iMehedi Infotech: 2013

Monday, December 30, 2013

How to Install and Configure Open LDAP server and client in Debian 6 (Squeeze)

What is LDAP?
============

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

A directory is similar to a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated temporary inconsistencies between the replicas may be OK, as long as they get in sync eventually.

LDAP Installation in Debian:

    # apt-get install slapd ldap-utils

After the completion of successful download of the LDAP Packages it will start installing automatically...
    Follow the Steps during Installation....

    >> Setup process will ask for Admin Password. Please provide your desired password
    >> You have to re-enter the same passowrd to match the previous given password.

LDAP Configuration in Debian:

If you want to configure LDAP you need to edit /etc/ldap/slapd.conf file....

    # vim /etc/ldap/ldap.conf

=============================================================
# LDAP Defaults

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=mehedi,dc=com
URI     ldap://192.168.0.15/

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
=============================================================

Run the Configuration assistant....(Reconfigure)

        # dpkg-reconfigure slapd

The following options will appear and chose the appropriate options as follows:
====================================================================
    >> Ommit OpenLDAP Server configuration [SELECT NO]
    >> Enter DNS Domain Name [mehedi.com] "without bracket"
    >> Enter Organization Name [MEHEDI COMPANY] "without bracket"
    >> Enter the LDAP Administrator password *********
    >> Re-enter the password *********
    >> Select the backend database [ SELECT HDB]
    >> Do you want the database to be removed when slapd is purged [SELECT YES]
    >> Move Old database [SELECT YES]
    >> Allow LDAPv2 Protocol? [SELECT NO]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        ya..Great work man....you have done....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now check you ldap server....
======================

    # ldapsearch -x

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# extended LDIF
# LDAPv3
# base <dc=mehedi,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# mehedi.com
dn: dc=mehedi,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Mehedi
dc: mehedi

# admin, mehedi.com
dn: cn=admin,dc=mehedi,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# Group, mehedi.com
dn: ou=Group,dc=mehedi,dc=com
ou: Group
objectClass: organizationalUnit
objectClass: top

# Admin Group, Group,mehedi.com
dn: cn=Admin Group,ou=Group,dc=mehedi,dc=com
cn: Admin Group
gidNumber: 1001
objectClass: posixGroup
objectClass: top

# Mehedi Hasan, Admin Group, Group, mehedi.com
dn: cn=Mehedi Hasan,cn=Admin Group,ou=Group,dc=mehedi,dc=com
givenName: Mehedi
sn: Hasan
cn: Mehedi Hasan
uid: mehedi
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/users/mehedi
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install phpldapadmin for LDAP Server Administration:

    # apt-get install phpldapadmin

Create a symbolic link for phpldapadmin directory.
    # ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin

Now we have to edit the config file:

    # vim /etc/phpldapadmin/config.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','Unixmen LDAP Server');
$servers->setValue('server','host','192.168.0.15');
$servers->setValue('server','base',array('dc=mehedi,dc=com'));
$servers->setValue('login','bind_id','cn=admin,dc=mehedi,dc=com');
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Common Errors and Solution :

=========================================================
Cannot create a posixAccount / posixGroup in a clear LDAP directory
=========================================================

Just we have to commented out the <readonly> tag in posixAccount.xml and posixGroup.xml

    # vim /etc/phpldapadmin/templates/creation/posixAccount.xml

-----------------------------------------------------------
<attribute id="uidNumber">
        <display>UID Number</display>
        <icon>terminal.png</icon>
        <order>6</order>
        <page>1</page>

        <value>=php.GetNextNumber(/;uidNumber)</value>
</attribute>
-----------------------------------------------------------

    # vim /etc/phpldapadmin/templates/creation/posixGroup.xml

-------------------------------------------------------------

<attribute id="gidNumber">
        <display>GID Number</display>
        <order>2</order>
        <page>1</page>

