Mail exchanger or MX records in DNS are used to route email for a domain. The dig utility makes it easy to search for this type of DNS record.To search for the MX records for the domain tech-recipes.com, use: dig mx tech-recipes.com This will query the DNS server configured in your operating system. Often times it is useful to query against a different DNS server. To perform the same query above against the name server ns3.notarealdomain.com: dig @ns3.notarealdomain.com mx tech-recipes.com... Read More

 A zone file holds the DNS resource records for all of the domain names associated with the zone. Zone files store all of the data served by a DNS server. This recipe describes the basic zone file format without any resource records suitable for any type of zone file.The zone file needs to be created within the DNS server's working directory. There is no requirement for filenames with zone file, but a reasonable standard is db.domain.name, the name of the domain preceded by db. The basic format of the zone file is a time to live (TTL) field followed by the start of authority (SOA) records. The TTL instructs non-authoritative DNS servers how long to cache records retrieved from the zone file. The longer this period, the longer it will take to propagate changes to the zone files. The shorter the TTL, the harder your DNS servers will work beacuse non-authoritative servers will have to ask it the same question more frequently. Values from a few hours to a day are reasonable. An integer TTL ... Read More

 The address record (A record) maps a hostname and fully qualified domain name with an IP address.To add the host chef with IP address 192.168.5.100 to the domain tech-recipes.com. in the zone file for tech-recipes.com, use the following format: chef.tech-recipes.com.           IN  A  192.168.5.100 Please note the period following the domain name in the record. This is critical beacuse it tells BIND that the domain name is attached and complete (fully qualified). Without this period, BIND will add the domain name associated with the zone file to the end of this to create a record for chef.tech-recipes.com.tech-recipes.com. which is not what we want. Because of this behavior, it is possible to use shorthand: chef                             IN  A  192.168.5.100 Whenever you add an address record (what could be called a forward lookup record) it is usually appropria... Read More

 The PTR (pointer) record maps an IP address to a hostname and fully qualified domain name. Many applications use reverse lookups to identify the domain from which a TCP/IP connection is formed. Best practice for DNS is to create a PTR record for every A record.To associate the host chef.tech-recipes.com. with the IP address 192.168.5.10 to the domain tech-recipes.com. in the zone file db.5.168.192 with origin 5.168.192.in-addr.arpa., use the following format: 10           IN  PTR  chef.tech-recipes.com. Please note the period following the domain name in the record. This is critical beacuse it tells BIND that the domain name is attached and complete (fully qualified). Without this period, BIND will add the domain name associated with the zone file to the end of this which would make chef.tech-recipes.com.5.168.192.in-addr.arpa. which is not what we want. Whenever you add an address record (what could be called a forward lookup record) it is usual... Read More

 Proper DNS configuration with MX records is a requirement for routing email for a domain.When an email is sent to a domain, the sending mail server performs a DNS query to find the MX records associated with the recipient's domain. MX records have a preference value (numeric from 0-65535). The sending mail server tries the lowest preference value MX record first. If that server is not reachable, the MX record with the second lowest preference is tried, and so on until a connection is made or no MX records remain. The following three mail servers listed in order of preference are to be configured in the code below: mx1.tech-recipes.com. (primary mail relayer) mx2.tech-recipes.com. (secondary mail relayer) mxbackup.offsite.domain. (tertiary mail relayer, offsite) tech-recipes.com.     mx    10  mx1.tech-recipes.com. tech-recipes.com.     mx    20  mx2.tech-recipes.com. tech-recipes.com.     mx    30 ... Read More

 BIND resource records allow an explict TTL value that will override the zone file's TTL for that specific resource record. One use for this is to prevent non-authoritative servers from caching these records, perhaps in prelude to changing a server's IP address.To set the TTL for an address record to 1 (the minimum recommended value), use: chef.tech-recipes.com.   1  IN  A  192.168.5.100 Other resource records can have the overriding TTL set in the same manner: tech-recipes.com.        1  IN  MX  10 mx1.tech-recipes.com.... Read More

