SSH Connection to Linux Over Active Directory and Centrify

Background

Need to start providing On call support to  some of our DB Servers that are running on Linux Hosts.

Being able to ssh to the boxes is essential.

 

Downloading

Downloaded Putty from here.

Usage

Putty

Connection Attempt

Launched Putty.exe, thanks goodness no installation needed.

The Putty Screen is very minimal:

  1. Host Name or IP address
    • xxxx01
  2. Port
    1. 22

 

session

 

Connection Attempt

Image

accessdenied

Textual

Using keyboard-interactive authentication.
Password :
Access denied


Active Directory

To do

Have your Active Directory support group add you to the impacted AD Group

 

Validate

DOS

Script

Syntax
net group [ADgroup] /domain
Sample
net group grpLinuxDBA /domain

 

Output

netgroup_20161208_0320pm

Centrify

Have Centrify Administrators do the following:

  1. Create an account for you
  2. Add you to an existing group that has access to the Linux DB Hosts
  3. Grant explicit sudo access  to created account or inherit from group membership

BTW, the Centrify product that we use is listed here.

 

 

 

CentOS – Blank Screen – No Login

Background

Yesterday, I installed CentOS v7 on a refurbished box.  I went the “Server with GUI” option, but upon starting up for the first time, the usual login screen is not coming up.

I have a dull blank screen, rather than one that lists my username.

Remediation

Idea

Took to the net and found a few people had similar problems.  The most widely promulgated option is to edit the /etc/default/grub configuration file and look for the “GRUB_CMDLINE_LINUX” entry.

And, go on to add “video=LVDS-1:d” to the end of the current contents of the entry.

Steps

Outline

  1. Access Terminal window via pressing the key combination CTRL-ALT-F2
  2. Login from the terminal by entering the username and password
  3. The configuration file /etc/default/grub is read only and so change the file to writable
  4. Edit in vi or your choice editor as sudo
    • Look for the “GRUB_CMDLINE_LINUX” entry and add “video=LVDS-1:d” to the end of the current value.
  5. Reconfigure using grub2-mkconfig
  6. Reboot your computer

 

Details

Here are the steps in detail.

CTRL-ALT-F2

Access Terminal mode by pressing the key combination CTRL-ALT-F2.  The Terminal Screen should appear.

 

Logging from the Terminal

Logging from the Terminal by entering your username and password.

 

Launch vi in sudo mode


sudo vi /etc/default/grub

 

Edit /etc/default/grub

Add ” video=LVDS-1:d
Before

grub-20160813-1143PM ( Before )

Add

grub-20160813-1146PM ( Before)

Reconfig Grub


sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Reboot

reboot

Credit

No original thoughts here!

Credits go out to the guys ( scubastevesama) who spoke about it on Reddit.

And, the ones ( Josef Holland ) who blogged about it.

References

CentOS Login Screen

  1. centos 7 installation issue, no login screen – scubastevesama
    Link
  2. Josef Holland – Disable Laptop LCD Completely on boot
    Link
  3. [RESOLVED] Atom D510 – 6.0 updated to 6.1 – became confused about monitor configuration
    Link
  4. Install on a laptop with external monitor only
    Link

 

Editing /etc/default/grub

  1. Amanda Folson – Modify File Permissions with chmod
    Link
  2. I need to change the Read Only in gedit to Read/Write
    Link

Automatic Web Proxy Discovery and Client Configuration in MS Windows Environment

 

Background

For most of us that work in Corporate MS Windows Environment, our Internet Gateway \ Proxy configuration is pretty hidden.

At home, we either have direct connections to the Internet, have a gateway assigned to us by our ISP, or get on the Internet through our own Router or Wireless Access Point (WAP).

 

Corporate Environment

On the other hand, while at work in a Corporate Environment, when we do the following:

  • Access Control Panel
  • Access Internet Options
  • In the “Internet Properties” window, access the “Connections” tab
  • Within the “Local Access Networks (LAN) settings” group box, click the “LAN Settings” button
  • In the “Local Access Network (LAN) settings” window, you will be able to review your Proxy settings

Our available choices are

    • Automatically detect settings
    • Use automatic configuration script
    • Use a single Proxy Server
    • Access to configure proxy server based on traffic type ( HTTP/FTP, etc)

 

InternetProperties-LocalAreaNetworkSettings-AutomaticConfiguration-AutomaticallyDetectSettings

 

Inquiry Mind

So to put it subtly an Inquiry mind wants to know.  Which server is proxy-ing our web traffic.

