How do I setup nameserver using Centos

Here are the stpes to configure local nameservers which would help you to resolve DNS for local resource installed on the LAN and Faster nslookup queery which will help to resolve the name very fast for intranet users.

1. Install packages :
#yum install bind bind-chroot bind-libs bind-utils caching-nameserver

2. Configure RNDC :
#cd /var/named/chroot/etc
#rndc-confgen > rndc.key
# chown root:named rndc.key

3. Edit rndc.key so it looks like this, You may need to comment some lines on it.

[root@rc-025 ~]# cat /var/named/chroot/etc/rndc.key | sed '/ *#/d; /^ *$/d'
key "rndckey" {
algorithm hmac-md5;
secret "f5wyuMBPnEZBbO/333L4ig==";
};

4. Configure /var/named/chroot/etc/named.conf

// we include the rndckey (copy-paste from rndc.key created earlier)
key "rndckey" {
algorithm hmac-md5;
secret "f5wyuMBPnEZBbO/333L4ig==";
};

// we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
inet 192.168.0.1 allow { 192.168.0.0/24; } keys { "rndckey"; };
};

options {
directory "/var/named";
pid-file "/var/run/named/named.pid";

recursion yes;

allow-recursion {
127.0.0.1;
192.168.0.0/24;
};

// these are the opendns servers (optional)
forwarders {
125.2.4.12;
20.8.23.3;
};

listen-on {
127.0.0.1;
192.168.0.1;
192.168.0.25;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;

// so people can't try to guess what version you're running
version "REFUSED";

allow-query {
127.0.0.1;
192.168.0.0/24;
};
};

server 192.168.0.1 {
keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

// forward zone
zone "rain-concert.intra" IN {
type master;
file "data/mydomain.local.zone";
allow-update { none; };
# // we assume we have a slave dns server with the IP 192.168.254.101
# allow-transfer { 192.168.254.101; };
};

#// reverse zone
zone "0.168.192.in-addr.arpa" IN {
type master;
file "data/192.168.0.zone";
allow-update { none; };
# // we assume we have a slave dns server with the IP 192.168.254.101
#allow-transfer { 192.168.254.101; };
};


Here,

1. I added rndckey which is created before in the config. file.
key “rndckey” {
algorithm hmac-md5;
secret “f5wyuMBPnEZBbO/333L4ig==”;
};
2. Dns server ip is 192.168.0.1 and network is 192.168.0.0/24
3. DNS forwarder name servers ip address are 125.2.4.12, 20.8.23.3 ( using diff. ISP’s)
4. listen-on : My name server is listing on 2 Nic cards ( failover) 192.168.01 and 192.168.0.25
5. forward zone : My forwarder zone name is “mydomain.local”
6: reverse zone : My reverse zone name is ” 0.168.192.in-addr.arpa“

Now you need to create your first Forward DNS Zone,

#vi /var/named/chroot/var/named/data/mydomain.local.zone
$ttl 38400
mydomain.local. IN SOA ns.mydomain.local. admin.mydomain.local. (
2007020400 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
mydomain.local. IN NS ns.mydomain.local.
mydomain.local. IN MX 1 mx.mydomain.local.
mydomain.local. IN MX 5 mx2.mydomain.local.
www.mydomain.local. IN A 192.168.0.1
ns.mydomain.local. IN A 192.168.0.1
ns1.mydomain.local. IN A 192.168.0.1
ns2.mydomain.local. IN A 192.168.0.8
mx.mydomain.local. IN A 192.168.0.26
mx2.mydomain.local. IN A 192.168.0.26
mail.mydomain.local. IN CNAME mx.mydomain.local.
intranet.mydomain.local. IN A 192.168.0.14
Admin-PC.mydomain.local. IN A 192.168.0.90
secured_share.mydomain.local. IN A 192.168.0.40
news.mydomain.local. IN A 192.168.0.14
dev_sites.mydomain.local. IN A 192.168.0.14


Now you need to create your first Reverse DNS Zone,
# vi /var/named/chroot/var/named/data/192.168.0.zone

$TTL 24h
0.168.192.in-addr.arpa. IN SOA mydomain.local. root.mydomain.local (
2007062800 ; serial number
3h ; refresh time
30m ; retry time
7d ; expire time
3h ; negative caching ttl
)
; Nameservers
0.168.192.in-addr.arpa. IN NS ns.mydomain.local.
; Hosts
26.0.168.192.in-addr.arpa. IN PTR rc-026.mydomain.local.
25.0.168.192.in-addr.arpa. IN PTR rc-025.mydomain.local.
14.0.168.192.in-addr.arpa. IN PTR rc-014.mydomain.local.
1.0.168.192.in-addr.arpa. IN PTR rc-001.mydomain.local.
26.0.168.192.in-addr.arpa. IN PTR mx.mydomain.local.
26.0.168.192.in-addr.arpa. IN PTR mx2.mydomain.local.


