Category: Computers

BIND Authoritative-Only DNS Server on Ubuntu Server 14.04 or Debian 7

This post will explain how to get a DNS server setup going on Ubuntu Server 14.04 or Debian 7 using BIND. The arrangement assumes the following:

  • You’re using a master/slave configuration.
  • Your server host provides the rDNS for you. Most VPS hosting services handle the rDNS, so you’re not required to configure it on your own DNS server.
  • Your hostnames for the servers have been configured as fully qualified domain names.

For the example, the master server will be located at ns1.mydomain.com with an IP address of 10.0.0.1 and the slave server will be located at ns2.mydomain.com with an IP address of 10.0.0.2. Our test domain that is being handled by the DNS servers will be testdomain.com and will be configured to point to the same IP address as the master DNS, which is where we would assume the web server servicing the domain will be located.

For the commands shown in the explanations, it’s assumed that you’re logged in or acting as the root user. If not, you need to precede the commands with sudo, this includes when opening configuration files for editing. You’ll get a permissions error when you try to save the file if you don’t.

Installation

Start by installing BIND on both servers:

apt-get update
apt-get install bind9 bind9utils bind9-doc

If you’re notified that the file /etc/init.d/bind9 already exists on the server, and asked what you would like to do about it, respond with Y or I to install the version that is included with the package.

Configuration

Once the installation is complete, you already have a DNS server running on your Ubuntu installation. We only have to make some configuration changes to ensure master and slave servers are communicating with each other and that the master has been configured with the zone information for the domains being serviced by the DNS servers.

First, open /etc/bind/named.conf.options for editing. You should have something like the following:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

We need to add the following two lines anywhere within the brackets defining the options block:

recursion no;
allow-transfer { none; };

Example with added lines:

options {
        directory "/var/cache/bind";

        recursion no;
        allow-transfer { none; };

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

Save the changes and close the file.

Next, we need to configure the local file to point to the zone files for the domains that will be serviced by the DNS servers. Assuming that we’re servicing a domain called testdomain.com, open /etc/bind/named.conf.local and add the following – as designated for master and slave configurations:

Master

zone "testdomain.com" {
        type master; also-notify { 10.0.0.2; };
        file "/etc/bind/zones/db.testdomain.com";
};

Slave

zone "testdomain.com" {
        type slave; masters { 10.0.0.1; };
        file "/etc/bind/zones/db.testdomain.com";
};

Since the zone block within the local file is pointing to a sub-directory within BIND’s primary directory to house the zone files, we need to create the zones directory and change its owner to the bind user. This needs to be done for both the master and slave servers:

mkdir /etc/bind/zones
chown bind: /etc/bind/zones

Now, you can create the zone file for the domain. For the example, we called the file db.testdomain.com, and configured BIND to look for the file in the /etc/bind/zones directory.

An example of our zone file would look like:

$ORIGIN testdomain.com.
$TTL 1800
@       IN      SOA     ns1.mydomain.com.       admin.testdomain.com. (
                        2015010101              ; serial number
                        3600                    ; refresh
                        900                     ; retry
                        1209600                 ; expire
                        1800                    ; ttl
                        )
; Name servers
                    IN      NS      ns1.mydomain.com.	; master DNS
                    IN      NS      ns2.mydomain.com.	; slave DNS

; A records for name servers
ns1                 IN      A       10.0.0.1		; master DNS IP
ns2                 IN      A       10.0.0.2		; slave DNS IP

; Additional A records
@                   IN      A       10.0.0.1		; www IP

; CNAME records
www                 IN      CNAME   testdomain.com.	; www IP

The settings above are fairly straightforward for configuring a zone with NS records and records to point to a web server for serving pages. Just be aware that the value for serial needs to be changed every time the zone file is updated, otherwise the DNS server will not update other servers. For the appended www, you could include an A record that points to the web server’s IP address, just like the origin does, but I believe it is more appropriate to point it to the origin with a CNAME record, as I updated this example to do. Feel free to correct me if you know better.

Check Configurations

At this point, all configuration is done. You simply need to check the configuration and zone files for errors, and then restart the servers.

You can check the local configuration by issuing:

named-checkconf /etc/bind/named.conf.local

If it returns nothing (line-breaks directly back to the command prompt), then everything checked good.