Well that is where WPAD comes in?

 

Honorable Mentions

Richard Hicks

His article “Configuring Web Proxy Automatic Discovery (WPAD) in Forefront Threat Management Gateway (TMG) 2010” knocks the topic out of the park.  It stimulates my thinking, and notice that I did not say it stimulated my thinking.

Richard is a Microsoft’s Enterprise Security MVP; and he does that acknowledgement well.

 

Web Proxy Automatic Discovery

There are a couple of ways that a machine acquires its Internet’s Client Configuration

  • DHCP
    • For machines that do not have fixed IP Addresses, the network’s DHCP server can return the Internet Proxy Server as part of the initial Network Configuration configuration.  That is, when returning other Client Configuration data such as the Assigned IP Address, Gateway Address, and Subnet mask.
    • As Richard’s article pointed out, for bigger networks with a stable of Proxy Servers, we are able to designate specific Proxy Servers on subnet basis.  That is we specify Proxy Server T1 for Building A, and another Proxy Server, Proxy T1, for Building D.
  • DNS
    • DNS Server Configuration
      • Create “A” DNS records for each Proxy Server
      • Create “C” records that point to the various “A” records.
      • The C records will bear the name WPAD
    • Client Configuration/Requests
      • DNS Clients issues requests for WPAD
      • The DNS Server will return the IP Address for one of the “A” records

Which One are we using?

DHCP

I honestly can not say for sure whether we are getting Internet proxy configuration via DHCP.

I will have to use a Network Traffic Tool and review its requests and the response from the DHCP to answer affirmatively.

DNS

But, I can say that we are using DNS; solely or in addition

Query DNS for WPAD Records

  • Access Console
  • Issue DNS Query


Query Syntax

nslookup WPAD

wpad

 

Explanation:

When we use nslookup and issue WPAD query against our default DNS Server, we get back

  • DNS Server
    • Server :- The name of the responding DNS Server
    • Its IP Address
  • WPAD
    • Name :- The name of the WPAD Server
    • Addresses :- The A records IP Addresses
    • Aliases :- The “C” records

Network Connections

Let us review our current network connections and see if we indeed have traffic going to our stated Proxy Server: 

Syntax:
netstat -anb | find [Proxy-Server]
Sample:
netstat -anb | find "10.4."

 

Image:
netstat--anb

 

Application

Configuration

Most Web Browsers have been coded to able to work with WPAD.

On the other hand, 3rd Vendors might not have augmented their applications likewise.

 

Notepad++

Here we configure Notepad++ with our Proxy Server, its IP Address and Port Number.  And, later our Network username and password.

Plugin Manager Settings

PluginManagerSettings

Proxy Credentials:

ProxyCredential

 

 

Installation Failure

But, sadly our installation of our plugin failed.

InstallationError-InstallationOfPowerShellLexerFailed

 

 

Why you ask me:

To determine why our install failed, we have to dig a bit deeper and see if there are log files created by Notepad++.

Notepad++ developers are good ones and you know they are smart.

Here is where Update Log files are and where they are not:

  • C:\Program Files (x86)\Notepad++\plugins = No
  • C:\Users\[username]\AppData\Roaming\Notepad++\plugins\config\plugin_install_temp\plugin1 = Yes

Here is our Proxy Log:

installFailed

 

The identifying error is:

  • Error Code: 407 Proxy Authentication Required. Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209).

 

Conclusion:

  • Yes, I wish we had a WIN
  • But, our corporate security is a bit complex
    • We do not have traditional username/password, but smart badge and accompanying pin
    • Yes, I have Internet access for my regular user tied into the Smart Badge
    • But, it is very unlikely that I have Internet access on my Admin Account

 

Listening

Kenny Chesney & Kid Rock – LuckenBach Texas
https://www.youtube.com/watch?v=TjDmdiE-Bvg

At the end of the song their is an exchange between Kenny & Kid Rock; it reads

How they did it in 80 ….
If you listen to this song, you are listening to something real

Don’t listen to something else
At 4:00 O’Clock in the morning

Thank God, they get to stay up till 4 O’Clock in the morning, doing what they are happy doing.

And, as for me, thank Goodness for Richard Hicks and other MVPS.

I will take the advice of the singers here; as I am unlikely to listen to anyone else.

 

References

Security Vendors

VLC on CentOS – Installation

Prelude

Time was one would have to search around to find Video and Audio codec files to play videos on a personal computer.  But, like Mase and Brandy “I have sat on top of the World” since someone introduced me to VLC.

