Cisco – Check specific part of config with show run command

Often when running “show run” command the output is very long and I am usually looking for a specific bit of the config that I want to check/modify – useful commands to to filter the output:

to start displaying the config at a specific line containing <string> :
show run | begin <string>

to display all the lines containing the given <string>
show run | include <string>

How To Configure BIND as a DNS Server

The aim is to setup two DNS servers:
Master DNS server – OpenWRT router -192.168.0.1 – FQDN: ns1.example.com
Slave DNS server – Debian server – 192.168.0.2 – FQDN: ns2.example.com
Web Server – 192.168.0.3 – FQDN: example.com

  1. Setting the Hostname on the Name Servers
  2. Install Bind on Both Name Servers
  3. Configure the Master Bind Server
  4. Configure the Slave Bind Server

1. Setting the hostname

Edit /etc/hosts file so it looks like this

127.0.0.1       localhost
192.168.0.1     ns1.example.com ns1

and for debian server:

127.0.0.1       localhost
192.168.0.2     ns2.example.com ns2

then edit the /etc/hostname so it looks like this:

ns1

and for debian box:

ns2

2. Instal BIND

On the OpenWRT router from the ssh run the following:
Uninstall preinstalled dnsmasq:

/etc/init.d/dnsmasq stop
opkg remove dnsmasq

then install BIND

opkg update
opkg install bind-server bind-tools

On a debian box run:

 sudo apt-get update
 sudo apt-get install bind9 bind9utils bind9-doc

3. Configure the Master Bind Server

On the OpenWRT box the bind directory structure is a bit different from the one on debian as there is only one file that holds all the config: /etc/bind/named.conf

We need to add few bits to it (highlighted in red)

// this section defines who is allow to submit queries to the server
acl goodclients {
        192.168.0.0/24;
        localhost;
        localnets;
};

options {
        directory "/tmp";

        recursion yes;
        allow-transfer { none; };

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

// here we define our zones

zone "example.com" {
    type master;
    file "/etc/bind/zones/db.example.com";
    allow-transfer { 192.168.0.2; };
};

zone "0.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.192.168.0";
    allow-transfer { 192.168.0.2; };
};

Create the Forward Zone File

In the /etc/bind folder create zones subfolder then create db.example.com file and paste this content:

$TTL 604800
@ IN SOA ns1.example.com. root.example.com. (
                        10 ; Serial
                    604800 ; Refresh
                     86400 ; Retry
                   2419200 ; Expire
                  604800 ) ; Negative Cache TTL
;

; Name servers
example.com. IN NS ns1.example.com.
example.com. IN NS ns2.example.com.

; A records for name servers
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.2

; Other A records
@         IN A 192.168.0.3
www       IN A 192.168.0.3
computer1 IN A 192.168.0.4
printer   IN A 192.168.0.5

IMPORTANT bit to remember here is to change the serial number each time this file is edited!

 

Create the Reverse Zone File

In /etc/bind/zones create file: db.192.168.0 and paste this content:

 

$TTL    604800
@       IN      SOA     example.com. admin.example.com. (
                 10       ; Serial
           604800         ; Refresh
            86400         ; Retry
          2419200         ; Expire
           604800 )       ; Negative Cache TTL
;

; Name servers
IN      NS      ns1.example.com.
IN      NS      ns2.example.com.

; PTR Records
1               IN      NS      ns1.example.com.
2               IN      NS      ns2.example.com.
3               IN      NS      www.example.com.
5               IN      NS      printer.example.com.
4               IN      NS      computer1.example.com.

