Re: [CentOS] Configuring BIND to answer to two domain names (four IP addresses)
On Sat, Sep 25, 2010 at 18:15, Les Mikesell wrote: >> For completeness: there is the BIND 9 Administrator Reference Manual, >> known as the ARM, usually supplied under /usr/share/doc/. >> And what many consider to be the standard reference, Liu and Albitz's >> "DNS and BIND" published by O'Reilly. I believe it's up to the >> 5th edition now; an earlier edition used to be provided online. >> If you're serious about learning DNS you ought to consider this book. > > Learning bind is sort of like learning sendmail though. They both do a > million > things you'll never need (and if you do you should probably change your > design...). The trick - especially when you start with the full references - > is > to figure out the simple part you need to understand and ignore the rest. And > when using distribution-packaged versions, most of what you need is already > there. > Most certainly. I think that my major problem is that I tried to "learn BIND" instead of learning how to get it to do the specific thing that I needed it to do. It's like learning the entire Japanese language just to be sure to know how read the bathroom signs on a two-hour stopover in Tokyo. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] couple questions about initrd.img
here's hoping this is on topic. as part of the extra goodies i'm going to give my RHEL/centos basic admin class this week, i'm going to get them to open up the standard initrd.img file and see what's inside. i just did that myself and have a couple simple questions. first, while the cpio archive physically contains a number of basic /dev special files, the top-level "init" script runs "mknod" to create them all, anyway. not a big deal, but is it fair to say that populating the initrd.img with those initial /dev files is redundant since init creates them all, anyway? also, i note that that "init" script appears to call a couple scripts/commands that don't exist in the initrd, such as hotplug and mkblkdevs. again, not a big deal but if i show the students what's in that initrd, chances are someone's going to notice the above and ask about it, so i might as well have an answer. thanks. rday -- Robert P. J. Day Waterloo, Ontario, CANADA Top-notch, inexpensive online Linux/OSS/kernel courses http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Raid 10 questions...2 drive
Thanks everyone for the input...I have decided to go with the f2 option, however the rebuild time seems to be taking quite a long time, almost 24hr...I have read that there are options for speeding this up but want to make sure that they are ok to dohas to do with setting the minimum speed limit... # sysctl dev.raid.speed_limit_min # sysctl dev.raid.speed_limit_max On Sat, Sep 25, 2010 at 9:39 PM, Tom H wrote: > On Sat, Sep 25, 2010 at 4:04 PM, Ross Walker wrote: > > On Sep 25, 2010, at 1:52 PM, Tom H wrote: > >> On Sat, Sep 25, 2010 at 11:48 AM, Ross Walker > wrote: > >>> On Sep 25, 2010, at 9:11 AM, Christopher Chan < > christopher.c...@bradbury.edu.hk> wrote: > Jacob Bresciani wrote: > > RAID10 requires at least 4 drives does it not? > > > > Since it's a strip set of mirrored disks, the smallest configuration > I > > can see is 4 disks, 2 mirrored pairs stripped. > > He might be referring to what he can get from the mdraid10 (i know, > Neil > Brown could have chosen a better name) which is not quite the same as > nested 1+0. Doing it the nested way, you need at least 4 drives. Using > mdraid10 is another story. Thanks Neil for muddying the waters! > >> > >> > >>> True, but if you figure it out mdraid10 with 2 drives = raid1, you > would need 3 > >>> drives to get the distributed copy feature of Neil's mdraid10. > >> > >> I had posted earlier ( > >> http://lists.centos.org/pipermail/centos/2010-September/099473.html ) > >> that mdraid10 with two drives is basically raid1 but that it has some > >> mirroring options. In the "far layout" mirroring option (where, > >> according to WP, "all the drives are divided into f sections and all > >> the chunks are repeated in each section but offset by one device") > >> reads are faster than mdraid1 or vanilla mdraid10 on two drives. > > > > If you have any two copies of the same chunk on the same drive > > then