Cloud servers from $4/mo - Grab the Deal! Let’s start ->
English
Community
Sign In
Sign In

Setting Up a BIND DNS Server

Setting Up a BIND DNS Server
Hostman Team
Technical writer
Ubuntu
19.07.2024
Reading time: 14 min
Share

The DNS (Domain Name System) is a system where all domain names of servers are organized in a specific hierarchy. Why do we need it? Imagine needing to connect to a device with the IP address 91.206.179.207. You could enter this address in the command line to get the information you need, but remembering many such numeric combinations is very difficult. Therefore, special servers were created to convert domain names into IP addresses. So, for example, when you enter hostman.com in your browser’s search bar, the request data is sent to a DNS server, which looks for matches in its database. The DNS server then sends the necessary IP address to your device, and only then does the browser directly access the resource.

Configuring your own DNS allows for more flexible and precise system configuration and avoids reliance on third parties. In this article, we will look at how to set up DNS using the BIND nameserver on Ubuntu.

Terms

  • Zone: A part of the DNS hierarchy hosted on a DNS server. It establishes the boundaries within which a specific server or group of servers is responsible.

  • Root Servers: DNS servers containing information about top-level domains (.ru, .com, etc.).

  • Domain: A named part of the DNS hierarchy, a specific node that includes other nodes. DNS addresses are read from right to left and start with a dot, with domains also separated by dots. For example, the domain poddomen.domen.ru should be read as .ru.domen.poddomen. Usually, the domain name reflects the DNS hierarchy structure, but the final dot is omitted.

  • FQDN (Fully Qualified Domain Name): A full domain name including the names of all parent domains.

  • Resource Record: A unit of information storage, essentially a record that links a name to some service information. It consists of:

    • Name (NAME): The name or IP address that owns the zone.

    • Time to Live (TTL): The duration a record is stored in the DNS cache before being deleted.

    • Class (CLASS): Network type, usually IN (Internet).

    • Type (TYPE): The record's purpose.

    • Various Information (DATA): Additional details.

Common Resource Records

  • A: Maps a hostname to an IPv4 address. Each network interface can have only one A record.
website.com.              520    IN     A      91.206.179.207
  • AAAA: The same as an A record, but for IPv6.

  • CNAME: Canonical name record, an alias for a real name for redirection.

  • MX: Specifies mail hosts for the domain. The NAME field contains the destination domain, and the DATA field contains the priority and host for receiving mail.
website.com.             17790   IN      MX      10 mx.website.com.
website.com.             17790   IN      MX      20 mx2.website.com.

  • NS: Points to the DNS server servicing the domain.

  • PTR: IP address to domain name mapping, needed for reverse name resolution.

  • SOA: Describes the main zone settings.

  • SRV: Contains addresses of servers providing internal domain services, such as Jabber.

Requirements

To follow the instructions in this article, you need at least two Ubuntu cloud servers in the same data center. Any of these servers can be ordered from Hostman. 

We will need two Ubuntu 20.04 servers, used as the primary and secondary DNS servers, ns1 and ns2, respectively. Additionally, there will be extra servers using our configured servers.

You must have superuser privileges on each server.

Installing BIND on DNS Servers

We will use bind9 as the DNS server. Install the bind9 package from the Linux repository:

sudo apt update && sudo apt upgrade -y
sudo apt install bind9

Additionally, it is recommended to install network monitoring tools:

sudo apt install dnsutils

After installation, start the bind9 service:

sudo service bind9 start

The main configuration file of the server is /etc/bind/named.conf. It describes the general settings and is usually split into several others for convenience. DNS setup begins by working with the parameters inside this file.

named.conf.options

This file contains the general server parameters. We will specify the DNS configuration data in it.

options {
        dnssec-validation auto;
        auth-nxdomain no;
        directory "/var/cache/bind";
        recursion no; # disallow recursive queries to the nameserver

        listen-on {
                     172.16.0.0/16; 
                     127.0.0.0/8;    
        };

        forwarders { 
            172.16.0.1;
            8.8.8.8;  
        };
};

To verify that everything is entered correctly, use one of the named daemon utilities, named-checkconf.

sudo named-checkconf

If everything is correct, the bind server starts working.

