Dns Server Configuration In Linux 6 Step By Step Pdf Merge
- Dns Server Configuration In Linux 6 Step By Step Pdf Merge Word
- Dns Server Configuration In Linux 6 Step By Step Pdf Merge Free
- 6 Step Stool
Master DNS Configuration Linux step by step guide RHEL 7 / Centos 7. Master DNS configuration Linux Step by Step Guide. The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. More information and free.pdf available. Feel free to contact the author: • Paul Cobbaut: paul.cobbaut@gmail.com, Contributors to the Linux Training project are: • Serge van Ginderachter: serge@ginsys.eu, build scripts and infrastructure setup.
22.4 Configuring a Network Connection with YaST There are many supported networking types on Linux. Most of them use different device names and the configuration files are spread over several locations in the file system. For a detailed overview of the aspects of manual network configuration, see. On SUSE Linux Enterprise Desktop, where NetworkManager is active by default, all network cards are configured.
If NetworkManager is not active, only the first interface with link up (with a network cable connected) is automatically configured. Additional hardware can be configured any time on the installed system. The following sections describe the network configuration for all types of network connections supported by SUSE Linux Enterprise Server. 22.4.1 Configuring the Network Card with YaST To configure your wired or wireless network card in YaST, select Network Devices Network Settings. After starting the module, YaST displays the Network Settings dialog with four tabs: Global Options, Overview, Hostname/DNS and Routing. The Global Options tab allows you to set general networking options such as the use of NetworkManager, IPv6 and general DHCP options.
For more information, see. The Overview tab contains information about installed network interfaces and configurations. Any properly detected network card is listed with its name.
You can manually configure new cards, remove or change their configuration in this dialog. If you want to manually configure a card that was not automatically detected, see. If you want to change the configuration of an already configured card, see.
The Hostname/DNS tab allows to set the hostname of the machine and name the servers to be used. For more information, see. The Routing tab is used for the configuration of routing. See for more information. Configuring Global Networking Options The Global Options tab of the YaST Network Settings module allows you to set important global networking options, such as the use of NetworkManager, IPv6 and DHCP client options. These settings are applicable for all network interfaces. In the Network Setup Method choose the way network connections are managed.
If you want a NetworkManager desktop applet to manage connections for all interfaces, choose User Controlled with NetworkManager. This option is well suited for switching between multiple wired and wireless networks. If you do not run a desktop environment (GNOME or KDE), or if your computer is a Xen server, virtual system, or provides network services such as DHCP or DNS in your network, use the Traditional Method with ifup. If NetworkManager is used, nm-applet should be used to configure network options and the Overview, Hostname/DNS and Routing tabs of the Network Settings module are disabled. For more information on NetworkManager, see. In the IPv6 Protocol Settings choose whether you want to use the IPv6 protocol. It is possible to use IPv6 together with IPv4.
By default, IPv6 is activated. However, in networks not using IPv6 protocol, response times can be faster with IPv6 protocol disabled.
If you want to disable IPv6, uncheck the Enable IPv6 option. This disables autoload of the kernel module for IPv6. This will be applied after reboot. In the DHCP Client Options configure options for the DHCP client. If you want the DHCP client to ask the server to always broadcast its responses, check Request Broadcast Response.
It may be needed if your machine is moving between different networks. The DHCP Client Identifier must be different for each DHCP client on a single network. If left empty, it defaults to the hardware address of the network interface. However, if you are running several virtual machines using the same network interface and, therefore, the same hardware address, specify a unique free-form identifier here. The Hostname to Send specifies a string used for the hostname option field when dhcpcd sends messages to DHCP server. Some DHCP servers update name server zones (forward and reverse records) according to this hostname (Dynamic DNS). Also, some DHCP servers require the Hostname to Send option field to contain a specific string in the DHCP messages from clients.
Leave AUTO to send the current hostname (that is the one defined in /etc/HOSTNAME). Leave the option field empty for not sending any hostname. If yo do not want to change the default route according to the information from DHCP, uncheck Change Default Route via DHCP.
Configuring IP Addresses You can set the IP address of the network card or the way its IP address is determined in the Address tab of the Network Card Setup dialog. Both IPv4 and IPv6 addresses are supported. The network card can have No IP Address (which is useful for bonding devices), a Statically Assigned IP Address (IPv4 or IPv6) or a Dynamic Address assigned via DHCP or Zeroconf or both. If using Dynamic Address, select whether to use DHCP Version 4 Only (for IPv4), DHCP Version 6 Only (for IPv6) or DHCP Both Version 4 and 6.
