Difference between revisions of "Dns1 Setup Process"

From CSLabsWiki
Jump to: navigation, search
m (Created Zone Files)
 
Line 1: Line 1:
 +
{{archived}}
 +
 
This page summarizes how the virtual machine [[Dns1]] was set up in Spring 2010.
 
This page summarizes how the virtual machine [[Dns1]] was set up in Spring 2010.
  

Latest revision as of 12:22, 3 September 2015


This page summarizes how the virtual machine Dns1 was set up in Spring 2010.

Install

  • Installed CentOS 5.4 x64.
    • Partition Scheme
      • 3 GB /
      • 1.5 GB /var
      • 512 MB swap

Configuration

Updated System

  • Configured Yum Priorities & to use our mirror
    • Edited /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2
    • Edited /etc/yum.repos.d/rpmforge.repo
# Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
# URL: http://rpmforge.net/
[rpmforge]
name = Red Hat Enterprise $releasever - RPMforge.net - dag
baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
priority=15
    • Edited /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
baseurl=http://mirror.clarkson.edu/epel/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=30

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30

[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30
    • Edited /etc/yum.repos.d/epel-testing.repo
[epel-testing]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=40

[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40

[epel-testing-source]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40
  • Disabled Yum FastestMirror since using local mirror
    • sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf
  • Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
    • yum install yum-priorities
  • Configured Yum Priorities to check for obsoletes
    • echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf
  • yum install vim-enhanced gcc emacs-nox screen
  • yum update

Created User

  • Created user mccarrms
    • /usr/sbin/useradd -m mccarrms
  • Set password for mccarrms
    • passwd mccarrms

Configured Sudo

  • /usr/sbin/visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su

## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel

Defaults    requiretty

Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
%admins ALL=(root) ALL, !SHELLS

Configured Networks

  • Configured hostname in /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=dns1
GATEWAY=128.153.145.1
  • Verified eth0 configuration for Clarkson Network in /etc/sysconfig/network-scripts/ifcfg-eth0
# Xen Virtual Ethernet
DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:16:36:15:A4:3D
IPADDR=128.153.145.3
NETMASK=255.255.255.0
ONBOOT=yes

Configured Hosts

  • Edited /etc/hosts
127.0.0.1       localhost.localdomain   localhost
128.153.145.3  dns1.cslabs.clarkson.edu dns1.cslabs dns1
  • Edited /etc/hosts.allow
For security purposes, this information has been intentionally left off.
  • Edited /etc/hosts.deny
ALL: ALL

Configured DNS Servers

  • Edited /etc/resolv.conf
search cslabs.clarkson.edu clarkson.edu
nameserver 128.153.145.3
nameserver 128.153.145.4

Disabled IP v6

  • Appended the following to /etc/modprobe.conf
install ipv6 /bin/true
  • Disabled IP v6 firewall
    • /sbin/chkconfig ip6tables off

Configured IPtables

Due to the sensitivity of this material, this config file has been left off; however, the following rule is needed.

-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT

Configured SSH

  • Edited /etc/ssh/sshd_config
Due to the sensitivity of this material, this config file has been left off.
  • Restarted sshd
    • /etc/init.d/sshd restart

Set Up SSH Login Banner

  • Edited /etc/issue.net
     __        ___
 ___/ /__  ___<  /
/ _  / _ \(_-</ / 
\_,_/_//_/___/_/  
                  

Configured Password Requirements

  • Edited /etc/login.defs
MAIL_DIR        /var/spool/mail

PASS_MAX_DAYS   360
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   60

UID_MIN                   500
UID_MAX                 60000

GID_MIN                   500
GID_MAX                 60000

CREATE_HOME     yes

UMASK           077

USERGROUPS_ENAB yes

MD5_CRYPT_ENAB yes

ENCRYPT_METHOD MD5

Added Custom PATH Variables

  • Added the following to /etc/profile
PATH=$PATH:/usr/sbin:/sbin
export PATH

Configured Aliases

  • Edited /etc/aliases
#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks or from /bin/mail.
#
#       >>>>>>>>>>      The program "newaliases" must be run after
#       >> NOTE >>      this file is updated for any changes to
#       >>>>>>>>>>      show through to sendmail.
#