5. Start the service and make sure it’ll start at boot
#service named start
#chkconfig named on

6. Now you need to configure your resolv.conf file
[root@rc-025 ~]# cat /etc/resolv.conf
search mydomain.local
nameserver 127.0.0.1 // using local DNS
nameserver 125.224.7.125 // ISP name server

7. Make sure it’s running,
[root@rc-025 ~]# rndc status
number of zones: 2
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

8. Verifying DNS is working and local names are resolved.
Execute the command after login theDNS server
[root@rc-025 ~]# nslookup rc-001
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: rc-001.mydomain.local
Address: 192.168.0.1

9. Verifying the external domain nslookup query is resolved,
[root@rc-025 ~]# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 209.85.231.104

10. Verifying Reverse DNS working : we can test it by using this nameserver’s ip Eg. host Which should returns a valid message like this,

[root@rc-025 ~]# host 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer rc-001.mydomain.local
Verifying my mail server has RDNS set
[root@rc-025 ~]# host 192.168.0.26
26.0.168.192.in-addr.arpa domain name pointer rc-026.mydomain.local.
[root@rc-025 ~]#

Now All are set and ready to go !!

Pls note that Window Desktops will not accept any name server ip which has not RDNS set. This will lead to slowness of internet access.

-njoy

Spell checking issue : Changing dictionary type in Outlook Express

My outlook express is using French dictionary !! seems strange:(. So I need to change the dictionary type and unfortunately I didn’t find any other English dictionary from the combo box.

Installing this application would work to change your dictionary to English. You may download the installs from here http://files.snapfiles.com/localdl936/spelloe_setup.exe.

Now I can use English dictionary for spell checking.

Installing same UCC SSL certificate on both Linux and Windows

I have a Godaddy UCC certificate which having 5 domain included. All of the domains are hosted on my WHM/Cpanel Linux server except one it intend to install on Windows 2008 IIS7 server.

This is the first time I have attempt to install it same cert in differ os. There is two steps.

1. We need to be installed Godaddy intermediate certificates.
2. Import the certificate which is in “pkcs12” format in IIS. But Godaddy would not give you certificate which is using “pkcs12” format.
3. Identify the website the to use the ssl and enable the port 443 to listen on that site.

A. How do I install intermediate certificates in IIS,

1. From the Start menu, select Run…, type mmc, and then click OK.
2. In the Microsoft Management Console (MMC), from the File menu, select Add/Remove Snap-in.
3. In the Add or Remove Snap-ins window, click Certificates, and then click Add.
4. Select Computer Account, and then click Next.
5. Select Local Computer, and then click Finish.
6. Close the Add Standalone Snap-in window, and, in the Add/Remove Snap-in window, click OK.
7. In the MMC window, expand the Certificates folder to view the Intermediate Certification Authorities folder.
8. Right-click Intermediate Certification Authorities, select All Tasks, and then select Import.
9. In the Certificate Import Wizard, click Next.
10. Click Browse to find the intermediate certificate file. Change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, and then click Open.
11. Click Next.
12. Select Place all certificates in the following store.
13. Click Browse, select Intermediate Certification Authorities, and then click Next.
15 Click Finish.

2. How do I generate “pkcs12” type file from the certificate file. Now you may require

a. Certificate file ( Godaddy will give)
b. Private key file ( it’s private key which used to create CSR)
c. CA bundle file ( godaddy will give)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

That’s it. Now you have a “certificate.pfx” file which would support IIS to install SSL.

3. Installing SSL certificate on IIS,

1. from the Start menu, select Control Panel, and then select Administrative Tools.
2. Select Internet Information Services Manager, and click Server Name.
3. In the Security section, double-click Server Certificates.
4. From the Actions menu, select Complete Certificate Request...
5. In the Complete Certificate Request Wizard, enter the location for the certificate file. The file extension might be .txt or .crt instead of .cer (search for all files).
6. Enter a friendly name for the certificate file, and then click OK.

