Monday, June 30, 2014

DNS installation

http://www.garron.me/en/go2linux/how-setup-dns-server-master-slave-bind.html
http://tecadmin.net/step-by-step-installation-and-configuration-openldap-server-and-freeradius/#
http://www.zytrax.com/books/ldap/ch5/
http://computernetworkingnotes.com/network-administrations/dns-server.html

http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/

/etc/named.conf

//
// /etc/named.conf
//

options {
    directory "/var/named";
    pid-file "/var/run/named/named.pid";
    auth-nxdomain yes;
    datasize default;
// Uncomment these to enable IPv6 connections support
// IPv4 will still work:
// listen-on-v6 { any; };
// Add this for no IPv4:
// listen-on { none; };

    // Default security settings.
    allow-recursion { 127.0.0.1; };
    allow-transfer { none; };
    allow-update { none; };
    version none;
    hostname none;
    server-id none;
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-transfer { any; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "127.0.0.zone";
    allow-transfer { any; };
};

zone "." IN {
    type hint;
    file "root.hint";
};

//zone "example.org" IN {
// type slave;
// file "example.zone";
// masters {
//      192.168.1.100;
// };
// allow-query { any; };
// allow-transfer { any; };
//};

logging {
        channel xfer-log {
                file "/var/log/named.log";
                print-category yes;
                print-severity yes;
                print-time yes;
                severity info;
        };
        category xfer-in { xfer-log; };
        category xfer-out { xfer-log; };
        category notify { xfer-log; };
};

Create a Master Zone

To create a master zone, edit the file named.conf and add the following, in this example, I will create a zone for the domain linux10.com

zone "linux10.com" IN {
    type master;
    file "linux10.com.zone";
    allow-update { none; };
    allow-transfer { none; };
};

Then create the file linux10.com.zone in the folder stated in your options section of named.conf file.

The file should look at least like this:

$ORIGIN .
$TTL 86400      ; 1 day
linux10.com            IN SOA primary.server.com. your.email.address. (
                            2010122801 ; serial
                            7200       ; refresh (2 hous)
                            7200       ; retry (2 hours)
                            2419200    ; expire (5 weeks 6 days 16 hours)
                            86400      ; minimum (1 day)
                            )
$TTL 14400      ; 4 hours
                    NS      scz.alketech.com.
                    NS      ns1.alketech.com.
                    A       10.1.1.1 ; If you want to assign a server to your domain
                   MX      10      mx1 ; Your email server if you have any
                   MX      20      mx2 ; Your secondary email server if you have one

$ORIGIN linux10.com.
www                     A       1.2.3.4 ; The IP of your web server if you want to have one.
mx1         A   1.2.3.5 ; The IP of your mx1 server
mx2         A   1.2.3.6 ; The IP of your mx2 server

Of course yours may have more or less lines and servers according to your needs.

Configure a DNS slave server with BIND

It is a good idea, to have slave server in case your master server is not reachable at any time.

Both master and slave need to defined as your DNS servers in your domain registrar, you may define more than just two server, and that is a good idea, it is also a good idea, to have your DNS server on different networks, I mean, if you have them on the same office/Data center, and that place loose Internet connectivity all your server will be out of reach, and you will loose traffic or emails or both.

For the visitors of your servers, any DNS server is the same and there is no difference between masters or slaves, so you should define one master and as many slaves as you want (anything between 2 to 4 slaves is OK).

Enable AXFR transfers

Your master DNS server should allow AXFR transfers to the slave servers for this to work, so the first step is to configure your master server to do so.

zone "linux10.com" IN {
    type master;
    file "linux10.com.zone";
    allow-update { none; };
    allow-transfer { ip.of.slave.server; ip.of.slave.server2; ip.of.slave.server3;};
};

Now create the slave zone in your slave servers.

On the slave server named.conf file you need to configure the slave zone, like this:

zone "linux10.com" {
    type slave;
    file "linux10.com.zon";
    masters { 1.2.3.4; };
    allow-transfer { none; };
};

Testing the configuration

dig @your.master.server your.domain.com ns

Example:

dig @scz.alketech.com linux10.com ns

You should get something like this:

; <<>> DiG 9.2.4 <<>> @scz.alketech.com linux10.com ns
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23659
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;linux10.com.                   IN      NS

;; ANSWER SECTION:
linux10.com.            14400   IN      NS      scz.alketech.com.
linux10.com.            14400   IN      NS      ns1.alketech.com.

;; ADDITIONAL SECTION:
ns1.alketech.com.       14400   IN      A       200.87.59.3
scz.alketech.com.       14400   IN      A       200.87.61.83

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 29 15:35:20 2010
;; MSG SIZE rcvd: 106

Final tunings

It is a good idea to disable recursion in your authoritative servers, either master or slave.

To do this, in your options section insert these lines

acl recurseallow { 1.2.3.4; 127.0.0.1; };
allow-recursion { recurseallow; };recursion yes;

Be sure to include this in the options section of the file /etc/named.conf for Arch Linux and Slackware and /etc/bind/named.conf.options for Debian.

