Archive for April, 2009

How to disable IPv6 in Debian

Thursday, April 23rd, 2009

I’ve recently installed a new LDAP server on Debian Lenny and I wanted to disable IPv6 as it is unnecessary for me in this moment. With netstat I checked the listening processes:

netstat -tunlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2226/slapd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2215/sshd
tcp6 0 0 :::389 :::* LISTEN 2226/slapd
tcp6 0 0 :::22 :::* LISTEN 2215/sshd

and lsmod showed something like this:

Module Size Used by
ipv6 235364 12
...

So, to disable IPv6 I changed /etc/modprobe.d/aliases:
...
# alias net-pf-10 ipv6
# Disable ipv6
alias net-pf-10 off
alias ipv6 off
...

I also disabled these lines in /etc/hosts to avoid confusions:

...
## The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts

Finally I restarted the server.

shutdown -r now

Now the situation is like this:

netstat -tunlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2233/slapd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2216/sshd

lsmod|grep ipv6

...

No IPv6.

Tags: ,
Posted in Linux Debian, Tips and Tricks | No Comments »

dig: basic usage

Wednesday, April 15th, 2009

Today we are going to take a quick look at dig. According to the man pages:

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output.

Let’s see how to lookup the DNS servers for the domain karkomaonline.com:

dig karkomaonline.com -t ns

The -t option specifies the query type (a, any, mx, ns, txt… ), being a the default. The -t ns option will look-up the Name Servers for the domain karkomaonline.com. You should get something like this:

; <<>> DiG 9.4.2-P2 <<>> karkomaonline.com -t ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4825
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1


;; QUESTION SECTION:
;karkomaonline.com.        IN    NS


;; ANSWER SECTION:
karkomaonline.com.    172800    IN    NS    dns010.d.register.com.
karkomaonline.com.    172800    IN    NS    dns024.c.register.com.
karkomaonline.com.    172800    IN    NS    dns071.a.register.com.
karkomaonline.com.    172800    IN    NS    dns150.b.register.com.


;; ADDITIONAL SECTION:
dns010.d.register.com.    48    IN    A    216.21.236.10


;; Query time: 172 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Wed Apr 15 22:46:35 2009
;; MSG SIZE  rcvd: 152

The interesting part is the ANSWER SECTION, that lists the name servers for the mentioned domain. You can get a shorter output of the same command:

dig karkomaonline.com -t ns +short

dns010.d.register.com.
dns071.a.register.com.
dns024.c.register.com.
dns150.b.register.com.

Now look up the mail servers for the same domain:

dig karkomaonline.com -t mx

...
;; ANSWER SECTION:
karkomaonline.com.    86400    IN    MX    0 mailhost.karkomaonline.com.
...

From the output of the first example you can see that by default dig queried my internal DNS server (configured in /etc/resolv.conf):

...
;; SERVER: 192.168.1.9#53(192.168.1.9)
...

You can change this behaviour by instructing dig to query a specific name server:

dig @dns010.d.register.com karkomaonline.com -t mx

...
;; ANSWER SECTION:
karkomaonline.com.    86400    IN    MX    0 mailhost.karkomaonline.com.


;; ADDITIONAL SECTION:
mailhost.karkomaonline.com. 86400 IN    A    94.75.208.171


;; Query time: 181 msec
;; SERVER: 216.21.236.10#53(216.21.236.10)
...

Note that the queried server now is 216.21.236.10.

More info::

Tags:
Posted in Tips and Tricks | No Comments »