# Basic system aliases -- these MUST be present.
mailer-daemon:  postmaster
postmaster:     logwatch@cslabs.clarkson.edu

# General redirections for pseudo accounts.
bin:            logwatch@cslabs.clarkson.edu
daemon:         logwatch@cslabs.clarkson.edu
adm:            logwatch@cslabs.clarkson.edu
lp:             logwatch@cslabs.clarkson.edu
sync:           logwatch@cslabs.clarkson.edu
shutdown:       logwatch@cslabs.clarkson.edu
halt:           logwatch@cslabs.clarkson.edu
mail:           logwatch@cslabs.clarkson.edu
news:           logwatch@cslabs.clarkson.edu
uucp:           logwatch@cslabs.clarkson.edu
operator:       logwatch@cslabs.clarkson.edu
games:          logwatch@cslabs.clarkson.edu
gopher:         logwatch@cslabs.clarkson.edu
ftp:            logwatch@cslabs.clarkson.edu
nobody:         logwatch@cslabs.clarkson.edu
radiusd:        logwatch@cslabs.clarkson.edu
nut:            logwatch@cslabs.clarkson.edu
dbus:           logwatch@cslabs.clarkson.edu
vcsa:           logwatch@cslabs.clarkson.edu
canna:          logwatch@cslabs.clarkson.edu
wnn:            logwatch@cslabs.clarkson.edu
rpm:            logwatch@cslabs.clarkson.edu
nscd:           logwatch@cslabs.clarkson.edu
pcap:           logwatch@cslabs.clarkson.edu
apache:         logwatch@cslabs.clarkson.edu
webalizer:      logwatch@cslabs.clarkson.edu
dovecot:        logwatch@cslabs.clarkson.edu
fax:            logwatch@cslabs.clarkson.edu
quagga:         logwatch@cslabs.clarkson.edu
radvd:          logwatch@cslabs.clarkson.edu
pvm:            logwatch@cslabs.clarkson.edu
amanda:         logwatch@cslabs.clarkson.edu
privoxy:        logwatch@cslabs.clarkson.edu
ident:          logwatch@cslabs.clarkson.edu
named:          logwatch@cslabs.clarkson.edu
xfs:            logwatch@cslabs.clarkson.edu
gdm:            logwatch@cslabs.clarkson.edu
mailnull:       logwatch@cslabs.clarkson.edu
postgres:       logwatch@cslabs.clarkson.edu
sshd:           logwatch@cslabs.clarkson.edu
smmsp:          logwatch@cslabs.clarkson.edu
postfix:        logwatch@cslabs.clarkson.edu
netdump:        logwatch@cslabs.clarkson.edu
ldap:           logwatch@cslabs.clarkson.edu
squid:          logwatch@cslabs.clarkson.edu
ntp:            logwatch@cslabs.clarkson.edu
mysql:          logwatch@cslabs.clarkson.edu
desktop:        logwatch@cslabs.clarkson.edu
rpcuser:        logwatch@cslabs.clarkson.edu
rpc:            logwatch@cslabs.clarkson.edu
nfsnobody:      logwatch@cslabs.clarkson.edu

ingres:         logwatch@cslabs.clarkson.edu
system:         logwatch@cslabs.clarkson.edu
toor:           logwatch@cslabs.clarkson.edu
manager:        logwatch@cslabs.clarkson.edu
dumper:         logwatch@cslabs.clarkson.edu
abuse:          logwatch@cslabs.clarkson.edu

newsadm:        news
newsadmin:      news
usenet:         news
ftpadm:         ftp
ftpadmin:       ftp
ftp-adm:        ftp
ftp-admin:      ftp
www:            webmaster
webmaster:      logwatch@cslabs.clarkson.edu
noc:            logwatch@cslabs.clarkson.edu
security:       logwatch@cslabs.clarkson.edu
hostmaster:     logwatch@cslabs.clarkson.edu
info:           postmaster
marketing:      postmaster
sales:          postmaster
support:        postmaster


# trap decode to catch security attacks
decode:         logwatch@cslabs.clarkson.edu

# Person who should get roots's mail
root:           logwatch@cslabs.clarkson.edu
  • Updated aliases
    • /usr/bin/newaliases

Disabled Various Kernel Modules

  • Added the following to /etc/modprobe.conf
install pppox /bin/true
install bluetooth /bin/true
install sctp /bin/true

Installed & Configured SNMP

  • Installed needed packages
yum install net-snmp ntp
  • Configured SNMP Daemon /etc/snmp/snmpd.conf
rocommunity     <passphrase>  127.0.0.1
rocommunity     <passphrase>  <ipsallowed>
 
syslocation Clarkson University Applied CS Labs
syscontact Matt McCarrell <mccarrms@gmail.com>
disk /
disk /var
exec timeskew /usr/local/sbin/ntp_check
exec uptime /usr/bin/uptime
  • Deployed ntp_check script
    • Copied over ntp_check to /usr/local/sbin/
    • chown root.root /usr/local/sbin/ntp_check
  • Configured SNMP to start at specific run levels
/sbin/chkconfig --levels 2345 snmpd on
  • Started daemon
/etc/init.d/snmpd start