Primary DNS Server

The primary DNS server stores the main copy of the zone data file. All zones will be stored in the /etc/bind/master-zones directory of the primary DNS server. Create the directory:

sudo mkdir /etc/bind/master-zones

Create a file to describe the zone:

sudo touch /etc/bind/master-zones/test.example.com.local.zone

And add SOA, NS, and A records to it:

$ttl 3600 
$ORIGIN test.example.com. 
test.example.com.               IN              SOA  (      
ns.test.example.com.    
abuse.test.example.com.  
                                2022041201 
                                10800 
                                1200 
                                604800 
                                3600   ) 

@                               IN              NS              ns.test.example.com. 
@                               IN              NS              ns2.test.example.com.

@                               IN              A                172.16.101.3 
ns                              IN               A                172.16.0.5 
ns2                             IN              A                172.16.0.6

Next, run the check with the utility named-checkzone.

sudo named-checkzone test.example.com. /etc/bind/master-zones/test.example.com.local.zone

named.conf.local

This is another file included in the server's main configuration. We will specify local zones in it:

zone "test.example.com." {
                type master;
                file "/etc/bind/master-zones/test.example.com.local.zone";
};

After entering the necessary data, check the config and restart bind9 (the -z flag checks zone files):

sudo named-checkconf
sudo named-checkconf -z
sudo service bind9 restart
sudo service bind9 status

Setting Up Views

Views allow flexible management of name resolution from different subnets. Specify in the /etc/bind/named.conf file:

include "/etc/bind/named.conf.options";

acl "local" { 172.16.0.0/16; };
view "local" {
                include "/etc/bind/named.conf.local";
                match-clients { local; };
};

In the same file, you can specify directives for indicating which nodes and network addresses to accept or reject requests from. Then, restart bind9:

sudo service bind9 restart

After the server restarts, you can request the SOA record for the server 172.16.0.5 from another computer on the local network:

dig @172.16.0.5 -t SOA test.example.com

At this stage, the primary DNS server setup is complete. The next sections cover the secondary server, mail server setup, and reverse zone configuration.

Secondary Server

The initial steps are the same as for the primary server — installing bind9 and network utilities:

sudo apt update && sudo apt upgrade -y
sudo apt install bind9
sudo apt install dnsutils
sudo service bind9 start

Next, to store zone files, create the /etc/bind/slave directory and grant the necessary permissions:

sudo mkdir /etc/bind/slave
sudo chmod g+w /etc/bind/slave

Proceed to configure the zone on the secondary server. Add the zone to the /etc/bind/named.conf.local file:

zone "test.example.com." {
        type slave;
        file "/etc/bind/slave/test.example.com.local.zone";
        masters { 172.16.0.5; };
};

And set up views in the main configuration file named.conf:

include "/etc/bind/named.conf.options";
acl "local" { 172.16.0.0/16; };
view "local" {
        match-clients { local; };
        include "/etc/bind/named.conf.local";
};

After adding the settings, check the syntax, and then restart bind9:

sudo named-checkconf
sudo named-checkconf -z
sudo service bind9 restart

If there are no errors, perform the zone transfer:

sudo rndc retransfer test.example.com

The rndc retransfer command allows for a zone transfer without checking serial numbers. Briefly, the primary (ns1) and secondary (ns2) DNS servers work as follows: ns2 only checks the serial number of the zone and ignores the content of the entire zone file. If the serial number decreases, the zone transfer will be stopped. Therefore, it is crucial to increment the serial number every time you edit the zone. It is recommended to use the current date and an incremental number as the serial number.

