Linux - Chapter 14 - Network Configuration

The dns process

Commands or programs on the system, such as the browser, request a connection with a remote computer by DNS name. Then the system consults various files in a particular order to attempt to resolve that name into a usable IP address. 1, First, the /etc/nsswitch.conf file is consulted: hosts: files dns This line indicates that the system should consult local files first in an attempt to resolve hostnames, which means that the /etc/hosts file will be parsed for a match to the requested name. 2. Second, the system will consult the /etc/hosts file to attempt to resolve the name. If the name matches an entry in /etc/hosts, it is resolved. It will not failover (or continue) to the DNS option, even if the resolution is inaccurate. This can occur if the entry in /etc/hosts points to a non-assigned IP address. 3. Third, if the local /etc/hosts file doesn't result in a match, the system will use the configured DNS server entries contained in the /etc/resolv.conf file to attempt to resolve the name. The /etc/resolv.conf file should contain at least two entries for name servers, such as the example file below: nameserver 10.0.2.3 nameserver 10.0.2.4 The DNS resolution system will use the first name server for an attempted lookup of the name. If that is unavailable, or a timeout period is reached, the second server will then be queried for the name resolution. If a match is found, it is returned to the system and used for initiating a connection and is also placed in the DNS cache for a configurable time period.

Basic Network Terminology

Host A host is a computer. Many people automatically think of a desktop computer or laptop when they hear the term computer. In reality, many other devices, such as cell phones, digital music players and many modern televisions, are also computers. In networking terms, a host is any device that communicates via a network with another device. Network A network is a collection of two or more hosts (computers) that are able to communicate with each other. This communication can be via a wired connection or wireless. Internet The Internet is an example of a network. It consists of a publicly accessible network that connects millions of hosts throughout the world. Many people use the Internet to surf web pages and exchange emails, but the Internet has many additional capabilities besides these activities. Wi-Fi The term Wi-Fi refers to wireless networks. Server A host that provides a service to another host or client is called a server. For example, a web server stores, processes and delivers web pages. An email server receives incoming mail and delivers outgoing mail. Service A feature provided by a host is a service. An example of a service would be when a host provides web pages to another host. Client A client is a host that is accessing a server. When you are working on a computer surfing the Internet, you are considered to be on a client host. Router Also called a gateway, a router is a machine that connects hosts from one network to another network. For example, if you work in an office environment, the computers within the company can all communicate via the local network created by the administrators. To access the Internet, the computers would have to communicate with a router that would be used to forward network communications to the Internet. Typically when you communicate on a large network (like the Internet), several routers are used before your communication reaches its final destination.

The host Command

In its simplest form, the host command works with DNS to associate a hostname with an IP address. As used in a previous example, example.com is associated with the IP address of 192.168.1.2: root@localhost:~# host example.com example.com has address 192.168.1.2 The host command can also be used in reverse if an IP address is known, but the domain name is not. root@localhost:~# host 192.168.1.2 2.1.168.192.in-addr.arpa domain name pointer example.com. 2.1.168.192.in-addr.arpa domain name pointer cserver.example.com. Other options exist to query the various aspects of a DNS such as a CNAME canonical name -alias: root@localhost:~# host -t CNAME example.com example.com has no CNAME record Since many DNS servers store a copy of example.com, SOA Start of Authority records indicate the primary server for the domain: root@localhost:~# host -t SOA example.com example.com has SOA record example.com. cserver.example.com. 2 604800 86400 2419200 604800 A comprehensive list of DNS information regarding example.com can be found using the -a all option: root@localhost:~# host -a example.com

