eRacks Systems Tech Blog

Open Source Experts Since 1999

Fedora 28 is now available on all eRacks systems.

Choose Freedom. Choose Fedora.

    Surprised! Well this tag line is directly from the Fedora 28 official website, a complete Linux based Operating System. Fedora released their ‘Fedora 28 Final version‘ on ‘2018-05-01‘. It is very well known that ‘Fedora’ is always free for anyone to use, modify, and distribute. It is built and used by people across the globe who work together as a community known as ‘The Fedora Project’. Under the tagline Fedora offers,

Less setup, more innovation. Choose a flavor of Fedora
streamlined for your needs and get to work right away.

    Fedora 28 provides software to suit a wide variety of applications. The storage, memory and processing requirements vary depending on usage. For example, a high traffic database server requires much more memory and storage than a business desktop, which in turn has higher requirements than a single-purpose virtual machine.

 

Fedora28

Fedora 28

 

Fedora 28 is offered in 3 different streamlined flavors as,

    As flavor Fedora Workstation is a polished, easy to use operating system for laptop and desktop computers, with a complete set of tools for developers and makers of all kinds.

    Fedora Server is a powerful, flexible operating system that includes the best and latest datacenter technologies. It puts you in control of all your infrastructure and services.

    And Fedora Atomic provides the best platform for your Linux-Docker-Kubernetes (LDK) application stack.

What’s New in Fedora 28!

    It’s a great thing that Fedora 28 Accepted System Wide Changes Proposals and these changes have been made by the Fedora Engineering Steering Committee for the Fedora 28 Release as System Wide Changes.

Fedora 28 Boost 1.66 upgrade

    This change brings ‘Boost 1.66.0’ to Fedora 28. This will mean F28 ships with a recent upstream Boost release.

The aim is to synchronize Fedora with the most recent Boost release. Because ABI stability is one of explicit Boost non-goals, this entails rebuilding of all dependent packages. This has also always entailed yours truly assisting maintainers of client packages in decoding cryptic boost-ese seen in output from g++. Such care is to be expected this time around as well.

AArch64 Server Promotion

    Fedora community promoted Aarch64 server technologies to Primary Architecture status. This would include the Server installer, the DVD installer ISOs, the Cloud (qcow2 images) and Docker base images to the same status as other primary Server architectures. This would NOT currently include other components such as Workstation images/installs, any of the various spins, or Fedora Atomic components.

Though Fedora developers are looking to promote their AArch64 / ARM64 / ARMv8 server offerings to being a “primary architecture” for this next Fedora release but The Fedora AArch64 server installer, Cloud images, and Docker base images would be the same status then as the other primary server architectures like x86_64.

This promotion wouldn’t affect Fedora Workstation 28 with 64-bit ARM not being a primary architecture on that front for the time being. Additionally, it wouldn’t affect Fedora Atomic either.

The Red Hat / Fedora developers are confident in their AArch64 support now and believe on the server front it’s ready to be a primary architecture.

Among the supported AArch64 platforms by Fedora include the 96Boards HiKey, 96Boards Dragonboard, ARM Juno, Rapberry Pi 3, Pine64, and others.

GNOME 3.28

    Fedora 28 will also feature the latest version of GNOME desktop environment, GNOME 3.28. GNOME 3.28 has some improvements to the Calendar, Contacts and Clock apps. The default Cantarell font has been updated as well. Default video and music players of GNOME now support more media formats.

 

GNOME3.28

GNOME 3.28

 

A new Usage application has been introduced in GNOME 3.28 for examining CPU and memory consumption.

You can find the new features in GNOME 3.28 on its official website.

Anaconda modularization

    Anaconda installer splits into several modules those communicate over DBus using stable API.

 

Anaconda modularization

Anaconda Modularization

 

When talking about the Fedora/RedHat Anaconda installer it still brings back bad memories from the Anaconda fallout a few years ago when they went through some painful transitions that also led to release delays. In 2018, Fedora/RedHat developers are taking up the initiative of modularizing the Anaconda installer.

For the Fedora 28 release due out this spring, the plan is to split the Anaconda installer into several modules that in turn will communicate with eachother using a DBus API. The modularization effort sounds nice as long as it goes smoothly and doesn’t lead to any fallout like with past Anaconda overhaul initiatives (though admittedly Anaconda has been playing nicely the past number of releases and no complaints on my end currently).

Annotated Binaries

    This change causes extra information to be stored in binary files compiled by gcc. This information can be used by scripts to check on various features of the file, such as the hardening options used or potential ABI conflicts.

A new feature being considered for Fedora 28 is Annobin as a new GCC plugin that would implant extra information into generated binaries.

The GCC Annobin plugin would store extra information within binary files. Among the possibilities are storing ABI details, hardening options, or other build information into binaries that in turn could be picked up by used by other scripts for e.g. detecting potential ABI conflicts or embedding unit test results.

Annobin stores information in Fedora’s toolchain watermark format and currently this plugin is just for GCC.

The proposal for incorporating Annobin by default in Fedora 28 is outlined on the Fedora Wiki while this change more broadly outlines their toolchain watermark work.

Already this proposal has received some criticism, namely that embedded extra information into binaries will increase the file size but this embedded information isn’t relevant to all users, so perhaps it may be better kept into the debug-type builds.

Cloud-base and Container images for s390x

    This change is to bring s390x architecture closer to other Fedora architectures by adding widely used Fedora variants. This includes container images and Cloud-base images (qcow2 and raw format).

Deprecate TCP wrappers

    TCP wrappers is a simple tool to block incoming connection on application level. This was very useful 20 years ago, when there were no firewalls in Linux. This is not the case for today and connection filtering should be done in network level or completely in application scope if it makes sense. After recent discussions I believe it is time to go for this package, if not completely, then at least as a dependency of modern daemons in system by default.

Add-On Modularity

    Beginning in Fedora 28, Fedora will provide a new set of repositories for software and updates with alternative versions from those shipped in the default release.

