RFC 952 The structure of IP address v4

I have required to taken some time to read and understand some of the RFCs and today I read RFC952 and found an interesting fact of IP addressing pattern/method. For full document http://www.ietf.org/rfc/rfc952.txt

I have some experience during the early days when working on projects for factory automation, the project involve quite a number of hardwares from camera, actuator, motion controllers, barcode scanners, IOs, PLCs etc. The newer ones connected to each other with IP address. Not only that, in our home also we connect various devices thru our home routers; they are our computers, phones, tablet, TV, water heaters, aircon, some power point, lights etc.

But until only today I got to understand why our IP addressing pattern sticks to 10.x.x.x, or 172.x.x.x or 192.x.x.x. I believe you have seen these in the IP settings before. After read to a point in the RFC952 document, I realize that they have reason for that.

IP address numbering maximum goes up to 255.255.255.255 only is because each sets was designed to 8 bit binary. When you convert decimal number 255 to binary it will gives you 1111 1111.

3. If the first bit of the first octet of the address is 0 (zero),
then the next 7 bits of the first octet indicate the network number
(Class A Address). If the first two bits are 1,0 (one,zero), then
the next 14 bits define the net number (Class B Address). If the
first 3 bits are 1,1,0 (one,one,zero), then the next 21 bits define
the net number (Class C Address) [See RFC-943]. This is depicted in the following diagram: 

+-+------------+--------------+--------------+--------------+
|0| NET <-7-> | LOCAL ADDRESS <-24-> |
+-+------------+--------------+--------------+--------------+ +---+----------+--------------+--------------+--------------+
|1 0| NET <-14-> | LOCAL ADDRESS <-16-> |
+---+----------+--------------+--------------+--------------+ +-----+--------+--------------+--------------+--------------+
|1 1 0| NET <-21-> | LOCAL ADDRESS|
+-----+--------+--------------+--------------+--------------+ 

4. The LOCAL ADDRESS portion of the internet address identifies a
host within the network specified by the NET portion of the address.

Class C Address

From the table illustrations and notice that the first 3 bits actually determine how many device you could connect within your network. For example if you setup a local area network in your home or office or for a project, and if your address pattern is 192.x.x.x, which is 110 for the first 3 bits, then you could only connect up to maximum 255 devices within your network. This is because the first 3 sets (Y.Y.Y.x) is your net address, the x could use from 1 up to 255. You could set any number starts with 192 ~ 223 to fulfill 110 for the first 3 bits criteria. 

The first 3 sets 192.1.2.x is your network number/name. If you set one of the device to 192.1.3.x, then this device is consider in other network and they would not see each other.

Class B Address

For this class, the first 2 bit has to be 1 0 to determine a Class B address. So the address range for the first sets started with 127 up to 191. With this pattern of address, it has to configure (Y.Y.x.x). The first 2 sets (Y.Y.) is your network name/number. The x is your node address. With this class, you could connect up to 255x255=16516350 devices. Which I think its a huge one for a local area network.

Class A Address

This is the INTERNET addressing we are using currently.


And now I have a bigger question. When we go to whatsmyip.org, it show 202.x.x.x on my mac, and my phone ip is 123.x.x.x. I still can ping each other and realize that my Mac falls under class C address and my phone falls in Class A address.



  

How to Boot a Linux Live USB Drive on Your Mac

http://www.howtogeek.com/213396/how-to-boot-a-linux-live-usb-drive-on-your-mac/

Test carried out of self build bind9 within own network

Own built intranet

This is how the intranet being layout for the test

The own-built DNS server

First setup zone file and index file in the DNS (bind9) server. The file path is at:

Index file in  /etc/bind/named.conf.local.
This file act as a index, where this file tells the system where to find the zone file when it needs to resolve names requests. We manually add in the entries into the file as below.

Zone files stores in /etc/bind/zones. 
Exactly the file path where the index file listed.

Open up one of the file, as we can see the ipaddress is saved there. These entries also inserted manually.

Below is the screenshot of check bind9 service status.