If possible, the first network card with link that is available during the installation is automatically configured to use automatic address setup via DHCP. On SUSE Linux Enterprise Desktop, where NetworkManager is active by default, all network cards are configured.
DHCP should also be used if you are using a DSL line but with no static IP assigned by the ISP (Internet Service Provider). If you decide to use DHCP, configure the details in DHCP Client Options in the Global Options tab of the Network Settings dialog of the YaST network card configuration module.
Specify whether the DHCP client should ask the server to always broadcast its responses in Request Broadcast Response. This option may be needed if your machine is a mobile client moving between networks. If you have a virtual host setup where different hosts communicate through the same interface, an DHCP Client Identifier is necessary to distinguish them.
DHCP is a good choice for client configuration but it is not ideal for server configuration. To set a static IP address, proceed as follows. Select a card from the list of detected cards in the Overview tab of the YaST network card configuration module and click Edit. In the Address tab, choose Statically Assigned IP Address. Enter the IP Address. Both IPv4 and IPv6 addresses can be used.
Enter the network mask in Subnet Mask. If the IPv6 address is used, use Subnet Mask for prefix length in format /64. Optionally, you can enter a fully qualified Hostname for this address, which will be written to the /etc/hosts configuration file. Click Next. To activate the configuration, click OK. If you use the static address, the name servers and default gateway are not configured automatically.
To configure name servers, proceed as described in. To configure a gateway, proceed as described in. Select a card from the list of detected cards in the Overview tab of the YaST Network Settings module and click Edit. Go to the Hardware tab.
The current device name is shown in Udev Rules. Click Change. Select whether udev should identify the card by its MAC Address or Bus ID.
The current MAC address and bus ID of the card are shown in the dialog. To change the device name, check the Change Device Name option and edit the name. Click OK and Next.
To activate the configuration, click OK. In YaST select a card from the list of detected cards in Network Devices Network Settings and click Edit.
In the General tab, select the desired entry from Device Activation. Choose At Boot Time to start the device during the system boot.
With On Cable Connection, the interface is watched for any existing physical connection. With On Hotplug, the interface is set as soon as available. It is similar to the At Boot Time option, and only differs in the fact that no error occurs if the interface is not present at boot time.
Choose Manually to control the interface manually with ifup. Choose Never to not start the device at all. The On NFSroot is similar to At Boot Time, but the interface does not shut down with the rcnetwork stop command.
Use this if you use an nfs or iscsi root file system. Click Next. To activate the configuration, click OK. Usually, only the system administrator can activate and deactivate network interfaces. If you want any user to be able to activate this interface via KInternet, select Enable Device Control for Non-root User via KInternet. Open the YaST Network Devices Network Settings module.
In the Overview tab, select a card from the list of detected cards and click Edit. Enter the General tab of the Network Settings dialog.
Determine the firewall zone to which your interface should be assigned. The following options are available: Firewall Disabled This option is available only if the firewall is disabled and the firewall does not run at all. Only use this option if your machine is part of a greater network that is protected by an outer firewall. Automatically Assign Zone This option is available only if the firewall is enabled. The firewall is running and the interface is automatically assigned to a firewall zone. The zone which contains the keyword any or the external zone will be used for such an interface.
Internal Zone (Unprotected) The firewall is running, but does not enforce any rules to protect this interface. Use this option if your machine is part of a greater network that is protected by an outer firewall. It is also useful for the interfaces connected to the internal network, when the machine has more network interfaces. Demilitarized Zone A demilitarized zone is an additional line of defense in front of an internal network and the (hostile) Internet. Hosts assigned to this zone can be reached from the internal network and from the Internet, but cannot access the internal network. External Zone The firewall is running on this interface and fully protects it against other—presumably hostile—network traffic. This is the default option.
Click Next. Activate the configuration by clicking OK. In the Network Devices Network Settings Overview dialog in YaST click Add. In the Hardware dialog, set the Device Type of the interface from the available options and Configuration Name. If the network card is a PCMCIA or USB device, activate the respective check box and exit this dialog with Next. Otherwise, you can define the kernel Module Name to be used for the card and its Options, if necessary. In Ethtool Options, you can set ethtool options used by ifup for the interface.
See the ethtool manual page for available options. If the option string starts with a - (for example -K interfacename rx on), the second word in the string is replaced with the current interface name. Otherwise (for example autoneg off speed 10) ifup prepends -s interfacename. Click Next. Configure any needed options, such as the IP address, device activation or firewall zone for the interface in the General, Address, and Hardware tabs. For more information about the configuration options, see.
If you selected Wireless as the device type of the interface, configure the wireless connection in the next dialog. Detailed information about wireless device configuration is available in. Click Next. To activate the new network configuration, click OK.