Only for Slackware and Arch Linux

For Arch Linux and Slackware you need to enable the named daemon to start on each boot, to do this

On Arch Linux, edit the /etc/rc.conf file, and add it, to the daemons list

On Slackware, make the file /etc/rc.bind executable
permalink

If you enj

============================================================

The Domain Name System FAQs

The DNS is the addressing system for the Internet. Almost anything that interfaces with the Internet (e.g., computers, mobile devices, laptops, ATMs, and POS terminals) relies on DNS services to exchange information. DNS uses specialized servers to translate (or resolve) names such as www.verisigninc.com into numeric addresses that allow data and information to reach its destination. All Internet applications—ranging from websites, email, social networking, and online banking to Voice over Internet Protocol (VoIP), file sharing, and video on demand—depend on the accuracy and integrity of this translation. Without the DNS, the Internet cannot function. The DNS is integral to a nation's critical infrastructure, online business operations and financial transactions, and all Internet-based communications.

What is the DNS?

How does the DNS work?

The domain name space consists of a tree of domain names, subdivided into zones. The top-level or root zone is administered by the U.S. Department of Commerce (DoC) and jointly managed by Verisign and the Internet Assigned Numbers Authority (IANA) functions operator, who maintain the data in the root name servers.

A DNS zone consists of a collection of connected nodes served by an authoritative name server. Authoritative name servers for different zones are responsible for publishing the mappings of domain names to IP addresses. Each node or leaf in the tree has zero or more resource records that hold information associated with the domain name. Every domain name ends with a top-level domain (TLD) such as .com or .tv.

For the Internet to function and to prevent duplication of domain names, there must be one authoritative place to register a domain name. Each TLD has an authoritative registry, which manages a centralized database. The registry propagates the information about domain names and IP addresses in TLD zone files. TLD zone files map active second-level domain names (the portion of the domain name that appears immediately to the left of ".") to the unique IP addresses of the name servers.

Why is DNS vulnerable?

The process of translating a domain name into an IP address is called DNS resolution. When someone types a domain name, such as www.verisigninc.com, into a web browser, the browser contacts a name server to obtain the corresponding IP address. There are two types of name servers: authoritative name servers, which store complete information about a zone, and recursive name servers, which answer DNS queries for Internet users and store DNS response results for a period of time. When a recursive name server receives a response, it caches (stores) it to speed up subsequent queries. Caching helps reduce the number of information requests required, but it is susceptible to man-in-the-middle attacks.

As a result of these attacks, cyber criminals can:

    Hijack emails
    Tap Voice over IP (VoIP)
    Impersonate websites
    Steal passwords and login information
    Extract credit card data and other confidential information

Learn more about threats to the DNS system.

What is cache poisoning?
Cache poisoning occurs when fraudulent DNS data is inserted into the cache of a recursive name server. Recursive name servers temporarily store, or cache, information learned during the name resolution process, but without DNSSEC they have no way to ensure the validity and accuracy of this information. When malicious information is cached on the recursive name server, the server is considered "poisoned." Cache poisoning allows an attacker to redirect traffic to fraudulent sites.

What are man-in-the-middle (MITM) attacks?
A man-in-the-middle (MITM) attack surreptitiously intercepts and modifies communications between two systems. The attacker can potentially modify the communication to redirect traffic to an illegitimate address or website. End users do not detect the "man in the middle" and assume that they are communicating directly with their intended destination.

DNS - How the Domain Name System Works

How the Domain Name System Works

The Domain Name System (DNS) is a central part of the Internet, providing a way to match names (a website you’re seeking) to numbers (the address for the website). Anything connected to the Internet - laptops, tablets, mobile phones, websites - has an Internet Protocol (IP) address made up of numbers. Your favorite website might have an IP address like 64.202.189.170, but this is obviously not easy to remember. However a domain name such as bestdomainnameever.com is something people can recognize and remember. DNS syncs up domain names with IP addresses enabling humans to use memorable domain names while computers on the Internet can use IP addresses.
Let’s explore what keeps more than 2.5 billion Internet users and 271 million domain names* connecting—and how Verisign helps to make it happen.

* Verisign Domain Name Industry Brief, April 2014

http://www.verisigninc.com/en_US/domain-names/online/how-dns-works/index.xhtml

http://www.verisigninc.com/en_US/domain-names/online/how-dns-works/index.xhtml

http://www.verisigninc.com/assets/DNS101.pdf

============================================================

The Domain Name System FAQs

The DNS is the addressing system for the Internet. Almost anything that interfaces with the Internet (e.g., computers, mobile devices, laptops, ATMs, and POS terminals) relies on DNS services to exchange information. DNS uses specialized servers to translate (or resolve) names such as www.verisigninc.com into numeric addresses that allow data and information to reach its destination. All Internet applications—ranging from websites, email, social networking, and online banking to Voice over Internet Protocol (VoIP), file sharing, and video on demand—depend on the accuracy and integrity of this translation. Without the DNS, the Internet cannot function. The DNS is integral to a nation's critical infrastructure, online business operations and financial transactions, and all Internet-based communications.

What is the DNS?

How does the DNS work?

The domain name space consists of a tree of domain names, subdivided into zones. The top-level or root zone is administered by the U.S. Department of Commerce (DoC) and jointly managed by Verisign and the Internet Assigned Numbers Authority (IANA) functions operator, who maintain the data in the root name servers.

