Linux NIC bonding

Configuration files:
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1
/etc/sysconfig/network-scripts/ifcfg-bond0
/etc/modprobe.conf
/proc/net/bonding/bond0

Files contant:

• /etc/sysconfig/network-scripts/ifcfg-eth0
  DEVICE=eth0
  USERCTL=no
  ONBOOT=yes
  MASTER=bond0
  SLAVE=yes
  BOOTPROTO=none
  ETHTOOL_OPTS="speed 1000 duplex full autoneg on"
  
• /etc/sysconfig/network-scripts/ifcfg-eth2
  DEVICE=eth2
  USERCTL=no
  ONBOOT=yes
  MASTER=bond0
  SLAVE=yes
  BOOTPROTO=none
  ETHTOOL_OPTS="speed 1000 duplex full autoneg on"
  
• /etc/sysconfig/network-scripts/ifcfg-bond0
  DEVICE=bond0
  IPADDR=192.168.100.20
  NETMASK=255.255.255.0
  NETWORK=192.168.100.0
  BROADCAST=192.168.100.255
  ONBOOT=yes
  BOOTPROTO=none
  USERCTL=no
• /etc/modprobe.conf
  alias eth0 e1000
  alias eth1 tg3
  alias bond0 bonding
  options bond0 miimon=100 mode=5
  

Bonding mode:

mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor)
XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

 Pre-requisites:  1. Ethtool support in the base drivers for retrieving  the speed and duplex of each slave.  2. A switch that supports IEEE 802.3ad Dynamic link  aggregation.  Most switches will require some type of configuration  to enable 802.3ad mode.

mode=5 (balance-tlb)
Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

 Prerequisite:  Ethtool support in the base drivers for retrieving the  speed of each slave.

mode=6 (balance-alb)
Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

The most used are the first four mode types...

Also you can use multiple bond interface but for that you must load the bonding module as many as you need.
Presuming that you want two bond interface you must configure the /etc/modules.conf as follow:

 alias bond0 bonding  options bond0 -o bond0 mode=0 miimon=100  alias bond1 bonding  options bond1 -o bond1 mode=1 miimon=100

DNS server

DNS functions

• Forward Lookup - hostname to IP
• Reverse Lookup - IP to hostname
• Logically group computer by domain
• Email routing information - MX record

DNS Zone, Domains and Delegation

• A domain is a DNS scope that responsible for name resolution
• A zone is the name resolution scope that managed by one specific server
• DNS server can delegate sub-domains into additional zones which managed by other server or servers

Name Server Hierarchy

• Master name server contains the master copy of data for a zone
  
  • Master name server files:
  • Domain forward lookup zone file
  • Domain reverse lookup zone file
  • named.ca - Root server information file
    
  • localhost.zone - local forward lookup file
    
  • named.local - local reverse lookup file
    
• Slave name server provides a backup of the master DNS server and automatically synchronize with the master DNS server.
  
  • Slaver name server file:
  • named.ca
  • localhost.zone
  • named.local
  • DNS zone transfer - The action of slaver name server copying the "Domain forward lookup zone file" and "Domain reverse lookup zone file" from master server called DNS zone transfer

Name resolution procedure:

1. Received name resolution request from client.
2. If the requested name is in the local database, DNS serve would send the IP address back to the client. The name resolution action will finished. If the requested name is not in the local database, DNS server would forward the request to the root server.
3. If the root server has not the requested name, it will response the IP address of the DNS serve which mange the second level domain of the requested name. Otherwise the root server will response the IP of the requested name and then DNS server will send it back to client.
4. DNS serve will continually repeat step 3 until resolved the Requested name.
   
5. DNS server will save the resolution in the catch file and send it back to client

Berkeley Internet Name Domain (BIND)

BIND is the most widely used DNS server on the internet. It provides a stable and reliable infrastructure on which to base a domain's name and IP address associations. It runs in a chrooted environment to provide max security. Chrooted redirect the root directory to other directory which is /var/named/chroot/var/named/db.* in RHEL

BIND on RHEL

• Service type - system V
• Packages - bind, bind-utils, bind-chroot
• Daemons - named, rndc
• Script - named which can start or stop DNS service
  
• Ports - named on port 53, rndc on port 953
• Files - all under /var/named/chroot directory
  
• /etc/named.conf - main configuration file include zones, options, access control lists and etc
• /var/named/* - DNS database
  
• /etc/rndc.* - DNS security file
  
• Related - caching-nameserver - used to quickly setup a caching only DNS, openssl encrypt the DNS communication.