Testing

named-checkconf /etc/bind/named.conf

If there is a problem with the config this will tell you where to look in the config file. If the config is fine there is no output.
Next we check our zones:

named-checkzone example.com /etc/bind/zones/db.example.com

If your file has no problems, it should tell you that it loaded the correct serial number and give the “OK” message;

zone example.com/IN: loaded serial 10
OK

then we do the same thing to the reverse lookup zone file.

if everthing is OK the we enable and start the BIND service:

/etc/init.d/named enable
/etc/init.d/named start

With the server running run this:

dig ANY intra @localhost

and if everything is setup correctly you should get something like this:

root@wrt:/etc/bind/zones# dig any example.com @localhost

; <<>> DiG 9.9.6-P1 <<>> any example.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<

 

Configure the Slave Bind Server

Configuring the Options File

Now on our debian box we edit the config file

nano /etc/bind/named.conf.options

Edit the options section so it looks like this:

options {
directory "/var/cache/bind";
recursion no;
allow-transfer { none; };

dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

Save and close the file when you are finished.

Configuring the Local Configuration File

sudo nano /etc/bind/named.conf.local

We will create each of our zone specifications.

First, we will work on the forward zone:

zone "example.com" {
};

and edit it so it looks like this:

zone "example.com" {
type slave;
file "db.example.com";
masters { 192.168.0.1; };
};

This completes our forward zone setup.

We can use this same exact format to take care of our reverse zone config:

zone "0.168.192.in-addr.arpa" {
type slave;
file "db.192.168.0";
masters { 192.168.0.1; };
};

When you are finished, you can save and close the file.

To check that zone transfer was successful run:

sudo tail -f /var/log/syslog

That should have some entries to indicate that the zone files have been transferred correctly.

To configure DHCP follow here.

Good source of BIND config knowledge here.

Setting up – Mediatomb – UPnP media server on Debian.

I’m assuming mediatomb is installed and running.

Create database MediaTomb.

  • user: mediatombuser,
  • password: password,
  • Database name: mediatomb,

Log on to your MySQL as – root,

sudo mysql -u root -p
create user 'mediatombuser'@'localhost' identified by 'password';
create user 'mediatombuser'@'%' identified by 'password';
grant all on mediatomb.* to 'mediatombuser'@'localhost';
grant all on mediatomb.* to 'mediatombuser'@'%';
quit

Load mediatomb DB into MySQL.

sudo mysql mediatomb -u mediatomb -p < /usr/share/mediatomb/mysql.sql
sudo /etc/init.d/mediatomb restart

Edit configfile /etc/default/mediatomb.

sudo nano /etc/default/mediatomb

Change the default port for MediaTomb (default port – 49152):

OPTIONS="-p 50000"

Change the listening newtork interface for MediaTomb (eth1).
MediaTomb is listening on all network interfaces by default.

INTERFACE="eth1"

Edit configfile /etc/mediatomb/config.xml.

sudo nano /etc/mediatomb/config.xml
Enable Web Interface MediaTomb.
<ui enabled="yes" show-tooltips="yes">
Using MySQL.

I will be using MySQL (default mediatomb setup is sqlite)

...
<sqlite3 enabled="no">
<database-file>sqlite3.db</database-file>
</sqlite3>

<mysql enabled="yes">
<host>localhost</host>
<username>mediatombuser</username>
<password>password</password>
<database>mediatomb</database>
</mysql>
...
 Enable MediaTomb accounts

Accounts are disabled by default, to enable:

<accounts enabled="yes" session-timeout="30">
<account user="mediatomb" password="mediatomb"/>

Job done.

Now restart mediatomb service:

sudo /etc/init.d/mediatomb restart
[ ok ] Restarting upnp media server: mediatomb.

and go to http:/mydomain.net:50000 to configure media folders.

Configuring Router to Support SDM

1. Enable the HTTP and HTTPS servers on the router
issue the following commands:
ip http server
ip http secure-server
ip http authentication local
ip http timeout-policy idle 600 life 86400 requests 10000

2. create a user account defined with privilege level 15 ( enable privileges)
username tomato privilege 15 secret 0 vegetable

3. configure SSH and telnet for local login and privilege level 15
line vty 0 4
privilege level 15
login local
transport input telnet ssh
exit