IP Addresses

It is important to note that the difference between IPv4 and IPv6 isn't just a larger address pool. IPv6 has many other advanced features that address some of the limitations of IPv4, including better speed, more advanced package management and more efficient data transportation. Considering all the advantages, you would think that by now all hosts would be using IPv6. However, the majority of network-attached devices in the world still use IPv4 (something like 98-99% of all devices). So, why hasn't the world embraced the superior technology of IPv6? There are primarily two reasons: 1. NAT: Invented to overcome the possibility of running out of IP addresses in an IPv4 environment, Net Address Translation (NAT) used a technique to provide more hosts access to the Internet. In a nutshell, a group of hosts is placed into a private network with no direct access to the Internet; a special router provides Internet access, and only this one router needs an IP address to communicate on the Internet. In other words, a group of hosts shares a single IP address, meaning a lot more computers can attach to the Internet. This feature means the need to move to IPv6 is less critical than before the invention of NAT. 2. Porting: Porting is switching over from one technology to another. IPv6 has a lot of great new features, but all of the hosts need to be able to utilize these features. Getting everyone on the Internet (or even just some) to make these changes poses a challenge. ‌⁠​​⁠​

Network Configuration Files

Name resolution on a Linux host is accomplished by 3 critical files: the /etc/hosts /etc/resolv.conf /etc/nsswitch.conf Together, they describe the location of name service information, the order in which to check resources, and where to go for that information. ‌⁠​​⁠​ etc/hosts This file contains a table of hostnames to IP addresses. It can be used to supplement a DNS server. sysadmin@localhost:~$ cat /etc/hosts 127.0.0.1 localhost /etc/resolv.conf This file contains the IP addresses of the name servers the system should consult in any attempt to resolve names to IP addresses. These servers are often DNS servers. It also can contain additional keywords and values that can affect the resolution process. sysadmin@localhost:~$ cat /etc/resolv.conf nameserver 127.0.0.11 /etc/nsswitch.conf This file can be used to modify where hostname lookups occur. It contains a particular entry that describes in what order name resolution sources are consulted. sysadmin@localhost:~$ cat /etc/nsswitch.conf # /etc/nsswitch.conf # Output Omitted... hosts: files dns Output Omitted... The /etc/hosts file is searched first, the DNS server second: hosts: files dns The DNS server would be searched first, local files second: hosts: dns files

Primary IPv6 Configuration File

On a CentOS system, the primary IPv6 configuration file is the same file where IPv4 configuration is stored; the /etc/sysconfig/network-scripts/ifcfg-eth0 file. If you want to have your system have a static IPv6 address, add the following to the configuration file: IPV6INIT=yes IPV6ADDR=<IPv6 IP Address> IPV6_DEFAULTGW=<IPv6 IP Gateway Address> If you want your system to be a DHCP IPv6 client, then add the following setting: DHCPV6C=yes You also need to add the following setting to the /etc/sysconfig/network file: NETWORKING_IPV6=yes Consider This The widely accepted method of making changes to a network interface is to take the interface down using a command such as ifdown eth0, make the desired changes to the configuration file, and then bring the interface back up and into service with a command such as ifup eth0. Another less specific method is to restart the system's networking entirely, with a command such as service network restart, which takes down ALL interfaces, re-reads all related configuration files, and then restarts the networking for the system. Restarting the network service can disrupt much more than just the single interface a user wanted to change, so use the most limited and specific commands to restart the interface if possible. The following example demonstrates how the service command would need to be executed on a CentOS system: [root@localhost ~]# service network restart

Primary IPv4 Configuration File

On a CentOS system, the primary configuration file for an IPv4 network interface is the /etc/sysconfig/network-scripts/ifcfg-eth0 file. The VM in this chapter is Debian-based, and so does not have the sysconfig folder. However, for demonstration purposes only, the following shows what this file looks like when configured for a static IP address root@localhost:~# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="eth0" BOOTPROTO=none NM_CONTROLLED="yes" ONBOOT=yes TYPE="Ethernet" UUID="98cf38bf-d91c-49b3-bb1b-f48ae7f2d3b5" DEFROUTE=yes IPV4 _FAILURE_FATAL=yes IPV6INOT=no NAME="System eth0" IPADDR=192.168.1.1 PREFIX=24 GATEWAY=192.168.1.1 DNS1=192.168.1.2 HWADDR=00:50:56:90:18:18 LAST_CONNECT=1376319928 If the device were configured to be a DHCP client, the BOOTPROTO value would be set to dhcp, and the IPADDR, GATEWAY and DNS1 values would not be set.

