Hack and / - Right Command, Wrong Server
One of the problems with the previous two methods is that you must log in to a machine to get information on it. That leads me to one of my favorite ways to organize my servers, DNS TXT records. Most people probably are familiar with a DNS A record (it maps a hostname to an IP address) and probably CNAME and PTR records (it maps one hostname to another hostname and an IP address to a hostname, respectively), but many admins aren't aware of (or don't use) TXT records. A TXT record essentially allows you to assign text to a particular hostname. If you have an internal DNS infrastructure for your machines, you probably already have A records for all your servers. If you add a TXT record as well, that gives you a nice centralized place to document what each server does in a way that can be queried from any machine on the network.
To demonstrate how to use TXT records, let's assume I'm using a standard BIND server for DNS, and this is a short section of the file that defines A records for three hosts—napoleon, snowball and major:
napoleon IN A 192.168.1.6 snowball IN A 192.168.1.7 major IN A 192.168.1.8
All I would do is add a new TXT record below any A records I have that lists what those servers do:
napoleon IN A 192.168.1.6 napoleon IN TXT "DNS, DHCP, Internal wiki" snowball IN A 192.168.1.7 snowball IN TXT "Primary Internal File Server" major IN A 192.168.1.8 major IN TXT "Failover Internal File Server"
Once I save my changes and reload BIND, the TXT records are ready to go. The next time I'm scratching my head trying to figure out what snowball does, I just have to issue a dig query:
$ dig snowball.example.net TXT +short "Primary Internal File Server"
Note that I used the +short option with dig. That way, I get back only the contents of the TXT record instead of the volume of data dig normally gives me. Not only does this make it easy to narrow in on the information I want, it also makes it a handy little one-liner to add to other programs. I even could see some savvy administrators tweaking their shell prompt or motd so that it contained this value.
Again, the beauty of using TXT records to document this is that it puts the information in a central place that you control and that you typically have to modify whenever you add a host anyway. Just be careful if you use this for externally facing DNS hosts—you might not necessarily want to broadcast all of your server info to everyone on the Internet.
Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for O'Reilly Media. He is currently the president of the North Bay Linux Users' Group.
Kyle Rankin is a VP of engineering operations at Final, Inc., the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal. Follow him @kylerankin.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide