Installing MySQL

Once more apt-get makes installing services trivial

sudo apt-get install mysql-client-5.0 mysql-server-5.0 mysql-common

That’s it!! You don’t need to do anything else in this post. I’ll cover creating a schema for users and adding a few in my next post.

Reverse DNS

We’re using the 192.168.x.x network so I’ll use the file /etc/bind/db.192.168. Change the name of the file as appropriate for your network. Copy the following into your file

;
; BIND reverse data file for local network
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.

You now need to add entries for each IP address in the form

xxx.yyy      IN   PTR    sbs.example.com.

This turns the IP number 192.168.yyy.xxx into the name sbs.example.com.

Once you have created the zone file you need to add it to /etc/bind/bind.conf.local

    zone "168.192.in-addr.arpa" in{
      type master;
      file "/etc/bind/db.192.168";
      allow-update{none;};
    };

To hide this from people outside of the network I included it in the “external” view created in the previous post. Restart bind and you should now be able to resolve IP numbers into names.

Start of Authority – SOA

The SOA record is the first thing that appears in the zone file. The format is

<domain.name.>   IN  SOA  <hostname.domain.name.>  <mailbox.domain.name>
        <serial-number>
        <refresh>
        <retry>
        <expire>
        <minimum-ttl>

Serial-number is the serial number for this version of the file. You need to increment this each time you make a change to the zone file. A good idea is to use the current date and a number in the format YYYYMMDDnn where nn is a unique number for that day. So the first zone file for today would have 2007021801.

Refresh is how many seconds to wait before polling the primary name server to see if the serial number has changed.

Retry is how many seconds to wait if a refresh fails before trying again.

Expire is the number of seconds after both a refresh and retry fail before the domain name server stops serving the domain.

Minimum-TTL is the minimum time for an entry to live.

Next time I’ll cover setting up MySQL.

Installing the domain name server

Installing the domain name server is a simple process thanks to apt-get. Simply log into the server and type in the following command.

% sudo apt-get install bind9

Configuring DNS

Because of our network setup the domain name server needs to resolve names to IP addresses differently for internal and external clients. To do this we use “views” so that internally names resolve directly to the servers IP address while externally they resolve to the routers IP address which will port forward to the server. We will also use views so some names resolve internally but not externally.

Start by creating a new file called /etc/bind/db.example.com-external (using your domain instead of example.com) and copy the following into it.

;
; BIND data file for example.com
;
$ORIGIN example.com.
$TTL    604800
example.com.            IN      SOA     example.com. root.example.com. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
                IN      NS      xxx.xxx.xxx.xxx.
                IN      NS      ns1.my-isp.com.
                IN      NS      ns2.my-isp.com.
;
example.com.    IN      A       xxx.xxx.xxx.xxx
;
@               IN      MX      10      sbs.example.com.
;
;
localhost               IN      A       127.0.0.1
sbs                     IN      A       xxx.xxx.xxx.xxx
www                     IN      CNAME   sbs
mail                    IN      CNAME   sbs

This zone file will be used when resolving names for requests from outside of our network. It should never return an internal IP address and should only contain entries we want visible externally. Make the following changes to suite your environment.

• Change root.example.com to the email address of the person responsible for your DNS replacing the @ with . (hence root@example.com becomes root.example.com)
• Change example.com to your domain
• Change sbs to the name of your small business server
• Change xxx.xxx.xxx.xxx to the public IP address of your router
• Change ns1.my-isp.com and ns2.my-isp.com to the names of the slave name servers

Now copy that file to /etc/bind/db.example.com-internal (remember to use your domain instead of example.com).

% sudo cp /etc/bind/db.example.com-external /etc/bind/db.example.com-internal

This zone file will be used when clients inside our network make DNS queries. You’ll need to change all of the external IP adresses to internal IP addresses. You may also want to add entires for internal devices such as other computers, network printers and your gateway. It’s safe to put these here because they won’t be visible from outside of your network. These entries will look something like:

pc1                     IN      A       xxx.xxx.xxx.xxx
pc2                     IN      A       xxx.xxx.xxx.xxx
printer                 IN      A       xxx.xxx.xxx.xxx
gateway                 IN      A       xxx.xxx.xxx.xxx

Now edit /etc/bind/named.conf.local and copy the following into it.

