At the very beginning examiner will give you a work station with rhel-5.3 installed.
He will not tell you the password of root account.
To access your work station you have to login in single user mode and change the password of your own.
Which, you will have to change afterward.
Now machine will boot normally and you can login with the password that you have just given.
After login you will see a page where you have to put your name
(please check the name as exactly waht you want to see on your RHCE certificate) and email id.
Then a password will be generated automatically in a text file at your desktop.
Where, you will find the root password for the exam. Just change the root password as told in the file. Example:
Suppose you have set a password redhat by using single user mode.
But the file says your password will be hatred.
#passwd
And type 'hatred' twice.
Note: In redhat linux e means edit, b means boot. Your should give your valid email id on the user form. Please try to use gmail cause sometimes yahoo and hotmail bounce the mail from redhat or put it to junk folder. Cause you pass or fail redhat will send you a mail. And also check the spelling of your name. I think you wont like to get a online certificate with misspelled name.
And last, please click some of the adds on my blog. This will generate some money for me via adsense.
That is the first part of the RHCE. Next I will post about network setup of RHCE exam.
Berkeley Internet
Name Domain is the most commonly used DNS server on the Internet, especially on
Unix-like systems, where it is a de facto standard. Supported by Internet
Systems Consortium. BIND was originally created by four graduate students with
CSRG at the University of California, Berkeley and first released with 4.3BSD.
Paul Vixie started maintaining it in 1988 while working for DEC.
History:
================================================
BIND was
originally written in the early 1980s under a DARPA grant. In the mid-1980s,
DEC employees took over BIND development. One of these employees was Paul
Vixie, who continued to work on BIND after leaving DEC. He eventually helped
start the ISC, which became the entity responsible for maintaining BIND.
The development
of BIND 9 was done with a combination of commercial and military contracts.
Most of the features of BIND 9 were funded by UNIX vendors who wanted to ensure
that BIND stayed competitive with Microsoft's DNS offerings; the DNSSEC
features were funded by the US military who felt that DNS security was
important.
Things Covered:
================================================
• Two DNS Servers
(Master and Slave) [Internal External]
• Internal DNS
server exists on private non-routable network (192.168.X.X)
• External DNS
server is visible to the internet (142.25.97.X)
• Internal DNS
server has three private computer A record entries (mythical)
• Internal DNS
server receives updates from external master server (every 3 hours)
• External DNS
server does not contain internal A record entries
• Internal Server
is not to be visible/routable on the internet
• External DNS
server contains all entries for Apache Sites #1 - #7 (site1, site2)
• Restrict
recursive queries from people not within the 142 network
• The DNS server
must run in a chroot environment where it is secure
• External DNS
server is configured to update slave (internal server)
• A veritas
backup of your DNS server
Network
Configuration:
================================================
-1 Linksys run of
the mill router
-2 RHEL 5
machines that will act as primary and secondary DNS
-2 Optional
machines that will act as end users or apache servers on the primary network
and the secondary.(142.25.97.90 and 10.0.0.20 respectively)
Primary DNS
servers IP is 142.25.97.89 and has the fully qualified domain name of
ns.orangespike.ca
Secondary DNS
servers IP is 10.0.0.10 and has the fully qualified domain name of
slave.orangespike.ca
The gateway for
the router is 142.25.97.40 and is port forwarding 53 UDP/TCP to the secondary
DNS.
Installation:
================================================
yum install bind*
yum install caching-nameserver
(If you do not
know how to yum , that is a different issueJ)
vi etc/hosts and
add the following entry ( IP and qualified domain name of that server ):
142.25.97.89
ns.orangespike.ca
Next, set the
static IP with utility setup from terminal and check the following file:
vi
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=MAC
address of adapter
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=142.25.97.89
GATEWAY=142.25.97.254
TYPE=Ethernet
Now go to
/var/named/chroot/etc/ and do a ls -la
You should see
about three or four files: localtime, named.conf, named.rfc1912.zones, rndc.key
Note if there is
no named.conf, and you have a named.caching-nameserver.conf use cp to create a
named.conf in the terminal by:
cp
named.caching-nameserver.conf named.conf
Goto
/var/named/chroot/var/named/ and touch the following files:
On the actual
Primary server if you use those two commands they may not work correctly,
except for nslookup within reason. It will use its loopback address or
localhost address.
