/[cvs.andrew.net.au]/documentation/kpt/documentation_sep14.tex
ViewVC logotype

Contents of /documentation/kpt/documentation_sep14.tex

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations)
Tue Sep 14 03:14:41 2004 UTC (18 years ago) by apollock
Branch: MAIN
CVS Tags: HEAD
File MIME type: application/x-tex
Documentation for work performed on September 14

1 \documentclass[titlepage,a4paper]{article}
2
3 \usepackage{fancyhdr}
4
5 \title{Documentation of work performed for Kinetic Performance Technology}
6 \author{Andrew Pollock}
7
8 \begin{document}
9
10 \maketitle
11
12 \pagestyle{fancy}
13 % \renewcommand{\chaptermark}[1]{\markboth{#1}{}}
14 \renewcommand{\sectionmark}[1]{\markright{\thesection\ #1}}
15 \fancyhf{}
16 %\fancyhead[LE,RO]{\bfseries\thepage}
17 \fancyhead[LO]{\bfseries\rightmark}
18 %\fancyhead[RE]{\bfseries\leftmark}
19 \renewcommand{\headrulewidth}{0.5pt}
20 \renewcommand{\footrulewidth}{0pt}
21 \addtolength{\headheight}{0.5pt}
22 \fancypagestyle{plain}{%
23 \fancyhead{}
24 \renewcommand{\headrulewidth}{0pt}
25 }
26
27 \section{Introduction}
28
29 This document details work performed at Kinetic Performance Technology offices on September 14.
30
31 \section{Private DNS server}
32
33 BIND9 has been installed on \emph{k9}, and configured to serve a privately
34 visible (to the KPT VPN) top-level domain \texttt{kpt.}.
35
36 For this domain to be visible to all KPT sites and infrastructure, they
37 should have their resolvers configured to use 192.168.2.6 as their primary
38 nameserver. This will require reconfiguration of the DHCP servers running on
39 the IPCop firewalls.
40
41 BIND9 on \emph{k9} is configured to use the IPCop firewall at the KPT office
42 as its forwarder, so all DNS queries for other domains are passed to this
43 for resolution.
44
45 If the performance of DNS queries at other sites is unsatisfactory,
46 additional local (to each site) nameservers can be configured to slave this
47 private top-level domain, and basically work in the same manner to the
48 nameserver running on \emph{k9}.
49
50 To add additional DNS entries to the \texttt{kpt.} domain, on \emph{k9},
51 modify the file \texttt{/etc/bind/kpt.zone}.
52
53 The important things to note are the serial number should be incremented. It
54 is date based, with an additional two digits for multiple changes in the
55 same day. For example, if a change were made on the 14th of September, the
56 serial number would read \texttt{2004091401}. If another change were made on
57 the same day, the \texttt{01} would be incremented to \texttt{02}.
58
59 Normal DNS A records are added by adding a line like this:
60
61 \begin{verbatim}
62 leela IN A 192.168.2.101
63 \end{verbatim}
64
65 once the zone file has been edited, to tell BIND9 to reload it, issue
66 \texttt{rndc reload kpt}.
67
68 \subsection{Configuration}
69
70 \begin{verbatim}
71 /etc/bind/named.conf.local:
72
73 zone kpt. {
74 type master;
75 file "/etc/bind/kpt.zone";
76 };
77 \end{verbatim}
78
79 \begin{verbatim}
80 /etc/bind/named.conf.options:
81
82 forwarders {
83 192.168.2.1;
84 };
85 \end{verbatim}
86
87 \section{Authenticated Squid proxy server}
88
89 For testing purposes, the Squid proxy server running on the VMWare virtual
90 machine \emph{squid} has been reconfigured to require authentication for
91 clients on the \texttt{192.168.2.0/24} subnet.
92
93 The following directives were added to the existing
94 \texttt{/etc/squid/squid.conf}:
95
96 \begin{verbatim}
97 auth_param basic program /usr/lib/squid/ncsa_auth /usr/local/etc/squid_passwd
98 auth_param basic children 5
99 auth_param basic realm Kinetic test proxy server
100
101 acl LAN src 192.168.2.0/24
102
103 http_access allow LAN password
104 \end{verbatim}
105
106 The \texttt{htpasswd} utility (from the \texttt{apache-utils} package) is
107 used to maintain \texttt{/usr/local/etc/squid\_passwd}.
108
109 \begin{verbatim}
110 htpasswd /usr/local/etc/squid_passwd user
111 \end{verbatim}
112 will add a new user, or change an existing user's password. To remove a
113 user, edit the file with your favourite text editor and delete the entire
114 line referencing that user. A user has been created with the username
115 \texttt{testuser} and password \texttt{testing123}
116
117 \end{document}

  ViewVC Help
Powered by ViewVC 1.1.22