A DNS zone consists of a collection of connected nodes served by an authoritative name server. Authoritative name servers for different zones are responsible for publishing the mappings of domain names to IP addresses. Each node or leaf in the tree has zero or more resource records that hold information associated with the domain name. Every domain name ends with a top-level domain (TLD) such as .com or .tv.

For the Internet to function and to prevent duplication of domain names, there must be one authoritative place to register a domain name. Each TLD has an authoritative registry, which manages a centralized database. The registry propagates the information about domain names and IP addresses in TLD zone files. TLD zone files map active second-level domain names (the portion of the domain name that appears immediately to the left of ".") to the unique IP addresses of the name servers.

Why is DNS vulnerable?

The process of translating a domain name into an IP address is called DNS resolution. When someone types a domain name, such as www.verisigninc.com, into a web browser, the browser contacts a name server to obtain the corresponding IP address. There are two types of name servers: authoritative name servers, which store complete information about a zone, and recursive name servers, which answer DNS queries for Internet users and store DNS response results for a period of time. When a recursive name server receives a response, it caches (stores) it to speed up subsequent queries. Caching helps reduce the number of information requests required, but it is susceptible to man-in-the-middle attacks.

As a result of these attacks, cyber criminals can:

    Hijack emails
    Tap Voice over IP (VoIP)
    Impersonate websites
    Steal passwords and login information
    Extract credit card data and other confidential information

Learn more about threats to the DNS system.

What is cache poisoning?
Cache poisoning occurs when fraudulent DNS data is inserted into the cache of a recursive name server. Recursive name servers temporarily store, or cache, information learned during the name resolution process, but without DNSSEC they have no way to ensure the validity and accuracy of this information. When malicious information is cached on the recursive name server, the server is considered "poisoned." Cache poisoning allows an attacker to redirect traffic to fraudulent sites.

What are man-in-the-middle (MITM) attacks?
A man-in-the-middle (MITM) attack surreptitiously intercepts and modifies communications between two systems. The attacker can potentially modify the communication to redirect traffic to an illegitimate address or website. End users do not detect the "man in the middle" and assume that they are communicating directly with their intended destination.

http://www.verisigninc.com/assets/DNS101.pdf

How DNS works for domain.com

1. A client PC requests for an IP address of a domain say google.com
2. The client request is forwarded to the local DNS server first. If it has an entry to its database or on cache, it will return the value. If it does not find it, it will forward the request to another DNS server. If there is not another DNS server and there is no record, then it will send no record to the client query.
3. Once the request is forwarded from DNS server to another DNS server, it might have entry for the domain on its cache, and it may return with an IP address of 192.168.10.120 (example only).
4. This query will be returned back to the DNS server. The DNS server may cache this information for future request for the same domain.

5. Now, client PC gets the IP address of the domain. Now, it makes connection to the server google.com.

some interview tips

What is load average and why does it matter?

Candidate should be able to identify that load average is a good indication of how busy a server is. A load average of less than 1 per cpu core is alright and as it becomes closer to equal to the number of cpu cores it indicates the server has more processes waiting than resources available. They should also identify that load average can be influenced by other factors than just CPU (I.E. iowait).

What is the difference between LVM and a partition. How do you add a more storage to the existing logical volume?

LVM is logical volume manager, logical volumes sit on top of logical extents which are mapped to physical extents which sit on a physical hard drive. LVM's logical extents can also span multiple hard drives.

Traditional partitions are sequential blocks on a physical disks

You can add more storage space to an LVM by using the extend commands, (vgextend to extend your volume group, and then lvextend to extend your logical volume, if you do not have any extra extents to add to your logical volume then you'll need to run pvcreate and then add the new extents to the volume group first).

When extending LVM, when will you add new disk vs adding more space to the existing disk(Assume that it is VM on hypervisor)

The main problem with adding new disks is that your configurations can become messy over time and you start to get a lot of virtual controllers if people keep adding small hard drives instead of extending existing drives. If you have a bunch of small disks on the same storage volume then you should create one larger disk and then pvmove (move the physical extents) from the smaller disks to the larger disk. Once the move is complete then you can remove the other smaller hdds. Sometimes (for example heavily utilized disk IO) you might need create a new disk on another storage volume to help spread the load, in which case you should add a new disk.

In Linux how does OOM killer work?

I usually try to use this question to gauge how familiar the candidate is with scenarios where the box runs out of memory. I will usually first ask if they know what "OOM" killer is, and if they've never heard of it then explain OOM means "Out Of Memory". It is pretty easy to guess that OOM killer will look for high memory consumption.

OOM killer will look for the highest memory consumption applications and give it score, it will then look at the time the process has been running for and reduce score for longer running processes. It also takes into consideration niceness (higher nice number is safer to kill where lower nice number is in theory more important). It takes all of these factors into consideration and kills the highest scoring application. There is also a flag that can be defined in /proc/<pid>/ to prevent OOM killer from terminating a specific process.

Most candidates will not know all of the factors of OOM killer, but the more the better

Describe a linux package management system and why it is useful.

Hopefully they can describe rpm or debian package manager and explain that it's useful for version control and consistency.

What is difference between hard and soft link, from inode and filesystem perspective?

Soft link is basically a file string pointer that can point to another directory or file (spanning partitions), a soft link is it's own file and has it's own inode number.

Hard link is basically another name for the same file existing on the same partition. It points to the same inode number. If you have two hard links and delete either one of them, the file is still there. If you have a soft link pointing to a file and you delete the file that the soft link is pointing to, the soft link breaks and the file is gone.

