Wednesday, November 23, 2011

Cacti - check memory

To use this script template, perform the following steps:
  1. Download cacti-netsnmp-memory.0.7.tar.gz to a temporary directory on the Cacti server machine.
  2. Expand the archive with the command tar -xvzf cacti-netsnmp-memory.0.7.tar.gz, and change to the cacti-netsnmp-memory directory that is created.
  3. Copy scripts/ss_netsnmp_memory.php to the <cacti>/scripts/ directory.
  4. Access the Cacti installation in a web browser, click on the "Import Templates" menu item on the left side of the Console screen, and import the template/Net-SNMP_memory_graph_template.xml file. Cacti should automatically create the required graph template, data input method, and data template objects.
  5. Click on the Devices menu item on the left side of the Console screen, select a *NIX host that is running Net-SNMP, and scroll down to the "Associated Graph Templates " table. Select "Host Memory - ucd/net - Memory Usage" in the "Add Graph Template " drop-down box, and click the "Add" button.
  6. After the Device screen reloads, verify that the "Host Memory - ucd/net - Memory Usage" graph template is now present, and then click the "Create Graphs for this Host" link at the top of the page.
  7. Locate the "Host Memory - ucd/net - Memory Usage" graph template, enable the checkbox to its right, and then scroll to the bottom of the page and click the "Create" button.
Note: these files are intended to be used with Cacti 0.8.6 and 0.8.7 and PHP 5.2, and may not operate as expected with other versions.

Reference URL http://www.eric-a-hall.com/software/cacti-netsnmp-memory/

Monday, November 21, 2011

yum useful info

Add the below line to /etc/yum.conf to enable list to show older versions of packages.
showdupesfromrepos=1
clean yum cache
# yum clean all

clean subscription as well if using RHEL
# subscription-manager clean

# yum list --noplugin

for those using RHEL,
it got function for download the rpm package to local disk and install later
below is example to download only for haproxy
# yum install --downloadonly --downloaddir=/opt/ haproxy

Monday, October 24, 2011

Nagios Customize Script

Since Nagios is only using check_nrpe to call / execute the shell script. We can use this command to execute our own write shell script.
Below is the example of script to check the public IP and give output to nagios
-------------------------------------------------------------------------------

#!/bin/sh

IP=`curl -s ifconfig.me`
LEASE=202.147.38.202 

if [ $IP == $LEASE ]; then

        echo $IP
        exit 0

else
        echo $IP
        exit 2

fi

-------------------------------------------------------------------------------

According to nagios, it use exit code to determine the output to give what kind of response.
so below is the exit code


State OK = 0
State Warning = 1
State Critical = 2
State unknown = 3
State Dependent = 4

----------------------------------------------------------

Now we will add this script to the client side and define the command to nagios

We will need to edit nrpe.cfg file and add this into it

command[check_lease]=/etc/nagios/check_lease

this command will allow nagios server to call this command
----------------------------------------------------------

Then we need to define this command at client side for the path of the script to execute at commands.cfg

define command{
     command_name    check_lease
     command_line    /bin/bash /etc/nagios/check_lease
     }

This will state check_lease is refer to which shell script
----------------------------------------------------------

The last part is add the check command to the server side


define service{
      use                             local-service
      host_name                       my-proxy
      service_description             lease
      check_command                   check_nrpe!check_lease
  }

Wednesday, October 12, 2011

check backup server

==== client side ====
we will make a script in each server to pump date into a file. so when we check at backup server, we will check if this file was backup to backup server since it will update the date everyday.\\

below is the script contain (/root/record)
----------------- Start ---------------------------
#! /bin/sh

echo `date` > /root/assessment

then use crontab -e to run this script everyday
0 12 * * * /root/record > /dev/null 2>&1

----------------- End ---------------------------

==== backup server side ====
at the server side, i had make a folder name assessment and put the script inside.\\
below is the script contain (check_assessment)

