AFNOG 2002 Workshop

Track 1 - Scalable Internet Services

This is part of the AFNOG 2002 Workshop, held in conjunction with the AFNOG meeting in Lome, Togo, in May 2002.

TIMETABLE

Monday morning

• Introduction and logistics -- William Tevie
• FreeBSD Tutorial -- Hervey Allen, Joel Jaeggli, Noah Sematimba
  • FreeBSD Introduction Materials. This section includes:
    • Introduction
    • Why FreeBSD
    • Accounts information
    • Creating a user account for yourself
    • Some basic FreeBSD commands
    • Post-installation configuration
    • Short example using FreeBSD commands
    • Getting FreeBSD 4.5 files and others
    • pkg_add: Adding packages or ports by hand
    • Network Information
    • ifconfig
    • rc.conf
    • Stopping and starting the network
    • Stopping and starting services
    • Installation Notes
    • Slices and partitions
    • Distribution sets
    • Quick installation guide (using CD-ROM)
    • The FreeBSD Directory Structure
    • A few differences from Linux
• DNS -- William Tevie and Ayitey Bulley
  • DNS Section Materials. This section includes:
    • What the Internet's DNS is
      • A systematic namespace - the domain name space
      • Why use hierarchical names?
      • What are domain names used for?
      • Example of domain name
      • Domain name hierarchy
      • Different users of the term domain
      • Other information mapped to domain names
      • Different people responsible for different parts
      • What is a zone?
      • Information is associated with each domain name
      • General format of RRs
      • Several types of RRs
      • IP address for a host
      • Information needed by the DNS insfrastructure itself
      • SOA record
      • NS record
      • SOA and NS record example
      • More about RRs above and below zone cuts
      • Zone cut example - RRs in the child zone
      • Zone cut example RRs in the parent zone
      • Hostname for an IP address
      • Information about mail routing
      • Alias to canonical name mapping
      • Reverse lookup
      • Reverse domain hiearchy
      • Requirements for a nameserver
      • How is data partitioned amongst the servers?
      • What about reliability?
      • DNS protocols
      • Master and slave servers
      • Location of servers
    • Configuring a resolver on a Unix-like system
      • named.boot example
      • named.conf example
      • Checking DNS using nslookup
      • Checking DNS using dig
    • Best Practices

Monday afternoon

• DNS -- William Tevie and Ayitey Bulley
  • Presentation continued with the following exercises:
    • Setting up a resolver on a FreeBSD system
    • Setting up a Primary Name Server on a FreeBSD System
    • Setting up a Secondary Name Server on a FreeBSD System

Monday evening - Optional sessions

• Continuation of DNS with Exercises -- William Tevie, Ayitey Bulley, and Alain Aina

Tuesday morning

• Security Issues - Brian Candler and Hervey Allen
  • Security Section Materials
    • Authentication
    • Authorisation
    • Integrity
    • Confidentiality
    • Availability (DoS)
    • Host access controls
    • Network access controls
  • Attacks on the host vs. attacks no the network
  • smurf attacks
• SSH Discussion - Security at the Application Layer
  • known_hosts files and authorization
  • Password challenge authentication
  • RSA/DSA Private/Public Key generation
  • Public/Private Key use with SSH
  • ssh-agent and ssh-add
  • Using tunnels with SSH

Tuesday afternoon

• Web/Proxy/SSL -- Joel Jaeggli and Noah Sematimba
  • Web/Proxy/SSL Materials
  • Install OpenSSL
  • Patch Apache source code with SSL patch
  • Install Apache
  • Generate new local SSL certificate
  • Configure Apache with basic configuration
  • Start Apache httpsd daemon and connect to local box
  • Verify local ssl certificate works

Tuesday evening - Optional sessions

• FreeBSD Tutorial Cont. and FreeBSD Installation -- Hervey Allen and Joel Jaeggli

