LinuxMCE - User contributions [en]

User:Royw

2008-07-10T16:51:39Z

Royw:

== My System ==
=== AV ===
==== TV ====
* Hitachi P50_6-X901
** Still looking for info on RS-232 port
==== AV Receiver ====
* Yamaha RX-V861
==== HD ====
* Playstation 3
==== Power ====
* Belkin 900VA UPS
** researching power conditioners
==== Other ====
* 5.1 speaker setup
* Onkyo DV-SP501 (retired)
* RCA VHS (semi-retired)
=== Core/hybrid ===
* Gigabyte GA-MA69G-S3H
** Onboard ATI video not usable as MD
* AMD 64 X2 4800 CPU
* 2GB DDR2 800MHz RAM
* GeForce 7600 GS video with passive cooling
* WDC WD5000AAKS-0 SATA HDD
* WDC WD10EACS-00Z SATA HDD
* PIONEER DVD-RW DVR-111C IDE DVD-RAM writer
* Linksys Gigabit Network Adapter
* Zalman HD135 case
=== Media Director ===
Currently only have analog audio working. Current guess is need Intel HD Audio ALSA driver.
* MSI K9NGM3
* WD 36GB Raptor SATA1 (not used in diskless MD configuration)
* Antec Sonata II case w/ 350W power supply (hey, it's what I had laying around)
=== Orbiters ===
* Nokia N800
* Gyration air mouse and keyboard
=== NFS ===
This is a low usage workstation with the secondary function of serving NFS media.
* MB GIGABYTE GA-X38-DQ6 X38 775 RTL
* CPU THERMPASTE|ARCTIC SILVER5 3.5G%
* CPU INTEL|C2Q Q6600 2.40G 775 8M R
* CASE ANTEC|P182 BK RT
* VGA GIGABYTE GV-NX86S256H 8600GTS R
* PSU TT|W0106RU 700W RT (I'd go with the 800W next time because it has more SATA power connectors)
* HD 500G|WD 7K 16M SATA2 WD5000AAKS
* 2x MEM 2Gx2|GSK F2-6400CL4D-4GBPK R (8GB total)
* 2x FAN SCYTHE|S-FLEX SFF21D(800rmp) RT
* DVD BURN LG|GSA-H62NK BK %
* 3x WDC WD10EACS-00Z SATA HDD (one LVM volume, ext3, nfs shared)
=== Automation ===
* USBUIRT
* xantech 286M dual blink-ir mouse emitter
Leaning towards insteon lighting control

[[Category:User Setups]]

How should I format additional hard drives?

2008-06-18T19:51:27Z

Royw:

[[Category: Tutorials]]
From "blog gelusi: Linux Tuning Guide" (http://gelusi.blogspot.com/2008/02/linux-tuning-guide.html)

1. Filesystem
Block sizes

For filesystems dedicated to serving fairly large files, adopting a larger than default 1024 byte block size may yield significant
performance gains.

Recent transactions on the linux kernel list suggest that setting the block sizein an ext2 file system to 4096 instead of the
default 1024 will result in less file fragmentation, faster fsck's, faster deletes and faster raw read speed, due to the reduced
number of seeks.

Unfortunately this cannot be changed on the fly. Only a reformat will make this so. The command to format a file system with 4096
byte blocks is:

mke2fs -b 4096 /dev/whatever

Additionally, on any filesystems except those used for logfiles, the default of 5% reserved for root use is excessive for large
file systems, so the command to make the filesystem can be augmented to

mke2fs -b 4096 -m 1 /dev/whatever

to set the reserved fraction to 1 percent.

Then if you want a journaling (ext3) filesystem:

mke2fs -b 4096 -m 1 -j /dev/whatever

Note, no further configuration should be necessary as new drives will be auto-discovered.

How should I format additional hard drives?

2008-06-18T05:22:39Z

Royw:

[[Category: Tutorials]]
From "blog gelusi: Linux Tuning Guide" (http://gelusi.blogspot.com/2008/02/linux-tuning-guide.html)

1. Filesystem
Block sizes

For filesystems dedicated to serving fairly large files, adopting a larger than default 1024 byte block size may yield significant
performance gains.

Recent transactions on the linux kernel list suggest that setting the block sizein an ext2 file system to 4096 instead of the
default 1024 will result in less file fragmentation, faster fsck's, faster deletes and faster raw read speed, due to the reduced
number of seeks.

Unfortunately this cannot be changed on the fly. Only a reformat will make this so. The command to format a file system with 4096
byte blocks is:

mke2fs -b 4096 /dev/whatever

Additionally, on any filesystems except those used for logfiles, the default of 5% reserved for root use is excessive for large
file systems, so the command to make the filesystem can be augmented to

mke2fs -b 4096 -m 1 /dev/whatever

to set the reserved fraction to 1 percent.

Note, no further configuration should be necessary as new drives will be auto-discovered.

How should I format additional hard drives?

2008-06-18T05:20:27Z

Royw: New page: From "blog gelusi: Linux Tuning Guide" (http://gelusi.blogspot.com/2008/02/linux-tuning-guide.html) 1. Filesystem Block sizes For filesystems dedicated to serving fairly large fi...

From "blog gelusi: Linux Tuning Guide" (http://gelusi.blogspot.com/2008/02/linux-tuning-guide.html)

1. Filesystem
Block sizes

For filesystems dedicated to serving fairly large files, adopting a larger than default 1024 byte block size may yield significant
performance gains.

Recent transactions on the linux kernel list suggest that setting the block sizein an ext2 file system to 4096 instead of the
default 1024 will result in less file fragmentation, faster fsck's, faster deletes and faster raw read speed, due to the reduced
number of seeks.

Unfortunately this cannot be changed on the fly. Only a reformat will make this so. The command to format a file system with 4096
byte blocks is:

mke2fs -b 4096 /dev/whatever

Additionally, on any filesystems except those used for logfiles, the default of 5% reserved for root use is excessive for large
file systems, so the command to make the filesystem can be augmented to

mke2fs -b 4096 -m 1 /dev/whatever

to set the reserved fraction to 1 percent.

Note, no further configuration should be necessary as new drives will be auto-discovered.

Frequently Asked Questions

2008-06-18T05:13:01Z

Royw:

This '''frequently asked questions''' (FAQ) section outlines solutions to the most common queries for initial/potential users. See also [[troubleshooting]] for solutions to problems experienced with the system.

*[[Reset_the_password_for_the_LinuxMCE_Admin_site|What if I forget my web admin password?]]
*[[Resetting_Account_Passwords|What if I forget my linuxmce/upgrade account password?]]
*[[:Category:Hardware|Which hardware is known to work?]]
*[[What does an appliance solution like LinuxMCE cost?]]
*[[Is LinuxMCE an appliance or software solution?]]
*[[Do I need LinuxMCE? Can I use the projects by themselves?]]
*[[Logging_In|How do I login to a LinuxMCE system?]]
*[[How are media files organized?]]
*[[I can't access my media files over the network]].
*[[Reset the password for the LinuxMCE Admin site]].
*[[What if you don't have a driver for my home automation device]]?
*[[What scenarios are created automatically?]]
*[[I'm a Linux user already. Should I use LinuxMCE's distribution]]?
*[[Encrypted DVD's|Why doesn't LinuxMCE support encrypted DVD's?]]
*[[Use Additional Mouse Buttons|How can I use additional mouse buttons for LinuxMCE?]]
*[[How should I format additional hard drives?]]

[[Category:Documentation]]

Howto: Using Network Shares

2008-04-24T23:03:28Z

Royw: /* Manual Creation of Network Shares */

{| align="right"
| __TOC__
|}
[[Category: Tutorials]]
[[Category: Network Attached Storage]]

The LinuxMCE core is able to auto-detect, configure and use Windows (SMB or CIFS) and *nix (NFS) network shares. This document details the different options for using network shares in LinuxMCE and the actions required to successfully configure them, when the automated discovery processes fail.

== Network Share Use ==

Network shares are accessed in LinuxMCE using synbolic links created in the media storage directories, either in ''/home/public/data'' in the case of public shares, or in ''/home/<user_name>/data'' if the share has been assigned to a user.

LinuxMCE offers two alternatives for use of network shares:

# Using LinuxMCE's directory structure
# As a simple storage area, either public or private

=== Network Share Using LinuxMCE's Directory Structure ===

In this case LinuxMCE uses separate directories on the share for each user, with media sub-directories in each one. These directory trees are created if they do not already exist on the share.

For a typical Windows share, the storage layout will look like this:

my_share\public\audio
my_share\public\documents
my_share\public\pictures
my_share\public\videos
my_share\<user_1>\audio
my_share\<user_1>\documents
my_share\<user_1>\pictures
my_share\<user_1>\videos

=== Network Share As a Simple Storage Device ===

In this case the share will simply be attached either to the ''public'' storage or to a specified user, using a symbolic link in the ''other'' media directory. For example:

/home/public/data/other/my_share

or:

/home/<user_1>/data/other/my_share

== Adding Network Shares Using Auto-Detection and the Orbiter ==

Adding a new network share to LinuxMCE consists of two stages: Adding the computer hosting the share as a ''File Server'', and then adding each share on this computer.

=== Adding a File Server ===

# Ensure that the file server is active and connected to your network.
# Quick-reload the router. In the Orbiter, click ''More -> Advanced options -> Quick reload router''.
# The orbiter will display a message identifying the detected network share, and ask what you would like to do with this share. Click ''File Server''.
# The orbiter will ask for the user name and password for this file server. If the file server does not require a login, simply click ''Ok''.
# The orbiter will inform you that the File Server has been created, and ask which room the file server is in.

This concludes the first stage. LinuxMCE will now proceed to detect and configure any available shares on this file server. At some point, the message "I finished installing the software for your new devices. You will need to restart the router before you can use them" will be displayed. You can press ''Ok'' to dismiss the message, but you should not reload the router as this will interrupt the share configuration process.

=== Adding File Shares ===

# For each available file share on your new file server, the orbiter will display the share name and ask what you would like to do with it. The list will contain a single option - either ''Windows Share'' or ''NFS Share''. Click this option.
# The orbiter will ask if the new storage device can be used automatically for storing media. If you select ''Yes'', LinuxMCE will store ripped CDs and DVDs and recorded TV shows on this device.
# The next orbiter screen will ask allow you to select if you would like to use LinuxMCE's directory structure on the new storage device. You have three options:
## Use LinuxMCE's directory structure
## Access the device content as-is and make it public
## Access the device content as-is and make it private for a selected user

When you have finished with this process, quick-reload the router.

