djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I have tested djbdns on a Debian Etch system with the IP address 192.168.0.100. I'll explain how to use dnscache and tinydns (as a master DNS server), but not how to use axfrdns - maybe I'll cover that in another tutorial.
dnscache will listen on the local IP address 127.0.0.1, tinydns on the external IP address 192.168.0.100.
2 Installing djbdns
djbdns is not available as a binary package in the Debian repositories due to its "license" (until December 28, 2007, djbdns was license-free software), however there's a djbdns-installer package in the repositories that can be used to install djbdns. djbdns depends on daemontools and ucspi-tcp; again, there are only installer packages available for these programs. The installers are available in the Debian Etch contrib and non-free repositories, so we must make sure first that these are included in our /etc/apt/sources.list:
#vi /etc/apt/sources.list
---------------------------------------------------------------------------
[...]
deb http://ftp2.de.debian.org/debian/ etch main contrib non-free
[...]
---------------------------------------------------------------------------
Update your packages database afterwards:
#apt-get update
Next we install the daemontools-installer:
#apt-get install daemontools-installer
Now we can install the daemontools like this:
#build-daemontools
You will be asked a few questions. You can always accept the default value by pressing ENTER:
Enter a directory where you would like to do this [/tmp/daemontools] <-- ENTER
Which format would you like to use? [fD] <-- ENTER
Press ENTER to continue... <-- ENTER
Do you want to remove all files in /tmp/daemontools,
except daemontools_0.76-9_i386.deb now? [Yn] <-- ENTER
Do you want to install daemontools_0.76-9_i386.deb now? [Yn] <-- ENTER
Do you want to purge daemontools-installer now? [yN] <-- ENTER
To install ucspi-tcp, we run
#apt-get install ucspi-tcp-src
and then:
#build-ucspi-tcp
You'll be asked a few questions again, and again you can accept the default values:
Enter a directory where you would like to do this [/tmp/ucspi-tcp] <-- ENTER
Press ENTER to continue... <-- ENTER Do you want to remove all files in /tmp/ucspi-tcp, except ucspi-tcp_0.88-10_i386.deb now? [Yn] <-- ENTER
Do you want to install ucspi-tcp_0.88-10_i386.deb now? [Yn] <-- ENTER
Do you want to purge ucspi-tcp-src now? [yN] <-- ENTER
Finally we install djbdns as follows:
#apt-get install djbdns-installer
#build-djbdns
Again, you'll be asked a few questions - accept the default values:
Enter a directory where you would like to do this [/tmp/djbdns] <-- ENTER
Press ENTER to continue... <-- ENTER
Do you want to remove all files in /tmp/djbdns,
except djbdns_1.05-11_i386.deb now? [Yn] <-- ENTER
Do you want to install djbdns_1.05-11_i386.deb now? [Yn] <-- ENTER
Do you want to purge djbdns-installer now? [yN] <-- ENTER
Next we configure dnscache, axfrdns, and tinydns (make sure you replace 192.168.0.100 with the external IP address of your system):
#mkdir /var/lib/svscan
#dnscache-conf dnscache dnslog /var/lib/svscan/dnscache
#axfrdns-conf axfrdns dnslog /var/lib/svscan/axfrdns /var/lib/svscan/tinydns 192.168.0.100
#tinydns-conf tinydns dnslog /var/lib/svscan/tinydns 192.168.0.100
#ln -s /var/lib/svscan/dnscache /service
#ln -s /var/lib/svscan/axfrdns /service
#ln -s /var/lib/svscan/tinydns /service
Then we start djbdns:
#/etc/init.d/djbdns restart
3 Using dnscache
To use dnscache, we replace the existing name servers in /etc/resolv.conf with 127.0.0.1, the IP address that dnscache is listening on.
Make a backup of /etc/resolv.conf:
#cp /etc/resolv.conf /etc/resolv.conf-original
Then run the following commands to create a new /etc/resolv.conf (make sure you replace example.com with your own domain):
#echo "domain example.com" > /etc/resolv.conf
#echo "nameserver 127.0.0.1" >> /etc/resolv.conf
To test if dnscache is working, we can try to resolve a hostname, e.g. www.google.com:
#dnsip www.google.com
If all goes well, it should display the IP addresses of www.google.com:
server1:~# dnsip www.google.com
66.249.93.104 66.249.93.147 66.249.93.99
server1:~#
4 Configuring tinydns
All tinydns records are stored in the file /service/tinydns/root/data. This file can either be edited by hand, or you can use some helper scripts that are in the /service/tinydns/root directory, e.g. add-ns, add-host, add-alias, etc.