 A single host may have multiple personalities: web server (www), mail server (mail, mx), dns server (ns), ftp server (ftp). Rather than assign each of these names an address (A) record pointing to the same IP address, all of which would need to be changed if the IP address changed, one name can be associated with an address record and the remaining names can be aliases for that name. The CNAME record simplifies DNS management, and who doesn't want that?Given the following address record: chef.tech-recipes.com.  IN  A  192.168.5.100 To add host aliases ftp and www pointing to chef, use the following resource records: ftp.tech-recipes.com.    IN  CNAME  chef.tech-recipes.com. www.tech-recipes.com.    IN  CNAME  chef.tech-recipes.com. Within the same domain name which is the same domain associated with the zone file, these can be shortened to: chef        IN       A  192.168.5.100 ftp ... Read More

 A cool feature in versions of BIND since 8.2 and 9.1 is the $GENERATE directive which can create hundreds or thousands of resource records with a single line in zone file. A common use for $GENERATE is assigning PTR records for a DHCP address range.Given the subnet 192.168.2.0/24 which is reserved (with the exception of reserved addresses 192.168.2.1-10) for use by a DHCP server pool, reverse lookup (PTR) records of the format dhcp#.tech-recipes.com. (where # is the address) can be created with the following line in the zone file: $GENERATE 11-254 $ PTR dhcp$.tech-recipes.com. This will generate the following records: 11         PTR  dhcp11.tech-recipes.com. 12         PTR  dhcp12.tech-recipes.com. 13         PTR  dhcp13.tech-recipes.com.       ... 253        PTR  dhcp253.tech-recipes.com. 254        PTR  dhcp254.tech-recipes.com. Th... Read More

 nmap is often used to perform OS detection on remote systems if it cannot be determined by other means. It sends tcp packets which have problems and detects how each handles the errors. By tweaking things in ipflter we can trick nmap into thinking it is dealing with some other OS or be less certain about it's guess. Some additional resource are usually available in the OS sysctl variables (FreeBSD) and ndd settings (solaris) to help control things also. These examples were designed for FreeBSD but these (or variations) may work on other OS's as well. For those who are unfamiliar with ipfilter syntax: block in log quick on fxp0 proto tcp from any to any flags FUP block - not allow the packet to proceed on through ipfilter in - incoming from outside of the system log - write any matches of this rule to the logfile quick - if this rule matches immediately apply it do not drop through the rest of the rules on fxp0 - the interface from ifconfig that this rules applies to proto tcp - the tcp... Read More

 How to work around the automatic capitalization 'feature'.When inputting text into a cell, if you do not want the first letter to be capitalized, start the text entry with a single quotation mark ('). For example, entering hello! will result in the cell contents: Hello! To avoid this, enter: 'hello!resulting in cell contents: hello!... Read More

 Creation and distribution of SSH public keys for ease of access to remote machines.First, create an SSH keypair on the client machine. In short, use: ssh-keygen -t rsa Note that you may want to change the keylength. Also, if you specify a password for the key, you will need to enter this password in order to connect to remote machines. Although not recommended, you can just hit enter for no password, and be able to access remote machines without a password. Then, sftp the .ssh/id_rsa.pub to the remote machine. If this is the first time this has been done, you can: sftp user@remote put .ssh/id_rsa.pub authorized_keys or, if other keys exist put .ssh/id_rsa.pub username.pubthen ssh user@remote cat username.pub >> .ssh/authorized_keys At this point, you should be able, from the client machine: ssh user@remote and be granted access via the SSH public key. The same key, in the id_rsa.pub file, can be copied in this manner to any other SSH hosts you wish to access.... Read More