== Troubleshooting and Manual Configuration ==

The automated configuration process can fail at several places. This section explains how to complete the configuration in each case, using the LinuxMCE admin website and a Linux shell.

For all processes described below, start by navigating to the ''devices tree'' in the administration site: Either click ''show devices tree'' in the left-hand '''Wizard''' menu, or select ''Advances -> configuration -> Devices'' from the top menu.

To enter shell commands, either press ''Ctrl+Alt+F2'' on the core console, or use SSH to connect to the core from another computer. In either case, log in using the user account you created when installing Ubuntu. When running a ''sudo'' operation, enter the password of the same user.

=== Manual Creation of a File Server ===

In case LinuxMCE fails to detect your file server, or if it detected it in the past and you selected to ignore it:

# Click ''Core'' in the left-hand navigation tree.
# Click ''Create Child Device'' in the main window.
# Enter the file server's description and IP address.
# Click ''Pick device template''.
# In the ''Device Category menu'' select ''File/Media Server''.
# Click ''Apply Filter''.
# In the ''Device Template'' menu select ''File Server''.
# Click ''Pick device template''.
# If the file server requires a login, in the ''Device data'' section, enter the username and password for the file server, and check ''Password Required''. Then click ''Save''.
# Note the device number of the new file server, displayed at the top of the main window.
# In the shell, trigger the network share detection script for the new file server:

sudo /usr/pluto/bin/Configure_1837.sh -d <device number>

At this point, return to the orbiter to continue the automated process.

=== Manual Creation of Network Shares ===

In case LinuxMCE fails to detect the shares on your file server:

# In the left-hand navigation tree, locate and click the file server entry.
# Click ''Create Child Device'' in the main window.
# Click ''Pick device template''.
# In the ''Device Template'' menu select the appropriate share type for your file server.
# In the ''Device data'' area, fill in:
## '''PK_Users''': Leave empty for a public share, or select the desired user [Starting with 0710, select "''Public''", "''Pluto's structure''", or a user name. "''Public''" will mount under data/other.]
## '''Share Name''' (if the share is \\my_server\my_share, enter ''my_share'')
## '''Filesystem''': ''cifs'' for Windows shares, ''nfs'' for *nix shares
## Check '''Use Automatically''' if desired
## '''Username''', '''Password''' and '''Password Required''' if the file server requires login.

LinuxMCE should now mount your new share and create the required links to make your data available.

'''NOTE''': I have not been able to find how to select to use LinuxMCE's directory structure in this process.

== Advanced Configuration Options ==

Network shares use can be further customized using the LinuxMCE admin site. To use the following options, navigate to the network share device and scroll to the ''Device data'' section.

* '''Directories''': When a share is configured to use LinuxMCE's directory structure, it will by default be used in all media directories: ''audio, documents, pictures'' and ''videos''. You can restrict which media directories will be used by entering their names in this field, separated by commas.
* '''Readonly''': checking this option will make LinuxMCE mount the share as read-only. This will stop LinuxMCE from creating .id3 files for all your videos, and from modifying the MP3 tags of your music files.

== NFS Server Hints ==

If you are wanting to have a linux system be your server, here are a few hints.

As of 0710 beta 3, LinuxMCE requires your sever to be very open (insecure). You must allow root access to the share as LinuxMCE writes files as root:public.

So on the server to share /var/media, assuming your core is at 192.168.80.1, you need to add your share to the /etc/exports like:

/var/media/ 192.168.80.1(async,no_subtree_check,rw,no_root_squash)

Ownership in your share of media files should be: root:public (0:1002) and permissions should be set to 2775 (rwxrwsr-x)

You may need to change a groupid if another group is already using 1002. The process will vary depending on your system, but here are the general steps:
# examine /etc/groups and find an unused group id to move the conflicting group to. This example will use 1234 for the new group id.
# find all files with that currently have 1002 groupid: find / -group 1002 -print
#* if it's just a few files then you can change their group id with: chgrp 1234 filename
#* if it's a lot of files, then you might prefer using the find command: find / -group 1002 -exec chgrp 1234 '{}' \;
# now double check that you changed all the files with group id 1002: find / -group 1002 -print
# edit /etc/groups and change the group id for the conflicting group from 1002 to the new group id (1234 in this example)
# while editing /etc/groups, edit or add the public group with a group id of 1002
# save /etc/groups
# if the conflicting group was for a service, then restart the service.
# if the service was one of the critical service (mine was hald), I'd go ahead and reboot the box.

Howto: Using Network Shares

2008-04-23T08:00:43Z

Royw: /* NFS Server Hints */

{| align="right"
| __TOC__
|}
[[Category: Tutorials]]
[[Category: Network Attached Storage]]

The LinuxMCE core is able to auto-detect, configure and use Windows (SMB or CIFS) and *nix (NFS) network shares. This document details the different options for using network shares in LinuxMCE and the actions required to successfully configure them, when the automated discovery processes fail.

== Network Share Use ==

Network shares are accessed in LinuxMCE using synbolic links created in the media storage directories, either in ''/home/public/data'' in the case of public shares, or in ''/home/<user_name>/data'' if the share has been assigned to a user.

LinuxMCE offers two alternatives for use of network shares:

# Using LinuxMCE's directory structure
# As a simple storage area, either public or private

=== Network Share Using LinuxMCE's Directory Structure ===

In this case LinuxMCE uses separate directories on the share for each user, with media sub-directories in each one. These directory trees are created if they do not already exist on the share.

For a typical Windows share, the storage layout will look like this:

my_share\public\audio
my_share\public\documents
my_share\public\pictures
my_share\public\videos
my_share\<user_1>\audio
my_share\<user_1>\documents
my_share\<user_1>\pictures
my_share\<user_1>\videos

=== Network Share As a Simple Storage Device ===

In this case the share will simply be attached either to the ''public'' storage or to a specified user, using a symbolic link in the ''other'' media directory. For example:

/home/public/data/other/my_share

or:

/home/<user_1>/data/other/my_share

== Adding Network Shares Using Auto-Detection and the Orbiter ==

Adding a new network share to LinuxMCE consists of two stages: Adding the computer hosting the share as a ''File Server'', and then adding each share on this computer.

=== Adding a File Server ===

# Ensure that the file server is active and connected to your network.
# Quick-reload the router. In the Orbiter, click ''More -> Advanced options -> Quick reload router''.
# The orbiter will display a message identifying the detected network share, and ask what you would like to do with this share. Click ''File Server''.
# The orbiter will ask for the user name and password for this file server. If the file server does not require a login, simply click ''Ok''.
# The orbiter will inform you that the File Server has been created, and ask which room the file server is in.

This concludes the first stage. LinuxMCE will now proceed to detect and configure any available shares on this file server. At some point, the message "I finished installing the software for your new devices. You will need to restart the router before you can use them" will be displayed. You can press ''Ok'' to dismiss the message, but you should not reload the router as this will interrupt the share configuration process.

=== Adding File Shares ===

# For each available file share on your new file server, the orbiter will display the share name and ask what you would like to do with it. The list will contain a single option - either ''Windows Share'' or ''NFS Share''. Click this option.
# The orbiter will ask if the new storage device can be used automatically for storing media. If you select ''Yes'', LinuxMCE will store ripped CDs and DVDs and recorded TV shows on this device.
# The next orbiter screen will ask allow you to select if you would like to use LinuxMCE's directory structure on the new storage device. You have three options:
## Use LinuxMCE's directory structure
## Access the device content as-is and make it public
## Access the device content as-is and make it private for a selected user

When you have finished with this process, quick-reload the router.

== Troubleshooting and Manual Configuration ==

The automated configuration process can fail at several places. This section explains how to complete the configuration in each case, using the LinuxMCE admin website and a Linux shell.

For all processes described below, start by navigating to the ''devices tree'' in the administration site: Either click ''show devices tree'' in the left-hand '''Wizard''' menu, or select ''Advances -> configuration -> Devices'' from the top menu.

To enter shell commands, either press ''Ctrl+Alt+F2'' on the core console, or use SSH to connect to the core from another computer. In either case, log in using the user account you created when installing Ubuntu. When running a ''sudo'' operation, enter the password of the same user.

=== Manual Creation of a File Server ===

In case LinuxMCE fails to detect your file server, or if it detected it in the past and you selected to ignore it:

# Click ''Core'' in the left-hand navigation tree.
# Click ''Create Child Device'' in the main window.
# Enter the file server's description and IP address.
# Click ''Pick device template''.
# In the ''Device Category menu'' select ''File/Media Server''.
# Click ''Apply Filter''.
# In the ''Device Template'' menu select ''File Server''.
# Click ''Pick device template''.
# If the file server requires a login, in the ''Device data'' section, enter the username and password for the file server, and check ''Password Required''. Then click ''Save''.
# Note the device number of the new file server, displayed at the top of the main window.
# In the shell, trigger the network share detection script for the new file server:

sudo /usr/pluto/bin/Configure_1837.sh -d <device number>

At this point, return to the orbiter to continue the automated process.

=== Manual Creation of Network Shares ===

In case LinuxMCE fails to detect the shares on your file server:

# In the left-hand navigation tree, locate and click the file server entry.
# Click ''Create Child Device'' in the main window.
# Click ''Pick device template''.
# In the ''Device Template'' menu select the appropriate share type for your file server.
# In the ''Device data'' area, fill in:
## '''PK_Users''': Leave empty for a public share, or select the desired user
## '''Share Name''' (if the share is \\my_server\my_share, enter ''my_share'')
## '''Filesystem''': ''cifs'' for Windows shares, ''nfs'' for *nix shares
## Check '''Use Automatically''' if desired
## '''Username''', '''Password''' and '''Password Required''' if the file server requires login.

LinuxMCE should now mount your new share and create the required links to make your data available.

'''NOTE''': I have not been able to find how to select to use LinuxMCE's directory structure in this process.

== Advanced Configuration Options ==

Network shares use can be further customized using the LinuxMCE admin site. To use the following options, navigate to the network share device and scroll to the ''Device data'' section.

* '''Directories''': When a share is configured to use LinuxMCE's directory structure, it will by default be used in all media directories: ''audio, documents, pictures'' and ''videos''. You can restrict which media directories will be used by entering their names in this field, separated by commas.
* '''Readonly''': checking this option will make LinuxMCE mount the share as read-only. This will stop LinuxMCE from creating .id3 files for all your videos, and from modifying the MP3 tags of your music files.

== NFS Server Hints ==

If you are wanting to have a linux system be your server, here are a few hints.

