Archive
Posts in Networking
Using dnscap to debug DNS problems on Linux hosts
DNS can often make a SysAdmins life difficult, since a misconfigured entry or a broken authoritative DNS server will cause things to fail in odd ways. If you are fortunate enough to use Linux on your servers and desktops, you have a slew of utilities available to look at problems. I've discussed a few of my favorite DNS debugging utilities in past posts, and recently added the dnscap utility to this list. Dnscap is a command line utility that allows you to view ALL of the DNS requests sent over an interface in a dig-like or binary format…
$ read more →Firewalling a Linux NFS server with iptables
When it comes to firewalling services, NFS has to be one of the most complex to get operational. By default the various NFS services (lockd, statd, mountd, etc.) will request random port assignments from the portmapper (portmap), which means that most administrators need to open up a range of ports in their firewall rule base to get NFS working. On Linux hosts there is a simple way to firewall NFS services, and I thought I would walk through how I got iptables and my NFS server to work together. Getting NFS working with iptables is a three step process: Hard strap the ports the NFS daemons use in /etc/sysconfig/nfs…
$ read more →How to learn everything you ever wanted to know about Linux sockets
Viewing network socket data is something SysAdmins do often. We could be called on to see if a connection is established to a host, if an application is listening on a given port, or we may need to review the network connection table as a whole to see what a server is doing (this is especially valuable when DDOS attacks occur). The netstat and lsof tools provide quite a bit of visibility into this area, but I've recently started firing up the ss (socket stat) tool when I need to view socket information. Socket stat can display pretty much everything you ever wanted to know about the connections on your server…
$ read more →Yet another good reason to switch to NFSv4!
There are currently two main NFS protocol versions in mainstream use. The first is version 3, which was introduced in 1995 as part of RFC 1813. NFSv3 implementations use separate daemons to implement the locking (rpc.lockd), status (rpc.statd), mount (rpc.mountd) and port assignments (portmap) features required by the protocol. NFSv4, which was introduced in 2003 as part ofRFC 3530, takes a different approach…
$ read more →Configuring a caching only DNS server on Solaris hosts
While investigating a performance issue a few weeks back, I noticed that a couple of our Solaris hosts were sending 10s of thousands of DNS requests to our authoritative DNS servers. Since the application was broken and unable to cache DNS records, I decided to configure a local caching only DNS server to reduce load on our DNS servers. Creating a caching only name server on a Solaris host is a piece of cake. To begin, you will need to create a directory to store the bind zone files: After this directory is created, you will need to place the 127.0.0.1, localhost and root.hints file in the conf directory…
$ read more →