------------------- Start -------------------------------
#! /bin/sh

echo "assessment done on `date`" > /mnt/backup/assessment/assessment_result.txt -> this is to pump the date it run the script
echo " " >> /mnt/backup/assessment/assessment_result.txt -> give an empty space

for host in `cat /mnt/backup/assessment/list`    # -> this is to loop the server list
do
echo $host >> /mnt/backup/assessment/assessment_result.txt -> this is to pump the server name before it start check so we know the result is belong to which server

for n in {1..9} -> loop to check folder 01-09
do
FILE="/mnt/backup/$host/0$n/root/assessment"


if [ -f $FILE ];
then
cat $FILE >> /mnt/backup/assessment/assessment_result.txt -> if the file exist, copy the date to assessment_result.txt
else
echo "day $n didnt backup" >> /mnt/backup/assessment/assessment_result.txt -> if the file not exist, echo what day it didnt backup
fi

done


for n in {10..31} -> loop day 10-31
do
FILE="/mnt/backup/$HOST/$n/root/assessment"

if [ -f $FILE ];
then
cat $FILE >> /mnt/backup/assessment/assessment_result.txt
else
echo "day $n didnt backup" >> /mnt/backup/assessment/assessment_result.txt
fi

done

echo " " >> /mnt/backup/assessment/assessment_result.txt

done

uuencode /mnt/backup/assessment/assessment_result.txt /mnt/backup/assessment/assessment_result.txt | mail -s "[My-Backup] monthly check result" sat.support@my.offgamers.com -> this is to email the result to us as attachment

--------------------------- End -----------------------------------------

then put the server name you want this script to check into a file name list
example:-
my-domain
my-proxy
my-dns1
my-dns2

then use crontab -e to run this script every first day of the month

Wednesday, August 24, 2011

Nagios Alert using Gammu


Nagios Alert Notification Using Gammu

Install Epel repo

  • Download the latest EPEL repository
#wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
  • Run the rpm install command
#rpm -Uvh epel-release-5*.rpm

Install Gammu

There are 3 package need to be install
  1. gammu
  2. gammu-devel
  3. gammu-libs
After install, Open gammu config file and edit it
#vi /etc/gammurc
[gammu]
port = /dev/ttyS0
connection = at19200

for the connection type, please refer to the mobile model at http://wammu.eu/phones/
plug the mobile to the server and test if it can detect the mobile by using this command
#gammu –identify
#gammu –monitor 1

# ls -l /dev/ttyS0 crw-rw—- 1 root dialout 4, 64 jan 5 16:14 /dev/ttyS0
Nagios is usually running as user “nagios”, so any notification command would be executed as “nagios”. We can see user nagios wouldn’t have permissions to access devices connected to /dev/ttyS0.
We’ll apply the SUID bit (set-UID) on the command in charge of sending SMS notifications, this will execute gammu on behalf of user root.
# chmod 4755 /usr/bin/gammu
Now we test to send out a sms testing by
# echo “test” | gammu –sendsms TEXT 0128157399
If you want break, press Ctrl+C…
Sending SMS 1/1….waiting for network answer..OK, message reference=181

This proof it is success

Edit Nagios

We will start to edit nagios to allow send out command to trigger sms notification.
#vi /etc/nagios/objects/commands.cfg
then add this part into it

this will ask nagios to execute a script and pass the parameter to script

define command{
      command_name    host-notify-by-sms
      command_line    /bin/bash /etc/nagios/nagios-test "$HOSTNAME$" "$HOSTSTATES$" "$HOSTOUTPUT$" "$SHORTDATETIME$"
      }
define command{
      command_name    notify-by-sms
      command_line    /bin/bash /etc/nagios/nagios-test "$HOSTALIAS$" "$SERVICESTATE$" "$SERVICEOUTPUT$" "$SHORTDATETIME$"
      }
then we edit the contact part
#vi /etc/nagios/objects/contacts.cfg
then add this part into it
define contact{
      contact_name                    sms
      alias                           sms
      service_notification_period     24x7
      host_notification_period        24x7
      service_notification_options    c,r
      host_notification_options       d,r
      service_notification_commands   notify-by-sms
      host_notification_commands      host-notify-by-sms
      }
define contactgroup{
      contactgroup_name       admins
      alias                   Nagios Administrators
      members                 nagiosadmin, sms
      }

Script

hostname=$1
 hoststates=$2
 hostoutput=$3
 shortdatetime=$4
 
 echo "Host: $hostname / state: $hoststates / Info: $hostoutput / Date: $shortdatetime" | ssh root@172.30.10.98 'gammu --sendsms TEXT 012345678'
 echo "Host: $hostname / state: $hoststates / Info: $hostoutput / Date: $shortdatetime" | ssh root@172.30.10.98 'gammu --sendsms TEXT 0123338888'