As of 0710 beta 3, LinuxMCE requires your sever to be very open (insecure). You must allow root access to the share as LinuxMCE writes files as root:public.

So on the server to share /var/media, assuming your core is at 192.168.80.1, you need to add your share to the /etc/exports like:

/var/media/ 192.168.80.1(async,no_subtree_check,rw,no_root_squash)

Ownership in your share of media files should be: root:public (0:1002) and permissions should be set to 2775 (rwxrwsr-x)

You may need to change a groupid if another group is already using 1002. The process will vary depending on your system, but here are the general steps:
# examine /etc/groups and find an unused group id to move the conflicting group to. This example will use 1234 for the new group id.
# find all files with that currently have 1002 groupid: find / -group 1002 -print
#* if it's just a few files then you can change their group id with: chgrp 1234 filename
#* if it's a lot of files, then you might prefer using the find command: find / -group 1002 -exec chgrp 1234 '{}' \;
# now double check that you changed all the files with group id 1002: find / -group 1002 -print
# edit /etc/groups and change the group id for the conflicting group from 1002 to the new group id (1234 in this example)
# while editing /etc/groups, edit or add the public group with a group id of 1002
# save /etc/groups
# if the conflicting group was for a service, then restart the service.
# if the service was one of the critical service (mine was hald), I'd go ahead and reboot the box.

User:Royw

2008-03-27T22:42:02Z

Royw: New page: == My System == === AV === ==== TV ==== * Hitachi P50_6-X901 ** Still looking for info on RS-232 port ==== AV Receiver ==== * Yamaha RX-V861 ==== HD ==== * Playstation 3 ==== Power ==== * ...

Custom Power Station

2008-03-12T23:10:05Z

Royw:

Examples of LinuxMCE configurations by users.

== Remote Control Organizer and Charging Station ==
[[Image:Organizer-loaded-600x400.jpg]]
[[Image:Organizer-open-600x400.jpg]]

One afternoon I decided to organize the mess of all the remote controls for my LMCE system. So designed and built this organizer/charging station to hold:
* Gyration keyboard
* Gyration air mouse
* Nokia N800 orbiter
* 2 PS3 controllers
* wireless phone (not yet voip)
* av remote (haven't figured out how to have USB-UIRT transmit yet)

If I was to do it again, I'd offset the power strip and add a 2" drawer underneath.

File:Organizer-loaded-600x400.jpg

2008-03-12T22:54:42Z

Royw: This is the loaded view of my remote organizer and charging station. Wood is oak with a a tung oil finish. Base is single piece 16" x 11 1/4" x 3/4". The sides are 16" x 4 7/8" x 3/8". The top is 16" x 4 5/8" x 3/8". The ends are 7" x 4 3/8" x 3/8".

This is the loaded view of my remote organizer and charging station. Wood is oak with a a tung oil finish. Base is single piece 16" x 11 1/4" x 3/4". The sides are 16" x 4 7/8" x 3/8". The top is 16" x 4 5/8" x 3/8". The ends are 7" x 4 3/8" x 3/8". Angle is 15 degrees.

File:Organizer-open-600x400.jpg

2008-03-12T22:45:35Z

Royw: Open view of remote organizer and charging station I made one afternoon.

Open view of remote organizer and charging station I made one afternoon.

Howto: Using Network Shares

2008-02-08T08:12:56Z

Royw: /* Advanced Configuration Options */

{| align="right"
| __TOC__
|}
[[Category: Tutorials]]
[[Category: Network Attached Storage]]

The LinuxMCE core is able to auto-detect, configure and use Windows (SMB or CIFS) and *nix (NFS) network shares. This document details the different options for using network shares in LinuxMCE and the actions required to successfully configure them, when the automated discovery processes fail.

== Network Share Use ==

Network shares are accessed in LinuxMCE using synbolic links created in the media storage directories, either in ''/home/public/data'' in the case of public shares, or in ''/home/<user_name>/data'' if the share has been assigned to a user.

LinuxMCE offers two alternatives for use of network shares:

# Using LinuxMCE's directory structure
# As a simple storage area, either public or private

=== Network Share Using LinuxMCE's Directory Structure ===

In this case LinuxMCE uses separate directories on the share for each user, with media sub-directories in each one. These directory trees are created if they do not already exist on the share.

For a typical Windows share, the storage layout will look like this:

my_share\public\audio
my_share\public\documents
my_share\public\pictures
my_share\public\videos
my_share\<user_1>\audio
my_share\<user_1>\documents
my_share\<user_1>\pictures
my_share\<user_1>\videos

=== Network Share As a Simple Storage Device ===

In this case the share will simply be attached either to the ''public'' storage or to a specified user, using a symbolic link in the ''other'' media directory. For example:

/home/public/data/other/my_share

or:

/home/<user_1>/data/other/my_share

== Adding Network Shares Using Auto-Detection and the Orbiter ==

Adding a new network share to LinuxMCE consists of two stages: Adding the computer hosting the share as a ''File Server'', and then adding each share on this computer.

=== Adding a File Server ===

# Ensure that the file server is active and connected to your network.
# Quick-reload the router. In the Orbiter, click ''More -> Advanced options -> Quick reload router''.
# The orbiter will display a message identifying the detected network share, and ask what you would like to do with this share. Click ''File Server''.
# The orbiter will ask for the user name and password for this file server. If the file server does not require a login, simply click ''Ok''.
# The orbiter will inform you that the File Server has been created, and ask which room the file server is in.

This concludes the first stage. LinuxMCE will now proceed to detect and configure any available shares on this file server. At some point, the message "I finished installing the software for your new devices. You will need to restart the router before you can use them" will be displayed. You can press ''Ok'' to dismiss the message, but you should not reload the router as this will interrupt the share configuration process.

=== Adding File Shares ===

# For each available file share on your new file server, the orbiter will display the share name and ask what you would like to do with it. The list will contain a single option - either ''Windows Share'' or ''NFS Share''. Click this option.
# The orbiter will ask if the new storage device can be used automatically for storing media. If you select ''Yes'', LinuxMCE will store ripped CDs and DVDs and recorded TV shows on this device.
# The next orbiter screen will ask allow you to select if you would like to use LinuxMCE's directory structure on the new storage device. You have three options:
## Use LinuxMCE's directory structure
## Access the device content as-is and make it public
## Access the device content as-is and make it private for a selected user

When you have finished with this process, quick-reload the router.

== Troubleshooting and Manual Configuration ==

The automated configuration process can fail at several places. This section explains how to complete the configuration in each case, using the LinuxMCE admin website and a Linux shell.

For all processes described below, start by navigating to the ''devices tree'' in the administration site: Either click ''show devices tree'' in the left-hand '''Wizard''' menu, or select ''Advances -> configuration -> Devices'' from the top menu.

To enter shell commands, either press ''Ctrl+Alt+F2'' on the core console, or use SSH to connect to the core from another computer. In either case, log in using the user account you created when installing Ubuntu. When running a ''sudo'' operation, enter the password of the same user.

=== Manual Creation of a File Server ===

In case LinuxMCE fails to detect your file server, or if it detected it in the past and you selected to ignore it:

# Click ''Core'' in the left-hand navigation tree.
# Click ''Create Child Device'' in the main window.
# Enter the file server's description and IP address.
# Click ''Pick device template''.
# In the ''Device Category menu'' select ''File/Media Server''.
# Click ''Apply Filter''.
# In the ''Device Template'' menu select ''File Server''.
# Click ''Pick device template''.
# If the file server requires a login, in the ''Device data'' section, enter the username and password for the file server, and check ''Password Required''. Then click ''Save''.
# Note the device number of the new file server, displayed at the top of the main window.
# In the shell, trigger the network share detection script for the new file server:

sudo /usr/pluto/bin/Configure_1837.sh -d <device number>

At this point, return to the orbiter to continue the automated process.

=== Manual Creation of Network Shares ===

In case LinuxMCE fails to detect the shares on your file server:

# In the left-hand navigation tree, locate and click the file server entry.
# Click ''Create Child Device'' in the main window.
# Click ''Pick device template''.
# In the ''Device Template'' menu select the appropriate share type for your file server.
# In the ''Device data'' area, fill in:
## '''PK_Users''': Leave empty for a public share, or select the desired user
## '''Share Name''' (if the share is \\my_server\my_share, enter ''my_share'')
## '''Filesystem''': ''cifs'' for Windows shares, ''nfs'' for *nix shares
## Check '''Use Automatically''' if desired
## '''Username''', '''Password''' and '''Password Required''' if the file server requires login.

LinuxMCE should now mount your new share and create the required links to make your data available.

'''NOTE''': I have not been able to find how to select to use LinuxMCE's directory structure in this process.

== Advanced Configuration Options ==

Network shares use can be further customized using the LinuxMCE admin site. To use the following options, navigate to the network share device and scroll to the ''Device data'' section.

* '''Directories''': When a share is configured to use LinuxMCE's directory structure, it will by default be used in all media directories: ''audio, documents, pictures'' and ''videos''. You can restrict which media directories will be used by entering their names in this field, separated by commas.
* '''Readonly''': checking this option will make LinuxMCE mount the share as read-only. This will stop LinuxMCE from creating .id3 files for all your videos, and from modifying the MP3 tags of your music files.

== NFS Server Hints ==

If you are wanting to have a linux system be your server, here are a few hints.

As of 0710 beta 3, LinuxMCE requires your sever to be very open (insecure). You must allow root access to the share as LinuxMCE writes files as root:public.

So on the server to share /var/media, assuming your core is at 192.168.80.1, you need to add your share to the /etc/exports like:

/var/media/ 192.168.80.1(async,no_subtree_check,rw,no_root_squash)

Ownership in your share of media files should be: root:public (0:1002) and permissions should be set to 2775 (rwxrwsr-x)

How to setup Local Authoritative DNS

2008-02-04T05:17:45Z

Royw: /* Installation */

=How to setup Local Authoritative DNS=

I was wanting an authoritative name server for my local intranet. I also wanted any dynamic IP's to be visible to the name server. The name server included with linuxmce is configured as a recursive name server. Here's the changes I did to configure my core's name server to be authoritative and support dynamic IPs. Note, the machines on my intranet are private, i.e., not known to the outside world.

3 Feb 2008 - Developed and tested on LinuxMCE 0710 Beta 3 amd64.

I named my intranet "wright.local". Using a "local" top level domain (TLD) is recommended for private intranets. Some may prefer to use "lan". You do not want to use any of the standard TLDs like "com", "net", "org",...

I used the core's default intranet addresses, 192.168.80.0/24 with the core at 192.168.80.1.

I've attempted to verbosely document each config file. :)

The directions for adapting the config files are included in the named.conf file.

==Installation==

If you want to try this, I would suggest building the config in new directories then swapping with the originals when you are ready (I had a little mess when my core hung and I had to restart with only half the configs ready) :)

So start with creating two directories:

sudo mkdir /etc/bind.new
sudo mkdir /etc/dhcp3.new

Now copy the contents of the original directories:

sudo cp -arp /etc/bind/* /etc/bind.new
sudo cp -arp /etc/dhcp3/* /etc/dhcp3.new

Also create a new resolve.conf file:

sudo touch /etc/resolv.conf.new

Then add/change the config files below.

To create a key for use in rndc.key and dhcpd.conf:

sudo dnssec-keygen -a HMAC-MD5 -b 256 -n user rndc

Now get the key from the private file:

sudo cat Krndc.*.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=
Bits: AAA=

Now cut the key which is to the right of "Key: " and paste where needed (replace "<paste your key here>" with the key in the config files). So an example using the above key would look like:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

becomes:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=";
};

Make the logging directory:

sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named
sudo chmod 755 /var/log/named

You probably ought to check and change the defaultdomain:

domainname

will probably show

pluto

if so, then set it by:
sudo domainname yourdomain.local

where "yourdomain.local" is your domain. :-)

Change all the file permissions per instructions in named.conf.

Double check everything. Roll Eyes

Then when you are feeling lucky, rename the original directories and then rename the new directories to take there place:

sudo mv /etc/bind /etc/bind.original
sudo mv /etc/bind.new /etc/bind
sudo mv /etc/dhcp3 /etc/dhcp3.original
sudo mv /etc/dhcp3.new /etc/dhcp3
sudo mv /etc/resolve.conf /etc/resolve.conf.original
sudo mv /etc/resolve.conf.new /etc/resolve.conf

Finally restart the bind and dhcpd services:

sudo rndc reload
sudo /etc/init.d/dhcp3-server restart

Check the syslog for any errors:

grep named /var/log/syslog
grep dhcpd /var/log/syslog

==Config Files==

===/etc/bind/named.conf===
<pre>
// This is the primary configuration file for the BIND DNS server named.
//
// This configuration supports an authoritative local zone (wright.local on
// 192.168.80.0/24) and allows DHCP to update the local zone.
// To customize to your setup:
// 1) replace "wright.local" with your internal domain name.
// 2) edit db.wright.local.zone and db.wright.local.rev and replace
// my static names/addresses with your network's static names/addresses.
// Make sure to increment the serial number of any file edited.
// Note, format of serial number is: YYYYMMDDNN where YYYY is year,
// MM is month, DD is day, NN is update number for that day (i.e., 01,
// 02, 03,...)
// 3) rename db.wright.local.zone to match your domain name.
// 4) rename db.wright.local.rev to match your domain name.
// 5) If you changed the internal network IP from the LinuxMCE default of
// 192.168.80.0/24, then replace "192.168.80" with your network
// ip and replace it's reverse "80.168.192" wity your network ip's
// reverse.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
//
// references:
// http://www.arda.homeunix.net/dnssetup.html
// http://www.madboa.com/geek/soho-bind/
//
// notes:
// 1) The following command should be ran about twice a year to keep
// the root servers current:
// dig @a.root-servers.net . ns > /etc/bin/db.root
// Root name servers don’t change very often so updating this file more
// than twice a year is probably overkill. Frequent updates also put undo
// load on the root name servers; they have enough to do as it is.
//
// 2) File permissions:
// /etc/bind/named.conf root:root 644
// /etc/bind/rndc.key root:bind 640
// /etc/bind/rndc.conf root:root 600
// /etc/resolv.conf root:root 644
// /etc/bind root:bind 775, chmod g+s => drwxrwsr-x
// /etc/dhcp3 root:root 755
// /etc/dhcp3/dhcpd.conf root:root 644
//
// Manually Updating Zone Files
// 1. Use rndc to stop BIND.
// sudo rndc stop
// 2. Remove any .jnl files from the zone file directory.
// sudo rm /etc/bind/*.jnl
// 3. Edit the zone files as necessary. Make sure to increment the serial
// number of any file edited. Note, format of serial number is:
// YYYYMMDDNN where YYYY is year, MM is month, DD is day, NN is update
// number for that day (i.e., 01, 02, 03,...)
// 4. Start BIND using its startup script.
// sudo /etc/init.d/bind9 start

// secret must be the same as in /etc/bind/rndc.conf
include "/etc/bind/rndc.key";

// access control list used to limit queries to local net
acl "internal-net" { 192.168.80/24; 127.0.0.1; };

controls {
inet 127.0.0.1 allow { any; } keys { "rndc-key"; };
};

include "/etc/bind/named.conf.options";

// The single dot (.) is the root of all DNS namespace, so
// this zone tells named where to start looking for any
// name on the Internet
zone "." IN {
type hint;
file "/etc/bind/db.root";
};

// local intranet zones and reverse zones
// intranet is wright.local and 192.168.80.0/24
// the DHCP servers is on linuxmce-dhcp
// an optional second nameserver would be on linuxmce-ns2

zone "wright.local" IN {
type master;
file "/etc/bind/db.wright.local.zone";
// both allow-update and update-policy can enable DHCP updates,
// but update-policy allows more control over what kinds of
// updates DHCP can perform on a zone.
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain wright.local. A TXT; };
// allow-transfer { key "linuxmce-ns2"; };
// notify on zone transfers
notify yes;
};

zone "80.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/db.wright.local.rev";
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain 80.168.192.in-addr.arpa. PTR TXT; };
// allow-transfer { key "linuxmce-ns2"; };
notify yes;
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912 (http://www.ietf.org/rfc/rfc1912.txt)

// Where the localhost hostname is defined
zone "localhost" IN {
// a master type means that this server needn't look
// anywhere else for information; the localhost buck
// stops here.
type master;
file "/etc/bind/db.local";
// don't allow dynamic DNS clients to update info
// about the localhost zone
allow-update { none; };
};

// Where the 127.0.0.0 network is defined
zone "127.in-addr.arpa" IN {
type master;
file "/etc/bind/db.127";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "/etc/bind/db.0";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "/etc/bind/db.255";
allow-update { none; };
};

// Include logging config file
include "/etc/bind/logging.conf";

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";
</pre>

===/etc/bind/named.conf.options===
<pre>
options {
// tell named where to find files mentioned below
directory "/var/cache/bind";

// file that contains the process id when bind is running
pid-file "/var/run/bind/run/named.pid";

// enable statistics
statistics-file "/var/named/named.stats";
zone-statistics yes;

dump-file "/var/named/named.dump";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// The forwarders option tells BIND to not use iterative queries itself
// for information it doesn’t already know about but to forward a
// recursive query to the name servers specified instead.
include "/etc/bind/named.conf.forwarders";

// conform to RFC1035
auth-nxdomain no;

// on a multi-homed host, you might want to tell named
// to listen for queries only on certain interfaces
listen-on-v6 { any; };
listen-on { "internal-net"; };

// to allow only specific hosts to use the DNS server:
allow-query { "internal-net"; };

// sets BIND’s default behaviour to refuse all zone transfers.
// Without setting this option, anyone can transfer any zone.
allow-transfer { none; };

// do not generate notify messages for all zones on a restart.
// override for authorative zones
notify no;
};
</pre>

===/etc/bind/logging.conf===
<pre>
logging {

channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};

category lame-servers {
lame-servers_file;
};
category dnssec {
dnssec_file;
};
category dispatch {
dispatch_file;
};
category update {
update_file;
};
category network {
network_file;
};
category queries {
queries_file;
};
category unmatched {
unmatched_file;
};
category client {
client_file;
};
category notify {
notify_file;
};
category xfer-out {
xfer-out_file;
};
category xfer-in {
xfer-in_file;
};
category resolver {
resolver_file;
};
category config {
config_file;
};
category security {
security_file;
};
category database {
database_file;
};
category general {
general_file;
};
category default {
default_file;
};
};
</pre>

===/etc/bind/rndc.conf===
<pre>
options {
default-server localhost;
default-key "rndc-key";
default-port 953;
};

server localhost {
key "rndc-key";
};

key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/rndc.key===
<pre>
key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-ns2" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/db.wright.local.zone===
<pre>
;
; BIND data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; Address records specify an IP address to assign to a name
;
dcerouter IN A 192.168.80.1
dad-kubuntu IN A 192.168.80.21
royw-gentoo IN A 192.168.80.20
;
; Canonical name records, maps one name to another.
;
linuxmce IN CNAME dcerouter
</pre>

===/etc/bind/db.wright.local.rev===
<pre>

;
; BIND reverse data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$ORIGIN 80.168.192.in-addr.arpa.
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; PTR — PoinTeR record, designed to point to another part of the namespace.
;
1 IN PTR dcerouter.wright.local.
21 IN PTR dad-kubuntu.wright.local.
20 IN PTR royw-gentoo.wright.local.
</pre>

===/etc/dhcp3/dhcpd.conf===
<pre>
option domain-name-servers 192.168.80.1;
authoritative;

option routers 192.168.80.1;
option subnet-mask 255.255.255.0;

# lease IPs for 1 day, maximum 1 week
default-lease-time 86400;
max-lease-time 604800;

# dynamic DNS updates
ddns-updates on;
ddns-update-style interim;
ddns-domainname "wright.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-ttl 14400;

# don't let clients modify their own A records
ignore client-updates;

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

zone wright.local {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

zone 80.168.192.in-addr.arpa {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;

subnet 192.168.80.0 netmask 255.255.255.0 {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

option domain-name "wright.local";
option domain-name-servers 192.168.80.1;
option routers 192.168.80.1;

default-lease-time 86400;
max-lease-time 604800;
pool {
allow unknown-clients;
range 192.168.80.129 192.168.80.254;
}
}

# PXE booting machines
group {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

}

# regular machines
group {
}

# CORE (1) has bad mac address:

</pre>

===/etc/resolv.conf===
<pre>
domain wright.local
nameserver localhost
</pre>

DHCP Plug and Play

2008-02-04T02:45:19Z

Royw: /* See also */

<p>LinuxMCE allows a user to plug in any type of device and automatically configures it and lets the user start using it right away without doing anything. The way this is accomplished is with an extension to the DHCP server. When a new device is plugged into the network and requests an IP address, this program connects to a central database to do a lookup of the device's unique MAC address to see what type of device it is. The database defines all the configuration data the device needs to run, and references the software drivers needed. This program then downloads and installs any needed software, adds configuration pages for the device to the user's [[LinuxMCE Admin Website]], and adds the device in the user's local database.</p>

=Single NIC & Existing DHCPd=
LinuxMCE recommends its core server have 2 ethernet ports, connecting one to an existing LAN (that routes to the Internet), and the other to a LAN segment on which sit all devices that LMCE will serve. That recommended setup runs a DHCP server (DHCPd) on LMCE to assign IP numbers and other network configs to devices on the "inside" LAN served by LMCE. LMCE runs a DHCP client on its "outside" LAN interface to get its IP# (and any other configs the existing LAN might assign) on that outside LAN. LMCE than routes inside LAN traffic to the outside LAN, including to any router/gateway on the outside LAN, while running a firewall that protects devices on the inside from activity on the outside.

