DNS server

DNS functions

• Forward Lookup - hostname to IP
• Reverse Lookup - IP to hostname
• Logically group computer by domain
• Email routing information - MX record

DNS Zone, Domains and Delegation

• A domain is a DNS scope that responsible for name resolution
• A zone is the name resolution scope that managed by one specific server
• DNS server can delegate sub-domains into additional zones which managed by other server or servers

Name Server Hierarchy

• Master name server contains the master copy of data for a zone
  
  • Master name server files:
  • Domain forward lookup zone file
  • Domain reverse lookup zone file
  • named.ca - Root server information file
    
  • localhost.zone - local forward lookup file
    
  • named.local - local reverse lookup file
    
• Slave name server provides a backup of the master DNS server and automatically synchronize with the master DNS server.
  
  • Slaver name server file:
  • named.ca
  • localhost.zone
  • named.local
  • DNS zone transfer - The action of slaver name server copying the "Domain forward lookup zone file" and "Domain reverse lookup zone file" from master server called DNS zone transfer

Name resolution procedure:

1. Received name resolution request from client.
2. If the requested name is in the local database, DNS serve would send the IP address back to the client. The name resolution action will finished. If the requested name is not in the local database, DNS server would forward the request to the root server.
3. If the root server has not the requested name, it will response the IP address of the DNS serve which mange the second level domain of the requested name. Otherwise the root server will response the IP of the requested name and then DNS server will send it back to client.
4. DNS serve will continually repeat step 3 until resolved the Requested name.
   
5. DNS server will save the resolution in the catch file and send it back to client

Berkeley Internet Name Domain (BIND)

BIND is the most widely used DNS server on the internet. It provides a stable and reliable infrastructure on which to base a domain's name and IP address associations. It runs in a chrooted environment to provide max security. Chrooted redirect the root directory to other directory which is /var/named/chroot/var/named/db.* in RHEL

BIND on RHEL

• Service type - system V
• Packages - bind, bind-utils, bind-chroot
• Daemons - named, rndc
• Script - named which can start or stop DNS service
  
• Ports - named on port 53, rndc on port 953
• Files - all under /var/named/chroot directory
  
• /etc/named.conf - main configuration file include zones, options, access control lists and etc
• /var/named/* - DNS database
  
• /etc/rndc.* - DNS security file
  
• Related - caching-nameserver - used to quickly setup a caching only DNS, openssl encrypt the DNS communication.

Master and Slave Zones

• Master zone - the DNS data which sorted in the master DNS server. The data on master zone can be added, deleted or modified.
  
• Slaver zone - the DNS data which sorted in the slave DNS server. The data inside Slaver zone are transfered from the master DNS server. So that the data on slaver zone can not be modified , deleted and added.

Reverse Loolup Zones

DNS configurations

• bind-chroot - change ROOTDIR = directory_name in /etc/sysconfig/named. Put a # in front of ROOTDIR will stop chroot function.
• Zone files directory - directory=var/named so all DNS zone files are in the /var/named/chroot/var/named
  
• Global Options (each line must finish by ";", sting need inside " ") (in named.conf)
  
  • options{
    
    directory "/var/named"; # set root directory of all related paths specified in named.cong. That means all the root directory of all the DNS database file.
    forwards {10.0.01.254;}; # define the server to which DNS queries will be sent when the queries can be resolved locally. If the queried DNS server can not answer, it will try root DNS server unless the forward-only option is set too.
    allow-query {192.068.2/24;}; #White list of the querier. If this option is not set the DNS can be queried from every where.
    allow-transfer {192.068.2/24;}; #Only the listed DNS can copy the DNS database.
    
    }
• Access Conrol Lists (acl) (in named.conf)
  • acl "list_name" {192.168.1/24;192.168.1/24};
• Master and Slave Zones Note: zone file name must contain zone name
  
  • zone "example.com"{
    type master;
    file "example.com.zone" #it stored in the path which defined in directory option
    };
  • zone "kernel.org"{
    type slaver;
    masters {192.168.1.1;};
    file "slaves/kernel.org.zone";
    };
    
• Reverse Loolup Zones must have follows three records
  
  • SOA record
  • NS records
  • PTR records
    
  Create one reverse lookup zone by create the 192.168.1.zone in the /var/named/chroot/var/named directory. Type in the following lines.
  
  $TTL 86400
  @ IN SOA example.com. root.example.com. (
  2001101100 ; serial number
  10800 ;refresh
  3600 ;retry query
  604800 ;expire
  0 ;negative TTL
  )
  ; Resource Records
  @ IN NS ns.example.com.
  3 IN PTR ns.example.com.
  
  After created the zone file, the owner and owner group of the file need to be change to named by using command "chown named:named 192.168.1.zone".
  
  zone "192.168.1.in-adde.arpa"{
  type slave;
  masters {192.168.1.3;};
  file "slaves/192.168.1.zone";
  }
  Note: zone name must end with .in-adde.arpa
  
  
  
• Root Zone and Loopback Zone
  
  • Root zone "."
    zone "." {
    type hint;
    file "named.ca";
    }
  • Lookback zone "0.0.127.in-adde.arpa"
    zone "0.0.127.in-adde.arpa" {
    type master;
    file "named.local";
    }
• Forward lookup zone must have follows three records
  • SOA record
  • NS record
  • A records
  Create one forward lookup zone by create the example.com.zone in the /var/named/chroot/var/named directory. Type in the following lines.
  
  $TTL 86400
  @ IN SOA example.com. root.example.com. (
  2001101100 ; serial number
  10800 ;refresh
  3600 ;retry query
  604800 ;expire
  0 ;negative TTL
  )
  ; Resource Records
  @ IN NS ns.example.com.
  ns IN A 192.168.1.3
  
  After created the zone file, the owner and owner group of the file need to be change to named by using command "chown named:named example.com.zone".
  

Zone file

• Begins with $TTL(Time to live) - Determines the default length of time in seconds which you want resolving servers to cache your zone's data.
• First resource record is zone's start of authority(SOA)
• Zone data in additional resource records
• Resource Records(RR)
  
  • [domain] [ttl] [clase]
  • [domain] - specify domain or use current
    
  • [ttl] - how long record will be cached, if it has not been specific the record will use the ttl which in the first line for the zone file.
    
  • [clase] - record classification(usually IN means Internet)
    
  • - record typ (SOA, MX, A, etc)
    
  • - specific data for record
• SOA(Start of Authority) - Every zone file must have one. Following is a example SOA record.
  @ IN SOA example.com. root.example.com(
  2001101100 ; serial number
  10800 ;refresh
  3600 ;retry query
  604800 ;expire
  0 ;negative TTL
  )
  
  In the first line, example.com. - The domain name of the DNS server which manage this zone. root.example.com - The administrator of this zone. Serial number will be increase when every time of change. Therefor the slave servers can know whether the zone file has been changed.
  
  In the Second line, The number meas 10800 second which determined slaver servers check the zone file whether has been changed every 10800 second(3 hours)
  
  In the third line, The number is 3600 second which determined slaver servers will retry connect the master server every 3600 second when the refresh was failed.
  
  In the fourth line, Slaver server would delete the zone file if it can not refresh with in the expire time 604800 seconds.
  
  In the fifth line, negative TTL specify how long the DNS server cache the unfound record.
• NS (Name Server) - designate name servers to use for this domain
  There should be an NS record for each master of slave name server serving your zone. NS records point to any slave servers that should be consulter by the client's name server if the master should fail
  
  example.com. IN NS ns.example.com.
  example.com. IN NS ns1.example.com.
  @ IN NS ns2.example.com.
  
  That is domain name, internet, Name server, DNS server's domain name. @ represent the default domain name.
  
  If there are more than one DNS point to one domain the first one would be the master DNS others would be slave DNS.
• A records map host name to IP address
  mail IN A 192.168.0.2
  ns.example.com. IN A 192.168.0.3
  Note: If the hos tname not finished with "." system would think it is a host inside the default domain. System will add the default domain name behind the host name. In this case the host full domain name is "mail.example.com.".
  
• CNAME records map address aliases
  www IN CNAME ns1
  dns IN CNAME ns.example.com.
  The first line means if someone look for www.example.com the DNS server will response the IP address of the host ns1.example.com. So that As the host name usage in the A record, if the host name not finish with "." system will add default domain name behind it.
  
• PTR records map IP address to hostname
  3.0 IN PTR ns.example.com.
  Note 3.0 not finish with "." so it represent "3.0.168.192.in-addr.arpa."
  
• MX records map mail servers for a domain
  example.com. IN MX 5 mail.example.com.
  example.com. IN MX 10 mail1.example.com.
  Note: the number represent priority, less number means higher priority
• Round Robin Load Sharing Through DNS
  Load balancing can be achieved through the simple use of multiple A records:
  www 0 IN A 192.168.2.101
  www 0 IN A 192.168.2.102
  www 0 IN A 192.168.2.103
  AS TTL is set to 0 so that everyone need access host www, need to request IP from the DNS server. And the DNS server will reponse the ip one by one in the list. Therefor www users can be redirect to different servers for load balance implementation. However DNS traffic will increase as a TTL of 0 means never cached.
  
  
  

• 
  
  

Send mail setting

Email Process,

• MSP(Mail Submission Program)
• MTA(Mail Transport Agent)
• MDA(Mail Delivery Agent)

Configuration file,

• /etc/mail/sendmail.cf - the main configuration file for sendmail
• /etc/mail/sendmail.mc - sendmail macro configuration file
  
• /etc/mail/submit.cf - configure sendmail operation when connected by MSP(email client software)
• /etc/aliases - configure local user aliases and need use newaliases command to hash to aliases.db before using.
  
• /etc/mail/local-host-names - lists the aliases and domain, which the mail server will accept in an incoming e-mail address for local delivery
• /etc/mail/access - after modification need run "make" in /etc/mail folder
  
• /var/named/chroot/var/named/db.domain DNS setting file
• Log file: /var/log/maillog

Configuration

• set in sendmail.cf

• Get host ip address,
  
• Set DNS server IP in /etc/resolv.conf and make sure search follow with correct domain name
• example db.domain file
  domain.com. IN NS example.domain.com.
  example.domain.com. IN A 192.168.1.12
  domain.com. IN MX 10 example
• Allow other PC sent email though the smtp server(by default sendmail only allow user send email on the server) by set line DaemonPort0ptions=Port=smtp,Addr=127.0.0.1, Name=MTA to notes in the sendmail.cf file
• netstat -tupln | grep :25 - display on the port 25 which program listen on which address t - tcp, u - udp, P - program name, L - listening port, n
  
• service sendmail restart - active the above setting
  
• set in sendmail.mc
  
  • Back up sendmail.mc and sendmail.cf
    
  • put dnl in front of DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')
    
  • m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
  • diff /etc/mail/sendmail.cf /etc/mai/sendmail.cf.bak - compare the new and old sendmail.cf file
    

Linux Filesystem

Partitions

• Formating is the operation that separating partition into several blocks which normally is 4 K big. Block is the least storage unit to sort files. If a file is 11k it would use 3 blocks which is 4 k*3=12 k.

Inodes

• An inode is a data structure used in typical unix liked file system. There is an inode table which contains metadatas of all files and directories sorted on an ext2 or ext3 file system. Inode number equals the number of files and directories which sorted in the file system. So that the mix inode number is the max number of files and directories can be sorted in the system.

  I- number	File Type	Perm ission	Link Count	UID	GID	size	Time Stamp	......	pointer
  1	-	644	1	500	500
  2	d	755	1	0	0

  I-number is the inode number. File type: "-" present file, "d" present directory. Link count record hard links. Time stamp include access time, modify time and change time. Modify time is the last time user change the file content. Change time is the last time the change of inode data. Pointer is the address of the blocks which sort the file of directory on the disk.
• Directory is a mapping between the file name and the inode number. The kernel must search a directory looking for a particular filename and then convert the filename to the correct corresponding inode number if the name is found.
• Filetypes
  
  • - regular file
  • d directory
  • l symbolic link
  • b block special file eg: /dev/sda1
    
  • c character special file eg: /dev/mice
    
  • p named pipe
  • s socket

Checking Free Space

• df - reports disk space usage
  
  • non parameter - report total kilobytes, kilobytes used, kilobytes free per file system
  • -h - displays sizes in easier to read units
• du - Reports disk space usage
  
  • Report kilobytes used per directory
  • Includes subtotals for each subdirectory
    
    • -s option only reports single directory summary
  • Also takes -h option

Mount removable dives (cd/dvd rom/writer, floppy, usb dives.)

• floppy
  
  • mount /dev/fd0 /media/floppy/
  • format low level format fdformat /dec/fd0H1440 and high level format mkfs -t ext2 /dev/fd0 or mke2fs /dev/fd0 or mkfs -t vfat /dev/fd0
• cd/dvd rom/writer
• usb dives

Archive
tar - standard Linux archiving command. It will archive files with their inode table but do not compress files without specific parameter.

• Syntax - tar [option] archive_name files
  
  • Create Archive - "tar cvf archive_name files..."
    
    • c - creates a new archive
    • v - produces verbose messages
    • f - archive_name is name of new file
  • Compress Archives
    
    • z - for gzip compression
    • j - for bzip2 compression
      
  • Inspect Archive
    
    • "tar tf archive_name" display a list of all files in the archive
    • "tar tvf archive_name" the v causes a long listing (like 'ls -l') of each file in the archive
  • Extract Archive - "tar xvf archive_name" The archive will be extracted in the current directory. So that extract command need execute in the target folder. Files maintain their hierarchy relative to the current directory.
  • Save the archive to removable use parameter M follow with the dives path
    

File Compression Utilities

• gzip, gunzip - "*.gz" standard Linux compression utility which has over 75% compression for text files. gzip can only compress files. It will pop error when trying to compress directory
  Compress - "gzip filename" the compressed file will replace original file or "gzip -vc filename > archive_name.gz" -c indicate gzip keep the original file.
  Extract - "gunzip filename.gz"
  
  
• bzip2, bunzip2 - "*.bz2"Newer Linux compress tool which generally perform better compress than gzip
  

Printing in Linux

Printing Utilities

• enscript - Converts text to PostScript
• ggv - PostScript and PDF viewer
• ps2pdf - PostScript to PDF converter
• pdf2ps - PDF to PostScript converter
• mpage - Prints multiple pages per sheet
  

Vi Tips

Command Mode:

• Cursor Movement:
  
  • w - word ahead
  • b - word back
  • ( - sentence back
  • ) - sentence forward
  • { - paragraph above
  • } - paragraph below
  
  
• Searching for Text:
  
  
  • /test - search downwards for "test"
  • ?test - search upwards for "test"
  • n/N - continue search the same/opposite direction
  
  
• Undoing Changes:
  
  
  • u - undo most recent change
  • Ctrl + r redo last "undo" change
  • U - undo all changes to the current line
    
    
• Change, Delete and Yank
  
  

  	Change	Delete	Yank	Paste
  Line	cc	dd	yy	p blow cursor P above cursor
  Letter	cl	dl	yl	p after cursor P beofer cursor
  Word	cw	dw	yw	p after cursor P beofer cursor

• Tricks:
  
  • dtx - delete from cursor to the letter x
  • rx - replace a character with x
  • x - delete a character
  • 5dd - delete 5 lines
  • 5yy - copy 5 lines
  • 5x - delete 5 charactersR - replace character-for-character until
    

Entering Insert Mode

• a - appen after the cursor
• i - insert before the cursor
• A - append to end of line
• I - insert at beginning of line
• o - open a line below
• O - open a line above

Linux command

Edit commands:

• tr - translate or delete characters eg, "tr [A-Z] [a-z] filename" change all the upper case to lowercase in the file called filename.
  

Display commands:

• cut - display specific columns of file. -f specifies field or column, -d specifies field delimiter(Default is TAB), -c cuts by characters. eg: "cut -f3 -d: /etc/passwd" The example passwd file entry is user2:x:501:501::/home/user2:/bin/bash." cut -c4-8 file " will display from the fourth character to the eighth character in each line of the "file".
• sort - sort text to standard out - original file unchanged. "sort [option] file(s) " Common options: -r Reverses sort to sort descending, -f ignor(fold) case of characters in strings, -u unique(remove duplicate lines in output), -t 'x'-use x as field separator, -n Numeric sort, -k sort from set the field, -K sort using two difference field when there are duplicate in field 1 sort using field 2. eg: sort -t: -k3 -n /et/passwd

Pipes:

• tee sort command output in a file between pipes. eg: "cut -f1 -d: /etc/passwd | tee cut.out | less"
  

Remotely install or del printer in window xp by use bat script

Del printer:
cscript "c:\windows\system32\prnmngr.vbs" -d -p "\\host\printername"
Install printer
cscript "c:\windows\system32\prnmngr.vbs" -ac -p "\\host\printername"
Set default printer
cscript "c:\windows\system32\prnmngr.vbs" -t -p "\\host\printername"

other solutions:

use"rundll32 printui.dll,PrintUIEntry" detail see in http://support.microsoft.com/kb/q189105

Bash useful tips

Wild card expansion:

• matches zero or ore characters
• ? matches any single character
• [a-z] match a range of characters
• [^a-z] match all except the range

Command History





The command history is stored in ~/.bash_history file. If user want to re-execute the previous command, they could use simply press up/down arrow key to load them from the history file. There are has other method to help use quickly load the previous command they want.

• "!number" will execute the command which history sequence number equals number .
• "^2^1" change first character 2 in last command to 1 in the new command. For example if the last executed command is ping 192.168.1.2 and then execute ^2^1, the hash will execute command ping 191.168.1.2.
• "~" represent the user's home directory. "cd ~ " go the home directory of the current user. "cd ~username" go to user's home directory however this only can be used by root user.
• Ctrl + r backward search for match command in the history, user could repeatedly press Ctrl + r unitl find the right one or Ctrl + S search forwardly and Ctrl + G to terminate the search.
• ESC and than . or ALT + . can recall last argument from previous command
  

Variable and Curly braces

set - display all the variables
env - display all the environment variables
export - set variable to environment variable
unset - del variable "unset variable_name"
reset - can reset a terminal when the screen get corrupted


Variable

• $HISTFILESIZE - determines how many commands to be saved in the history file on logout
• $COLUMNS - sets the width of the terminal
• $LINES - sets the height of the terminal
• $HOME - represent home directory of current user.
• $LANG - set the default language of the shall
  
• $PWD - user's current working directory
• $TREM - set the terminal type
  
• $PATH - system default path for searching files. separated with colon(:)
  
• $PS1 - prompt setting
  
  
  • \d today's date
  • \h short hostname
  • \t current time
  • \u username
  • \w current working directory
  • \! the history number of current command
  • \$ shows if you are a non-privileged user and a # if you are a privileged user
  • \l the basename of the shell's terminal device name which tty.
  • For example if $PS1 = [\u@\h\w]\$ the prompt will be [root@localhost ~]$
    

{ } usage:

• touch {q,w} will get files q and w.
• touch q{1,2} will get files q1 and q2. touch
• touch {q,w}.{1,2} will get files q.1, q.2, w.1 and w.2

Command Line Expansion:

• Command Output `` or $(): echo "hostname" display hostname, echo `hostname` or echo $(hostname) display localhost.localdomain.
• Backslash(\) is escap character and makes the next character literal. Moreover if the backslash is the last character on the line it would means continue command on the next line.
• Quotes ' or " can inhibit all expansions but " can not inhibit dollar sign $, backslash \, backquotes ` and exclamation point !.
  
• Arithmetic $[]: a=2 b=3 echo $[ $a + $b ] bash output 5
• set -o display bash setting set -o settingname enable the setting. set +o setting disable the setting. For example set -o vi will enable vi style command line editing.
• gnome terminal shortcut keys: ctrl +shift+t/w open/close new tab; ctrl+PgUp/PgDn change to next/previous tab; ALT + N change to number "N" tab; ctrl+shift+c/v copy/paste command line;
  

Aliases:

• Aliases is the easy remembered short name of commands or the combinations of command with parameters. For example alias ll='ls -l'. alias with nor parameter will list all the aliases in the system. "alias aliasname" will show what commands is the aliasname represent.
  

Man page command

man pages are separate in different categories which is called "chapter" In the Man page, chapter as a number displayed just after the command name. The number meanings are list below.

1. User commands
2. System calls
3. Library calls
4. Special files
5. File formats
6. Games
7. Miscellaneous
8. Administrative commands
   

The 1 5 8 are more important. man 5 passwd will display chapter 5 of passwd man page.

Inside the man page there are some command can be use to navigate useful part of the page.
/ Search for text
n/N Next/Previous match
q Exit man page

man -k search all man pages which matched keyword.

User management

password status

passwd -S username or password --status username will display the password status of the user.
Password locked means the user is a new user and has not been set any password. so that the password is locked.

各种符号的英文表达方法

"_":underscore
"-":dash, hyphen
"~":tilde key
"#":pound key

others:

apostrophe ( ' ) ( ?)
brackets ( ( ) ) ( [ ] ) ( { } ) ( 〈 〉 )
colon ( : )
comma ( , )
dashes ( ) ( ?) ( ?) ( ― )
ellipsis ( ?) ( ... )
exclamation mark ( ! )
full stop/period ( . )
hyphen ( - ) ( ‐ )
interrobang ( ‽ )
question mark ( ? )
quotation marks ( ??) ( ??)
semicolon ( ; )
slash/solidus ( / )
space ( ) and interpunct ( ?)
ampersand ( & )
asterisk ( * ) and asterism ( ⁂ )
at ( @ )
backslash ( \ )
bullet ( ? more )
dagger ( ??)
degrees ( ?)
number sign ( # )
vertical bar/pipe ( | )

Sar command in RHEL

SYSSTAT tool kit provide sar, sadf, mpstat, iostat, pidstat and sa tools for Linux system. The official website of SYSSTAT is http://pagesperso-orange.fr/sebastien.godard/

SYSSTAT main features which list on the official website:

• Includes four groups of monitoring tools (sar / sadc / sadf, iostat, mpstat, pidstat) for global system performance analysis.
• Can monitor a huge number of different metrics:

1. Input / Output and transfer rate statistics (global, per device, per partition, per network filesystem and per Linux task / PID)
2. CPU statistics (global, per CPU and per Linux task / PID), including support for virtualization architectures
3. Memory and swap space utilization statistics
4. Virtual memory, paging and fault statistics
5. Per-task (per-PID) memory and page fault statistics
6. Global CPU and page fault statistics for tasks and all their children
7. Process creation activity
8. Interrupt statistics (global, per CPU and per interrupt, including potential APIC interrupt sources)
9. Network statistics, for all network interfaces!
10. NFS server and client activity
11. Socket statistics
12. Run queue and system load statistics
13. Kernel internal tables utilization statistics
14. System and per Linux task switching activity
15. Swapping statistics
16. TTY device activity
    

• Average statistics values are calculated over the sampling period.
• Works with every Linux kernel (from the old 2.0 to the newest 2.6 ones),
• Most system statistics can be saved in a file for future inspection.
• Allows to configure the length of data history to keep.
• On the fly detection of new devices (disks, network interfaces, etc.) that are created or registered dynamically.
• Support for UP and SMP machines, including machines with hyperthreaded or multi-core processors.
• Support for hotplug CPUs (it detects automagically CPUs that are disabled or enabled on the fly).
• Works on many different architectures, whether 32- or 64-bit.
• Needs very little CPU time to run (written in C).
• System statistics can be exported in various different formats (CSV, XML, etc.). DTD and XML Schema documents are included in sysstat package.
  
• Internationalization support (sysstat has been translated into numerous different languages). Sysstat is now part of the Translation Project.
• Many programs available on the internet to use sysstat's data to make graphs (one of them, isag, is included in sysstat).

Turn on ATX PSU without mortherboard

The PS_ON pin output +5 V power when the PSU is power off. Short the PS_ON with any GND pin will turn on the PSU

ASP based web site configure SSL certificate

web.conf file include the information about how to connect to other server eg, database server, smtp server ......

web.sitemap has the indicator whether a page need to be access by passing the ssl channel. Normally for the web site which use virtual host can not set up use ssl certificate by IIS manager. They will set a flag in the web.sitemap file to indicate IIS which file need access by using ssl certificate. However if the file mentioned in the web.sitemap file using ssl certificate would not work if it has been seted require ssl certificate in the IIS manager too.

Xming remote control linux with GUI

Xming is the leading free unlimited X Window Server for Microsoft Windows
http://www.straightrunning.com/XmingNotes/

ASP based website configuration

File which need to configured:

web.conf
web.sitemap

Basic concept of iptable

Tables:
Table is category of functions provided by iptable. There are four choice: filter, nat, mangle and raw.
Chains:
Chain is the group of rules has the a common tag, for example input, output.
Matches:
Matche is a condition that use to decide which kind of actions need to be take by iptable.
Targets:
Targets are actions that could be used on packages base on which match it has met.