I will now create some records for the domain example.com using these helper scripts. To use these helper scripts, we must go to the /service/tinydns/root directory:
#cd /service/tinydns/root
Now I want this server (192.168.0.100) to be a name server for the example.com domain, so I run:
#./add-ns example.com 192.168.0.100
The name of the name server is not directly specifiable. Names are automatically assigned by add-ns itself, following the pattern [a-z].ns.name, i.e. the 192.168.0.100 name server is named a.ns.example.com (you don't have to create an A record for a.ns.example.com, this has been created automatically by the previous add-ns command).
Now let's make the server with the IP address 192.168.0.101 our second name server for the example.com domain - this is b.ns.example.com:
#./add-ns example.com 192.168.0.101
Next let's create A records for the servers that will host example.com - let's name them server1.example.com and server2.example.com:
#./add-host server1.example.com 192.168.0.100
#./add-host server2.example.com 192.168.0.101
A single IP address can be used only once in an add-host command. To create further hostnames that use the IP address, we must now use the add-alias command:
#./add-alias www.example.com 192.168.0.100
#./add-alias example.com 192.168.0.100
Let's make 192.168.0.100 the mail exchanger for example.com:
#./add-mx example.com 192.168.0.100
The name of the SMTP server is not directly specifiable. Names are automatically assigned by add-mx itself, following the pattern [a-z].mx.name, in this case a.mx.example.com. It is not possible to specify the distance value (i.e., the priority) for the SMTP server.
After you've created all wanted records, you must run
#make
so that your changes can take effect.
There are no helper scripts to create CNAME and TXT records (e.g. for SPF records), so if you want to create such records, you must modify /service/tinydns/root/data manually, e.g. like this:
#vi /service/tinydns/root/data
-------------------------------------------------------
[...]
'example.com:v=spf1 a mx ~all:3600
Cftp.example.com:www.example.com
-------------------------------------------------------
You can use the SPF wizard on http://old.openspf.org/wizard.html to create an SPF record for your domain - the wizard shows the record in BIND and tinydns syntax so that you can copy & paste the record.
Don't forget to run
#make
afterwards.
If you take a look at the /service/tinydns/root/data file...
#cat /service/tinydns/root/data
-------------------------------------------------------------------
server1:/service/tinydns/root# cat /service/tinydns/root/data
.example.com:192.168.0.100:a:259200
.example.com:192.168.0.101:b:259200
=server1.example.com:192.168.0.100:86400
=server2.example.com:192.168.0.101:86400
+www.example.com:192.168.0.100:86400
+example.com:192.168.0.100:86400
@example.com:192.168.0.100:a::86400
'example.com:v=spf1 a mx ~all:3600
Cftp.example.com:www.example.com
server1:/service/tinydns/root#
-------------------------------------------------------------------
... you'll notice that the records begin with signs such as ., =, +, @, ', C, etc. You can find explanations of the different record types on http://www.fefe.de/djbdns/#recordtypes and http://www.pjvenda.org/linux/doc/tinydns/.
Instead of using the add-* helper scripts, you can of course specify all records manually in /service/tinydns/root/data. This way you are more flexible, for example you can assign individual names to your name servers and mail exchangers, e.g. ns1.example.com instead of a.ns.example.com:
#cd /service/tinydns/root
#vi data
-----------------------------------------------
#define the authoritative nameserver
.example.com::ns1.example.com
#mail exchanger
@example.com::mail.example.com
#IP for machine1,2,3,4,5
=machine1.example.com:1.2.3.1
=machine2.example.com:1.2.3.2
=machine3.example.com:1.2.3.3
=machine4.example.com:1.2.3.4
=machine5.example.com:1.2.3.5
#machine5 is also known as ns1
+ns1.example.com:1.2.3.5
#machine1 is our mailserver
+mail.example.com:1.2.3.1
#and our webserver
+www.example.com:1.2.3.1
---------------------------------------------
#make
To test your records, you can use the dig command, e.g.
#dig @192.168.0.100 example.com
#dig @192.168.0.100 ns example.com
#dig @192.168.0.100 mx example.com
#dig @192.168.0.100 txt example.com
#dig @192.168.0.100 www.example.com
etc.
