Unix Linux Administration II Class 4: DNS review. Introduction to HTTPD. Scripting and Variables

Unix Linux Administration II

Class 4: DNS review. Introduction to HTTPD. Scripting and Variables.

Agenda discuss Homework. Unit 1: DNS review. Unit 2: Introduction to HTTPD. Unit 3: Scripting and variables.

Homework review

Bind installs. rndc install. Domain creation Working with dig Shell one liners.

SSH certificate authentication review

ssh-keygen private key public key

authorized_keys one or more public keys # comments

known_hosts manual editing required if

data changes.

permissions $HOME/.ssh = 700 $HOME/.ssh/id_rsa = 600 $HOME/.ssh/id_rsa.pub =

644 $HOME/.ssh/

authorized_keys = 644

ssh agents Windows - pageant

GUI add keys

*nix - ssh-agent CLI ssh-add

Class 4, Unit 1

What we are going to cover: Review DNS concepts

What you should leave with from this session: Common understand of how DNS resolution

works Ability to install and manage DNS server.

DNS server typesThere are more DNS server types than listed

here but these are some common uses. Caching server Master server Slave server Proxy/Forwarding server Stealth server Authoritative only server

Domains

Domains use a tree or hierarchical name structure

This structure is similar to the UNIX file system

BIND is just one solution to the question of how to provide name services.

Technically an FQDN requires the “.” (DOT)

It all starts at the dot with the hint file….

Sub-domains A sub domain is the child of a domain with

the same root.ulcert.uw.edu = subdomainuw.edu = subdomainedu. = subdomainAlso referred to as levels

top level = net, org, edu, etcfirst level = uwsecond level = ulcert,

Top Level DomainsTop level domains are split into two parts

Generic Top Level Domains (gTLD).com, edu, .net, .org, .mil, etc

Country Code Top Level Domains (ccTLD).us, .uk, .ca, .mx

Remember the top is a DOT “.”Authority for the root domain lies with Internet Corp

for Assigned Numbers and Names (ICANN) which delegates this responsibility to a series of accredited registrars for gTLDs (generic Top-Level Domain) and ccTLDs (country code) for nations.

DNS tree overview

Root name serversRoot name servers are the responsibility of

ICANN but they are operated by a consortium under a delegation agreement.

Currently there are 13 root-servers defined in the hints file.

These servers are known to every DNS server. They are the root for each query not resolved through cached content.

Many of these 13 name servers have duplicates responding to the same IP address using a process called anycast.

http://en.wikipedia.org/wiki/Anycast

Three primary domain components*.

Name space and resource records - provide a tree structured name space to include the associated name data.

Name server – daemon that maintains the data set

Resolvers – tools used to extract information from the name server service or services.

Name some resolvers?*When using BIND but not necessarily in every DNS implementation.

To Query that is the Question.DNS servers exist to answer queries.

what is www.ulcert.uw.edu

answer: 140.142.194.151

DNS severs can be:

Authoritative for a domain

Slaves for a domain

forwarders for a domain

or a mix of all three

Query, Query, Query

Recursive query - complete answer or error

Three possible answers:

IP address and related CNAMES

Error due to domain not found

Temporary error due to technical issues.

Iterative query – complete answer or referral

Inverse query – reverse IP to name, may not work.

The Recursive QueryResolver sends query for ulcert.uw.edu.Not found in DNS server cache.Initiate DNS query to Root server.Root returns Referral to TLD server for .edu.DNS server asks referred .edu TLD server for

ulcert.uw.eduThe edu NS refers to uw.edu NS server.DNS server asks refered uw.edu for ulcert.uw.eduThe uw.edu NS returns A record for ulcert.uw.eduLocal DNS returns A record to resolverresolver open connection to address returned by uw.edu

NS.Well that was simple.

1. User wants to browse www.washington.edu

2. Browser generates a query to the Local DNS

3. Local DNS recurses:1. Ask Root for www.washington.edu,

get back NS record for .edu2. Ask .edu for www.washington.edu,

get back NS record for washington.edu

3. Ask washington.edu for www.washington.edu, get back A record

4. Return A record to client computer4. User’s computer

1. Stores A record in memory2. Response now returns to the browser

the address of www.washington.edu3. Browser opens connection to

address:80 and does a GET /4. Web page response is rendered for

the user.

DNS query overview

Public Internet

Root DNS Server(one of servers listed

in the hints file)128.95.155.135Web server for

www.washington.edu

.edu DNS Server

Hanna.cac.washington.edu DNS Server

Local DNS

A R

eco

rd f

or

ww

w.w

ash

ing

ton

.ed

u?

