02-01-29  BIOS SETUP
MAIN
    Hard disk predelay: disabled
        Primary Master: CD-ROM
            Type: Auto
            Multi-Sector transfers: Dis
            LBA Mode Control: Dis
            32 bit I/O: Dis
            Transfer Mode: FPIO 4 / DMA 2
            Ultra DMA mode: Dis
        Primary Slave: none
        Processor
            Processor speed: 933 MHz
            Processor 1 type: 686
            Cache RAM: 256 KB
            Processor 2 type: 686
            Cache RAM: 256 KB
            Processor #1 status: normal
            Processor #2 status: normal
            Clear processor errors: [Enter]
            Processor error pause: Ena
            Processor Serial number: Dis
ADVANCED
    Memory reconfiguration
        System memory: 640 KB
        Extended memory: 1047552 KB
        DIMM group #1 Status: normal
        DIMM group #2 Status: normal
        DIMM group #3 Status: normal
        DIMM group #4 Status: normal
        Clears DIMM errors: [Enter]
        DIMM error pause: Ena
    Peripheral Configuration
        Serial Port 1: 3F8, IRQ4
        Serial Port 2: 2F8, IRQ3
        Parallel Port: 378, IRQ7
            Parallel Port Mode: ECP,DMA3
        Diskette controller: Ena
        Mouse: Auto  detect
        SCSI Controller: Dis
        LAN Controller: Ena
        VGA Controller: Ena
        USB Controller: Dis
    PCI Device
        PCI IRQ 1: Auto Select
        ...PCI IRQ 14: Auto Select
    Option ROM
        On board SCSI: Ena
        On board LAN: Ena
        PCI Slot1: Ena ...
        PCI Slot6: Ena
    Numlock
        Numlock: Auto
        Key Click: Dis
        Keyboard auto-repeat rate: 10/sec
        Keyboard auto-repeat delay: 1 sec
    Reset Configuration data: No
    Installed O/S: Other
SECURITY
    Supervisor password is: Clear
    User password is: Clear
    Set supervisor password: [Enter]
    Set user password: [Enter]
    Password on boot: Dis
    Fixed disk boot sector: Normal
    Diskette access: User
    Secure mode: [blank]
    Power switch mask: Unmasked
    Option ROM Menu mask: Unmasked
SYSTEM
    Wake on events
        Wake on LAN: Dis
        Wake on Ring: Disk
    AC-Link: Power on
    Error log initialization: [Enter]
    Console redirection
        Serial port address: Dis
        Baud rate: 19.2K
        Flow control: No flow control
        Console Connection: Direct
    Assert NMI on PERR: Dis
BOOT
    Boot-time Diagnostic screen: Ena
    Boot device priority
        1. ATAPI CD-ROM Drive
        2. Removable devices
        3. Hard Drive
        4. Intel Boot Agent Version 4.0
    Hard Drive
        1. Bootable Add-in Cards
        2. Intel Integrated RAID
        3. Intel Integrated RAID
    Removable Devices
        1. Legacy Floppy Drives

Updated BMC Firmware
    - booted off disk, selected option 1 ()
        - selected "Update Firmware", current revision=01.16; update revision=11.19
            got the message: "Entering any key, DC is turned off.  Please turn DC on, after wait a few seconds" (sic)
            Power got turned off.   Rebooted with BMC disk again and selected to display firmware:
            Firmware revision: 11.19
            Device revision: 0
            SDR version: SDR Version 0.03 (STL2)

02-01-30  UPGRADED FIRMWARE on RAID cards
    Created a boot disk and installed RAID firmware fru6.1.2.6i. Everything seemed to  go OK.