(Note: hard links cannot span multiple partitions, if they say they can both point to directories or across multiple partitions; mark it as wrong)

Difference between ctrl+Z and ctrl+D

CTRL + Z pauses the running application and you can choose to throw it in the background with the bg command or bring it back to foreground with fg

CTRL + D sends a signal to indicate that you're done without a harsh kill signal like CTRL + C

What does iowait mean when your looking at your system stats and why does it matter?

Iowait is the time a process is waiting and unable to preform any actions due to a IO block, usually caused by resource contention or because the resource is too slow. This is one of the biggest reason why load averages spike (so they might have touched upon this in the first question)

When is swapping ok and when is it bad?

Swapping is ok when it's high niced applications or when the memory swapped is applications that do not need access to that memory very often. If swap usage is not growing at all and not occurring very often then a little usage of swap is not very concerning.

Swapping is usually bad as it indicates there is not enough available memory for all of the applications and as a system begins swapping it drastically slows down as it starts placing memory that should be stored in RAM onto a hard drive / storage volume.

What is ulimit and why does it matter?

Ulimit allows you to control system settings, for example core file size (if an application crashes and should generate a core dump; what is the maximum file size this should be), max memory allowance, open files… etc (uname –a would show you configurable options and current limitations).

How do you look at open file descriptors?

lsof

How do you check for version of a package? How do you update to new version, if one is available on lets say on CentOS?

Yum search / yum check-update / yum update

If a daemon process is not starting, where would you look to figure out why it isn’t starting?

Good starting location would be to check the logs for the process

Describe how DNS works?

They should be able to touch upon DNS is the resolution of a name to IP address and works like a tree. If their local dns server does not have the answer it has to goto the "root" of the tree, and start going down the name servers until it finds a response

I will also usually ask about the protocol as well, like does it use tcp or udp (it actually uses both, tcp is the only way you can get large dns responses though, udp is by far more commonly used though)

Describe how tcptraceroute is different from traceroute and why it might be helpful (Note: if they've never worked with tcptraceroute, then ask how trace route works from a technical level).

Common misconception / miscommunication: tcpdump is not the same as tcptraceroute, if they say tcpdump in their response try clarifying it's tcptraceroute

Traceroute functions by increasing the TTL value on packets sent, regular trace route usually utilizes ICMP or UDP packets to check the path; but this can be denied on a lot of firewalls.

Tcptraceroute allows you to specify port numbers and will send TCP SYN packets. When troubleshooting connectivity issues to a location where you suspect a firewall might be restricting traffic sending tcptraceroutes with an expected port will usually allow you through the firewall and usually allows you to get a clearer picture of whats going on

How to discard output from a script and print only errors from a script? How do you close a file descriptor?

Discarding output from a script: >/dev/null (they might call > a redirect (correct) or "pipe" (technically not correct, but acceptable))

note: if they do 2>&1 (they might say redirect standard error (or 2) to standard out) ) then they will just put the output to stdout and that would not accomplish the goal, especially if they said the above line in combination with this, that will get rid of all output leaving nothing.

Closing file descriptors: 1>&- or 2>&- or 3>&- (they might say standard out, standard error instead of 1 or 2, that’s fine)

How do you do a simple infinite loop, which finds files created in last hr and have more than 1 hard link, sleep for 1 minute?

while [ true ]; do

find . -type f -mmin -60 -printf "%p %n\n" 2>/dev/null | grep -v ' 1$'

sleep 60 #or sleep 1m

Done

Notes:

they shouldn't use a "For" loop, if they say "while true", or "while 1" or "until false" then that should be good for the infinite loop aspect

a lot of candidates don't know exactly the find parameters off hand, They should at least know "find" "type f" and either "m min" or "m time". And if they don't know the rest I would usually ask them if they were in front of a terminal without internet access what they would do. The answer I'm looking for is "man find" in that case.

How do you preform a search and replace on a file (specifically related to scripting, so what commands opposed to using vi or nano or something else)?

sed -e s/<string>/<replace>/g

What is the purpose of “#!/bin/bash” in a shell script?

The first two bytes of the executable file tells the system what interpreter (or application) and optionally default arguments to run, in this case it tells the system to run bash when it is executed

Change the number of days to date from /etc/shadow file

The file /etc/shadow has a couple date fields that are expressed as the number of days since Jan 1, 1970. Is there an easy way using to get a list of users and the calendar date of the last password change, and the expiration?

Below command simply worked for me.
$ for n in $(sudocat /etc/shadow | awk '{FS=":";print $3}'); do date -d "01/01/1970 +${n}days" +%F; done
$ for n in $(cat /etc/shadow | awk '{FS=":";print $3}'); do date -d "01/01/1970 +${n}days" +%F; done

report password status on the named account passwd -S username
# for user in $(cut -d: -f1 /etc/passwd); do sudo passwd -S $user; done

Using gawk's strftime combined with some arithmetic gives me what I wanted.
$ cat shadow | gawk -F: '{ print $1 ":" strftime("%Y%m%d",86400*$3) ":" strftime("%Y%m%d",86400*$4)}
20120304:19691231
daemon:20100203:19691231
bin:20100203:19691231
sys:20100203:19691231

http://unix.stackexchange.com/questions/36384/extract-dates-from-etc-shadow

Setting up Date and time on Redhat Linux EP 7

Setting up Date and time on Redhat EP 7
Changing the Date
# timedatectl set-time YYYY-MM-DD
# timedatectl set-time 2014-06-30
Note:
YYYY -: four-digit year
MM -: two-digit month
DD -: two-digit day of the month.

