Ahhh… how to keep track of all of those logs. You could go fabulous and use Splunk (or one of splunks alternatives), but if you want some free and simple analysis with not a lot of extra load, rsyslog dumping into a database with Loganalyzer is a pretty decent option. For an introduction to rsyslog, […]
Installing Rsyslog With a MySQL and Loganalyzer
Forwarding Rsyslog Logs to Central Server
If you would like to forward your logs to a central syslog server, add something like this to the bottom of rsyslog.conf: $WorkDirectory /var/spool/rsyslog # where to place spool files $ActionQueueFileName fwdRuleall # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages […]
Syslog Client for Windows
The Rsyslog Windows Agent from Adiscon provides a comprehensive and scalable syslog client that runs on all Microsoft Windows operating systems from 2000 on up to 2012, even Windows 8. Installation is a typical next, next, next: The configuration options are many, and you can use TCP: Notice that you can queue at the client […]
Obtaining sorted DNS listings from an NT command prompt
It is fairly easy to obtain DNS information for a domain listed by name or IP address. You can use the following procedure regardless of what platform your DNS is running on. You can also use this to verify what names your DNS thinks it is resolving, since this won’t necessarily match your hosts file. […]
LMHOSTS Generator
In the Name Resolution section, we wrote about a technique for forcing the NBT cache to contain entries for critical servers on a network. Even if the WINS server is down or the entries are corrupt, the cached entries will allow name resolution. An LMHOSTS file is needed that contains all of the server names, […]
Using the LMHOSTS file to backup WINS
In addition to resolving NetBIOS names for small networks, the LMHOSTS file can be used to back up WINS. Since the cached entries are referred to first, you can manually reset the cache of a corrupt or missing domain by reloading the entries in the LMHOSTS file. Make sure your system has the LMHOSTS checked […]
WINS Tips and Tricks
We’ve found that a star topology generally works best for WINS replication, with push/pull replication from one central hub. One indication that your WINS database entries are invalid is if you get “no domain controller available” errors between trusted domains in the system event log. This can almost always be cleared up by disabling replication […]
BIND Installation and Initial Configuration
We’ll start out simple in this section with just three hosts, a cname for www, and an mx record. As we integrate DNS with other services we will add more sections. We are using Red Hat 7.1, but there is little here that is distribution-specific. The only thing that might change is the way you […]
Using rndc to Administer BIND
We will explore rndc, which is a new tool with BIND 9 that takes the place of ndc in BIND 8. First we need to create a key using dnssec-keygen: [root@srv-3 /root]# dnssec-keygen -a hmac-md5 -b 256 -n user rndc Krndc.+157+34404 [root@srv-3 /root]# ls Krndc.+157+34404.key Krndc.+157+34404.private [root@srv-3 /root]# cat *.private Private-key-format: v1.2 Algorithm: 157 (HMAC_MD5) […]
BIND Administration with Webmin
We will use Webmin to automate updates of forward and reverse zones. Webmin will automatically update both, as well as restart your services and increment your serial number. Webmin is much more than just a DNS tool. It can be used to administer many services. Since Webmin is Open Source, released under the BSD license, […]
DNS/BIND TTL Settings During Domain Migrations
There are two different default DNS/BIND TTL settings you need to switch when moving domains to a different IP address. One is the negative caching setting in the SOA record, and the other is the default ttl at the top of the file ($ttl).. If you have different TTL settings for your indidual record, you […]
Logging With BIND 9
We talked in this article about setting the TTLs for DNS records in BIND for the purposes of moving a website, or, more specifically, changing the IP address of an authoritative DNS server. In this article, we will show you how to turn up the logging and output the results to a file. Again, this […]
Restricting Recursive Lookups with BIND 8/9
When you allow recursive lookups, you open yourself up to various security risks and performance issues, so you should only allow recursion when needed. Recursive lookups are lookups for domains you are not authoritative for. That is, if you are authoritative for mycompany.com, and you don’t allow recursion, then if somebody queries your server for […]
Example Domain for Documentation
If you need to put a domain name in documentation, example.net, example.com, and example.org are reserved for this purpose as defined in this RFC. This will prevent an inadvertently run script from causing trouble, as well as avoiding an association with a seemingly arbitrary host.
Replace Aging BIND on Virtual Dedicated Host – Part 1 – Compile BIND 9.5.0-P2
>1< | 2 | 3 We were checking out the various servers that we administer and noticed that one of our hosts is not up to the latest version of BIND. Yum update wasn’t giving us joy, so we grabbed the latest version of BIND: # wget http://ftp.isc.org/isc/bind9/9.5.0-P2/bind-9.5.0-P2.tar.gz –07:10:17– http://ftp.isc.org/isc/bind9/9.5.0-P2/bind-9.5.0-P2.tar.gz Resolving ftp.isc.org… 204.152.184.110, 2001:4f8:0:2::18 Connecting […]
Replace Aging BIND on Virtual Dedicated Host – Part 2 – Rip Out Old RPMs
1 | >2< | 3 We are ripping out the old RPMs. Let’s figure out what RPMs they are: # rpm -qa | grep bind bind-9.3.4-8.P1.fc6 bind-libs-9.3.4-8.P1.fc6 Let’s start removing them: # rpm -e bind-libs-9.3.4-8.P1.fc6 error: Failed dependencies: libbind9.so.0 is needed by (installed) bind-9.3.4-8.P1.fc6.i386 libdns.so.22 is needed by (installed) bind-9.3.4-8.P1.fc6.i386 libisc.so.11 is needed by (installed) […]
Replace Aging BIND on Virtual Dedicated Host – Part 3 – Modify SysV Init Scripts and PID Home
1 | 2 | >3< We need a directory for the PID, and put it in /var/run/named: # mkdir /var/run/named # ls -ld /var/run/named drwxr-xr-x 2 root root 4096 Aug 3 07:58 /var/run/named # chown named /var/run/named # chgrp named /var/run/named # ls -ld /var/run/named drwxr-xr-x 2 named named 4096 Aug 3 07:58 /var/run/named # […]
Verifying and Setting Recursion with DiG and BIND
There is another flurry of interest in DNS cache poisoning. The first thing that you should do is turn off recursion if you don’t need it. One way to determine this is with DiG: $ dig -v DiG 9.5.0-P2 $ Verizon operates a well known server that does recursive lookups: $ dig @4.2.2.3 example.com ; […]
Troubleshooting RAS with Device and PPP logs
Two files can be used to troubleshoot RAS problems: device.log and ppp.log. These files need to be enabled in the registry. For device.log, set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\Logging to 1. (default is 0) This will show you the communication between the server and the modem. For ppp.log, set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\Logging to 1. (default is 0) This will help you […]
LDAP / Palm OS integration
One problem we’ve always had here at NetAdminTools is the management of our various contacts databases. For the most part we use our Palm OS databases. The problem is that it is difficult to synchronize between various Palm OS databases. An even more nasty problem is that it is quite difficult under Linux to synchronize […]