From that time till now, that is all I use on MS Windows, Apple OSX, and Linux.

 

Background

Googled for tested paths towards installing VLC on CentOS.  The links that came up are:

The instructions basically states that we should avail the EPEL repository along with the RPMForge repository.

 

Repository – EPEL

The EPEL repository contains prerequisite files.

# EPEL6-FAQ
# http://fedoraproject.org/wiki/EPEL6-FAQ
# EPEL6 is an add on repository for RHEL and it's variants. It contains packages that
# are not shipped
sudo yum localinstall --nogpgcheck http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

# epel-release-6-8.noarch.rpm
sudo rpm -Uvh http://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm

 

Repository – RPMForge

The RPMForge repository contains the VLC RPM.

We will prepare our system for RPMForge installs by doing the following:

  • Install the repository GPG Key
  • Download the rmpg-release package
  • Verify the downloaded package
  • Install the package
  • Review the installed package

 

Based on the instructions available @ CentOs.org – Additional Resources >> Repositories >> RPMForge (  http://wiki.centos.org/AdditionalResources/Repositories/RPMForge ), here is a quick script that we used.

 

# Install RPMForge
# http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

#Install DAG's GPG key
sudo rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

#Download the package (x64)
sudo wget -O "rpmforge-release-0.5.3-1.el6.rf.i686.rpm"  "http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm"

#Download the package (x32)
sudo wget -O "rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm" "http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm"

#Verify the package you have downloaded
rpm -K rpmforge-release-0.5.3-1.el6.rf.*.rpm

#Install the package
sudo rpm -i rpmforge-release-0.5.3-1.el6.rf.*.rpm

#Review Package
sudo rpm -qa | grep -i rpmforge

 

Ensure VLC RPM Package Availability

Using “yum info“, let us make sure that everything is in place for a good install.

 

Sample :

sudo yum info vlc


Output :

YumInfoVLC

 

 

Install VLC

 

Install VLC via rpm.

Sample :

sudo yum install vlc

 

Output:

InstallVLC

 

Use VLC

Once installed, one can initiate the app from the terminal mode by issuing VLC.

Or via the desktop menu – Sounds & Video \ “VLC Media Player”.

 

 

Error

I experienced a couple of problems preparing the repositories. I was able to scale them through others well lighted path.

I have documented those steps below:

 

Error: Cannot find a valid baseurl for repo: rpmfusion-free

Tried:

sudo yum localinstall –nogpgcheck http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

and

sudo yum localinstall –nogpgcheck http://mirrors.mediatemple.net/remi/enterprise/remi-release-6.rpm

 

But, got the same error:

Error: Cannot find a valid baseurl for repo: rpmfusion-free

 

Solution Guide

How to fix rpmfusion-(non)free repo error in CentOS 6.4
http://www.aliencoders.com/content/how-fix-rpmfusion-nonfree-repo-error-centos-64

 

The steps are:

  • Identify the Repository that rpmfusion is using
  • Remove Fedora RPM Fusion files
  • Install Prerequisite (EPEL 6)

 

Which Repo is rpmfusion* using?

Query active repositories by issuing “yum repolist enabled” request:

Command: 
yum repolist enabled | grep -i rpmfusion

Output:

listRepos for rpmFusion

We can see that rpmFusion is using the one for Fedora 6.


Remove Fedora Files

Remove installed rpmfusion repositories

#RPM Fusion for Fedora 6 - Free
sudo rpm -e rpmfusion-free-release

#RPM Fusion for Fedora 6 - Free - Updates
sudo rpm -e rpmfusion-free-updates-release   

 

 

Identify Redhat CentOS ( EL ) Files

Identify the files that we need:

Visit http://download1.rpmfusion.org/free/ and be sure to identify the URL to the files that we need for EL (Enterprise Linux ).