Increased Detail of Logwatch Reports

  • Set detail level to be high
echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf

Disabled Unneeded Services

chkconfig nfs off
/etc/init.d/nfs stop
chkconfig nfslock off
/etc/init.d/nfslock stop
chkconfig rpcgssd off
/etc/init.d/rpcgssd stop
chkconfig rpcidmapd off
/etc/init.d/rpcidmapd stop
chkconfig rpcsvcgssd off
/etc/init.d/rpcsvcgssd stop
chkconfig portmap off
/etc/init.d/portmap stop
chkconfig netfs off
/etc/init.d/netfs stop
chkconfig anacron off
/etc/init.d/anacron stop
chkconfig autofs off
/etc/init.d/autofs stop
chkconfig avahi-daemon off
/etc/init.d/avahi-daemon stop
chkconfig avahi-dnsconfd off
/etc/init.d/avahi-dnsconfd stop
chkconfig bluetooth off
/etc/init.d/bluetooth stop
chkconfig hidd off
/etc/init.d/hidd stop
chkconfig cups off
/etc/init.d/cups stop
chkconfig firstboot off
/etc/init.d/firstboot stop
chkconfig gpm off
/etc/init.d/gpm stop
chkconfig haldaemon off
/etc/init.d/haldaemon stop
chkconfig irda off
/etc/init.d/irda stop
chkconfig kudzu off
/etc/init.d/kudzu stop
chkconfig messagebus off
/etc/init.d/messagebus stop
chkconfig microcode_ctl off
/etc/init.d/microcode_ctl stop
chkconfig pcscd off
/etc/init.d/pcscd stop
chkconfig readahead_early off
/etc/init.d/readahead_early stop
chkconfig readahead_later off
/etc/init.d/readahead_later stop
chkconfig ypbind off
/etc/init.d/ypbind stop

Modified Cron Weekly Execution Time

This was done to reduce load spikes that produce Nagios alerts around 4:30 AM every Sunday. In the event that this VM get moved off of righteous, this should be changed back to the default setting of 4:22 AM.

  • Modified the following line in /etc/crontab
32 4 * * 0 root run-parts /etc/cron.weekly

Installed BIND

Installed needed packages

yum install bind bind-chroot bind-libs bind-utils

Created Configs

  • Created /var/named/chroot/etc/named.conf
acl cslabs {
        128.153.144.0/23;
        128.153.146.176;
        127.0.0.1;
};

options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        dump-file "data/cache_dump.db";
        statistics-file "data/named_stats.txt";
        memstatistics-file "data/named_mem_stats.txt";
        version "[secured]";
        forwarders { 128.153.0.254; 128.153.5.254; };
        notify yes;
};

include "/etc/rndc.key";
include "/etc/tsig.key";

controls {
        inet 127.0.0.1 allow { 127.0.0.1; }
        keys { "rndckey"; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

view "internal" IN {
        match-clients           { cslabs; };
        recursion yes;

        include "/etc/cslabs-external.inc";

        include "/etc/cslabs-internal.inc";
};

view "external" IN {
        match-clients           { any; };
        recursion no;
        allow-query-cache { none; };

        include "/etc/cslabs-external.inc";
};
  • Created /var/named/chroot/etc/cslabs-external.inc
        zone "cslabs.clarkson.edu" IN {
                type master;
                file "cslabs.clarkson.edu.zone";
                allow-update { none; };
                allow-transfer { key TRANSFER; };
        };

        zone "dev.cslabs.clarkson.edu" IN {
                type master;
                file "dev.cslabs.clarkson.edu.zone";
                allow-update { none; };
                allow-transfer { key TRANSFER; };
        };

        zone "145.153.128.in-addr.arpa" IN {
                type master;
                file "145.153.128.in-addr.arpa";
                allow-update { none; };
                allow-transfer { key TRANSFER; };
        };
  • Created /var/named/chroot/etc/cslabs-internal.inc
        zone "int.cslabs.clarkson.edu" IN {
                type master;
                file "int.cslabs.clarkson.edu.zone";
                allow-update { none; };
                allow-transfer { key TRANSFER; };
        };

        zone "0.0.10.in-addr.arpa" IN {
                type master;
                file "0.0.10.in-addr.arpa";
                allow-update { none; };
                allow-transfer { key TRANSFER; };
        };

        zone "sr.cslabs.clarkson.edu" IN {
                type master;
                file "sr.cslabs.clarkson.edu.zone";
                allow-update { none; };
                allow-transfer { key TRANSFER; };
        };