Changing the Time
# timedatectl set-time HH:MM:SS
# timedatectl set-time 10:15:00
Note:
HH -: hour, 24 hour cycle.
MM -: minute
SS -: second
To check the time information just type the command,
# timedatectl
Changing the Time Zone
List available time zones.
# timedatectl list-timezones | grep -i europe
Change your time zone.
# timedatectl set-timezone Your_time_zone
# timedatectl set-timezone Europe/Amsterdam

Setting up time with time server
# timedatectl set-ntp boolean (yes/no)
# timedatectl set-ntp yes

Using the date command.
----------------------
To display current date and time.
# date
To customize the date output
# date +"%Y-%m-%d %H:%M"
2014-06-30 14:26
Change the current date (June 30, 2014)
# date +%F -s YYYY-MM-DD
# date +%F -s 2014-06-30
Change the current time
# date +%T -s HH:MM:SS
# date +%T --set 14:30:40
Note: By default date command sets the system clock in local time. To set it on UTC use the following command.
# date +%T --set HH:MM:SS --utc

Using hardware (hwclock) clock.
# hwclock --set --date "dd mmm yyyy HH:MM"
# hwclock --set --date " 06 jun 2014 31:22"
# hwclock --systohc

Monday, June 23, 2014

How to download and install VMware vSphere Hypervisor 5.5.0 License

How to download and install VMware vSphere Hypervisor 5.5.0 License

1. Go to https://my.vmware.com/web/vmware/evalcenter?p=free-esxi5&lp=default
2. Click “License & download” and login with your vmware account or register a new one.
3. Under “License & Information” you will find the VMware vSphere Hypervisor 5 License key.
or
a. login to vmware site and view my downloads
b. Browse all the way down to the license information and you will see your license keys you have registered.

1. Once your installation of VMware vSphere Hypervisor 5.5 is completed, login to the address provided from your laptop or desktop.
2. Download the VMware vSphere client from the download link and install.
3. Open your vSphere Client.
4. Log in with your username and password.
5. Select the host in the inventory, then click the Configuration tab
6. Select Licensed Features in the Software pane.
7. Then click the Edit link and enter the license key.
Now, all is good.

Wednesday, June 18, 2014

DNS by example

Start of Zone Authority
The SOA resource records provide the information that’s needed to resolve domain names to IP
addresses. These files are typically stored in the /var/named directory, but you can name them
anything you want. For this example, I’ll name my SOA file /var/named/xyz.com.

The SOA resource records require a number of fields.
You can include comments in the resource file by typing a semicolon (;) before the comment.

The file entry is as follows,
@ IN SOA sama.expanor.local root.expanor.local (
2014061601 ; serial number
3600 ; refresh (1hrs)
3600 ; retry (1hr)
151200 ; expire (1 week)
86400 ) ; default TTL
here, the SOA resource file gives you some detail about the SOA record.
1. The @ symbol represent the dmain name of for the zone.
2. The IN statement stands for Internet Name, and SOA tells that we are defining the SOA for
our domain (ie expanor.local).
3. The first domain name after SOA defines the primary name server for this domain
(sama.expanor.local).
4. The second field is the administractive email address (root@sama.expanor.local.
(Note: email address uses . (period) rather than @ character in SOA record.
5. After the email address, you start with an opening parenthesis to start the numeric
statements. The next lines indicate parameters for the server.
6. The first number is the serial number, eg, date.01 ( 2014061601; dateVERSION).
Note: Every time you change the resource record, you need to increase the serial number by one
before you restart the service 'named'. When secondary checks for the new information, it first
checks the serial number to make sure it gets the latest information. If serial number is
larger than on the slave, then slave performs a zone transfer. If you never increase this
number, your changes will never take effect.
7. The second number is the refresh rate in second. What this mean is that the value tells the
DNS servers how ofter they should query the primary server to if if there is change in records
that need to be updated.
8. The third number is to check for updates (retires) in seconds if it (slave server) can't
contact it (master) at first attempt.
9. The fourth number is for the slave server which cache the entry. If some reason slave
(secondary) server can't communicate with primary (master) server for a update, they will
discard the cache value after the specified number of seconds. Normally the value is defined
for a week.
10. The last number is for how long the caching servers should wait before allowing an entry to
expire if they can't contact the primary (master) DNS server. Normal value is 5-7 days.
11. Now, you clise the statement with parenthesis.

