Actualizaciones dinámicas de DNS con BIND9

Hay muchas situaciones donde manejar actualizaciones dinámicas, y en lo posible automáticas, de zonas de DNS es deseable. Por ejemplo en el caso de redes donde hay gran cantidad de estaciones que toman sus direcciones de DHCP o mediante otros mecanismos dinámicos (SLAAC en IPv6 por ejemplo).

Configuración del servidor DNS

En el servidor DNS hay que configurar una zona que será la que recibirá las actualizaciones dinámicas. 

Esta zona luego deberá cargarse en BIND de tal manera que acepte actualizaciones dinámicas.

Si bien es posible tener zonas que tengan a la vez entradas estáticas y entradas dinámicas, personalmente no me parece una configuración aconsejable.

En los ejemplos a continuación el nombre de la zona que recibirá las actualizaciones es "intra.labs.lacnic.net"

Creación de la zona "host"

La zona que aloja las actualizaciones dinámicas no tiene ninguna particularidad:

Carga de la zona en la configuración de BIND

La zona la cargamos de la siguiente manera:

Configuración del cliente

Para que un cliente pueda actualizar el DNS se necesita tener instalada la utilidad "nsupdate". Esta es parte del port "bind-tools" en FreeBSD o de los paquetes "bind-devel" o "bind-tools" en Linux Fedora/Debian/Ubuntu.

La utilidad nsupdate toma un archivo de texto con comandos a pasarle al server. Para actualizar una simple entrada de tipo A lo unico que hace falta es algo asi:

Automatizando el proceso 

Para automatizar el proceso completamente hace falta generar el archivo mencionado en el punto anterior automaticamente con la IP asignada por el servidor de DHCP.

Un ejemplo muy simple de como hacer esto:

1. Crear un script de la forma:

Add "Bazaar Here" Context Menu on Windows XP/2003

I have been using Bazaar as a revision control tool. I have really become used to the ease that not having to create a central repository gives me.

Bazaar for Windows used to include a nifty "Bzr Here" context menu entry which appears to have been deprecated in favor of the nice but alpha-quality Tortoise Bazaar.

Attached below is a registry file to help re-create this context menu entry. Do not blindly double click on it, since you will need to customize your Bazaar installation path as well as the name you wish for the context menu entry. Also, if you make a mistake and need to change values, I'd recommend deleting the newly created keys by hand using regedit.

CandyPress on Windows Vista (32 bits) and Internet Information Server (IIS) 7

This is a short guide to help those who need to run the CandyPress shopping cart under Windows Vista and Internet Information Server (IIS) 7, including solving the mysterious error -2147467259 (Unspecified Error)

Configurando IPv6 con 6to4 detras de un NAT con IP dinámica

6to4 es uno de los varios mecanismos de transicion de IPv4 a IPv6 que han sido propuestos por el IETF. Es un mecanismo de tunelizacion de IPv6 en un payload IPv4 con la caracteristica adicional de que el extremo remoto del tunel puede congurarse automaticamente ya que usa una direccion well-known como extremo remoto. Es facil de congurar y tiene buena performance. Sin embargo, presenta algunos desafíos a la hora de poderlo utilizar de manera estable detras de un NAT con IP publica variable, como es el caso de la inmensa mayoria de servicios ADSL hogarenos.

En este articulo presento un script que automatiza la conguracion y mantiene operativa la conexion IPv6 utilizando 6to4 utilizando un PC Linux como router IPv6.

Nota: Este trabajo es un work in progress, no puede considerarse completo todavía, aunque el script que se adjunta funciona bien en Ubuntu y Debian.

Configuring RNDC for Fine-Grained BIND9 Control

RNDC is an extremely useful utility bundled with BIND that allows controlling the DNS server in a fine-grained way. So instead of reloading the whole server to add a single record, you can issue a "rndc reload myzone.com" command and only that zone will be loaded without restarting the server.

1. Generate a cryptographic key

First we'll generate a crypto key that will be used to access the control channel of BIND:

dnssec-keygen -a HMAC-MD5 -b256 \
    -n HOST rndc

This creates a file named "Krndc.+157+62322" (the numbers will depend on the generated key)

2. Create a configuration file for rndc

This file will not be accesed by BIND, only by rndc. It can be placed anywhere within the system.

---- cut here ----
key "rndckey" {
        algorithm "hmac-md5";
     // this "secret" is the same crypto material found in the
        secret "BxUpUZLIymdkMsfvdrTnudVwefhYEGBbhfRMgAgR81M=";
};

options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};
---- cut here ----

    •    The name of the key ("rndckey") is arbitrary
    •    Content of the "secret" statement is obtained from private key file generated in step 1.

3. Configure BIND to accept rndc commands

Edit named.conf and include the following statements:

---- cut here ----
# RNDC
key "rndckey" {
        algorithm "hmac-md5";
        secret "BxUpUZLIymdkMsfvdrTnudVwefhYEGBbhfRMgAgR81M=";
};

controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};
---- cut here ----

4. Restart BIND and test "rndc"

[root@vm3-lab2 var]#  /etc/init.d/bind restart

[root@vm3-lab2 var]# /opt/bind/sbin/rndc -c /path/to/rndc.conf -s localhost status
version: 9.7.2-P3
number of zones: 30
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
 

Drupal Checklist

This is a short checklist for installing a new Drupal site from scratch:

• Download, unpack and run install procedure
  • Verify access to the new site, store admin password in a safe place
• Enable relevant core modules
  • RSS Aggregator
  • Blog
• Add useful modules not included in the core distribution
  
  • FCK Editor
    • Module: http://drupal.org/project/fckeditor
    • FCK Editor: http://www.fckeditor.net/download

GRUB Recovery Using Fedora 10's LiveCD

If you are like me, chances are that you could not resist the urge to download and install Microsoft's public beta of the upcoming Windows 7 release.

So, I did install it at the expense of having my Fedora 10 GRUB overwritten by Windows 7's installer. Although W7 works fine now, I lost the ability to boot into FC10.

I booted the laptop using my FC 10 LiveCD and tried to do the mount root / chroot / grub-install routine that is described everywhere in the Internet, but I found that the chrooted system has no devices under /dev and this makes grub-install fail.

I went in circles for about half an hour until I came up with a solution: Use mount's "--bind" option to remount the LiveCD's /dev under the chrooted system's /dev.

So the whole procedure goes like this:

• Boot and log into your FC10 LiveCD
• Open a terminal and "su -" into the root account
• Mount the root filesystem, mine was /dev/sda6 under /mnt/root (or whatever you like)
  • mount /dev/sda6 /mnt/root
• Mount /proc
  • mount -t proc proc /mnt/root/proc
• Copy /proc/mounts to mtab
  • cat /proc/mounts > /mnt/root/etc/mtab
• Bind /dev to /mnt/root/dev (this makes devices visible to grub in chrooted environment)
  • mount --bind /dev /mnt/root/dev
• Chroot
  • chroot /mnt/root /bin/bash
  • source /etc/profile
• Re-install GRUB
  • grub-install --recheck "(hd0)"

And voilá! Happy booting!

Hibernate & Annotations

Hibernate y Annotations

La forma tradicional o clásica de usar Hibernate hace que debamos mantener varios archivos XML con diferente información relevante a los objetos que queremos persistir, incluyendo que campos queremos persistir, correspondencia campos <-> tablas e informacion de conexión a la base de datos.

Cada vez que hay un cambio en la aplicación, hay que hacer mantenimiento de:

• Los POJO's (las clases Java)
• La propia estructura de la base de datos
• Los archivos XML que establecen las correspondencias

Esto no solo parece, sino que es, mucho trabajo.

Annotations

Acá entran en juego las Java Annotations. Si agregamos a nuestra aplicacion el paquete Hibernate Annotations tenemos a nuestro alcance una forma mucho mas sencilla de mantener nuestra aplicación.

Las annotations son marcas que compienzan con "@" que se agregan antes de las declaraciones de clases o campos. Con estas annotations podemos marcar que campos son persistentes, que campos son claves primarias y si queremos, como se establece la correspondencia entre tablas y campos.

Annotations es compatible con el paquete javax.persistence y lo bueno de esto es que por ejemplo el Netbeans permite generar clases anotadas directamente desde la estructura de la base de datos.

Compatibilidad

Hibernate Annotations es independiente del IDE que estemos usando (a diferencia de mi método anterior de trabajo que dependía fuertemente del plugin para Eclipse).

Las Annotations en Java están disponibles desde Java 5 en adelante.

IPv6 configuration using 6to4 behind a dynamic IP NAT box

6to4 is one of the many transition mechanisms proposed by the IETF to ease the move towards an IPv6 internet. It is a tunneling protocol which encapsulates IPv6 packets in the payload of an IPv4 packet, with the added feature that the remote endpoint (the 6to4 Relay) of the tunnel configures itself automatically and uses a well-known anycast IPv4 address.

6to4 is easy to setup and gives near-native performance depending on how near you are to a 6to4 relay. However, it presents some challenges when used behind a dynamic IP NAT box, which is the case of the vast majority of home ADSL/Cable broadband services.

In this paper (in Spanish yet only, sorry!) we introduce 6to4 and how to configure it in a Linux box, and we also present a script that configures 6to4 and maintains it working by tracking the IPv4 changes in time. Additionally, using the stateless autoconfiguration daemon radvd it is possible to connect a whole LAN to the IPv6 internet.

Note: This is still a work in progress, the script having being tried only on Ubuntu and Debian.

Linux on an IBM x206m with SAS (Serial Attached SCSI) Hard Drives

I had to install Linux (Gentoo) on an IBM x206m server. Remarkable in this box is the use of SATA / SAS (Serial Attached SCSI) hard drives. Only very recent kernels support this kind of storage, and even so they need a firmware blob to be appropiately loaded for the controller to work at all.

Some references can be found on the Internet (although not many). Here is a quick reference of the steps involved to make this box work.

1. Install Gentoo on an external USB hard drive, or on a temporary IDE drive connected to server.

• I personally used an USB, 160 GB external hard drive (Memorex).

1. Compile the kernel, not forgetting to add support for SAS drives in the "aic94xx" module.

• Adaptec´s firmware must be downloaded from their website and included in the initramfs filesystem so it is available at boot time
  
• The loading order for the modules has to be changed in "initramfs"
  

1. Load aic94xx with modprobe and verify that the SAS drives are properly detected.
2. Proceed with normal Gentoo installation on the USB/IDE drive and later transfer the system to the SAS drives following the "custom stage4" from Gentoo

References:

• Adaptec aic94xx HOWTO from  Gentoo Wiki: http://gentoo-wiki.com/HARDWARE_Adaptec_aic94xx_with_bootable_software_RAID1
  • Note: this document suggests downloading the latest kernel sources from the git repository using "cogito". However, this seems not to be necessary anymore since kernel 2.6.23.11 now supports SAS for the aic94xx module.
    
• Custom Stage4 HOWTO from Gentoo Wiki: http://gentoo-wiki.com/HOWTO_Custom_Stage4

Mounting "DD" images for forensic purposes

I have created disk images for forensic purposes (artifact analysis and such). The questions is: given a "dd" image created from the whole, raw device, how do I mount individual partitions?

Let's say that the device I want to analyze resides in /dev/sdc, and that I have some large storage mounted under /mnt/largedisk and that I have cread the forensic image using the following command:

# dd if=/dev/sdc of=/mnt/largedisc/mycopy.dd bs=512

When this command ends (it can take up to several hours depending on the size of the disk being imaged), I will have a file that is an exact byte-bye image of the raw device.

In my case, /dev/sdc had two partitions. I was able to mount them using the following command:

# mount -o ro,loop,offset=32256 /mnt/largedisc/mycopy.dd /mnt/dir1

I am using the loop device and the flag "ro" makes sure that the mount will be read-only (a must when doing forensics). The only difficulty here is the number "32256". How did I get it? Simple: use "fdisk" to view the partition layout and use the "start cylinder" value (in my case 63) multiplied by the sector size (usually 512 bytes), and use the result as offset.

How do I use fdisk on a dd image? Simple also:

# sfdisk -l -uS /mnt/largedisc/mycopy.dd

Be careful when copying the large numbers that will result when mounting the rest of the partitions.

ReminderFox 1.9.7 for Thunderbird 3.1 Beta

I´m a frequent user of ReminderFox, a FF/TH extension that, among other things, allows attaching reminders to specific email messages.

Here you can find ReminderFox 1.9.7 modified to install in Lanikai beta1/beta2. The modification was done and tested on a Mac running Snow Leopard, but I guess it should work on other platforms as well.

Sample Logging Configuration for BIND9

Below you can find a clear configuration snippets to quicklyimplement logging configuration for BIND9. Logging configuration in BIND is, to me, quite obscure and unnecesarily complicated. This sample can be cut & pasted in named.conf (or named.conf.options in Debian / Ubuntu variants). The basis for this configuration was in [http://www.zytrax.com/books/dns/ch7/logging.html]

logging{
  channel simple_log {
    file "/var/log/named/bind.log" versions 3 size 5m;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
 
  channel queries_log {
    file "/var/log/named/queries.log" versions 3 size 5m;
    severity debug;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
  category queries{
    queries_log;
  };
 
};
 

Spanish Dictionary and Dictionary Switcher for Thunderbird 3.1beta1

I user both the Spanish dictionary and the "Dictionary Switcher" extension for Thunderbird. Lately, I have started using Thunderbird 3.1 beta 1 (codename "Lanikai") and these extensions do not work.

I modified the RDF files for both extensions in order to get them installed on Lanikai. I´m attaching the modified XPI files here. Both of them appear to work fine on 3.1b1.

Acknowledgements:

• Spanish Dictionary for Thunderbird: http://www.proyectonave.es/node/241
• Dictionary Switcher: http://en.design-noir.de/mozilla/dictionary-switcher-tb/