DNS CONFIGURATION - PowerPoint PPT Presentation

About This Presentation
Title:

DNS CONFIGURATION

Description:

A DNS Server may be caching/master/slave server. The named.ca file has information ... Binary executables. Linux (comes with RedHat and others) FreeBSD. Windows ... – PowerPoint PPT presentation

Number of Views:287
Avg rating:3.0/5.0
Slides: 31
Provided by: MrNavpre
Category:

less

Transcript and Presenter's Notes

Title: DNS CONFIGURATION


1
DNS Setup
  • DNS CONFIGURATION

2
DNS Configuration
DNS Setup
  • named daemon is used
  • A DNS Server may be caching/master/slave server
  • The named.ca file has information of all Root
    Servers.
  • There is a Forward Zone file and a Reverse Zone
    file for every domain.
  • Configuration file
  • /var/named/chroot/etc/named.conf
  • Forward Zone File
  • /var/named/chroot/var/named/ltforward_zone_filegt
  • Reverse Zone File
  • /var/named/chroot/var/named/ltreverse_zone_filegt

3
Sample Master named.conf
DNS Setup
  • zone "."
  • type hint
  • file "named.ca"
  • zone "0.0.127.in-addr.arpa"
  • type master
  • file "named.local"
  • allow-query any
  • zone "iitk.ac.in"
  • type master
  • file "hosts.db"
  • allow-query any
  • zone "95.200.203.IN-ADDR.ARPA"
  • type master
  • file "hosts.rev.203.200.95"
  • allow-query any

4
Sample Forward Zone File
DNS Setup
  • TTL 86400
  • _at_ IN SOA ns1.iitk.ac.in.
    root.ns1.iitk.ac.in. (
  • 200605091 Serial
  • 10800 Refresh - 3
    hours
  • 3600 Retry - 1 hour
  • 1209600 Expire - 1 week
  • 43200 ) Minimum TTL for
    negative answers - 12 hours
  • IN NS ns1.iitk.ac.in.
  • IN NS ns2.iitk.ac.in.
  • IN MX 5 mail0.iitk.ac.in.
  • IN MX 10 mail1.iitk.ac.in.
  • IN MX 20 mail2.iitk.ac.in.
  • ORIGIN iitk.ac.in.
  • ns1 IN A 203.200.95.142
  • mail0 IN A 203.200.95.144
  • proxy IN CNAME mail0

5
Sample Reverse Zone File
DNS Setup
TTL 86400 ORIGIN 200.203.in-addr.arpa. 95
IN SOA ns1.iitk.ac.in.
root.ns1.iitk.ac.in. (
200605091 Serial 10800
Refresh - 5 minutes
3600 Retry - 1 minute
1209600 Expire - 1 weeks
43200 ) Minimum TTL for negative
answers - 12 hours IN NS
ns1.iitk.ac.in. IN NS
ns2.iitk.ac.in. ORIGIN 95.200.203.in-addr.arpa.
142 IN PTR ns1.iitk.ac.in. 144
IN PTR mail0.iitk.ac.in.
6
Configuring Local Resolver
DNS Setup
  • /etc/resolv.conf
  • server 127.0.0.1

7
Test DNS
DNS Setup
  • nslookup
  • host
  • dig
  • Test your DNS with the following DNS diagnostics
    web site dnsstuff.com

8
Apache Setup
  • APACHE SETUP

9
Web Server
Web Server Setup
  • Apache Web Server is used
  • Daemon is httpd (service httpd start/stop/restart)

10
Files used by Apache
Web Server Setup
  • Configuration file /etc/httpd/conf/httpd.conf
  • Log files /var/log/httpd/access_log and
    /var/log/httpd/error_log
  • Modules /etc/httpd/modules
  • Default Document Root /var/www/html
  • Default CGI Root /var/www/cgi-bin

11
Apache Configuration Directives
Web Server Setup
  • Server Name
  • Min and Max Servers
  • Document Root
  • CGI Enable/Disable
  • User Directory
  • Directory Index
  • Mime Types
  • Modules
  • Access Restrictions
  • Secure Server
  • Virtual Hosting

12
Basic Settings
Web Server Setup
  • Change the default value for ServerName
    www.ltyour-domain.comgt in httpd.conf and put the
    website content in /var/www/html
  • Additionally you can configure Name based Virtual
    Hosting (allow more than one websites to run on
    the same server)

