Flush the DNS cache with Bind 9.2.0 or later
rndc flush
For previous versions simply kill named and restart it.
Reload bind
rndc reload
rndc reload domain
rndc reload domain1 domain2 …
-
Recent Posts
Archives
Categories
Meta
nslookup
Non-interactive mode
Get the A record for domain
nslookup domain
Get the reverse resolution for an IP
nslookup ip
Get the reverse resolution using an alternate server
nslookup ip dns_server
Get the MX record for a domain using an alternate DNS server
nslookup -type=MX/any/etc mail.domain.com dns_server
Interactive mode
>site
>IP
>server dns_server ; using alternate DNS server
>set type=any ; set the type of the RR returned
>ro
> ro
Server: 193.231.100.130
Address: 193.231.100.130#53Non-authoritative answer:
ro
origin = primary.rotld.ro
mail addr = hostmaster.rotld.ro
serial = 2010112030
refresh = 10800
retry = 3600
expire = 604800
minimum = 3600
ro nameserver = ns-ext.vix.com.
ro nameserver = dns-at.rotld.ro.
ro nameserver = primary.rotld.ro.
ro nameserver = dns-ro.denic.de.
ro nameserver = secondary.rotld.ro.
ro nameserver = ns.uu.net.
Zone files
Domain zone file
$TTL 3h
; value that instructs non-authoritatively DNS servers how long to keep the data in cache
@ TTL IN SOA primary_nameserver. email_address. (
1000
; serial number – to be increased with each zone file modification
86400
; refresh – TTL for the secondary or slave server – after this time the slave/secondary will query the master
7200
; retry – in case of failure of the above
360000
; expire – after a failure this long of the master, the secondary/slave will no longer be authoritative
7200
; minimum – TTL for negative answers cached on non-authoritative DNS servers
)
domain_name. TTL class(IN) type(A,CNAME,MX,PTR,etc) value
Delegation
In order to delegate another DNS server with a specific subdomain you need two entries:
subdomain. NS subdomain_nameserver.
subdomain_nameserver A name_server_ip
Bind: named.conf structure
named.conf sections
The named.conf consists of a general section (options, logging etc) and the zones section.
All lines (except the opening curly brackets only rows) must end with a semicolon.
The named.conf general section
The option container in named.conf.
options{
directory /var/named/; this is the base directory for all files referenced in named.conf
allow-transfer { 192.168.1.100; }; this is a secondary authoritative DNS server
};
Logging example
logging{
channel my_syslog{
syslog local1;
severity info;
};
category queries { my_syslog; };
category default { my_syslog; };
};
Also you need to modify /etc/syslog.conf like this:
local1.info /var/log/bind.log
Finally restart syslog and bind.
rndc key
include “/var/named/rndc.key”;
The rndc.key file will be generated with sbin/rndc-confgen -a.
The zones section
Domain zone file entry
It specifies 3 things: the domain (name or reverse resolution), if it’s primary or secondary and the zone file.
zone “www.domain.com” {
type master;
file “filename”;
};
In case of a secondary DNS server the type changes to slave and another line is required:
masters { 192.168.0.1; };
Negative resolution
The negative resolution zone pointer is the same as the normal one with the exception of the address: it is written in reverse and suffixed by .in-addr.arpa. For instance for 192.168.0.10 the first row is:
zone “10.0.168.192.in-addr.arpa” {
$TTL 3h; @ SOA ns1.invata-linux.ro. admin.invata-linux.ro. ( 3 ;serial 3h ;refresh in 3 hours 5m ;retry in 5 minutes 3w ;expire in 3 weeks 1h ;min in 1 hour ) NS ns1.invata-linux.ro. MX 10 mail.invata-linux.ro. ns1.invata-linux.ro. A 192.168.0.16 invata-linux.ro. A 192.168.0.16 mail A 192.168.0.1 www CNAME mail pc1 A 192.168.0.11 pc2 A 192.168.0.12
NFS: Network File System
By using NFS a server shares a directory with a client. CAUTION: the com between the server and the client is done in clear so it’s basically not safe.
NFS Server Configuration
1. First you need to make sure the NFS daemon is running
[root@i7 ~]# service nfs status
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped
[root@i7 ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
Continue to step 2 even if NFS doesn’t start.
2. Second you need to make sure rpcbind or portmap is running (depending on the distro). To get info about rpcbind you need to issue a rpcinfo -p:
(this is the case where NFS started above)
[root@i7 dev]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 876 status
100024 1 tcp 879 status
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
….
If rpcinfo -p fails with this message:
root@gts2 [~]# rpcinfo -p
rpcinfo: can’t contact portmapper: RPC: Remote system error – Connection refused
…issue a portmap start:
root@gts2 [~]# service portmap start
And now try to start nfs again! This time should work:
root@gts2 [~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
3. The NFS resource access is set in the file /etc/exports
The format of /etc/exports is this:
exported_dir ip_allowed_to_mount(option1,option2)
exported_dir = the directory offered by the server to be mounted by the remote client
ip_allowed_to_mount = the client’s IP (that is allowed to execute the NFS mount)
Important options: ro (read-only), rw(read-write), root_squash (the root from the client will no get root access on the server, no_root_squash (the root on the client will have root rights on the server as well).
Example (the IP can be a public one as well):
/nfs 192.168.1.101(ro,root_squash)
4. Export all entries from /etc/exports
exportfs -a
Client use
To use NFS on the client:
mount -t nfs server_ip:/shared_dir /client_mount_dir
Starting NFS mountd: [ OK ]
Yum install from local repository
In case you ever need to install by yum something local (from a CD for instance in case you don’t have Internet access and you need to compile the ethernet card’s loadable module) you may use this:
yum –disablerepo \* enablerepo CentOS install gcc
In the example above /dev/scd0 (there’s a CentOS distro DVD on the serial optical device) is mounted as /media/CentOS and the command will install gcc.
CentOS IP configuration files
These files and their contents might be specific/relevant in part only to cPanel
/etc/sysconfig/networking/devices/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth0
Both of the above have this content:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=x.x.x.255
HWADDR=x:x:x:x:x:x
IPADDR=ip_in_question
NETMASK=255.255.255.0
NETWORK=x.x.x.0
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-ethx-range0
IPADDR_START=85.9.22.8
IPADDR_END=85.9.22.9
CLONENUM_START=0
NETMASK=255.255.255.0
/etc/ips (this contains only the secondary IPs listed one per line in this format ip:mask)
/etc/ipaddrpool
Potentially relevant services
/etc/rc.d/init.d/network
/etc/rc.d/init.d/ipaliases
eAccelerator, IonCube, Zendopt, Suhosin and Source guardian without Apache recompile
On cPanel servers there’s a very easy way to install eAccelerator, IonCube, Zendopt, Suhosin and Source guardian without an Apache recompile with the PHP extension manager:
/scripts/phpextensionmgr
The usage is very straightforward. For instance to install IonCube you simply run from shell:
/scripts/phpextensionmgr install IonCubeLoader
And do not forget to restart Apache.
Boot resources
GRUB
http://www.linuxforums.org/forum/linux-tutorials-howtos-reference-material/9398-solving-boot-problems-grub-2nd-edition.html
http://tldp.org/HOWTO/Software-RAID-HOWTO-7.html