redundancy is completely lost. > > > > Therefore without loosing redundancy mdraid10 over two drives > > will have to be identical to raid1. > > > > Reads on a raid1 can be serviced by either side of the mirror, I > > believe the policy is hard coded to round robin. I don't know if it is > > smart enough to distinguish sequential pattern from random and > > only service sequential reads from one side or not. > > > >>> For true RAID10 support in Linux you create multiple mdraid1 physical > >>> volumes, create a LVM volume group out of them and create logical > >>> volumes that interleave between these physical volumes. > >> > >> Vanilla mdraid10 with four drives is "true raid10". > > > > Well like you stated above that depends on the near or far layout > pattern, > > you can get the same performance as a raid10 or better in certain > > workloads, but it really isn't a true raid10 in the sense that it isn't a > stripe > > set of raid1s, but a distributed mirror set. > > > > Now don't get me wrong I'm not saying it's not as good as a true raid10, > > in fact I believe it to be better as it provides way more flexibility and > is a > > lot simpler of an implementation, but not really a raid10, but something > > completely new. > > You must've misunderstood me. > > mdraid10 on two disks: it is raid1 but you have the option of > mirroring, for example, cylinder 24 on disk 1 with cylinder 48 on disk > 2; the Wikipedia article says that it makes reads faster (I don't > understand why but that's a different story). > > mdraid10 on four disks: it is true raid10 but you also have various > "--layout=" options. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring BIND to answer to two domain names (four IP addresses)
I think you should be able to do this using BIND views with match-destinations. Have one view match destinations for 1.1.1.1 and 1.1.1.2 and the other for 1.1.1.3 and 1.1.1.4. Create a zone in one view for exampleA.com and one in the other for exampleB.com Ryan On Fri, Sep 24, 2010 at 1:08 PM, Dotan Cohen wrote: > On a CentOS 5 server, I am having a hard time configuring BIND to > answer to 4 IP addresses for 2 domain names. > > Currently, I have four IP addresses, for sake of discussion they are: > 1.1.1.1 > 1.1.1.2 > 1.1.1.3 > 1.1.1.4 > > Additionally, I have two domain names. For sake of discussion: > exampleA.com > exampleB.com > > My goal is to have 1.1.1.1 & 1.1.1.2 as the nameservers for > exampleA.com, and 1.1.1.3 & 1.1.1.4 as the nameservers for > exampleB.com. Apache is running on this machine, and should of course > serve pages for the sites. > > I think that I've got the apache configuration down, but the BIND > configuration is eluding me. I've read the following fine manual, but > I am still stuck: > http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-bind.html > > Additionally, I have googled for "how to configure bind for multiple > domain names" and the like, but I see no mention of the IP addresses > configuration. Can I simply configure any IP address that the server > answers to as the nameservers? What am I missing? > > Thank you in advance! > > -- > Dotan Cohen > > http://gibberish.co.il > http://what-is-what.com > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Bugzilla 3.6.2 + sendmail + SELinux
Hello,
I have deployed Bugzilla 3.6.2 on CentOS 5 (with rpmforge perl-*
packages) and I have a problem with SELinux preventing mail being sent
via sendmail.
(see SELinux reports below, especially the second one)
When SELinux is in permissive mode, mail sending from Bugzilla is
working properly.
Has anybody got recent Bugzilla to work with SELinux on CentOS?
Thanks in advance!
Mathieu
Summary:
SELinux is preventing the sendmail from using potentially mislabeled files
./spool (var_spool_t).
Detailed Description:
SELinux has denied the sendmail access to potentially mislabeled files ./spool.
This means that SELinux will not allow httpd to use these files. Many third
party apps install html files in directories that SELinux policy cannot predict.
These directories have to be labeled with a file context which httpd can access.
Allowing Access:
If you want to change the file context of ./spool so that the httpd daemon can
access it, you need to execute it using chcon -t httpd_sys_content_t './spool'.
