Create a master zone in BIND9 (CentOS)

Posted on by Andy

After installing BIND with your package manager (yum) you need to edit the main configuration file. The following configuration was adopted to my needs but you should get the points. For more infos about the config switches you can look at the named manual pages.

edit /etc/named.conf and change following lines:

options {
    listen-on-v6 { none; };
    listen-on port 53 { 127.0.0.1; YOUR_LOCAL_IP; };
    allow-query { localhost; };
    allow-transfer { none; };
    recursion no;
}

add your zone information to the file:

zone "MYDOMAIN" {
    type master;
    file "MYDOMAIN.zone";
    allow-query { any; };
}

now create your zone file /var/named/MYDOMAIN.zone and add following lines:

$TTL 3h
@             IN SOA          ns.MYDOMAIN. root.MYDOMAIN. (
                                     MODIFICATION ; serial
                                     3h ; refresh
                                     1h ; retry
                                     1w ; expiry
                                     1d  ; minimum
)
MYDOMAIN.             IN MX          0 mail.MYDOMAIN.
MYDOMAIN.             IN TXT         "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.MYDOMAIN -all"
MYDOMAIN.             IN NS           ns.MYDOMAIN.
MYDOMAIN.             IN NS           SLAVE_DNS_SERVER
www.MYDOMAIN.      IN A             MYHOST_IP
ns.MYDOMAIN.         IN A             MYHOST_IP
mail.MYDOMAIN.       IN A             MYHOST_IP
HOST.MYDOMAIN.    IN A             MYHOST_IP

now, save the file and make sure it has the right permissions:

# chown root:named /var/name/MYDOMAIN.zone
# chmod 640 /var/name/MYDOMAIN.zone

then add a firewall rule if not alreaqdy done:

# iptables -A INPUT -m state –state NEW -p udp –dport 53 -j ACCEPT

and (re-)start the nameserver.

article based on this howto

No space left on device error (Apache)

Posted on by Andy

If you find in your apache error logs some lines with:

No space left on device. Couldn't create accept lock

and a normal service restart does not help it has likely something to do with Semaphores running out.

Try a service shutdown and check your apache semaphores afterwards with:
# ipcs | grep apache

Should there still be a lot of them you can delete them with following command:
# ipcs -s | grep apache | perl -e 'while (<STDIN>) { @a=split(/\s+/); print `ipcrm sem $a[1]`}'

Now start your apache normally and verify the logs if the problem has gone.

Postfix: Running SMTP With TLS

Posted on by Andy

Hi, enabling TLS on your postfix server is quite simple. Only enable it using following lines in your main.cf config file (usually /etc/postfix/main.cf):

  • smtpd_use_tls = yes (enable the TLS usage)
  • smtpd_tls_cert_file = /etc/pki/tls/certs/yourcertificate.crt (set your server certificate file)
  • smtpd_tls_key_file = /etc/pki/tls/private/yourkey.key (set your server key file)
  • smtpd_tls_loglevel = 1 (enable TLS logging*)
  • smtpd_tls_security = may (set TLS security level*)
  • smtpd_tls_received_header = yes (write TLS status to email header)

​*) TLS logging:
this setting's values are different in postfix v2.9 and later. for example in postfix 2.9+ the TLS handshake is logged even if the value is 0. On the other hand you need to set the value to 1 in postfix earlier to 2.9.

*) TLS security level:
may – if there is an encryption available it will be used
encrypt – means enforce the encryption. Any connection without TLS is refused

you can find more infos on the postfix website.