Once you have set up the server and performed the zone transfer, you need to restrict the transfer to the secondary server’s IP address in the named.conf configuration on the primary server. To do this, add the allow-transfer directive with the IP address of the secondary DNS server in named.conf:

zone "test.example.com." {
    type master;
    allow-transfer { 172.168.0.6; };
    file "/etc/bind/master-zones/test.example.com.local.zone";
};

Then restart the server:

sudo service bind9 restart

After this step, all further operations will be performed on the primary server.

Adding an MX Record

In this example, we use mx as the hostname since it is a commonly accepted designation. Therefore, the FQDN (Fully Qualified Domain Name) will be mx.test.example.com.

To add an MX record:

1) Add the mail resource records to the zone file located at /etc/bind/master-zones/test.example.com.local.zone.

; Add the MX records to the zone file
@   IN  MX  10 mx.test.example.com.
@   IN  MX  20 mx2.test.example.com.

This adds two MX records with different priorities for the domain test.example.com.

2)  Update the serial number in the SOA (Start of Authority) record to reflect the changes.

$TTL 3600
@   IN  SOA ns.test.example.com. admin.test.example.com. (
        2024071101  ; Serial number
        10800       ; Refresh
        1200        ; Retry
        604800      ; Expire
        3600        ; Minimum TTL
)

3) Verify the zone file syntax with the following command:

sudo named-checkzone test.example.com. /etc/bind/master-zones/test.example.com.local.zone

This command checks the syntax of the zone file to ensure there are no errors.

4) Apply the changes by reloading BIND:

sudo service bind9 reload

This command reloads the BIND DNS server configuration to apply the updates made to the zone file.

Reverse DNS Setup

Reverse DNS is the reverse of the forward DNS resolution, converting IP addresses back to domain names.

For example, the IP address 192.168.1.10 is represented in reverse notation as 10.1.168.192.in-addr.arpa.

Because a hierarchical model is used, the management of the zone can be delegated to the owner of the IP address range. Essentially, a PTR record defines a domain name based on an IP address, which is conceptually similar to an A record. PTR records are primarily used for verifying mail servers.

To configure the reverse lookup zone, create a new zone file:

sudo nano /etc/bind/master-zones/16.172/in-addr.arpa.zone

And add the following data:

$TTL    3600 
16.172.in-addr.arpa.            IN      SOA  ( 
ns.test.example.com. 
admin.test.example.com. 
                                2022041202 
                                10800 
                                1200 
                                604800 
                                3600  )
                                IN      NS            ns.test.example.com. 
                                IN      NS           ns2.test.example.com. 

3.101.16.172.in-addr.arpa.      IN      PTR              test.example.com. 
5.0.16.172.in-addr.arpa.        IN      PTR           ns.test.example.com. 
6.0.16.172.in-addr.arpa.        IN      PTR          ns2.test.example.com. 
2.101.16.172.in-addr.arpa.      IN      PTR         mail.test.example.com.

Check the configuration:

sudo named-checkzone 16.172.in-addr.arpa /etc/bind/master-zones/16.172.in-addr.arpa.zone

Then, open named.conf.local:

sudo nano /etc/bind/named.conf.local

And specify the following zone:

zone "16.172.in-addr.arpa." {
                type master;
                file "/etc/bind/master-zones/16.172.in-addr.arpa.zone";
                allow-transfer { 172.16.0.6; };
        };

Restart the bind9 service:

sudo named-checkconf
sudo named-checkconf -z
sudo service bind9 restart

Check with the dig utility:

dig @172.16.0.5 -x 172.16.0.5

Now you can perform a similar setup on the secondary server. Add the following configuration to named.conf.local:

zone "16.172.in-addr.arpa." { 
    type slave; 
    file "/etc/bind/slave/16.172.in-addr.arpa.zone"; 
    masters { 172.16.0.5; }; 
};

At this stage, we have completed work with local domain zones. You can now proceed to configure the external domain zone.