The script will accept the parameter and form a message using echo and pass it to another server which was install with Gammu to send out the sms
So in order to allow Nagios to use ssh, below section need to be perform


Nagios SSH

We will using Nagios to setup ssh keygen so that it can no need input password when ssh to gammu server

  • login to Nagios server as root
  • change to nagios user using
#su nagios
  • then we create the keygen for nagios
#ssh-keygen
  • then scp the id_rsa.pub to the gammu server and add into authorized keys
#cat id_rsa.pub » /root/.ssh/authorized_keys
Done, now nagios allow to use SSH and able to enter the gammu server

Nagios timeout

Nagios default timeout for notification was 30 second and was not enough if we need to send out sms alert more than 3 number.
Therefor we will need to increase the timeout #vi /etc/nagios/nagios.cfg
Original was
notification_timeout=30
then edit
notification_timeout=60

Tuesday, August 9, 2011

Linux smallest partition


VM partition for non-heavy usage Standard 4GB storage
partition mount point filesystem size (MB) type
/dev/sda1 /boot ext3 100 primary
/dev/sda2 / ext3 2,000 primary
/dev/sda3 swap swap 300 primary
/dev/sda4 - - - extended
/dev/sda5 /homeext3 200 logical
/dev/hda6 /tmpext3 500 logical
/dev/hda7 /varext3 remaining logical


When doing yum update, the package was download to /var partition before proceed to installation part.
So make sure /var partition is enough for the yum update

Wednesday, July 27, 2011

log rotate

this is to add function to rotate specific log

create a new file at /etc/logroate.d/
and write this into it for rotate log function

/var/log/SAT-backup/*.log {
     monthly
     rotate 4
     missingok
     compress
}

Wednesday, July 20, 2011

Centos change resolution

you can change the console resolution at
/boot/grub/grub.conf

add vga=775 at the end of kernal line

Thursday, June 30, 2011

Centos - basic knowledge

change DNS setting
/etc/resolve.conf

change host IP
/etc/sysconfig/network-script/ifcfg-eth0

change hostname
/etc/sysconfig/network

The easiest way to do it is
# system-config-network

Monday, June 6, 2011

Adding Swap Space

To add a swap file:
  1. Determine the size of the new swap file in megabytes and multiply by 1024 to determine the number of blocks. For example, the block size of a 64 MB swap file is 65536.
  2. At a shell prompt as root, type the following command with count being equal to the desired block size:
    dd if=/dev/zero of=/swapfile bs=1024 count=65536
  3. Setup the swap file with the command:
    mkswap /swapfile
  4. To enable the swap file immediately but not automatically at boot time:
    swapon /swapfile
  5. To enable it at boot time, edit /etc/fstab to include the following entry:
    /swapfile          swap            swap    defaults        0 0
    The next time the system boots, it enables the new swap file.
  6. After adding the new swap file and enabling it, verify it is enabled by viewing the output of the command cat /proc/swaps or free.
To remove the swap file:
  1. First must stop the swap file created by:
    swapoff  /swapfile
  2. Then delete the:
    rm -rf   /swapfile

    Monday, April 18, 2011

    Zend Optimizer

    Zend Optimizer

    • To install Zend Optimizer, it's best is to download from http://www.zend.com/en/products/guard/downloads . Be aware you will need to register an account to be able to download it. After a few browsing and searching, get this ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz OR ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz
    • Extract it :
    tar -zxvf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
    • Then copy it to php modules folder:
    cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/lib/php/modules/ 
    (if that is 32bit machine)
    • Create a file /etc/php.d/zend.ini, put this in:
    zend_extension=/usr/lib/php/modules/ZendOptimizer.so
    • Restart apache
    /etc/init.d/httpd restart
    • Now it should work. Try doing a
    php -i |grep -i zend
    to get the following result. This mean Zend is running
    /etc/php.d/zend.ini,
    Zend Extension => 220060519
    Zend Memory Manager => enabled
    This program makes use of the Zend Scripting Language Engine:
    Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
        with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
    report_zend_debug => Off => Off
    zend.ze1_compatibility_mode => Off => Off
    Zend Optimizer
    Zend Loader => enabled
    • To test a encoded file, download ZendGuard from http://www.zend.com/en/products/guard/downloads , the latest is ZendGuard 5.5 which support php5.3, but it still could be used to encode php5.2. Just remember while encoded, choose php 5.2, since the ZendOptimzer we just installed only support until php5.2 (as at 2011-01-18)
    • Create a simple php script by putting
    <?php echo 'this is encoded file' ?>
    and encode it. It should be a binary if success encoded. Upload that file into the webserver and test whether you can get the exact output.