You can then check the zone configuration with (on the master server):

named-checkzone testdomain.com /etc/bind/zones/db.testdomain.com

If all checked well, it should return something like:

zone testdomain.com/IN: loaded serial 2015010101
OK

Now, simply restart the two servers.

service bind9 restart

After waiting for the configurations to propogate (varies in time – could be over 24 hours), you can pull up a prompt on your local linux machine and issue the following to see if the DNS has updated the domain to point to your master DNS server’s IP address:

nslookup testdomain.com

A successful setup should return something similar to:

Non-authoritative answer:
Name:	testdomain.com
Address: 10.0.0.1

An unsuccessful setup would return something more like this:

** server can't find testdomain.com: SERVFAIL

If you get an error, it could be that you didn’t give the servers enough time to update the information for the domains. Either way, you can view the system log on the servers to see if there are any errors:

tail -f /var/log/syslog

Look for the following to indicate successful zone information loading and communication between master and slave servers:

named[4215]: zone testdomain.com/IN: loaded serial 2015010101
named[4215]: zone testdomain.com/IN: sending notifies (serial 2015010101)

Anything else, pertaining specifically to the domain you configured, might indicate there is a problem with either the zone file or that the master and slave are not communicating. Ensure your firewall is allowing traffic on port 53.

HostUS VPS Specials

These are two specials that HostUS is offering on their OpenVZ VPS services. It hasn’t been stated when the specials will end, but I’d grab them while they’re available if you’re in the market. Beyond the specials, they appear to have very affordable VPS options available, and I believe they’re in the process of adding KVM options as well. Worth a look if you are considering purchasing a VPS.

768MB
768MB RAM / 768MB vSwap
1 vCPU Core (Fair Share)
20 GB Disk Space
2048 GB Bandwidth / 1Gbit Uplink (Fair Share)
1x IPv4 address / 4 x IPv6 Addresses
OpenVZ/In-House Panel
$10/year (Click Here)

6GB
6GB RAM / 6GB vSwap
4 vCPU Cores (Fair Share)
150GB Disk space
5TB Bandwidth / 1Gbit/s port
3 x IPv4 address / 4 x IPv6 Addresses
OpenVZ/In-House Control Panel
$18/quarter or $65/year (Click Here)

 

Re-Formatting a USB Drive with GTP Data (Mac) in Ubuntu

I ran into a problem the other day when I decided to create a bootable USB drive for upgrading my fiancée’s Mac to OSX Yosemite.

After creating the drive with the bootable upgrade data, I decided to reformat the USB drive back for my typical use. This particular USB drive is one that I’ve used primarily for installing OS’s, so I regularly wipe it and use it to boot as a live USB for various Linux distros whenever I want to test something or (re)install it. However, I found that I couldn’t format this drive and use it to boot an OS as I had done before. GParted would perform the formatting action and partition the drive, but I could not get it to mirror the same Partition Type of W95 FAT32 (LBA) as the other drives I had. Whatever the problem was, it also caused Ubuntu’s Startup Disk Creator to be unable to perform the Erase Disk function on the drive without giving a long error that ended with the explanation of an invalid UUID. Searching for this error came up with nothing. So, snooping around, I decided to try formatting the drive via terminal, and that’s when fdisk gave me an error stating the the drive had GPT data, which is’t supported by fdisk.

A little more snooping online led me to this page, where an explanation of removing GPT data (used by Mac) was given. Following the steps outlined on that page using gdisk, and then following up with formatting via terminal with fdisk to reformat the drive as W95 FAT32 (LBA) type, the problem was finally resolved.

I’ll outline the steps, from beginning to end, for removing the GTP data and formatting back to FAT32, which I assume is how most USB flash drives are formatted by default.

First, issue the following command:

sudo fdisk -l

Note that you must issue the command with sudo, or else it will output nothing. Find your drive in the list of devices and it should have a line similar to:

   Device Boot      Start         End      Blocks   Id  System
/dev/sdX1               1  4294967295  2147483647+  ee  GPT

The values for Device, Start, End and Blocks will vary, but the value for Id and System will be ee and GTP as shown. Make note of the device’s designation, as it is important that you perform the next tasks on the correct device to avoid data loss or compromising your PC. Also be aware that some external hard drives are formatted this way (the above output that I used is of an external drive that I have that happened to be formatted to fit the example), so make sure you don’t mistake the wrong device for the one you’re meaning to format.

Now that we know the device we need to reformat, we have to use gdisk to remove the GPT data for us. fdisk does not support GPT data types.

gdisk /dev/sdX

I decided to call my device for the example sdX, where X would be the letter assigned to your device. In most cases, unless you’re performing this on the drive that your PC boots from, you’ll likely not be using sda or sdb. Otherwise, you may want to refer to Rod Smith’s steps that explain how to backup the drive’s MBR data. Since this post is meant to cover an external USB flash drive (per my personal situation), I won’t include those steps.