External Domain Zone

First, to handle queries from the external network, add the external IP address to the listen-on directive in the named.conf.options configuration file:

listen-on {
    aaa.bbb.ccc.ddd/32; # our external IP
    172.16.0.0;
    127.0.0.0/8
}

Next, create the zone file (don't forget to change the serial number!) and add the external IP addresses to it:

sudo nano /etc/bind/master-zones/test.example.com.zone

Add the following content to the file:

$TTL 3600
$ORIGIN test.example.com.
test.example.com.               IN              SOA  (     
    ns.test.example.com.
    admin.test.example.com.
                                2022041205
                                10800
                                1200
                                604800
                                3600   )
@                               IN              NS              ns.test.example.com.
@                               IN              NS              ns2.test.example.com.
@                               IN              A               aaa.bbb.ccc.ddd # first external address
ns                              IN              A               aaa.bbb.ccc.ddd
ns2                             IN              A               eee.fff.ggg.hhh # second external address

Then, create a separate file for the external view zones to serve different domain zones to clients from different subnets:

sudo nano /etc/bind/named.conf.external

Add the following content to the file:

zone "test.example.com." { 
    type master; 
    file "/etc/bind/master-zones/test.example.com.zone";
    allow-transfer { 172.16.0.6; };
};

After this, include the file in named.conf by adding the following block:

acl "external-view" { aaa.bbb.ccc.ddd; };
view "external-view" {
    recursion no;
    match-clients { external-view; };
    include "/etc/bind/named.conf.external";
};

Now check this zone and restart BIND9:

sudo named-checkconf -z
sudo named-checkzone test.example.com. /etc/bind/master-zones/test.example.com.zone
sudo service bind9 restart
sudo service bind9 status

On the secondary DNS server, you need to specify the external server address in named.conf.options:

sudo nano /etc/bind/named.conf.options

Add the following configuration:

options {
    dnssec-validation auto;
    auth-nxdomain no;
    recursion no;
    directory "/var/cache/bind";
    listen-on {
        eee.fff.ggg.hhh/24;
        172.16.0.0/16;
        127.0.0.0/8;
    };
};

Similarly to the primary server, create a new named.conf.external file:

sudo nano /etc/bind/named.conf.external

Add the following content to the file:

zone "test.example.com." {
    type slave;
    file "/etc/bind/slave/test.example.com.zone"; 
    masters { 172.16.0.5; };
};

Then add the following block to named.conf:

acl "external-view" { eee.fff.ggg.hhh; }; 
view "external-view" { 
    recursion no; 
    match-clients { external-view; }; 
    include "/etc/bind/named.conf.external"; 
};

And perform the transfer:

sudo rndc retransfer test.example.com IN external-view

Debugging

When setting up a DNS server, it is very important to pay close attention to query logging. This helps with initial troubleshooting, and during normal server operation, it allows you to fully control the services.

BIND9 allows for comprehensive logging rules configuration—writing to a single file, separating different categories into different logs, and so on.

To write debugging information to one file, you need to create logging rules and include them in the main configuration. Create a log.conf file:

sudo nano /etc/bind/log.conf

Add the following content:

logging {
    channel bind.log {
        file "/var/lib/bind/bind.log" versions 10 size 20m;
        severity debug;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
    category queries { bind.log; };
    category default { bind.log; };
    category config { bind.log; };
};

Then include the file in the main configuration:

include "/etc/bind/log.conf";

And restart BIND9:

sudo service bind9 restart

You can create multiple such files with different settings and include them depending on the development stage or server load.

Conclusion

In this guide, we configured DNS on a server running Ubuntu OS using the bind9 package. After following the steps, the two configured DNS servers can be used for name resolution on the network. To use the custom DNS servers, configure your other servers to use 172.16.0.5 and 172.16.0.6 as their DNS servers. 

This setup can serve as the foundation for further enhancements, such as setting up an email server.