Configuring Hostname and DNS If you did not change the network configuration during installation and the wired card was already available, a hostname was automatically generated for your computer and DHCP was activated. The same applies to the name service information your host needs to integrate into a network environment. If DHCP is used for network address setup, the list of domain name servers is automatically filled with the appropriate data.
If a static setup is preferred, set these values manually. To change the name of your computer and adjust the name server search list, proceed as follows. Go to the Network Settings Hostname/DNS tab in the Network Devices module in YaST. Enter the Hostname and, if needed, the Domain Name. The domain is especially important if the machine is a mail server.
Note that the hostname is global and applies to all set network interfaces. If you are using DHCP to get an IP address, the hostname of your computer will be automatically set by the DHCP.
You may want to disable this behavior if you connect to different networks, because they may assign different hostnames and changing the hostname at runtime may confuse the graphical desktop. To disable using DHCP to get an IP address uncheck Change Hostname via DHCP.
Assign Hostname to Loopback IP associates your hostname with 127.0.0.2 (loopback) IP address in /etc/hosts. This is an useful option if you want to have the hostname resolvable at all times, even without active network.
In Modify DNS Configuration, select the way the DNS configuration (name servers, search list, the content of the /etc/resolv.conf file) is modified. If the Use Default Policy option is selected, the configuration is handled by the netconfig script which merges the data defined statically (with YaST or in the configuration files) with data obtained dynamically (from the DHCP client or NetworkManager).
This default policy is sufficient in most cases. If the Only Manually option is selected, netconfig is not allowed to modify the /etc/resolv.conf file. However, this file can be edited manually.
If the Custom Policy option is selected, a Custom Policy Rule string defining the merge policy should be specified. The string consists of a comma-separated list of interface names to be considered a valid source of settings. Except for complete interface names, basic wild cards to match multiple interfaces are allowed, as well.
For example, eth. ppp? Will first target all eth and then all ppp0-ppp9 interfaces. There are two special policy values that indicate how to apply the static settings defined in the /etc/sysconfig/network/config file: STATIC The static settings have to be merged together with the dynamic settings. STATICFALLBACK The static settings are used only when no dynamic configuration is available. For more information, see the man 8 netconfig.
Enter the Name Servers and fill in the Domain Search list. Name servers must be specified by IP addresses, such as 192.168.1.116, not by hostnames. Names specified in the Domain Search tab are domain names used for resolving hostnames without a specified domain. If more than one Domain Search is used, separate domains with commas or white space.
To activate the configuration, click OK. It is also possible to edit the hostname using YaST from the command line.
Dns Server Configuration In Linux 6 Step By Step Pdf Merge Word
The changes made by YaST take effect immediately (which is not the case when editing the /etc/HOSTNAME file manually). To change the hostname, use the following command: yast dns edit hostname= hostname To change the name servers, use the following commands: yast dns edit nameserver1= 192.168.1.116 yast dns edit nameserver2= 192.168.1.116 yast dns edit nameserver3= 192.168.1.116. In YaST go to Network Settings Routing. Enter the IP address of the Default Gateway (IPv4 and IPv6 if necessary). The default gateway matches every possible destination, but if any other entry exists that matches the required address, use this instead of the default route.
More entries can be entered in the Routing Table. Enter the Destination network IP address, Gateway IP address and the Netmask. Select the Device through which the traffic to the defined network will be routed (the minus sign stands for any device).
To omit any of these values, use the minus sign. To enter a default gateway into the table, use default in the Destination field. NOTE: If more default routes are used, it is possible to specify the metric option to determine which route has a higher priority. To specify the metric option, enter - metric number in Options. The route with the highest metric is used as default. If the network device is disconnected, its route will be removed and the next one will be used. However, the current kernel does not use metric in static routing, only routing daemons like multipathd do.
If the system is a router, enable the IP Forwarding option in the Network Settings. To activate the configuration, click OK. Figure 22-4 Modem Configuration If you are behind a private branch exchange (PBX), you may need to enter a dial prefix.
This is often a zero. Consult the instructions that came with the PBX to find out. Also select whether to use tone or pulse dialing, whether the speaker should be on and whether the modem should wait until it detects a dial tone. The last option should not be enabled if the modem is connected to an exchange.
Under Details, set the baud rate and the modem initialization strings. Only change these settings if your modem was not detected automatically or if it requires special settings for data transmission to work. This is mainly the case with ISDN terminal adapters. Leave this dialog by clicking OK.
To delegate control over the modem to the normal user without root permissions, activate Enable Device Control for Non-root User via KInternet. In this way, a user without administrator permissions can activate or deactivate an interface. Under Dial Prefix Regular Expression, specify a regular expression.
The Dial Prefix in KInternet, which can be modified by the normal user, must match this regular expression. If this field is left empty, the user cannot set a different Dial Prefix without administrator permissions. In the next dialog, select the ISP. To choose from a predefined list of ISPs operating in your country, select Country. Alternatively, click New to open a dialog in which to provide the data for your ISP.
This includes a name for the dial-up connection and ISP as well as the login and password provided by your ISP. Enable Always Ask for Password to be prompted for the password each time you connect.
In the last dialog, specify additional connection options: Dial on Demand If you enable Dial on Demand, set at least one name server. Use this feature only if your Internet connection is inexpensive, because there are programs that periodically request data from the Internet. Modify DNS when Connected This option is enabled by default, with the effect that the name server address is updated each time you connect to the Internet. Automatically Retrieve DNS If the provider does not transmit its domain name server after connecting, disable this option and enter the DNS data manually. Automatically Reconnect If this options is enabled, the connection is automatically reestablished after failure.
Ignore Prompts This option disables the detection of any prompts from the dial-up server. If the connection build-up is slow or does not work at all, try this option. External Firewall Interface Selecting this option activates the firewall and sets the interface as external. This way, you are protected from outside attacks for the duration of your Internet connection. Idle Time-Out (seconds) With this option, specify a period of network inactivity after which the modem disconnects automatically.
IP Details This opens the address configuration dialog. If your ISP does not assign a dynamic IP address to your host, disable Dynamic IP Address then enter your host's local IP address and the remote IP address. Ask your ISP for this information. Leave Default Route enabled and close the dialog by selecting OK. Selecting Next returns to the original dialog, which displays a summary of the modem configuration. Close this dialog with OK. Figure 22-5 ISDN Configuration In the next dialog, shown in, select the protocol to use.
The default is Euro-ISDN (EDSS1), but for older or larger exchanges, select 1TR6. If you are in the US, select NI1.
Select your country in the relevant field. The corresponding country code then appears in the field next to it. Finally, provide your Area Code and the Dial Prefix if necessary. If you do not want to log all your ISDN traffic, uncheck the Start ISDN Log option. Activate Device defines how the ISDN interface should be started: At Boot Time causes the ISDN driver to be initialized each time the system boots.
Manually requires you to load the ISDN driver as root with the command rcisdn start. On Hotplug, used for PCMCIA or USB devices, loads the driver after the device is plugged in.
When finished with these settings, select OK. In the next dialog, specify the interface type for your ISDN card and add ISPs to an existing interface. Interfaces may be either the SyncPPP or the RawIP type, but most ISPs operate in the SyncPPP mode, which is described below. Figure 22-6 ISDN Interface Configuration The number to enter for My Phone Number depends on your particular setup: ISDN Card Directly Connected to Phone Outlet A standard ISDN line provides three phone numbers (called multiple subscriber numbers, or MSNs). If the subscriber asked for more, there may be up to 10.
One of these MSNs must be entered here, but without your area code. If you enter the wrong number, your phone operator automatically falls back to the first MSN assigned to your ISDN line. ISDN Card Connected to a Private Branch Exchange Again, the configuration may vary depending on the equipment installed. Smaller private branch exchanges (PBX) built for home purposes mostly use the Euro-ISDN (EDSS1) protocol for internal calls.
These exchanges have an internal S0 bus and use internal numbers for the equipment connected to them. Use one of the internal numbers as your MSN. You should be able to use at least one of the exchange's MSNs that have been enabled for direct outward dialing.
If this does not work, try a single zero. For further information, consult the documentation delivered with your phone exchange. Larger phone exchanges designed for businesses normally use the 1TR6 protocol for internal calls.
Their MSN is called EAZ and usually corresponds to the direct-dial number. For the configuration under Linux, it should be sufficient to enter the last digit of the EAZ.
As a last resort, try each of the digits from 1 to 9. For the connection to be terminated just before the next charge unit is due, enable ChargeHUP.
However, remember that may not work with every ISP. You can also enable channel bundling (multilink PPP) by selecting the corresponding option. Finally, you can enable the firewall for your link by selecting External Firewall Interface and Restart Firewall. To enable the normal user without administrator permissions to activate or deactivate the interface, select the Enable Device Control for Non-root User via KInternet. Details opens a dialog in which to implement more complex connection schemes which are not relevant for normal home users. Leave the Details dialog by selecting OK. In the next dialog, configure IP address settings.
If you have not been given a static IP by your provider, select Dynamic IP Address. Otherwise, use the fields provided to enter your host's local IP address and the remote IP address according to the specifications of your ISP. If the interface should be the default route to the Internet, select Default Route. Each host can only have one interface configured as the default route.
Leave this dialog by selecting Next. The following dialog allows you to set your country and select an ISP.
The ISPs included in the list are call-by-call providers only. If your ISP is not in the list, select New. This opens the Provider Parameters dialog in which to enter all the details for your ISP. When entering the phone number, do not include any blanks or commas among the digits. Finally, enter your login and the password as provided by the ISP. When finished, select Next.
To use Dial on Demand on a stand-alone workstation, specify the name server (DNS server) as well. Most ISPs support dynamic DNS, which means the IP address of a name server is sent by the ISP each time you connect.
For a single workstation, however, you still need to provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, specify the name server IP addresses of the ISP.
If desired, specify a time-out for the connection—the period of network inactivity (in seconds) after which the connection should be automatically terminated. Confirm your settings with Next.
YaST displays a summary of the configured interfaces. To activate these settings, select OK. 22.4.4 Cable Modem In some countries it is quite common to access the Internet through the TV cable network. The TV cable subscriber usually gets a modem that is connected to the TV cable outlet on one side and to a computer network card on the other (using a 10Base-TG twisted pair cable). The cable modem then provides a dedicated Internet connection with a fixed IP address. Depending on the instructions provided by your ISP, when configuring the network card either select Dynamic Address or Statically Assigned IP Address.
Most providers today use DHCP. A static IP address often comes as part of a special business account. PPP over Ethernet (PPPoE). PPP over ATM (PPPoATM).
CAPI for ADSL (Fritz Cards). Point-to-Point Tunneling Protocol (PPTP)—Austria In the DSL Devices tab of the DSL Configuration Overview dialog, you will find a list of installed DSL devices.
To change the configuration of a DSL device, select it in the list and click Edit. If you click Add, you can manually configure a new DSL device. The configuration of a DSL connection based on PPPoE or PPTP requires that the corresponding network card be set up in the correct way. If you have not done so yet, first configure the card by selecting Configure Network Cards (see ).
In the case of a DSL link, addresses may be assigned automatically but not via DHCP, which is why you should not enable the option Dynamic Address. Instead, enter a static dummy address for the interface, such as 192.168.22.1. In Subnet Mask, enter 255.255.255.0. If you are configuring a stand-alone workstation, leave Default Gateway empty. HINT: Values in IP Address and Subnet Mask are only placeholders. They are only needed to initialize the network card and do not represent the DSL link as such.
In the first DSL configuration dialog (see ), select the PPP Mode and the Ethernet Card to which the DSL modem is connected (in most cases, this is eth0). Then use Activate Device to specify whether the DSL link should be established during the boot process. Click Enable Device Control for Non-root User via KInternet to authorize the normal user without root permissions to activate or deactivate the interface with KInternet. In the next dialog select your country and choose from a number of ISPs operating in it. The details of any subsequent dialogs of the DSL configuration depend on the options set so far, which is why they are only briefly mentioned in the following paragraphs. For details on the available options, read the detailed help available from the dialogs. Figure 22-7 DSL Configuration To use Dial on Demand on a stand-alone workstation, also specify the name server (DNS server).
Dns Server Configuration In Linux 6 Step By Step Pdf Merge Free
Most ISPs support dynamic DNS—the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, enter the name server IP address provided by your ISP. Idle Time-Out (seconds) defines a period of network inactivity after which to terminate the connection automatically. A reasonable time-out value is between 60 and 300 seconds.
If Dial on Demand is disabled, it may be useful to set the time-out to zero to prevent automatic hang-up. The configuration of T-DSL is very similar to the DSL setup.
Just select T-Online as your provider and YaST opens the T-DSL configuration dialog. In this dialog, provide some additional information required for T-DSL—the line ID, the T-Online number, the user code and your password. All of these should be included in the information you received after subscribing to T-DSL.
Contribute on GitHub This guide presents a collection of common issues and useful tips for Linux system administration. Whether you’re new to system administration or have been maintaining systems for some time, we hope this collection of basic Linux commands will help you manage your system from the command line. Basic Configuration These tips cover some of the basic steps and issues encountered during the beginning of system configuration. We provide a general for your convenience if you’re new to Linode and basic Linux system administration. Additionally, you may find our useful. Set the Hostname Please follow our instructions for.
6 Step Stool
You can use the following commands to make sure it is set properly: hostname hostname -f The first command should show your short hostname, and the second should show your fully qualified domain name (FQDN). Set the Time Zone When setting the time zone of your server, it may be best to use the time zone of the majority of your users. If you’re not sure which time zone would be best, consider using Universal Coordinated Time or UTC (i.e., Greenwich Mean Time). By default, Linodes are set to UTC.