Networking Features Terminology

Packet A network packet is used to send network communication between hosts. By breaking down communication into smaller chunks (packets), the data delivery method is much more efficient. IP Address An Internet Protocol (IP) address is a unique number assigned to a host on a network. Hosts use these numbers to address network communication. Mask Also called a netmask, subnet mask or mask, a network mask is a number system that can be used to define which IP addresses are considered to be within a single network. Because of how routers perform their functions, networks have to be clearly defined. Hostname Each host on a network could have its own hostname because names are more natural for humans to remember than numbers, making it easier for us to address network packets to another host. Hostnames are translated into IP addresses before the network packet is sent on the network. URL A Uniform Resource Locator (URL), also commonly called a web address, is used to locate a resource, like a web page, on the internet. It's what you type into your web browser to access a web page. For example, http://www.netdevgroup.com. It includes the protocol http:// and the hostname www.netdevgroup.com. DHCP Hosts can be assigned hostnames, IP addresses and other network-related information by a DHCP (Dynamic Host Configuration Protocol) server. In the world of computers, a protocol is a well-defined set of rules. DHCP defines how network information is assigned to client hosts, and the DHCP server is the machine that provides this information. DNS As mentioned previously, hostnames are translated into IP addresses, prior to the network packet being sent on the network. So your host needs to know the IP address of all of the other hosts with which you are communicating. When working on a large network (like the Internet), this can pose a challenge as there are so many hosts. A Domain Name System (DNS) provides the service of translating domain names into IP addresses. Ethernet In a wired network environment, Ethernet is the most common way to physically connect the hosts into a network. Ethernet cables are connected to network cards that support Ethernet connections. Ethernet cables and devices (such as routers) are specifically designed to support different communication speeds, the lowest being 10 Mbps (10 Megabits per second) and the highest being 100 Gbps (100 gigabits per second). The most common speeds are 100 Mbps and 1 Gbps. TCP/IP The Transmission Control Protocol/Internet Protocol (TCP/IP) is a fancy name for a collection of protocols (remember, protocol = set of rules) that are used to define how network communication should take place between hosts. While it isn't the only collection of protocols used to define network communication, it is the most often utilized one. As an example, TCP/IP includes the definition of how IP addresses and network masks work.

The route Command

Recall that a router (or gateway) is a machine that allows hosts from one network to communicate with another network. To view a table that describes where network packages are sent, use the route command: root@localhost:~# route Some users prefer to display this information with numeric data only, by using the -n option to the route command. For example, compare the following and focus on where the previous output displayed the word default: root@localhost:~# route -n The 0.0.0.0 refers to all other machines, and is the same as default. The route command is becoming obsolete in some Linux distributions (deprecated) and is being replaced with a form of the ip command, specifically ip route or ip route show. Note that the same information highlighted above can also be found using this command: root@localhost:~# ip route show

Network Tools

The ifconfig Command The ip Command The route Command The ping Command The netstat Command The ss Command The dig Command The host Command The ssh Command

The ip Command

The ifconfig command is becoming obsolete in some Linux distributions (deprecated) and is being replaced with a form of the ip command, specifically: ip addr show The ip command differs from ifconfig in several important manners, chiefly that through its increased functionality and set of options, it can almost be a one-stop shop for configuration and control of a system's networking. The format for the ip command is as follows: ip [OPTIONS] OBJECT COMMAND While ifconfig is limited primarily to modification of networking parameters, and displaying the configuration details of networking components, the ip command branches out to do some of the work of several other legacy commands such as route and arp. The ip command can initially appear to be a little more verbose than the ifconfig command, but it's a matter of phrasing and a result of the philosophy behind the operation of the ip command.