Improved Laptop Battery Life

    No more manual tweaks! Fedora 28 will deploy several tweaks on its own to provide improved battery life. Improve Fedora (Workstation) Battery Life by enabling various hardware power-saving features by default.

 

Improved Laptop Battery Life

Improved Laptop Battery Life

 

    Fedora 28 will have the following power management tweaks:

  • Enabling auto-suspend for Intel HDA codecs saves around 0.4 W.
  • Enabling SATA ALPM by default saves up to 1.5 W.
  • Enabling i915 Panel Self Refresh by default saves around 0.5 W.

With these tweaks in place, some laptop models will see up to 30% of battery life improvements. While ‘power users’ can do these tweaks manually and achieve the same result, the idea is to provide an out of the box experience to every Fedora user. Indeed, a good thinking there.

Drop TCP wrappers support, OpenLDAP defaults to use only Shared System Certificates

    TCP wrappers are being deprecated in Fedora. Also, upstream discourages its usage in favour of other means of protection (e.g. firewall). After this change OpenLDAP will no longer be affected by TCP wrappers configuration.

In order to go forward with adoption of SharedSystemCertificates after this change OpenLDAP clients and server will default to use only the system-wide certificates store.

Switch OpenLDAP from NSS to OpenSSL

    Currently, OpenLDAP in Fedora is compiled with NSS (aka MozNSS) for crypto. OpenLDAP is going to be compiled with OpenSSL, instead.

Reduce Initial Setup Redundancy

    Currently there is a high level of redundancy between the Anaconda installer and gnome-initial-setup. This change aims to eliminate these redundancies and streamline the initial user experience in Fedora Workstation.

To make Fedora more beginner friendly, Fedora 28 Workstation will have fewer ‘questions’ to answer at the install time. There will be no root password anymore and the user password itself will be sufficient for the root actions, same as Ubuntu.

There will be some more code changes to reduce the redundancy between Anaconda installer and gnome-initial-setup.

Ruby 2.5

    Ruby 2.5.0 is the latest stable version of Ruby. Many new features and improvements are included for the increasingly diverse and expanding demands for Ruby. With this major update from Ruby 2.4 in Fedora 26 to Ruby 2.5 in Fedora 28, Fedora becomes the superior Ruby development platform.

 

Ruby 2.5.0

Ruby 2.5.0

 

Packaging Rust applications/libraries

    Added required tools/instructions for packaging applications/libraries written in Rust. Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.

Enabling Python Generators

    This change enables the ability to choose to use the Python module dependency generator for packages that provide Python Egg/Wheel metadata.

Django 2.0

    This change is about upgrading python-django to version 2.0. The latest Django release drops support for Python 2, but a few Django apps packaged in Fedora do not yet support Python 3. A compatibility package will be provided for those.

 

Python 3.6 + Django2.0 on Fedora 28

Python 3.6 + Django2.0 on Fedora 28

 

Kerberos in Python modernization

    Replace usage of python-krbV and pykerberos with python-gssapi in all Fedora packages to enable their removal from Fedora. rharwood will author all necessary code changes; no new code from maintainers is required.

VirtualBox Guest Integration

    VirtualBox is popular, easy to use virtual-machine software. The purpose of this change is to ship the VirtualBox guest-drivers and -tools by default in the Fedora workstation product.

Fedora 28 will see the addition of guest-drivers to the Fedora kernel package, packaging the userspace-tools (VirtualBox Guest Additions) and adding the VirtualBox Guest Additions package to the default package list for the Workstation product.

This means using Fedora in VirtualBox will have a better experience.

Stratis Storage

    Add initial support for Stratis, a local storage management solution. This will allow initial testing and user feedback that will guide Stratis’s development and stabilization.

VA-API 1.0.0

    This change is about upgrading libva and others to version 2.x. This change affects several multimedia players as there are both API and ABI changes. This will allow some VA-API backends to be updated, improving support for recent hardware.

librealsense2

    A new version of librealsense has been released, which does not support older camera versions. Bump librealsense to the new release and add the old library as librealsense1.

java-openjdk 10 – rolling release for Short Term Support releases of OpenJDK

    OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is built on openJDK 10. LTSs (next is 11) will go as separate packages.

PHP 7.2

    Update the PHP stack in Fedora to latest version 7.2.x.

    Including these Engineering Steering Committee also made others important change as

  • GCC8
  • GHC 8.2
  • The GNU C Library version 2.27
  • Glibc collation update and sync with cldr
  • Hardening Flags Updates for Fedora 28
  • IBus Unicode Typing
  • Switch libidn-using applications to IDNA2008
  • NIS switching to new libnsl to support IPv6
  • NSS Default File Format SQL
  • Rename “nobody” user
  • Replace glibc’s libcrypt with libxcrypt
  • Strong crypto settings: phase 1
  • Removal of Sun RPC Interfaces From glibc
  • Golang 1.10
  • Switch libcurl to use libssh instead of libssh2
  • A new time tool version 1.8 has changed output format.
  • Make authselect default tool instead of authconfig
  • Binutils version 2.29.1
  • Update Erlang/OTP to version 20.
  • Update fontconfig package to Fontconfig 2.13 as latest version.
  • Update the giflib package to the latest giflib-5.x version (currently 5.1.4).
  • Update Sugar to the new upstream 0.112 stable feature release.
  • Enabled Thunderbolt 3 peripherals in a secure way hardware out of the box.

 

 

NAS6

eRacks/NAS6

Get your Systems as per-configured with Fedora 28 or with any other Open Source Operating System from eRacks Store.

 

 

Minimum System Configuration for Fedora 28

    The figures below are a recommended minimum for the default installation. Your requirements may differ, and most applications will benefit from more than the minimum resources.

  • 1GHz or faster processor
  • 1GB System Memory
  • 10GB unallocated drive space

Low memory installations

    Fedora 28 can be installed and used on systems with limited resources for some applications. Text, VNC, or kickstart installations are advised over graphical installation for systems with very low memory. Larger package sets require more memory during installation, so users with less than 768MB of system memory may have better results preforming a minimal install and adding to it afterward.