view "internal" {
    match-clients { 192.168.1.0/8; };

    zone "example.com" {
            type master;
            file "/etc/bind/db.example.com-internal";
    };
};

view "external" {
    match-clients { any; };

    zone "example.com" {
            type master;
            file "/etc/bind/db.example.com-external";
            allow-transfer {
                    xxx.xxx.xxx.xxx;
            };
    };
};

Then make a couple of changes to suite your environment:

• example.com should be changed for your domain name
• Replace xxx.xxx.xxx.xxx with the IP address for the server acting as the slave for your domain. You can add multiple lines here.
• Change 192.168.1.0/8 to suite your subnet

Finally restart the domain name server

% sudo /etc/init.d/bind9 restart

Port forwarding

To make your domain name server visible from outside of the network configure your router to forward UDP/TCP port 53 to the server.

Testing the domain name server

You should now test your DNS is configured properly by using the dig command. This needs to be done both inside and outside your network so you know each location is getting the correct result. Example queries are:

% dig @localhost example.com.au ns
% dig @localhost example.com.au a
% dig @localhost example.com.au mx
% dig @localhost sbs.example.com.au a
% dig @localhost www.example.com.au a
% dig @localhost www.example.com.au mx
% dig @localhost mail.example.com.au a
% dig @localhost mail.example.com.au mx

From outside your network simple change locahost for your routers IP address. This will also tell you if port forwarding is working correctly.

Tip: If your queries timeout then check /var/log/syslog for the error messages.

Making it live

When you’re ready to make the your DNS server live it’s a fairly simple process.

1. Configure your slave domain name servers to use your master. Your ISP or DNS hosting company can help you with this.
2. Get your domain registrar to change your primary, secondary and (optionally) other DNS servers.

As you can use any of the domain name servers as the primary and secondary servers it might make sense to use your ISP/DNS hosting company’s server for this as they’ll have a faster connection.

I’ll finish the domain name server in the next post when I cover the reverse lookup.

Another option is to configure your server with a static IP address. To do this edit the /etc/network/interfaces file. You will be looking for a line like

iface eth0 inet dhcp

Once you have found that line replace it with the following (remember to change the IP address, subnet mask and gateway so they’re right for your network).

iface eth0 inet static
    address 192.168.1.2
    netmask 255.255.255.0
    gateway 192.168.1.1

You should now restart the network interface

sudo ifdown eth0
sudo ifup eth0

If your network stops working then make sure you put in the right values. Oh, and remember to use an IP address that your DHCP server won’t try giving to another computer.

Setting up the domain name server will be out later today

Before continuing I should explain the network setup. The network consists of a couple of PC’s connected using multi-port ADSL router. I don’t want to change the network configuration so I’m going to leave the router handling Internet sharing (NAT), network firewall and DHCP. I will need to tweak the DHCP settings so that computers on the clients network use an internal domain name server (DNS) instead of using the router as their domain name server. I’ll explain why in my post on setting up a domain name server.

Choosing a Linux Distribution

The first think I needed to do was choose a Linux distribution to use as the base from my small business server. In the past I’ve used a number of distributions but I’ve never been really happy with using these as a server. Most want to install a GUI and you find your server running a lot of processes that really aren’t required. By contrast the Ubuntu server installs so few processes that you can’t even access it remotely until you install the ssh server.

Installing the Ubuntu server

I’m not going to talk too much about installing the base Ubuntu server. What I will say is that I choose to not do a LAMP or DNS server installation. This left me with the cleanest possible server to which I will add services as I need them.

Allowing remote access

Once the server has been installed the first thing you’ll want to do is enable remote access. This will allow you to install the other services over the network and administer the server without needing to go to the console. Installing the ssh server is as easy as logging into the server console and typing

% sudo apt-get install ssh-server

You will now be able to access the server from computers inside the business using ssh. As I want to be able to access the server from outside the clients network I need port forward TCP and UDP port 22 from the ADSL router to the server. With port forwarding enabled I can ssh to the server from outside the clients network by using the public IP address of the ADSL router. The router will then forward the packets to/from the server. How you setup port forwarding is beyond the scope of this post because it will vary from one router to another.

Warning: Don’t enable port forwarding if you don’t need it. The more ports you forward to your server the more exposed your server is and the easier it will be for someone to hack into it.

In the next post I will cover installing the domain name server.