 

RPMFusion--Free--Folder

 

Install CentOS Files

Here is the script that we used for installing the RPMFusion files:

 

# EPEL6-FAQ
# http://fedoraproject.org/wiki/EPEL6-FAQ
# EPEL6 is an add on repository for RHEL and it's variants. It contains packages RHEL.
# yum local install
sudo yum localinstall --nogpgcheck http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

# epel-release-6-8.noarch.rpm
sudo rpm -Uvh http://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm

# Install RPMFusion - v6 - free - works on 32/64 bit
sudo yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm 

# Install RPMFusion - v6 - nonfree - works on 32/64 bit
sudo yum localinstall --nogpgcheck http://download1.rpmfusion.org/nonfree/el/updates/6/i386/rpmfusion-nonfree-release-6-1.noarch.rpm

   

 

 

Error: ERROR 22 – “The requested URL returned error: 403 Forbidden”

 

Tried:

sudo yum localinstall –nogpgcheck http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm
But, got the error:

http://centos.alt.ru/repository/centos/6/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 403 Forbidden”

Trying other mirror.

Error: Cannot retrieve repository metadata (repomd.xml) for repository: CentALT. Please verify its path and try again

 

Validate Problem

Review the current contents of the /etc/yum.repos.d/centalt.repo file.

 

Command:

cat /etc/yum.repos.d/centalt.repo

 

Output:

centalt-repo

 

 

Solution Guide

Here is the link we will follow to hopefully repair the problem.

repository metadata (repomd.xml) for repository: mratwork-centalt
http://unix.stackexchange.com/questions/132674/repository-metadata-repomd-xml-for-repository-mratwork-centalt

which states to change from a specific URL to a mirrored one.

In essence we are changing the baseurl from http://centos.alt.ru/repository/centos/6/$basearch/ to http://mirror.sysadminguide.net/centalt/repository/centos/6/$basearch/.

 

Example:

 

# mkdir /etc/yum.repos.d/deprecated/20140823
sudo mkdir -p /etc/yum.repos.d/deprecated/20140823

#backup file
sudo cp /etc/yum.repos.d/centalt.repo /etc/yum.repos.d/deprecated/20140823

#Change baseurl from old to new
#baseurl.new=http://centos.alt.ru/repository/centos/6/$basearch/ 
#baseurl.new=http://mirror.sysadminguide.net/centalt/repository/centos/6/$basearch/ 
sudo sed -i 's/centos.alt.ru/mirror.sysadminguide.net\/centalt/g' /etc/yum.repos.d/centalt.repo

 

References

References – Linux Installation Tools

References – Tool – YUM

 

References – Tool – RPM

 

References – Tool – Generic

 

References – Repository

References – Repository – epel

 

References – RPMForge

 

References – Linux Commands

 

References – Linux Commands – sed

 

References – VLC – Installation

 

References – VLC – Installation – Q&A

 

 

References – Repository – Installation – Errors

 

References – Error – Repository Metadata (respond.xml) for repository – CentAlt

 

References – Error – Fix rpmfusion

 

Technical: Linux – CentOS – Connected Servers Shares not showing up in some “File open” Dialogs

Technical: Linux – CentOS – Connected Servers Shares not showing up in some “File open” Dialogs

Background

In Google Chrome and Firefox, I am a trying to upload some images from a network computer, but those shares are not showing up.

 

Connect to Server

Imagine for a few minutes, you are on your Linux box and you need to connect to your WIndows box and upload some files \ images.

Im my case, my Linux box is a CentOS and so from my desktop, I access the Desktop Menu bar and click on the menu items Places and “Connect To Server …”.

 

ConnectToServer

 

Windows Shares Not Visible

Unfortunately, based on my Application, I have a slightly different Open Dialog:

 

gEdit

gEdit

 

 

Chrome

Chrome

 

 

 

Firefox

 

Firefox

 

The major differences for me is that  in gEdit, I am able to locate my network shares… That slot is “/danieladeniji/<server-name>” and in our example it is only visible (as the last entry on the left panel) in gEdit.

 

Using Samba, Mount Windows Resources\Shares

Install Utilities

Install Utilities – samba-client


sudo yum install samba-client

We are good… as we got back

Package samba-client-3.6.9-168.el6_5.i686 already installed and latest version

 

Install Utilities – samba-common


sudo yum install samba-common

We are good… as we got back

Package samba-common-3.6.9-168.el6_5.i686 already installed and latest version
Nothing to do

 

Install Utilities – cifs-utils

sudo yum install cifs-utils

 

We are good… as we got back

 Package cifs-utils-4.8.1-19.el6.i686 already installed and latest version

Using Samba, Mount Windows Resources\Shares

 

Create Mnt Folder

sudo mkdir /mnt/demobox__DanielAdeniji

Mount Mnt Folder

sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi,sec=ntlm

 

By the way had a lot of problems with this step.  Pasted below are some of incorrect entries we entered and the corresponding errors.