    Monday, April 11, 2011

    transfer log from remote machine

    vi /etc/sysconfig/syslog

    change SYSLOGD_OPTION="-m 0"
    to
    SYSLOGD_OPTION="-m 0 -r"

    then restart the syslog services

    vi /etc/syslog.conf

    instead of write the folder location
    change it to @172.30.10.10

    Wednesday, April 6, 2011

    Smokeping setup

    Go to this Url for guide on how to install smokeping to Centos 5.5
    The pages was for centos 5.5 i386
    If you are installing it to centos 5.5 x86_64
    just change the
    rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
    to
    rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

    http://www.how2centos.com/installing-smokeping-on-centos-5-5/

    This is the official pages for the smokeping
    http://oss.oetiker.ch/smokeping/

    and here is the official simple guide
    http://oss.oetiker.ch/smokeping/doc/index.en.html

    Unix useful command

    Check memory
    free -m

    Check all running application pid and stat
    ps -aux

    Check running services
    chkconfig --list
    chkconfig <services> --level <1-5> <on/off>

    Tuesday, April 5, 2011

    shell script for replace, add, and delete

    #! /bin/sh

    echo "what you want to do"
    echo "1:user change department"
    echo "2:user change PC"
    echo "3:add PC"
    echo "4.delete PC"
    read ANSWER

    if [ $ANSWER = "1" ]; then
            echo "Enter User name"
            read USER1
            echo "Enter PC number"
            read PC1
            echo "Enter previous department name"
            read OLD1
            echo "Enter new department name"
            read NEW1

            sed -i '/'"$PC1"'/d' $OLD1
            echo "172.30.10."$PC1"  #"$USER1 >> $NEW1
            echo "Success"



    elif [ $ANSWER = "2" ]; then
            echo "Enter previous PC number"
            read PC2
            echo "Enter new PC number"
            read NEW2
            echo "Enter department name"
            read DEPARTMENT2

            sed 's/'"$PC2"'/'"$NEW2"'/' $DEPARTMENT2 > $DEPARTMENT2".temp"
            cat $DEPARTMENT2".temp" > $DEPARTMENT2
            rm -rf $DEPARTMENT2".temp"

    elif [ $ANSWER = "3" ]; then
            echo "Enter user name"
            read USER
            echo "Enter PC number"
            read PC3
            echo "Enter department name"
            read DEPARTMENT3

            echo "172.30.10."$PC3"  #"$USER >> $DEPARTMENT3

    elif [ $ANSWER = "4" ]; then
            echo "Enter PC number"
            read PC4
            echo "Enter department name"
            read DEPARTMENT4

            sed -i '/'"$PC4"'/d' $DEPARTMENT4


    else
            echo "you had enter an invalid number"

    fi

    Monday, April 4, 2011

    scan music file

    This will teach how to scan all music file under a folder and send out the result to your email as attachment

    First you will need to install (for Centos5)
    - sharutils
    - mailt

    For Centos6, just install
    - sharutils


    Below is the script:


    #! /bin/sh

    find /users -iname "*.mp3" > /var/log/music.txt
    find /users -iname "*.wma" >> /var/log/music.txt
    find /users -iname "*.mp4" >> /var/log/music.txt

    find /export -iname "*.mp3" >> /var/log/music.txt
    find /export -iname "*.wma" >> /var/log/music.txt
    find /export -iname "*.mp4" >> /var/log/music.txt

    uuencode /var/log/music.txt /var/log/music.txt | mail -s "[My-Domain] music file" sat.support@my.offgamers.com


    the send out email attachment usage is

    uuencode "file location" "file location" | mail -s "subject" "email address"

    Tuesday, March 15, 2011

    incremental backup

    setup ssh-keygen

    At Pdu-Backup, set ssh-keygen so that pdu-backup can access to other server without entering password
    1. enter ssh-keygen at the terminal. press enter for all the message prompt. This will generate public key and private key.
    2. cd to .ssh/. Normally it will under root document (/root/.ssh/)
    3. Here you will see 3 file which is id_rsa, id-rsa.pub and known_hosts. id_rsa will be your private key while id_rsa.pub is your public key. Copy id_rsa.pub into the remote computer which you need for auto login, like this:
    scp /root/.ssh/id_rsa.pub my_destination_server:~/ 
    1. ssh to the remote computer and cd to folder where you copied the id_rsa.pub just now. Let say /root/ Check whether it has the folder /root/.ssh or not, create .ssh folder if it's not. Make sure the .ssh folder is having a mode of 700. Then only copy over the id_rsa.pub file into it. Use this command
    cat /root/id_rsa.pub >> /root/.ssh/authorized_keys
     
