ServerBuddies Support Blog

Troubleshooting BIND

There are a number of tools that are available to assist with testing and troubleshooting problems with your BIND configuration. The simplest tool on most systems is the host command, which simply performs an address lookup or a reverse address lookup. More complete information can be gathered using dig.

The simplest usage of host is to lookup an address, or a name.

Ask for the name servers that are authoritative for a domain by using the -t ns command line option..

The MX record can be retrieved by using the -t mx option.

Just like host, it is possible to query your default system resolver, or you can query a name server specified on the command line. For example, I could query my local name server about the nostarch.com domain.

More at http://doxfer.com/

Creating and editing ACLs

Before you can block or allow requests from some address, to some server or for some page you will need to create an appropriate ACL. The basic steps to do this are :

1. Select the type of ACL to create from the drop-down menu below the Access control lists table and click the* Create new ACL* button.

2. On the form that appears, enter a name for your new ACL in the ACL name field. If more than one has the same name, it will be treated as matched if any ACL with that name matches. The name should consist of only letters and numbers, with no spaces or special characters.

3. Fill in the rest of the form as explained in the table below.

4. In the Failure URL field, enter a complete URL that clients who are denied by this ACL will be redirected to. This allows you to define custom error pages to be displayed instead of the default Squid responses.

5. Click the Save button at the bottom of the form.

Once an ACL has been created you can edit it by clicking on its name in the list, changing the fields and clicking Save. Or your can delete it (if it is not in use by some proxy or ICP restriction) with the Delete button. As usual, the Apply Changes link must be used to activate any changes that you make.

Squid has an amazing number of ACL types, although not all are available in all versions of the server.

Many types of ACL are inappropriate for certain situations. For example, if a client sends a CONNECT request the URL path is unavailable, and thus a URL Path Regexp ACL will not work. In cases like this the ACL is automatically assumed not to match.

Article taken from - http://doxfer.com/Webmin/

Changing the proxy ports and addresses in Webmin

By default, Squid listens for proxy requests on TCP port 3128 on all of your system’s IP addresses. Because this is not the usual port that proxies are run on (8000 and 8080 seem to be the most common), you may want to change it. You might also want to edit the listening address so that only clients on your internal network can connect, if your system has more than one network interface.

To specify the ports that Squid uses, follow these steps :

1. On the module’s main page, click on the Ports and Networking icon.

2. In the Proxy addresses and ports table, select the Listed below option. In the table below, each row defines a listening port and optionally an address to bind to. Any existing ports and addresses will be listed, followed by a single blank row for adding a new one. In the first empty field in the Port column, enter a port number like 8000 or 8080. In the Hostname/IP address column, either select All to accept connections on any of your system’s interfaces, or the second option to enter an IP address in the adjacent text box. Using this table, Squid can be configured to listen on as many ports as you like. However, because only one blank row appears at a time you will need to save and re-open the form to add more than one new port.

3. ICP is a protocol used by Squid to communicate with other proxies in a cluster. To listen on a port other than the default of 3130 for ICP, fill in the ICP port field. This is not generally necessary though, as only other proxies ever use this protocol.

4. Squid will normally accept ICP connections on any IP address. To change this, select the second radio button in the Incoming UDP address field and enter one of your system’s interface IPs into its text field. This can be useful if all of the other proxies that your server might want to communicate with are on a single internal LAN.

5. Click the Save button at the bottom of the page to update the configuration file with your new settings, then click the Apply Changes link back on the main page to activate them.

Article taken from http://doxfer.com/

Configuration Files in Webmin

Most Webmin modules work by editing configuration files on your system, like

Each module knows which configuration files it manages, and what commands need to be run to activate them. Not all modules actually deal with config files though - for example, the MySQL module works by executing SQL commands.

As such, it cannot participate in the configuration backup process.

More in details at http://doxfer.com/Webmin/

The iostat command

The iostat command at its most basic provides an overview of CPU and disk I/O statistics:

Below the first line (which contains the system’s kernel version and hostname, along with the current date), iostat displays an overview of the system’s average CPU utilization since the last reboot.

The CPU utilization report includes the following percentages:

Percentage of time spent in user mode (running applications, etc.)

Percentage of time spent in user mode (for processes that have altered their scheduling priority using nice(2))

Percentage of time spent in kernel mode.

Percentage of time spent idle.

Below the CPU utilization report is the device utilization report. This report contains one line for each active disk device on the system.