 

Aliased Hostname 

When I tried issuing against an alias name


sudo mount --verbose -t cifs //aliasName/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi,sec=ntlm

 

When we tried obfuscating our hostname by adding an alias name to our hosts files, and targeting that aliasname, here is the error message we get

mount error(5): Input/output error

 

Crediting Pastorino
http://www.linuxquestions.org/questions/linux-networking-3/cifs-mount-error-5-%3D-input-output-error-but-smbfs-works-456897/

 

 

Incorrect Password

If the password is incorrect


sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi,sec=ntlm

wrong password

mount error(13): Permission denied

 

 

If Password contains special characters

If the password contains special characters such as !


sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi!,sec=ntlm

you will get an error message, such as “event not found

bash: !,sec=ntlm: event not found

to correct quote your password

sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password='candi!',sec=ntlm

see we replace candi, with ‘candi!’

 

List Mount Points

Using the mount command, we will list our mount points

Syntax:


mount -v

 

Sample:


mount -v | grep -i "Daniel"

 

Output:

ListMountPointsThatHaveDanielInTheirName

 

 

List Mount Point Contents

Using the mount command, we will list our mount points

Syntax:


ls /mnt/<folder>

 

Sample:


ls /mnt/demobox__DanielAdeniji | more

 

Mounted Folders

So though we still can not view connected servers, we can access our Windows Shares through the mnt folders (/mnt)

 

OpenFile--MountPoints

 

 

Windows Computer Names and Aliases

Btw, to use aliases for MS Windows host names, place them in your /etc/samba/lmhosts file.

etc--samba--lmhosts

 

This is one way you can avoid the “mount error(5): Input/output error” we spoke about earlier.

Keep in mind that trying to use the /etc/hosts will not do.

Dedication

I am going to dedicate this post to Bart and Jorge Castro.  They firmly, yet economically stated this question in a Q/A post titled “gvfs – How do applications open from/save to smb shares? – Ask Ubuntu” ( http://askubuntu.com/questions/224441/how-do-applications-open-from-save-to-smb-shares ).

For me, a newbie, clear and concise concerns helps declutter my space and rather than waste time trying to see if my environment is not properly setup, I can spend cycle trying to bridge seeming implementation gaps.

 

References

References – Mounting Windows Share – Blog

 

References – Mounting Windows Share – Q/A

 

References – Off Topic

Desktop – Linux \ Windows – Unable to move Application Windows as Top Bar is not visible

Background

There are so much we do on the computer that we are not even aware how we do it. For example, moving and resizing a screen we know we click on something and start moving things around.

But, when we can not do it, we try to see if there alternatives to the more obvious pathways.

 

Problem

My problem has occurred a couple of times in the last few days. I am moving things out of the way and then all of a sudden, I am unable to to move the Application Screen back to focus.

 

Topbar-Not-ShowingUp

 

In the image pasted above, I am no longer able to move and resize my Chrome Application.

Solution

I googled for ways to move things around, but was unsuccessful at describing the problem appropriately.

The best help came via:

Ask Leo – I can’t see the top of a window so I can’t minimize/maximize or close – what can I do
http://askleo.com/i_cant_see_the_top_of_a_window_so_i_cant_minimize_maximize_or_close_what_can_i_do-2/

 

His advice is that I should invoke the System Menu, via keystrokes; specifically ALT-spacebar.

So went back to the little window that is still visible and click in the client Area; there by making sure that the Application is the Active Window and thus the recipient of any key.

And, then hold down ALT while pressing the space-bar.

SystemMenu-Small

Once we did so, we have a nice system menu that, and I can now access the “Move” option.

I suppose I could have accessed ALT-F7, all this time.

Prior to know, I was using CTRL-Shift-W to close otherwise orphaned Chrome Windows.

Chrome – Keyboard Shortcuts
https://support.google.com/chromebook/answer/183101?hl=en

 

Thanks Leo.

 

 

Technical: DNS – Query for Name Server (NS) – On Linux\CentOS Using Dig

Technical: DNS – Query for Name Server (NS) – On Linux\CentOS Using Dig

 

Install

Install – whois

Install whois:

sudo yum -y install jwhois

 

Install – dig

As Dig is part of the bind-utils, install bind-utils

sudo yum -y install bind-utils

 

 

 

Using Dig

On Linux, we can use dig to query for Name Servers.