 

Installation Fedora 28

Installation Fedora 28

 

Note:For best results on systems with less than 1GB of memory, use the DVD installation image.

Display resolution

    Graphical Installation requires 800×600 resolution or higher

Graphical installation of Fedora requires a minimum screen resolution of 800×600. Owners of devices with lower resolution, such as some netbooks, should use text or VNC installation.

Once installed, Fedora will support these lower resolution devices. The minimum resolution requirement applies only to graphical installation.

Minimum Hardware for Accelerated Desktops

    Fedora 28 supports most display adapters. Modern, feature-rich desktop environments like GNOME3 and KDE Plasma Workspaces use video devices to provide 3D-accelerated desktops. Older graphics hardware may not support acceleration:

  • Intel prior to GMA9xx
  • NVIDIA prior to NV30 (GeForce FX5xxx series)
  • Radeon prior to R300 (Radeon 9500)
  • CPU Accelerated Graphics

Systems with older or no graphics acceleration devices can have accelerated desktop environments using LLVMpipe technology, which uses the CPU to render graphics. LLVMpipe requires a processor with SSE2 extensions. The extensions supported by your processor are listed in the flags: section of /proc/cpuinfo

Choosing a Desktop Environment for your hardware

    Fedora 28’s default desktop environment, GNOME3, functions best with hardware acceleration. Alternative desktops are recommended for users with older graphics hardware or those seeing insufficient performance with LLVMpipe.

Desktop environments can be added to an existing installation and selected at login. To list the available desktops, use the dnf grouplist command:

# dnf grouplist -v hidden | grep desktop

Install the desired group:

# dnf groupinstall “KDE Plasma Workspaces”

Or, use the short group name to install:

# dnf install @mate-desktop-environment

 

 

Get Fedora 28

    If you want to have your system pre-configured with Fedora 28, simply choose as your Fedora Linux 28 Workstation / Server or Atomic for your “Operating System’ option with eRacks/FLASH10 or with any other system from eRacks Store. You Could call or email us for the configuration details. We do cover your requirements with our systems.

 

eRacks/FLASH10

eRacks/FLASH10

 

    Or, Fedora 28 is available to download in ISO format from here. It is available in various flavors mainly Fedora 28 Workstation for desktops, Fedora 28 Server for servers and Fedora 28 Atomic for containers.

May 8th, 2018

Posted In: New products, News, Open Source, Operating Systems

Tags: , , ,

Leave a Comment

There are many Open Source DNS server services for Linux systems. Here we’ll discuss about installing and configuring one of the most popular DNS server services among them known as “Bind9”. We’ll use another most popular Debian based Linux server operating system distributed by Canonical which is Ubuntu 16.04 LTS Server edition.

Other good DNS implementations include the native OpenBSD DNS implementation, as well as Dan Bernstein’s tinyDNS (AKA djbdns), but these are topics for future articles. (We use djbdns on OpenBSD, internally).

Successfully installing and configuring Bind9 Server service on Ubuntu 16.04 LTS server edition require several steps. For better understanding we’ll divide the total process into two main steps as ‘Basic installs’ and ‘Securing the DNS Server’ service. Each main category could be divided into several additional steps.

Basic Installing Steps:

  1. Install fresh Ubuntu 16.04 LTS Server OS on a server.
  2. Preparing the Ubuntu 16.04 LTS Server OS for installing Bind9 DNS Server Service.
  3. Install Bind9 DNS Server Service and configure Caching-only name server.
  4. Install and configure Primary DNS server or Master DNS server.
  5. Bind9 Post installation Configurations for successful service run on Ubuntu Server.
  6. Install and configure Secondary DNS server or Slave DNS server.

Securing Bind9 DNS Server Service:

  1. Configure SPF record for securing mail server under Bind9 DNS service.
  2. Configure DKIM record for securing mail server under Bind9 DNS service.
  3. Configure DNSSEC signing on Bind9 DNS Server Services.
  4. Configure DMARC Record for securing mail server under Bind9 DNS service.

For this tutorial we’ll use ‘eracks.com’ as domain and local IP address for demo and real time configurations (tested) behind the NAT network. The global & dedicated Systems could be configured just by replacing with your own domain and real IP assigned from your ISP. If you need further assistance please contact our eRacks Systems’ experts. Also, you could buy securely configured “DNS Server” as your requirements from eRacks SystemsshowRoom without any hassle. For your requirement please checkout.

For configuring DNS Servers we’ll use private IP from 192.168.88.0/24 network block where the usable Host IP Range is: 192.168.88.1 – 192.168.88.254; and Subnet Mask: 255.255.255.0. Our Router/NAT-gateway IP address is already configured as 192.168.88.1.

IP Address Block:	192.168.88.0/24
Usable Host IP Range:	192.168.88.1 - 192.168.88.254
Broadcast Address:	192.168.88.255
Total Number of Hosts:	256
Number of Usable Hosts:	254
Subnet Mask:	255.255.255.0
Wildcard Mask:	0.0.0.255
Options Primary/Master DNS Server Secondary/Slave DNS Server Client/Host Server
Host Name dnsmaster dnsslave hostserver
Domain eracks.com eracks.com eracks.com
IP Address IPv4: 192.168.88.17
IPv6: ::8817
IPv4: 192.168.88.250
IPv6: ::8250
IPv4: 192.168.88.17
IPv6: ::8221
FQDN dnsmaster.eracks.com dnsslave.eracks.com hostserver.eracks.com

Enough talk – Let’s see how it’s done!

 

eRacks/DNS


Get your Own Open Source DNS Server as pre-configured as ‘plug & Play’ from eRacks Systems’ ShowRoom.

 

 

 

Step 1: Install fresh Ubuntu 16.04 LTS Server OS on a server.

For learn how to install a fresh copy of Ubuntu 16.04 LTS Server OS on a server system visit this link.

Step 2: Preparing the Ubuntu 16.04 LTS Server OS for installing Bind9 DNS Server Service.

After installing, login the server directly or using SSH tunnel with IP address with user with root privileges.

The login screen will look like this;

 

Then run the following command and press enter and your given password to update the system.

administrator@ubuntu:~$ sudo apt-get update

 

For avoiding “sudo” command, we’ll configure the server as ‘root’ user. To do so, type the following command and press enter.

administrator@ubuntu:~$ sudo -s

 

Once the Update and Upgrade are done as root user, we need to edit the network interface for setting up the static IP address for the system with the following command;

root@ubuntu:~$ nano /etc/network/interfaces

Here On the popped-up screen find # The primary network interface and replace the beneath lines with the following;

# Static Primary Network Interface IPv4 Address
# Required for IPv4 (A) Records
auto eth0
	iface eth0 inet static
	address 192.168.88.17
	netmask 255.255.255.0
	network 192.168.88.0
	broadcast 192.168.88.255
	gateway 192.168.88.1
	dns-nameservers 8.8.8.8 8.8.4.4
	dns-domain eracks.com
# Optional Static IPv6 Address for Primary Network Interface
# Required for IPv6 (AAAA) Records
iface eth0 inet6 static	
	address fe80::215:5dff:fe58:6500
	netmask 65
	gateway fe80::2a3b:82ff:fe74:58f6

 

Once it is done, press Ctl + X to exit and Press ‘Y’ then Enter button to save the changes.

 

Next, we need to set up the hostname for this server. Thus, Run the following command to edit the host name;

root@ubuntu:~$ nano /etc/hostname

On the popped up screen replace the existing default host name “Ubuntu 16.04 LTS” with “dnsmaster” (since we’ll be setting the hostname as “dnsmaster“) then Press control + X to exit. And Press ‘Y’ then Enter button to save the changes. And then Run the following command to edit the hosts file;

Replace the existing with the following host record entries with the following;

root@ubuntu:~$ nano /etc/hosts

The entries will look like this;

Once done, press control + X to exit and Press ‘Y’ then Enter button to save the changes and reboot your system with the “reboot” command.

 

After rebooting and login to the server we’ll see that the default host name “ubuntu” is replaced with hostname “dnsmaster”. To get assure we could check the hostname and FQDN with the following commands respectively;

root@dnsmaster:~$ hostname
root@dnsmaster:~$ hostname -f

Once these are done the system is ready for installing the Bind9 DNS Server Service. And we could proceed to the next steps.

Note:We’ll login as as root user from the start.

 

Step3: Install Bind9 DNS Server Service and configure Caching-only name server.

Before installing ‘Bind9’ DNS Server on this server we need to make sure all the packages are up to date. So, we’ll update and upgrade all the apt packages with following command;

root@dnsmaster:~$ apt-get update && apt-get upgrade

 

Once the Update and Upgrade are done, we’ll install the ‘Bind9’ Packages with the following command;

root@dnsmaster:~$ apt-get install bind9

The screen will pop up for your permission for using additional disk space. For approval, press “Y” and then Enter button for installing the packages. The installation process will take a few whiles.

 

When the installation is done the system is ready for configuring Caching-only name server with Bind9 DNS Server service package. For configuring Caching-only name server run the following command.

root@dnsmaster:~$ nano /etc/bind/named.conf.options

 

On the popped-up screen find & uncomment the forwarders & set the forwarders as follows with google public DNS IP address & or with your ISP’s DNS IP address.

The entries will look like this

 

Next, press control + X to exit and Press ‘Y’ then Enter button to save the changes. And restart the Bind9 DNS Service with the following command.

root@dnsmaster:~$ systemctl restart bind9.service

 

For testing the Caching-only name server we need to run the dig command as follows;

root@dnsmaster:~$ dig google.com

If everything is okay, the command will dig up the following records;

Step4: Install and configure Primary DNS server or Master DNS server.

Before proceeding further, first we need to make sure the Ubuntu server is up-to-date. We could make sure by running the following commands;

root@dnsmaster:~$ apt-get update && apt-get upgrade

 

Before configuring Primary Name Server with Bind9, we could verify all the required packages are installed by running the following command;

root@dnsmaster:~$ apt-get install bind9 bind9utils bind9-doc

 

Once it is done, we are ready to configure our Primary Name Server with Bind9 on Ubuntu 16.04 LTS Server. And All configuration files be will be available under /etc/bind/ directory. To do so, we need to edit ‘named.conf.local’ file first, and make entry for our domain zone.

So, we’ll run the following command line for setting up our domain’s forward look up zone.

root@dnsmaster:~$ nano /etc/bind/named.conf.local

 

Then make the following entries for Forward Look Up Zone

// ### Forward Look Up Zone
zone "eracks.com" {
	type master;
	file "/etc/bind/forward.eracks.com";
	allow-transfer {none;};
	};

 

Reverse, look up zone is also recorded here. So, we’ll add the reverse look up zone with the first there part of the IP address in reverse way by ending with “.in-addr.arpa”. The zone name it’ll look like “88.168.192.in-addr.arpa” this. So, we’ll add the following records beneath the forward look up zone as well as following;

// ### Reverse Look Up Zone
zone "88.168.192.in-addr.arpa" {
	type master;
	file "/etc/bind/reverse.eracks.com";
	allow-transfer {none;};
	};

These entries will look like this;

 

Then we need to save the file and exit.

 

We’ve identified forward lookup zone via “file “/etc/bind/forward.eracks.com”;” and reverse lookup zone via “file “/etc/bind/reverse.eracks.com”;” on the “named.conf.local” file. Therefore, we need to create those two-database files for use as forward & reverse lookup zone under “/etc/bind/” directory.

For “forward.eracks.com” database, we’ll copy the existing “db.local” database file that is created as default with Binid9 installation under ‘/etc/bind/’ directory. To, do so we’ll run the following command;

root@dnsmaster:~$ cp /etc/bind/db.local /etc/bind/forward.eracks.com

Then we’ll edit the newly copied database file with the following command;

root@dnsmaster:~$ nano /etc/bind/forward.eracks.com

Then make the following entries for the database records;

; ###########################################################################
; ### ******************************************************************* ###
; ##### Forward Look Up Zone Data Files For eRacks.Com Domain ###############
; ###########################################################################
$TTL    3600
$ORIGIN eracks.com.
@	IN	SOA	dnsmaster.eracks.com.	root.eracks.com. (
								2018110111	;	Serial
										4800	;	Refresh
										360	;	Retry
									2419200	;	Expire
										7200 )	;	Negative Cache TTL
;
@	IN	NS	dnsmaster.eracks.com.
@	IN	NS	dnsslave.eracks.com.
@	IN	AAAA	::8817
@	IN	A	192.168.88.17
; ################################
; NameServer Records
; ###########################################################################
dnsmaster.eracks.com.	IN	A	192.168.88.17
dnsmaster.eracks.com.	IN	AAAA	::8817
dnsslave.eracks.com.	IN	A	192.168.88.250
dnsslave.eracks.com.	IN	AAAA	::8250
; ################################
; Other Host Records
; ###########################################################################
hostserver.eracks.com.	IN	A	192.168.88.221
hostserver.eracks.com.	IN	AAAA	::8221
;

 

It’ll look like this;

 

Next for “reverse.eracks.com” database, we’ll copy the existing “db.127” database file that is created as default with Binid9 installation under ‘/etc/bind/’ directory as well. So, we’ll run the following command;

root@dnsmaster:~$ cp /etc/bind/db.127 /etc/bind/reverse.eracks.com

And edit using the following command

root@dnsmaster:~$ nano /etc/bind/reverse.eracks.com

Entries for the database are follows

; ###########################################################################
; ### ******************************************************************* ###
; ##### Reverse Look Up Zone Data Files For eRacks.Com Domain ###############
; ###########################################################################
$TTL    3600
@	IN	SOA	dnsmaster.eracks.com.	root.eracks.com. (
								2018110111	;	Serial
										4800	;	Refresh
										360	;	Retry
									2419200	;	Expire
										7200 )	;	Negative Cache TTL
;
@	IN	NS	dnsmaster.eracks.com.
@	IN	NS	dnsslave.eracks.com.
; ################################
; NameServer Records
; ###########################################################################
17.88.168.192.in-addr.arpa.	IN	PTR	dnsmaster.eracks.com.
250.88.168.192.in-addr.arpa.	IN	PTR	dnsslave.eracks.com.
; ################################
; Other Host Records
; ###########################################################################
221.88.168.192.in-addr.arpa.	IN	PTR	hostserver.eracks.com.
;

Once it is done, we’ll save the file and exit.

It’ll look like this;

 

After that, we’ll restart the bind9 DNS Server Service with the following command.

root@dnsmaster:~$ systemctl restart bind9.service
root@dnsmaster:~$ service bind9 status

Note: We should be careful that all the records that finishes with letter (other than IP addresses), we need to add full-stop (“.”) at their end point to declare it is finished. Else, the bind9 will show an error.

 

For instant checkup, we need to set the resolver with nameserver as localhost IP 127.0.0.1 using following command;

root@dnsmaster:~$ nano /etc/resolv.conf

 

And at the beginning of the name server lists we need to add the following line, then save and exit.

nameserver 127.0.0.1

 

For checkup we’ll use the “dig” command for specific host record like following

root@dnsmaster:~$ dig eracks.com

 

The command will dig up the host records from the local DNS Server as follow

 

If the configuration is correct then the above command will not show any error. or if there is any error, we need to look at log file and troubleshoot the error. For detail about bind9 troubleshooting on Ubuntu Server please visit Ubuntu’s official “DNS Troubleshooting Page” or contact eRacks Systems’ expertise for the help.

 

Step 6: Bind9 Post installation Configurations for successful service run on Ubuntu Server.

When, the bind9 shows no error, we need to set the post installation configuration for Bind9 DNS Server Service to run successfully on Ubuntu Server. To do so, we’ll run these following commands for give appropriate access permission to the Bind9 Server Service and Allow through Ubuntu Firewall (ufw).At first, we’ll enable the bind9 DNS Server Service at the system start up with the following command. So that the Bind9 always starts automatically after the system reboot.

root@dnsmaster:~$ systemctl enable bind9.service

 

Then for the access permission for Bind9 on ubuntu server, we’ll run the following commands;

root@dnsmaster:~$ chmod -R 755 /etc/bind
root@dnsmaster:~$ chown -R bind:bind /etc/bind

 

We’ll also configure the Ubuntu firewall in order to allow Bind9 through Ubuntu firewall (ufw). For configuring ufw we’ll run the following commands one by one.

root@dnsmaster:~$ ufw app list
root@dnsmaster:~$ ufw allow “Bind9”
root@dnsmaster:~$ ufw reload
root@dnsmaster:~$ ufw status
root@dnsmaster:~$ ufw status verbose

 

Then we’ll restart both servives Bind9 and the ufw with the following commands;

root@dnsmaster:~$ systemctl restart bind9.service
root@dnsmaster:~$ systemctl restart service.service

 

We could always restart and check status of the Bind9 DNS Server Service with following command.

root@dnsmaster:~$ service bind9 restart
root@dnsmaster:~$ service bind9 status

 

If everything is alright, the Bind9 status report will show no error. Beside, we could always visit this MxToolbox website for more detail reports and troubleshooting by entering the domain.

May 8th, 2018

Posted In: How-To, Linux, Open Source, servers

Tags: , , ,

Leave a Comment

    Ubuntu 17.10, code named Artful Aardvark; I guess you already know that Artful means full of art or skill. And Aardvark is a medium-sized, burrowing, nocturnal mammal native to Africa. Colloquially, it is called African Ant Eater.

Nowadays Ubuntu become the world’s most popular desktop Linux operating system, and with its latest short-term support release, it’s clear Canonical want to keep a firm grip on the title.