The ifconfig Command

The ifconfig command stands for interface configuration and is used to display network configuration information. Not all network settings are covered in this course, but it is important to note from the output below that the IP address of the primary network device eth0 is 192.168.1.2 and that the device is currently active UP: root@localhost:~# ifconfig The ifconfig command can also be used to modify network settings temporarily. Typically these changes should be permanent, so using the ifconfig command to make such changes is relatively rare.

The netstat Command

The netstat command is a powerful tool that provides a large amount of network information. It can be used to display information about network connections as well as display the routing table similar to the route command. For example, to display statistics regarding network traffic, use the -i option to the netstat command: root@localhost:~# netstat -i The most important statistics from the output above are the TX-OK and TX-ERR. A high percentage of TX-ERR may indicate a problem on the network, such as too much network traffic. To use the netstat command to display routing information, use the -r option: root@localhost:~# netstat -r The netstat command is also commonly used to display open ports. A port is a unique number that is associated with a service provided by a host. If the port is open, then the service is available for other hosts. For example, you can log into a host from another host using a service called SSH. The SSH service is assigned port #22. So, if port #22 is open, then the service is available to other hosts. It is important to note that the host also needs to have the services running itself; this means that the service (in this case the ssh daemon) that allows remote users to log in needs to be started (which it typically is, for most Linux distributions). To see a list of all currently open ports, use the following command: root@localhost:~# netstat -tln In the previous example, -t stands for TCP (recall this protocol from earlier in this chapter), -l stands for listening (which ports are listening) and -n stands for show numbers, not names. Sometimes showing the names can be more useful. This can be achieved by dropping the -n option: root@localhost:~# netstat -tl

The ping Command

The ping command can be used to determine if another machine is reachable. If the ping command can send a network package to another machine and receive a response, then you should be able to connect to that machine. By default, the ping command continues sending packages endlessly. To limit how many pings to send, use the -c option followed by a number indicating how many iterations you desire. The following examples show ping being limited to 4 iterations. If the ping command is successful, it looks like the following example: root@localhost:~# ping -c 4 192.168.1.2 If the ping command fails, a message stating, Destination Host Unreachable It is important to note that just because the ping command fails does not mean that the remote system is unreachable. Some administrators configure their machines (and even entire networks!) to not respond to ping requests because a server can be attacked by something called a denial of service attack. In this sort of attack, a server is overwhelmed by a massive number of network packets. By ignoring ping requests, the server is less vulnerable. As a result, the ping command may be useful for checking the availability of local machines, but not always for machines outside of your own network. Consider This Many administrators use the ping command with a hostname, and if that fails then use the IP address to see if the fault is in resolving the device's hostname. Using the hostname first saves time; if that ping command is successful, there is proper name resolution, and the IP address is functioning correctly as well.

The ss Command

The ss command is designed to show socket statistics and supports all the major packet and socket types. Meant to be a replacement for and to be similar in function to the netstat command, it also shows a lot more information and has more features. The main reason a user would use the ss command is to view what connections are currently established between their local machine and remote machines, statistics about those connections, etc. Similar to the netstat command, you can get a great deal of useful information from the ss command just by itself as shown in the example below. root@localhost:~# ss The output is very similar to the output of the netstat command with no options. The columns above are: Netid The socket type and transport protocol State Connected or Unconnected, depending on protocol Recv-Q Amount of data queued up for being processed having been received Send-Q Amount of data queued up for being sent to another host Local Address The address and port of the local host's portion of the connection Peer Address The address and port of the remote host's portion of the connection The format of the output of the ss command can change dramatically, given the options specified, such as the use of the -s option, which displays mostly the types of sockets, statistics about their existence and numbers of actual packets sent and received via each socket type, as shown below: root@localhost:~# ss -s