        zone "1.0.10.in-addr.arpa" IN {
                type master;
                file "1.0.10.in-addr.arpa";
                allow-update { none; };
                allow-transfer { key TRANSFER; };
        };
  • Generated TSIG key and created config file
    • Generated key
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST tsig-key
    • Created /var/named/chroot/etc/tsig.key using key present in /var/named/chroot/etc/Ktsig-key.*.private
key "TRANSFER" {
        algorithm       hmac-md5;
        secret          "";
};

server 128.153.145.4 {
        keys {
                TRANSFER;
        };
};
  • Fixed ownership and permissions on files
chown root.named cslabs-external.inc cslabs-internal.inc named.conf tsig.key
chmod o-rwx cslabs-external.inc cslabs-internal.inc named.conf
chmod 640 /var/named/chroot/etc/tsig.key
  • Fixed permissions on directory (Fixes error I noticed in the logs. See this page for more details.
chmod g+w /var/named/chroot/var/named
  • Created /etc/rndc.conf
options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};

server 127.0.0.1 {
        key     "rndckey";
};

include "/etc/rndc.key";

Created Zone Files

  • Created /var/named/chroot/var/named/cslabs.clarkson.edu.zone
$ORIGIN cslabs.clarkson.edu.
$TTL 120        ; 2 minutes
cslabs.clarkson.edu.    IN      SOA     dns1.cslabs.clarkson.edu.       admin.cslabs.clarkson.edu. (
                        2010100701      ; serial
                        300             ; refresh (5 minutes)
                        150             ; retry (2.5 minutes)
                        1209600         ; expire (2 weeks)
                        60              ; minimum (1 minute)
                        )
;
                IN      NS      dns1.cslabs.clarkson.edu.
                IN      NS      dns2.cslabs.clarkson.edu.
;
                IN      MX      1       aspmx.l.google.com.
                IN      MX      5       alt1.aspmx.l.google.com.
                IN      MX      5       alt2.aspmx.l.google.com.
                IN      MX      10      aspmx2.googlemail.com.
                IN      MX      10      aspmx3.googlemail.com.
                IN      MX      10      aspmx4.googlemail.com.
                IN      MX      10      aspmx5.googlemail.com.
                IN      TXT     "v=spf1 include:aspmx.googlemail.com ~all"
;
                IN      A       128.153.145.15  ; This makes cslabs.clarkson.edu point to web1.
;
mail            IN      CNAME   ghs.google.com.
;
gw              IN      A       128.153.145.1
; dns.cosi.clarkson.edu         128.153.145.2
dns1            IN      A       128.153.145.3
; dns1.cosi.clarkson.edu        128.153.145.3
dns2            IN      A       128.153.145.4
; dns2.cosi.clarkson.edu        128.153.145.4
cusw3           IN      A       128.153.145.5
cusw4           IN      A       128.153.145.6
; mail.cosi.clarkson.edu        128.153.145.10
; cosi.clarkson.edu             128.153.145.11
isengard        IN      A       128.153.145.12
; planet.cosi.clarkson.edu      128.153.145.13
; xen.cosi.clarkson.edu         128.153.145.14
web1            IN      A       128.153.145.15
rrs             IN      A       128.153.145.15
xen             IN      A       128.153.145.15
netstat         IN      A       128.153.145.16
mysql           IN      A       128.153.145.17
; kernelmirror.clarkson.edu     128.153.145.18
mirror          IN      A       128.153.145.19
; mirror.clarkson.edu           128.153.145.19
web2            IN      A       128.153.145.20
status          IN      A       128.153.145.20
lab-build       IN      A       128.153.145.20
vpn             IN      A       128.153.145.21
research-archive        IN      A       128.153.145.22
auth            IN      A       128.153.145.23
; auth.sclab.clarkson.edu       128.153.145.23
svn             IN      A       128.153.145.24
smuttynose      IN      A       128.153.145.25
docs            IN      A       128.153.145.26
; docs.cosi.clarkson.edu        128.153.145.26
autoguilt       IN      A       128.153.145.27
dukr            IN      A       128.153.145.28
vc              IN      A       128.153.145.29
atp             IN      A       128.153.145.30
osp1            IN      A       128.153.145.31