 You can generate some good (high entropy) passwords using this method.write 6 random bits of base64-encoded data. This will produce an eight character string making a good unix (crypt based) password: $ openssl rand -base64 6 RcqcGq4h $ This is an example used to generate a 16 character password $ openssl rand -base64 12 IEoOfT/LKimAf/sd $ When random data goes through the base encoding process the string output is always a multiple of 4 possibly padded on the end with one or more '=' characters. So if you want a password that is not a multiple of 4 you need to artifically chop it where you want it. An example used to generate a 37 character password: with cut: $ openssl rand -base64 37 | cut -c1-37 X/UhqF1I9qO57Uz8hPufpvbOLYCeuuvqnerUM $ or sed: $ openssl rand -base64 37 | sed -e 's/^\(.\{37\}\).*/\1/g' sAPpFoGnbXnJrQc8Cl/QqrNwn0QK3hHrgANt1 $ or awk: $ openssl rand -base64 37 | awk 'BEGIN{FS=""} {for (i=1;i<=37;i++) printf("%s",$i);} {printf "\n"}' WhGWSCp8Y2uilxWfOfAyQXa4QqlE78uJe... Read More

 This is a useful command for making connections to https servers for monitoring or testingopenssl s_client -connect host:443 -state -debug GET / HTTP/1.0... Read More

 Once a certificate signing request (CSR) is created, it is possible to view the detailed information used to create the request.To view the details of the certificate signing request contained in the file server.csr, use: openssl req -noout -text -in server.csr... Read More

 These commands are useful when you are attempting to get help on the postfix mailing list etc. Print out the version of postfix running on the system: % postconf -d mail_version mail_version = 2.0.16 % This will show the non-default values of the postfix configuration. Running postconf with no options will show the entire configuration which as of postfix 2.0.16 will show about 280 configuration options. postconf -n will show the shorter list of values that were modified to get your configuration running: % postconf -n mydomain = johnny.com mynetworks = 172.16.0.0/12, 127.0.0.0/8 myorigin = $mydomain relay_domains = $mydestination, .johnny.com, johnny.com smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_whitelist, reject_rbl_client relays.ordb.org smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/recipient_checks, reject_unauth_destination smtpd_sender_restrictions = permit_mynetworks,  rej... Read More

 These are some useful commands that I have seen on the postfix mailing list for checking to make sure the body_checks and header_checks are reject the mails that you do not want (unsolicited commercial email UCE) and receiving the ones that you want.first show the parameter value for header checks % postconf -h header_checks regexp:/etc/postfix/header_checks % Let's assume that we have a header_checks file with this one line in it: /super new viagra/              REJECT We can do a test to see if the header checks will catch and reject things: % postmap -q 'super new viagra' regexp:/etc/postfix/header_checks REJECT % postmap -q 'super new v1agra' regexp:/etc/postfix/header_checks % postmap -q 'super viagra' regexp:/etc/postfix/header_checks We see that the first example it succesfully rejected what was probably spam with the regular expression syntax we could probably make a better filter /super new v[i1]agra/ REJECT is starting to get... Read More

 In the course of troubleshooting sendmail problems, it is sometimes helpful to watch sendmail do its thing. If there is a backlog of messages in the queue, you can run sendmail manually with a verbose option to make it act as a queue runner and see what it is doing and possibly why it is not doing what you think it should.To watch sendmail process messages in the queue: sendmail -q -v In some operating systems, the sendmail binary is not in the path (in Solaris, for example, you would use /usr/lib/sendmail -q -v). If you need to find the fully qualified path to sendmail, see this recipe.... Read More

 Expand an alias using the command line sendmail -bv so assuming an /etc/mail/aliases file that looks like this: root:   ricardo postmaster: root An example... # sendmail -bv postmaster ricardo... deliverable: mailer local, user ricardo The command will expand postmaster to root to ricardo in this case sendmail does not tell you about any aliases in the middle (e.g. root in this example)... Read More

 This command is useful for processing messages from a certain user (runs through the queue)sendmail -qSmrherman process all messages from mrherman... Read More

 This command is useful for processing messages to a certain user (runs through the queue)sendmail -qRjack process all mail in which jack is a recipient... Read More