Quick dns server for CentOS 7 minimal

Damn, this CentOS 7 minimal installation has taken my whole day. The last thing I want to try is dns server. Since I’ve working standard dns that use maradns under CentOS 5.10 then I’m going to try the steps here. Using CentOS 7.

# yum install gcc wget

# gcc -v

Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure –prefix=/usr –mandir=/usr/share/man –infodir=/usr/share/info –with-bugurl=http://bugzilla.redhat.com/bugzilla –enable-bootstrap –enable-shared –enable-threads=posix –enable-checking=release –with-system-zlib –enable-__cxa_atexit –disable-libunwind-exceptions –enable-gnu-unique-object –enable-linker-build-id –with-linker-hash-style=gnu –enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto –enable-plugin –enable-initfini-array –disable-libgcj –with-isl=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/isl-install –with-cloog=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/cloog-install –enable-gnu-indirect-function –with-tune=generic –with-arch_32=x86-64 –build=x86_64-redhat-linux
Thread model: posix
gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)

Download latest MaraDNS Source Code

# wget -c http://maradns.samiam.org/download/2.0/2.0.09/maradns-2.0.09.tar.bz2

# tar xvjf maradns-2.0.09.tar.bz2
tar (child): bzip2: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now

Ups CentOS 7 minimal install not install bzip2

# yum install bzip2

Re extract

# tar xvjf maradns-2.0.09.tar.bz2

# cd maradns-2.0.09

# make

# make install

VERSION=2.0.09 ./build/install.sh
Installing MaraDNS, placing programs in /usr/local//bin/ and /usr/local//sbin/,
man pages in /usr/local//share/man/man1, /usr/local//share/man/man5,
and /usr/local//share/man/man8, and documents in /usr/local//doc/maradns-2.0.09
Adding MaraDNS startup scripts
Starting up MaraDNS at runlevel 3
starting up MaraDNS at runlevel 5

Start MaraDNS

# service maradns start
Starting all maradns processes
Starting maradns process which uses Mararc file /etc/mararc

Check it

# ps ax | grep mara
19635 pts/0    S      0:00 /usr/local/bin/duende /usr/local/sbin/maradns -f /etc/mararc
19636 pts/0    S      0:00 /usr/local/sbin/maradns -f /etc/mararc
19637 pts/0    S      0:00 /usr/local/bin/duende /usr/local/sbin/maradns -f /etc/mararc

# nano /etc/mararc

looking for ipv4_bind_address line and change it into :

ipv4_bind_addresses = “,”

My lan ip address is

# chkconfig maradns on

Edit test dns zone file

# nano /etc/maradns/db.example.net

test.example.net.      +14400    soa    ns1.example.net. dns@example.net. 2012010117 14400 3600 604800 14400 ~
example.net.      +14400    ns     ns1.example.net. ~
example.net.      +14400    ns     ns2.example.net. ~
ns1.example.net.  +14400    a ~
ns2.example.net.  +14400    a ~
example.net.      +14400    a ~
www.example.net.  +14400    a ~
example.net.      +14400    mx     10 mail.example.net. ~
test.example.net. +14400    a ~

save the file.

Restart maradns service

# service maradns restart

Sending all MaraDNS processes the TERM signal
waiting 1 second
Sending all MaraDNS processes the KILL signal
MaraDNS should have been stopped
Starting all maradns processes
Starting maradns process which uses Mararc file /etc/mararc

Testing using dig

# yum install bind-utils

# dig @ test.example.net

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> @ test.example.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10783
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;test.example.net.        IN    A

test.example.net.    14400    IN    A

example.net.        14400    IN    NS    ns1.example.net.
example.net.        14400    IN    NS    ns2.example.net.

ns1.example.net.    14400    IN    A
ns2.example.net.    14400    IN    A

;; Query time: 0 msec
;; WHEN: Kam Des 11 15:04:23 WIB 2014
;; MSG SIZE  rcvd: 118

Testing from other user in local area network

$ dig @ test.example.net

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @ test.example.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Seem firewall block udp connection and port 53.