To learn more about djbdns, you should definitely take a look at the following web sites:
* http://cr.yp.to/djbdns.html
* http://www.tinydns.org
* http://www.lifewithdjbdns.com
* http://www.djbdnsrocks.org/
* http://www.fefe.de/djbdns/#recordtypes
* http://www.pjvenda.org/linux/doc/tinydns/
* http://smarden.org/pape/djb/manpages/
18 Apr 2008
How To Install And Use The djbdns Name Server On Debian Etch
16 Apr 2008
FreeNX Server and Client Installation in Debian Etch
FreeNX is a system that allows you to access your desktop from another machine over the internet. You can use this to login graphically to your desktop from a remote location. One example of its use would be to have a FreeNX server set up on your home computer, and graphically logging in to the home computer from your work computer, using a FreeNX client.
Terminology You Should know
The Server is the computer you want to connect to. This is the computer where the FreeNX server will need to be installed. The name of the Ubuntu package providing the server is “freenx”. For the example used here, the home computer is the server.
The Client is the computer from which you want to be able to access the Server. The name of the Ubuntu package providing the client is “nxclient”. For the example used here, the work computer is the client.
Install Required software
NX server needs ssh and some libraries to run. These packages are normally not installed during the basic installation process.Use the following comamnd to install
#aptitude libstdc++2.10-glibc2.2 ssh
Install Free NX Server in Debian Etch
First you need to download the .deb packages using the follwoing commands
#wget http://64.34.161.181/download/2.1.0/Linux-NoXft/nxclient_2.1.0-17_i386.deb
#wget http://64.34.161.181/download/2.1.0/Linux/nxnode_2.1.0-22_i386.deb
#wget http://64.34.161.181/download/2.1.0/Linux/FE/nxserver_2.1.0-22_i386.deb
Now you need to install .deb packages in the following order this is very important
#dpkg -i nxclient_2.1.0-17_i386.deb
#dpkg -i nxnode_2.1.0-22_i386.deb
#dpkg -i nxserver_2.1.0-22_i386.deb
If you get any errors use the following comamnd to fix
#apt-get -f install
Now you need to make sure ssh and nx servers are running if not start with the following commands
#/etc/init.d/ssh start
#/etc/init.d/nxserver start
Freenx client installation in Windows
First you need to download freenx from here
Once you finish the installation you should be having freenx shortcut in your desktop now you need to double click on that and you should see the following screen and click next here
This will complete the connection to your server
Freenx client installation in Debian
First you need to download the client .deb package using the following command
#wget http://64.34.161.181/download/2.1.0/Linux-NoXft/nxclient_2.1.0-17_i386.deb
Install .deb package using the following comamnd
#dpkg -i nxclient_2.1.0-17_i386.deb
If you get any errors use the following comamnd to fix
#apt-get -f install
Now you need to go to Applications–>Internet–>NX Client for Linux –> NX Client for Linux once it opens you can follow the above procedure to connect
Optional Configuration
Changing SSH port Number
By default, nxserver uses port 22 for communicating over SSH. On some machines or networks, port 22 may be blocked. For example, some providers block port 22. To make the SSH server listen on port 8888, you can do the following:
Edit the file /etc/ssh/sshd_config
#vi /etc/ssh/sshd_config
Find
Port 22
and change it to
Port 8888
You then need to restart SSHD. Try
#/etc/init.d/ssh restart
Edit the file /etc/nxserver/node.conf
#vi /etc/nxserver/node.conf
Find
# The port number where local ’sshd’ is listening.
#SSHD_PORT=22
and change it to:
# The port number where local ’sshd’ is listening.
SSHD_PORT=8888
That is, change the port number to the one that sshd is listening to, and uncomment the line.
15 Apr 2008
Instalasi Postgresql di Ubuntu
Tentang PostgreSQL
PostgreSQL adalah sebuah object-relational database management system (ORDBMS). Dirilis dibawah lisensi BSD-style sehingga postgresql adalah free software. Seperti halnya program open-source lainnya, PostgreSQL tidak dikontrol oleh satu perusahaan, tapi bertumpu kepada developer dan perusahaan di komunitas global untuk pengembangannya.