NOTE::: this is
not great for testing on the secondary slave server.
Secondary
Slave Name Server Configuration And named.conf:
================================================
On a second
machine on the private network install bind and packages like the above primary
server and prepare named.conf again like previous.
Set the static IP
with the setup command again, but to an IP that is behind and on that LAN.
Continuing on,
make the following simple changes. Its pretty self explanitory, but one major
note is the bottom of this conf file. The masters, and slave keywords establish
the relationship with the master server.
In the folder you
just created: (inside ) I created the zone file sub.orangespike.com -
The point of this
file is to act as a subdomain for the internal/private network.
The outside
cannot see this nameserver, nor can the big brother nameserver
(ns.orangespike.ca)
$ORIGIN
sub.orangespike.com.
$TTL 3600 ; 1 hr
@ IN SOA
slave.orangespike.ca. root.localhost. (
2008020502 ;
serial
3600 ; refresh 1
hr
3600 ; retry 1 hr
1209600 ; expire
2 weeks
3600) ; minimum 1
hr
sub.orangespike.com.
IN NS slave.orangespike.ca.
test.sub.orangespike.com.
IN A 10.0.0.20
test2.sub.orangespike.com.
IN A 10.0.0.20
test3.sub.orangespike.com.
IN A 10.0.0.20
Now create the
rev zone file which I called sub.orangespike.com.rev.zone in the same directory
that you had made the previous file.
$ORIGIN
0.0.10.in-addr.arpa. ;
$TTL 86400
@ IN SOA
slave.orangespike.ca. root.localhost. (
2008020503 ;
serial
3600 ; refresh
after 1 hour
3600 ; retry
after 1 hour
604800 ; expire
after 1 week
86400) ; Min TTL
of 1 day
0.0.10.in-addr.arpa.
NS slave.orangespike.ca.
20.0.0.10.in-addr.arpa.
IN PTR test.sub.orangespike.com.
20.0.0.10.in-addr.arpa.
IN PTR test2.sub.orangespike.com.
20.0.0.10.in-addr.arpa.
IN PTR test3.sub.orangespike.com.
One final change
before you restart the slave named service is to edit the slave hosts resolve
file.
The reason for
this is that we want it to use the big brother ( ns.orangespike.ca ) as its
DNS.
vi
/etc/resolv.conf
; generated by
/sbin/dhclient-script
nameserver
142.25.97.89
search
orangespike.ca
Now restart named
with the following command and hopefully you get no errors:
service named
restart
Additional
Private Network Configuration:
================================================
On that router
that we had previously configured, we want it to use the DNS server wejust
made. I gave mine a static IP address of 10.0.0.10 just to clarify again and
told the router to use my DNS server.
Also on the other
box, we want it to use DNS of the slave so change /etc/resolv.conf to use
10.0.0.10 and presto we are almost done :)
On another
machine use dig and nslookup like you had previously to test the primary
nameserver and the output should look similar.
;; flags: qr aa
rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION
SECTION:
;test.sub.orangespike.com.
IN A
;; ANSWER
SECTION:
test.sub.orangespike.com.
3600 IN A 10.0.0.20
;; AUTHORITY
SECTION:
sub.orangespike.com.
3600 IN NS slave.orangespike.ca.
;; Query time: 24
msec
;; SERVER:
10.0.0.10#53(10.0.0.10)
;; WHEN: Sat Oct
27 04:29:30 2007
;; MSG SIZE rcvd:
92
Backing
Up The DNS Servers:
================================================
The easiest way
to backup the DNS servers is to just backup their conf files and zones with a
simple bash script to another location. Then putting that script into the CHRON
and scheduling it every so often if needed.