7. From the Actions menu, select Bindings…
8. In the Site Bindings window, click Add…
9. In the Add Site Binding window.
10. From the Type drop-down menu, select https.
11. From the IP address drop-down menu, select All Unassigned or the IP address of the site.
* For Port, type 443.
12. From the SSL Certificate drop-down menu, select the SSL certificate you just installed, and then click OK.

Pls do remember that each SSL installations requires a dedicated IP.

-Cheers

NGINX : http domain requests to www

How do I re-direct the http domain request www domain request in Nginx server.

You need to add two virtualhost. One is for re-directing non-www request and other one is for server www-domain request.

# [root@u15382543 ~]# vi /etc/nginx/conf.d/domain.com.conf
server {
server_name domain.com;
listen 74.28.17.98:80;
rewrite ^(.*) http://www.domain.com$1 permanent;
}
server {
server_name www.example.com;
}

My domain.conf file is,

server {
server_name domain.com;
listen 74.28.17.98:80;
rewrite ^(.*) http://www.domain.com$1 permanent;
}
server {
listen 74.20.17.98:80;
server_name www.domain.com;
#access_log /var/log/httpd/nginx.access.domain.com.log;

error_log /var/log/httpd/nginx.errors.domain.com.log warn
large_client_header_buffers 4 8k; # prevent some 400 errors
root /var/www/vhosts/domain.com/httpdocs;
index index.php index.html;

location / {
expires 30d;
error_page 404 = @joomla;
log_not_found off;
}

location @joomla {
rewrite ^(.*)$ /index.php?q=$1 last;
}

error_page 500 502 503 504 404 /404.html;
location = /404.html {
root /var/www/vhosts/domain.com/httpdocs/;

location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/vhosts/domain.com/httpdocs$fastcgi_script_name;
include fastcgi_params;
}
# Select files to be deserved by nginx
location ~* ^.+.(swf|zip|rar|html|htm|pdf)$ {
#location ~* ^.+.(zip|rar|html|htm|pdf)$ {
root /var/www/vhosts/domain.com/httpdocs/;
expires 7d;
}
}


Verify the config. file.

[root@u15382543 ~]# /etc/init.d/nginx configtest
2010/10/19 13:43:52 [info] 21005#0: the configuration file /etc/nginx/nginx.conf syntax is ok
2010/10/19 13:43:52 [info] 21005#0: the configuration file /etc/nginx/nginx.conf was tested successfully

Check the error file
#tail -f /var/log/nginx/error.log

Nagios with SMTP outgoing authentications

My requirement is that few of my critical notification mails are not delivered to my gamil and yahoo id. After further checking it has been found that those mails are treated as spam. I need all my nagios alert mails should free from spam filtration.

So I decided to use trusted SMTP server to use my nagios notification mails. Also configure postfix as relay mail server using external smtp.

This process utilizes a perl script called “sendEmail”.

1) Download from http://caspian.dotconf.net/menu/Software/SendEmail.
2) Extract the file and copy the sendEmail into /usr/local/bin.
3) chmod +x /usr/local/bin/sendEmail.

Now the setup and customization of Nagios.

1) Edit /usr/local/nagios/etc/resource.cfg – add (3) new entries.
$USER5$=email_address
$USER6$=password
$USER7$=SMTP server ip

2) Edit /usr/local/nagios/etc/objects/commands.cfg

Change command_line for command_name notify-host-by-email:

command_line /usr/bin/printf "%b" "***** Nagios *****nnNotification Type: $NOTIFICATIONTYPE$nHost: $HOSTNAME$nState: $HOSTSTATE$nAddress: $HOSTADDRESS$nInfo: $HOSTOUTPUT$nnDate/Time: $LONGDATETIME$n" | /usr/local/bin/sendEmail -s $USER7$ -xu $USER5$ -xp $USER6$ -t $CONTACTEMAIL$ -f $USER5$ -l /var/log/sendEmail -u "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" -m "***** Nagios *****nnNotification Type: $NOTIFICATIONTYPE$nHost: $HOSTNAME$nState: $HOSTSTATE$nAddress: $HOSTADDRESS$nInfo: $HOSTOUTPUT$nnDate/Time: $LONGDATETIME$n"

Change command_line for command_name notify-service-by-email:

define command{
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****nnNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$i\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/local/bin/sendEmail -s $USER7$ -xu $USER5$ -xp $USER6$ -t $CONTACTEMAIL$ -f $USER5$ -l /var/log/sendEmail -u "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" -m "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\n\nHost: $HOSTALIAS$\n\nAddress: $HOSTADDRESS$\n\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$"

}

3) #touch /var/log/sendEmail
4) chown nagios:nagios /var/log/sendEmail

5) Now restart Nagios service

Testing:
Go into Nagios and send an alert and check the /var/log/sendEmail log file. It should say “Email was sent successfully”.

