; DNS Configuration
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

DNS Configuration

VIEWS: 288 PAGES: 30

  • pg 1
									DNS Setup

DNS CONFIGURATION

DNS Setup

DNS Configuration
named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information of all Root Servers. There is a Forward Zone file and a Reverse Zone file for every domain. Configuration file: /var/named/chroot/etc/named.conf Forward Zone File:

/var/named/chroot/var/named/<forward_zone_file>
Reverse Zone File: /var/named/chroot/var/named/<reverse_zone_file>

DNS Setup

Sample Master named.conf
zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; allow-query {any;}; }; zone "iitk.ac.in" { type master; file "hosts.db"; allow-query {any;}; }; zone "95.200.203.IN-ADDR.ARPA" { type master; file "hosts.rev.203.200.95"; allow-query {any;}; }; zone "iitk.ernet.in" { type slave; file "hosts.iitk.ernet.in"; masters { 202.141.40.10; }; allow-query {any;};

DNS Setup

Sample Forward Zone File
$TTL 86400 @ IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 3 hours 3600 ; Retry - 1 hour 1209600 ;Expire - 1 week 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns1.iitk.ac.in. IN NS ns2.iitk.ac.in. IN MX 5 mail0.iitk.ac.in. IN MX 10 mail1.iitk.ac.in. IN MX 20 mail2.iitk.ac.in.

$ORIGIN iitk.ac.in. ns1 IN A mail0 IN A proxy IN CNAME

203.200.95.142 203.200.95.144 mail0

DNS Setup

Sample Reverse Zone File
$TTL 86400 $ORIGIN 200.203.in-addr.arpa. 95 IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 5 minutes 3600 ; Retry - 1 minute 1209600 ; Expire - 1 weeks 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns1.iitk.ac.in. IN NS ns2.iitk.ac.in. $ORIGIN 95.200.203.in-addr.arpa. ; ; 142 IN PTR ns1.iitk.ac.in. 144 IN PTR mail0.iitk.ac.in.

DNS Setup

Configuring Local Resolver
/etc/resolv.conf
server 127.0.0.1

DNS Setup

Test DNS
nslookup
host dig

Test your DNS with the following DNS diagnostics web site: dnsstuff.com

Apache Setup

APACHE SETUP

Web Server Setup

Web Server
Apache Web Server is used Daemon is httpd (service httpd start/stop/restart)

Web Server Setup

Files used by Apache
Configuration file: /etc/httpd/conf/httpd.conf
Log files: /var/log/httpd/access_log and /var/log/httpd/error_log

Modules /etc/httpd/modules
Default Document Root /var/www/html Default CGI Root /var/www/cgi-bin

Web Server Setup

Apache Configuration Directives
Server Name

Min and Max Servers
Document Root CGI Enable/Disable User Directory Directory Index Mime Types Modules Access Restrictions Secure Server Virtual Hosting

Web Server Setup

Basic Settings
Change the default value for ServerName www.<your-domain.com> in httpd.conf and put the website content in /var/www/html
Additionally you can configure Name based Virtual Hosting (allow more than one websites to run on the same server)

Web Server Setup

Virtual Hosting
NameVirtualHost *:80

<VirtualHost *:80> ServerName server-name DocumentRoot path-to-virtual-document-root </VirtualHost>

<VirtualHost *:80> ServerName server-name DocumentRoot path-to-virtual-document-root </VirtualHost>

Squid Setup

SQUID SETUP

Squid Setup

Obtaining Squid
Source code (in C) from www.squid-cache.org

Binary executables Linux (comes with RedHat and others) FreeBSD Windows Pre-installed in Fedora/Enterprise Linux

Squid Setup

Basic Settings
Edit the /etc/squid/squid.conf file to configure squid

Configuration options: Disk Cache size and location Authentication Allowed Hosts Any other access restrictions (sites, content, size, time of access etc.) using ACL service squid start/stop/restart

Squid Setup

Disc Requirements
Squid makes very heavy use of disc because of heavy read/write in cache Needs discs with low seek times SCSI is better Can spread cache over 2 or more discs Raid not recommended Cached data is not critical

Squid Setup

Calculating Disc Space
Recommend keeping at least 2 days worth of objects 10 days may be better Example: 256Kbps link loaded 10 hrs/day ~= 1GB assume 50% cacheable - .5GB / day 2 days objects - 1GB 10 days objects - 5 GB

Squid Setup

Squid.conf Basic Configuration
cache_dir ufs /var/spool/squid/cache 100 16 256

auth_param basic program /usr/lib/squid/ncsa_auth /etc/shadow
acl sidbiusers proxy_auth required http_access allow sidbiusers acl our_network src 172.28.250.0/24 http_access allow our_network

(Note: use squid –z for the first time to create the cache directory and its subdirectories)

Sendmail Setup

SENDMAIL SETUP

Mail Server Setup

Sendmail Configuration
Daemon: sendmail Configuration File: /etc/mail/sendmail.mc Edit the following lines LOCAL_DOMAIN(`localhost.localdomain')dnl
(Replace localhost.localdomain by the domain name for which the mail server is being configured)

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
(comment this line by adding dnl at the start of the line)

dnl MASQUERADE_AS(`mydomain.com')dnl
(remove dnl & replace mydomain.com by the domain name)

Sendmail Setup

Sendmail Configuration
Add the range of IP addresses of your network in access file (e.g. 172.31. Relay) Run “make –C /etc/mail” command to compile sendmail.mc and generate sendmail.cf file.
Restart sendmail and watch for errors

Sendmail Setup

PoP & IMAP Server
PoP3 & IMAP Server can be started using dovecot server. (service dovecot start)

Firewall

FIREWALL

Firewall

Basic Setup

Internet
Application Web Server
Firewall

Database

Firewall

Firewall Rules
IP Address of Source (Allow from Trusted Sources)

IP Address of Destinations)

Destination

(Allow

to

trusted

Application Port Number (Allow Mail but restrict Telnet) Direction of Traffic (Allow outgoing traffic but restrict incoming traffic)

Firewall

Firewall Implementation
Hardware Firewall: Dedicated Hardware Box (Cisco PIX, Netscreen ) Software Firewall: Installable on a Server ( ) Host OSs (Windows XP/Linux) also provide software firewall features to protect the host

These days Firewalls provide IDS/IPS (Intrusion Detection System/Intrusion Prevention System) services also.

Linux Security

LINUX Firewall
Use GUI (Applications ->System Settings-> Security Level) to activate the firewall Allow standard services and any specific port based application All other services and ports are blocked

Linux Security

LINUX Firewall


								
To top