Installation di Ubuntu
Sekarang saya akan menginstall paket postgresql. Saya menggunakan ubuntu feisty dan akan mendownload postgresql-8.1. Rilis terakhir dari postgresql adalah postgresql-8.3.
jafar@dns4:/home/jafar# sudo apt-get install postgresql-8.1 <<< install postgresql menggunakan apt-get
jafar@dns4:~$ sudo su
[sudo] password for jafar:
root@dns4:~$ sudo /etc/init.d/postgresql-8.1 restart <<< restart daemon postgresql di ubuntu
root@dns4:/home/jafar# su postgres <<< login sebagai superuser postgres
postgres@dns4:/home/jafar$
Edit pg_hba.conf :
postgres@dns4:/home/jafar$ vi /etc/postgresql/8.1/main/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all password
# IPv4 local connections:
host all all 127.0.0.1/32 password
host all all 192.168.0.10/32 password << IP address komputer kita
Edit postgresql.conf :
postgres@dns4:/home/jafar$ vi /etc/postgresql/8.1/main/postgresql.conf
#---------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#---------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost', '*' = all
port = 5432
Pastikan kita mengaktifkan baris yang berisi listen address atau kita dapat menggunakan tanda '*' dan juga pastikan port yang digunakan sebagai port default postgresql adalah port 5432.
postgres@dns4:/home/jafar$ psql template1 <<< database default di postgresql adalah template1
Welcome to psql 8.1.10, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
template1=#
template1=# create user diki password 'lagibelajar'; <<< buat user baru
CREATE ROLE
template1=# create database belajar owner diki; <<< buat database baru
CREATE DATABASE
template1=# \q
postgres@dns4:/home/jafar$ createlang plpgsql belajar << untuk mendefinisikan 'plpgsql' sebagai bahasa pemrograman di database kita.
postgres@dns4:/home/jafar$ psql belajar -U diki
Password for user belajar:
Welcome to psql 8.1.10, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
PgAdmin3 pada Ubuntu
Bagi yg sudah pernah mencoba database PostgreSQL, mungkin sudah tidak asing lagi dengan PostgreSQL tools berbasis GUI seperti pgAdmin...disini saya akan mencoba memberikan langkah-langkah installasi'a... Pilih mirror yg Anda inginkan...dan tambahkan di /etc/apt/sources.list dengan format sebagai berikut :
deb [MIRROR URL]/pgadmin3/release/debian testing pgadmin
Lanjutkan dengan perintah berikut :
apt-get update apt-get install pgadmin3
Atau Anda bisa menggunakan cara berikut :
# wget -c http://ftp3.de.postgresql.org/pub/Mirrors/ftp.postgresql.org/pgadmin3\ /release/debian/dists/etch/pgadmin/binary-i386/misc\ /pgadmin3_1.8.0-1~pgaoetch1_i386.deb
# wget -c http://ftp3.de.postgresql.org/pub/Mirrors/ftp.postgresql.org/pgadmin3\ /release/debian/dists/etch/pgadmin/binary-i386/misc\ /pgagent_1.8.0-1~pgaoetch1_i386.deb
Lakukan installasi...
# dpkg -i pgadmin3-data_1.8.0-1~pgaoetch1_all.deb
# dpkg -i pgadmin3_1.8.0-1~pgaoetch1_i386.deb
Tambahkan baris berikut pada file /etc/postgresql/[Version]/main/pg_hba.conf :
host all postgres 127.0.0.1 255.255.255.255 trust
Best Regards . . .
14 Apr 2008
Install XFCE pada Debian 4.0 Etch
Berawal dari update GNOME yang gagal, akhirnya sistem Debian Etch saya ganti Desktop Managernya ke XFCE.
Pertama, hapus GNOME-nya. Perintah yang saya ketikkan (ingat, preintah ini dieksekusi di konsole, X-window harus mati):
# apt-get remove xserver-common
Ini saya lakukan untuk menghilangkan semua X-server maupun GNOME-nya. Abis itu baru deh install XORG (lagi) sama XFCE-nya.
# apt-get install xorg xserver-xorg-server
# apt-get install xfce4
# apt-get install xfce4-goodies
Kemudian setelah selesai, jalankan xserver dengan mengetikkan:
# startx
Jika berhasil, maka kita akan mendapati desktop XFCE.
Supaya kita bisa langsung login ke desktop kita dalam mode GUI, install XDM (X Desktop Manager) dengan cara
# apt-get xdm
Kemudian restart
# shutdown -r now
Semoga berhasil!
Installasi Dual Boot Debian Etch Minimal
Awal’a aq meng-install Debian Sarge, lantas mentok d saat installasi xserver-xorg’a ketimbang pusing lalu aq install Debian Etch saja
Sebelumnya, buat partisi lewat Win** menggunakan Acronis.Partition.Expert.2003.