However, it is possible to run LMCE on a host with a single ethernet port. There is some complexity in the configuration, the solution is not as fully automated and robust as is the recommended 2 ethernet version, and the omission of the LMCE firewall reduces the overall security of the installation. However, it is possible to do. These are instructions, including switching the LAN from an existing DHCP server to using the LMCE DHCPd instead. AFAICT, this technique doesn't leave any wrong configurations anywhere inside either LMCE's complex interdependencies or the remnants of the previously existing DHCP system.

#In existing router/gateway
##Disable DHCPd
##Assign LAN IP# on desired subnet (eg 192.168.0.1 )
##Ensure router/gateway is configured to route properly between the newly specified subnet and the other network
# In LMCE Admin site:
##Homepage -> Advanced -> Network -> Network Settings
##Change all 192.168.80.x IP#s to desired subnet (eg. 192.168.0.x )
##Set both NICs to the same IP# (and proper subnet info)
##Reload DCERouter
##Check Homepage -> Advanced -> Network -> Network Settings to be sure settings were properly retained
#/etc/dhcp3/dhcpd.conf :
##Ensure "option routers" parameter(s) is the correct IP#(s) of the existing router(s)
##Exclude router/gateway IP# from allocatable ranges
##Change "host px[1,2]" lines from 192.168.80.x IP#s to desired subnet IP#s (eg. 192.168.0.253 )
##/etc/init.d/dhcp3-server restart
##Force a LAN host to reset its network configs by DHCP, then test pinging across the router
# Force each host on the LAN to reread its network configs by DHCP (eg. run its DHCP client or reboot if its DHCP client runs at startup).

Note that the dhcpd.conf file regenerated by the LMCE Admin site's Network Settings form has a bug which doesn't change all the IP#s properly. There might be other bugs, so check the whole file to be sure it's correct.

==Caveat==
This technique leaves a problem in that any configs of your original router/gateway DHCPd are not available to the LMCE DHCPd, unless you manually recreate them in the LMCE's dhcpd.conf file. Also, the router/gateway LAN IP# must be manually discovered/set, and then the LMCE LAN subnet must be manually configured to accommodate it. There is no way to fix that problem, unless the router/gateway allows its LAN IP# to be set by DHCP (ie. a DHCP client running on the router/gateway that is set by the LMCE DHCPd). Conversely, there is no way for LMCE to insert into the router/gateway DHCPd configs the configs that LMCE needs clients for its own services (like IP phones) to automatically get from a DHCPd when they're plugged into a network. The only way to make DHCP fully automatic for LMCE is to use the recommended network architecture of a pair of ethernet ports on the LMCE server (or use a router/gateway DHCPd that can be remotely configured by the LMCE, and a script to glue them together).

=Switching From Single NIC to Double NIC=
There are instructions for switching from [[Single to Double NIC]].

==See also==
* [[Network Settings]]
* [[How to setup Local Authoritative DNS]]

How to setup Local Authoritative DNS

2008-02-04T02:41:11Z

Royw: /* How to setup Local Authoritative DNS */

=How to setup Local Authoritative DNS=

I was wanting an authoritative name server for my local intranet. I also wanted any dynamic IP's to be visible to the name server. The name server included with linuxmce is configured as a recursive name server. Here's the changes I did to configure my core's name server to be authoritative and support dynamic IPs. Note, the machines on my intranet are private, i.e., not known to the outside world.

3 Feb 2008 - Developed and tested on LinuxMCE 0710 Beta 3 amd64.

I named my intranet "wright.local". Using a "local" top level domain (TLD) is recommended for private intranets. Some may prefer to use "lan". You do not want to use any of the standard TLDs like "com", "net", "org",...

I used the core's default intranet addresses, 192.168.80.0/24 with the core at 192.168.80.1.

I've attempted to verbosely document each config file. :)

The directions for adapting the config files are included in the named.conf file.

==Installation==

If you want to try this, I would suggest building the config in new directories then swapping with the originals when you are ready (I had a little mess when my core hung and I had to restart with only half the configs ready) :)

So start with creating two directories:

sudo mkdir /etc/bind.new
sudo mkdir /etc/dhcp3.new

Now copy the contents of the original directories:

sudo cp -arp /etc/bind/* /etc/bind.new
sudo cp -arp /etc/dhcp3/* /etc/dhcp3.new

Also create a new resolve.conf file:

sudo touch /etc/resolv.conf.new

Then add/change the config files below.

To create a key for use in rndc.key and dhcpd.conf:

sudo dnssec-keygen -a HMAC-MD5 -b 256 -n user rndc

Now get the key from the private file:

sudo cat Krndc.*.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=
Bits: AAA=

Now cut the key which is to the right of "Key: " and paste where needed (replace "<paste your key here>" with the key in the config files). So an example using the above key would look like:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

becomes:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=";
};

Make the logging directory:

sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named
sudo chmod 755 /var/log/named

Change all the file permissions per instructions in named.conf.

Double check everything. Roll Eyes

Then when you are feeling lucky, rename the original directories and then rename the new directories to take there place:

sudo mv /etc/bind /etc/bind.original
sudo mv /etc/bind.new /etc/bind
sudo mv /etc/dhcp3 /etc/dhcp3.original
sudo mv /etc/dhcp3.new /etc/dhcp3
sudo mv /etc/resolve.conf /etc/resolve.conf.original
sudo mv /etc/resolve.conf.new /etc/resolve.conf

Finally restart the bind and dhcpd services:

sudo rndc reload
sudo /etc/init.d/dhcp3-server restart

Check the syslog for any errors:

grep named /var/log/syslog
grep dhcpd /var/log/syslog

==Config Files==

===/etc/bind/named.conf===
<pre>
// This is the primary configuration file for the BIND DNS server named.
//
// This configuration supports an authoritative local zone (wright.local on
// 192.168.80.0/24) and allows DHCP to update the local zone.
// To customize to your setup:
// 1) replace "wright.local" with your internal domain name.
// 2) edit db.wright.local.zone and db.wright.local.rev and replace
// my static names/addresses with your network's static names/addresses.
// Make sure to increment the serial number of any file edited.
// Note, format of serial number is: YYYYMMDDNN where YYYY is year,
// MM is month, DD is day, NN is update number for that day (i.e., 01,
// 02, 03,...)
// 3) rename db.wright.local.zone to match your domain name.
// 4) rename db.wright.local.rev to match your domain name.
// 5) If you changed the internal network IP from the LinuxMCE default of
// 192.168.80.0/24, then replace "192.168.80" with your network
// ip and replace it's reverse "80.168.192" wity your network ip's
// reverse.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
//
// references:
// http://www.arda.homeunix.net/dnssetup.html
// http://www.madboa.com/geek/soho-bind/
//
// notes:
// 1) The following command should be ran about twice a year to keep
// the root servers current:
// dig @a.root-servers.net . ns > /etc/bin/db.root
// Root name servers don’t change very often so updating this file more
// than twice a year is probably overkill. Frequent updates also put undo
// load on the root name servers; they have enough to do as it is.
//
// 2) File permissions:
// /etc/bind/named.conf root:root 644
// /etc/bind/rndc.key root:bind 640
// /etc/bind/rndc.conf root:root 600
// /etc/resolv.conf root:root 644
// /etc/bind root:bind 775, chmod g+s => drwxrwsr-x
// /etc/dhcp3 root:root 755
// /etc/dhcp3/dhcpd.conf root:root 644
//
// Manually Updating Zone Files
// 1. Use rndc to stop BIND.
// sudo rndc stop
// 2. Remove any .jnl files from the zone file directory.
// sudo rm /etc/bind/*.jnl
// 3. Edit the zone files as necessary. Make sure to increment the serial
// number of any file edited. Note, format of serial number is:
// YYYYMMDDNN where YYYY is year, MM is month, DD is day, NN is update
// number for that day (i.e., 01, 02, 03,...)
// 4. Start BIND using its startup script.
// sudo /etc/init.d/bind9 start

// secret must be the same as in /etc/bind/rndc.conf
include "/etc/bind/rndc.key";

// access control list used to limit queries to local net
acl "internal-net" { 192.168.80/24; 127.0.0.1; };

controls {
inet 127.0.0.1 allow { any; } keys { "rndc-key"; };
};

include "/etc/bind/named.conf.options";

// The single dot (.) is the root of all DNS namespace, so
// this zone tells named where to start looking for any
// name on the Internet
zone "." IN {
type hint;
file "/etc/bind/db.root";
};

// local intranet zones and reverse zones
// intranet is wright.local and 192.168.80.0/24
// the DHCP servers is on linuxmce-dhcp
// an optional second nameserver would be on linuxmce-ns2

zone "wright.local" IN {
type master;
file "/etc/bind/db.wright.local.zone";
// both allow-update and update-policy can enable DHCP updates,
// but update-policy allows more control over what kinds of
// updates DHCP can perform on a zone.
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain wright.local. A TXT; };
// allow-transfer { key "linuxmce-ns2"; };
// notify on zone transfers
notify yes;
};

zone "80.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/db.wright.local.rev";
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain 80.168.192.in-addr.arpa. PTR TXT; };
// allow-transfer { key "linuxmce-ns2"; };
notify yes;
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912 (http://www.ietf.org/rfc/rfc1912.txt)

// Where the localhost hostname is defined
zone "localhost" IN {
// a master type means that this server needn't look
// anywhere else for information; the localhost buck
// stops here.
type master;
file "/etc/bind/db.local";
// don't allow dynamic DNS clients to update info
// about the localhost zone
allow-update { none; };
};

