SCREEN command use cases

May 29, 2015 Leave a comment

 
 
Sometimes we have to control job creation & termination via screen from inside a bash or shell script. Pasted below are some onliner’s which you will find useful.
 
1) Create screen test
 

reynold@jackal:~/$ screen -dmS test /usr/bin/top 
reynold@jackal:~/$ screen -ls
There is a screen on:
	10222.test	(07/01/2014 02:52:58 AM)	(Detached)
1 Socket in /var/run/screen/S-reynold.

reynold@jackal:~/$ 

 
2) Terminate the screen
 

reynold@jackal:~/$ screen -S test -X "quit"
reynold@jackal:~/$ screen -ls
No Sockets found in /var/run/screen/S-reynold.

reynold@jackal:~/$ 

 

3) Start a screen job which have command output piped. The first screen creation command won’t work in this case.
 

root@jmail7:~# screen -dmS straycustomerdirs bash -c 'cat /root/ops/reynold/straycustomerdirs.list | xargs rm -vrf $1'
root@jmail7:~#

 

4) To list all running screens,
 

screen -ls

 
5) To connect to an already running screen,
 

screen -rx SCREENNAME

 
6) To create a another screen inside a screen (yeah, its just sounds like dream inside a dream as in movie Inception :D ),
 

Ctrl + a + c

 
7) To list all subscreens inside a screen,
 

Ctrl + a + "

 

Categories: Linux Command Line

Adjust RAID rebuild rate

May 29, 2015 Leave a comment

 
 
Steps to adjust hardware RAID rebuild rate using ‘megacli’. Most often after a disk replacement in case of disk failure, we want to increase the RAID rebuild rate to speed up the process. Also if RAID rebuild is causing performance issues with host, then we might need to consider reducing the rebuild rate. The command lines pasted below helps to control it,

 
1) Get current RAID rebuild rate,
 

host100:~# megacli -AdpGetProp RebuildRate -a0
                                     
Adapter 0: Rebuild Rate = 15%

Exit Code: 0x00
host100:~# 

 
2) Set RAID rebuild rate to 25%,
 

host100:~# megacli -AdpSetProp RebuildRate 25 -a0
                                     
Adapter 0: Set rebuild rate to 25% success.

Exit Code: 0x00
host100:~#

 
 

Categories: RAID, Storage

Varnish 3.0 useful commands

May 28, 2015 1 comment

 
 
Some useful notes and commands which will be useful for administering varnish 3.0 web caching server,
 
1) Find healthy and sick backends
 

varnishadm  debug.health | grep Happy | less
varnishadm  debug.health | grep -i sick 

 
2) Log all incoming POST requests for 10 minutes,
 

timeout 10 varnishlog -c -m RxRequest:POST > /tmp/POSTlog

 
3) Search varnish live log based on specific domain and URL,
 

varnishlog -c -m RxHeader:"Host: jackal.me"
varnishlog -c -m RxHeader:"Host: jackal.me" -m RxURL:"/wp-admin/post-new.php"

 
4) Get list of IPs from which POST requests are received for wp-login.php,
 

varnishncsa -F %h -m RxRequest:POST -m RxUrl:wp-login.php

 
5) Hit to miss ratio based on IP address,
 

varnishncsa  -F  "%h %s %{Varnish:hitmiss}x" 

 
6) Find details of 503 error to a domain,
 

varnishlog -c -m TxStatus:503 -m RxHeader:"Host: jackal.me"

 
7) Search based on a custom VCL header,
 

varnishlog -c -m VCL_Log:"X-JACK-SEC: wpblock" -m RxHeader:"Host: jackal.me"

 
8) Manually PURGE cache of a domain from varnish server,
 

read -p "Domain: " DOMAIN && read -p "URL: " URL && echo -e 'PURGE ${URL} HTTP/1.1\nHost: ${DOMAIN}\n\n' | nc localhost 80

 
9) Force caching a domain in varnish 3.0,
 
a) In VCL fetch file add(exclude requests for wp-admin),
 

if((req.http.host ~ "jackal.me" && !(req.url ~ "wp-admin"))) {
        unset beresp.http.set-cookie;
        unset beresp.http.Cache-Control;
        unset beresp.http.Pragma;
        unset beresp.http.X-Powered-By;
        std.log("unsetting set header");
        return(deliver);
}

 
b) In VCL recv file add,
 

if(req.http.host ~ "jackal.me"   && !(req.url ~ "wp-admin")){
        unset req.http.etag;
        unset req.http.Cookie;
        return(lookup);