NS servers
Now, the next entries should be the authoritative NS (Name Server) servers for your domain.
Using the previous example, we would type something like this:

NS sama.expanor.local.
NS sam.expanor.local.
There are two authoritative name servers for the expanor.local domain: sama.expanor.local (the
computer that we’re currently setting up) and sam.expanor.local (a secondary or backup or slave
DNS server). Since both are fully qualified hostnames, they need to have periods after their
names.
Note: If you write the above lines as sama.expanor.local and not as sama.expanor.local, the
server would translate the addresses as sama.expanor.local.expanor.local
MX records
The next etry is for MX (Mail exchanger) record. This entry tells the outside world that the
defined machine will receive mail from external networks. Depending on your environment, you
can have one or two mail (primary/secondary or backup) server. for eg,
MX 10 sama.expanor.local
MX 20 sam.expanor.local

The lines above tells the external networks to try to deliver the mails to sama.expanor.local
first and if its not available, then try to deliver to sam.expanor.local. The number on second
coloum is the priority number. Lower the number higher the priority. So sama will recieve all
the mails unless it is not reachable on the network.

A records
The next entry is A (Address record) records. The address records (A) translates hostname to
ipaddress. You should have A record for all the machines in a network if you want to have a
recognized hostnames. The entry can be as follows.
sama A 192.168.10.110
sam A 192.168.10.8
jay A 192.168.10.160
These lines tell the DNS server that sama.expanor.local is mapped with ip address
192.168.10.110 and jay is mapped with 192.168.10.160
Note: Since there is no period after the hostname, the DNS server assumes that the domain name
is retain from the current SOA record (expanor.local SOA).
CNAME records (Canonical Name)
Canonical Name (CNAME) records also known as hostname aliases is any other name (common names)
that you want to define for the hostname. That is using CNAME, you can use friendly name to
represent the host. For eg, if you have to define a mail serverm, you can do as follows,
mail.expanor.local
sama.expanor.local
which represent the same server and can be reached through either name.
Note: For CNAME to work, you must define an address (A) or Mail Exchange (MX) record. for eg,
sama IN A 192.168.10.110
mail IN CNAME sama
www IN CNAME sama
ftp IN CNAME sama
mail2 IN CNAME sam

mail.expanor.local, www.expanor.local and ftp.expanor.local map to sama.expanor.local. You also
have to define the alias for mail2.expanor.local which points to sam.expanor.local.
Now, the final forward lookup resolution for the domain expanor.local looks like follows,

$ cat /var/named/expanor.frwd
@ IN SOA sama.expanor.local root.expanor.local (
2014061601 ; serial number
3600 ; refresh (1hrs)
3600 ; retry (1hr)
151200 ; expire (1 week)
86400 ) ; default TTL
; specify the name servers for the domain.
NS sama.expanor.local.
NS sam.expanor.local.
; define mail servers
MX 10 sama.expanor.local
MX 20 sam.expanor.local
; define the ipaddress for the server
sama A 192.168.10.110
sam A 192.168.10.8
jay A 192.168.10.160
; define alias
mail IN CNAME sama
www IN CNAME sama
ftp IN CNAME sama
mail2 IN CNAME sam

Reverse address resolution database
Now, we have primary SOA and we have to define the reverse lookup information to match the
record.

$ cat /var/named/expanor.frwd
@ IN SOA sama.expanor.local root.expanor.local (
2014061601 ; serial number
3600 ; refresh (1hrs)
3600 ; retry (1hr)
151200 ; expire (1 week)
86400 ) ; default TTL
; define name servers
NS sama.expanor.local.
NS sam.expanor.local.

110 IN PTR sama
8 IN PTR sam
160 IN PTR jay
so the SOA and the NS records are exactly the same. The new record type here is the pointer
(PTR) record which is also called reverse resolution record and maps the ipaddress to hostname.
We define the last octet of the ip address for the defined hostnames which the 'named' service
points to the ip address 192.168.10.110 to host sama. which resolves to sama.expanor.local and
so on.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

[root@sama named]# more /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 192.168.10.110; }; #Specify your DNS server
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.10.0/24; }; # Range of IP
# allow-transfer { localhost; 102.168.10.8;}; # Secondary DNS server
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

//zone "0.0.127.in-addr.arpa" in {
// type master;
// file "home.local";
//};

// Define your zone here

zone "expanor.local" IN {
type master;
file "expanor.forward.zone";
allow-update { none; };
};

// Specify your reverse zone info
zone "10.168.192.in-addr.arpa" IN {
type master;
file "expanor.reverse.zone";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

****************************************************************

[root@sama named]# more expanor.forward.zone
$TTL 86400
@ IN SOA sama.expanor.local. root.expanor.local.(
201504191; Serial #
3600 ; Refress interval
1800 ; Retry time
604800 ; Expire time
86400 ; Max time to live TTL
)
@ IN NS sama.expanor.local. ; Primary DNS server
@ IN NS sam.expanor.local. ; secondary DNS server
@ IN MX 10 mail.expanor.local. ; Mail server MX record
;
sama IN A 192.168.10.110
sam IN A 192.168.10.8
suvi IN A 192.168.10.115
chandra IN A 192.168.10.150
surya IN A 192.168.10.160
jay IN A 192.168.10.170
devi IN A 192.168.10.180
pramila IN A 192.168.10.190
myu IN A 192.168.10.20
ram IN CNAME sama
mail IN CNAME sama
vmware IN A 192.168.10.99
beena IN A 192.168.10.111
mohan IN A 192.168.10.220
bikash IN A 192.168.10.221
kuldeep IN A 192.168.10.222
fairfax IN A 192.168.10.250

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

[root@sama named]# more expanor.reverse.zone

$TTL 864000;

@ IN SOA sama.expanor.local. root.expanor.local. (

201504191 ; Serial #

3600 ; Refresh time

1800 ; Retry time

604800 ; Expire

86400) ; Minimum TTL

;$TTL 1D

;

;@ IN SOA sama.expanor.local root.expanor.local. (

;201406110 ; serial

;2H ; refresh slaves

;5M ; retry

;1W ; expire

;1M ; Negative TTL

;)

NS sama.expanor.local.