Ubuntu
19.07.2024
Reading time: 14 min
Share

Similar

PHP

How to Install PHP and PHP-FPM on Ubuntu 24.04

In this guide, we will describe installing PHP and PHP-FPM on Ubuntu 24.04. PHP, which stands for Hypertext Preprocessor, is a language that is widely used and open-sourced, mainly for web development. PHP is the only PHP FastCGI implementation, that is extremely useful for high-traffic websites. At the end of this guide, you should be ready to go with PHP running on your server. Prerequisites Before we start, please confirm you have the following: Ubuntu 24.04 LTS installed on the server A user account with the sudo access An essential command-line operation understanding A reliable internet connection for downloading software packages To ensure that your system is up to date, run the following commands: sudo apt updatesudo apt upgrade Install Apache Launch the Apache web server using the following command: sudo apt install apache2 Install PHP Let's begin with installing the PHP package in Ubuntu 24.04 server. First, open a terminal on your Ubuntu system. PHP and common modules are included in the installation action: sudo apt install php That command installs the core PHP package, the command-line interface, and common libraries. Make sure the installation works: php -v Install PHP Extensions PHP extensions are the way to go to extending PHP installation with certain functions. Start by installing extensions: sudo apt install php-curl php-mbstring php-xml Short description: php-mysql: Allows MySQL database connection php-gd: Adds ability to manipulate images php-curl: Makes possible to communicate with servers php-mbstring: Provides multibyte string support php-xml: Enables XML support php-zip: Enables ZIP support Additional extensions can be installed as you see fit for your projects. You can search them using: apt-cache search php- Install and Configure PHP-FPM PHP-FPM is essential when dealing with high-traffic websites. To install and configure it: Install the package: sudo apt install php-fpm Launch PHP-FPM service. Depending on the installation, version number may differ. sudo systemctl start php8.3-fpm Tell PHP-FPM to go on boot: sudo systemctl enable php8.3-fpm Verfy PHP-FPM is working: systemctl status php8.3-fpm This will output a response that says "Active (Running)" if everything is working as expected. Test PHP and PHP-FPM To ensure that PHP and PHP-FPM are both running with no problems, create a test file then serve it via the website's server. Let's say it uses Apache in this example: Generate PHP Info File. To show PHP settings using the phpinfo() function, do the following: mkdir -p /var/www/htmlecho "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php Set Up Apache for PHP-FPM. Ensure Apache is made compatible for PHP-FPM, by first finding Apache configuration file (usually /etc/apache2/sites-available/000-default.conf) then inserting: <FilesMatch \.php$>   SetHandler "proxy:unix:/var/run/php/php8.3-fpm.sock|fcgi://localhost/"</FilesMatch> Remember we must alter specific PHP version and socket path to suit individual settings of the server. Activate PHP and PHP-FPM. Enable PHP and PHP-FPM following these instructions: sudo apt install libapache2-mod-phpsudo a2enmod proxy_fcgi setenvif Reboot Apache. Apply changes by restarting Apache server: sudo systemctl restart apache2 Access PHP Info Page. First open your web browser and go to: http://your_server_ip/info.php Replace [server_ip] with the server IP address or domain. You can see details of your PHP installation. Install Multiple PHP Versions For particular projects