Wednesday morning

• Squid
  • Web/Proxy/SSL -- Joel Jaeggli and Noah Sematimba
    • Discussion of Squid Caching Server
    • Installation of Squid
    • Step-by-step overview of squid.conf
  • Squid Caching Continued -- Joel Jaeggli and Noah Sematimba
    • Client Configuration for Proxy Server Use
    • Auto Discovery of Proxy in IE Issue
    • WPAD Expired RFC
• Web/Proxy/SSL -- Joel Jaeggli and Hervey Allen
  • Configuring Apache with SSL
  • Example SSL Apache configuration file
  • A good SSL Primer

Wednesday afternoon

• Mail/Exim -- Philip Hazel and Brian Candler
  • Exim Materials
  • POP3/Mail Materials - See below as well
• Topics covered in this section
  • Introduction to Internet Mail
    • Mail agents - MUA and MTA
    • Message format
    • Authentication
    • SMTP - Message in transit
    • Use of DNS for email
    • Delivering a message
    • Relay control
    • Policy control on email
  • Installation of Exim and basic tests

Wednesday evening - Optional sessions

• Continued Practice with Exim

Thursday morning

• Mail/Exim -- Philip Hazel and Brian Candler
  • Exim Routers and Transports configuration
    • Configuration file
    • Changing runtime configuraiton
    • Configuration file sections
    • Default configuration file layout
    • Common global options
    • Exim 4 routing
    • Simple routing configuration
    • Default routers
    • Default transports
    • Routing to smarthosts
    • Virtual domains
    • Access control lists
    • Good and bad relaying
    • Message filtering
    • Large installations
    • Separating mail functions
  • Modify routing practical exercises

Thursday afternoon

• Mail/Exim -- Philip Hazel and Brian Candler
  • Access Control Lists
  • Setting up a relaying host practical exercises
• POP, IMAP and Web email servers
  • POP3/Mail Materials
    • Mailserver scalability
      • Linear password files
      • Linear mbox files
      • Too many files in one directory
      • CPU limits
      • Disk performance
      • Keep your SMTP (smarthost) and POP3 services separate
    • Maildir and qmail-pop3d practical exercises
      • Reconfigure exim for Maildir delivery
    • Courier practical exercises
      • Install courier-imap
      • Configure the daemons
      • Start the daemons
      • pop3 and imap over SSL

Thursday evening - Optional sessions

• Wireless networks
• Informal Exim and Mail work

Friday morning

• POP, IMAP and Web email servers -- Brian Candler
  • Sqwebmail practical exercises completion
  • FreeBSD mailserver performance tuning
    • Increase kernel limits
    • Enable softupdates
    • Use SCSI disks
    • Spread mail directories across multiple disks
    • Put in as much RAM as possible
    • Use PCI cards, not ISA!
  • Notes and Clustering and NFS
    • Using Network File System (NFS)
    • Using Proxies
    • Load balancing
    • Database
    • FreeBSD NFS

Friday afternoon

• Mailing Lists/Majordomo -- Ayitey Bulley and Hervey Allen
  • Majordomo/Mailing lists materials
    • Creating and managing majordomo
    • Why you might want manual intervention
    • Day-to-day utilities
    • Troubleshooting and standard problems
    • Manage your list owners - not their lists
    • List owners list and listowners script
    • Small tools
    • A practical excercises
  • Mhonarc configuration
    • Creating your archive directory
    • Installing custom rcfiles and a shell script
    • Creating your initial Mhonarc files
    • Adding messages from an existing mail folder
    • Automating Mhonarc
    • Configuring Pine to use the pipe command
    • Piping a single message
  • Majorcool Configuration and installation
    • Installing Majorcool
    • Setting up CGI correctly with Majorcool
    • Setting up keys
    • Majorcool options
    • Testing Majorcool
    • Setting up Apache with Majorcool
    • Test the web interface

Return to AFNOG Workshop Main Page