NS sam.expanor.local.

;

110 IN PTR sama.expanor.local.

8 IN PTR sam.expanor.local.

150 IN PTR chandra.expanor.local.

160 IN PTR surya.expanor.local.

180 IN PTR devi.expanor.local.

170 IN PTR jay.expanor.local.

190 IN PTR pramila.expanor.local.

20 IN PTR myu.expanor.local.

99 IN PTR vmware.expanor.local.

250 IN PTR fairfax.expanor.local.

[root@sama named]#

[root@sama named]# cat /etc/resolv.conf
# Generated by NetworkManager
search expanor.local
nameserver 192.168.10.110

[root@sama named]# more /etc/nsswitch.conf

hosts: files dns

updated info,

[root@localhost opt]# dig sama.expanor.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> sama.expanor.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6583
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;sama.expanor.local. IN A

;; ANSWER SECTION:
sama.expanor.local. 86400 IN A 192.168.10.110

;; AUTHORITY SECTION:
expanor.local. 86400 IN NS sam.expanor.local.
expanor.local. 86400 IN NS sama.expanor.local.

;; ADDITIONAL SECTION:
sam.expanor.local. 86400 IN A 192.168.10.8

;; Query time: 2 msec
;; SERVER: 192.168.10.110#53(192.168.10.110)
;; WHEN: Mon Apr 20 07:47:16 2015
;; MSG SIZE rcvd: 100

Let's examine the some dig output values:

Look at the section between Got answer and Question Section, you will see the header information.
The line beginning with ->> HEADER <<- is the first part of the header of the reply message that dig received from the remote name server. The opcode in the header is always QUERY, just as it is with nslookup. The status is NOERROR; "Showing the Query and Response Messages". The ID is the message ID, a 16-bit number used to match responses to queries.

Just belo the line, you see the 'flags'. glags tell us more about the response. qr indicates that the message was a response, not a query. dig decodes responses, not queries, so qr will always be present. Not so with aa or rd, though. aa indicates that the response was authoritative, and rd indicates that the recursion desired bit was set in the query (since the responding name server just copies the bit from the query to the response). Most of the time rd is set in the query, you'll also see ra set in the response, indicating that recursion was available from the remote name server.

The next field tells you that dig asked one question and received one answer in ANSWER section, 2 on AUTHORITY section and 1 additional information.

At the end, dig gives the summary information about the query and response. The first line shows you how long it took the remote name server to return the response after dig sent the query. The second line shows you from which host you sent the query and to which name server you sent it. The third line is a timestamp showing when the response was received. And the fourth line shows you the size of the query and the response, in bytes.

http://www.techrepublic.com/article/setting-up-a-dns-server-under-linux-part-1-the-
configuration/

Sun M 5000 login, power on, power off

bash-3.2$ ssh digicon2
Console access type: Digi Passport
jay@digicon2's password:
Entering server port, ..... type ^x for port menu.
================================================                                     WARNING
================================================
you will be entering to a computer system protected by law.
================================================
melone225 console login: jay
Enter Your Cached LAN Password:
May 9 16:11:21 melone225 last message repeated 2 times
May 9 16:11:51 melone225 login[3802]: Login failure on /dev/console, jay
May 9 16:11:51 melone225 vasd[3876]: parent_loop_body: Network state going down due to unable
to establich creds, error <VAS_ERR_CRED_NEEDED: Encountered VAS_ID_FLAG_KEEP_COPY_OF_CRED that
does not have copy of creds>
Login incorrect
================================================
                                     WARNING
================================================
you will be entering to a computer system protected by law.
================================================
melone225 console login: melone225 console login: jay
Enter Your Cached LAN Password:
Last login: Thu Apr 24 15:18:53 from 192.168.10.154
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
$ sudo su -
Enter Your Cached LAN Password:
May 9 16:12:16 melone225 sudo:   jay : TTY=console ; PWD=/fmac/users/jay ; USER=root ;
COMMAND=/usr/bin/s
May 9 16:12:16 melone225 su[22356]: 'su root' succeeded for jay on /dev/console
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
You have new mail.
root@melone225:/ > May 9 16:12:21 melone225 vasd[3876]: parent_loop_body: Network state going
down due to unable to establich creds, error <VAS_ERR_CRED_NEEDED: Encountered
VAS_ID_FLAG_KEEP_COPY_OF_CRED that does not have copy of creds>
root@melone225:/ > /opt/CA/eac/bin/secons -s
/usr/bin/ksh: /opt/CA/eac/bin/secons: not found
root@melone225:/ > init 5
May 9 16:12:33 melone225 tictimed[10256]: [tictimed]: stopping on SIGTERM or SIGPWR.
May 9 16:12:33 melone225 tictimed[10256]: [tictimed]: stopping on SIGTERM or SIGPWR.
root@melone225:/ > ^C
root@melone225:/ > ^C
root@melone225:/ > ^C
root@melone225:/ > ^C
root@melone225:/ > May 9 16:12:52 melone225 vasd[3876]: parent_loop_body: Network state going
down due to unable to establich creds, error <VAS_ERR_CRED_NEEDED: Encountered
VAS_ID_FLAG_KEEP_COPY_OF_CRED that does not have copy of creds>
May 9 16:13:15 melone225 syseventd[356]: SIGHUP caught - reloading modules
May 9 16:13:17 melone225 syseventd[356]: Daemon restarted
May 9 16:13:22 melone225 vasd[3876]: parent_loop_body: Network state going down due to unable
to establich creds, error <VAS_ERR_CRED_NEEDED: Encountered VAS_ID_FLAG_KEEP_COPY_OF_CRED that
does not have copy of creds>
svc.startd: The system is coming down. Please wait.
svc.startd: 94 system services are now being stopped.
#.
^[syncing file systems... done

