/[cvs.andrew.net.au]/documentation/kpt/documentation_sep14.tex
ViewVC logotype

Annotation of /documentation/kpt/documentation_sep14.tex

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (hide annotations)
Tue Sep 14 03:14:41 2004 UTC (18 years ago) by apollock
Branch: MAIN
CVS Tags: HEAD
File MIME type: application/x-tex
Documentation for work performed on September 14

1 apollock 1.1 \documentclass[titlepage,a4paper]{article}
2    
3     \usepackage{fancyhdr}
4    
5     \title{Documentation of work performed for Kinetic Performance Technology}
6     \author{Andrew Pollock}
7    
8     \begin{document}
9    
10     \maketitle
11    
12     \pagestyle{fancy}
13     % \renewcommand{\chaptermark}[1]{\markboth{#1}{}}
14     \renewcommand{\sectionmark}[1]{\markright{\thesection\ #1}}
15     \fancyhf{}
16     %\fancyhead[LE,RO]{\bfseries\thepage}
17     \fancyhead[LO]{\bfseries\rightmark}
18     %\fancyhead[RE]{\bfseries\leftmark}
19     \renewcommand{\headrulewidth}{0.5pt}
20     \renewcommand{\footrulewidth}{0pt}
21     \addtolength{\headheight}{0.5pt}
22     \fancypagestyle{plain}{%
23     \fancyhead{}
24     \renewcommand{\headrulewidth}{0pt}
25     }
26    
27     \section{Introduction}
28    
29     This document details work performed at Kinetic Performance Technology offices on September 14.
30    
31     \section{Private DNS server}
32    
33     BIND9 has been installed on \emph{k9}, and configured to serve a privately
34     visible (to the KPT VPN) top-level domain \texttt{kpt.}.
35    
36     For this domain to be visible to all KPT sites and infrastructure, they
37     should have their resolvers configured to use 192.168.2.6 as their primary
38     nameserver. This will require reconfiguration of the DHCP servers running on
39     the IPCop firewalls.
40    
41     BIND9 on \emph{k9} is configured to use the IPCop firewall at the KPT office
42     as its forwarder, so all DNS queries for other domains are passed to this
43     for resolution.
44    
45     If the performance of DNS queries at other sites is unsatisfactory,
46     additional local (to each site) nameservers can be configured to slave this
47     private top-level domain, and basically work in the same manner to the
48     nameserver running on \emph{k9}.
49    
50     To add additional DNS entries to the \texttt{kpt.} domain, on \emph{k9},
51     modify the file \texttt{/etc/bind/kpt.zone}.
52    
53     The important things to note are the serial number should be incremented. It
54     is date based, with an additional two digits for multiple changes in the
55     same day. For example, if a change were made on the 14th of September, the
56     serial number would read \texttt{2004091401}. If another change were made on
57     the same day, the \texttt{01} would be incremented to \texttt{02}.
58    
59     Normal DNS A records are added by adding a line like this:
60    
61     \begin{verbatim}
62     leela IN A 192.168.2.101
63     \end{verbatim}
64    
65     once the zone file has been edited, to tell BIND9 to reload it, issue
66     \texttt{rndc reload kpt}.
67    
68     \subsection{Configuration}
69    
70     \begin{verbatim}
71     /etc/bind/named.conf.local:
72    
73     zone kpt. {
74     type master;
75     file "/etc/bind/kpt.zone";
76     };
77     \end{verbatim}
78    
79     \begin{verbatim}
80     /etc/bind/named.conf.options:
81    
82     forwarders {
83     192.168.2.1;
84     };
85     \end{verbatim}
86    
87     \section{Authenticated Squid proxy server}
88    
89     For testing purposes, the Squid proxy server running on the VMWare virtual
90     machine \emph{squid} has been reconfigured to require authentication for
91     clients on the \texttt{192.168.2.0/24} subnet.
92    
93     The following directives were added to the existing
94     \texttt{/etc/squid/squid.conf}:
95    
96     \begin{verbatim}
97     auth_param basic program /usr/lib/squid/ncsa_auth /usr/local/etc/squid_passwd
98     auth_param basic children 5
99     auth_param basic realm Kinetic test proxy server
100    
101     acl LAN src 192.168.2.0/24
102    
103     http_access allow LAN password
104     \end{verbatim}
105    
106     The \texttt{htpasswd} utility (from the \texttt{apache-utils} package) is
107     used to maintain \texttt{/usr/local/etc/squid\_passwd}.
108    
109     \begin{verbatim}
110     htpasswd /usr/local/etc/squid_passwd user
111     \end{verbatim}
112     will add a new user, or change an existing user's password. To remove a
113     user, edit the file with your favourite text editor and delete the entire
114     line referencing that user. A user has been created with the username
115     \texttt{testuser} and password \texttt{testing123}
116    
117     \end{document}

  ViewVC Help
Powered by ViewVC 1.1.22