    * make sure authorized_keys is 600 mode, else it wont work
    * extra note, you can limit SSH users via /etc/ssh/sshd_config 
     
     

    Script

    Here is an example for the script
    #! /bin/sh

    BSERVER=172.30.10.218
    EXCLUDES=/export/exclude-list/pdu-profile-exclude
    BACKUPDIR=`date -d ”-1 day” +”%A”`
     OPTS=”-v –force –ignore-errors –delete-excluded –exclude-from=$EXCLUDES –delete –backup –backup-dir=/export/pdu-profile/$BACKUPDIR -a”

    [ -d /export/emptydir ] || mkdir /export/emptydir
    rsync –delete -a /export/emptydir/ /export/pdu-profile/$BACKUPDIR/
    rmdir /export/emptydir

    echo “Start time `date +%c`” » /var/log/SAT-backup/pdu-profile

    rsync $OPTS $BSERVER:/ /export/pdu-profile/current/

    echo “End time `date +%c`” » /var/log/SAT-backup/pdu-profile
    echo ” ” » /var/log/SAT-backup/pdu-profile
    Cron job
    Here you will need to setup your own cronjob for auto run the script for daily run
    1. enter crontab -e to edit the cronjob
    2. * * * * * job –> this is an default cronjob
    3. I had setup our Pdu-backup cronjob for 5 script:
      • 0 20 * * * /export/Script/pdu-ldap-script
      • 0 21 * * * /export/Script/pdu-db-script
      • 0 22 * * * /export/Script/pdu-web-script
      • 0 23 * * * /export/Script/pdu-cayman1-script
      • 0 0 * * * /export/Script/pdu-profile-script
    4. This will make everday 8pm will execute pdu-ldap-script, 9pm execute pdu-db-script and so on
    5. crontab -l (see cronjob bind to user)
    Backup Result
    • According to the script coding, it will rsync current folder in pdu-backup with the remote server. This will make current folder is always a full backup of the remote server and will update everyday.
    • while rsync today backup with the current folder, all old, edited, deleted file will be move to date folder assign by $BACKUPDIR in the script. For example, Tuesday night do rsync, the current folder will update to latest full backup folder while the edited, old, deleted file will be moved to folder name Monday. Remind that Monday folder only contain the edited, old, deleted file and not full backup. Current folder is always remain the full backup of the remote server.
    • The backup file will be keep for 7 day and put accordingly from Monday - Sunday. Once reach Monday, the previous Monday folder will be remove and re-create a new for the latest backup use.
    • A log file will be saved for every script for date and time it start and end. It will be saved inside /var/log/SAT-backup/ folder
     

    Tuesday, March 1, 2011

    Iptables

    Check if the server had install Iptables or not

    rpm -q iptables
    If Haven't install, install it by using
    yum install iptables

    Rules
    This is the standard rule for all the server
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
    iptables -P INPUT DROP
    save the iptables rules so that each time iptables start will refer back to this rule
    /etc/init.d/iptables save
    remember to save every time you finalize your rules
    start/restart the iptables after save
    /etc/init.d/iptables start
    Check open port
    Use nmap to check open port, install it via yum or use other server which have nmap installed to check open port by
    nmap "destination"
    example
    nmap 172.30.10.230
    you can use this link to check each description for each port
    http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    HowTo
    add specific port into Iptables. This will add rule to the end of the selected chain
    iptables -A [CHAIN] -p tcp --dport [port number] -j [ACCEPT/DROP]
    example
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 80 -j DROP
    This will allow port 443 connection to come in and the 2nd rule will block http connection to go out

    add port to a specific rule number. So if the rule number is 1, the rule inserted will be taking no.1 and push default no.1 rule to no.2
    iptables -I [CHAIN] [rule number] -p tcp --dport [port number] -j [ACCEPT/DROP] 
    example
    iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
    This will make allow connection to come in from port 22 as the first rule

    delete specific rules
    iptables -D [CHAIN] [rule number]

    list out all the rules
    iptables -L

    Tuesday, February 22, 2011

    Centos - Bind9 setup

    package: Bind
                  Bind-chroot


    After install, copy
    named.conf from /usr/share/doc/bind-9.3.6/sample/etc/named.conf
    to
    /var/named/chroot/etc/

    In order for rndc to connect to a named service, there must be a controls statement in the BIND server's /etc/named.conf file.

