DNS Setup DNS CONFIGURATION DNS Setup DNS Configuration

  • Slides: 30
Download presentation
DNS Setup DNS CONFIGURATION

DNS Setup DNS CONFIGURATION

DNS Setup DNS Configuration named daemon is used A DNS Server may be caching/master/slave

DNS Setup DNS Configuration named daemon is used A DNS Server may be caching/master/slave server The named. ca file has information of all Root Servers. There is a Forward Zone file and a Reverse Zone file for every domain. Configuration file: /var/named/chroot/etc/named. conf Forward Zone File: /var/named/chroot/var/named/<forward_zone_file> Reverse Zone File: /var/named/chroot/var/named/<reverse_zone_file>

DNS Setup Sample Master named. conf zone ". " { type hint; file "named.

DNS Setup Sample Master named. conf zone ". " { type hint; file "named. ca"; }; zone "0. 0. 127. in-addr. arpa" { type master; file "named. local"; allow-query {any; }; }; zone "iitk. ac. in" { type master; file "hosts. db"; allow-query {any; }; }; zone "95. 200. 203. IN-ADDR. ARPA" { type master; file "hosts. rev. 203. 200. 95"; allow-query {any; }; }; zone "iitk. ernet. in" { type slave; file "hosts. iitk. ernet. in"; masters { 202. 141. 40. 10; }; allow-query {any; };

DNS Setup Sample Forward Zone File $TTL 86400 @ IN SOA ns 1. iitk.

DNS Setup Sample Forward Zone File $TTL 86400 @ IN SOA ns 1. iitk. ac. in. root. ns 1. iitk. ac. in. ( 200605091 ; Serial 10800 ; Refresh - 3 hours 3600 ; Retry - 1 hour 1209600 ; Expire - 1 week 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns 1. iitk. ac. in. IN NS ns 2. iitk. ac. in. IN MX 5 mail 0. iitk. ac. in. IN MX 10 mail 1. iitk. ac. in. IN MX 20 mail 2. iitk. ac. in. $ORIGIN iitk. ac. in. ns 1 IN A mail 0 IN A proxy IN CNAME 203. 200. 95. 142 203. 200. 95. 144 mail 0

DNS Setup Sample Reverse Zone File $TTL 86400 $ORIGIN 200. 203. in-addr. arpa. 95

DNS Setup Sample Reverse Zone File $TTL 86400 $ORIGIN 200. 203. in-addr. arpa. 95 IN SOA ns 1. iitk. ac. in. root. ns 1. iitk. ac. in. ( 200605091 ; Serial 10800 ; Refresh - 5 minutes 3600 ; Retry - 1 minute 1209600 ; Expire - 1 weeks 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns 1. iitk. ac. in. IN NS ns 2. iitk. ac. in. $ORIGIN 95. 200. 203. in-addr. arpa. ; ; 142 IN PTR ns 1. iitk. ac. in. 144 IN PTR mail 0. iitk. ac. in.

DNS Setup Configuring Local Resolver /etc/resolv. conf server 127. 0. 0. 1

DNS Setup Configuring Local Resolver /etc/resolv. conf server 127. 0. 0. 1

DNS Setup Test DNS nslookup host dig Test your DNS with the following DNS

DNS Setup Test DNS nslookup host dig Test your DNS with the following DNS diagnostics web site: dnsstuff. com

Apache Setup APACHE SETUP

Apache Setup APACHE SETUP

Web Server Setup Web Server • Apache Web Server is used • Daemon is

Web Server Setup Web Server • Apache Web Server is used • Daemon is httpd (service httpd start/stop/restart)

Web Server Setup Files used by Apache Configuration file: /etc/httpd/conf/httpd. conf Log files: /var/log/httpd/access_log

Web Server Setup Files used by Apache Configuration file: /etc/httpd/conf/httpd. conf Log files: /var/log/httpd/access_log and /var/log/httpd/error_log Modules /etc/httpd/modules Default Document Root /var/www/html Default CGI Root /var/www/cgi-bin

Web Server Setup Apache Configuration Directives Server Name Min and Max Servers Document Root

Web Server Setup Apache Configuration Directives Server Name Min and Max Servers Document Root CGI Enable/Disable User Directory Index Mime Types Modules Access Restrictions Secure Server Virtual Hosting

Web Server Setup Basic Settings Change the default value for Server. Name www. <your-domain.