// Where the 127.0.0.0 network is defined
zone "127.in-addr.arpa" IN {
type master;
file "/etc/bind/db.127";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "/etc/bind/db.0";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "/etc/bind/db.255";
allow-update { none; };
};

// Include logging config file
include "/etc/bind/logging.conf";

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";
</pre>

===/etc/bind/named.conf.options===
<pre>
options {
// tell named where to find files mentioned below
directory "/var/cache/bind";

// file that contains the process id when bind is running
pid-file "/var/run/bind/run/named.pid";

// enable statistics
statistics-file "/var/named/named.stats";
zone-statistics yes;

dump-file "/var/named/named.dump";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// The forwarders option tells BIND to not use iterative queries itself
// for information it doesn’t already know about but to forward a
// recursive query to the name servers specified instead.
include "/etc/bind/named.conf.forwarders";

// conform to RFC1035
auth-nxdomain no;

// on a multi-homed host, you might want to tell named
// to listen for queries only on certain interfaces
listen-on-v6 { any; };
listen-on { "internal-net"; };

// to allow only specific hosts to use the DNS server:
allow-query { "internal-net"; };

// sets BIND’s default behaviour to refuse all zone transfers.
// Without setting this option, anyone can transfer any zone.
allow-transfer { none; };

// do not generate notify messages for all zones on a restart.
// override for authorative zones
notify no;
};
</pre>

===/etc/bind/logging.conf===
<pre>
logging {

channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};

category lame-servers {
lame-servers_file;
};
category dnssec {
dnssec_file;
};
category dispatch {
dispatch_file;
};
category update {
update_file;
};
category network {
network_file;
};
category queries {
queries_file;
};
category unmatched {
unmatched_file;
};
category client {
client_file;
};
category notify {
notify_file;
};
category xfer-out {
xfer-out_file;
};
category xfer-in {
xfer-in_file;
};
category resolver {
resolver_file;
};
category config {
config_file;
};
category security {
security_file;
};
category database {
database_file;
};
category general {
general_file;
};
category default {
default_file;
};
};
</pre>

===/etc/bind/rndc.conf===
<pre>
options {
default-server localhost;
default-key "rndc-key";
default-port 953;
};

server localhost {
key "rndc-key";
};

key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/rndc.key===
<pre>
key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-ns2" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/db.wright.local.zone===
<pre>
;
; BIND data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; Address records specify an IP address to assign to a name
;
dcerouter IN A 192.168.80.1
dad-kubuntu IN A 192.168.80.21
royw-gentoo IN A 192.168.80.20
;
; Canonical name records, maps one name to another.
;
linuxmce IN CNAME dcerouter
</pre>

===/etc/bind/db.wright.local.rev===
<pre>

;
; BIND reverse data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$ORIGIN 80.168.192.in-addr.arpa.
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; PTR — PoinTeR record, designed to point to another part of the namespace.
;
1 IN PTR dcerouter.wright.local.
21 IN PTR dad-kubuntu.wright.local.
20 IN PTR royw-gentoo.wright.local.
</pre>

===/etc/dhcp3/dhcpd.conf===
<pre>
option domain-name-servers 192.168.80.1;
authoritative;

option routers 192.168.80.1;
option subnet-mask 255.255.255.0;

# lease IPs for 1 day, maximum 1 week
default-lease-time 86400;
max-lease-time 604800;

# dynamic DNS updates
ddns-updates on;
ddns-update-style interim;
ddns-domainname "wright.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-ttl 14400;

# don't let clients modify their own A records
ignore client-updates;

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

zone wright.local {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

zone 80.168.192.in-addr.arpa {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;

subnet 192.168.80.0 netmask 255.255.255.0 {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

option domain-name "wright.local";
option domain-name-servers 192.168.80.1;
option routers 192.168.80.1;

default-lease-time 86400;
max-lease-time 604800;
pool {
allow unknown-clients;
range 192.168.80.129 192.168.80.254;
}
}

# PXE booting machines
group {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

}

# regular machines
group {
}

# CORE (1) has bad mac address:

</pre>

===/etc/resolv.conf===
<pre>
domain wright.local
nameserver localhost
</pre>

How to setup Local Authoritative DNS

2008-02-04T02:39:53Z

Royw: /* How to setup Local Authoritative DNS */

=How to setup Local Authoritative DNS=

I was wanting an authoritative name server for my local intranet. I also wanted any dynamic IP's to be visible to the name server. The name server included with linuxmce is configured as a recursive name server. Here's the changes I did to configure my core's name server to be authoritative and support dynamic IPs. Note, the machines on my intranet are private, i.e., not known to the outside world.

Developed and tested on LinuxMCE 0710 Beta 3. 3 Feb 2008

I named my intranet "wright.local". Using a "local" top level domain (TLD) is recommended for private intranets. Some may prefer to use "lan". You do not want to use any of the standard TLDs like "com", "net", "org",...

I used the core's default intranet addresses, 192.168.80.0/24 with the core at 192.168.80.1.

I've attempted to verbosely document each config file. :)

The directions for adapting the config files are included in the named.conf file.

==Installation==

If you want to try this, I would suggest building the config in new directories then swapping with the originals when you are ready (I had a little mess when my core hung and I had to restart with only half the configs ready) :)

So start with creating two directories:

sudo mkdir /etc/bind.new
sudo mkdir /etc/dhcp3.new

Now copy the contents of the original directories:

sudo cp -arp /etc/bind/* /etc/bind.new
sudo cp -arp /etc/dhcp3/* /etc/dhcp3.new

Also create a new resolve.conf file:

sudo touch /etc/resolv.conf.new

Then add/change the config files below.

To create a key for use in rndc.key and dhcpd.conf:

sudo dnssec-keygen -a HMAC-MD5 -b 256 -n user rndc

Now get the key from the private file:

sudo cat Krndc.*.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=
Bits: AAA=

Now cut the key which is to the right of "Key: " and paste where needed (replace "<paste your key here>" with the key in the config files). So an example using the above key would look like:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

becomes:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=";
};

Make the logging directory:

sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named
sudo chmod 755 /var/log/named

Change all the file permissions per instructions in named.conf.

Double check everything. Roll Eyes

Then when you are feeling lucky, rename the original directories and then rename the new directories to take there place:

sudo mv /etc/bind /etc/bind.original
sudo mv /etc/bind.new /etc/bind
sudo mv /etc/dhcp3 /etc/dhcp3.original
sudo mv /etc/dhcp3.new /etc/dhcp3
sudo mv /etc/resolve.conf /etc/resolve.conf.original
sudo mv /etc/resolve.conf.new /etc/resolve.conf

Finally restart the bind and dhcpd services:

sudo rndc reload
sudo /etc/init.d/dhcp3-server restart

Check the syslog for any errors:

grep named /var/log/syslog
grep dhcpd /var/log/syslog

==Config Files==

===/etc/bind/named.conf===
<pre>
// This is the primary configuration file for the BIND DNS server named.
//
// This configuration supports an authoritative local zone (wright.local on
// 192.168.80.0/24) and allows DHCP to update the local zone.
// To customize to your setup:
// 1) replace "wright.local" with your internal domain name.
// 2) edit db.wright.local.zone and db.wright.local.rev and replace
// my static names/addresses with your network's static names/addresses.
// Make sure to increment the serial number of any file edited.
// Note, format of serial number is: YYYYMMDDNN where YYYY is year,
// MM is month, DD is day, NN is update number for that day (i.e., 01,
// 02, 03,...)
// 3) rename db.wright.local.zone to match your domain name.
// 4) rename db.wright.local.rev to match your domain name.
// 5) If you changed the internal network IP from the LinuxMCE default of
// 192.168.80.0/24, then replace "192.168.80" with your network
// ip and replace it's reverse "80.168.192" wity your network ip's
// reverse.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
//
// references:
// http://www.arda.homeunix.net/dnssetup.html
// http://www.madboa.com/geek/soho-bind/
//
// notes:
// 1) The following command should be ran about twice a year to keep
// the root servers current:
// dig @a.root-servers.net . ns > /etc/bin/db.root
// Root name servers don’t change very often so updating this file more
// than twice a year is probably overkill. Frequent updates also put undo
// load on the root name servers; they have enough to do as it is.
//
// 2) File permissions:
// /etc/bind/named.conf root:root 644
// /etc/bind/rndc.key root:bind 640
// /etc/bind/rndc.conf root:root 600
// /etc/resolv.conf root:root 644
// /etc/bind root:bind 775, chmod g+s => drwxrwsr-x
// /etc/dhcp3 root:root 755
// /etc/dhcp3/dhcpd.conf root:root 644
//
// Manually Updating Zone Files
// 1. Use rndc to stop BIND.
// sudo rndc stop
// 2. Remove any .jnl files from the zone file directory.
// sudo rm /etc/bind/*.jnl
// 3. Edit the zone files as necessary. Make sure to increment the serial
// number of any file edited. Note, format of serial number is:
// YYYYMMDDNN where YYYY is year, MM is month, DD is day, NN is update
// number for that day (i.e., 01, 02, 03,...)
// 4. Start BIND using its startup script.
// sudo /etc/init.d/bind9 start

// secret must be the same as in /etc/bind/rndc.conf
include "/etc/bind/rndc.key";

// access control list used to limit queries to local net
acl "internal-net" { 192.168.80/24; 127.0.0.1; };

controls {
inet 127.0.0.1 allow { any; } keys { "rndc-key"; };
};

include "/etc/bind/named.conf.options";

// The single dot (.) is the root of all DNS namespace, so
// this zone tells named where to start looking for any
// name on the Internet
zone "." IN {
type hint;
file "/etc/bind/db.root";
};

// local intranet zones and reverse zones
// intranet is wright.local and 192.168.80.0/24
// the DHCP servers is on linuxmce-dhcp
// an optional second nameserver would be on linuxmce-ns2

zone "wright.local" IN {
type master;
file "/etc/bind/db.wright.local.zone";
// both allow-update and update-policy can enable DHCP updates,
// but update-policy allows more control over what kinds of
// updates DHCP can perform on a zone.
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain wright.local. A TXT; };
// allow-transfer { key "linuxmce-ns2"; };
// notify on zone transfers
notify yes;
};

zone "80.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/db.wright.local.rev";
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain 80.168.192.in-addr.arpa. PTR TXT; };
// allow-transfer { key "linuxmce-ns2"; };
notify yes;
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912 (http://www.ietf.org/rfc/rfc1912.txt)