}

 
c) Reload varnish
 

service varnish reload

 
10) Disable caching for a domain in backend. For this purpose add the following line in ‘.htaccess’,
 

Header add X-Varnish-Control "disabled"

 
11) Block a website. In sub-function fetch and recv add,
 

if(req.http.host ~ "jackal.me"){
    error 403 "Website suspended. Contact support for more information";
}

 
12) Enable hot link protection. Add the following in RECV function and reload varnish,
 

if(req.http.host ~ "jackal.me" && (req.http.referer && req.http.referer !~ "^http://jackal.me/")){
        error 403 "Hotlinking not allowed";
}

 
 

Categories: Varnish, Webserver

GIT Reference

May 28, 2015 Leave a comment

 
Some day to day useful git stuff for system administrators,
 
 
1) Server side repository setup,
 

ssh reynold@git.jackal.com

 

[reynold@git ~/]$ cd public_git
[reynold@git ~/public_git]$ mkdir testrepo.git
[reynold@git ~/public_git]$ cd testrepo.git/
[reynold@git ~/public_git/testrepo.git]$ git init --bare
Initialized empty Git repository in /home/reynold/public_git/testrepo.git/
[reynold@git ~/public_git/testrepo.git]$ 

 
2) On local machine,
 

cd Projects/
git init
git config --global user.name "Reynold PJ"
git config --global user.email reynold@jackal.com
git remote add public reynold@git.jackal.com:/git/reynold/testrepo.git
git add testscripy.py
git commit -m "Added testscripy.py"
git push public master

 
Check url

git.jackal.com:/git/reynold/testrepo.git

 
 
3) Ignore local changes and reset to the one in origin/master,
 

git reset --hard origin/master
git pull origin

 

git checkout master
git merge master

 
4) Create a new branch, apply the changes in that branch and push the changes. When you are making changes to a shared code base, its always recommended to make your changes in your own branch and later merge it to the master branch.
 

reynold@jackal:~/git/chef-cookbook-couchdb$ git pull
reynold@jackal:~/git/chef-cookbook-couchdb$ git checkout -b reynold
reynold@jackal:~/git/chef-cookbook-couchdb$ git add attributes/default.rb
reynold@jackal:~/git/chef-cookbook-couchdb$ git commit -m "attributes/default.rb: Removed timewindow from auto-compaction"
reynold@jackal:~/git/chef-cookbook-couchdb$ git push origin
reynold@jackal:~/git/chef-cookbook-couchdb$ 

 

Merge the changes made in new branch ‘reynold’ to the master branch.
 

reynold@jackal:~/git/chef-cookbook-couchdb$ git checkout master
Already on 'master'
reynold@jackal:~/git/chef-cookbook-couchdb$ git pull origin master
From git.jackal.com:/git/chef-cookbook-couchdb
 * branch            master     -> FETCH_HEAD
Already up-to-date.
reynold@jackal:~/git/chef-cookbook-couchdb$ git merge reynold
Updating 0fdb954..7039a98
Fast-forward
 attributes/default.rb |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
reynold@jackal:~/git/chef-cookbook-couchdb$ git push origin master
Total 0 (delta 0), reused 0 (delta 0)
To git.jackal.com:/git/chef-cookbook-couchdb.git
   0fdb954..7039a98  master -> master
reynold@jackal:~/git/chef-cookbook-couchdb$ 

 

Categories: GIT, Linux Command Line

Postfix administration tips

May 28, 2015 Leave a comment

 
 
1) Queue count
 

postqueue  -p|awk 'NF==7 && $1 ~ /^[A-Z0-9a-z]/{print $1}'|wc -l

 
2) Top 10 senders
 

postqueue -p|awk 'NF==7{print $NF}'|sort|uniq -c|sort -nr|head

 
3) List out emails send by given email address,
 

read -p "Email: " EMAIL;postqueue -p|awk -v email=${EMAIL} '$NF ~ email{if(NF>6)print $0}'|head

 
4) Delete all emails send by given email address,
 

read -p "Email: " EMAIL; postqueue -p|awk -v email=${EMAIL} '$NF ~ email{if(NF>6){split($1,a,"*");system("postsuper -d "a[1]);}}'

 
5) Extract headers of all emails in queue to file “list.txt” along with the mail id at the top. This could be later used for performing various pattern analysis based on header.
 

:>list.txt
queuelist=$(postqueue  -p|awk 'NF==7 && $1 ~ /^[A-Z0-9a-z]/{print $1}')
for i in $queuelist;do 
j=$(echo ${i}|tr -d '*')
echo -n "${j} " >> list.txt
postcat -q ${j} 2>/dev/null|sed -n '/^message_size:/,/^Content-/p' >> list.txt
done 

 
6) Find out for which email id is MAILER-DAEMON bounces are coming. There is an option to remove the MAILER-DAEMON bounces for a specific email id as well. Useful while troubleshooting increased bounces in queue.
 

:>/tmp/mailer-daemon.txt
:>/tmp/mailer-daemon_details.txt

EMAIL="MAILER-DAEMON";postqueue -p|awk -v email=${EMAIL} '$NF ~ email{if(NF>6){split($1,a,"!");print a[1]}}' > /tmp/mailer-daemon.txt
for i in `cat /tmp/mailer-daemon.txt`;do  postcat -q $i |sed -nr 's/^recipient:\s(.*@.*)$/'${i}' \1/p'; done >> /tmp/mailer-daemon_details.txt
awk '{print $2}' /tmp/mailer-daemon_details.txt|sort|uniq -c|sort -nr|head
read -p "Email: " EMAIL;awk -v email=${EMAIL} '$2 ~ email{system("postsuper -d " $1)}' /tmp/mailer-daemon_details.txt 

 
7) Put email “on hold” queue so that no attempt is made to deliver it,
 

postsuper -h MSG_QUEUEID

 
8) Requeue the message with the named queue ID,
 

postsuper -r MSG_QUEUEID

 
9) Show postfix deferred queue message distribution in time based on sender domain,
 

qshape -s deferred

 

Categories: Mail, Postfix

Understanding traceroute using Scapy

April 18, 2015 Leave a comment

 

Scapy is a packet generator/sniffer and in this post we will be discussing the use of scapy to understand the working of traceroute. And the best part is that, its pythonic :D

 

Assumptions made:

 

1) I am having a test vm with following details,

Hostname: client1.jackal.com
IP : 192.168.122.101
interface: eth0
Gateway: 192.168.122.1

2) tcpdump is installed on the test vm
3) We are doing a traceroute to google open dns ip 8.8.8.8

 

Explanation:

 

Open two command prompts on your test VM in which one interface contains the traceroute running with the following options,

 

root@client1:~# tcpdump -v -i eth0 -n -t icmp and port not 22

On the other prompt type “scapy” which will open up an interpreter,

 

root@client1:~# 
root@client1:~# scapy
>>> 

Now follow the steps outlined below,

1) Send packet 1 with ttl set as 1,

>>> send(IP(dst='8.8.8.8', ttl=1)/ICMP())
.
Sent 1 packets.
>>> 

In tcpdump output you will see the following(step 2,3, etc. also contains tcpdump output shown after packet send operation),

IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 64, id 18982, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.122.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
2) Send packet 2 with ttl set as 2,

>>> send(IP(dst='8.8.8.8', ttl=2)/ICMP())
.
Sent 1 packets.
>>> 

tcpdump output,

IP (tos 0x0, ttl 2, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 253, id 51505, offset 0, flags [none], proto ICMP (1), length 56)
    10.111.44.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
3) Send packet 3 with ttl set as 3. Here you won’t get “ICMP time exceeded in-transit” message. That means that router have either disabled icmp responses or not accessible. You usually see “3 * * *” as responses in such cases of traceroute. Retry 3 times and if you are receiving the same response then display ” * * *”

>>> send(IP(dst='8.8.8.8', ttl=3)/ICMP())
.
Sent 1 packets.
>>> send(IP(dst='8.8.8.8', ttl=3)/ICMP())
.
Sent 1 packets.
>>> send(IP(dst='8.8.8.8', ttl=3)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
4) Send packet 4 with ttl set as 4.

>>> send(IP(dst='8.8.8.8', ttl=4)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 4, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 252, id 62907, offset 0, flags [none], proto ICMP (1), length 96)
    182.73.11.177 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
5) Send packet 5 with ttl set as 5,

>>> send(IP(dst='8.8.8.8', ttl=5)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 5, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 250, id 25844, offset 0, flags [none], proto ICMP (1), length 96)
    182.79.247.9 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
6) Send packet 6 with ttl set as 6,

>>> send(IP(dst='8.8.8.8', ttl=6)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 6, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 247, id 0, offset 0, flags [none], proto ICMP (1), length 56)
    72.14.223.230 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
7) Send packet 7 with ttl set as 7,

>>> send(IP(dst='8.8.8.8', ttl=7)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 7, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 246, id 31013, offset 0, flags [none], proto ICMP (1), length 56)
    72.14.237.3 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x80, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
8) Send packet 8 with ttl set as 8,

>>> send(IP(dst='8.8.8.8', ttl=8)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 8, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 54, id 23662, offset 0, flags [none], proto ICMP (1), length 28)
    8.8.8.8 > 192.168.122.101: ICMP echo reply, id 0, seq 12535, length 8

This means that the source server is able to identify the destination host in the 8th hop. By default the traceroute program performs upto 30 hops and if its unable to find the destination in 30 hops, it will print a host unreachable message.

The traceroute program actually sends/forwards an ICMP packet with source address set as the machine’s ip in which traceroute is run, and it also sets the TTL value to 1 initially. So when the packet reaches the immediate next router, it reduces the packets TTL by 1 and finds the TTL has reached 0. So it returns a message ICMP time exceeded in-transit to the sender address in packet header. Next time, the sender again increments the TTL value by 1(TTL is now 2) and sends the packet to the destination which will fail on the second router because the TTL of packet will be 0 after it reaches the second router and hence it won’t forward it, but instead reply back to sender with the same message as before. This same logic is applied for subsequent hops, until the packet reaches the destination.
 

 

To Send all 8 packets at once,

>>> send(IP(dst='8.8.8.8', ttl=(1,8))/ICMP())
........
Sent 8 packets.
>>> 

 

IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 64, id 18988, offset 0, flags [none], proto ICMP (1), length 56)
        192.168.122.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 2, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 253, id 55537, offset 0, flags [none], proto ICMP (1), length 56)
        10.111.44.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 4, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 5, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 6, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 250, id 29640, offset 0, flags [none], proto ICMP (1), length 96)
        182.79.247.9 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 252, id 14334, offset 0, flags [none], proto ICMP (1), length 96)
        182.73.11.177 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 7, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 8, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 247, id 0, offset 0, flags [none], proto ICMP (1), length 56)
        72.14.223.230 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 246, id 40140, offset 0, flags [none], proto ICMP (1), length 56)
        72.14.237.3 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x80, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 54, id 28109, offset 0, flags [none], proto ICMP (1), length 28)
        8.8.8.8 > 192.168.122.101: ICMP echo reply, id 0, seq 14816, length 8

Custom TLD for local network

November 19, 2013 Leave a comment

 

 

In this post I will mention the steps to setup a TLD ( top level domain ) which can be used in a local network. Even though I have configured dns zones manually, this was the first time I configured a TLD zone(eventhough local one) of my own and it felt really cool after completing the setup :)

 

ASSUMPTION:

1) TLD used: “.jackal”
2) Bind version: 9
3) OS: Debian 7 (wheezy)
4) DNS/Nameserver ip: 10.111.44.221

 

SOLUTION:

1) Install bind and required packages,

apt-get install bind9 dnsutils

 

2) Insert the following into file “/etc/bind/named.conf.default-zones”,

zone "jackal." {
        type master;
        file "/etc/bind/db.jackal";
        allow-transfer { any;};
        allow-query { any;};
};

 

3) Verify configuration,

root@dns01:~# named-checkconf 
root@dns01:~#

 

4) Create the zone file for “jackal.” in “/etc/bind/db.jackal”

;
; BIND data file for TLD ".jackal"
;
$TTL	604800
@	IN	SOA	jackal. root.jackal. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	  IN	NS	ns1.jackal.
@	  IN	NS	ns2.jackal.
@	  IN	A	10.111.44.221
dns01	  IN 	A	10.111.44.222
apache01  IN	A	10.111.44.223
mysql01   IN	A	10.111.44.224
postfix01 IN	A	10.111.44.225
dovecot01 IN	A 	10.111.44.226
ns1	  IN	A	10.111.44.221
ns2	  IN	A 	10.111.44.221

 

5) And verify the zone file, bind configuration and after that restart bind service.

root@dns01:/etc/bind# named-checkzone jackal. db.jackal 
zone jackal/IN: loaded serial 2
OK
root@dns01:/etc/bind# named-checkconf 
root@dns01:/etc/bind# service bind9 restart
[....] Stopping domain name service...: bind9waiting for pid 2279 to die
. ok 
[ ok ] Starting domain name service...: bind9.
root@dns01:/etc/bind#

 

6) Create a separate directory for storing zone files of domains,

mkdir /etc/bind/zones/

 

7) Use the “initdns.sh” script for creating dns zone entries.
NOTE: We are using TLD’s ending with “.jackal”. Also customize the “initdns.sh” for your own use :D

root@dns01:/# ./initdns.sh rogerjo.jackal
[*] Created zone file for rogerjo.jackal
[*] Added zone entry for rogerjo.jackal in bind configuration
root@dns01:/# named-checkzone rogerjo.jackal /etc/bind/zones/rogerjo.jackal 
zone rogerjo.jackal/IN: loaded serial 1378789827
OK
root@dns01:/# rndc reload
server reload successful
root@dns01:/#

 

 

 

initdns.sh

#!/bin/bash

if [ $# -ne 1 ];then
	echo "Usage: initdns.sh "
	exit 1
fi

## Domain name
MYDOMAIN=$1
ZONECONFIG="/etc/bind/named.conf.default-zones"

if [ `sed -n '/^zone "'${MYDOMAIN}'."/p' ${ZONECONFIG}|wc -l` -eq 1 ];then
	echo "[ERROR] Entry for ${MYDOMAIN} already exists"
	exit 1
fi

## Nameservers
NAMESERVER1="ns1.jackal"
NAMESERVER2="ns2.jackal"

## Apache and ftp service are running on the same host
APACHE_IP="10.111.44.222"
FTP_IP="10.111.44.222"

##Mail server
SMTP_IP="10.111.44.224"
POP_IMAP_IP="10.111.44.225"

## DB Server
MYSQL_IP="10.111.44.223"

## Create zone file
cat > /etc/bind/zones/${MYDOMAIN} << EOF \$TTL    86400 @       IN      SOA     ns.${MYDOMAIN}. root.${MYDOMAIN}. (                         1378789827      ; Serial                         10800   ; Refresh                         3600    ; Retry                         604800  ; Expire                         10800 ) ; Minimum ${MYDOMAIN}.       IN NS   ${NAMESERVER1}. ${MYDOMAIN}.       IN NS   ${NAMESERVER2}. ${MYDOMAIN}.       IN A    ${APACHE_IP} www.${MYDOMAIN}.   IN CNAME ${MYDOMAIN}. ${MYDOMAIN}.       IN MX  10  mx01.${MYDOMAIN}. ${MYDOMAIN}.       IN MX  10  mx02.${MYDOMAIN}. mx01.${MYDOMAIN}.  IN A	   ${SMTP_IP} mx02.${MYDOMAIN}.  IN A	   ${SMTP_IP} pop.${MYDOMAIN}.   IN A    ${POP_IMAP_IP} imap.${MYDOMAIN}.  IN A    ${POP_IMAP_IP} mysql.${MYDOMAIN}. IN A	   ${MYSQL_IP} ftp.${MYDOMAIN}.   IN A	   ${FTP_IP} EOF echo "[*] Created zone file for ${MYDOMAIN}" ## Create zone entry in bind configuration cat >> ${ZONECONFIG} << EOF

zone "${MYDOMAIN}." {
  	type master;
	file "/etc/bind/zones/${MYDOMAIN}";
};
EOF

echo "[*] Added zone entry for ${MYDOMAIN} in bind configuration"

 

 

 

removedns.sh

#!/bin/bash

if [ $# -ne 1 ];then
	echo "Usage: removedns.sh <domainname>"
	exit 1
fi

## Domain name
DOMAIN=$1

ZONECONFIG="/etc/bind/named.conf.default-zones"

if [ `sed -n '/^zone "'${DOMAIN}'."/p' /etc/bind/named.conf.default-zones|wc -l` -eq 1 ];then
	##Remove entries from dns configuration file
	sed -i -e '/^zone "'${DOMAIN}'."/,/^};/d' ${ZONECONFIG}
	sed -i '$d' ${ZONECONFIG}

	echo "[*] Removed zone entries from bind configuration"
else
	echo "[ERROR] ${DOMAIN} not present in bind configuration"
	exit 1
fi

#Remove zone file if it exists
if [ -f /etc/bind/zones/${DOMAIN} ];then
	rm -f /etc/bind/zones/${DOMAIN}
	echo "[*] Removed zone db file"
fi
Follow

Get every new post delivered to your Inbox.

Join 30 other followers