You can look at the httpd_selinux man page for additional information.
Additional Information:
Source Contextsystem_u:system_r:httpd_bugzilla_script_t
Target Contextsystem_u:object_r:var_spool_t
Target Objects./spool [ dir ]
Sourcesendmail
Source Path /usr/sbin/sendmail.sendmail
Port
Host
Source RPM Packages sendmail-8.13.8-8.el5
Target RPM Packages
Policy RPMselinux-policy-2.4.6-279.el5_5.1
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name httpd_bad_labels
Host Name www
Platform Linux www 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21
05:04:09 EDT 2010 x86_64 x86_64
Alert Count 1
First SeenMon Sep 27 02:07:43 2010
Last Seen Mon Sep 27 02:07:43 2010
Local ID 24372577-2d4c-4bbe-be6b-ea9100b7c3ed
Line Numbers 11701, 11702
Raw Audit Messages
type=AVC msg=audit(1285546063.60:15): avc: denied { search } for
pid=3420 comm="sendmail" name="spool" dev=dm-2 ino=158722
scontext=system_u:system_r:httpd_bugzilla_script_t:s0
tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
type=SYSCALL msg=audit(1285546063.60:15): arch=c03e syscall=80
success=no exit=-13 a0=7fffeddf6060 a1=17 a2=fff a3=0 items=0
ppid=3418 pid=3420 auid=4294967295 uid=48 gid=48 euid=48 suid=48
fsuid=48 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295
comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=system_u:system_r:httpd_bugzilla_script_t:s0 key=(null)
Summary:
SELinux is preventing sendmail (httpd_bugzilla_script_t) "create" to
(httpd_bugzilla_script_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that this access
is required by sendmail and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Contextsystem_u:system_r:httpd_bugzilla_script_t
Target Contextsystem_u:system_r:httpd_bugzilla_script_t
Target ObjectsNone [ unix_dgram_socket ]
Sourcesendmail
Source Path /usr/sbin/sendmail.sendmail
Port
Host
Source RPM Packages sendmail-8.13.8-8.el5
Target RPM Packages
Policy RPMselinux-policy-2.4.6-279.el5_5.1
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name catchall
Host Name www
Platform Linux www 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21
05:04:09 EDT 2010 x86_64 x86_64
Alert Count 1
First SeenMon Sep 27 02:07:43 2010
Last Seen Mon Sep 27 02:07:43 2010
Local ID f7aa29e4-40d9-4184-904e-4dfb93c57ea7
Line Numbers 11703, 11704
Raw Audit Messages
type=AVC msg=audit(1285546063.61:16): avc: denied { create } for
pid=3420 comm="sen
Re: [CentOS] Bugzilla 3.6.2 + sendmail + SELinux
/snip >Allowing Access: /snip Out of curiosity, when you read the log, did you attempt the suggestion w/o success? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] operating system upgrade/reinstall
Hello, I am planning to upgrade the operating system from CentOS4.8 to the latest CentOS5. Is there a detailed, step by step instruction on the installation/.upgrade procedure? Thank you very much for any suggestions and advices, Sincerely, Zhiyong ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dev.centos.org backuppc package
> -Original Message- > From: Jason Pyeron > Sent: Sunday, September 26, 2010 1:02 > To: CentOS mailing list > Subject: dev.centos.org backuppc package > > I have a few updates to fix some bugs. > Do attachments get striped? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dev.centos.org backuppc package
On Mon, 2010-09-27 at 00:19 -0400, Jason Pyeron wrote: > > -Original Message- > > From: Jason Pyeron > > Sent: Sunday, September 26, 2010 1:02 > > To: CentOS mailing list > > Subject: dev.centos.org backuppc package > > > > I have a few updates to fix some bugs. > > > > Do attachments get striped? --- If your trying to attach a source rpm I would think so. Post a link to it instead. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
