LINUX UNIT 4

1. what is DNS server? List and explain DNS server types.

Ans
1) Domain Name System (DNS) is the system that associates hostnames with IP addresses. Users and
administrators don’t have to remember the IP addresses of computers to which they want to connect but
can do so just by entering a name, such as www.example.com.
2) DNS Server Types
1. Master: The master contains all the information about the domain and supplies this information when
requested. A master server is listed as -an authoritative server when it contains the information you are
seeking and it can provide that information.
2. Slave: The slave is intended as a backup in case the master server goes down or is not available. This
server contains the same information as the master and provides it when requested if the master server
cannot be contacted.
3. Caching: A caching server does not provide information to outside sources; it is used to provide
domain information to other servers and workstations on the local network. The caching server
remembers the domains that have been accessed. Use of a caching server speeds up searches since
the domain information is already stored in memory and the server knows exactly where to go rather than
having to send out a request for domain information.
3) In DNS traffic, both primary and secondary name servers are considered to be authoritative name
servers. This means that if a client gets an answer from the secondary name server about a resource
record within the zone of that name server, it is considered to be an authoritative reply.

2. Explain the DNS lookup process.

Ans
1)When a client needs to get information from DNS, it will always contact the name server that is
configured in the DNS resolver to request that information. Because each DNS server is part of the
worldwide DNS hierarchy, each NS server should be able to handle client requests.
2)In the DNS resolver, more than one name server is often configured to handle cases where the first
DNS server in the list is not available. Let’s assume that a client is in the example.com domain and wants
to get the resource record for www.sander.fr. The following will occur:
1. When the request arrives at the name server of example.com, this name server will check its cache. If
it has recently found the requested resource record, the name server will issue a recursive answer from
cache, and nothing else needs to be done.
2. If the name server cannot answer the request from cache, it will first check whether a forwarder has
been configured. A forwarder is a DNS name server to which requests are forwarded that cannot be
answered by the local DNS server. For example, this can be the name server of a provider that serves
many zones and that has a large DNS cache.
3. If no forwarder has been configured, the DNS server will resolve the name step-by step. In the first
step, it will contact the name servers of the DNS root domain to find out how to reach the name servers
of the .fr domain.
4. After finding out which name servers are responsible for the .fr domain, the local DNS server, which
still acts on behalf of the client that issued the original request, contacts a name server of the .fr domain
to find out which name server to contact to obtain information about the sander domain.
5. After finding the name server that is authoritative for the sander.fr domain, the name server can then
request the resource record it needs. It will cache this resource record and send the answer back to the
client.
3. Write a short note on cache-only nameserver.
Ans
1) Running a cache-only name server can be useful when optimizing DNS requests in your network. If
you run a BIND service on your server, it will do the recursion on behalf of all clients.
2) Once the resource record is found, it is stored in cache on the cache-only name server. This means
that the next time a client needs the same information, it can be provided much faster.
Steps to follow
1. Open a terminal, log in as root, and run yum -y install bind-chroot on the host computer to install the
bind package.
2. With an editor, open the configuration file /etc/named.conf. You need to change some parameters in
the configuration file to have BIND offer its services to external hosts.
3. Change the file to include the following parameters: listen-on port 53 { any; }; and allow-query { any; };.
This opens your DNS server to accept queries on any network inter face from any client.
4. Still in /etc/named.conf, change the parameter dnssec-validation; to dns server- validation no;.
5. Finally, insert the line forwarders x.x.x.x in the same configuration file, and give it the value of the IP
address of the DNS server you normally use for your Internet connection. This ensures that the DNS
server of your Internet provider is used for DNS recursion and that requests are not sent directly to the
name servers of the root domain.
6. Use the service named restart command to restart the DNS server.
7. From the RHEL host, use dig redhat.com. You should get an answer, which is sent by your DNS
server. You can see this in the SERVER line in the dig response. Congratulations, your cache-only name
server is operational!

4. What is DHCP? How is DHCP server setup?

Ans
1) The Dynamic Host Configuration Protocol (DHCP) is used to assign IP-related configuration to hosts in
your network.
2) Using a DHCP server makes managing a network a lot easier, because it gives the administrator the
option to manage IP-related configuration on a single, central location on the network, instead of on
multiple different hosts.
3) When a client comes up, it will send a DHCP request on the network. This DHCP request is sent as a
broadcast, and the DHCP server that receives the DHCP request will answer and assign an available IP
address.
4) Because the DHCP request is sent as a broadcast, you can have just one DHCP server per subnet. If
multiple DHCP servers are available, there is no way to determine which DHCP server assigns the IP
addresses.
DHCP Server Set Up:
1. Start the virtual machine, and open a root shell. From the root shell, use the command yum -y dhcp to
install the DHCP server.
2. Open the file /etc/dhcp/dhcpd.conf with an editor, and give it the following contents. Make sure that the
names and IP addresses used in this example match your network:option domain-name "example.com";
option domain-name-servers YOUR.DNS.SERVERNAME.HERE;
default-lease-time 600;
max-lease-time 1800;
subnet 192.168.100.0 netmask 255.255.255.0
{range 192.168.100.10 192.168.100.20;options routers 192.168.100.1;}
3. Start the DHCP server by using the command service dhcpd start, and enable it using chkconfig
dhcpd on.
4. Start the second virtual machine. Make sure that the network card is set to get an IP address from a
DHCP server. After star ting it, verify that the DHCP server has indeed handed out an IP address.
5. What are different parameter used for dhcp.conf command?
Ans
1) Here are the most relevant parameters from the dhcpd.conf file and a short explanation of each:
• option domain-name : Use this to set the DNS domain name for the DHCP clients.
• option domain-name-servers : This specifies the DNS name servers that should be used.
• default-lease-time : This is the default time in seconds that a client can use the IP address that it has
received from the DHCP server.
• max-lease-time : This is the maximum time that a client can keep on using its assigned IP address. If
within the max-lease-time timeout it hasn’t been able to contact the DHCP server for renewal, the IP
address will expire, and the client can’t use it anymore.
• log-facility : This specifies which syslog facility the DHCP server uses.
• subnet : This is the essence of the work of a DHCP server. The subnet definition specifies the network
on which the DHCP server should assign IP addresses. A DHCP server can serve multiple subnets, but it
is common for the DHCP server to be directly connected to the subnet it serves.
• range : This is the range of IP addresses within the subnet that the DHCP server can assign to clients.
• option routers : This is the router that should be set as the default gateway.

6. Explain components play role in the process of Internet mail.

Ans
1) Several key components are essential for e-mail to work properly, and as a system administrator it is
your responsibility to configure the following items.
Programs:
• A Mail User Agent (MUA) for users to be able to read and write e-mail
• A Mail Transfer Agent (MTA) to deliver the e-mail messages between computers across a network
• A Mail Delivery Agent (MDA) to deliver messages to users‘ mailbox files• An mail notification program to
tell users that they have new mail
• The TCP/IP protocols for storing e-mail messages and transferring e-mail between MTAs
Other communication and mail storage components:
• Ports
• Mail queues
• Mailbox files
Protocols for Sending and Receiving Mail
SMTP (Simple Mail Transfer Protocol): Used for sending emails from an MUA to an MTA or between
MTAs.
IMAP (Internet Message Access Protocol): Used by MUAs to retrieve emails while keeping them stored
on the server
POP3 (Post Office Protocol v3): Used to download emails from the server to the client, typically removing
them from the server.

7. Explain: Mail Transfer Agent, Mail Delivery Agent, Mail User Agent with examples.
Ans:

➖
Mail Transfer Agent:

➖
A mail transfer agent or mail relay transfers email messages from one computer to another.
An MTA is responsible for the core tasks involved with delivering of email, including: queuing,
throttling, scheduling, connection management, data transfer, processing of deferrals, bounce generation

➖
and tracking of delivery status.
A Mail Transport Agent (MTA) transports email messages between hosts using SMTP. A message

➖
may involve several MTAs as it moves to its intended destination.
The major functions of an MTA are:
➖Accepting messages originating from the user agent and forwarding them to their destination.
➖Receiving all messages that are transmitted from other user agents for further transmission.
➖Keeping track of each and every activity and analyzing and storing the recipient list to perform future
➖Sending auto-responses about non-delivery when a message does not reach its intended destination
routing functions.

➖The recipient's MTA then delivers the email to the incoming mail server (called the MDA, for Mail
Mail Delivery Agent:

➖There are two main protocols used for retrieving email on an MDA:
Delivery Agent), which stores the email as it waits for the user to accept it.

➖POP3 (Post Office Protocol), the older of the two, which is used for retrieving email and, in certain
➖IMAP (Internet Message Access Protocol), which is used for coordinating the status of emails (read,
cases, leaving a copy of it on the server;

deleted, moved) across multiple email clients.

With IMAP, a copy of every message is saved on the server, so that this synchronization task can be

➖
completed.
MDAs act as mailboxes, which store messages (as much as their volume will allow) until the recipients

➖
check the box. It is also called as LDA (Local Delivery Agent).
MDA is protected by a user name called a login and by a password.

➖
Mail User Agent:
A Mail User Agent (MUA) is a program that, at the very least, allows a user to read and compose email

➖
messages.
An MUA is often referred to as an email client. Of course, many MUAs help users do more than that,
including retrieving messages via the POP or IMAP protocols, setting up mailboxes to store messages, or

➖
helping present new messages to a Mail Transfer Agent that will deliver them to their final destination.
It is the responsibility of users to install an MUA, which allows them to work with email on their

➖
computer, tablet, or smartphone
It is called an email client (such as Mozilla Thunderbird, Microsoft Outlook, Eudora Mail, Incredimail or

➖
Lotus Notes & Mutt Tool).

➖
When it is a web interface used for interacting with the incoming mail server, it is called webmail.
An MUA is a program that, at a minimum, allows a user to read and compose email messages

8. Explain the various parameters for secure internet configuration of Postfix server.
Ans
1) There are a few more steps to take to configure a mail server, which is going to handle messages from
the Internet.
• myhostname This parameter specifies the name of this host. If not specified, it is set to the full DNS
domain name (FQDN) of this host. This parameter is used as a variable in other parameters in the
main.cf file, so it is useful to set it.
• mydomain This parameter specif es the domain of this host. If not set, the domain name part of the
FQDN is used.
• myorigin This parameter determines the domain seen by the email recipient when receiving messages.
The default is to use the FQDN of this host. This means that if user linda on server dfw.example.com
sends a message, the recipient will see a message coming in from linda@dfw.example.com. This is often
not what you want. To append the domain name only and not the entire FQDN, use myorigin =
$mydomain.
• inet_interfaces This parameter specifi es the IP addresses of the mail server to which it binds. By
default, it is set to localhost only, which means that your mail server cannot receive messages from the
Internet. This is fi ne if the mail server only has to send messages and another server is used for email
reception. However, you’ll normally want to enable all inet_interfaces using inet_interfaces = all.
•mynetworks This parameter is optional. You can use it to specify the network address from which your
MTA accepts messages for relaying without further authentication. It’s a good idea to set this to your
trusted network.
• relayhost This parameter contains the name of a host that is used to relay all messages to. Use this if,
for example, you want the mail server of your ISP to take care of all message delivery.

9. Write a short note on virtual host.

Ans
1) One Apache installation can handle more than one Apache website. To handle more than one site
from an Apache server, you can create virtual hosts.
2) A virtual host is a definition of different websites to be served by the Apache web server. You can
include this definition in the main Apache confi guration file/etc/httpd/conf/httpd.conf or in separate files
that you’ll create in the /etc/httpd/conf.d/ directory. If you chose the latter solution, make sure the name of
each of these files ends in .conf.
3) When setting up virtual hosts, you’ll have to choose which type to use. You can configure either a
name-based virtual host, an IP-based virtual host, or both.
4) Name-based virtual hosts are the default, and they are easier to set up because you can run multiple
Apache sites on one IP address.
5) IP-virtual hosts are often used if SSL is needed on a website, because in SSL it is beneficial if a
connection can be traced back to its original unique IP address. So, you must set up IP-based virtual
hosting to get SSL working.

10. Write down the steps to configure Apache for basic website services.
Ans
1) Configuring an Apache server that services just one website is not hard to do—you just have to install
the Apache software and create some content in the Apache document root.
2) The default document root is set to /var/www/html on a Red Hat Enterprise Linux server. Just put a file
in this directory with the name index.html, and it will be served by your Apache server.
Creating a Basic Website
1. Use yum -y install httpd to install the Apache web server.
2. Use chkconfig httpd on to put the Apache web server in your server’s runlevels, and have it star t at
boot in your runlevels.
3. Open a root shell, and go to the directory /var/www/html. In this directory, create a file with the name
index.html. In this file, put the content “ welcome to my website” and then use service httpd start to star t
the Apache web server.
4. Still from the root shell, use elinks http://localhost to access the website you just created. You’ll notice
that your web server is up and running!

11. What are modes of Apache? Explain some performance parameters for these modes.
Ans
1) Apache can be started in two different modes:
1. prefork mode
2. worker mode
The prefork mode is the default mode. In this mode, a master httpd process is started, and this master
process will start different httpd servers.
Even if the worker mode is a bit more efficient with regard to resource usage, some modules cannot
handle it, and therefore the prefork mode is used as default.
However, if you need the best performance that httpd can offer and you don’t use modules that are
incompatible with worker mode, it’s a good idea to use worker mode instead.
Worker mode can be configured to serve more simultaneous processes. To change the default mode that
Apache uses, you can modify the HTTPD parameter in /etc/sysconfig/httpd. To use the worker mode, you
have to start the /usr/sbin/httpd. worker binary instead of /usr/sbin/httpd.
To accomplish this, just remove the pound sign in front of the example line in /etc/sysconfig/httpd and
restart the httpd process using service httpd restart.
For both modes, you can set some performance parameters:
StartServers: This is the number of server processes httpd should always start.
MinSpareServers: This is the minimum amount of spare server processes that are kept. It is good to have
a certain minimum because it allows httpd to serve client requests really fast.
ServerLimit: This is the total amount of server processes that can be started as a maximum. Note that the
value of 256 is pretty high, and it should be sufficient for most servers.
MaxClients: This is the maximum number of clients that can be connected. Note that in worker mode,
one client can have several concurrent requests, which are opened simultaneously.
MinSpareThreads: In worker mode, this is the minimum amount of spare threads that httpd should keep.
You can see that it is set considerably higher than the MinSpare Servers parameter in prefork mode

12. Explain how the DirectoryIndex, Options, AllowOverride, and Orderdirectives in Apache.
Ans
1) DirectoryIndex : The administrator can also set different directory options on an Apache web server.
These options are used to define how the contents of a directory on the httpd server should bepresented
to users who access that directory
The DirectoryIndex directive can be used to specify that other fi les should also beconsidered. If this is
the case, it will show the contents of this fi le, and if not, a list of filesin the directory is shown.
To modify this behavior, the DirectoryIndex and Options directives can be used. Bydefault, the
DirectoryIndex directive specifies that Apache should look for a file with thename index.html or
index.html.var.
2) Options: The Options directive within a directory definition(as you can see in the /var/www/icons
directory statement) can further fine-tune the options that are used to display the contents of a directory.
You can also use Options to determine which server features are available in a particular directory.A
useful argument for the Options directive is Indexes.
Related to this option is Follow SymLinks. This option will ensure that symbolic links are followed if they
exist in the document directory. Don’t use this because it is considered a security threat.
3) AllowOverride: In a directory served by Apache, some basic restrictions can be used. First, there is
theAllowOverride directive.
If AllowOverride is set to none, the contents ofany .htaccess fi le that is found anywhere in a subdirectory
of the current directory will be ignored.
If you don’t want the owners of subdirectories to restrict access to their directories, set AllowOverride to
none. If you want to allow users to restrict access to subdirectories, set it to All.
In high-performance environments, don’t use it at all because this will force Apache to recurse through
the entire directory tree on every request.
4) Order directive: Another basic way to handle access restrictions is by using the Order directive. With
thisdirective, you’ll specify the order in which allow and deny commands are used
The default order is deny and then allow. This means that if a client is excluded by deny, it will be
excluded unless it matches allow. If neither is matched, the client gets access. As you see, this is a rather
open approach that doesn’t put many restrictions on a directory.