    The controls statement, shown in the following example, allows rndc to connect from the localhost.

    controls {
    inet 127.0.0.1 allow { localhost; }
    keys { <key-name>; };
    };

    This statement tells named to listen on the default TCP port 953 of the loopback address and allow rndc commands coming from the localhost, if the proper key is given. The <key-name> specifies a name in the key statement within the /etc/named.conf file. The next example illustrates a sample key statement.

    key "<key-name>" {
    algorithm hmac-md5;
    secret "<key-value>";
    };

    The key is the most important statement in /etc/rndc.conf.

    key "<key-name>" {
    algorithm hmac-md5;
    secret "<key-value>";
    };

    The <key-name> and <key-value> should be exactly the same as their settings in /etc/named.conf.
    To match the keys specified in the target server's /etc/named.conf, add the following lines to /etc/rndc.conf.

    options {
    default-server localhost;
    default-key "<key-name>";
    };


    ZONE
    open named.conf and edit
    vi /var/named/chroot/etc/named.conf

    ---------------------------------------------------------------------------------------------------------
            zone "gab.lan" {
                    type master;
                    file "gab.lan.zone";
            };
    --------------------------------------------------------------------------------------------------------
    save it and exit
    then at /var/named/chroot/var/named/
    create gab.lan.zone
    open and edit it 
    --------------------------------------------------------------------------------------------------------
    $TTL 3h

    @       IN      SOA     gab.lan.  root (
                            2011022101;
                            30m; refresh
                            15m; retry interval
                            1W; expire
                            1D); negative cache TTL


    @               IN      NS      ns.gab.lan.
    forum          IN      A       169.0.0.1.
    wiki             IN      A       169.0.0.2.


    ns               IN       A       169.0.0.0
    --------------------------------------------------------------------------------------------------------

    save and exit.
    then make a soft link to /var/named
    ln -s /var/named/chroot/var/named/gab.lan.zone /var/named/gab.lan.zone

    then start the services
    /etc/init.d/named start
    then you can check the status by using
    /etc/init.d/named status

    Use dig to check if it is running

    dig wiki.gab.lan

    if it is setup correct, it will show something like this
    ------------------------------------------------------------------------------------------------------
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> wiki.gab.lan
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50877
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;wiki.gab.lan.            IN      A

    ;; ANSWER SECTION:
    wiki.gab.lan.     10800   IN      A       169.0.0.2

    ;; AUTHORITY SECTION:
    gab.lan.          10800   IN      NS      gab.lan.

    ;; Query time: 0 msec
    ;; SERVER: 172.30.10.98#53(172.30.10.98)
    ;; WHEN: Tue Feb 22 12:18:35 2011
    ;; MSG SIZE  rcvd: 80
    -----------------------------------------------------------------------------------------------------


    Highlight out

    please highlight out this part from named.conf

    ----------------------------------------------------------------------------------------------------------

    // All BIND 9 zones are in a "view", which allow different zones to be served
    // to different types of client addresses, and for options to be set for groups
    // of zones.
    //
    // By default, if named.conf contains no "view" clauses, all zones are in the
    // "default" view, which matches all clients.
    //
    // If named.conf contains any "view" clause, then all zones MUST be in a view;
    // so it is recommended to start off using views to avoid having to restructure
    // your configuration files in the future.
    //
    #view "localhost_resolver"
    #{
    /* This view sets up named to be a localhost resolver ( caching only nameserver ).
     * If all you want is a caching-only nameserver, then you need only define this view:
     */
    #       match-clients           { localhost; };
    #       match-destinations      { localhost; };
    #       recursion yes;
            # all views must contain the root hints zone:
    #       include "/etc/named.root.hints";

            /* these are zones that contain definitions for all the localhost
             * names and addresses, as recommended in RFC1912 - these names should
             * ONLY be served to localhost clients:
             */
    #       include "/etc/named.rfc1912.zones";
    #};
    #view "internal"
    #{
    /* This view will contain zones you want to serve only to "internal" clients
       that connect via your directly attached LAN interfaces - "localnets" .
     */
    #       match-clients           { localnets; };
    #       match-destinations      { localnets; };
    #       recursion yes;
            // all views must contain the root hints zone:
    #       include "/etc/named.root.hints";