Go

ask

.ed

u

A Rec

ord fo

r

www.dom

ain.c

om?

Go ask

was

hingto

n.edu

A Record for

www.washington.edu?

128.95.155.135

A Record for www.washington.edu?

128.95.155.135

Named.confThe primary configuration file for named is named.conf. This

is typically found under /etc. we will discss "chroot'd" installs later.

This file needs to define the install directory and should include the pid file location. After this it may also include details on the hints file and local reverse zone.

Hint servers tell resolvers where to find TLD servers

common hint names: db.cache named.ca, named.root.hints.

Manually creating a new hint file:

dig . ns @a.root-servers.net > hint_date.txtlocalhost -> DNS returns 127.0.0.1 0.0.127.IN-ADDR.ARPA -> reverse localhost zone

Named.conf cont.

Comments can be added in C, C++, or Shell format

The named.conf is checked for syntax at startup

Problems are reported immediately to syslog

Logging can be explicitly defined elsewhere

sample caching DNS configThis server simply queries another server and

caches the response locally. Any later queries for the same request will be answered from cache until the TTL is reached.

options {directory “/var/named”;pid-file “/var/run/named/named.pid”;

};zone “.” IN {

type hint;file “hint.db”;

};

Master server

To be the master server means the zone file is stored locally. The named.conf file points to a file on disk and therefore this server is authoritative for the zone.

zone “ulcert.uw.edu” IN {type master;file “ulcert.uw.txt”;

};When a master is queried it will respond as

Authoritative

Zones and Resource Records

Zone files contain information the describes a domain or sub-domain

Zone files indicate where to find the Start of Authority (SOA)

Zone files contain Authoritative records, A records

Zone files contain global information like Name servers and Mail servers

Resource Record types include: A, AAA, NS, MX, SRV CNAME, DNSKEY, HINFO

Sample zone file

$ORIGIN ulcert.uw.edu. ; defines this zone as the default. Note trailing dot$TTL 3600 ; time to live set to one hour@ IN SOA ns1.ulcert.uw.edu. Info.ulcert.uw.edu ( 1 ; serial version of the file (usually a date) 3600 ; refresh, slaves refresh after one hour 3600 ; retry 86400 ; Expire after one day 86400 ; Minimum TTL );; NS (Name Server) records NS ns1.ulcert.uw.edu.; A (Address) recordsns1.ulcert.uw.edu. IN A 192.168.1.102

Zone files, what’s in the parenthesis?

2014011501 ; serial, zone version (date format?)

86400 ; refresh, how often slaves look for updates

1800; retry, how long after a failed update to retry

7200; expire, zone data if master is unavailable

3600; minimum, time to cache negative answers

Basic zone record types A record or authoritative records. For your

class servers your A records are something like ulc-###.ulcert.uw.edu.

ulc-188 A 140.142.194.188 CNAME or Canonical name or nickname. This

is a friendly name, something easy to remember like www.ulcert.uw.edu

mycentos CNAME ulc-188 NS or Name Server records, DNS severs.ns2 A 140.142.194.197ns3 A 140.142.194.198

Internal only zonesIt is very common to have DNS resource records that you do NOT want to expose to everyone. In this situation you might create a subdomain for internal use, you may also consider using a internal only TLD such as.local .pvt or .private. However, the only officially reserved TLD for this purpose are:.test .example .invalid .localhost.

*http://tools.ietf.org/search/rfc2606

Another option is to create specific DNS view which limits what clients can query based on ACLs.

Review:DNS server types: master, slave, forwarder…

It all starts at “.”

FQDN ends with “.”

DNS servers exist to answer questions, or punt to the next server to answer.

gTLD and ccTLD

Name space, name server, resolvers.

The primary configuration file is named.conf

chroot based under /var/named/chroot

In class lab 3a

Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->

Class 4, Unit 2

What we are going to cover: Standard web server build and configurations.

What you should leave with from this session: How to install the yum supported web server. How to provide basic administration for this

service.

Power of the web

*image source http://xkcd.com/979/

Web Servers If we find a reason to compile our own

apache web servers we can but for now we are going to use the pre-packaged solutions.