# firewall-cmd --permanent --add-port=53/udp

# systemctl restart firewalld.service

# service maradns restart

Re test resolver from LAN

$ dig @ test.example.net

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @ test.example.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4614
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;test.example.net.        IN    A

test.example.net.    14400    IN    A

example.net.        14400    IN    NS    ns1.example.net.
example.net.        14400    IN    NS    ns2.example.net.

ns1.example.net.    14400    IN    A
ns2.example.net.    14400    IN    A

;; Query time: 1 msec
;; WHEN: Fri Dec 12 10:10:29 WIB 2014
;; MSG SIZE  rcvd: 118

Good, dns server work now for my CentOS 7 minimal installation 🙂

How to install Apache, MariaDB and PHP on CentOS 7 minimal

After install and configure network under CentOS 7 minimal I continue with LAMP section. Since the machine has 4GB memory I prefer to use old fashion LAMP. Only switch MySQL with MariaDB 🙂

The steps for LAMP installation for my own reference and my vps need :

Install required Package

Install nano

# yum install nano

Install Apache, PHP and MariaDB

# yum install httpd mariadb-server mariadb php php-mysql php-mysqli php-gd php-pear php-mbstring

Configure Apache

Start httpd

# systemctl start httpd.service

Set httpd to auto start after reboot or boot process

# systemctl enable httpd.service
ln -s ‘/usr/lib/systemd/system/httpd.service’ ‘/etc/systemd/system/multi-user.target.wants/httpd.service’

By default firewall will block access. To exclude http from firewall block :

# firewall-cmd --permanent --add-service http

# systemctl restart firewalld.service

Try visit ip address from browser


Configure MariaDB

Start mariadb

# systemctl start mariadb

Set mariadb to autostart

# systemctl enable mariadb.service
ln -s ‘/usr/lib/systemd/system/mariadb.service’ ‘/etc/systemd/system/multi-user.target.wants/mariadb.service’

Set password for mariadb, delete unnecessary database and users.

# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found


In order to log into MariaDB to secure it, we’ll need the current
password for the root user.  If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
… Success!

Normally, root should only be allowed to connect from ‘localhost’.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
… Success!

By default, MariaDB comes with a database named ‘test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
… Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

I also need to enable firewall to exclude future database remote backup. Port 3306 is required to open.

# firewall-cmd --permanent --add-port=3306/tcp
# systemctl restart firewalld.service


Next step is measure time needed from start server to get login display and make my report.

IBM X3250 M5 and Minimal CentOS 7

New server come. Its a IBM X3250 M5 with single HD 1TB Sata 7200 RPM. I can not see it from bios setting, my FreeBSD 9.2 CD also unable to detect it but I’ve not try it using FreeBSD 10. As I ever see various case that related with storage detection then I quickly switch to CentOS.

My preference will be CentOS 5.xx version due to application requirement (php 5.2) but now its no longer relevance. I can use newest php version and I think CentOS 7 will be fit. It will overcome storage detection and perhaps I can learn new things.

Installation work smooth since I choose DVD version but I work with minimal installation. A few notes around Minimal CentOS 7 :

# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

No ifconfig command in minimal CentOS 7

# ifconfig
bash: ifconfig: command not found

Ip addr to see all network setting

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s26u1u2u5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 6e:ae:8b:5a:68:67 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 6c:ae:8b:5a:68:60 brd ff:ff:ff:ff:ff:ff
inet brd scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::6eae:8bff:fe5a:6860/64 scope link
valid_lft forever preferred_lft forever
4: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 6c:ae:8b:5a:68:61 brd ff:ff:ff:ff:ff:ff

nmcli is new friend

# nmcli -p con
NetworkManager connection profiles
NAME           UUID                                  TYPE            DEVICE
enp0s26u1u2u5  4ca8bc8e-74c5-4578-ab34-895c1c6cb7a1  802-3-ethernet  —
eno1           598b49c6-9adf-4fb7-96ee-22ebd2ee15bf  802-3-ethernet  —
eth0           2c0edb26-c2ad-42f5-80f3-3bd69b1e27e5  802-3-ethernet  eth0

Edit connection using nmtui


you’ll see screen like this

network manager TUI


edit network setting under nmtui

edit anything you want

complete network change using nmtui

The interface is pretty clear and enough for me but if really need ifconfig command

# yum install net-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: kartolo.sby.datautama.net.id
* extras: kartolo.sby.datautama.net.id
* updates: kartolo.sby.datautama.net.id
Resolving Dependencies
–> Running transaction check
—> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

Package                               Arch                               Version                                                Repository                        Size
net-tools                             x86_64                             2.0-0.17.20131004git.el7                               base                             304 k