The above command will output something similar to:

GPT fdisk (gdisk) version 0.7.2

Partition table scan:
  MBR: MBR only
  BSD: not present
  APM: not present
  GPT: present

Found valid MBR and GPT. Which do you want to use?
 1 - MBR
 2 - GPT
 3 - Create blank GPT

Your answer:

In my case, I wasn’t asked which partition table to use, because MBR was restricted – causing GPT to be the only one available. However, it doesn’t matter which one you choose, if asked, since we’re wiping the GPT data and not looking to convert or salvage data.

You’ll be presented with a command prompt:

Command (? for help):

The remainder of the command prompts should be issued as:

Command (? for help): x

Expert command (? for help): z
About to wipe out GPT on /dev/sdX. Proceed? (Y/N): y
Blank out MBR? (Y/N): n

Make sure you answer n when asked if you want to blank out the MBR. This may not be as crucial for a USB flash drive, but wiping the MBR on a drive that you use to boot from would be disastrous (especially if you didn’t back it up beforehand).

The next steps are actually formatting the drive using fdisk. Substituting in sdX for your drive’s device, enter the following commands when prompted in the order shown to perform the format of the drive. Note: output has been omitted. Where no response is shown for command prompt, simply hit enter.

sudo fdisk /dev/sdX
Command (m for help): p
Command (m for help): d
Command (m for help): p
Command (m for help): w
sudo fdisk /dev/sdX
Command (m for help): n
Command (m for help): p
Partition number (1-4): 1
First cylinder (1-1020, default 1):
Last cylinder, +cylinders or +size{K,M,G} (?-????, default ????):
Command (m for help): t
Hex code (type L to list codes): L

At this point, you’ll be presented with a list of all device types you can format the drive to using fdisk. In this case, I wanted W95 FAT32 (LBA), so I chose b

Hex code (type L to list codes): b
Command (m for help): a
Partition number (1-4): 1
Command (m for help): p
Command (m for help): w

Finally, we can format the drive:

sudo mkdosfs -F 32 /dev/sdX1

The last command could technically be handled via Disk manager or GParted, if you wanted a user interface instead of terminal, but it would make sense to just issue the command in terminal since we’re already working in terminal for the rest of the steps.

Linux Mint with MATE and Cinnamon

Linux Mint ships with several options for desktop environments, but the two most advertised are MATE and Cinnamon – with Cinnamon being its primary candidate.

When you install Mint, you typically have to decide which desktop you want, because each has its own installation package. What you may not know, however, is that you can actually install one version of Mint and still have both options for your desktop environment. The best part is that you don’t even have to get your hands dirty with the command line interface to do it.

Here are the steps:

  1. After you have installed Mint, login and open the Software Manager. It is usually to the left in the Menu for both MATE and Cinnamon.
  2. If you have MATE version installed, search for Cinnamon. If you have Cinnamon, search for MATE.
  3. If you’re looking to add the Cinnamon desktop onto a MATE installation, you need to look for cinnamon and mint-meta-cinnamon packages in the top results, and install those two. For installing MATE within a Cinnamon installation, it’s the opposite: mate and mint-meta-mate. These two packages will install the desktop environments and the key packages that they need. A lot of the other results you see in your search will actually be included with the installation of those two.
  4. After the installation has completed, log out of your session and click the icon at the top-right of the sign in box on the login screen and you can now select between the two different desktop environments for your session.

Netflix Official Linux Support

There’s finally an officially supported way to watch Netflix on Linux without jumping hurdles through various methods that try to work around their Silverlight requirement.

Perhaps they’re copying the same method that allows Chromebook users to stream Netflix, but it requires the Chrome browser in Linux to do it. Before I did this, I attempted to install and configure Pipelight to see if I could stream a show in Firefox, and I was met with the incompatibility page. So, I removed Pipelight and installed Chrome. Went to Netflix, logged in and the show I tried to view opened up without a hitch – lacking any additional packages installed besides Chrome itself.

Though I prefer Firefox to Chrome, I’ll happily boot up Chrome if only to watch Netflix. It sure beats the uncertain methods of trying to either emulate or immitate Silverlight, which has been the popular tactic for some time now.

You can grab the Chrome package to install directly from your machine by going to its download page, or you can install it from terminal using APT by adding Google’s repositories:

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
sudo apt-get update
sudo apt-get install google-chrome-stable

 

Linux Mint’s “Point” Updates

Linux Mint is doing something that is new, at least to me. If they’ve done this in the past, I didn’t know about it, so I’m assuming that they didn’t. They’re releasing a “point” update to version 17 “Qiana”, their latest LTS release of Mint, which will be 17.1 “Rebecca”. Based on what has been said in this blog post on Mint’s official website, I assume that all point releases will feature a different codename.