Master and Slave Zones

• Master zone - the DNS data which sorted in the master DNS server. The data on master zone can be added, deleted or modified.
  
• Slaver zone - the DNS data which sorted in the slave DNS server. The data inside Slaver zone are transfered from the master DNS server. So that the data on slaver zone can not be modified , deleted and added.

Reverse Loolup Zones

DNS configurations

• bind-chroot - change ROOTDIR = directory_name in /etc/sysconfig/named. Put a # in front of ROOTDIR will stop chroot function.
• Zone files directory - directory=var/named so all DNS zone files are in the /var/named/chroot/var/named
  
• Global Options (each line must finish by ";", sting need inside " ") (in named.conf)
  
  • options{
    
    directory "/var/named"; # set root directory of all related paths specified in named.cong. That means all the root directory of all the DNS database file.
    forwards {10.0.01.254;}; # define the server to which DNS queries will be sent when the queries can be resolved locally. If the queried DNS server can not answer, it will try root DNS server unless the forward-only option is set too.
    allow-query {192.068.2/24;}; #White list of the querier. If this option is not set the DNS can be queried from every where.
    allow-transfer {192.068.2/24;}; #Only the listed DNS can copy the DNS database.
    
    }
• Access Conrol Lists (acl) (in named.conf)
  • acl "list_name" {192.168.1/24;192.168.1/24};
• Master and Slave Zones Note: zone file name must contain zone name
  
  • zone "example.com"{
    type master;
    file "example.com.zone" #it stored in the path which defined in directory option
    };
  • zone "kernel.org"{
    type slaver;
    masters {192.168.1.1;};
    file "slaves/kernel.org.zone";
    };
    
• Reverse Loolup Zones must have follows three records
  
  • SOA record
  • NS records
  • PTR records
    
  Create one reverse lookup zone by create the 192.168.1.zone in the /var/named/chroot/var/named directory. Type in the following lines.
  
  $TTL 86400
  @ IN SOA example.com. root.example.com. (
  2001101100 ; serial number
  10800 ;refresh
  3600 ;retry query
  604800 ;expire
  0 ;negative TTL
  )
  ; Resource Records
  @ IN NS ns.example.com.
  3 IN PTR ns.example.com.
  
  After created the zone file, the owner and owner group of the file need to be change to named by using command "chown named:named 192.168.1.zone".
  
  zone "192.168.1.in-adde.arpa"{
  type slave;
  masters {192.168.1.3;};
  file "slaves/192.168.1.zone";
  }
  Note: zone name must end with .in-adde.arpa
  
  
  
• Root Zone and Loopback Zone
  
  • Root zone "."
    zone "." {
    type hint;
    file "named.ca";
    }
  • Lookback zone "0.0.127.in-adde.arpa"
    zone "0.0.127.in-adde.arpa" {
    type master;
    file "named.local";
    }
• Forward lookup zone must have follows three records
  • SOA record
  • NS record
  • A records
  Create one forward lookup zone by create the example.com.zone in the /var/named/chroot/var/named directory. Type in the following lines.
  
  $TTL 86400
  @ IN SOA example.com. root.example.com. (
  2001101100 ; serial number
  10800 ;refresh
  3600 ;retry query
  604800 ;expire
  0 ;negative TTL
  )
  ; Resource Records
  @ IN NS ns.example.com.
  ns IN A 192.168.1.3
  
  After created the zone file, the owner and owner group of the file need to be change to named by using command "chown named:named example.com.zone".
  

Zone file

• Begins with $TTL(Time to live) - Determines the default length of time in seconds which you want resolving servers to cache your zone's data.
• First resource record is zone's start of authority(SOA)
• Zone data in additional resource records
• Resource Records(RR)
  
  • [domain] [ttl] [clase]
  • [domain] - specify domain or use current
    
  • [ttl] - how long record will be cached, if it has not been specific the record will use the ttl which in the first line for the zone file.
    
  • [clase] - record classification(usually IN means Internet)
    
  • - record typ (SOA, MX, A, etc)
    
  • - specific data for record
• SOA(Start of Authority) - Every zone file must have one. Following is a example SOA record.
  @ IN SOA example.com. root.example.com(
  2001101100 ; serial number
  10800 ;refresh
  3600 ;retry query
  604800 ;expire
  0 ;negative TTL
  )
  
  In the first line, example.com. - The domain name of the DNS server which manage this zone. root.example.com - The administrator of this zone. Serial number will be increase when every time of change. Therefor the slave servers can know whether the zone file has been changed.
  
  In the Second line, The number meas 10800 second which determined slaver servers check the zone file whether has been changed every 10800 second(3 hours)
  
  In the third line, The number is 3600 second which determined slaver servers will retry connect the master server every 3600 second when the refresh was failed.
  
  In the fourth line, Slaver server would delete the zone file if it can not refresh with in the expire time 604800 seconds.
  
  In the fifth line, negative TTL specify how long the DNS server cache the unfound record.
• NS (Name Server) - designate name servers to use for this domain
  There should be an NS record for each master of slave name server serving your zone. NS records point to any slave servers that should be consulter by the client's name server if the master should fail
  
  example.com. IN NS ns.example.com.
  example.com. IN NS ns1.example.com.
  @ IN NS ns2.example.com.
  
  That is domain name, internet, Name server, DNS server's domain name. @ represent the default domain name.
  
  If there are more than one DNS point to one domain the first one would be the master DNS others would be slave DNS.
• A records map host name to IP address
  mail IN A 192.168.0.2
  ns.example.com. IN A 192.168.0.3
  Note: If the hos tname not finished with "." system would think it is a host inside the default domain. System will add the default domain name behind the host name. In this case the host full domain name is "mail.example.com.".
  
• CNAME records map address aliases
  www IN CNAME ns1
  dns IN CNAME ns.example.com.
  The first line means if someone look for www.example.com the DNS server will response the IP address of the host ns1.example.com. So that As the host name usage in the A record, if the host name not finish with "." system will add default domain name behind it.
  
• PTR records map IP address to hostname
  3.0 IN PTR ns.example.com.
  Note 3.0 not finish with "." so it represent "3.0.168.192.in-addr.arpa."
  
• MX records map mail servers for a domain
  example.com. IN MX 5 mail.example.com.
  example.com. IN MX 10 mail1.example.com.
  Note: the number represent priority, less number means higher priority
• Round Robin Load Sharing Through DNS
  Load balancing can be achieved through the simple use of multiple A records:
  www 0 IN A 192.168.2.101
  www 0 IN A 192.168.2.102
  www 0 IN A 192.168.2.103
  AS TTL is set to 0 so that everyone need access host www, need to request IP from the DNS server. And the DNS server will reponse the ip one by one in the list. Therefor www users can be redirect to different servers for load balance implementation. However DNS traffic will increase as a TTL of 0 means never cached.
  
  
  

• 
  
  

Send mail setting

Email Process,

• MSP(Mail Submission Program)
• MTA(Mail Transport Agent)
• MDA(Mail Delivery Agent)

Configuration file,

• /etc/mail/sendmail.cf - the main configuration file for sendmail
• /etc/mail/sendmail.mc - sendmail macro configuration file
  
• /etc/mail/submit.cf - configure sendmail operation when connected by MSP(email client software)
• /etc/aliases - configure local user aliases and need use newaliases command to hash to aliases.db before using.
  
• /etc/mail/local-host-names - lists the aliases and domain, which the mail server will accept in an incoming e-mail address for local delivery
• /etc/mail/access - after modification need run "make" in /etc/mail folder
  
• /var/named/chroot/var/named/db.domain DNS setting file
• Log file: /var/log/maillog

Configuration

• set in sendmail.cf

• Get host ip address,
  
• Set DNS server IP in /etc/resolv.conf and make sure search follow with correct domain name
• example db.domain file
  domain.com. IN NS example.domain.com.
  example.domain.com. IN A 192.168.1.12
  domain.com. IN MX 10 example
• Allow other PC sent email though the smtp server(by default sendmail only allow user send email on the server) by set line DaemonPort0ptions=Port=smtp,Addr=127.0.0.1, Name=MTA to notes in the sendmail.cf file
• netstat -tupln | grep :25 - display on the port 25 which program listen on which address t - tcp, u - udp, P - program name, L - listening port, n
  
• service sendmail restart - active the above setting
  
• set in sendmail.mc
  
  • Back up sendmail.mc and sendmail.cf
    
  • put dnl in front of DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')
    
  • m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
  • diff /etc/mail/sendmail.cf /etc/mai/sendmail.cf.bak - compare the new and old sendmail.cf file