Wednesday 29 June 2016

Domain Name System (DNS) Configuration in Centos 6/RHEL 6

See in this post we are going to see how to configure DNS 

 First we should know what is DNS ...??

 DNS is also called as Domain Name Service (DNS) , DNS is the Application layer protocol in internet protocol suite.
DNS is used for naming services also it resolves Forward and Reverse Lookup.
Forward Lookup = Domain Name to find an IP Address
Reverse Lookup = IP Address to find a Domain Name
An Internet facility that lets you do either forward or reverse DNS lookup yourself is called nslookup.
DNS PORT NO = 53
Domain name= example.org
Server IP Address = 192.168.40.120/24
Server Hostname = server.tn.example.org
Client IP Address = 192.168.40.125/24
Client Hostname = client.tn.example.org

Server Side Configuration:-

 Install BIND Package 
[root@server ~]# yum install bind bind-utils –y

[root@server ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 192.168.40.120; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.40.0/24; };
allow-transfer{ localhost; 192.168.40.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"example.org" IN {
type master;
file "forward.example";
allow-update { none; };
};
zone"40.168.192.in-addr.arpa" IN {
type master;
file "reverse.example";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Create forward.example & reverse.example files under the directory /var/named

[root@server ~]# vim /var/named/forward.example
$TTL 86400
@   IN  SOA     server.tn.example.org. root.example.org. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          server.tn.example.org.
@       IN  A           192.168.40.120
@       IN  A           192.168.40.125
server.tn       IN  A   192.168.40.120
client.tn       IN  A   192.168.40.125

[root@server ~]# vim /var/named/reverse.example
$TTL 86400
@   IN  SOA     server.tn.example.org. root.example.org. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          server.tn.example.org.
@       IN  PTR         example.org.
server.tn       IN  A   192.168.40.120
client.tn       IN  A   192.168.40.125
120     IN  PTR         server.tn.example.org.
125     IN  PTR         client.tn.example.org.
[root@server ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]
[root@server ~]# /etc/init.d/named status
version: 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  3834) is running...

[root@server ~]# chkconfig named on

Add iptables rule for allowing dns port
[root@server ~]# iptables -A INPUT -p tcp --dport 53 -s 0.0.0.0/0.0.0.0 -j ACCEPT
[root@server ~]# iptables -A INPUT -p udp --dport 53 -s 0.0.0.0/0.0.0.0 -j ACCEPT
[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@server ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

you can test DNS server using dig and nslookup commands

 [root@server ~]# dig server.tn.example.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> server.tn.example.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;server.tn.example.org.         IN      A

;; ANSWER SECTION:
server.tn.example.org.  86400   IN      A       192.168.40.120

;; AUTHORITY SECTION:
example.org.            86400   IN      NS      server.tn.example.org.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 29 16:07:55 2016
;; MSG SIZE  rcvd: 69

nslookup is a command is used to query name servers

[root@server ~]# nslookup example.org
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   example.org
Address: 192.168.40.125
Name:   example.org
Address: 192.168.40.120
Client Side Configuration:-

Add DNS server details in resolv.conf in client machine.
[root@client ~]# vim /etc/resolv.conf
; generated by /sbin/dhclient-script
search example.org
nameserver 192.168.40.120
[root@client ~]# dig server.tn.example.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> server.tn.example.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27640
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;server.tn.example.org.         IN      A

;; ANSWER SECTION:
server.tn.example.org.  86400   IN      A       192.168.40.120

;; AUTHORITY SECTION:
example.org.            86400   IN      NS      server.tn.example.org.

;; Query time: 2 msec
;; SERVER: 192.168.40.120#53(192.168.40.120)
;; WHEN: Wed Jun 29 22:23:52 2016
;; MSG SIZE  rcvd: 69

[root@client ~]# dig client.tn.example.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> client.tn.example.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2456
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;client.tn.example.org.         IN      A

;; ANSWER SECTION:
client.tn.example.org.  86400   IN      A       192.168.40.125

;; AUTHORITY SECTION:
example.org.            86400   IN      NS      server.tn.example.org.

;; ADDITIONAL SECTION:
server.tn.example.org.  86400   IN      A       192.168.40.120

;; Query time: 1 msec
;; SERVER: 192.168.40.120#53(192.168.40.120)
;; WHEN: Wed Jun 29 22:24:22 2016
;; MSG SIZE  rcvd: 92




Posted by at No comments:
Labels:

Thursday 23 June 2016

User and Group Management in CentOS 6/RHEL 6

User and Group Management

In linux operating system root is the administrator user who is having all the privileges, root user is also called superuser, root can access all files and commands on linux.
root user id is 0
If you want to check system user related information in /etc/passwd file

{In RHEL 6 by default UID assigned to users would start from 500 but in RHEL 7 change in UID allocation, any new users would get UIDs starts assigned from 1000. If you don't want  UID starts from 1000 you can change this in /etc/login.defs }

 By default users home directory is created under /home

To create new user
[root@server ~]# useradd arun

Set password for newly created user
[root@server ~]# passwd --stdin arun
Changing password for user arun.
arun123
passwd: all authentication tokens updated successfully.

Check the details of new user account added in /etc/passwd

[root@server ~]# tail -n 1 /etc/passwd
arun:x:500:500::/home/arun:/bin/bash

 Check the group account information in /etc/group
[root@server ~]# tail -n 1 /etc/group
arun:x:500:

 To delete user account
#userdel arun

To delete user with home directory
#userdel -r arun

To create new group called mango
#groupadd mango

To create a group with particular group ID
#groupadd –g 555 mango

To modify existing user home directory
#usermod –d /home/apps arun
{above command will change the existing user arun home directory from /home/arun to /home/apps }

To change the user’s home directory with content
#usermod –m –d /home/newapps arun

To change user’s default shell using two command usermod & chsh
#usermod –s /bin/sh arun

(OR)

 # chsh -s /bin/sh arun
Changing shell for arun.
Shell changed.

To view the available shell
#chsh –l

How to change default user home directory while adding a new user
[root@server ~]# cat /etc/default/useradd 
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes










Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)