Many operating systems provide built-in, interactive methods for changing time zones: Set the Time Zone in Debian or Ubuntu Issue the following command and answer the questions as prompted on the screen: dpkg-reconfigure tzdata Set the Time Zone in CentOS 7 or Arch Linux. View the list of available time zones: timedatectl list-timezones Use the Up, Down, Page Up and Page Down keys to navigate to the correct zone. Remember it, write it down or copy it as a mouse selection. Then press q to exit the list. Set the time zone (change America/NewYork to the correct zone): timedatectl set-timezone 'America/NewYork' Set the Time Zone Manually on a Linux System Find the appropriate zone file in /usr/share/zoneinfo/ and link that file to /etc/localtime.
See the examples below for possibilities: Universal Coordinated Time: ln -sf /usr/share/zoneinfo/UTC /etc/localtime Eastern Standard Time: ln -sf /usr/share/zoneinfo/EST /etc/localtime American Central Time (including Daylight Savings Time): ln -sf /usr/share/zoneinfo/US/Central /etc/localtime American Eastern Time (including Daylight Savings Time): ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime Configure the /etc/hosts File The /etc/hosts file provides a list of IP addresses with corresponding hostnames. This allows you to specify hostnames for an IP address in one place on the local machine, and then have multiple applications connect to external resources via their hostnames. The system of host files precedes, and hosts files are always checked before DNS is queried. As a result, /etc/hosts can be useful for maintaining small “internal” networks, for development purposes, and for managing clusters.
Some applications require that the machine properly identify itself in the /etc/hosts file. As a result, we recommend configuring the /etc/hosts file shortly after deployment. Here is an example file: /etc/hosts. 100.30 example. Com In this example, all requests for the example.com hostname or domain will resolve to the IP address 198.51.100.30, which bypasses the DNS records for example.com and returns an alternate website.
The second entry tells the system to look to 192.168.1.1 for the domain stick.example.com. These kinds of host entries are useful for using “private” or “back channel” networks to access other servers in a cluster without needing to send traffic on the public network. Network Diagnostics In this section, we’ll review some basic Linux commands that will help you assess and diagnose network problems. If you suspect connectivity issues, adding the output from the relevant commands to your can help our staff diagnose your issue. This is particularly helpful in cases where networking issues are intermittent. The ping Command The ping command tests the connection between the local machine and a remote address or machine. The following commands “ping” google.com and 216.58.217.110: ping google.com ping 216.58.217.110 These commands send a small amount of data (an ICMP packet) to the remote host and wait for a response.
If the system is able to make a connection, it will report on the “round trip time” for every packet. Here is the sample output of four pings to google.com: PING google.com (216.58.217.110): 56 data bytes 64 bytes from 216.58.217.110: icmpseq=0 ttl=54 time=14.852 ms 64 bytes from 216.58.217.110: icmpseq=1 ttl=54 time=16.574 ms 64 bytes from 216.58.217.110: icmpseq=2 ttl=54 time=16.558 ms 64 bytes from 216.58.217.110: icmpseq=3 ttl=54 time=18.695 ms 64 bytes from 216.58.217.110: icmpseq=4 ttl=54 time=25.885 ms The time field specifies in milliseconds the duration of the round trip for an individual packet. When you’ve gathered the amount of information you need, use Control+C to interrupt the process. You’ll be presented with some statistics once the process is stopped. This will resemble: - google.com ping statistics - 4 packets transmitted, 4 received, 0% packet loss, time 3007ms rtt min/avg/max/mdev = 33.890/40.175/53.280/7.679 ms There are several important data points to notice:. Packet Loss, or the discrepancy between the number of packets sent and the number of packets that return successfully.
This number shows the percentage of packets that are dropped. Round Trip Time (rtt) statistics on the final line report information about all the ping responses. For this ping we see that the fastest packet round trip (min) took 33.89 milliseconds. The average round trip (avg) took 40.175 milliseconds. The longest packet (max) took 53.28 milliseconds. A single standard deviation unit (mdev) for these four packets is 7.67 milliseconds.
The ping command is useful as an informal diagnostic tool to measure point-to-point network latency, and as a tool to simply ensure you are able to make a connection to a remote server. The traceroute Command The traceroute command expands on the functionality of the command.
It provides a report on the path that the packets take to get from the local machine to the remote machine. Each step (intermediate server) in the path is called a hop. Route information is useful when troubleshooting a networking issue: if there is packet loss in one of the first few hops the problem is often related to the user’s local area network (LAN) or Internet service provider (ISP). By contrast, if there is packet loss near the end of the route, the problem may be caused by an issue with the server’s connection.