        <spacer>1</spacer>
        <value>=php.GetNextNumber(/;gidNumber)</value>
        
</attribute>
--------------------------------------------------------------

Finally restart the Apache2 service:

    # /etc/init.d/apache2 restart

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Now open a browser and give the URL http://192.168.0.15/phpldapadmin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Remember the following important steps:
     >> Firstly add an Organizational Unit (OU)
    >> Under the created OU we will create a new Generic:Posix Group
    >> Under the posix group add or create some Generic: User Account

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

===========================================
===========================================
LDAP Cleint Configuration (Debian Squeeze):
===========================================
===========================================

LDAP client-package Installation in Debian:

    # apt-get install libnss-ldap libpam-ldap nscd

During installation it will ask you for several credentials:

    >> ldap://192.168.0.15 [ Use ldap not ldapi ]
    >> dc=mehedi,dc=com    [ as yours ]
    >> LDAP version to use : 3
    >> LDAP account for root: [clear every thing. The field should be Blank]
    >> LDAP root account Password: [Leave it Blank]
    >> Allow LDAP admin account to behave like local root? : NO
    >> Does the LDAP database require login? : NO

Now we should modify the nsswitch file for Ldap to work....
    # vim /etc/nsswitch.conf

add ldap beside compat in first three lines...[as follows]

-------------------------------------
passwd:         compat ldap
group:            compat ldap
shadow:         compat ldap

hosts:             files dns
networks:       files

protocols:      db files
services:        db files
ethers:           db files
rpc:               db files

netgroup:       nis
--------------------------------------

At this stage we have to reconfigure LDAP cleint package by the following command:
    # dpkg-reconfigure libpam-ldap

    Now it will ask you for several credentials again:

    >> ldap://192.168.0.15 [ Use ldap not ldapi ]
    >> dc=mehedi,dc=com    [ as yours ]
    >> LDAP version to use : 3
    >> Allow LDAP admin account to behave like local root? : NO
    >> Does the LDAP database require login? : NO
    >> Local encryption algorithm to use for passwords: crypt
    >> PAM profiles to enable: [select both Unix & LDAP Authenticaion]

=======================================================================
Yahhhooooo.....great job...reboot LDAP client pc and login with LDAP user and passwd
=======================================================================
After successfully login with LDAP user name and password it will you a message [No directory, Logging in with HOME=/]

ha ha ha now check the Ldap server passwd file by the following command:
    # getent passwd

now you can see the ldap users that you have create in LDAP admin panel.....

Monday, December 16, 2013

How to Setup and Configure WebHTB in Debian Squeeze

First of All we will ready our server as an Web Server with Database & SSL Support:

    # apt-get install mysql-server mysql-client apache2
    # apt-get install openssl ssl-cert
    # mkdir /etc/apache2/ssl
    # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
    # a2enmod ssl
    # /etc/init.d/apache2 force-reload
    # cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Change the SSL port 80 to 443:

# vim /etc/apache2/sites-available/ssl

=>> change <VirtualHost *:80> to

       <VirtualHost *:443>

=>> Add the following two lines between <virtualHost> container

</VirtualHost>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

</VirtualHost>

ReEnable SSL and forcefully restart the services:

# /etc/init.d/apache2 force-reload
# a2ensite ssl
# /etc/init.d/apache2 restart

Download and Install the required Packages:

# apt-get install libphp-adodb php5-cli php5-gd php-pear php5-snmp php5-adodb phpmyadmin curl libnet-netmask-perl

Downlad and configure WebHTB package and upzip package:

# apt-get install bzip2
# cd /var
# wget http://www.webhtb.ro/downloads/WebHTB_V2.9.bz2
# tar -jxvf WebHTB_V2.9.bz2
# chown -R www-data.www-data /var/webhtb

Now add the following lines in ssl file:

# vim /etc/apache2/sites-available/ssl

Alias /webhtb /var/webhtb
<Directory "/var/webhtb">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
SSLEngine On

The ssl file should look like this Finally (In my case)
=======================================
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        Alias /webhtb /var/webhtb
        <Directory "/var/webhtb">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        </Directory>
        SSLEngine On

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
================================================

Restart the apache2 service:

# a2ensite ssl
# /etc/init.d/apache2 restart

Go to your favorite web browser and navigate the following Link:
https://Server-Ip-Address/webhtb/setup/

Now the Graphical Mode config will start......