The ssh Command

The ssh command allows you to connect to another machine across the network, log in and then perform tasks on the remote machine. If you only provide a machine name or IP address to log into, the ssh command assumes you want to log in using the same username that you are currently logged in as. To use a different username, use the syntax: username@hostname root@localhost:~# ssh bob@test The authenticity of host 'test (127.0.0.1)' can't be established. RSA key fingerprint is c2:0d:ff:27:4c:f8:69:a9:c6:3e:13:da:2f:47:e4:c9. Are you sure you want to continue connection (yes/no)? yes Warning: Permanently added 'test' (RSA) to the list of known hosts. bob@test's password: bob@test:~$ date Fri Oct 4 16:14:43 CDT 2013 To return back to the local machine, use the exit command: bob@test:~$ exit logout Connection to test closed. root@localhost:~#

Configuring the Network Using Configuration Files

There will be times when no GUI-based tool is available. In those cases, it is helpful to know the configuration files that are used to store and modify network data.

Domain Name System (DNS)

When a computer is asked to access a website, such as www.example.com, it does not necessarily know what IP address to use. For the computer to associate an IP address with the URL or hostname request, the computer relies upon the DNS service of another computer. Often, the IP address of the DNS server is discovered during the DHCP request, while a computer is receiving important addressing information to communicate on the network. The address of the DNS server is stored in the /etc/resolv.conf file. A typical /etc/resolv.conf file is automatically generated and looks like the following: sysadmin@localhost:~$ cat /etc/resolv.conf nameserver 127.0.0.1 The nameserver setting is often set to the IP address of the DNS server. The following example uses the host command, which works with DNS to associate a hostname with an IP address. Note that the example server is associated with the IP address 192.168.1.2 by the DNS server: sysadmin@localhost:~$ host example.com example.com has address 192.168.1.2 It is also common to have multiple nameserver settings, in the event that one DNS server isn't responding.

RSA Key Fingerprint

When using the ssh command, the first prompt asks you to verify the identity of the machine you are logging into. In most cases, you are going to want to answer yes. While you can check with the administrator of the remote machine to make sure that the RSA key fingerprint is correct, this isn't the purpose of this query. It is designed for future login attempts. After you answer yes, the RSA key fingerprint of the remote machine is stored on your local system. When you attempt to ssh to this same machine in the future, the RSA key fingerprint provided by the remote machine is compared to the copy stored on the local machine. If they match, then the username prompt appears. If they don't match, an error like the following displays: sysadmin@localhost:~$ ssh bob@test @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! This error could indicate that a rogue host has replaced the correct host. Check with the administrator of the remote system. If the system were recently reinstalled, it would have a new RSA key, and that would be causing this error. In the event that this error message is due to a remote machine reinstall, you can remove the ~/.ssh/known_hosts file from your local system (or just remove the entry for that one machine) and try to connect again: sysadmin@localhost:~$ cat ~/.ssh/known_hosts sysadmin@localhost:~$ rm ~/.ssh/known_hosts sysadmin@localhost:~$ ssh bob@test

Configuring Network Devices

When you are configuring network devices, there are two initial questions that you need to ask: 1. Wired or wireless? Configuring a wireless device is slightly different to configuring a wired device because of some of the additional features typically found on wireless devices (such as security). 2. DHCP or static address? Recall that a DHCP server provides network information, such as your IP address and subnet mask. If you don't make use of a DHCP server, then you will need to manually provide this information to your host, which is called using a static IP address. ‌ ⁠​​⁠​ Generally speaking, desktop machines use wired networks, while laptops use wireless networks. Normally a wired machine uses a static IP address, but these can also often be assigned via a DHCP server. In almost all cases, wireless machines use DHCP since they are almost always mobile and attached to different networks.

The dig Command

here may be times when you need to test the functionality of the DNS server that your host is using. One way of doing this is to use the dig command, which performs queries on the DNS server to determine if the information needed is available on the server. In the following example, the dig command is used to determine the IP address of the example.com host: root@localhost:~# dig example.com Note that the response included the IP address of 192.168.1.2, meaning that the DNS server has the IP address to hostname translation information in its database. If the DNS server doesn't have the requested information, it is configured to ask other DNS servers. If none of them have the requested information, an error message displays: