Linux Intro Wiki | Main / Lecture13

This lecture finished our coverage of DNS, and also covered how to install the Exim mail transport agent.

It began with a brief discussion of the importance of backing up information before an operating system upgrade, since things can go wrong. An example is if the power goes out and causes the system not to boot. Backups made with afio have a better possibility of recovery than tar if there are read errors.

DNS

To review:

DNS software called BIND
Usually have 2 nameservers: machines with externally routable IP's that have BIND and your zones installed.
there are several registrars available
An alternative to having your own name servers is to point the domain at the nameservers given by the registrar and enter your records into their web interface.

the nslookup utility can be used to display dns records. It is available in Windows and also in Linux if the dnsutils package is installed. There are different record types, including A and MX: A. Name that points to an IP address.
MX. Name that points to an email server. It must not contain an IP address.

Using the Windows nslookup utility, we ran several queries.

set querytype=a
cucat.org
This returns the IP address for cucat.org. Non-authoritative means the address is not from the authoritative nameserver. Cacheing is used to reduce the load on authoritative servers. With caching being used, the root nameservers handle 300000 queries per second!

set querytype=mx
cucat.org
The output includes the preference and hostname of the servers that mail will be delivered to. The preference is a number between 0-65535, with lower numbered values being tried first.

set querytype=ns
www.cucat.org
The output will include the name server for cucat.org.

server servername
set querytype=a
www.cucat.org
the server command will specify the server to query, where servername is the domain name of the nameserver. It is used in our exercise to query the authoritative nameserver for www.cucat.org

set type=soa
cucat.org SOA stands for start of authority. The query returns several items including responsible mail addr, serial, refresh, retry, expire, and default time to live. If incorrect data gets entered into the dns system, record expiration ensures that it doesn't remain forever.

A nonrecursive name server will only answer queries for domains it supports, and a recursive name server will answer queries for any domain. If running a nameserver answering external queries limitted only to things inside your network, recursive queries should only be answered from the internal network to limit external access to information from zone files.

Type exit to exit nslookup.

EXIM Mail Transport Agent

Our discussion of an email server began with some background explanation of mail routing. If there is only 1 mx record for a domain and the server is not available, mail cannot be delivered. It is important to read bounce reports to find out why mail bounced.

The MTA used in our course is Exim. Its website is www.exim.org, which contains resources such as a wiki and mailing lists. There are documentation packages available in Ubuntu that provide Exim documentation in HTML and info formats. A large text file with the documentation is also included with the Exim installation.

Other MTA's that were not covered here include Postfix, qmail, and Sendmail.

A machine which has a mail server installed must have port 25 open externally. Some ISP's block port 25. A mail server set up as an open relay will accept mail from anywhere to anywhere and can be used to send large amounts of junkmail.

Ubuntu has light and heavy versions of Exim, with the heavy version containig more features such as database support. The exim4-daemon-heavy package was used for demonstration.

Several questions are asked when installing Exim. These provide a starting point for its configuration. Questions include the type of mail routing, domain name and IP address, networks which can relay mail through the server, whether or not to split the configuration into smaller files, and the postmaster email address.

The exim configuration contains several sections which can be customized to control how the mail server operates.

The netcat tool can e used to do various network tasks. It was used to connect to the mail server after it was installed and send a test email.

A program like fetchmail can be used to download mail from an ISP and have it processed by the local mailserver.

Aliases can be useful to direct mail to a particular email address, such as the linux-instructors email address being sent to the instructor. If the instructor changes, the email address can remain the same.

Miscelaneous topics discussed in study group 13

Virtual hosts in Apache

The virtual host snippet is put into /etc/apache2/sites-available and enabled with a2ensite filename. This process is documented in /usr/share/doc/apache2/README.Debian.gz. Once enabled, run apache2ctl -t to test syntax of configuration and reload the server.

How to reset the root password on Linux

Boot the system from a rescue CD like GRML
mount root file system under /mnt/media
cd /mnt/media
cd etc
edit the passwd file. Find the line beginning with root:x:
Remove what is between the first two colons so it starts with root::
make the same change to /etc/shadow
save both files and reboot the box.
Log in as root and set a new password

Discussion of Linux installation

Different install media have different boot sequences. The easiest way to figure out how an install boots and how to get to the boot prompt is by using a virtual machine with JAWS 13's OCR feature. For the Ubuntu server CD: Boot the CD, press enter to select English, which is the default. Press escape to cancel the graphical install, wait about 1 second, and enter to choose ok in the dialog asking if you are sure. Then type linux console=ttS1,9600
This topic is also covered in Eyes-Free Linux Installation Under Windows
Procedures for distributions using SYSLINUX or ISOLINUX may be more predictable, but they can have some new situations such as the language selection at the beginning of the install. For isolinux, configurations are stored in the isolinux directory. There are several files including help files for the different function keys used in the install. The isolinux files can help in finding out what the available kernel images are, and what can be entered at the boot prompt. However, getting sighted assistance or using OCR is the best way to tell what's happening. Getting an autoinstall iso through http://www.instalinux.com is also an option. Using a serial console with com0com has the advantage of being able to step through the install, making it easier to troubleshoot. Setting up partitioning with LVM and RAID interactively is also possible using a serial console.

Partitioning

Reasons to separate areas of the system onto different partitions are that they can limit areas to a given size, programs like tar and afio can be told to stay within a file system boundary which may be useful when doing backups, and if one partition fills up it will not cause as much trouble to the whole system. There are different partition configurations that can be used, not just one best method.

Firewalls

Linux has iptables. Ubuntu has UFW. Rules are created when packages are installed. It can be configured with the ufw command. Be careful when installing packages like shorewall or firestarter, can cause trouble if it breaks your SSH access. Firewalls are discussed further in study group 14.