    >> Give the mysql root password in the asking password text boxes...
    >> Chose the appropriate interface.. {Remember it should be your LAN facing interface not WAN }
    >> After pressing Apply it will redirect you https://Server_Ip_Address/webhtb/index.php#

=======================================================================
$$$$$ Here you Don't Need to add any new Interface bcoz you have already assigned a NIC in Setup Phase.
=======================================================================

Add Class from the (Classes+) Menu:

    >> Go to Classes+ >> Add Classes >> Add a New Class page will arrive..{add here as you need}

Now you have to Add Client:

    >> Go to Add client Menu
                >> CLINT can be any name but PCName (Client PC)can be a good one.
                >> BANDWIDTH IS IN kbps (kilo bit not byte)
                >> LIMIT (Limit at a certain bandwidth as you want...)
                >> MAC (You can apply policy through specific MAC)
                >> BURST & PRIORITY should be default (If you are not an Advanced User)
                >> UPLOAD (You can specify upload throttle speed)

            Optional:
            >> SRC IPS should be your gate way ip
                >> DST IPS should be your Client PC IP

How to Compress and Decompress Files and Folders In Linux (tar & untar)

========================
Create and Extract .bz2 Files
========================

Introduction:

bzip2 and bunzip2 are file compression and decompression utilities. The bzip2 and bunzip2 utilities are newer than gzip and gunzip and are not as common yet, but they are rapidly gaining popularity.
The bzip2 utility is capable of greater compression ratios than gzip. Therefore, a bzip2 file can be 10-20% smaller than a gzip version of the same file. Usually,files that have been compressed by bzip2 will have a .bz2 extension.

Installing bzip2 in debian:

# apt-get install bzip2

To uncompress a tar.bz2 file:

# bunzip2 iRedMail-0.7.4.tar.bz2

Now iRedMail-0.7.4.tar.bz2 file is converted to iRedMail-0.7.4.tar. [bz2 will go away..only tar extention will remain]

To untar the tar file:

# tar -xvf iRedMail-0.7.4.tar

To uncompress only bz2 file not (tar.bz2) :

# tar -jxvf WebHTB_V2.9.bz2

===========================
Compressing a File Using bzip2:
===========================

To compress a file using bzip2:

# bzip2 imehedi.txt

To compress a folder using bzip2:

# tar -jcvf archive_name.tar.bz2 directory_to_compress {SYNTAX}

    Example:
            # tar -jcvf iRedMail-0.7.4.tar.bz2 iRedMail-0.7.4

========================
Create and Extract Zip Files
========================
Zip is probably the most commonly used archiving format out there today. Its biggest advantage is the fact that it is available on all operating system platforms such as Linux, Windows, and Mac OS, and generally supported out of the box. The downside of the zip format is that it does not offer the best level of compression. Tar.gz and tar.bz2 are far superior in that respect. Let’s move on to usage now.

To compress a directory with zip do the following:

    # zip -r archive_name.zip directory_to_compress {Syntax}

    Example:
           # zip -r imehedi.zip mehediDocs

To decompress or unzip a directory with zip do the following:

    # unzip archive_name.zip {Syntax}

    Example:
           # unzip imehedi.zip

=======================
Create and Extract tar Files
=======================

Tar is a very commonly used archiving format on Linux systems. The advantage with tar is that it consumes very
little time and CPU to compress files, but the compression isn’t very much either. Tar is probably the Linux/UNIX
version of zip – quick and dirty.