----------------------------------- END OF DNS SERVER PORTION -----------------------

THE CLIENT SIDE

We have to configure DNS server settings in the Network Settings. We set our above DNS server IP at 192.168.1.105, so all the clients within the network has to configure DNS setting in the network settings manually to point to our own-built DNS server. If we do not do that, the client will not get the name resolve in our own-built DNS server. 

We run terminal app, and run the command nslookup. This command can be run on mac as well as windows and Linux. Below is the screenshot of the test.

With nslookup command, we could resolved names from the dns server locally.

The macbook has configured to run apache for this test. So when connect to the macbook website, it actually successful load up the webpage.

Capability of NicTool

Found this article from http://hackersome.com/p/Theosis/NicTool

NicTool is a free DNS management suite that takes the headaches out of managing DNS data. NicTool works great for managing one zone or millions of them. It works well with one nameserver or dozens of them.

NicTool is not a DNS server. NicTool exports sanitized and validated DNS data to authoritative DNS servers such as tinydns, BIND, PowerDNS, NSD, and MaraDNS.

NicTool is Open Source, you can fork it on GitHub: https://github.com/msimerson/NicTool

NicTool includes:

  an attractive web interface for users, admins, and clients
  validation of all DNS data before acceptance
  fine grained permissions for users and groups
  delegatation of zones and zone records to users and/or groups.
  logging of all DNS changes (who did what & when)
  RDBMS data storage
  a mature API for automation and integration

NicToolServer is the server component of NicTool. It connects to the database where the DNS information resides. All changes to DNS data (zones, records, nameservers) and managers (users and groups) is validated by NicToolServer before insertion.

NicToolServer functions as a web service. It provides a SOAP or RPC-XML server for applications. The format of requests is defined in the reference API at http://www.nictool.com/docs/api/. The API and NicToolClient both connect to NicToolServer via this web service.

NicToolClient is a CGI application. It is what you see in the browser. It provides a web interface for managing DNS data. NicToolClient has customizable HTML templates and a CSS style sheet.

The NicTool API is a mature and full featured API for connecting to NicToolServer and managing DNS data. There are many scripts written against this API and it is stable.

Usage Examples: 

    ColocateUSA.net (2012-): Custom scripts for web services (billing, orders, CP) to set & reset rDNS, and CLI scripts to update forward and rDNS for IPv4 and IPv6 addresses.

    Spry/VPSlink (2007-2010): We wrote Control Panels that allowed clients to manage virtual machines. We provided a custom DNS manager so our clients could manage their domains and the rDNS for their IPs, supported by the NicTool API.

    Layered Tech (2005-2007): DNS management was limited to internal staff and was updated as needed. Which meant, lots of old poorly maintained data. I wrote a number of scripts for common tasks like "reset the rDNS for these IPs" or "delegate this block of IPs to these NS".

    Lightrealm/HostPro/Interland/Web.com (2000-2003): In 1999, Lightrealm's DNS was managed on Sun servers running BIND 4. DNS team members used a shared login for access and editing of the zone and named.conf files. We had 120,000 zones and reloading BIND took about 12 hours, so it was done once a day. If someone made an error, it might take 10 hours before BIND encountered it and croaked, sometimes extending the time-to-publish of DNS data to days.
    With the pending merger of Lightrealm, Vservers, and HostPro, our zone count was going to almost triple. We needed a better solution and found NicTool. We deployed a system that elegantly managed 400,000 zones, millions of zone records, and published changes in under a minute. NicTool remained in use at Web.com for many years thereafter.

Download / Install Eclipse, Doxygen, Eclox into Ubuntu Desktop

Navigate to http://www.eclipse.org/downloads/ and below is the page.

Select eclipse type

Select system

Download from the server

Then it would download the file into the /home/user/Download/ folder. 

In the download folder, double click the .gz file it will open Archive Manager, then drag the folder name eclipse out and put any folder it doesn't matter.

Open up the folder and double click Eclipse to run

Install Doxygen onto linux

Install this one is a bit tricky, but it can be done. I refers to this site http://www.stack.nl/~dimitri/doxygen/download.html

Pay very careful attention here, I follow the below steps in GIT repository (below) and I encounters a few errors when doing 

GIT repository

The GIT repository for doxygen is hosted on GitHub. In this repository you can be find the latest "bleeding edge" version of doxygen.