13
Virtual Hosting
Web Server Setup
  • NameVirtualHost 80
  • ltVirtualHost 80gt
  • ServerName server-name
  • DocumentRoot path-to-virtual-document-root
  • lt/VirtualHostgt
  • ltVirtualHost 80gt
  • ServerName server-name
  • DocumentRoot path-to-virtual-document-root
  • lt/VirtualHostgt

14
Squid Setup
  • SQUID SETUP

15
Obtaining Squid
Squid Setup
  • Source code (in C) from www.squid-cache.org
  • Binary executables
  • Linux (comes with RedHat and others)
  • FreeBSD
  • Windows
  • Pre-installed in Fedora/Enterprise Linux

16
Basic Settings
Squid Setup
  • Edit the /etc/squid/squid.conf file to configure
    squid
  • Configuration options
  • Disk Cache size and location
  • Authentication
  • Allowed Hosts
  • Any other access restrictions (sites, content,
    size, time of access etc.) using ACL
  • service squid start/stop/restart

17
Disc Requirements
Squid Setup
  • Squid makes very heavy use of disc because of
    heavy read/write in cache
  • Needs discs with low seek times
  • SCSI is better
  • Can spread cache over 2 or more discs
  • Raid not recommended
  • Cached data is not critical

18
Calculating Disc Space
Squid Setup
  • Recommend keeping at least 2 days worth of
    objects
  • 10 days may be better
  • Example
  • 256Kbps link loaded 10 hrs/day 1GB
  • assume 50 cacheable - .5GB / day
  • 2 days objects - 1GB
  • 10 days objects - 5 GB

19
Squid.conf Basic Configuration
Squid Setup
  • cache_dir ufs /var/spool/squid/cache 100 16 256
  • auth_param basic program /usr/lib/squid/ncsa_auth
    /etc/shadow
  • acl sidbiusers proxy_auth required
  • http_access allow sidbiusers
  • acl our_network src 172.28.250.0/24
  • http_access allow our_network
  • (Note use squid z for the first time to create
    the cache directory and its subdirectories)

20
Sendmail Setup
  • SENDMAIL SETUP

21
Sendmail Configuration
Mail Server Setup
  • Daemon sendmail
  • Configuration File /etc/mail/sendmail.mc
  • Edit the following lines
  • LOCAL_DOMAIN(localhost.localdomain')dnl
  • (Replace localhost.localdomain by the domain
    name for which the mail server is being
    configured)
  • DAEMON_OPTIONS(Portsmtp,Addr127.0.0.1,
    NameMTA')dnl
  • (comment this line by adding dnl at the start of
    the line)
  • dnl MASQUERADE_AS(mydomain.com')dnl
  • (remove dnl replace mydomain.com by the
    domain name)

22
Sendmail Configuration
Sendmail Setup
  • Add the range of IP addresses of your network in
    access file
  • (e.g. 172.31. Relay)
  • Run make C /etc/mail command to compile
    sendmail.mc and generate sendmail.cf file.
  • Restart sendmail and watch for errors

23
PoP IMAP Server
Sendmail Setup
  • PoP3 IMAP Server can be started using dovecot
    server. (service dovecot start)

24
(No Transcript)
25
Firewall
  • FIREWALL

26
Basic Setup
Firewall

Internet
Application Web Server
Firewall
Database
27
Firewall Rules
Firewall
  • IP Address of Source (Allow from Trusted Sources)
  • IP Address of Destination (Allow to trusted
    Destinations)
  • Application Port Number (Allow Mail but restrict
    Telnet)
  • Direction of Traffic (Allow outgoing traffic but
    restrict incoming traffic)

28
Firewall Implementation
Firewall
  • Hardware Firewall Dedicated Hardware Box (Cisco
    PIX, Netscreen )
  • Software Firewall Installable on a Server ( )
  • Host OSs (Windows XP/Linux) also provide software
    firewall features to protect the host
  • These days Firewalls provide IDS/IPS (Intrusion
    Detection System/Intrusion Prevention System)
    services also.

29
LINUX Firewall
Linux Security
  • Use GUI (Applications -gtSystem Settings-gt
    Security Level) to activate the firewall
  • Allow standard services and any specific port
    based application
  • All other services and ports are blocked

30
LINUX Firewall
Linux Security
Write a Comment
User Comments (0)
About PowerShow.com