you might need to run different applications, each one may require different functionalities. This is the way to manage and manipulate multiple PHP versions on Ubuntu 24.04. First, add PHP repository: sudo apt install software-properties-commonsudo add-apt-repository ppa:ondrej/php && sudo apt update Install PHP versions you need: sudo apt install php8.1 php8.1-fpm Deselect one PHP version and elect the other: sudo update-alternatives --set php /usr/bin/php8.1 If you are using multiple PHP versions, ensure that your web server is pointing to the appropriate PHP-FPM socket. Securing PHP and PHP-FPM: Best Practices As a web developer, you know the importance of incorporating both PHP and PHP-FPM into web applications that are safe and robust. In this section, we will introduce a number of security steps that you should adapt using PHP and PHP-FPM. 1. Keep PHP and PHP-FPM Updated PHP and PHP-FPM should be up to date. Doing regular updates will eliminate known security breaches and provide overall security improvements. You need to check for updates as often as possible then update the system as soon as the updates are available. 2. Configure PHP Securely To configure PHP securely, start by disabling unnecessary and potentially dangerous functions, such as exec, shell_exec, and eval, in the PHP configuration file (php.ini). Use open_basedir directive to restrict PHP’s access to specific directories, preventing unauthorized access to sensitive files. Set display_errors to Off in production to avoid exposing error messages that could provide insights to attackers. Limit file upload sizes and execution times to reduce the risk of resource exhaustion attacks. Besides, ensure that PHP runs under a dedicated, restricted user account with minimal permissions to prevent privilege escalation. Regularly update PHP to the latest stable version to patch vulnerabilities and improve security. 3. Use Safe Error Reporting To ensure an error-free application, it is quite handy locating and correcting code bugs in a development environment. In production environment, you have the possibility to hide the PHP errors by setting the display_error directive to be off, and you should also set the log_errors directive to be On, thus this will help you prevent PHP from showing errors to the users whereas your server will log it in a safe location without problems to users. 4. Implement Input Validation Being aware of the input validations is quite crucial during the programming of your software. Make sure that all deficiencies are tested and only SQL statements containing their SQL equivalent that can produce outwardly neutral queries via prepared statements is considered safe. 5. Secure PHP-FPM Configuration PHP-FPM is required to run using a non-usual user account with minium rights. Furthermore, access to the PHP-FPM socket or port should be very limited to the web application. 6. Enable Open_basedir You need to bind open_basedir directive in order to restrict access files within the given directory. In this case, if you attempt to visit a forbidden directory and the request is accidentally transmitted to the server, PHP will prevent you from doing so. 7. Use HTTPS We need to secure web calls by making apps HTTPS-only, which is the only prominent way to block all the known hacking tricks. Conclusion With this guide, you've successfully set up PHP and PHP-FPM on Ubuntu 24.04. Your server is now configured for dynamic web applications. To maintain security and performance, remember to keep the system and packages regularly updated.
09 December 2024 · 6 min to read
Ubuntu