To compress a directory with tar do the following:

            # tar -cvf archive_name.tar directory_to_compress {SYNTAX}

    Example:
            # tar -cvf imehedi.tar imehediDocs

To decompress or untar a directory with zip do the following:


         # tar -xvf archive_name.tar {Syntax}

    Example:
           # tar -xvf imehedi.tar

============================
Create and Extract TAR.GZ Files
============================

This format is my weapon of choice for most compression. It gives very good compression while not utilizing too much of the CPU while it is compressing the data

To compress a directory with tar.gz do the following:

           # tar -zcvf archive_name.tar.gz directory_to_compress {Syntax}

    Example:
           # tar -zcvf imehedi.tar.gz imehediDocs

To compress a directory with tar.gz do the following:

         # tar -zxvf archive_name.tar.gz {Syntax}

    Example:
         # tar -zxvf imehedi.tar.gz

Saturday, December 14, 2013

How to Completely Backup and Restore Linux Mail Server

========
Concept:
========

Following files/dirs are required for traditional Linux user management:
* /etc/passwd - contains various pieces of information for each user account

* /etc/shadow - contains the encrypted password information for user's accounts and optional the password aging information.

* /etc/group - defines the groups to which users belong

* /etc/gshadow - group shadow file (contains the encrypted password for group)

* /var/spool/mail - Generally user emails are stored here.

* /home - All Users data is stored here.

You need to backup all of the above files and directories from old server to new Linux server.

================
Backup Procedure
================

Step 1:

First create a tar ball of old uses (old Linux system). Create a directory:
# mkdir /root/move/

Step 2:

Setup UID filter limit:
# export UGIDLIMIT=500

Users that are added to the Linux system always start with UID and GID values of as specified by Linux distribution or set by admin.
Limits according to different Linux distro:

    RHEL/CentOS/Fedora Core : Default is 500 and upper limit is 65534 (/etc/libuser.conf).
    Debian and Ubuntu Linux : Default is 1000 and upper limit is 29999 (/etc/adduser.conf).

Step 3:

Now copy /etc/passwd accounts to /root/move/passwd.mig using awk to filter out system account (i.e. only copy user accounts)
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig

Step 4:

Copy /etc/group file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /root/move/group.mig [for RHEL/CentOS/Fedora ]
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=29999)' /etc/group > /root/move/group.mig [for Debian/Ubuntu ]

Step 5:

Copy /etc/shadow file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > /root/move/shadow.mig   [for RHEL/CentOS/Fedora ]
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=29999) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > /root/move/shadow.mig   [for Debian/Ubuntu ]

Step 6:

Copy /etc/gshadow (rarely used):
# cp /etc/gshadow /root/move/gshadow.mig

step 7:

Make a backup of /home and /var/spool/mail dirs:
# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/mail
# tar -zcvpf /root/move/mail1.tar.gz /var/spool/mail

Step 8:
Use scp or usb pen or tape to copy or paste /root/move to a new Linux system.

Where,

    Users that are added to the Linux system always start with UID and GID values of as specified by Linux distribution or set by admin. Limits according to different Linux distro:
        RHEL/CentOS/Fedora Core : Default is 500 and upper limit is 65534 (/etc/libuser.conf).
        Debian and Ubuntu Linux : Default is 1000 and upper limit is 29999 (/etc/adduser.conf).

    You should never ever create any new system user accounts on the newly installed Cent OS Linux. So above awk command filter out UID according to Linux distro.
    export UGIDLIMIT=500 - setup UID start limit for normal user account. Set this value as per your Linux distro.

    awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig - You need to pass UGIDLIMIT variable to awk using -v option (it assigns value of shell variable UGIDLIMIT to awk program variable LIMIT). Option -F: sets the field separator to : . Finally awk read each line from /etc/passwd, filter out system accounts and generates new file /root/move/passwd.mig. Same logic is applies to rest of awk command.

