Wednesday, June 28, 2006

Remote name daemon control (rndc) for BIND

Using the rndc command you can send commands to your DNS servers over TCP authenticated by digital signatures. Without any parameters the command prints out its options:

Usage: rndc [-c config] [-s server] [-p port]
[-k key-file ] [-y key] [-V] command

command is one of the following:

reload Reload configuration file and zones.
reload zone [class [view]]
Reload a single zone.
refresh zone [class [view]]
Schedule immediate maintenance for a zone.
retransfer zone [class [view]]
Retransfer a single zone without checking serial number.
freeze zone [class [view]]
Suspend updates to a dynamic zone.
thaw zone [class [view]]
Enable updates to a frozen dynamic zone and reload it.
reconfig Reload configuration file and new zones only.
stats Write server statistics to the statistics file.
querylog Toggle query logging.
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
stop Save pending updates to master files and stop the server.
stop -p Save pending updates to master files and stop the server
reporting process id.
halt Stop the server without saving pending updates.
halt -p Stop the server without saving pending updates reporting
process id.
trace Increment debugging level by one.
trace level Change the debugging level.
notrace Set debugging level to 0.
flush Flushes all of the server's caches.
flush [view] Flushes the server's cache for a view.
flushname name [view]
Flush the given name from the server's cache(s)
status Display status of the server.
recursing Dump the queries that are currently recursing (named.recursing)
*restart Restart the server.

* == not yet implemented
Version: 9.3.2


Because digital signatures are used for authentication with the name server daemon, you must speicify either a key-file ( -k option) or key on the command line ( -y option). If no key or key-file is sepcified then rndc will look in the rndc.conf file.

So now you can do cool stuff like turn query logging on and off with:

# rndc querylog
# ping -c 1 www.google.com
# tail /var/log/messages
Jun 28 23:48:21 poseidon named[1986]: query logging is now on
Jun 28 23:48:48 poseidon named[1986]: client 192.168.116.10#33362: query: www.google.com IN A +
# rndc querylog
# tail /var/log/messages
Jun 28 23:51:32 poseidon named[1986]: query logging is now off


You can dump the name server cache with the command:

# rndc dumpdb -cache

The dump file will be specified in the named.conf file in the options directive:

dump-file "/var/named/data/cache_dump.db";

Since my server runs in a chrooted environment the location is actually /var/named/chroot/var/damed/data/cache_dump.db. The file itself is just plain text so you can view it in any editor.

Tuesday, June 27, 2006

DB2 upgrade

I had a DB2 V8.1 fixpack 2 installation on one of my FC5 systems which I upgraded to the (currently) latest fixpack 12. After completing the upgrade and running the post install tasks (iupdate) I found I couldn't run any of the utils such as db2cc:

[db2inst1@medusa ~]$ db2cc
stackpointer=0x1c3aa4
Writing Java core file ....
Written Java core to /tmp/javacore11599.1151439455.txt
DB2JAVIT : RC = 11


Oops! Something was clearly very wrong here. It turns out that the Java SDK (1.31) originally installed with DB2 doesn't work with FC5 or my kernel (2.6.17). My problem was resolved by downloading and installing the Java 1.42 SDK rpm from IBM, and running the following command as user db2inst1:

db2 update dbm cfg using JDK_PATH /opt/IBMJava2-142

Saturday, June 24, 2006

Mirroring websites with wget

I'm sure it's already quite well known, but I've just discovered how to mirror web sites with wget. I'd been wanting to make sure I had a back up of this blog and was already sure that wget would be the tool to use. A quick search turned up this command:

wget --mirror –w 2 –p --html-extension –-convert-links –P /home/pat/documents/blogger/ http://patgardner.blogspot.com

--mirror

get files recursively, but depending on timestamp

-w

wait a number of seconds between retrieval

-p

download all page requisites such as images

--html-extension

makes sure that all the copies of files have .html file extensions

--convert-links

convert links suitable for local viewing

-P

path to save files to

Tuesday, June 20, 2006

iFolder

I've just discovered iFolder, a storage solution originally created by Novell but now released as an open source project. With iFolders you can set up directories to replicate to a server, which in turn will replicate to any other computer that has the client software installed. Client software is available for Windows XP, Linux and OS X. Without the client software you can still upload/download files via the web interface.

Friday, June 16, 2006

Slow Firefox

Firefox 1.5.0.3 provided with Fedora 5 seems very slow (more so on my laptop) particularly when scrolling. Cpu usage can easily hit 100% when scrolling up and down a page. A short term solution until they fix it is to put:

export MOZ_DISABLE_PANGO=1

In your .bash_profile.

Zeroconf service discovery

Another new addition to the latest release of Fedora is avahi support, better known as zeroconf or bonjour in the Apple world. This allows for service discovery on the network, such as printers automatically anouncing their presence or bookmarks being broadcast to the LAN. The avahi-daemon takes care of advertising services whilst application such as Gnome (2.14) are avahi aware. Here is an example of how to get avahi up and running.

1. Configure some services. The directory /etc/avahi/services is initially empty, so we'll create a few files:

apache.service
ssh-ftp.service
ssh.service

We populate the files with the following data:

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name>Apache Server Documentation</name>
<service>
<type>_http._tcp</type>
<port>80</port>
<txt-record>path=/manual</txt-record>
</service>
</service-group>

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">SFTP File Transfer on %h</name>
<service>
<type>_sftp-ssh._tcp</type>
<port>22</port>
</service>
</service-group>

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">Remote Terminal on %h</name>
<service>
<type>_ssh._tcp</type>
<port>22</port>
</service>
</service-group>


2. Enable the avahi-daemon, and have it auto start on system boot.

# service avahi-daemon start
# chkconfig avahi-daemon on


3. We can also enable Gnome file sharing from "Desktop/Preferences/Personal File Sharing" which provides WebDAV access to ~/Public.

4. If we now start nautilus and click on "network" or go to the "network:///" Gnome-VFS, you can see that in addition to the Windows SMB network we also have the "Public" WebDAV share as well as the secure FTP resources displayed:



5. Epiphany (the Gnome web browser) is the only browser which supports avahi bookmarks at this time. We can see this working if we start Epiphany:



There are a couple of other tools which can display zeroconf services, the avahi provided 'avahi-discover' and the 'Zeroconf discovery applet' which is avaible from the avahi website. Download the service-discovery-applet tarball, unpack and run:

# ./configure && make && make install

You should now be able to add the applet to your gnome-panel:



It's clearly early days for zeroconf support in Linux, but what there is works well. I hope that the Gnome team and other application developers continue to integrate and extend avahi support.

Thursday, June 01, 2006

Sendmail SmtpGreetingMessage

Call me old fashioned, but I still use sendmail. Yeah, I know there are lots of more modern and easy to use MTA's out there but I don't have the time to learn them right now. Sometimes best to stick with what you know. Anyhow...

I was wondering how to change the greeting message on an smtp connection and a long search through my O'Reilly sendmail 3rd Edition provided the answer. The following is an mc configuration for versions 8.7 or above:

define(`confSMTP_LOGIN_MSG',`message')

Where "message" is a string that must at least contain the localhost name. By default message would be:

$j Sendmail $v/$Z; $b
In sendmail.cf which results in something like:

220 mailhost.mydomain.com ESMTP Sendmail 8.13.6/8.13.6; Thu, 1 Jun 2006 23:19:51 +0100

Where:

$j = fully qualified hostname
$v = sendmail version
$Z = configuration file version
$b = current date and time

I placed this new definition in my sendmail.mc:

define(`confSMTP_LOGIN_MSG',`$j MTA ready and waiting ; $b')
Which displays:

220 mailhost.mydomain.com ESMTP MTA ready and waiting ; Fri, 2 Jun 2006 00:06:08 +0100

Why did I do this? Well it's usually better with sendmail (or indeed any MTA or service) to hide the version from the outside world as this can make it a little harder to exploit.