If my understanding is correct, Mint’s point-release updates won’t be quite the same as Ubuntu’s. Where Ubuntu 14.04.1 is actually the same exact distribution as 14.04 only with updated packages and kernels that would automatically be updated from Ubuntu’s repositories anyway (though saving you the time of downloading them – by getting them in the installation ISO), Mint 17.1 will feature updates to the desktop environments themselves. So, where 14.10 will feature an updated Unity, most likely, that could only be applied to 14.04 by enabling unstable repositories, Mint will work out a stable update to their environments and actually push it to be a stable update to their LTS release. This is awesome. There were small changes to Unity that I wanted from 13.10, but I didn’t want to upgrade to 13.10 or take the chance of upgrading the Unity environment in 12.04 at the risk of it having compatibility issues with packages in the 12.04 repositories. Even if my concerns were unfounded, updates to LTS releases are typically limited for a reason, and that’s usually to help ensure that people don’t run into compatibility issues or crippling bugs.

What’s also cool about the point-releases for Mint is that it will be upgradable through their Update Manager. Though Mint sees updates to packages at a slower pace than Ubuntu, this usually means the chance of having issues with those updated packages is minimized, which is better than getting the new bells and whistles only to have them break your machine and put you in an aggravating position of having to revert and recover. I like Mint. When the next LTS version is released, I may just change for my primary PC. I have two years to think about it, though I’m already running it on my laptop to see how the progression goes. That’s not to say that Ubuntu is being looked at as a loser in this. After all, I’ve used it as my primary OS for nearly three years now, and there’s obviously good reasons for that. I just can’t fail to consider another distribution that may be making better strides in improving the Linux experience, even if Ubuntu continues to be an excellent OS that is probably the best for first-time Linux users to try. On top of that, Windows users considering the migration over to Linux may find Cinnamon and MATE both more comfortable than Unity, in terms of a layout that closer resembles Windows’ Start menu-style layout. I would recommend Mint over Ubuntu to such a person.

Ubuntu Software Center: ‘Available from the “main” source’

For anyone who comes across this problem, which I did tonight on my laptop, you may want to first try closing Software Center and re-opening it. Several suggestions on askubuntu.com and other results from searches online mentioned removing entries from the source lists and so forth. As I said, just closing and re-opening solved the problem where it happened to me. I’m not going to assume this is something new, as people asking about it on those sites when I searched it were experiencing it with 12.04. I never experienced it in 12.04 and have only experienced it once so far on one machine running 14.04.

What occurred was when clicking on an application in the Software Center I was shown no reviews or info for the application, but instead only the message Available from the “main” source with a button saying Use This Source where Install would normally be.

The Linux Hurdle

Okay. After talking with a co-worker yesterday about why he should install Linux on his somewhat-antiquated Vista-ran laptop, I ran into road blocks. He’s pretty reluctant to heed my suggestion and even dip his toes, let alone jump in head-first.

I’ve tried to make points of why I like Linux better than Windows. However, the truth is that I don’t consider Linux a replacement for Windows. It’s like driving vehicles. I drive my smaller compact car almost everyday, because it’s more convenient for typical day travelling and it gets better gas-mileage. So, why do I keep my pick-up truck? It’s a gas guzzler, and depending on the time and place it can be impossible to find a parking spot. Still, if I have to haul something or traverse tougher terrain that requires a vehicle with more clearance or four-wheel drive, my truck is there to save the day. In this case, my compact car is Linux and my truck is Windows. Linux will almost always get the job done, typically faster and with less hassle, while Windows is there to provide any crucial services that Linux just can’t do.

Being that my co-worker’s laptop hard-drive is fairly full, he’s running Vista and he says he has never de-fragged his hard-drive, I’d bet that I can boot up, check my emails, pay a couple of bills, shut down and boot back up to my work space in Linux before he even reaches his desktop for the first time in Vista. And my Linux setup has been installed for nearly two years now. Though, I’d say a fresh install of Linux wouldn’t do it any better. The same can’t be said for Windows.

But like I said, I’m not saying throw Windows out the window. I’m just saying make use of the tools available to you. What’s the point of booting into Windows to do generic tasks that end up taking far longer to complete than they necessarily have to? After all, the less you use Windows, the longer it takes to slow down. Of course, good practices and regular maintenance can help keep Windows running as good as possible. But when you can minimize the amount of work necessary in those respects as well, it makes no sense not to at least dip your toes in. And the sales pitch is spot on: Linux is free, it is generally designed to boot alongside of Windows and it is fairly easy to remove it and revert back to just having Windows if you decide you don’t wish to keep it.