Artful Aardvark

‘Artful Aardvark’ (Ubuntu 17.10)

As release with Artful Aardvark (Ubuntu 17.10) in October 19, 2017 Canonical continues Ubuntu’s proud tradition of integrating the latest and greatest open source technology into a high-quality, easy-to-use Linux distribution. Ubuntu 17.10 Artful Aardvark marks an all-new chapter in Ubuntu’s already rich history. As always, the team has been hard at work through this cycle, introducing new features and fixing bugs.

Ubuntu 17.10 Debuts with An All-New Desktop

This is the first version of Ubuntu to use GNOME Shell as the default desktop. ‘The HUD, global menu, and other Unity features are no longer included’. By choosing to drop Unity most of Ubuntu’s home-grown usability efforts also fall by the wayside.

Ubuntu 17.10 Desktop

Ubuntu 17.10 Desktop

In Unity’s place comes a bespoke version of GNOME Shell that is ‘customized’ to resemble something that’s superficially close to the Unity desktop layout. The Ubuntu 17.10 desktop uses a two-panel layout: a full-height vertical dock sits on the left-hand side of the screen, while a ‘top bar’ is stripped across the top.

The top bar plays host a new type of app menu, a calendar applet/message tray, app indicators, and a unified status menu for managing network, volume, Bluetooth and user sessions.

Ubuntu Dock

The new Ubuntu Dock is both a task manager and an application launcher. It shows icons for open and running software windows as well as ‘pinned’ launchers for user’s favorite apps.

Ubuntu Dock

Ubuntu Dock

The dock is also global; it displays icons/applications from all workspaces regardless of which one user is actually viewing.

Both the Ubuntu Dock and the top bar are semi-transparent, which adds nice visual presence. When a window touches either element the “dynamic transparency” feature kicks in to render both dock and top bar darker, making panel label contents more legible in the foreground.

Activities & Workspaces

The main “desktop” area remains a usable space on which user can place icons, folders and files.

Though there’s no longer a true global app menu, but the majority of apps place a small menu in the top bar bearing the name of the app in focus. These app menus contain a solitary ‘quit’ button at the least, or a full complement of options at most.

Workspaces

Activities & Workspaces

Workspaces are a common feature found on most modern desktop operating systems including Windows 10, so it’s a good thing that Ubuntu hasn’t ditched them. User can easily move windows between workspaces by clicking on a window and moving it on over the workspace.

Applications Overview

In Ubuntu 17.10 Applications are listed alphabetically, ordered into scrollable pages. User can launch an application by clicking on it, selecting it with keyboard arrow keys and pressing enter, or by touching it.

Applications Overview

Applications Overview

After years of ‘footnote’ releases that brought only minor tweaks, the ‘Artful Aardvark’ brings all-out with change, ready to usher in the new era. Under the hood, there have been updates to many core packages, including a new 4.13-based kernel, glibc 2.26, gcc 7.2, and much more in Ubuntu Desktop. Let’s have a brief list view on some of those updates.

  • On supported systems, Wayland is now the default display server. The older display server is still available: just choose Ubuntu on Xorg from the cog on the log in screen.
  • GDM has replaced LightDM as the default display manager. The login screen now uses virtual terminal 1 instead of virtual terminal 7.
  • Printer configuration is now done in the Settings app: Choose Devices and then Printers. The tool uses the same algorithms for identifying printers and choosing drivers as the formerly used system-config-printer, and makes full use of driverless printing to support as many printers as possible.
  • The default on screen keyboard is GNOME’s Caribou instead of Onboard.
  • Calendar now supports recurring events.
  • LibreOffice has been updated to 5.4.
  • Python 2 is no longer installed by default. Python 3 has been updated to 3.6.
  • The ‘Rhythm box’ music player now uses the alternate user interface created by Ubuntu Budgie developer David Mohamed.
  • The Ubuntu GNOME flavor has been discontinued. If a user is using Ubuntu GNOME, he will be upgraded to Ubuntu.

Note: Install gnome-session and choose GNOME from the cog on the login screen if user would like to try a more upstream version of GNOME. If any user’ d like to also install more core apps, he’d install the vanilla-gnome-desktop met package.

 

    Not only the Ubuntu 17.10 Desktop but also, there are significant changes into the Ubuntu 17.10 Server version too. For the Ubuntu Server 17.10, the OS Version for the printing server has been increased to announce Windows Server 2003 R2 SP2 ID mapping checks added to the testparm(1) tool. There are some ID mapping backends too, which are not allowed to be used for the default backend. Winbind will no longer start if an invalid backend is configured as the default backend. The others are as follows,

Ubuntu 17.10 Server

Ubuntu 17.10 Server

Qemu 2.10

Qemu has been updated to the 2.10 release. Since the last version was 2.8.

Among many other changes there is one that might need follow on activity by the user/admin: Image locking is added and enabled by default. This generally makes execution much safer, but can break some old use cases that now explicitly have to opt-in to ignore/share the locks by tools and subcommands using the –force-share option or the share-rw dqev property.

Libvirt 3.6

Libvirt has been updated to version 3.6.

LXD 2.18

LXD was updated to version 2.18. Some of the top new features of LXD 2.18 are:

  • Native Ceph RBD support.
  • Support for cloud instance types.
  • Pre-seeding of the “lxd init” questions through yaml.
  • New client library.
  • Improved storage handling (volume resize, auto re-mapping on attach, …).
  • A lot of small improvements to the client tool.

DPDK 17.05.2

Ubuntu 17.10 includes the latest release of DPDK that has stable updates: 17.05.2. This made it possible to integrate Open vSwitch 2.8.

Open vSwitch 2.8

Open vSwitch has been updated to 2.8. Though user need to specify dpdk devices via dpdk-devargs.

New BIND9 KSK

The DNS server BIND9 was updated to include the new Key Signing Key (KSK) that was published on July 11, 2017. Starting on October 11, 2017, that key will sign the root zone key, which in turn is used to sign the actual root zones.

Cloud-Init

The cloud-init version was updated to 17.1. Notable new features for cloud-init are as follows,

  • Python 3.6 support.
  • Ec2 support for IPv6 instance configuration.
  • Expedited boot time through cloud-id optimization.
  • Support for netplan yaml in cloud-init.
  • Add cloud-init subcommands collect-logs, analyze and schema for developers.
  • Apport integration from cloud-init via ‘ubuntu-bug cloud-init’.
  • Significant unit test and integration test coverage improvements.

Curtin

The Curtin version is updated to ‘0.1.0~bzr519-0ubuntu1’. New features are:

  • Network configuration passthrough for ubuntu and centos.
  • More resilient UEFI/grub interaction.
  • Better support for mdadm arrays.
  • Ubuntu Core 16 Support.
  • Improved bcache support.

Samba

Samba is updated to version 4.6.7. Important changes in the 4.6.x series are:

  • Multi-process Net logon support.
  • New options for controlling TCP ports used for RPC services.
  • AD LDAP and replication performance improvements.
  • DNS improvements.

    There are many other changes too. We recommend that all users read the release notes, which document caveats, workarounds for known issues, as well as more in-depth Release Notes.

    Users of Ubuntu 17.04 will be offered an automatic upgrade to 17.10. As always, upgrades to the latest version of Ubuntu are entirely free of charge.

Remember, here at eRacks, we offer pre-installed Ubuntu 17.10 Artful Aardvark with our new systems either directly from the OS dropdown, or by custom quote.

October 25th, 2017

Posted In: Debian, Linux, Open Source, servers, ubuntu

Tags: , , , ,

Leave a Comment

    Fedora (formerly Fedora Core) is a Unix-like operating system based on the Linux kernel and GNU programs (a Linux distribution), developed by the community-supported Fedora Project and sponsored by the Red Hat company. Fedora contains software distributed under various free and open-source licenses and aims to be on the leading edge of such technologies. Fedora is the upstream source of the commercial Red Hat Enterprise Linux distribution.

Since the release of Fedora 21, three different editions are available: Workstation, focused on the personal computer, Server and Cloud for servers, and Atomic being the edition meant for cloud computing. As released on July, 11, 2017 they introduced Fedora 26!

fedora26

Fedora 26 has arrived with thousands of improvements to development tools, partitioning tools, better caching of user and group information, better debugging, an improved DNF package manager, and so much more.

Let’s see some of many upgraded System Requirements & features, those are new Fedora 26 offering.

Minimum System Requirements

Fedora 26 provides software to suit a wide variety of applications. The storage, memory and processing requirements vary depending on usage. For example, a high traffic database server requires much more memory and storage than a business desktop, which in turn has higher requirements than a single-purpose virtual machine. Your requirements may differ, and most applications will benefit from more than the minimum resources.

Fedora 26 recommended minimum System Configuration for the default installation are as follows:

  • 1GHz or faster processor
  • 1GB System Memory
  • 10GB Usable Drive Space

Fedora 26 can be installed and used on systems with limited resources. Text, VNC, or kickstart installations are advised over graphical installation for systems with very low memory. Larger package sets require more memory during installation, so users with less than 768MB of system memory may have better results preforming a minimal install and adding to it afterward.

For best results on systems with less than 1GB of memory, one should use the DVD installation image. Fedora also give us some guidelines for it’s best practices and performances.

  • Graphical installation of Fedora requires a minimum screen resolution of 800×600. Owners of devices with lower resolution, such as some netbooks, should use text or VNC installation. Once installed, Fedora will support these lower resolution devices. The minimum resolution requirement applies only to graphical installation.

  • Fedora 26 supports most display adapters. Modern, feature-rich desktop environments like GNOME3 and KDE Plasma Workspaces use video devices to provide 3D-accelerated desktops. Systems with older or no graphics acceleration devices can have accelerated desktop environments using LLVMpipe technology, which uses the CPU to render graphics. LLVMpipe requires a processor with SSE2.

 

Features

Fedora 26 offers latest GNOME 3.24, LibreOffice 5.3, Fedora Media Writer, Improved Qt app compatibility & so on…

GNOME 3.24

gnome-3-24

Newest version of the GNOME desktop now has a Natural Light Filter feature that changes display’s color temperature. It works based on the time of day and helps prevent sleeplessness and eye strain. Also, there are updates to the Settings panel for online accounts, printers, and users. The notifications area sports a cleaner, simpler layout, with integrated weather information.

For developers, Builder now features improved support for systems like Flatpak, CMake, Meson, and Rust. It also integrates Valgrind to help profile your project. There are numerous other improvements, which you can find in the GNOME 3.24 release notes.

 

LibreOffice 5.3

The latest version of the popular office suite features many changes. It includes a preview of the experimental new NotebookBar UI. There’s also a new internal text layout engine to ensure consistent text layout on all platforms.

 

Fedora Media Writer

The new version of the Fedora Media Writer can create bootable SD cards with Fedora for ARM devices such as Raspberry Pi. It also features better support for Windows 7 and screenshot handling. The utility also notifies you when a new release of Fedora is available.

 

Improved Qt app compatibility

The Adwaita theme contains many improvements and looks closer to its GTK counterpart than ever. There are also two variants ported to Qt, dark and high contrast. If you switch to dark or high contrast Adwaita, your Qt apps will switch as well.

 

            Matthew Miller, Fedora Project Leader, wrote in a Fedora Magazine post about Fedora 26. As he wrote “First, of course, we have thousands of improvements from the various upstream software we integrate, including new development tools like GCC 7, Golang 1.8, and Python 3.6. We’ve added a new partitioning tool to Anaconda (the Fedora installer) — the existing workflow is great for non-experts, but this option will be appreciated by enthusiasts and sysadmins who like to build up their storage scheme from basic building blocks. F26 also has many under-the-hood improvements, like better caching of user and group info and better handling of debug information. And the DNF package manager is at a new major version (2.5), bringing many new features. Really, there’s new stuff everywhere — read more in the release notes.”

 

Among the current Fedora users, most of may wish to go straight for the clean install—which makes perfect sense and always winds up with a reliable and stable instance.

As with release of latest version of Fedora, we offer latest Fedora 26 with our systems as pre-configured according to your custom quote…

July 15th, 2017

Posted In: Fedora, News, Open Source, Operating Systems

Tags: , , ,

Leave a Comment

We now support the new Ubuntu operating system.

ubuntu-17-04

April 15th, 2017

Posted In: Uncategorized

Leave a Comment

The latest OpenMandriva is available from us! https://www.openmandriva.org/

om-300pl

March 1st, 2017

Posted In: Uncategorized

Leave a Comment

https://arstechnica.com/information-technology/2017/02/specs-for-first-intel-3d-xpoint-ssd-so-so-transfer-speed-awesome-random-io/

UPDATE 3/25/17 JJW:

The M.2 Optane won’t be readily available until later this year or likely 2018 – but it’s a good space to watch, as in our experience the internal interconnect technology and architecture will surely improve, to catch up with the underlying 3D X-Point silicon technology.

j

February 10th, 2017

Posted In: Open Source, Technology

Tags: ,

One Comment

Mozille BrowserID / Persona Dies

A Sad Day – Mozille BrowserID / Persona Dies

It’s a sad day – the best of the federated Authentication Providers, without its own agenda or privacy issues, has shut down, due to the public’s apparent lack of interest and / or awareness.

Mozilla Persona, which started life several years ago as BrowserID, was the only one of the OpenAuth-based Authentication providers that didn’t insist on being logged in to a commercial site in order to be authenticated by proxy at the time – with all the privacy issues that entails.

Although it’s no secret that The Public is notorious for not caring about (or not even being aware of) privacy (or at least sacrificing it in favor of convenience), it’s unfortunate that the Mozilla Foundation has chosen not to spend the time, effort, and money to educate the public, as it has chosen to do with its other products.

Here are some relevant excerpts from the shutdown page:

FAQs

A website I use requires Persona for login, what should I do?

You will need to contact the site owner and ask about their plans for migrating away from Persona.

Mozilla staff can find more information about the progress of migrating internal sites on this mana page.

Why is persona.org being shut down?

Our metrics show that usage of persona.org is low, and has not grown over the last two years.

Hosting a service at the level of security and availability required for an authentication system is no small undertaking, and Mozilla can no longer justify dedicating limited resources to this project. We will do everything we can to shut it down in a graceful and responsible manner.

What will happen in the meantime?

Between now and November 30th, 2016, Mozilla will continue to support the Persona service at a maintenance level: Security issues will be resolved in a timely manner and the services will be kept online, but we do not expect to develop or deploy any new features. Support will continue to be available on the dev-identity mailing list and in the #services-dev IRC channel.

All websites that rely on Persona will need to migrate to another means of authentication during this time.

What happens after that?

On or after November 30th, 2016, the services hosted by Mozilla on persona.org will be taken offline. This includes the persona.org website, the javascript shim, the fallback IdP and identity bridges, and the hosted verifier.

Mozilla will retain control of the persona.org domain and will not transfer it to a third party. This is a security measure to protect websites that have not completed their migration away from the service.

All user data stored on the persona.org services will be destroyed, including registered email addresses and password hashes. Since the privacy of user data is of utmost importance to Mozilla, we will not transfer it to any third parties.

What about the code?

All of Persona’s code — core, bridges, shims, and more — is open source and remains available on github. Though this marks the end of Mozilla’s direct involvement in Persona, we encourage others to continue learning from and building upon our work.

Migration Suggestions and Guidelines

The following alternative login options are available for sites migrating away from Persona. We will continue to update this page throughout the year.

We intentionally designed Persona to expose email addresses rather than opaque identifiers, which should ease the transition to other systems that provide verified email addresses.

Mozilla-hosted sites may find additional, staff-login-specific migration options on the internal mana page.

Delegated Authentication Providers

Many large email and service providers offer delegated login for third-party applications, including Google, Facebook and GitHub. Indeed, we have found that many sites currently using Persona also offer login via one or more of these services. While these services do not offer equivalently-strong privacy guarantees to Persona, they are a convenient and secure choice for users since they avoid the creation of a site-specific password.

We plan to offer delegated authentication with Firefox Accounts some time in 2016. If you’re interested in adding Firefox Accounts as a login option to your site, please reach out to us on the dev-fxacct mailing list.

Site-Specific Accounts

Many web frameworks offer password-based user accounts functionality out-of-the-box. Although it requires users to create and remember yet another password, it can be a good choice for users who do not have (or do not wish to share) an account with a delegated authentication provider.

For existing users who previously authenticated with Persona, you could consider authenticating them through Persona again to confirm their email address, then prompting them to create a site-specific password.

Passwordless Email Login

As an alternative to setting a site-specific password, you can allow users to login directly via email link, as described in this article and implemented by libraries like passwordless. This can avoid the security implications of users having to create and manage another password, and may be a good fallback option when used in combination with delegated authentication providers.

Self-hosting Persona

Since the code for Persona is open-source, it would be possible for reliers to self-host an instance of the service that is dedicated to their own use.

This approach is not recommended most reliers. Persona has a large and complex codebase that has not seen significant development in several years, and Mozilla will not provide security or maintenance updates after 30th November 2016.

More?

We encourage affected reliers to document any alternative solutions here and to discuss them on the dev-identity mailing list, so that others can benefit from their experience.

  • The Portier open source project attempts to replicate much of Persona’s user experience, while being easy to self-host, even on the free tier of PaaS providers like Heroku. Similar to Persona, Portier supports identity-bridging to Gmail. It falls back to passwordless-style login links for everyone else.

Taken from:

https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

 

We at eRacks wil be looking into Portier for our own usage, as well.

j

January 9th, 2017

Posted In: authentication, News, Open Source

Tags: , , ,

Leave a Comment

The newest Mageia is available from us! https://www.mageia.org/en/

mageia-2011

December 30th, 2016

Posted In: Uncategorized

Leave a Comment

We now support Mint 18.1!

linux-mint-18-1

December 17th, 2016

Posted In: Uncategorized

Leave a Comment

« Previous PageNext Page »