How to Configure an Additional IP as an Alias in Ubuntu

In the network administration world, the task of setting up additional IP addresses on a single network interface is commonly performed. The technique of IP aliasing, which is a system for a device to reply to several IP addresses on one network interface, penetrates this model. All Ubuntu users should be familiar with modifying and applying these settings to ensure robust networking administration. This guide will detail the methods of creating an extra IP address in Ubuntu as an alias for both the versions of Ubuntu 24.04 and 22.04. Prerequisites Obviously, one first needs to set up the system in a way that would allow for the manipulation of all IP addresses over the same network, using Ubuntu. Here is the list: A system running either Ubuntu 24.04 or Ubuntu 22.04 Admin access to the system (sudo privileges) Basic knowledge of command-line interface operations An additional IP address assigned by a network administrator or ISP Network interface name information (e.g., eth0, ens3) When troubleshooting problems, we are in danger of causing even more difficulty, as network interfaces provided by networks are not reliable. With this in mind, it would be wise to keep a backup of the configuration files before proceeding with the changes. Configuring an Additional IP Address within Ubuntu 24.04 Ubuntu 24.04, the latest long-term support release, uses Netplan for network configuration. This configuration is also applicable for Ubuntu 22.04 and beyond. Netplan is a utility for configuring networking on Linux systems. Here's how to create an additional IP address: Check the Network Interface Primarily, it is necessary to define the network interface that will carry the new address. You can achieve this by running the following command: ip addr show The output of this command will display all the interfaces. Find the name of the interface (e.g. ens3, eth0) currently in use. Edit the Netplan Configuration File Normally Netplan configuration files are found in the /etc/netplan/ directory. The file name may be different but most of them end with a .yaml extension. To change the file, use a text editor with root privileges: sudo nano /etc/netplan/50-cloud-init.yaml Insert the New IP Address In the YAML file, add the new IP address under the addresses section of the appropriate network interface. The configuration may appear like this: network: version: 2 renderer: networkd ethernets: eth0: addresses: - "195.133.93.70/24" - "166.1.227.189/24" #New IP address - "192.168.1.2/24" #Private IP address nameservers: addresses: - "1.1.1.1" - "1.0.0.1" dhcp4: false dhcp6: false routes: - to: "0.0.0.0/0" via: "195.133.93.1" Apply the Changes Upon saving your edits, you need to apply the new version of the configuration by running this command: sudo netplan apply Validate the Configuration After completing the steps above, you will need to repeat the ip addr show command to confirm that the new IP address is in place. Now the output of this command should also include the new IP address. Additional Considerations Persistent Configuration The choices made by Netplan are stable and will last through the restart of the device. But, it's a good idea to verify the configuration with a system reboot to make sure everything goes well after the restart. Firewall Configuration When adding a new IP address, you may need to update the firewall rules. Ubuntu traditionally uses UFW (Uncomplicated Firewall). To avoid blocking the new IP, you will have to create new rules to UFW. Network Services If the system has some services running which are linked to specific IP addresses, then you must update their configurations to recognize and utilize the new IP address as well. IPv6 Considerations The above examples talk about IPv4. If you have to use IPv6 addresses, then the procedure is relatively the same; you will have to use a different style of address though. Netplan supports both IPv4 and IPv6 configurations. Troubleshooting In case of issues emerging during the configuration stage, try: Check for syntax errors in the YAML file with the command: sudo netplan --debug generate. Ensure that there are no conflicts with other devices using the same IP address on the network. Verify correct setting of the subnet mask and the gateway. Check the system logfile for error messages: journalctl -xe. Advanced IP Aliasing Techniques Network administrators can see how advanced IP aliasing plays a key role in improving network management: virtual interfaces make it possible to have several logical interfaces on a physical network interface, wherein all have their IP and network settings. Dynamic IP Aliasing There are cases where network administrators would have to implement dynamic IP aliasing. With the help of scripts, it is possible to add or remove IP aliases according to certain conditions or occurrences. For example, a script can be made to insert an IP alias whenever a particular service starts and remove it every time the service stops. IP Aliasing in Containerized Environments The popularity of containerization in the present age necessitates having IP aliasing in order to control network configuration of Docker containers and any other containerized applications. In such cases, IP aliases are quite often employed to expose multiple services on a container at different IP addresses or assist containers to communicate with one another. Docker Network Aliases In Docker, network aliases can be used to allow multiple containers to respond to the same DNS name on a custom network. Among other things, this is indispensable in microservices architectures where service discovery is a very important issue. Security Implications of IP Aliasing Though IP aliasing has a multitude of advantages, the issue of security deserves also to be looked into. Among other things, the more IP addresses you put, the larger the possible security breach of a system. The network administrators must guarantee the applications are protected with: Configurations of a firewall that will secure all the IP aliases Intrusion Detection Systems (IDS) to record the traffic of all IP addresses Periodically checking the use and need of each IP alias Enabling of appropriate security tools for those services bound to specific IP aliases Conclusion Putting a new IP address as an alias into Ubuntu is a highly efficient process as their utility of Netplan helps greatly. Whether you are using Ubuntu 24.04 or 22.04, the steps remain the same including editing the Netplan configuration file, adding the new IP address, and applying the changes. A system with multiple IP addresses on a single network interface of a single computer can be used to do different tasks on such a network. The ability to respond to several IP addresses on one network interface becomes very useful in several networking situations. Through these steps, you can increase the Ubuntu computer networking capabilities quickly and effectively. The sequence is always to first back up existing configurations then to make changes followed by in-depth test post-installation. With these skills, a network infrastructure manager or an IT technician can effectively manage and optimize his Ubuntu-powered network infrastructure to cater to diverse networking requirements.
29 November 2024 · 6 min to read
PHP