Using Dig – Query System’s default Name Server

Syntax:

dig  NS <domain-name> +noall +answer

 

Sample:

dig  NS youtube.com +noall +answer

 

Output:

DigQueryForNameServer

Explanation:

In the example above, we are querying the system’s default Name Server.  And, asking it for the authoritative nameservers for the youtube.com domain.

 

Using Dig – Target specific name server

In case something is wrong with our default named server or our default Named Server has been configured not to forward DNS Queries, we can target another DNS Server.

 

Syntax:

dig  @NS <domain-name> NS +noall +answer

 

Sample:

dig  @68.94.156.1 bbc.co.uk  NS +noall +answer +stats

 

Output:

DigQueryForNameServer- target specific server

 

Explanation:

In the example above, we are specifically targeting an AT&T named server (68.94.156.1) and querying for bbc.co.uk domain NameServers.

We do not really need the stats answer block (Query time, Server, when), but included it so that we can confirm that our result came from the specific server that we requested that it comes from.

To exclude stats data, remove +stats or add nostats.

 

 

Using Dig – Query DNS Server (and got back SERVFAIL)

Using dig, query DNS Server and we are getting back SERVFAIL.

Syntax:

dig  <domain-name> NS

 

Sample:

dig notfullysetup.org NS

 

Output:

Image:

dig -- SERVFAIL

Textual:



[dadeniji@adelia tmp]$ dig NS notfullysetup.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> NS 
notfullysetup.org

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;notfullysetup.org. IN NS

;; Query time: 42 msec
;; SERVER: 68.87.66.196#53(68.87.66.196)
;; WHEN: Mon Apr 28 10:23:04 2014
;; MSG SIZE rcvd: 33

[dadeniji@adelia tmp]$ 

 

Explanation:

In the example above, we are querying a DNS Server and getting back an error status, specifically SERVFAIL.

SERVFAIL means that an authoritative server is registered, but it is unreachable or faulty.

 

Using Dig – Query DNS Server tracing delegation path

Using dig, query DNS Server and note the delegation path.

Syntax:

dig  <domain-name> +trace

 

Sample:

dig notfullysetup.com +trace

 

Output:

[dadeniji@adelia tmp]$ dig NS notfullysetup.com +trace

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> NS notfullysetup.org +trace

;; global options: +cmd
. 319385 IN NS h.root-servers.net.
. 319385 IN NS m.root-servers.net.
. 319385 IN NS e.root-servers.net.
. 319385 IN NS i.root-servers.net.
. 319385 IN NS g.root-servers.net.
. 319385 IN NS j.root-servers.net.
. 319385 IN NS a.root-servers.net.
. 319385 IN NS l.root-servers.net.
. 319385 IN NS d.root-servers.net.
. 319385 IN NS b.root-servers.net.
. 319385 IN NS k.root-servers.net.
. 319385 IN NS c.root-servers.net.
. 319385 IN NS f.root-servers.net.
;; Received 496 bytes from 68.87.66.196#53(68.87.66.196) in 727 ms

com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
;; Received 505 bytes from 2001:7fe::53#53(2001:7fe::53) in 1038 
ms

notfullysetup.com. 172800 IN NS ns1.notfullysetup.com.
notfullysetup.com. 172800 IN NS ns2.notfullysetup.com.

dig: couldn't get address for 'ns1.notfullysetup.com': no more

[dadeniji@adelia tmp]$ 


 

Explanation:

In the case listed above we asked for a trace on what dig did, and it says that the root servers were queried and returned our ns1 and ns2 name servers.

But, we were unable to get the address for ns1.

Upon taking a second look, you might also notice that the first query went to the root servers and we were referred to the gtld-servers.net servers.

Keep in mind that *.gltd-servers.net servers are authoritaive for .com top level domain.

 

Who Is

As one plays more with dig, you might find it important to make sure that your NameServers are properly recorded, as well.

The whois utility provides a nice complement to dig.
Syntax:

whois <domain-name>

 

Sample:

whois wordpress.com | egrep 'Name Server'

 

Output:

whoIs

 

 

Helpful Hints

Helpful Hints – When specifying Name Server

When specifying Name Server using @NS, see if you can use IP Address , as the initial DNS resolution for NS might itself fail.

Helpful Hints – When querying for specific Name, place a period at end of full name

When querying for a specific name, please place a period at end of the name to indicate that the default name (resolv.conf in linux) not be appended to the hostname.

 

References

References – Installation

 

References – DNS Examples

References – DNS TroubleShooting

 

References – DNS TroubleShooting – Trace

 

References – DNS – Q&A