How do I setup Time server On Centos (ntp server)

Some critical applications ( odesk) requires system time to be updated with the server time in order to work certain features. Also you will get some application will not able to install if the local time is out dated or older. Damaged BIOS batter also cause this to happen.

So I decided to install a Network Time server in LAN. Also I have added a cron or scheduler set on each workstation to communicate with this server and re-build our OS disk images.

install ntp using yum.

# yum install ntp*
# Modify the following lines

restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap

; changed to my network
added the following lines.

server 192.168.0.1
server 127.127.1.0
fudge 127.127.1.0 stratum 10

Or you may replace the ” /etc/ntp.conf” with following entries, This is my ntp config. file
[root@rc-025 ~]# cat /etc/ntp.conf | sed '/ *#/d; /^ *$/d'

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
server 192.168.0.1
server 127.127.1.0
fudge 127.127.1.0 stratum 10

Restart the ntpd service,

[root@rc-025 ~]# service ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]

Verify the status,
[root@rc-025 ~]# netstat -nlp | grep ":123"
udp 0 0 172.16.11.1:123 0.0.0.0:* 21156/ntpd
udp 0 0 172.16.23.1:123 0.0.0.0:* 21156/ntpd
udp 0 0 192.168.0.1:123 0.0.0.0:* 21156/ntpd
udp 0 0 192.168.0.41:123 0.0.0.0:* 21156/ntpd
udp 0 0 192.168.0.25:123 0.0.0.0:* 21156/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 21156/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 21156/ntpd
udp 0 0 fe80::21c:c0ff:fea3:123 :::* 21156/ntpd
udp 0 0 fe80::250:56ff:fec0:1:123 :::* 21156/ntpd
udp 0 0 fe80::250:56ff:fec0:8:123 :::* 21156/ntpd
udp 0 0 ::1:123 :::* 21156/ntpd
udp 0 0 :::123 :::* 21156/ntpd
[root@rc-025 ~]#
Pls note that ntp is using UDP protocol. So that you can test it using telcommand.

How to verify the NTP server is working, Go to client desktop,
The following commands shows it’s working,

[root@rc-090 SVN-Archive]# date -s "16:55:30 Jun 09, 1981"
Tue Jun 9 16:55:30 IST 1981
[root@rc-090 SVN-Archive]# date
Tue Jun 9 16:55:32 IST 1981
[root@rc-090 SVN-Archive]# ntpdate -u 192.168.0.1
15 Oct 14:58:31 ntpdate[18516]: step time server 192.168.0.1 offset 926200973.366843 sec
[root@rc-090 SVN-Archeive]# date
Fri Oct 15 14:58:33 IST 2010

-njoy

How do I enable apc php extension on Centos

There is 2 ways to install.

1. Download the apc source code from the pear library and install.
2. Using pear to install apc (easy way)

Ensure that pear is there, if not execute
#yum install php-pear
pear will be installed along with the php installation from the source.

#pecl install apc
echo “extension=apc.so” > /etc/php.ini

Verified it by,
#php -m | grep “apc” or you may choose phpinfo page to verify that
apc

Restart apache to make this working over the web
# service httpd restart

How do I install new wordpress plugin

Most of us using web installer to update the wordpress version and installing plugins, theme and more. Recently I hit by a plugin install crashed my website’s admin area. It’s showing empty pages while accessing admin url.

So before install/upgrading anyting related to wordpress highly recomend to backup your files and database to minimize the downtime and your tension rate. Once after the hitting I stopped to using web-installer from untrusted plugin resource.

Here are the step will help you to this manually without any risk factor.

All WordPress Plugins cab be install the same way.