Installing and Switching PHP Versions on Ubuntu: A Step-by-Step Guide

PHP is a scripting programming language commonly used for developing web applications. It allows developers to create dynamic websites that adapt their pages for specific users. These websites are not stored on the server in a ready-made form but are created on the server after a user request. This means that PHP is a server-side language, meaning scripts written in PHP run on the server, not the user's computer. There are many different versions of PHP. The language becomes more powerful and flexible with each new version, offering developers more opportunities to create modern web applications. However, not all websites upgrade or are ready to upgrade to the latest PHP version and remain on older versions. Therefore, switching between versions is an essential task for many web developers. Some developers want to take advantage of new features introduced in newer versions, while others need to fix bugs and improve the security of existing applications. In this article, we will go over how to install PHP on Ubuntu and how to manage different PHP versions. How to Install PHP on the Server To install PHP on Ubuntu Server, follow these steps: Connect to the server via SSH. Update the package list: sudo apt update Install the required dependencies: sudo apt install build-essential libssl-dev Download the installation script from the official website, replacing <version> with the desired version: curl -L -O https://www.php.net/distributions/php-<version>.tar.gz Extract the downloaded file, replacing <version> with the downloaded version: tar xzf php-<version>.tar.gz Navigate to the directory with the installed PHP: cd php-<version> Configure the installation script: ./configure Build PHP: make Install PHP: sudo make install After completing these steps, PHP will be installed on your server. The next step is to install a web server to work with PHP. The configuration may involve specifying the PHP module in the web server configuration file and setting up how .php files are handled. Finally, restart the web server. For example, to restart Apache, you can run the following command: sudo service apache2 restart How to Check PHP Version There are several ways to find out which version of PHP a website is running: Use the terminal. Create a script with phpinfo() in the website's root directory. Check PHP Version via Terminal Run the command in the terminal: php -v You will get output similar to: PHP 8.3.13 (cli) (built: Oct 30 2024 11:27:41) (NTS)Copyright (c) The PHP GroupZend Engine v4.3.13, Copyright (c) Zend Technologies    with Zend OPcache v8.3.13, Copyright (c), by Zend Technologies Check PHP Version with phpinfo() Create a file named phpinfo.php with the following content: <?phpphpinfo( );?> Save the file in the root directory of your website (where the index.html or index.php file is located). Open this file in your browser by using the following URL: http://your_website_address/phpinfo.php You will see a page with detailed information about the PHP configuration. After finding out the PHP version, be sure to delete the phpinfo.php file as it contains important server configuration information that attackers could exploit. How to Manage PHP Versions To switch between installed PHP versions on Ubuntu, follow these steps. Check if multiple PHP versions are installed. To see the list of installed PHP packages, run the command: dpkg --list | grep php Install the php-switch package, which allows change PHP versions easily: sudo apt-get install -y php-switch Switch to the desired PHP version using the php-switch command. For example, to switch to PHP 7.4, run: php-switch 8.2 Verify which PHP version is currently active by running: php -v Some scripts and extensions may only work with certain PHP versions. Before switching, make sure that all the scripts and extensions you are using support the new version. Otherwise, the website may become inaccessible or malfunction. Troubleshooting If PHP scripts are not being processed on your server, the first thing to check is the web server's functionality. Open a browser and go to the website where PHP scripts are not working. If the page opens but the PHP script output is not displayed, the problem may lie with PHP. Here are some steps you can take to troubleshoot the issue. Check PHP Service Status Run the following command, using your PHP version (e.g., PHP 8.3): sudo service php8.3-fpm status If the service is running, the output should indicate active (running). If the service is not running, start it with this command: sudo service php8.3-fpm start Check PHP Log Files To view PHP log files, use the following command: tail /var/log/php7\8.3-fpm.log This command will display the last few lines of the PHP log file, which may help identify the issue. Check PHP Configuration Open the php.ini file in a text editor and ensure the display_errors option is set to On. This will allow PHP errors to be displayed on your website pages. Check for Script Errors Open the PHP scripts in a text editor and look for syntax errors or other issues that could prevent the scripts from working properly. Check for Web Server Restrictions Check the web server configuration for any restrictions that might affect the execution of PHP scripts. For example, there may be restrictions in the .htaccess file that prevent certain directories from running scripts. Test the Script on Another Server If the script works on another server, the issue may be related to the configuration of the current server.
20 November 2024 · 5 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support