "Alias (CNAME)" record "ns2" -> "kingslanding.com.au."

32. Add "Alias (CNAME)" record "vpn" -> "kingslanding.com.au."

33. Create Master Zone "110.92.81.14" of Reverse type in the "wan" view with the following details:
 a. Domain name / network = 110.92.81.14
 b. Master Server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

34. Install DNS (Bind) as CHROOT
# yum -y install bind-chroot

 35. Enable named (DNS) service to start at boot.
# chkconfig named on

36. Start named service
# /etc/rc.d/init.d/named start

37. Edit /etc/resolv.conf file to have the local machine use the local DNS service to resolve host names.
eg:
search kingslanding.com.au
nameserver 127.0.0.1

38. Also edit your network startup scripts, usually that's where the network configuration is written to in /etc/resolv.conf
eg. File: /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO="none"
HWADDR="00:2B:34:01:FB:82"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR="192.168.1.11"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DOMAIN="kingslanding.com.au"
DNS1="127.0.0.1"
IPV6INIT="no"
USERCTL="no"


39. Switch off DNS and DHCP on your Router. On your router, forward port 53 to 192.168.1.11 so that your DNS host provider has access to your DNS server to update it's records.

40. Restart your Network service.
# /etc/rc.d/init.d/network restart


Conclusion:


Use the "dig" tool to test the DNS service on your server.

In order to have the users from the Internet to be able to access kingslanding.com.au, you will have to have your DNS server linked to a Web and DNS hosting service provider. Personally, I use Zone Edit as my DNS hosting provider and Digital Pacific as my Web Domain Service Provider.

It takes up to 2 - 24 hours for the DNS Root servers to update their records to sync your DNS server records. So, be patient.
Posted by at 1 comment:
Labels: , , , , , , , ,

Thursday, 20 May 2010

Successfully Configured a DNS Server On Linux (Fedora 12)

Recently, I successfully configured a DNS server on my Fedora 12 Linux box. It took me weeks of reading and watching DNS related materials and tutorials. I had to watch Webmin videos on youtube and read up on Bind-9 manuals. During the course of the task, at times it got pretty frustrating because to my surprise, there isn't a one-stop tutorial on the Internet on how to setup a DNS Server. I had to read several sources scattered around all over the Internet. Every tutorial that I read seemed to be either incomplete or had a very limited scope. Anyway, in the end I got it to work and it felt really good after all was done. Even though I got it to work, it still needs a bit of tweaks here and there. I'll finish with those tweaks by next week.

After setting up DNS, I managed to configure the DHCP server as well. Configuring a DHCP server is a cake walk compared to configuring a DNS server on Fedora Core 12.

All the effort and time that went into researching DNS servers gave me an idea. Since there isn't a good tutorial available on the Internet to setup a DNS server, I thought I might write one up and publish it on my blog for personal references. It might also help out others who want to setup a DNS server on their own personal network just as I have. Just thinking about the scope of this task I know will require quite a significant amount of time.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)