Web Server Setup Basic Settings Change the default value for Server. Name www. <your-domain. com> in httpd. conf and put the website content in /var/www/html Additionally you can configure Name based Virtual Hosting (allow more than one websites to run on the same server)

Web Server Setup Virtual Hosting Name. Virtual. Host *: 80 <Virtual. Host *: 80>

Web Server Setup Virtual Hosting Name. Virtual. Host *: 80 <Virtual. Host *: 80> Server. Name server-name Document. Root path-to-virtual-document-root </Virtual. Host>

Squid Setup SQUID SETUP

Squid Setup SQUID SETUP

Squid Setup Obtaining Squid Source code (in C) from www. squid-cache. org Binary executables

Squid Setup Obtaining Squid Source code (in C) from www. squid-cache. org Binary executables Linux (comes with Red. Hat and others) Free. BSD Windows Pre-installed in Fedora/Enterprise Linux

Squid Setup Basic Settings Edit the /etc/squid. conf file to configure squid Configuration options:

Squid Setup Basic Settings Edit the /etc/squid. conf file to configure squid Configuration options: Disk Cache size and location Authentication Allowed Hosts Any other access restrictions (sites, content, size, time of access etc. ) using ACL service squid start/stop/restart

Squid Setup Disc Requirements Squid makes very heavy use of disc because of heavy

Squid Setup Disc Requirements Squid makes very heavy use of disc because of heavy read/write in cache Needs discs with low seek times SCSI is better Can spread cache over 2 or more discs Raid not recommended Cached data is not critical

Squid Setup Calculating Disc Space Recommend keeping at least 2 days worth of objects

Squid Setup Calculating Disc Space Recommend keeping at least 2 days worth of objects 10 days may be better Example: 256 Kbps link loaded 10 hrs/day ~= 1 GB assume 50% cacheable -. 5 GB / day 2 days objects - 1 GB 10 days objects - 5 GB

Squid Setup Squid. conf Basic Configuration cache_dir ufs /var/spool/squid/cache 100 16 256 auth_param basic

Squid Setup Squid. conf Basic Configuration cache_dir ufs /var/spool/squid/cache 100 16 256 auth_param basic program /usr/lib/squid/ncsa_auth /etc/shadow acl sidbiusers proxy_auth required http_access allow sidbiusers acl our_network src 172. 28. 250. 0/24 http_access allow our_network (Note: use squid –z for the first time to create the cache directory and its subdirectories)

Sendmail Setup SENDMAIL SETUP

Sendmail Setup SENDMAIL SETUP

Mail Server Setup Sendmail Configuration Daemon: sendmail Configuration File: /etc/mail/sendmail. mc Edit the following

Mail Server Setup Sendmail Configuration Daemon: sendmail Configuration File: /etc/mail/sendmail. mc Edit the following lines LOCAL_DOMAIN(`localhost. localdomain')dnl (Replace localhost. localdomain by the domain name for which the mail server is being configured) DAEMON_OPTIONS(`Port=smtp, Addr=127. 0. 0. 1, Name=MTA')dnl (comment this line by adding dnl at the start of the line) dnl MASQUERADE_AS(`mydomain. com')dnl (remove dnl & replace mydomain. com by the domain name)

Sendmail Setup Sendmail Configuration Add the range of IP addresses of your network in

Sendmail Setup Sendmail Configuration Add the range of IP addresses of your network in access file (e. g. 172. 31. Relay) Run “make –C /etc/mail” command to compile sendmail. mc and generate sendmail. cf file. Restart sendmail and watch for errors

Sendmail Setup Po. P & IMAP Server Po. P 3 & IMAP Server can

Sendmail Setup Po. P & IMAP Server Po. P 3 & IMAP Server can be started using dovecot server. (service dovecot start)

Firewall FIREWALL

Firewall FIREWALL

Firewall Basic Setup Internet Application Web Server Database Firewall

Firewall Basic Setup Internet Application Web Server Database Firewall

Firewall Rules IP Address of Source (Allow from Trusted Sources) IP Address of Destination

Firewall Rules IP Address of Source (Allow from Trusted Sources) IP Address of Destination (Allow to trusted Destinations) Application Port Number (Allow Mail but restrict Telnet) Direction of Traffic (Allow outgoing traffic but restrict incoming traffic)

Firewall Implementation Hardware Firewall: Dedicated Hardware Box (Cisco PIX, Netscreen ) Software Firewall: Installable

Firewall Implementation Hardware Firewall: Dedicated Hardware Box (Cisco PIX, Netscreen ) Software Firewall: Installable on a Server ( ) Host OSs (Windows XP/Linux) also provide software firewall features to protect the host These days Firewalls provide IDS/IPS (Intrusion Detection System/Intrusion Prevention System) services also.

Linux Security LINUX Firewall Use GUI (Applications ->System Settings-> Security Level) to activate the

Linux Security LINUX Firewall Use GUI (Applications ->System Settings-> Security Level) to activate the firewall Allow standard services and any specific port based application All other services and ports are blocked

Linux Security LINUX Firewall

Linux Security LINUX Firewall