1. Download the latest version of the WordPress Plugin to your computer.
2. With an FTP program, access your site’s server.
3. Upload (copy) the Plugin file(s) or folder to the /wp-content/plugins folder.
4. In your WordPress Administration Panels, click on Plugins from the menu at the top.
5. You should see your new Plugin listed. If not, with your FTP program, check the folder to see if it is installed. If it isn’t, upload the file(s) again. If it is, delete the files and upload them again.
6. To turn the WordPress Plugin on, click Activate on the far right side of the list.
7. Check your Administration Panels or WordPress blog to see if the Plugin is working.

SSL received a record that exceeded the maximum permissible length

I got the following error during Godaddy ssl setup on one of my client server. I refers Godaddy’s ssl documentation for creating CSR and installing SSL. I can easily able to generate and complete the SSL certificates to be issued. But it seems than Godaddy ssl installation steps missed a step which shooting me an error like this “SSL received a record that exceeded the maximum permissible length”

After googling caused me to check various factors and I got confusing .. Changed the name based virtualhost to ip based virtualhost () and re-configuring Apache to listen (Listen 7.6.2.3:443) on new purchased ip in order to tunnel the ssl traffic to new ip. Everything is seems to ok but I’m getting same error even I have re-key the ssl certificate.

Finally I found that neither of SSL engine (SSLEngine on) wasn’t declared any where in virtual host which causing to throw such errors.

<VirtualHost 7.6.2.3:443>
ServerName secureddomain.com
ServerAlias www.secureddomain.com
ErrorLog /var/log/httpd/sd_error.log
TransferLog /var/log/httpd/cd_trasfer.log
DocumentRoot /home/securedd/public_html
DirectoryIndex index.php index.html
SSLEngine on
SSLCertificateFile /home/sysadmin/ssl/secureddomain.com.crt
SSLCertificateKeyFile /home/sysadmin/ssl/secureddomain.com.key
SSLCertificateChainFile /home/sysadmin/ssl/gd_bundle.crt
<Directory /home/securedd/public_html>
Options -Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
</Directory>
</VirtualHost>

-njy

mysqldump: Error 2020: Got packet bigger than 'max_allowed_packet' bytes when dumping table

I got this error when I was dumping a huge table which size is more than 26GB in size.

mysqldump: Error 2020: Got packet bigger than ‘max_allowed_packet’ bytes when dumping table `QPR` at row: 5659

The server’s default max_allowed_packet value is 1MB. You can increase this if the server needs to handle big queries (for example, if you are working with big BLOB columns). The largest possible packet that can be transmitted to or from a MySQL 5.1 server or client is 1GB.

edit your my.cnf file and add
max_allowed_packet=1024M then restart
[root@db01 ~]# service mysqld restart
Stopping MySQL: [ OK ]
Starting MySQL: [ OK ]

mysql> show GLOBAL variables like 'max_allowed_packet%';
+--------------------+------------+
| Variable_name | Value |
+--------------------+------------+
| max_allowed_packet | 1073740800 |
+--------------------+------------+
1 row in set (0.00 sec)
mysql>

NB: I need huge blog type data to be fetched from db. We can also avoid this restart buy
Make sure that if the parameter values are changed by executing this command (ex.)show parameters like ‘max_allowed_packet’ from MySQL client(default).

Suppose if you dumping huge blob data from another host, you also need to change this mysql variables to get it worked. Here I’m setting this to 1GB

mysql> set global max_allowed_packet=100000000000;
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like 'max_allowed_packet%';
+--------------------+---------+
| Variable_name | Value |
+--------------------+---------+
| max_allowed_packet | 1048576 |
+--------------------+---------+
1 row in set (0.10 sec)
mysql> set max_allowed_packet=100000000000;
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like 'max_allowed_packet%';
+--------------------+------------+
| Variable_name | Value |
+--------------------+------------+
| max_allowed_packet | 1073741824 |
+--------------------+------------+
1 row in set (0.00 sec)
mysql>


Finally the real solution is you need to add the “max_allowed_packets” parameter along with the mysqldump. mysqldump is notorious for ignoring this value in my.cnf, but setting it as the command line parameter always works.

#mysqldump -u root -p –max_allowed_packet=512M -B database –tables tblblogdb > dump.sql

I think it’s always better to run large mysqldump from another server from the same network which help to reduce disk resource and cpu power during the peak hours. Here is the one sample,
#$MYSQLDUMP –max_allowed_packet=1G -u $MyUSER -h $MyHOST -p$MyPASS -B $db | bzip2 > $FILE