Sediakan partisi untuk instalasi linux debian etch. Partisi yang dibutuhkan adalah swap sebesar 512MB dan reiserFS sebesar (min) 5GB
Selanjutnya tentu aq siapin dulu netinstall cd. Ambil iso nya lalu di burn (contohnya, untuk saat ini aq mengambil debian-40r1-i386-netinst.iso). Setelah cd jadi, langkah selanjutnya tentu saja installasi
Waktu booting awal, akan terdapat tulisan enter to boot. Tekan Enter untuk memulainya.
Choose your language
Pilih saja bahasa English biar mudah dipahami.
Choose your country, territory or area
Buat negara kita tercinta, pilih Other, kemudian Indonesia.
Keymap to use
Pake defaultnya aja. Jadi langsung tekan Enter.
Hostname
Tuliskan hostname untuk menamai komputer kamu, ato juga sebagai root. Defaultnya debian.
Domain
Isi domain untuk komputer kamu. Di sini aq isi aktivis-linux.homelinux.org.
Partitioning method
Di sini adalah proses utama yang sangat mematikan. Karena jika salah nge-‘click’, partisi Win** mu akan ilang aq kasih tau sedikit cara menanganinya Pilih Manually edit partition table
Kamu akan disuruh untuk mengotak-atik partisi HD .
Partition disks
Pilihlah partisi reiserFS yang telah kalian buat sebelumnya. Hapus partisi tersebut dengan memilih Delete the partition. Kemudian pilih kembali partisi tersebut untuk membuat partisi baru (Create a new partition) dan tentukan ukuran dari partisinya.
Langkah selanjutnya, pilih reiserFS pada Use as, format partisi (Format the partition), Mount point : /, Bootable flag : on. Berikutnya Done setting up the partition, dan akhiri dengan Finish partitioning and write changes to disk.
Use as : ReiserFS
Format the partition : yes
Mount point : /
Bootable flag : on
Done setting up the partition
Finish partitioning and write changes to disk
Select a city in your fine zone
Pemilihan ini digunakan untuk memilih time zone daerah kita. Kalo GMT+7 pilih Jakarta ( Banda Aceh blon ada se ).
Root password
Digunakan untuk password root.
Full name for the new user, Username for your account, User password
Digunakan untuk membuat nama user beserta passwordnya.
Use a network mirror
Untuk pertanyaan ini jawab aja No.
Choose software to install
Pilih defaultnya sajaStandard system
Install the GRUB boot loader to the master boot record?
GRUB (Grand Unified Bootloader) digunakan untuk memilih OS (Operating System) yang dijalankan pada saat pertama kali dinyalakan. Oleh karena itu, jawablah Yes agar bisa memilih OS yang diinginkan.
Installation complete
Restart!!!!
Sebelum nginstall, ubahlah isi sources.list yang ada pada /etc/apt/sources.list. Kalo di ITS bisa menggunakan
aktivis-linux:~# nano /etc/apt/sources.list
kemudian ubah menjadi
deb http://debian.its.ac.id/debian etch main contrib non-free
deb http://debian.its.ac.id/debian etch-proposed-updates main contrib non-free
Sesuaikan dengan mirror favorit kamu
Setelah itu, lakukan pengupdatean
aktivis-linux:~# apt-get update
Langkah awal sudah dilalui.
Berikutnya install xserver…
aktivis-linux:~# apt-get install xserver-xorg xorg
Nanti akan ditanyai
Configuring xserver-xorg
sesuaikan dengan VGA kamu, defaultnya 1024x768 kebawah.
Install juga XFCE atau sesuaikan dengan seleramu…
aktivis-linux:~# apt-get install xfce4 xfce4-goodies
aktivis-linux:~# apt-get install xdm
Openssh server, penting untuk ngeremote debian kita…klo ada yg lebih suka mengkonfigurasi debian secara remote, maka ketikkan…
aktivis-linux:~# apt-get install ssh
Karena lebih terbiasa menggunakan editor vim ketimbang nano maka aq menginstall vim di Debian Etch yg aq gunakan
aktivis-linux:~# apt-get install vim
Ketikkan aktivis-linux:~# startx pada user (bukan root).
Nah sekarang baru bener-bener beres. Debian siap untuk dikonfigurasi lebih lanjut sesuai dengan keperluan
Thanks buat bang Exitnull, klo ga d komporin aq g akan pernah nyoba Debian ne