PhoenixBIOS  v4.0  Release 6.0
STL20.86B.0025.P01.0110151150
STL2 BIOS Release 1.11
2 x Intel Pentium III processor  933 MHz
640K system RAM passed
1023M Extended RAM passed
0256K Cache SRAM passed
System BIOS shadowed
Video BIOS shadowed
UMB upper limit segment address: E46C
ATAPI CD-ROM: LG    CD-ROM CRD-8521B-(PM)

PCI     STORAGE RAID Controller BIOS   Version 6.05B
Copyright (C) 1991-2001 by Intel Cop   Nov 7 2001
All rights reserved!
BIOS at 0x000C9800-0x000CEFFF
2 Controllers found, Selftests OK, scanning SCSI Bus...
[PCI 0/7] DPMEM (B) at 0xF9400000-0xF9403FFF, INT A = IRQ 5
[PCI 0/7] SRCU31L - HWL0 - 16 MB SDRAM/ECC 2048 kB Flash Flash-RAM
[PCI 0/7] SN 00F90B2E - Firmware-FW-Version 2.32.02-R00F - Nov 7 2001
[PCI 0/7] SCSI-A ID:6 LUN:0 -- ESG-SHV  SCA HSBP M14
[PCI 0/7] ECDFC support enabled
[PCI 0/7] SCSI-A ID:1 LUN:0 -- SEAGATE ST318405LC  async
[PCI 0/7] SCSI-A ID:4 LUN:0 -- SEAGATE ST318405LC  async
[PCI 2/10] DPMEM (B) at 0xFB400000-0xFB403FFF, INT A = IRQ 11
[PCI 2/10] SRCU31 - HWL0 - 128 MB SDRAM/ECC 2048 kB Flash Flash-RAM
[PCI 2/10] SN 00F9FBE2 - Firmware-FW-Version 2.32.02-R00F - Nov 7 2001
[PCI 2/10] SCSI-A ID:6 LUN:0 -- ESG-SHV  SCA HSBP M14
[PCI 2/10] ECC support enabled
[PCI 2/10] SCSI-A ID:0 LUN:0 -- SEAGATE ST336705LC  async
[PCI 2/10] SCSI-A ID:3 LUN:0 -- SEAGATE ST336705LC  async

Press control-G to  enter Intel Storage Console
 

01/05/02 - secure dns info:

From: Jim Breton <jamesb-firewalls@alongtheway.com>
Subject: Re: Secure DNS setup

On Wed, Apr 25, 2001 at 02:02:57PM -0500, Eliyah Lovkoff wrote:
> My DNS server resides on LAN network(not on DMZ).This DNS server acts as a forwarder to the DNS servers on the ISP site.
> I want to secure DNS communications but I'm not sure what is the way to set it up...
>
> First scenario:
> ANY > Internal_DNS > domain-udp > Accept
> Internal_DNS > ANY >domain-udp > Accept
>
> 1. Is it a correct way to secure DNS communication or is there anything else that must be done?

Depends on what you mean by "secure."  Do you mean relatively unspoofable and uncrackable, or do you mean "cryptographically secure?"

If the former, you would do well to use djbdns: http://cr.yp.to/djbdns.html
If the latter, then use [djbdns and] IPSec.

> 2. Should I replace ANY with DNS addresses of ISP servers,thus restricting DNS communications to communications between mu DMS and ISP's DNS server?
> 3. Should I include domain-tcp also to be able to perform zone transfers between my dns and ISP's?

I'm afraid I'm not clear on what exactly you are doing.

Do you just need a caching DNS server for your own networks, or do you also wish to host your own domains' authoritative records?

If the former, you need to allow inbound packets to high udp ports from source udp port 53 in order to receive remote DNS servers' replies to your queries; you should also allow non-SYN tcp responses with the same port specifications for those few cases where your dns clients will have to re-try queries over TCP, and for zone transfers.

If the latter, then you need to do the above _as well as_ allow inbound 53/udp.  Whether you allow inbound 53/tcp depends on your records and whether you need to allow zone transfers.  As someone else has already noted, "it's not just for zone transfers."  However if your DNS replies are <= 512 bytes then clients won't need to re-try over tcp.  IOW, most sites don't need to allow TCP queries... YMMV though. (See also: http://cr.yp.to/djbdns/faq/tinydns.html#tcp )

This page may also help clarify things (thanks Jonathan): http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-server-roles.html

Note: Tried installing Mandrake V8.0, couldn't find disk or RAID device.