Transaction Summary
Install  1 Package

Total download size: 304 k
Installed size: 917 k
Is this ok [y/d/N]: y

Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.17.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY76 kB  00:00:00 ETA
Public key for net-tools-2.0-0.17.20131004git.el7.x86_64.rpm is not installed
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm                                                                                                    | 304 kB  00:00:03
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid     : “CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>”
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package    : centos-release-7-0.1406.el7.centos.2.3.x86_64 (@anaconda)
From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.17.20131004git.el7.x86_64                                                                                                            1/1
Verifying  : net-tools-2.0-0.17.20131004git.el7.x86_64                                                                                                            1/1

net-tools.x86_64 0:2.0-0.17.20131004git.el7


network scripts still there

# ls /etc/sysconfig/network-scripts/
ifcfg-eno1           ifdown       ifdown-ipv6  ifdown-routes    ifdown-tunnel  ifup-eth   ifup-plip   ifup-routes    ifup-tunnel        network-functions-ipv6
ifcfg-enp0s26u1u2u5  ifdown-bnep  ifdown-isdn  ifdown-sit       ifup           ifup-ippp  ifup-plusb  ifup-sit       ifup-wireless
ifcfg-eth0           ifdown-eth   ifdown-post  ifdown-Team      ifup-aliases   ifup-ipv6  ifup-post   ifup-Team      init.ipv6-global
ifcfg-lo             ifdown-ippp  ifdown-ppp   ifdown-TeamPort  ifup-bnep      ifup-isdn  ifup-ppp    ifup-TeamPort  network-functions

# cat ifcfg-eth0

Free memory before install LAMP

# free -m
total       used       free     shared    buffers     cached
Mem:          3629        534       3095          8          1        342
-/+ buffers/cache:        189       3439
Swap:         3855          0       3855

# df -H
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   54G  1,1G   53G   2% /
devtmpfs                 1,9G     0  1,9G   0% /dev
tmpfs                    2,0G     0  2,0G   0% /dev/shm
tmpfs                    2,0G  9,0M  1,9G   1% /run
tmpfs                    2,0G     0  2,0G   0% /sys/fs/cgroup
/dev/sda2                521M   93M  429M  18% /boot
/dev/mapper/centos-home  942G   34M  942G   1% /home
/dev/sda1                210M   10M  200M   5% /boot/efi

So far its great 🙂

Install PHP 5.2.17 on CentOS 5.10

CentOSAnother server came with specific hardware that require me to install CentOS 5.10 64 bit with base only package. Since CentOS 5 use PHP 5.1 by default so I decide to find a way for PHP 5.2.17 (latest version of PHP 5.2 generation).


I use Jason package from jasonlitka.com

# nano /etc/yum.repos.d/utter-ramblings.repo
fill these lines :

name=Utter Ramblings


Make sure to change to http://yum.jasonlitka.com/EL5/i386/ for baseurl if you use 32 bit.

Install PHP and friends

PHP 5.2.17

# yum install php php-mysql


# yum install mysql-server

Run as service

# chkconfig httpd --add
# chkconfig  httpd  on --level 235
# chkconfig  mysqld --add
# chkconfig mysqld on --level 235

2  =  Multi-user mode console logins only (without networking)
3  =  Multi-User mode, console logins only
5  = Multi-User mode, with display manager as well as console logins (X11)

Checking if already set as service

# chkconfig --list mysqld
mysqld             0:off    1:off    2:on    3:on    4:off    5:on    6:off
# chkconfig --list httpd
httpd              0:off    1:off    2:on    3:on    4:off    5:on    6:off

Checking installed httpd and mysql :

# rpm -qa | grep httpd

# rpm -qa | grep mysql


P.S : in case you got error (refused connection) then iptables need to told about this service :

# iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# service iptables save

Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]
# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]


Last check : date

# date
Rab Nov 12 18:20:19 WIT 2014

Checking BIOS time I see no error.

# rpm -qa | grep ntp

Since another process lock yum, I use quick way :

# date 111210212014
Rab Nov 12 10:21:00 WIT 2014

Yes, that command use following format

date MMDDhhmmYYYY

MM -> month (in two digit)

DD -> date (in two digit)

hh -> hour (in 24 hour format)

mm -> minutes (in 2 digit)

YYYY -> year (in 4 digit)

Check again after issue command.

# date

Rab Nov 12 10:25:21 WIT 2014

Yes, the result is match.

I’ll continue with ntp next time.

For quick dns setting I use maradns.

Update January 15 2015 :

I need fail2ban for this server :

Add server

#rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
warning: /var/tmp/rpm-xfer.UKJ53A: Header V3 DSA signature: NOKEY, key ID 217521f6
Preparing… ########################################### [100%]
1:epel-release ########################################### [100%]

Install fail2ban

# yum install fail2ban
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: centos.biz.net.id
* epel: buaya.klas.or.id
* extras: centos.biz.net.id
* updates: centos.biz.net.id
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package fail2ban.noarch 0:0.8.14-1.el5 set to be updated
–> Processing Dependency: python-inotify for package: fail2ban
–> Running transaction check
—> Package python-inotify.noarch 0:0.9.1-1.el5 set to be updated
–> Processing Dependency: python-ctypes for package: python-inotify
–> Running transaction check
—> Package python-ctypes.x86_64 0:1.0.2-3.el5 set to be updated
–> Finished Dependency Resolution