osp2            IN      A       128.153.145.32
latex           IN      A       128.153.145.34
admin           IN      A       128.153.145.35
game            IN      A       128.153.145.36
tremulous       IN      CNAME   game
sunrack         IN      A       128.153.145.37
git             IN      A       128.153.145.39
storage         IN      A       128.153.145.40
xen1            IN      A       128.153.145.41
xen2            IN      A       128.153.145.42
xen3            IN      A       128.153.145.43
ds1             IN      A       128.153.145.45
ds2             IN      A       128.153.145.46
sms             IN      A       128.153.145.47
ssl-exploit     IN      A       128.153.145.69
generic-vm      IN      A       128.153.145.70
sambaserver     IN      A       128.153.145.85
groupscheduler  IN      A       128.153.145.94
print           IN      A       128.153.145.100
pepperjack      IN      A       128.153.145.103
shephezj        IN      A       128.153.145.110
fitzsitd        IN      A       128.153.145.111
deanejm         IN      A       128.153.145.112
rossca          IN      A       128.153.145.113
appletrp        IN      A       128.153.145.114
kopptr          IN      A       128.153.145.115
paysonsc        IN      A       128.153.145.116
barbados        IN      A       128.153.145.123
cdn             IN      A       128.153.145.137
comm            IN      A       128.153.145.145
hydrogen        IN      A       128.153.145.201
helium          IN      A       128.153.145.202
lithium         IN      A       128.153.145.203
beryllium       IN      A       128.153.145.204
nitrogen        IN      A       128.153.145.207
oxygen          IN      A       128.153.145.208
ta              IN      CNAME   oxygen
sodium          IN      A       128.153.145.211
magnesium       IN      A       128.153.145.212
aluminium       IN      A       128.153.145.213
silicon         IN      A       128.153.145.214
righteous       IN      A       128.153.145.215
; righteous.cosi.clarkson.edu   128.153.145.215
animal          IN      A       128.153.145.216
; rrs.cosi.clarkson.edu         128.153.145.218
monitor         IN      A       128.153.145.250
; monitor.sclab.clarkson.edu    128.153.145.250
gde             IN      A       128.153.145.251
; gde.sclab.clarkson.edu        128.153.145.251
printer         IN      A       128.153.145.252
downtime        IN      A       128.153.145.254
;
plbackup1       IN      A       128.153.146.176
;
cusw1           IN      A       128.153.144.1
cosi-00         IN      A       128.153.144.141
cosi-01         IN      A       128.153.144.142
cosi-02         IN      A       128.153.144.143
cosi-03         IN      A       128.153.144.144
cosi-04         IN      A       128.153.144.145
cosi-05         IN      A       128.153.144.146
cosi-06         IN      A       128.153.144.147
cosi-07         IN      A       128.153.144.148
cosi-08         IN      A       128.153.144.149
cosi-09         IN      A       128.153.144.150
vr-cosi-01      IN      A       128.153.144.151
vr-cosi-02      IN      A       128.153.144.152
vr-cosi-03      IN      A       128.153.144.153
vr-cosi-04      IN      A       128.153.144.154
vr-cosi-05      IN      A       128.153.144.155
vr-cosi-06      IN      A       128.153.144.156
</code>
  • Created <code>/var/named/chroot/var/named/dev.cslabs.clarkson.edu.zone
$ORIGIN dev.cslabs.clarkson.edu.
$TTL 120        ; 2 minutes
dev.cslabs.clarkson.edu.        IN      SOA     dns1.cslabs.clarkson.edu.       admin.cslabs.clarkson.edu. (
                        2010091901      ; serial
                        300             ; refresh (5 minutes)
                        150             ; retry (2.5 minutes)
                        1209600         ; expire (2 weeks)
                        60              ; minimum (1 minute)
                        )
;
                IN      NS      dns1.cslabs.clarkson.edu.
                IN      NS      dns2.cslabs.clarkson.edu.
;
mirror          IN      A       128.153.145.44
netstat         IN      A       128.153.145.50
vpn             IN      A       128.153.145.51
ds1             IN      A       128.153.145.54
ds2             IN      A       128.153.145.55
  • Created /var/named/chroot/var/named/145.153.128.in-addr.arpa
$ORIGIN 145.153.128.in-addr.arpa.
$TTL 120        ; 2 minutes
@       IN      SOA     dns1.cslabs.clarkson.edu.       admin.cslabs.clarkson.edu. (
                        2010091902      ; serial
                        300             ; refresh (5 minutes)
                        150             ; retry (2.5 minutes)
                        1209600         ; expire (2 weeks)
                        60              ; minimum (1 minute)
                        )
;
        IN      NS      dns1.cslabs.clarkson.edu.
        IN      NS      dns2.cslabs.clarkson.edu.
;
3       IN      PTR     dns1.cslabs.clarkson.edu.
4       IN      PTR     dns2.cslabs.clarkson.edu.
5       IN      PTR     cusw3.cslabs.clarkson.edu.
6       IN      PTR     cusw4.cslabs.clarkson.edu.
10      IN      PTR     mail.cosi.clarkson.edu.
11      IN      PTR     cosi.clarkson.edu.
12      IN      PTR     isengard.cslabs.clarkson.edu.
13      IN      PTR     planet.cosi.clarkson.edu.
14      IN      PTR     xen.cosi.clarkson.edu.
15      IN      PTR     web1.cslabs.clarkson.edu.
16      IN      PTR     netstat.cslabs.clarkson.edu.
17      IN      PTR     mysql.cslabs.clarkson.edu.
18      IN      PTR     kernelmirror.clarkson.edu.
19      IN      PTR     mirror.cslabs.clarkson.edu.
19      IN      PTR     mirror.clarkson.edu.
20      IN      PTR     web2.cslabs.clarkson.edu.
21      IN      PTR     vpn.cslabs.clarkson.edu.
22      IN      PTR     research-archive.cslabs.clarkson.edu.
23      IN      PTR     auth.cslabs.clarkson.edu.
23      IN      PTR     auth.sclab.clarkson.edu.
24      IN      PTR     svn.cslabs.clarkson.edu.
25      IN      PTR     smuttynose.cslabs.clarkson.edu.
26      IN      PTR     docs.cslabs.clarkson.edu.
27      IN      PTR     autoguilt.cslabs.clarkson.edu.
28      IN      PTR     dukr.cslabs.clarkson.edu.
30      IN      PTR     atp.cslabs.clarkson.edu.
31      IN      PTR     osp1.cslabs.clarkson.edu.
32      IN      PTR     osp2.cslabs.clarkson.edu.
34      IN      PTR     latex.cslabs.clarkson.edu.
35      IN      PTR     admin.cslabs.clarkson.edu.
36      IN      PTR     game.cslabs.clarkson.edu.
37      IN      PTR     sunrack.cslabs.clarkson.edu.
39      IN      PTR     git.cslabs.clarkson.edu.
40      IN      PTR     storage.cslabs.clarkson.edu.
41      IN      PTR     xen1.cslabs.clarkson.edu.
42      IN      PTR     xen2.cslabs.clarkson.edu.
43      IN      PTR     xen3.cslabs.clarkson.edu.
44      IN      PTR     mirror.dev.cslabs.clarkson.edu.
45      IN      PTR     ds1.cslabs.clarkson.edu.
46      IN      PTR     ds2.cslabs.clarkson.edu.
47      IN      PTR     sms.cslabs.clarkson.edu.
50      IN      PTR     netstat.dev.cslabs.clarkson.edu.
51      IN      PTR     vpn.dev.cslabs.clarkson.edu.
54      IN      PTR     ds1.dev.cslabs.clarkson.edu.
55      IN      PTR     ds2.dev.cslabs.clarkson.edu.
69      IN      PTR     ssl-exploit.cslabs.clarkson.edu.
70      IN      PTR     generic-vm.cslabs.clarkson.edu.
85      IN      PTR     sambaserver.cslabs.clarkson.edu.
94      IN      PTR     groupscheduler.cslabs.clarkson.edu.
100     IN      PTR     print.cslabs.clarkson.edu.
103     IN      PTR     pepperjack.cslabs.clarkson.edu.
110     IN      PTR     shephezj.cslabs.clarkson.edu.
111     IN      PTR     fitzsitd.cslabs.clarkson.edu.
112     IN      PTR     deanejm.cslabs.clarkson.edu.
113     IN      PTR     rossca.cslabs.clarkson.edu.
114     IN      PTR     appletrp.cslabs.clarkson.edu.
115     IN      PTR     kopptr.cslabs.clarkson.edu.
116     IN      PTR     paysonsc.cslabs.clarkson.edu.
123     IN      PTR     barbados.cslabs.clarkson.edu.
137     IN      PTR     cdn.cslabs.clarkson.edu.
145     IN      PTR     comm.cslabs.clarkson.edu.
201     IN      PTR     hydrogen.cslabs.clarkson.edu.
202     IN      PTR     helium.cslabs.clarkson.edu.
203     IN      PTR     lithium.cslabs.clarkson.edu.
204     IN      PTR     beryllium.cslabs.clarkson.edu.
207     IN      PTR     nitrogen.cslabs.clarkson.edu.
208     IN      PTR     oxygen.cslabs.clarkson.edu.
211     IN      PTR     sodium.cslabs.clarkson.edu.
212     IN      PTR     magnesium.cslabs.clarkson.edu.
213     IN      PTR     aluminium.cslabs.clarkson.edu.
214     IN      PTR     silicon.cslabs.clarkson.edu.
215     IN      PTR     righteous.cslabs.clarkson.edu.
216     IN      PTR     animal.cslabs.clarkson.edu.
250     IN      PTR     monitor.cslabs.clarkson.edu.
251     IN      PTR     gde.cslabs.clarkson.edu.
252     IN      PTR     printer.cslabs.clarkson.edu.
254     IN      PTR     downtime.cslabs.clarkson.edu.
  • Created /var/named/chroot/var/named/int.cslabs.clarkson.edu.zone
$ORIGIN int.cslabs.clarkson.edu.
$TTL 120        ; 2 minutes
int.cslabs.clarkson.edu.        IN      SOA     dns1.cslabs.clarkson.edu.       admin.cslabs.clarkson.edu. (
                        2010091901      ; serial
                        300             ; refresh (5 minutes)
                        150             ; retry (2.5 minutes)
                        1209600         ; expire (2 weeks)
                        60              ; minimum (1 minute)
                        )
;
                IN      NS      dns1.cslabs.clarkson.edu.
                IN      NS      dns2.cslabs.clarkson.edu.
;
insw1           IN      A       10.0.0.2
insw2           IN      A       10.0.0.3
bladecenter     IN      A       10.0.0.4
bcsw1           IN      A       10.0.0.5
bcsw2           IN      A       10.0.0.6
righteous       IN      A       10.0.0.10
unisys-manage   IN      A       10.0.0.11
mirror          IN      A       10.0.0.14
storage         IN      A       10.0.0.15
xen1            IN      A       10.0.0.16
xen2            IN      A       10.0.0.17
xen3            IN      A       10.0.0.18
isengard        IN      A       10.0.0.20
netstat         IN      A       10.0.0.21
ds1             IN      A       10.0.0.22
ds2             IN      A       10.0.0.23
admin           IN      A       10.0.0.25
vpndev          IN      A       10.0.0.35
ds1dev          IN      A       10.0.0.36
ds2dev          IN      A       10.0.0.37
; COSI Lab PCs 51-66
cosi-00         IN      A       10.0.0.51
cosi-01         IN      A       10.0.0.52
cosi-02         IN      A       10.0.0.53
cosi-03         IN      A       10.0.0.54
cosi-04         IN      A       10.0.0.55
cosi-05         IN      A       10.0.0.56
cosi-06         IN      A       10.0.0.57
cosi-07         IN      A       10.0.0.58
cosi-08         IN      A       10.0.0.59
cosi-09         IN      A       10.0.0.60
vr-cosi-01      IN      A       10.0.0.61
vr-cosi-02      IN      A       10.0.0.62
vr-cosi-03      IN      A       10.0.0.63
vr-cosi-04      IN      A       10.0.0.64
vr-cosi-05      IN      A       10.0.0.65
vr-cosi-06      IN      A       10.0.0.66
  • Created /var/named/chroot/var/named/0.0.10.in-addr.arpa
$ORIGIN 0.0.10.in-addr.arpa.
$TTL 120        ; 2 minutes
@       IN      SOA     dns1.cslabs.clarkson.edu.       admin.cslabs.clarkson.edu. (
                        2010091901      ; serial
                        300             ; refresh (5 minutes)
                        150             ; retry (2.5 minutes)
                        1209600         ; expire (2 weeks)
                        60              ; minimum (1 minute)
                        )
;
        IN      NS      dns1.cslabs.clarkson.edu.
        IN      NS      dns2.cslabs.clarkson.edu.
;
2       IN      PTR     insw1.int.cslabs.clarkson.edu.
3       IN      PTR     insw2.int.cslabs.clarkson.edu.
4       IN      PTR     bladecenter.int.cslabs.clarkson.edu.
5       IN      PTR     bcsw1.int.cslabs.clarkson.edu.
6       IN      PTR     bcsw2.int.cslabs.clarkson.edu.
10      IN      PTR     righteous.int.cslabs.clarkson.edu.
11      IN      PTR     unisys-manage.int.cslabs.clarkson.edu.
14      IN      PTR     mirror.int.cslabs.clarkson.edu.
15      IN      PTR     storage.int.cslabs.clarkson.edu.
16      IN      PTR     xen1.int.cslabs.clarkson.edu.
17      IN      PTR     xen2.int.cslabs.clarkson.edu.
18      IN      PTR     xen3.int.cslabs.clarkson.edu.
20      IN      PTR     isengard.int.cslabs.clarkson.edu.
21      IN      PTR     netstat.int.cslabs.clarkson.edu.
22      IN      PTR     ds1.int.cslabs.clarkson.edu.
23      IN      PTR     ds2.int.cslabs.clarkson.edu.
25      IN      PTR     admin.int.cslabs.clarkson.edu.
35      IN      PTR     vpndev.int.cslabs.clarkson.edu.
36      IN      PTR     ds1dev.int.cslabs.clarkson.edu.