            // include "named.rfc1912.zones";
            // you should not serve your rfc1912 names to non-localhost clients.
            // These are your "authoritative" internal zones, and would probably
            // also be included in the "localhost_resolver" view above :

    #       zone "my.internal.zone" {
    #               type master;
    #               file "my.internal.zone.db";
    #       };
    #       zone "my.slave.internal.zone" {
    #               type slave;
    #               file "slaves/my.slave.internal.zone.db";
    #               masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
    #               // put slave zones in the slaves/ directory so named can update them
    #       };
    #       zone "my.ddns.internal.zone" {
    #               type master;
    #               allow-update { key ddns_key; };
    #               file "slaves/my.ddns.internal.zone.db";
    #               // put dynamically updateable zones in the slaves/ directory so named can update them
    #       };
    #};
    #key ddns_key
    #{
    #       algorithm hmac-md5;
    #       secret "use /usr/sbin/dns-keygen to generate TSIG keys";
    #};
    #view    "external"
    #{
    #/* This view will contain zones you want to serve only to "external" clients
    # * that have addresses that are not on your directly attached LAN interface subnets:
    # */
    #       match-clients           { any; };
    #       match-destinations      { any; };
    #
    #       recursion no;
    #       // you'd probably want to deny recursion to external clients, so you don't
    #        // end up providing free DNS service to all takers
    #
    #       allow-query-cache { none; };
    #       // Disable lookups for any cached data and root hints
    #
    #       // all views must contain the root hints zone:
    #       include "/etc/named.root.hints";
    #
    #       // These are your "authoritative" external zones, and would probably
    #        // contain entries for just your web and mail servers:
    #
    #       zone "my.external.zone" {
    #               type master;
    #               file "my.external.zone.db";
    #       };
    #};
     
    -----------------------------------------------------------------------------------------------------------------

    Change the current Linux DNS point back to yourself at
    system-config-network


    Reverse Zone

    at named.conf, add this zone into it

    ---------------------------------------------------------------------------------------------------------------
            zone "0.0.169.in-addr.arpa." {
                    type master;
                    file "db.0.0.169";
            };
    ---------------------------------------------------------------------------------------------------------------
    then at /var/named/chroot/var/named
    create a db.0.0.169
    open and edit it like this

    -------------------------------------------------------------------------------------------------------------- 
    $TTL 3h

    @       IN      SOA     gab.lan.  root (
                            2011022101;
                            30m; refresh
                            15m; retry interval
                            1W; expire
                            1D); negative cache TTL


    @               IN      NS      ns.gab.lan.
    1                 IN      PTR    forum.gab.lan.
    2                 IN      PTR    wiki.gab.lan.
     
    --------------------------------------------------------------------------------------------------------------
    save it and reload the services
    /etc/init.d/named reload

    then try to use dig to see success or not
    dig -x 169.0.0.1
    and you should get something like this
    --------------------------------------------------------------------------------------------------------------; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> -x 169.0.0.1
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16382
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;1.0.0.169.in-addr.arpa.    IN      PTR

    ;; ANSWER SECTION:
    1.0.0.169.in-addr.arpa. 10800 IN    PTR     forum.gab.lan.0.0.169.in-addr.arpa.

    ;; AUTHORITY SECTION:
    0.0.169.in-addr.arpa. 10800   IN      NS      gab.lan.0.0.169.in-addr.arpa.

    ;; Query time: 0 msec
    ;; SERVER: 172.30.10.98#53(172.30.10.98)
    ;; WHEN: Tue Feb 22 12:37:06 2011
    ;; MSG SIZE  rcvd: 96
    ---------------------------------------------------------------------------------------------------------------

    Master - Slave

    At slave server install and etup bind
    open named.conf and add this zone

    --------------------------------------------------------------------------------------------------------------
    zone "gab.lan" {
         type slave;
         master {192.168.0.0;};
    };
    --------------------------------------------------------------------------------------------------------------

    DNS Round Robin (DNSRR) load balancing

    to balance 2 server or more together, just need to add another A entry for that server
    example

    www     IN     A     192.160.0.1
    www     IN     A     192.168.0.2