Dependencies Resolved

Package Arch Version Repository Size
fail2ban noarch 0.8.14-1.el5 epel 266 k
Installing for dependencies:
python-ctypes x86_64 1.0.2-3.el5 base 210 k
python-inotify noarch 0.9.1-1.el5 epel 86 k

Transaction Summary
Install 3 Package(s)
Upgrade 0 Package(s)

Total download size: 562 k
Is this ok [y/N]: y
Downloading Packages:
http://buaya.klas.or.id/epel/5/x86_64/python-inotify-0.9.1-1.el5.noarch.rpm: [Errno 12] Timeout: <urlopen error timed out>
Trying other mirror.
(1/3): python-inotify-0.9.1-1.el5.noarch.rpm | 86 kB 00:00
(2/3): python-ctypes-1.0.2-3.el5.x86_64.rpm | 210 kB 00:03
(3/3): fail2ban-0.8.14-1.el5.noarch.rpm | 266 kB 00:02
Total 6.8 kB/s | 562 kB 01:22
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 217521f6
epel/gpgkey | 1.7 kB 00:00
Importing GPG key 0x217521F6 “Fedora EPEL <epel@fedoraproject.org>” from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : python-ctypes 1/3
Installing : python-inotify 2/3
Installing : fail2ban 3/3

fail2ban.noarch 0:0.8.14-1.el5

Dependency Installed:
python-ctypes.x86_64 0:1.0.2-3.el5 python-inotify.noarch 0:0.9.1-1.el5


Configuration fail2ban

# nano /etc/fail2ban/jail.conf

Pay attention to ssh section

service fail2ban restart

# service fail2ban restart
Stopping fail2ban: ERROR Unable to contact server. Is it running?
Starting fail2ban: [ OK ]

Check fail2ban exist?

# ps ax | grep fail
4066 ? Sl 0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
4099 ? S 0:00 sh -c printf %b “Subject: [Fail2Ban] SSH: stopped on `uname -n`?Date: `LC_TIME=C date -u +”%a, %d %h %Y %T +0000″`?From: Fail2Ban <fail2ban@example.com>?To: you@example.com\n?Hi,\n?The jail SSH has been stopped.\n?Regards,\n?Fail2Ban” | /usr/sbin/sendmail -f fail2ban@example.com you@example.com
4103 ? S 0:00 /usr/sbin/sendmail -f fail2ban@example.com you@example.com
4173 ? Sl 0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
4184 ? S 0:00 sh -c printf %b “Subject: [Fail2Ban] SSH: started on `uname -n`?Date: `LC_TIME=C date -u +”%a, %d %h %Y %T +0000″`?From: Fail2Ban <fail2ban@example.com>?To: you@example.com\n?Hi,\n?The jail SSH has been started successfully.\n?Regards,\n?Fail2Ban” | /usr/sbin/sendmail -f fail2ban@example.com you@example.com
4188 ? S 0:00 /usr/sbin/sendmail -f fail2ban@example.com you@example.com

Update : June 24 2015

I just know ntsysv, an utility that useful to enable the service during boot. Neat one.

Well, I need to set sender address 🙂

How to install MariaDB on CentOS 5.5

First thing I want to try on CentOS 5.5 is mariadb. Fortunately mariadb available in binary for CentOS and don’t force me to install from source like I do with FreeBSD since its not available yet on FreeBSD ports.

I’m going to install mariadb 5.23 and make it as learning media 🙂

Here the steps :

Download mariadb rpm file

Get all rpm file (client and server) from osuosl mirror.

# ls

MariaDB-client-5.2.3-87.el5.i386.rpm  MariaDB-server-5.2.3-87.el5.i386.rpm

Install the files

# rpm -i MariaDB-*

error: Failed dependencies:
libmysqlclient.so.16 is needed by MariaDB-client-5.2.3-87.el5.i386
libmysqlclient.so.16(libmysqlclient_16) is needed by MariaDB-client-5.2.3-87.el5.i386
libmysqlclient_r.so.16 is needed by MariaDB-client-5.2.3-87.el5.i386
libmysqlclient_r.so.16(libmysqlclient_16) is needed by MariaDB-client-5.2.3-87.el5.i386
libmysqlclient.so.16 is needed by MariaDB-server-5.2.3-87.el5.i386
libmysqlclient.so.16(libmysqlclient_16) is needed by MariaDB-server-5.2.3-87.el5.i386
libmysqlclient_r.so.16 is needed by MariaDB-server-5.2.3-87.el5.i386
libmysqlclient_r.so.16(libmysqlclient_16) is needed by MariaDB-server-5.2.3-87.el5.i386

Continue reading