// Where the localhost hostname is defined
zone "localhost" IN {
// a master type means that this server needn't look
// anywhere else for information; the localhost buck
// stops here.
type master;
file "/etc/bind/db.local";
// don't allow dynamic DNS clients to update info
// about the localhost zone
allow-update { none; };
};

// Where the 127.0.0.0 network is defined
zone "127.in-addr.arpa" IN {
type master;
file "/etc/bind/db.127";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "/etc/bind/db.0";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "/etc/bind/db.255";
allow-update { none; };
};

// Include logging config file
include "/etc/bind/logging.conf";

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";
</pre>

===/etc/bind/named.conf.options===
<pre>
options {
// tell named where to find files mentioned below
directory "/var/cache/bind";

// file that contains the process id when bind is running
pid-file "/var/run/bind/run/named.pid";

// enable statistics
statistics-file "/var/named/named.stats";
zone-statistics yes;

dump-file "/var/named/named.dump";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// The forwarders option tells BIND to not use iterative queries itself
// for information it doesn’t already know about but to forward a
// recursive query to the name servers specified instead.
include "/etc/bind/named.conf.forwarders";

// conform to RFC1035
auth-nxdomain no;

// on a multi-homed host, you might want to tell named
// to listen for queries only on certain interfaces
listen-on-v6 { any; };
listen-on { "internal-net"; };

// to allow only specific hosts to use the DNS server:
allow-query { "internal-net"; };

// sets BIND’s default behaviour to refuse all zone transfers.
// Without setting this option, anyone can transfer any zone.
allow-transfer { none; };

// do not generate notify messages for all zones on a restart.
// override for authorative zones
notify no;
};
</pre>

===/etc/bind/logging.conf===
<pre>
logging {

channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};

category lame-servers {
lame-servers_file;
};
category dnssec {
dnssec_file;
};
category dispatch {
dispatch_file;
};
category update {
update_file;
};
category network {
network_file;
};
category queries {
queries_file;
};
category unmatched {
unmatched_file;
};
category client {
client_file;
};
category notify {
notify_file;
};
category xfer-out {
xfer-out_file;
};
category xfer-in {
xfer-in_file;
};
category resolver {
resolver_file;
};
category config {
config_file;
};
category security {
security_file;
};
category database {
database_file;
};
category general {
general_file;
};
category default {
default_file;
};
};
</pre>

===/etc/bind/rndc.conf===
<pre>
options {
default-server localhost;
default-key "rndc-key";
default-port 953;
};

server localhost {
key "rndc-key";
};

key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/rndc.key===
<pre>
key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-ns2" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/db.wright.local.zone===
<pre>
;
; BIND data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; Address records specify an IP address to assign to a name
;
dcerouter IN A 192.168.80.1
dad-kubuntu IN A 192.168.80.21
royw-gentoo IN A 192.168.80.20
;
; Canonical name records, maps one name to another.
;
linuxmce IN CNAME dcerouter
</pre>

===/etc/bind/db.wright.local.rev===
<pre>

;
; BIND reverse data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$ORIGIN 80.168.192.in-addr.arpa.
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; PTR — PoinTeR record, designed to point to another part of the namespace.
;
1 IN PTR dcerouter.wright.local.
21 IN PTR dad-kubuntu.wright.local.
20 IN PTR royw-gentoo.wright.local.
</pre>

===/etc/dhcp3/dhcpd.conf===
<pre>
option domain-name-servers 192.168.80.1;
authoritative;

option routers 192.168.80.1;
option subnet-mask 255.255.255.0;

# lease IPs for 1 day, maximum 1 week
default-lease-time 86400;
max-lease-time 604800;

# dynamic DNS updates
ddns-updates on;
ddns-update-style interim;
ddns-domainname "wright.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-ttl 14400;

# don't let clients modify their own A records
ignore client-updates;

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

zone wright.local {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

zone 80.168.192.in-addr.arpa {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;

subnet 192.168.80.0 netmask 255.255.255.0 {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

option domain-name "wright.local";
option domain-name-servers 192.168.80.1;
option routers 192.168.80.1;

default-lease-time 86400;
max-lease-time 604800;
pool {
allow unknown-clients;
range 192.168.80.129 192.168.80.254;
}
}

# PXE booting machines
group {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

}

# regular machines
group {
}

# CORE (1) has bad mac address:

</pre>

===/etc/resolv.conf===
<pre>
domain wright.local
nameserver localhost
</pre>

How to setup Local Authoritative DNS

2008-02-04T02:35:34Z

Royw: New page: =How to setup Local Authoritative DNS= I was wanting an authoritative name server for my local intranet. I also wanted any dynamic IP's to be visible to the name server. The name server...

=How to setup Local Authoritative DNS=

I was wanting an authoritative name server for my local intranet. I also wanted any dynamic IP's to be visible to the name server. The name server included with linuxmce is configured as a recursive name server. Here's the changes I did to configure my core's name server to be authoritative and support dynamic IPs. Note, the machines on my intranet are private, i.e., not known to the outside world.

I named my intranet "wright.local". Using a "local" top level domain (TLD) is recommended for private intranets. Some may prefer to use "lan". You do not want to use any of the standard TLDs like "com", "net", "org",...

I used the core's default intranet addresses, 192.168.80.0/24 with the core at 192.168.80.1.

I've attempted to verbosely document each config file. :)

The directions for adapting the config files are included in the named.conf file.

==Installation==

If you want to try this, I would suggest building the config in new directories then swapping with the originals when you are ready (I had a little mess when my core hung and I had to restart with only half the configs ready) :)

So start with creating two directories:

sudo mkdir /etc/bind.new
sudo mkdir /etc/dhcp3.new

Now copy the contents of the original directories:

sudo cp -arp /etc/bind/* /etc/bind.new
sudo cp -arp /etc/dhcp3/* /etc/dhcp3.new

Also create a new resolve.conf file:

sudo touch /etc/resolv.conf.new

Then add/change the config files below.

To create a key for use in rndc.key and dhcpd.conf:

sudo dnssec-keygen -a HMAC-MD5 -b 256 -n user rndc

Now get the key from the private file:

sudo cat Krndc.*.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=
Bits: AAA=

Now cut the key which is to the right of "Key: " and paste where needed (replace "<paste your key here>" with the key in the config files). So an example using the above key would look like:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

becomes:

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "3+GnSWV5FKxcUu57k7QFxbpvv/xr4fXj2wBVGtdGifI=";
};

Make the logging directory:

sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named
sudo chmod 755 /var/log/named

Change all the file permissions per instructions in named.conf.

Double check everything. Roll Eyes

Then when you are feeling lucky, rename the original directories and then rename the new directories to take there place:

sudo mv /etc/bind /etc/bind.original
sudo mv /etc/bind.new /etc/bind
sudo mv /etc/dhcp3 /etc/dhcp3.original
sudo mv /etc/dhcp3.new /etc/dhcp3
sudo mv /etc/resolve.conf /etc/resolve.conf.original
sudo mv /etc/resolve.conf.new /etc/resolve.conf

Finally restart the bind and dhcpd services:

sudo rndc reload
sudo /etc/init.d/dhcp3-server restart

Check the syslog for any errors:

grep named /var/log/syslog
grep dhcpd /var/log/syslog

==Config Files==

===/etc/bind/named.conf===
<pre>
// This is the primary configuration file for the BIND DNS server named.
//
// This configuration supports an authoritative local zone (wright.local on
// 192.168.80.0/24) and allows DHCP to update the local zone.
// To customize to your setup:
// 1) replace "wright.local" with your internal domain name.
// 2) edit db.wright.local.zone and db.wright.local.rev and replace
// my static names/addresses with your network's static names/addresses.
// Make sure to increment the serial number of any file edited.
// Note, format of serial number is: YYYYMMDDNN where YYYY is year,
// MM is month, DD is day, NN is update number for that day (i.e., 01,
// 02, 03,...)
// 3) rename db.wright.local.zone to match your domain name.
// 4) rename db.wright.local.rev to match your domain name.
// 5) If you changed the internal network IP from the LinuxMCE default of
// 192.168.80.0/24, then replace "192.168.80" with your network
// ip and replace it's reverse "80.168.192" wity your network ip's
// reverse.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
//
// references:
// http://www.arda.homeunix.net/dnssetup.html
// http://www.madboa.com/geek/soho-bind/
//
// notes:
// 1) The following command should be ran about twice a year to keep
// the root servers current:
// dig @a.root-servers.net . ns > /etc/bin/db.root
// Root name servers don’t change very often so updating this file more
// than twice a year is probably overkill. Frequent updates also put undo
// load on the root name servers; they have enough to do as it is.
//
// 2) File permissions:
// /etc/bind/named.conf root:root 644
// /etc/bind/rndc.key root:bind 640
// /etc/bind/rndc.conf root:root 600
// /etc/resolv.conf root:root 644
// /etc/bind root:bind 775, chmod g+s => drwxrwsr-x
// /etc/dhcp3 root:root 755
// /etc/dhcp3/dhcpd.conf root:root 644
//
// Manually Updating Zone Files
// 1. Use rndc to stop BIND.
// sudo rndc stop
// 2. Remove any .jnl files from the zone file directory.
// sudo rm /etc/bind/*.jnl
// 3. Edit the zone files as necessary. Make sure to increment the serial
// number of any file edited. Note, format of serial number is:
// YYYYMMDDNN where YYYY is year, MM is month, DD is day, NN is update
// number for that day (i.e., 01, 02, 03,...)
// 4. Start BIND using its startup script.
// sudo /etc/init.d/bind9 start

// secret must be the same as in /etc/bind/rndc.conf
include "/etc/bind/rndc.key";

// access control list used to limit queries to local net
acl "internal-net" { 192.168.80/24; 127.0.0.1; };

controls {
inet 127.0.0.1 allow { any; } keys { "rndc-key"; };
};

include "/etc/bind/named.conf.options";

// The single dot (.) is the root of all DNS namespace, so
// this zone tells named where to start looking for any
// name on the Internet
zone "." IN {
type hint;
file "/etc/bind/db.root";
};

// local intranet zones and reverse zones
// intranet is wright.local and 192.168.80.0/24
// the DHCP servers is on linuxmce-dhcp
// an optional second nameserver would be on linuxmce-ns2

zone "wright.local" IN {
type master;
file "/etc/bind/db.wright.local.zone";
// both allow-update and update-policy can enable DHCP updates,
// but update-policy allows more control over what kinds of
// updates DHCP can perform on a zone.
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain wright.local. A TXT; };
// allow-transfer { key "linuxmce-ns2"; };
// notify on zone transfers
notify yes;
};

zone "80.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/db.wright.local.rev";
// allow-update { none; };
update-policy { grant linuxmce-dhcp subdomain 80.168.192.in-addr.arpa. PTR TXT; };
// allow-transfer { key "linuxmce-ns2"; };
notify yes;
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912 (http://www.ietf.org/rfc/rfc1912.txt)

// Where the localhost hostname is defined
zone "localhost" IN {
// a master type means that this server needn't look
// anywhere else for information; the localhost buck
// stops here.
type master;
file "/etc/bind/db.local";
// don't allow dynamic DNS clients to update info
// about the localhost zone
allow-update { none; };
};

// Where the 127.0.0.0 network is defined
zone "127.in-addr.arpa" IN {
type master;
file "/etc/bind/db.127";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "/etc/bind/db.0";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "/etc/bind/db.255";
allow-update { none; };
};

// Include logging config file
include "/etc/bind/logging.conf";

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";
</pre>

===/etc/bind/named.conf.options===
<pre>
options {
// tell named where to find files mentioned below
directory "/var/cache/bind";

// file that contains the process id when bind is running
pid-file "/var/run/bind/run/named.pid";

// enable statistics
statistics-file "/var/named/named.stats";
zone-statistics yes;

dump-file "/var/named/named.dump";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// The forwarders option tells BIND to not use iterative queries itself
// for information it doesn’t already know about but to forward a
// recursive query to the name servers specified instead.
include "/etc/bind/named.conf.forwarders";

// conform to RFC1035
auth-nxdomain no;

// on a multi-homed host, you might want to tell named
// to listen for queries only on certain interfaces
listen-on-v6 { any; };
listen-on { "internal-net"; };

// to allow only specific hosts to use the DNS server:
allow-query { "internal-net"; };

// sets BIND’s default behaviour to refuse all zone transfers.
// Without setting this option, anyone can transfer any zone.
allow-transfer { none; };

// do not generate notify messages for all zones on a restart.
// override for authorative zones
notify no;
};
</pre>

===/etc/bind/logging.conf===
<pre>
logging {

channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};

category lame-servers {
lame-servers_file;
};
category dnssec {
dnssec_file;
};
category dispatch {
dispatch_file;
};
category update {
update_file;
};
category network {
network_file;
};
category queries {
queries_file;
};
category unmatched {
unmatched_file;
};
category client {
client_file;
};
category notify {
notify_file;
};
category xfer-out {
xfer-out_file;
};
category xfer-in {
xfer-in_file;
};
category resolver {
resolver_file;
};
category config {
config_file;
};
category security {
security_file;
};
category database {
database_file;
};
category general {
general_file;
};
category default {
default_file;
};
};
</pre>

===/etc/bind/rndc.conf===
<pre>
options {
default-server localhost;
default-key "rndc-key";
default-port 953;
};

server localhost {
key "rndc-key";
};

key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/rndc.key===
<pre>
key "rndc-key" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

key "linuxmce-ns2" {
algorithm hmac-md5;
secret "<paste your key here>";
};
</pre>

===/etc/bind/db.wright.local.zone===
<pre>
;
; BIND data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; Address records specify an IP address to assign to a name
;
dcerouter IN A 192.168.80.1
dad-kubuntu IN A 192.168.80.21
royw-gentoo IN A 192.168.80.20
;
; Canonical name records, maps one name to another.
;
linuxmce IN CNAME dcerouter
</pre>

===/etc/bind/db.wright.local.rev===
<pre>

;
; BIND reverse data file for wright.local
; ref. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html
;
$ORIGIN 80.168.192.in-addr.arpa.
$TTL 86400 ; time to live : 86400s = 1 day
; Start Of Authority record, proclaims important authoritative information
; about a namespace to the nameserver.
@ IN SOA dcerouter.wright.local roy@wright.org (
2008013101 ;serial (YYYYMMDDNN where N = 01,02,03,...)
10800 ;refresh (3 hours)
7200 ;retry (2 hours)
36000000 ;expire (10,000 hours = 416 2/3 days)
86400) ;default minimum ttl
;
; NameServer record, which announces the authoritative nameservers for a particular zone.
;
IN NS dcerouter.wright.local.
;
; PTR — PoinTeR record, designed to point to another part of the namespace.
;
1 IN PTR dcerouter.wright.local.
21 IN PTR dad-kubuntu.wright.local.
20 IN PTR royw-gentoo.wright.local.
</pre>

===/etc/dhcp3/dhcpd.conf===
<pre>
option domain-name-servers 192.168.80.1;
authoritative;

option routers 192.168.80.1;
option subnet-mask 255.255.255.0;

# lease IPs for 1 day, maximum 1 week
default-lease-time 86400;
max-lease-time 604800;

# dynamic DNS updates
ddns-updates on;
ddns-update-style interim;
ddns-domainname "wright.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-ttl 14400;

# don't let clients modify their own A records
ignore client-updates;

key "linuxmce-dhcp" {
algorithm hmac-md5;
secret "<paste your key here>";
};

zone wright.local {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

zone 80.168.192.in-addr.arpa {
primary 192.168.80.1;
key "linuxmce-dhcp";
}

option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;

subnet 192.168.80.0 netmask 255.255.255.0 {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

option domain-name "wright.local";
option domain-name-servers 192.168.80.1;
option routers 192.168.80.1;

default-lease-time 86400;
max-lease-time 604800;
pool {
allow unknown-clients;
range 192.168.80.129 192.168.80.254;
}
}

# PXE booting machines
group {
next-server 192.168.80.1;
filename "/tftpboot/pxelinux.0";
option pxelinux.reboottime = 30;

}

# regular machines
group {
}

# CORE (1) has bad mac address:

</pre>

===/etc/resolv.conf===
<pre>
domain wright.local
nameserver localhost
</pre>

Network Settings

2008-02-04T02:18:38Z

Royw: /* See also */

[[Category: Networking]]
[[Category: Admin Website]]
[[Image:NetworkSettings.jpg|thumb|200px|Network Settings Admin Page]]

The settings on this page are used to configure the network in your Core.

==Recommended configuration==
The recommended configuration for a LinuxMCE Core is to have 2 network cards, and plug 1 of them into the external internet (the cable or DSL modem), and the other into the internal switch that the other computers and devices in the house connect to.
This allows the LinuxMCE Core to act as a firewall to protect the devices in the house, and also to manage your network bandwidth to ensure that phone calls, video calls and other time-sensitive traffic takes priority over web pages and file downloads. In such a configuration you would enable DHCP on the internal network, and the external network would obtain an IP address either statically or through the DHCP server in your DSL/Cable modem, depending on how your internet service provider configured it.

Every device connected to the local area network in your home needs a unique IP address.
The "DHCP Server" is the device that assigns every device it's own IP.
If you have multiple computers in your home, you probably have a router, dsl or cable modem that is your DHCP Server. Normally you should only have 1 DHCP server on the network. If you have more than 1, they can 'fight' over the assignment of IP addresses. If you have dual network cards in the core this is not a problem since the 'external' internet connection provided by your DSL or cable modem is physically a separate network from the internal network in your home. In that case it is okay to have LinuxMCE act as the DHCP server for the internal network while the Cable/DSL modem is the DHCP server for the external network.

===Diskless media directors===
If you want to have diskless media directors, where they do not boot LinuxMCE from their local hard drive, but rather use the LinuxMCE Core, the Core needs to be the DHCP server for those media directors. Also, for the Core to be able to automatically configure your devices, such as telephones, the Core needs to be their DHCP server. The easiest solution is, therefore, to make the Core the sole DHCP server in your house. It will then assign IP addresses for every computer in your home, whether it's running LinuxMCE's software or not.

==Single network card==
If you do not have dual network cards, or want to use another DHCP server, you can disable DHCP on the LinuxMCE Core altogether. Or, you can tell the Core to "give IP addresses to LinuxMCE devices only". This means the LinuxMCE Core will assign IP addresses for LinuxMCE devices, but ignore everything else in your home. If you do this, LinuxMCE can work with your other DHCP servers if they likewise do not try to assign IP addresses to your LinuxMCE devices. But this means that plug-and-play will not work since LinuxMCE will only give IP addresses to devices it already knows--not new devices.

===Example configuration===
If you do not have two network cards, and want your existing homenetwork to remain using your DSL-Modem/Router/WLANAcessPoint-All-in-One-Standalone-Box (e.g. a Fritzbox) you`ll end up with two subnetworks in your home. - Or you manage to tell the Core to only use 1 subnetwork, which I didn`t ...

If this is the case your existing network most likely contains a "DSL-Modem/Router/WLANAcessPoint" (192.168.1.1) which connects your local Computer (192.168.1.2) and your Laptop (192.168.1.3) to your Internetprovider (which assigns a dynamic Internet-IP to your Router).

! You need to disable the DHCP-Sever in the "DSL-Modem/Router/WLANAcessPoint". Assign static IPs to all your homenetwork-computers. Later on everytime a computer/device which uses dhcp is started, the dhcp-request must be answered by the core/hybrid in order to use MD pxe boot.

Now you install a Core/Hybrid with one physical networkcard (eth0). LinuxMCE automatically adds a second virtual networkcard (eth0:0). Change your "external" IP to be static and to be part of your existing homenetwork (e.g. IP 192.168.1.4).
So far I`m only telling old stories ... The particular NEWS: To use your existing wiring (incl. wlan) you need to tell the router that the gateway to the "external" (from the homenetwork`s point of view) (sub)net 192.168.80.0 is 192.168.1.4
This is done by creating a static route on your "DSL-Modem/Router/WLANAcessPoint". Sometime you`ll find this in the NAT-settings. If using a Fritzbox: System / Networksetting / IP-Routs / Add. IP-network: 192.168.80.0 Subnetmask: 255.255.255.0 Gateway: 192.168.1.4

Hint: If you disabled the dhcp-server of the "DSL-Modem/Router/WLANAcessPoint" and created the route before installing LinuxMCE you`ll end up with an internal-eth0:0 192.168.80.1 and your external-eth0 (which uses "Obtain an IP adress from DHCP") having an IP from the subnet 192.168.80.xxx as well. This means everything is working!
Your "external" interface did ask for a dhcp-server and your "interal" interface answered that it got one ... - Of course you have to change your "external"-eth0-IP to be static and be part of you (sub)homenetwork, as well.

==See also==
* [[Why dual network cards?]]
* [[How to setup ADSL access?]]
* [[DHCP Plug and Play]]
* [[How to setup Local Authoritative DNS]]