Thursday, April 12, 2012

CHECK NTP IS DOING ITS JOB OR NOT

There are a number of utilities available to check if NTP is doing it's job. The ntpq -p command will print out your system's current time status.
# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*cudns.cit.corne ntp0.usno.navy.  2 u  832 1024  377   43.208    0.361   2.646
 LOCAL(0)        LOCAL(0)        10 l   13   64  377    0.000    0.000   0.008

The ntpdc -c loopinfo will display how far off the system time is in seconds, based upon the last time the remote server was contacted.

# ntpdc -c loopinfo
offset:               -0.004479 s
frequency:            133.625 ppm
poll adjust:          30
watchdog timer:       404 s
 

ntpdc -c kerninfo will display the current remaining correction.

# ntpdc -c kerninfo
pll offset:           -0.003917 s
pll frequency:        133.625 ppm
maximum error:        0.391414 s
estimated error:      0.003676 s
status:               0001  pll
pll time constant:    6
precision:            1e-06 s
frequency tolerance:  512 ppm
pps frequency:        0.000 ppm
pps stability:        512.000 ppm
pps jitter:           0.0002 s
calibration interval: 4 s
calibration cycles:   0
jitter exceeded:      0
stability exceeded:   0
calibration errors:   0
 

A slightly more different version of ntpdc -c kerninfo is ntptime

# ntptime
ntp_gettime() returns code 0 (OK)
  time c35e2cc7.879ba000  Thu, Nov 13 2003 11:16:07.529, (.529718),
  maximum error 425206 us, estimated error 3676 us
ntp_adjtime() returns code 0 (OK)
  modes 0x0 (),
  offset -3854.000 us, frequency 133.625 ppm, interval 4 s,
  maximum error 425206 us, estimated error 3676 us,
  status 0x1 (PLL),
  time constant 6, precision 1.000 us, tolerance 512 ppm,
  pps frequency 0.000 ppm, stability 512.000 ppm, jitter 200.000 us,
  intervals 0, jitter exceeded 0, stability exceeded 0, errors 0.

Yet another way to see how well NTP is working is with the ntpdate -d command. This will contact an NTP server and determine the time difference but not change your system's time.

# ntpdate -d 132.236.56.250
13 Nov 14:43:17 ntpdate[29631]: ntpdate 4.1.1c-rc1@1.836 Thu Feb 13 12:17:20 EST 2003 (1)
transmit(132.236.56.250)
receive(132.236.56.250)
transmit(132.236.56.250)
receive(132.236.56.250)
transmit(132.236.56.250)
receive(132.236.56.250)
transmit(132.236.56.250)
receive(132.236.56.250)
transmit(132.236.56.250)
server 132.236.56.250, port 123
stratum 2, precision -17, leap 00, trust 000
refid [192.5.41.209], delay 0.06372, dispersion 0.00044
transmitted 4, in filter 4
reference time:    c35e5998.4a46cfc8  Thu, Nov 13 2003 14:27:20.290
originate timestamp: c35e5d55.d69a6f82  Thu, Nov 13 2003 14:43:17.838
transmit timestamp:  c35e5d55.d16fc9bc  Thu, Nov 13 2003 14:43:17.818
filter delay:  0.06522  0.06372  0.06442  0.06442
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.000036 0.001020 0.000527 0.000684
         0.000000 0.000000 0.000000 0.000000
delay 0.06372, dispersion 0.00044
offset 0.001020

13 Nov 14:43:17 ntpdate[29631]: adjust time server 132.236.56.250 offset 0.001020 sec

If you want actually watch the system synchronize you can use ntptrace.

# ntptrace 132.236.56.250
cudns.cit.cornell.edu: stratum 2, offset -0.003278, synch distance 0.02779
truetime.ntp.com: stratum 1, offset -0.014363, synch distance 0.00000, refid 'ACTS'

If you need your system time synchronized immediately you can use the ntpdate remote-servername to force a synchronization. No waiting!
# ntpdate 132.236.56.250
13 Nov 14:56:28 ntpdate[29676]: adjust time server 132.236.56.250 offset -0.003151 sec

Sunday, April 8, 2012

DHCP SERVER on RHEL 6


DHCP SERVER ON REDHAT 6
lab scenario := 
server IP =192.168.0.10
server Hostname = server.example.com
-----------------------------------------------------------------------------------------------------
1st step := Install dhcp package 
# yum -y install dhcp* 
then 
2nd step := copy the dhcpd.sample.conf file 
# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
 
3rd step := edit the dhcpd.conf below like this
# dhcpd.conf

#

# Sample configuration file for ISC dhcpd

#



# option definitions common to all supported networks...

option domain-name "example.org";

option domain-name-servers ns1.example.org, ns2.example.org;



default-lease-time 600;

max-lease-time 7200;



# Use this to enble / disable dynamic dns updates globally.

#ddns-update-style none;



# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

#authoritative;



# Use this to send dhcp log messages to a different log file (you also

# have to hack syslog.conf to complete the redirection).

log-facility local7;



# No service will be given on this subnet, but declaring it helps the 

# DHCP server to understand the network topology.



subnet 10.152.187.0 netmask 255.255.255.0 {

}



# This is a very basic subnet declaration.



subnet 10.254.239.0 netmask 255.255.255.224 {

  range 10.254.239.10 10.254.239.20;

  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;

}



# This declaration allows BOOTP clients to get dynamic addresses,

# which we don't really recommend.



subnet 10.254.239.32 netmask 255.255.255.224 {

  range dynamic-bootp 10.254.239.40 10.254.239.60;

  option broadcast-address 10.254.239.31;

  option routers rtr-239-32-1.example.org;

}



# A slightly different configuration for an internal subnet.

#subnet 10.5.5.0 netmask 255.255.255.224 {

 # range 10.5.5.26 10.5.5.30;

  #option domain-name-servers ns1.internal.example.org;

  #option domain-name "internal.example.org";

  #option routers 10.5.5.1;

  #option broadcast-address 10.5.5.31;

  #default-lease-time 600;

  #max-lease-time 7200;

#}



subnet 192.168.0.0 netmask 255.255.255.0 {

  range 192.168.0.80 192.168.0.100;

  option domain-name-servers server.example.com;

  option domain-name "server.example.com";

  option routers 10.5.5.1;

  option broadcast-address 10.5.5.31;

  default-lease-time 600;

  max-lease-time 7200;

}

# Hosts which require special configuration options can be listed in

# host statements.   If no address is specified, the address will be

# allocated dynamically (if possible), but the host-specific information

# will still come from the host declaration.



host passacaglia {

  hardware ethernet 0:0:c0:5d:bd:95;

  filename "vmunix.passacaglia";

  server-name "toccata.fugue.com";

}



# Fixed IP addresses can also be specified for hosts.   These addresses

# should not also be listed as being available for dynamic assignment.

# Hosts for which fixed IP addresses have been specified can boot using

# BOOTP or DHCP.   Hosts for which no fixed address is specified can only

# be booted with DHCP, unless there is an address range on the subnet

# to which a BOOTP client is connected which has the dynamic-bootp flag

# set.

host fantasia {

  hardware ethernet 08:00:07:26:c0:a5;

  fixed-address fantasia.fugue.com;

}



# You can declare a class of clients and then do address allocation

# based on that.   The example below shows a case where all clients

# in a certain class get addresses on the 10.17.224/24 subnet, and all

# other clients get addresses on the 10.0.29/24 subnet.



class "foo" {

  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";

}



shared-network 224-29 {

  subnet 10.17.224.0 netmask 255.255.255.0 {

    option routers rtr-224.example.org;

  }

  subnet 10.0.29.0 netmask 255.255.255.0 {

    option routers rtr-29.example.org;

  }

  pool {

    allow members of "foo";

    range 10.17.224.10 10.17.224.250;

  }

  pool {

    deny members of "foo";

    range 10.0.29.10 10.0.29.230;

  }

}

 save and quit 

and start the service 
# /etc/init.d/dhcpd start 

DNS SERVER ON RHEL 6


Lab scenario:- 
Server Ip = 192.168.0.10
Server Hostname = server.example.com
Client IP = 192.168.0.40
Client Hostname = client.example.com
1step := setting up your hostname 

 # vim /etc/host 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.10  server.example.com server


# vim /etc/sysconfig/network
NETWORKING=yes

HOSTNAME=server.example.com

# hostname server.example.com [press enter]
2nd step := add entry in resolve.conf file
# vim /etc/resolve.conf
# Generated by NetworkManager

search example.com

nameserver 192.168.0.10





3rd step := Install BIND package 
# yum -y install bind* 

4rth step := Edit the named.conf 
1st backup this file
# cp -avr /etc/named.conf /etc/named.conf.org
# vim /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//



options {

 listen-on port 53 { 192.168.0.10; };

 listen-on-v6 port 53 { ::1; };

 directory  "/var/named";

 dump-file  "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

 allow-query     { any; };

 recursion yes;



 dnssec-enable yes;

 dnssec-validation no;

 dnssec-lookaside auto;



 /* Path to ISC DLV key */

 bindkeys-file "/etc/named.iscdlv.key";

};



logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};



zone "." IN {

 type hint;

 file "named.ca";

};



include "/etc/named.rfc1912.zones";




save and quit 
5th step := Edit /etc/named.rfc1912.zones like this
// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package 

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

// 

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//



zone "example.com" IN {

 type master;

 file "forward.zone";

 allow-update { none; };

};



zone "localhost" IN {

 type master;

 file "named.localhost";

 allow-update { none; };

};



zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

 type master;

 file "named.loopback";

 allow-update { none; };

};



zone "0.168.192.in-addr.arpa" IN {

 type master;

 file "reverse.zone";

 allow-update { none; };

};



zone "0.in-addr.arpa" IN {

 type master;

 file "named.empty";

 allow-update { none; };

};


Save AND Quit 





6th step := create forware.zone nad reverse.zone file in /var/named/  like this 
 # cp named.localhost forward.zone

 #  cp named.loopback reverse.zone


7th step := edit the forward and reverse.zone like this 
$TTL 1D

@ IN SOA server.example.com. root.server.example.com. (

     0 ; serial

     1D ; refresh

     1H ; retry

     1W ; expire

     3H ) ; minimum

 IN NS server.example.com.

server  IN A     192.168.0.10

 

8th step Edit the reverse.zone like this 
$TTL 1D

@ IN SOA server.example.com. root.server.example.com. (

     0 ; serial

     1D ; refresh

     1H ; retry

     1W ; expire

     3H ) ; minimum

       IN NS server.exmaple.com.

10     IN PTR server.example.com.

save file 

9th step := change the group of forward.zone and reverse.zone
 #  chgrp named forward.zone 
 #   chgrp named reverse.zone 
10th step := start the service 

# service named restart 
the test the DNS server 
# dig -x 192.168.0.10
# nslookup 192.168.0.10