37      IN      PTR     ds2dev.int.cslabs.clarkson.edu.
; COSI Lab PCs 51-66
51      IN      PTR     cosi-00.int.cslabs.clarkson.edu.
52      IN      PTR     cosi-01.int.cslabs.clarkson.edu.
53      IN      PTR     cosi-02.int.cslabs.clarkson.edu.
54      IN      PTR     cosi-03.int.cslabs.clarkson.edu.
55      IN      PTR     cosi-04.int.cslabs.clarkson.edu.
56      IN      PTR     cosi-05.int.cslabs.clarkson.edu.
57      IN      PTR     cosi-06.int.cslabs.clarkson.edu.
58      IN      PTR     cosi-07.int.cslabs.clarkson.edu.
59      IN      PTR     cosi-08.int.cslabs.clarkson.edu.
60      IN      PTR     cosi-09.int.cslabs.clarkson.edu.
61      IN      PTR     vr-cosi-01.int.cslabs.clarkson.edu.
62      IN      PTR     vr-cosi-02.int.cslabs.clarkson.edu.
63      IN      PTR     vr-cosi-03.int.cslabs.clarkson.edu.
64      IN      PTR     vr-cosi-04.int.cslabs.clarkson.edu.
65      IN      PTR     vr-cosi-05.int.cslabs.clarkson.edu.
66      IN      PTR     vr-cosi-06.int.cslabs.clarkson.edu.
  • Created /var/named/chroot/var/named/sr.cslabs.clarkson.edu.zone
$ORIGIN sr.cslabs.clarkson.edu.
$TTL 120        ; 2 minutes
sr.cslabs.clarkson.edu. IN      SOA     dns1.cslabs.clarkson.edu.       admin.cslabs.clarkson.edu. (
                        2010091901      ; serial
                        300             ; refresh (5 minutes)
                        150             ; retry (2.5 minutes)
                        1209600         ; expire (2 weeks)
                        60              ; minimum (1 minute)
                        )
;
                IN      NS      dns1.cslabs.clarkson.edu.
                IN      NS      dns2.cslabs.clarkson.edu.
;
isengard        IN      A       10.0.1.5
animal          IN      A       10.0.1.25
righteous       IN      A       10.0.1.33
storage         IN      A       10.0.1.35
mirror          IN      A       10.0.1.36
xen1            IN      A       10.0.1.37
xen2            IN      A       10.0.1.38
xen3            IN      A       10.0.1.39
ds1             IN      A       10.0.1.50
ds2             IN      A       10.0.1.51
netstat         IN      A       10.0.1.55
auth            IN      A       10.0.1.59
admin           IN      A       10.0.1.60
ds1dev          IN      A       10.0.1.200
ds2dev          IN      A       10.0.1.201
vpndev          IN      A       10.0.1.202
  • Created /var/named/chroot/var/named/1.0.10.in-addr.arpa
$ORIGIN 1.0.10.in-addr.arpa.
$TTL 120        ; 2 minutes
@       IN      SOA     dns1.cslabs.clarkson.edu.       admin.cslabs.clarkson.edu. (
                        2010091901      ; serial
                        300             ; refresh (5 minutes)
                        150             ; retry (2.5 minutes)
                        1209600         ; expire (2 weeks)
                        60              ; minimum (1 minute)
                        )
;
        IN      NS      dns1.cslabs.clarkson.edu.
        IN      NS      dns2.cslabs.clarkson.edu.
;
5       IN      PTR     isengard.sr.cslabs.clarkson.edu.
25      IN      PTR     animal.sr.cslabs.clarkson.edu.
33      IN      PTR     righteous.sr.cslabs.clarkson.edu.
35      IN      PTR     storage.sr.cslabs.clarkson.edu.
36      IN      PTR     mirror.sr.cslabs.clarkson.edu.
37      IN      PTR     xen1.sr.cslabs.clarkson.edu.
38      IN      PTR     xen2.sr.cslabs.clarkson.edu.
39      IN      PTR     xen3.sr.cslabs.clarkson.edu.
50      IN      PTR     ds1.sr.cslabs.clarkson.edu.
51      IN      PTR     ds2.sr.cslabs.clarkson.edu.
55      IN      PTR     netstat.sr.cslabs.clarkson.edu.
59      IN      PTR     auth.sr.cslabs.clarkson.edu.
60      IN      PTR     admin.sr.cslabs.clarkson.edu.
200     IN      PTR     ds1dev.sr.cslabs.clarkson.edu.
201     IN      PTR     ds2dev.sr.cslabs.clarkson.edu.
202     IN      PTR     vpndev.sr.cslabs.clarkson.edu.
  • Fixed ownership of files
chown root.named /var/named/chroot/var/named/*.zone /var/named/chroot/var/named/*.arpa
  • Created symlinks to zone files
ln -s /var/named/chroot/var/named/*.arpa /var/named/
ln -s /var/named/chroot/var/named/*.zone /var/named/

Configured service

  • Configured named to start on boot
chkconfig --levels 345 named on
  • Started named
/etc/init.d/named start