If you have GIT installed, you should do the following to get the initial copy of the repository:

git clone https://github.com/doxygen/doxygen.git
cd doxygen

After that you can use

mkdir build
cd build
cmake -G "Unix Makefiles" ..

The errors I got were 

found missing FLEX

apt-get install FLEX

after that continue with cmake -G "Unix Makefiles" ..

found missing BISON

apt-get install BISON

after that continue with cmake -G "Unix Makefiles" ..

found unsuitable Qt version

apt-get install qt-sdk

this qt-sdk could take up long long time. 200+ MB

after that continue with cmake -G "Unix Makefiles" ..

cmake -G "Unix Makefiles" ..
make

To force a fresh build after an earlier check-out simple remove the build directory and redo the steps above.

After the binaries have been built, you can use

make install

to install them.

Public access to the GIT repository is read-only at the moment. So it is not possible to commit changes, but you can send me patches (use diff -u) if you think they should end up in the mainline, and I'll review and include them.

Doxygen was installed in /usr/local/bin/doxygen

Install Eclox

The same method used in windows and Mac.

Launch the eclipse app...

Go to Help > Install New Software menu

Enter http://download.gna.org/eclox/update into the works with text box and click Add button

Select eclox in the center box and click next to proceed to next screen.

Accept the terms of the license agreement and click finish and its will process the installation.

Then go to Window > Preference, select Doxygen at the left hand side panel

Then click Add button...

Browse to /usr/local/bin/doxygen and done.

Download Eclipse on Mac El Capitan

Navigate to http://www.eclipse.org/downloads/ and below is the page.

Then select mirror site to download

After download and double click on the eclipse-cpp-mars-1-macosx-cocoa-x86_64.tar.gz file, and that will decompress the file and then move eclipse into application folder to complete installation.


Tool for writing software reference documentation - Doxigen

More info refer to https://en.wikipedia.org/wiki/Doxygen

Download link http://sourceforge.net/projects/doxygen/files/

After download, extract it and keep it in Application folder.

Doxygen is a standalone software by itself, hence next we have to link both software with Eclox.

Setup a bridge to connect both Doxygen with Eclipse - Eclox 

Go to http://home.gna.org/eclox/



Then go to Eclipse Help Menu > Install new software...








Let it download and you will be ask for permission to allow it to install after download. Then restart Eclipse.


Refers to https://code.google.com/p/tonatiuh/wiki/InstallingDoxygenForMac to finish the linking of Doxygen and Eclipse.

• Go to Eclipse->Preferences.
• Go to Doxygen and push "Add..." button.
• Select in the file dialog the doxygen installation path: /Applications/Doxygen/Contents/Resources.
• Apply changes before finish.

Netbeans 8.1 on El Capitan

Simply go to https://netbeans.org/downloads/ and select C++ to download.

Then it would bring to download page. The webpage will automatically download the correct version based on the system you use to download.

Then after download and run the installer and it will download necessary component in the process of installations.

Install PHP (part of LAMP stack) onto Ubuntu

Nothing being done my own of course just refer to this website for instructions: www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu

Install and Configure MySQL

Again this taken directly from https://www.linode.com/docs/websites/lamp/how-to-install-a-lamp-stack-on-ubuntu-14-04.
And also taken from https://dev.mysql.com/doc/refman/5.0/en/installation-version.html

Install the mysql-server package:

sudo apt-get install mysql-server

Run mysql_secure_installation, a program that helps secure MySQL. You will be presented with the opportunity to change the MySQL root password, remove anonymous user accounts, disable root logins outside of localhost, and remove test databases:

sudo mysql_secure_installation

Log into MySQL:

mysql -u root -p

Enter MySQL’s root password, and you’ll be presented with a MySQL prompt.