>> 'john' initiated a new r/w session
>> 'bill' initiated a new r/w session
exit from console.
XSCF>
XSCF>
XSCF> showdomainstatus -a
DID         Domain Status
00          Running
01          Powered Off
02          -
03          -
XSCF> console -d 0
Console contents may be logged.
Connect to DomainID 0?[y|n] :y
================================================
                                     WARNING
================================================
you will be entering to a computer system protected by law.
================================================
melone125 console login: exit from console.
XSCF>
XSCF> showdomainstatus -a
DID         Domain Status
00          Running
01          Powered Off
02          -
03          -
XSCF> console -d 00
Console contents may be logged.
Connect to DomainID 0?[y|n] :y
================================================
                                     WARNING
================================================
you will be entering to a computer system protected by law.
================================================
melone125 console login: exit from console.
XSCF> showdomainstatus -a
DID         Domain Status
00          Running
01          Powered Off
02          -
03          -
XSCF> console -d 01
Console contents may be logged.
Connect to DomainID 1?[y|n] :yes
Unexpected input. Please enter a valid option.
Console contents may be logged.
Connect to DomainID 1?[y|n] :y
>> 'marc' initiated a new r/w session
exit from console.
XSCF>
XSCF>
XSCF> showdoaminstatus -a
shell: showdoaminstatus: command not found
XSCF> showdomainstatus -a
DID         Domain Status
00          Running
01          Powered Off
02          -
03          -
XSCF> poweron -d 01
DomainIDs to power on:01
Continue? [y|n] :y
01 :Powering on
*Note*
This command only issues the instruction to power-on.
The result of the instruction can be checked by the "showlogs power".
XSCF> console -d 01
Console contents may be logged.
Connect to DomainID 1?[y|n] :y
POST Sequence 01 CPU Check
LSB#01 (XSB#01-1): POST 2.17.0 (2011/11/17 10:29)
LSB#03 (XSB#01-3): POST 2.17.0 (2011/11/17 10:29)
LSB#02 (XSB#01-2): POST 2.17.0 (2011/11/17 10:29)
POST Sequence 02 Banner
LSB#00 (XSB#01-0): POST 2.17.0 (2011/11/17 10:29)
POST Sequence 03 Fatal Check
POST Sequence 04 CPU Register
POST Sequence 05 STICK
POST Sequence 06 MMU
POST Sequence 07 Memory Initialize
POST Sequence 08 Memory

Meeting Minutes

Meeting Minutes
Date: 5/28/2014

Attendance:
    ABC Team : Adrian, Bill, John
    UNIX Team : Jay, Mark, Bill J.
    Windows Team : Mary, Sam
    AIX Team : n/a
    Storage  : n/a
    SQL/Sybase DBA : n/a
    Oracle/UDB DBA : n/a
    Infra Operation : n/a
    Others  : Kristen , Jim

Projects Discussed:

PeopleSoft EPM DB Migration
Notes:
    data retention, archival required
    DBA Validation:
    UNIX SA Validation: N/A
    DBA how many days: 5 Days

Action Item: -
   Mark - complete Main Page

Peoplesoft Portal DB Migration
Notes:

Action Item: -

Monday, June 16, 2014

Script to find a keyword from a log file based on date and sends an email if found

On applnxsrv01, for ntdomain we are receiving STUCK threads on certain occasions.

Hence we request for a script to grep for the keyword 'STUCK' in the log file /wls//ntr/ntrUATDomain/logs/startntrPRDMServer1.log and send an email alert to the email address jay@expanor.local

bash-3.2$ cat /tmp/find_log_entry.sh
#!/bin/sh
# Jay; V.01; Mon Jun 16 12:10:10 EDT 2014
# This script will search for a keyword specified
# on the script and start looking at todays date and
# if there are any entries found, it will send
# an email to the user specified on the script.
#
grep $(date +"%b %d, %Y %r %Z") /wls/test/sfss/ntr/ntrUATDomain/logs/startntrUATMServer1.log 2>/dev/null| grep "STUCK"
if [ "$?" = 0 ]
then
#mail -s " Entry found on the log file on host `hostname`, please check .... " jay@expanor.local

echo "Keyword entry found on host `hostname` today that is `date`" | mail -s " Please check the message on body section" jay@expanor.local
fi
bash-3.2$

This is the log format
<Jun 4, 2014 4:33:25 PM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 >
<Jun 4, 2014 4:33:26 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jun 4, 2014 4:33:26 PM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>