    tar -zcvpf /root/move/home.tar.gz /home - Make a backup of users /home dir

    tar -zcvpf /root/move/mail.tar.gz /var/spool/mail - Make a backup of users mail dir

================
Restore Procedure
================

Step 1:
First, make a backup of current users and passwords:
# mkdir /root/newsusers.bak
# cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

Step 2:
Create a directory in new Linux Server in which to be restored:
# mkdir /root/move/
paste all copied item to this directory from usb pen or tape like (group.mig, gshadow.mig, home.tar.gz, mail.tar.gz, passwd.mig, shadow.mig)

Step 3:
Now restore passwd and other files in /etc/
# cd /root/move/
# cat passwd.mig >> /etc/passwd
# cat group.mig >> /etc/group
# cat shadow.mig >> /etc/shadow
# /bin/cp gshadow.mig /etc/gshadow

Please note that you must use >> (append) and not > (create) shell redirection.

Step 4:
Now copy and extract home.tar.gz to new server /home
# cd /
# tar -zxvf /root/move/home.tar.gz

Step 5:
Now copy and extract mail.tar.gz (Mails) to new server /var/mail
# cd /
# tar -zxvf /root/move/mail.tar.gz

Step 5:
Now copy and extract mail1.tar.gz (Mails) to new server /var/spool/mail
# cd /
# tar -zxvf /root/move/mail1.tar.gz

Step 6:
# reboot

How to install and configure Caching-only DNS server in Debian

####################################################################

@@@@ Implementing a caching-only DNS on Debian @@@@@

####################################################################

Step 1:

# apt-get install bind9 dnsutils

Step 2:

The config for bind in Debian is a subdirectory structure in /etc/bind.

# cd /etc/bind

Step 3:

For a simple caching-only server, we have to leave /etc/bind/named.conf untouched . We just modify /etc/bind/named.conf.options file to give the forwarders IP address:

# vim named.conf.options

-----------------------------------------------------------------------------------------------------

options {

directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.

forwarders {

// OpenDNS servers

208.67.222.222; {Your ISP's DNS Address}

208.67.220.220; {Your ISP's DNS Address}

// ADSL router

192.168.1.1; {If gateway router is available}

};

// Security options

listen-on port 53 { 127.0.0.1; 192.168.1.100; };

allow-query { 127.0.0.1; 192.168.1.0/24; };

allow-recursion { 127.0.0.1; 192.168.1.0/24; };

allow-transfer { none; };

auth-nxdomain no; # conform to RFC1035

// listen-on-v6 { any; };

};

------------------------------------------------------------------------------------------------------

Step 4:

Restart bind to load the new configuration:

# /etc/init.d/bind9 restart

# service bind9 restart

Step 5:

Update /etc/resolv.conf, so DNS queries will be performed locally:

nameserver 127.0.0.1

Step 6: Test our caching only dns server

# dig www.yahoo.com

main portion of the output.................

;; Query time: 433 msec [First time dig]

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Mon May 24 05:18:21 2010

;; MSG SIZE rcvd: 265

//////////////////////////////////////////

;; Query time: 2 msec [Second time dig]

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Mon May 24 05:18:21 2010

;; MSG SIZE rcvd: 265

Important: we have to be more careful about the server ip address that means from which dns the query is responded. (SERVER: 127.0.0.1#53(127.0.0.1))

Check for possible syntax errors:

root@server:~# named-checkconf

How Do I See Current Cache?

Type the following command to dump cache(s) to the dump file called /var/cache/bind/named_dump.db:

# rndc dumpdb

# less /var/cache/bind/named_dump.db

# grep 'yahoo.com' /var/cache/named/named_dump.db

How Do I Debug BIND 9 Caching Server Problems?

The first place is to look error or warnings in /var/log/syslog file using the grep, cat, more, less or awk commands:

# tail -f /var/log/syslog

Is Port 53 Open?

Next make sure BIND 9 caching server is running on default port 53, run:

# netstat -tulpn | grep :53