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.27-standard MySQL Community Edition - Standard (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

You may also determine the version information using the version variables. Both the version and version_comment variables contain version information for the server to which you are connected. Use the SHOW VARIABLES statement to obtain the information you want, as shown in this example:

mysql> SHOW VARIABLES LIKE "%version%";
+-------------------------+------------------------------------------+
| Variable_name           | Value                                    |
+-------------------------+------------------------------------------+
| protocol_version        | 10                                       |
| version                 | 5.0.27-standard                          |
| version_comment         | MySQL Community Edition - Standard (GPL) |
| version_compile_machine | i686                                     |
| version_compile_os      | pc-linux-gnu                             |
+-------------------------+------------------------------------------+
5 rows in set (0.04)

You can also obtain server version information in the mysql client using the SELECT VERSION() statement. In addition, MySQL Workbench also shows the server version in the Server Status tab. However, in both of these cases, only the value of version is shown.

The STATUS command displays the version as well as version comment information. For example:

mysql> STATUS;
--------------
./client/mysql  Ver 14.12 Distrib 5.0.29, for pc-linux-gnu (i686) using readline 5.0

Connection id:          8
Current database:
Current user:           mc@localhost
SSL:                    Not in use
Current pager:          /usr/bin/less
Using outfile:          ''
Using delimiter:        ;
Server version:         5.0.27-standard MySQL Community Edition - Standard (GPL)
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    latin1
Conn.  characterset:    latin1
UNIX socket:            /tmp/mysql.sock
Uptime:                 1 day 3 hours 58 min 43 sec

Threads: 2  Questions: 17  Slow queries: 0  Opens: 11  Flush tables: 1  Open tables: 6  Queries per second avg: 0.000
--------------

Getting started with BIND (Compilation & installations)

This whole page was taken directly copy and paste from 

https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html

The reason taken it directly is for making sure that this is kept permanently so I could refer to it if I need to get bind9 install again.

----------------------------------------------------------------------------------------------------------------------------------------------------------------

This is a simple 'first steps' primer to help you get started with BIND.  For anything more complex you'll need to refer to the Administrator Reference Manual, man pages, textbooks, this Knowledge Base and numerous online fora. It's aimed at those who are downloading and installing BIND themselves in a Linux or similar operating environment for the very first time and want to make sure that they can get it running before moving on to specific configuration steps.

1.  Downloading the software

BIND is available from http://www.isc.org/downloads/.  Information on which versions are actively supported is also provided on the downloads page.  For more details of how we number and identify our versions, you can refer to: http://www.isc.org/downloads/software-support-policy/version-numbering/.

Select the version of BIND that you would like to run and download the tar.gz file by clicking on Source Download.  (If you're running in a Windows environment, BINDcomes pre-compiled - download and refer to instructions provided for installation.)

Verify that the download is good against one of the signature files.  See https://www.isc.org/downloads/software-support-policy/openpgp-key/ if you're not sure how to do this (and to obtain ISC's current public pgp key).

2.  Building BIND

Decide where you're going to put the source code directory - but the location is your own preference, it doesn't make a difference operationally.  You should however, protect your source code from potential tampering.

Unpack the tarball:

tar -zxvf <name of BIND tarball, e.g. bind-9.9.4-P1.tar.gz>

Navigate to the top level directory of the new source code directory.  

Read the README file - make sure that you have OpenSSL installed (if you'd like to implement DNSSEC signing/validation), a good source of randomness, and an ANSI C compiler.

At this point you need think about where you'd like the installation to place the new binaries and which directory you want to be the default/base location for the configuration files.   By default (i.e. if you don't specify anything different to the ./configure script), the binaries will be located in /usr/local/bin and /usr/local/sbin.  Also by default, the binaries will 'look for' their configuration files in /etc. If you want any of these to be different, then check the options that you can supply to ./configure:

./configure --help

Why might I want to change the default file locations?

The installation will place BIND's binaries into /usr/local/bin and /usr/local/sbin.  There are also other default locations for configuration and runtime variable files.  Depending on the operating system environment you're running in, and whether or not you have system administration utilities that you're going to use to help start/stop and otherwise monitor BIND, you may want to locate BIND's files where those utilities expect to find them.  If you have a version of named installed already, and it's a new enough version of BIND to support the -V option, you can find out what configure options were used when it was built by typing:

named -V

Alternatively, you might prefer not to overwrite the files provided with the OS and want to run BIND independently - in which case you would supply options to configure to avoid collisions.