We can install just the httpd server or a common collection of services along with the httpd server. This time we will install the "Web Server" group package.sudo yum “grouplist” install using “groupinstall”

Default configuration information

The default httpd.conf file is under /etc/httpd/conf

Additional configuration files are under /etc/httpd/conf.d/

The default web root directory is under /var/www

Manage your webserver instance withsudo /sbin/service httpd start|stop|graceful|status

Default configuration information Adding an index.html file under /var/www/html

will remove the default web page.<html><head><title>ulc-###.ulcert.uw.edu</title><body>Default home page for ulc-###</body></html>

Virtual hostingOne instance of apache can serve multiple

web sites. You could host to servers from the same server like:

www.books.ulcert.uw.edu andwww.my.books.ulcert.uw.edu

Apache allows the virtual web servers to inherit permissions from the main server. They can all leverage for example the same scriptalias

Name based or IP based Virtual hosts Name based virtual hosts

Leverages the same ip for all serversRecommended solution in most casesBased on host header valuesPossible conflicts with web browsers that do

not support http 1.1 IP based virtual hosts

Allocates one ip per hostRequires of course multiple interfaces defined

on host also

Problems with virtual hosting

Restarting one webserver means restarting them all

Problems with providing granular access to config files for various depts

Potential problems with clients that are not http 1.1 capable.

HTTPD logsThe HTTPD logs by default are under

/var/log/httpd

The permissions for this folder are set to only allow the root use access. I would suggest you change this to allow a group you are a member of access to the directory.

By default you will find access and error logs for both http and https traffic

Review: web serversYou can compile your webservers from

source.“groupinstall” will provide a standard yum

managed webserver.Related files can be found under: /etc/httpd/, /etc/httpd/conf.d/ /var/www/./var/log/httpd

Lab 3b

Lab notes for this session can be found here: http://www.ulcert.uw.edu/class/ -> Home -> Labs ->

Class 4, Unit 3

What we are going to cover: Scripting; variables

What you should leave this session with: Script syntax (review) Valid variable names. How to rename and re-assign variables

Scripting: Variables, expression & quotes

Shell scripting is very similar to what we have been doing so far except that we get to record our actions.

Something simple like ps –ef | wc -l can be scripted and then repeated by creating a script containing these commands.

Review: Basic script syntaxAll your shell scripts should start with a line

defining the shell to use. Meaing bourne (sh) bourne again shell (bash) korn shell (ksh) etc.

Your script files should have read and execute permissions set (chmod u+rx <file>)

For this class your scripts should also include a few other default comment lines:

Title:Date:Author:Purpose:

Template script filesWe may improve upon this as we continue

here is the basic template I would like you to use for your shell scripts.

#!/bin/sh# Title: <script>.sh# Date: 00/00/2013# Author: # Purpose:Start script here…

* remember using vi you can use :r to read in a file

Comments, comments, commentsThe key to good scripting is good commenting,

the script you write today may seem very simple but not so simple in the future.

Comments are pre-pended with a hash (#).

This can come as the first character in a line or after the command

# clear screen

clear

clear # clear screen

Adding blank lines to your output

To make the output easier to read you might want to add blank lines.

This can be done using echo

echo # insert blank line

echo “Total processes on host:”

/bin/ps –ef | /usr/bin/wc -l

VariablesIn the previous example it might be handy to

know the host where the processes were running.

Variables are defined using the = sign

No spaces are allowed between variable, =, and value

*myhost=ulc-231_q2

echo $myhost

Variables can be defined in the shellFrom the command line you can define

variables also:

myhost=ulc-231-b

echo $myhost

Now type bash

echo $myhost

What happened?

Pre defined variablesYour shell often has pre-defined variables

Type env

What do you see?

Type:

echo $SHELL ; echo $HOSTNAME; echo $HOME

The semi colon lets you string commands together.

How is this different from a | (pipe)

Defining UNIX utilities as variables.

You can define UNIX utilities as variables also

list=ls

*best practice to define the full path.

list=/bin/ls

options=-la

# list all files in current directory

echo “Files in current directory are: ”

$list $options

Valid variable names

Must start with alphabetic or underscore character followed by zero or more alphanumeric or underscore characters. Variable names ARE case sensitive.

$var $__ # two underscores. $a

Any others?

Re-assigning variables

If you want to you can re-assign variables

options=-la

newoptions=$options

Shell order of operations Variable substitution Filename substitution Parse command line into arguments

So if you assign * to x

x=*

What happens when you enter: echo $x

How to rename variable values

If you have variable value you want to rename you may need to use the ${variable}new construct

For example to rename /etc/resolv.conf to /etc/resolv.conf.bk you might use

resolv=/etc/resolv.conf

bkresolv=${resolv}.bk

echo $bkresolv

Review:

Script templates - :r template.shVariables start with _ or alphabetic characterVariables assignment

var1=valueRe-assign var2=$var1Rename var3=${var2}.bkOrder of operations; variable substitution, file

substitution, parse command line.

In class lab 4c

Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->

Homework

homework for this week posted later tonight.