Pressed Ctrl-C at appropriate time during bootup to enter Intel RAID configuration utility.  Set first controller to RAID 1, and called it "Mirror1".  Specified this as the boot volume.  Set second controller to RAID 5, using 4 disks plus one hot spare.

Booted from RedHat 7.1, disk 1.  Raid controllers were found.  Partitioned disks using Disk Druid as follows:
 

Mount Point	Device	Requested	Actual	Type
/boot	i2o/hda1	54 M	54 M	Linux native
<Swap>	i2o/hda5	1764 M	1764 M	Linux swap
/var	i2o/hda6	1000 M	1004 M	Linux native
/	i2o/hda7	1000 M	14519 M	Linux native
/chroot	i2o/hda8	100 M	101 M	Linux native
/var/mail	i2o/hdb1	1 M	104995 M	Linux native

Chose to format and check for bad blocks on all partitions.
Firewall configuration:  High security, Custom rules, allow incoming SSH, Mail (SMTP), imap:tcp, pop3:tcp, dns:tcp, dns:udp

Did individual package selection.

Ran Raid Configuration Services Admin,  /opt/iir/bin/iradmin.  Added user raidadmin with password jbnjbq
Could not run irview, got error message, "ERROR: Software interface failed to initialize"
Could not run irconsole, after entering username (raidadmin) and password, browser shows "Error: Could not open I2O System
Can start iird without problems.

Press F2 to enter BIOS setup.  After going through the RAID controller setups, it will start the PhoenixBIOS Setup Utility.

PhoenixBIOS  v4.0  Release 6.0
STL20.86B.0019.P01.0101302225
STL2 BIOS Release 1.5
2 x Intel Pentium III processor  933 MHz
640K system RAM passed
1023M Extended RAM passed
0256K Cache SRAM passed
System BIOS shadowed
Video BIOS shadowed
UMB upper limit segment address: E465
ATAPI CD-ROM: LG    CD-ROM CRD-8521B-(PM)

Base Board management Contoller
Device ID  : 01 Device Revision  : 00
IPMI Version  : 1.0 Firmware Revision : 01.16
SDR Revision  : SDR Version 0.03 (STL2)
Self Test Result  : passed

SMBIOS Initialize
 

SRCU31L
Raid Configuration Utility 4.18
Raid Controller Firmware v5.10.018
Raid level 1 (disk mirroring)
Name of RAID volume: Mirror1
Size of RAID volume: 17452
Boot device? Yes

SRCU31
Raid Configuration Utility 4.17
Raid Controller Firmware v4.19.014
Raid level 1 (disk mirroring)
Name of RAID volume: RAID5
Size of RAID volume: 104
Boot device? No
 

Downloaded the latest firmware from Intel
http://appsr.cps.intel.com/scripts-df/Detail_Desc.asp?strState=LIVE&ProductID=487&DwnldObjID=1715

---


 
• connected up a separate scsi disk to the on-board scsi controller to use for building kernel and initial installation, since you can't boot directly into RAID controller until you rebuild kernel with i20 support.
• downloaded 2.2.19 sources from www.kernel.org and installed in /usr/src/linux
• used make menuconfig to configure kernel (see mailx kernel config document).
• make dep, make clean, make bzImage
• cp /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz-i2o
• make modules, make modules_install
• editted /etc/lilo.conf to add image,

image=/boot/vmlinuz-i2o
label=i2o
initrd=/boot/initrd--2.2.14-5.0smp.img
read-only
root=/dev/sda5
• ran /sbin/lilo
• pending:
• pending:
• pending:

• still

  ---

For more assistance contact Ron Parachoniak, rap@physics.ubc.ca ( SystemTools )
 

webmaster@physics.ubc.ca

[Dept. Home Page]

last updated: 17 Apr 01