If you're happy with the defaults, then just go ahead and perform the configure step.  The example below is ensuring that the build will be multi-threaded, uses OpenSSL and also includes links to libxml2 so that XML-based statistics can be configured and generated:

./configure --with-openssl --enable-threads --with-libxml2

Building with openssl and libxml2 - what do you need to install first?

You need current versions of openssl and libxml2.  You will most likely also need libssl-dev and libxml2-dev.

Next, test that the build step completes successfully, but without installing the binaries:

make

If this step has completed successfully, then you're ready to install the binaries. 

The step below will overwrite any files already installed with the same name/location

This step assumes that you're not not already running BIND.  If you are already running BIND, them make sure that you have a backup, or at least a plan to 'go back' to how things were, before doing this!  If you prefer, you can stop after the 'make' step and copy the binaries into place manually, renaming the older versions first.  You'll either need to be running as root, or use sudo to obtain root privileges to do this:

sudo make install

3. Testing your binary with default options

BIND will run as a recursive server with default options - all you need to do is to create an empty named.conf file in the default location (the example below assumes that you ran ./configure without making any location changes):

sudo touch /etc/named.conf

Now you can test that the binary and your environment is good by starting named running in the foreground with the logging directed to stdout.  You're also testing that your $PATH variable includes /usr/local/sbin. The -g option is very useful for troubleshooting problems with named:

sudo named -V
sudo named -g

Note what is being logged by default - and that it includes the configure options, what named has detected about its run-time environment and what interfaces the daemon is listening on.  It also shows you the default empty zones that named loads.  If there are any problems reported, now is the time to investigate and fix them.  You can terminate the running foreground named with Ctrl C.

4.  Testing your binary as a recursive server

You're now ready to run named as a background daemon.  Before launching it, it's a good idea to set up the default options for the management tool rndc. 

• Navigate to the default directory for configuration files:
  
  cd /etc
• Create the default rndc.key file (that will be used by both named and rndc in lieu of any specific control configuration in named.conf or rndc.conf):
  
  sudo rndc-confgen -a

Launch the named daemon (this is bypassing any system administration tools that your OS environment offers):

sudo named

Check that named is operating as expected; check the logfiles and remedy any problems if not:

sudo ps -ef|grep named
sudo rndc status

And finally, check that the daemon is responding:

dig @127.0.0.1 . NS

Above the dig tool is simply sending a query to your nameserver asking it for the list of NS records authoritative for "."  and you're testing that:

• It answer queries (you should get a reply that near the end has a line: ;; SERVER: 127.0.0.1#53(127.0.0.1)  )
• It has access to the root nameservers (you should get an answer that lists the NS records!)

5. What next? ...

The steps above are really basic, but they're only intended to be a starting point.  There are many options and topics that haven't been addressed, but now you have the framework, you can develop from there according to your needs.  Some things you'll most likely want to research consider are:

• Running named as a non-root user - read up on the -u run-time option
• Running named in a chroot jail (many still do, but this shouldn't be necessary with modern versions of BIND)
• Configuring non-default access control lists for recursion
• If you're planning to run an authoritative server, adding zone statements and creating zone files for the domains you want to serve
• Running different servers for authoritative and recursive services
• In a multi-threaded environment, tuning the number of worker threads (runtime option -n) and, from BIND 9.9 and newer, tuning the number of listener tasks (runtime option -U) to optimize your server performance
• Tailoring logging to your own needs
• Integrating the management of BIND with your system administration tools and processes
• Deploying more advanced features of BIND such as masters/slaves and zone transfers, dynamic updates, DNSSEC etc..
• Providing services over IPv6 as well as over IPv4.

The following two Best Practices articles may also provide some useful guidance:

Best Practices for those running Recursive Servers

Best Practices for those running Authoritative Servers