I hope my co-worker comes to the decision of giving Linux a shot. After all, I never used Linux once until two years ago when I decided that testing out a freely available OS seemed like a fun endeavour. It ended up causing me to change up my routine permanently.

Windows 7, LibreOffice 4 Update Issue

On two separate Windows 7 machines, one with Ultimate and one with Home Premium, I ran into the same issue when trying to update LibreOffice 4 to the latest version, 4.2.2.1.

For some reason, there is a folder nested within the LibreOffice 4 directory called program, and this folder is a bitch to do anything with. The reason I found issue with it to begin with is because the installer for LibreOffice 4 kept returning a 1303 permissions error when copying files for the installation. On my first machine, I simply restarted into Ubuntu (the machine is dual-booted) and deleted the LibreOffice 4 directory from the Windows partition using Nautilus. However, on my PC with Home Premium, which isn’t dual-booted, I decided to see if there was a way for me to remedy the issue from within Windows itself. After doing every step I could learn of to either force-delete the file or change permissions, including through CLI with an elevated command prompt, I found that nothing tried within Windows itself would work. In the end, I was still forced to use a linux boot to fix my issue, and I did that using a LiveUSB.

So, if you’re facing the same issue I did, you can take the same step that I did. If you know of a sure-fire solution that can be executed from within Windows, shared knowledge is appreciated.

LibreOffice (Latest Version) Installation for Ubuntu, Linux Mint and elementaryOS

This is somewhat of a follow-up post to a previous post regarding updating LibreOffice for Ubuntu and Ubuntu-based OS.

Because each version of Ubuntu and any OS based on it usually pulls from a specific repository where software that has been deemed stable for that version is stored, getting the latest version of a particular software can be impossible without some configurations. Having used both Ubuntu and Linux Mint, and successfully installed and updated LibreOffice using the LibreOffice PPA, I thought the same could be done for elementaryOS, which is also based on Ubuntu (the latest version, Luna, being specifically based on Ubuntu 12.04 Precise Pangolin).

However, after installing eOS and installing LibreOffice from the default repository, I then added the LibreOffice PPA and found that it caused some issues with the Update Manager in eOS. Not only would it not allow me to update to the latest version of LibreOffice, but it even seemed to interfere with eOS being able to get other updates. I couldn’t even alter the settings in the Update Manager. After removing the LibreOffice PPA from the software sources, all problems seemed to vanish with non-LibreOffice updates. The biggest problem for me at that particular moment, however, was that I couldn’t get LibreOffice updated. A few sites mentioned compiling LibreOffice source to install the latest version, which I didn’t care to do (updating was not that big of a deal for me, if compiling the source was my only option), and so I came across someone else who mentioned following the same steps I had done before, yet adding the PPA before installing the software. So, I followed the necessary steps to completely remove LibreOffice (credit to an answer on askubuntu.com).

sudo apt-get remove --purge libreoffice*
sudo apt-get clean
sudo apt-get autoremove

And then I removed the PPA by opening Update Manager, going to Settings… at the bottom-left, going to the Software Sources tab and removing it from the list. After, I simply re-added the PPA and reinstalled the software back onto the computer using the terminal.

sudo apt-add-repository ppa:libreoffice/ppa
sudo apt-get install libreoffice

I open LibreOffice and find the latest version (4.1.4.2 as of writing this post) installed.

As far as complications with updating the software further, or interfering with other updates, I can’t say. I had already ran all other updates before reinstalling LibreOffice, and so the system is showing up-to-date. I will post a comment if I see the PPA in the sources list causing any other problems, or not updating LibreOffice beyond 4.1.4.2.

There are also some articles posted on elementaryupdates.com regarding ways to configure LibreOffice and other applications to fit more into the eOS appearance, in case anyone is interested.

Update 2015.08.31

On Linux Mint 17.2, I’ve realized that there is one additional step required in addition to what I had mentioned above to update to the latest version of LibreOffice (5.0.1 as I’m writing this). You have to set the priority for the package so that Mint’s update system will allow it to be updated/installed from the PPA. To do that, you need to create the file /etc/apt/preferences.d/libreoffice.pref and place the following inside of it:

Package: *
Pin: release o=LP-PPA-libreoffice
Pin-Priority: 700

This information was taken from the Mint here.