If you are giving other users access to upload files to your server, consider the of all additional access that you grant to third parties. Upload Files to a Remote Server If you’re used to using an FTP client, OpenSSH (which is included and active with all of the Linode distribution images) allows you to use an FTP-like interface over the SSH protocol. Known as “SFTP,” many clients support this protocol, including for Windows, for Mac OS X, and for Linux, OS X, and Windows desktops. If you are accustomed to FTP, SFTP will be very familiar to you. By default, whatever access a user has to a file system at the command line, that user will also have over SFTP. Consider the implications of when configuring user access. You can also use Unix utilities including scp and to securely transfer files to your Linode.
On a local machine, a command to copy team-info.tar.gz would look like: scp team-info.tar.gz username@hostname.example.com:/home/username/backups/ The command, scp, is followed by the path of the file on the local file system to be transferred. Next, the username and hostname of the remote machine follow, separated by an “at” sign ( @). Follow the hostname with a colon (:) and the path on the remote server to where the file should be uploaded. Using a more generalized example: scp /path/to/local/file remote-username@remote-hostname:/path/to/remote/file This command is available by default on OS X and Linux machines.
You can use it to copy files to a Linode, as well as between remote servers. If you use SSH keys, you can use the scp command without entering a password for every transfer. The syntax of scp follows the form scp source destination. You can copy files from a remote host to the local machine by reversing the order of the paths in the above example. Protect Files on a Remote Server Because Linode servers are network accessible and often have a number of distinct users, maintaining the security of files is often an important concern. We recommend you familiarize yourself with our.
Our guide on may provide additional insight. We suggest the following best practices for maintaining security:.
Only give users the permission to do what they need to. This includes application-specific users. Only run services on public interfaces that you are actively using. One common source of security vulnerabilities is in unused daemons that are left running.
This includes database servers, HTTP development servers, and FTP servers. Use SSH connections whenever possible to secure and encrypt the transfer of sensitive information. Symbolic Links Symbolic linking, colloquially “symlinking”, allows you to create an object in your filesystem that points to another object on your filesystem. This is useful when you need to provide users and applications access to specific files and directories without reorganizing your folders.
This way you can provide restricted users access to your web-accessible directories without moving your DocumentRoot into their home directories. To create a symbolic link, issue a command in the following format: ln -s /home/username/config-git/etc-hosts /etc/hosts This creates a link of the file etc-hosts at the location of the system’s /etc/hosts file.
More generically: ln -s /path/to/target/file /path/to/location/of/sym/link Note the following features of the link command:. The final term, the location of the link, is optional. If you omit the link destination, a link will be created in the current directory with the same name as the file you’re linking to. When specifying the location of the link, ensure that path does not have a final trailing slash. You can create a sym link that targets a directory, but sym links cannot terminate with slashes.
You may remove a symbolic link without affecting the target file. You can use relative or absolute paths when creating a link. Manage Files on a Linux System If you’re new to using Linux and manipulating files on the terminal interface we encourage you to consider our guide on. This section provides a list of basic commands to manage the contents of your filesystem. To copy files: cp /home/username/todo.txt /home/username/archive/todo.01.txt This copies todo.txt to an archive folder, and adds a number to the file name. If you want to recursively copy all of the files and subdirectories in a directory to another directory, use the -R option.
This command looks like: cp -R /home/username/archive/ /srv/backup/username.01/ To move a file or directory: mv /home/username/archive/ /srv/backup/username.02/ You can also use the mv command to rename a file. To delete a file: rm scratch.txt This will delete the scratch.txt file from the current directory. For more information about file system navigation and manipulation, please consider our documentation of. Package Management Most Linux systems use package management tools to facilitate the installation and maintenance of all software on your system. For more in-depth coverage of this topic, please reference our guide. While these tools provide a number of powerful features, it is easy to look past the benefits of package management. If you install software manually without package management tools, it becomes difficult to keep your system up to date and to manage dependencies.
For these reasons, we recommend installing all software through package management tools unless other means are absolutely necessary. The following tips outline a couple of basic package management tasks. Find Packages Installed on Your System Because packages are so easy to install, and often pull in a number of dependencies, it can be easy to lose track of what software is installed on your system. The following commands provide a list of installed packages on your system.
1 ErrorLog /var/www//html/example.com/logs/error.log CustomLog /var/www/html/example.com/logs/access.log combined Where example.com represents the name of your virtual host and the location of its resources. These directives make Apache create two log files that contain logging information specific to that virtual host. This allows you to easily troubleshoot errors on specific virtual hosts.
To track or tail the error log: tail -F /var/www/html/example.com/logs/error.log This will allow you to see new error messages as they appear. Problems can be diagnosed by using specific parts of an error message from an Apache log as a term in web search. Common errors to look for include:.
Missing files, or errors in file names. Permissions errors.
Configuration errors. Dynamic code execution or interpretation errors DNS Servers and Domain Names The Domain Name System, or DNS, is the service that the internet uses to associate the hard to remember and manage IP addresses with more human-usable domain names. This section will address several specific DNS-related tasks. To learn more about DNS, check out our. If you are familiar with DNS and just need to figure out how to configure your DNS server, see our guide for the. Redirect DNS Queries with CNAMEs make it possible to redirect requests for one hostname or domain to another hostname or domain.
This is useful in situations where you want to direct requests for one domain to another, but don’t want to set up the web server to handle requests. CNAMEs are only valid when pointing from one domain to another. If you need to redirect a full URL, you will need to set up a web server and and/or virtual hosting on the server level. CNAMEs will allow you to redirect subdomains, such as team.example.com, to other subdomains or domains, such as jack.example.org. CNAMEs must point to a valid domain that has a valid A Record, or to another CNAME.
Although limited in their capabilities, CNAMEs can be quite useful in some situations. In particular, if you need to change the hostname of a machine, CNAMEs are quite useful. To learn how to set up CNAME records with the, refer to our. Set Up Subdomains When, we refer to parts before the main or first-level domain as “subdomains.” For example, in the domain team.example.com, team is a subdomain for the root domain example.com.
Follow these steps to:. First, create an in the DNS zone for the domain.
You can do this using the. You may host the DNS for your domain with any provider you choose.
Set up a server to respond to requests sent to this domain. For web servers like, this requires configuring a new virtual host. For XMPP servers you must configure an additional host to receive the requests for this host.
For more information, consult the documentation for the specific server you wish to deploy. Once configured, subdomains function almost identically to root domains on your server.
If you need to, you can set up HTTP redirection for the new subdomain. SMTP Servers and Email Issues We provide a number of guides that cover.
In this section, we’ll explain how to choose an email setup that fits your needs and how to configure your Linode to send email. Choose an Email Solution There are two major components that are required for email functionality. The most important part is the SMTP server or “Mail Transfer Agent.” The MTA, as it is often called, sends mail from one server to another.
The second part of an email system is a server that permits users to access and download that mail from the server to their own machine. Typically these servers use a protocol such as POP3 or IMAP to provide remote access to the mailbox. There may also be other components in the email server tool chain. These components may be optional depending on the requirements of your deployment. They include filtering and delivery tools like, anti-virus filters like, mailing list managers like, and spam filters like. These components function independently of the MTA and remote mailbox server. The most prevalent SMTP servers or MTAs in the UNIX-like world are, and.
Sendmail has the longest history and many system administrators have extensive experience with it. Postfix is robust and modern, and is compatible with many different configurations. Exim is the default MTA in Debian systems, and many consider it to be easier to use for basic tasks. For remote mailbox access, servers like and are popular options.
If you need an easy-to-install email solution, consider the. Citadel provides an integrated “turnkey” solution that includes an SMTP server, remote mailbox access, real time collaboration tools including XMPP, and a shared calendar interface. Along similar lines, we also provide documentation for the installation of the. If, by contrast, you want a more simple and modular email stack, we urge you to consider one of our guides built around the. Finally, it’s possible to outsource email service to a third-party provider, such as. These services allows you to send and receive mail from your domain, without hosting email services on your Linode. Send Email From Your Server For simple configurations, you may have no need for a complete email stack like some of those documented in our.
However, applications running on that server still need to be able to send mail for notifications and other routine purposes. The configuration of applications to send notifications and alerts is beyond the scope of this guide. Most applications rely on a simple “sendmail” interface, which is accessible via several common SMTP servers including Postfix and msmtp. To install Postfix on Debian and Ubuntu systems: apt-get install postfix On CentOS and Fedora systems: yum install postfix Once Postfix is installed, your applications should be able to access the sendmail interface, located at /usr/sbin/sendmail.
Most applications running on your Linode should be able to send mail normally with this configuration. If you want to use your server to send email through an external SMTP server, consider a more simple tool like msmtp. Since msmtp is packaged in most distributions, and you can install it using the appropriate command: apt-get install msmtp yum install msmtp pacman -S msmtp Use the command type msmtp or which msmtp, to find the location of msmtp on your system. Typically the program is located at /usr/bin/msmtp. You can specify authentication credentials with command line arguments or by declaring SMTP credentials in a configuration file. Here is an example.msmtprc file.msmtprc example.