This is part of the AfNOG 2009 Workshop, held in conjunction
with the AfNOG meeting in Cairo, Egypt, in May 2009.
Daily Time Schedule:
Morning
-------
Session-1 08:45am - 10:45am
Tea Break 10:45am - 11:00am
Session-2 11:00am - 01:00pm
Lunch Break 01:00pm - 02:15pm
Afternoon
---------
Session-3 02:15pm - 04:15pm
Coffee Break 04:15pm - 04:30pm
Session-4 04:30pm - 06:30pm
Dinner 06:30pm - 08:00pm
Evening
-------
Session-5 08:00pm - 10:00pm
In addition to this detailed timetable you can see a summary timetable as well.
Monday morning 8:45am
o Introduction and logistics -- Ayitey Bulley
o FreeBSD Tutorial -- Joel Jaeggli
* FreeBSD Tutorial Materials.
* FreeBSD Tutorial Exercises.
+ Accounts information
+ Creating a user account for exim and yourself
+ Some basic FreeBSD commands
+ Post-installation configuration
+ Short example using FreeBSD commands
+ Getting FreeBSD 7.1 files and others
+ pkg_add: Adding packages or ports by hand
+ Network Information
- ifconfig
- rc.conf
- Stopping and starting the network
- Stopping and starting services
+ Installation Notes
+ Slices and partitions
+ Distribution sets
+ Quick installation guide (using CD-ROM)
+ The FreeBSD Directory Structure
+ A few differences from Linux
+ VI Tutorial
Monday morning 11:00am
o DNS Session-1 (Fundamentals): -- Ayitey Bulley
* DNS Materials.
* Goal: to understand overall purpse and structure of DNS
+ IP addresses vs. names
+ DNS as a distributed, hierarchical database
+ Domain names and resource records:
- A, PTR, MX, CNAME, TXT, SOA/NS
+ Domain name lookup responses
+ Reverse DNS
+ DNS as client-server model
- Resolver
- Cache
- Authoritative server
+ Testing DNS (dig)
+ Understanding output from dig
+ Practical Exercises:
- Configure Unix resolver
- Use dig { A, other (e.g. MX), non-existent answer, reverse lookup }
- Use tcpdump to show queries being sent to cache
Monday afternoon 2:00pm
o DNS Session-2 (DNS Caching Operation & DNS Debugging): -- Joe Abley
* Goal: to understand operation of a recursive nameserver
+ Recap of previous session
+ DNS as a distributed database.
+ Resource record NS: referral of answer
+ Caching nameserver and root servers
+ Caching used to reduce load (esp. top level servers)
+ Issue of stale data in caches (problems with distributed systems).
- TTL records on each record
- Negative TTL in SOA
+ Recursion and caching (dig +norec)
+ Demo: www.ticscali.co.uk
+ Practical Exercise:
- Debugging DNS Worksheet (with dig +norec ):
. Students work on their own examples
+ Configuring a caching nameserver
- check /var/named/etc/namedb/named.conf
- run tcpdump
- rndc start
- change /etc/resolv.conf to point to your nameserver
- querry two times - { Look at 'aa' flag, TTL, query time }
- rndc flush
- cache is authoritative for 127.0.0.1
Monday afternoon 2:00pm
o DNS Session-2 (Continued): -- Joe Abley
+ What sort of hardware would you choosing when building a DNS cache?
+ Improving the configuration of a cache NS
+ Managing a caching nameserver
+ Practical Exercise:
- Building your own cache nameserver
- Improving the configuration of the cache NS
+ Question and Answer session
+ Summary
Monday afternoon 4:15pm
o DNS Session-3 (Configuring Authoritative Name Servers): -- Ayitey Bulley
* Goal: to properly configure an authoritative nameserver
+ Recap of caching NS
+ DNS Replication
+ Outside world cannot tell the difference between master and slave
+ When does replication take place?
+ Two (2) Dangers with serial numbers
+ Configuration of Master & Slave NS
- Format of Resource Records { SOA and NS }
+ Ten (10) Common DNS Operational and Configuration Errors (RFC1912)
Monday evening 6:30pm
o IPv6 Introduction -- Philip Smith
Tuesday morning 8:45am
o DNS Session-3 (Continued) Exercises: -- Ayitey Bulley and Joe Abley
* Setting up a an authoritative name services for a domain
+ Master & Slave nameserver exercises
Tuesday morning 11:00am
o DNS Session-4 (Delegation & Reverse DNS) -- Ayitey Bulley and Joe Abley
* Presentation:
+ Domain delegation
+ About Glue records
+ Reverse DNS (/24)
+ Reverse DNS (less than /24)
* Exercise:
+ Delegation
+ Reverse DNS (in-addr.arpa)
+ Setting up flexible logging
Tuesday afternoon 2:00pm
o RADIUS -- Frank Kuse
* RADIUS Materials
* Presentation:
+ What is RADIUS?
+ What does RADIUS do?
+ Why do we need RADIUS?
+ Other AAA services
+ About FreeRADIUS
* Exercise:
+ Build and install freeRADIUS.
+ Configure and start the RADIUS server.
+ Test authentication
+ Convert a service to support Radius.
Tuesday afternoon 4:15pm
o Web/SSL -- Michuki Mwangi
* Apache Materials
+ Installing Apache22 from FreeBSD ports
+ Configure Apache with basic configuration
+ Start Apache httpsd daemon and connect to local box
+ Verify local ssl certificate works
+ Configuring Apache with SSL
+ Example SSL Apache configuration file
+ Sample config for Virtual Hosting
Tuesday evening 6:30pm
o DNS & Web/SSL Exercises continued -- Ayitey Bulley, Michuki Mwangi & Chris Wilson
Wednesday morning 8:45am
o Web/SSL -- Michuki Mwangi
* Apache Exercises
+ Enabling IPv6 support in Apache
+ Installing PHP5 and PHP5-Extensions in Apache
+ Mysql Server 5.0 with Apache and PHP support
+ Install and configure Wordpress to use apache and mysql
Wednesday morning 11:00am
o Mail/Exim -- Chris Wilson
* Exim Materials
+ Exim Basics
- What is Exim
- Who uses Exim
- Why use Exim
- Why not to use Exim
- Installing Exim
- Replacing Sendmail
- Exim Overview
- Basic Configuration
- Global Settings
- Adding local domains
- Adding relay hosts
Wednesday afternoon 2:15pm:
o Mail/Exim -- Chris Wilson
+ Exim Routers
- Routing Overview
- Anatomy of a Router
- The Default Routers
- The Redirect Driver
- Testing System Aliases
- Simple Redirecting Router
- Adding a Virtual Domain
- Debugging Routers
- Many Virtual Domains
- Manual Routing a Domain
- Manual Routing all Domains
- Local Part Suffixes
Wednesday afternoon 4:15pm
o Mail/Exim -- Chris Wilson
+ Exim Transports
- What are Transports
- The remote_smtp Transport
- The local_delivery Transport
- Procmail router and transport
- Enabling Maildir support
+ Exim Access Control
- Using Access Control Lists
- Anatomy of an ACL
- Access Control Verbs
- Address Verification
- Callouts
- Testing Callouts
Thursday morning 08:45am
o Mail/Exim -- Chris Wilson
+ Exim Access Control (continued)
- Blocking Senders and Recipients
- Blocking Hosts and Networks
- Sender Policy Framework
- Realtime Black Lists (RBLs)
- Sender Domain Name Servers
- HELO Verification
- Filtering Spam with SpamAssassin
- Filtering Viruses with ClamAV
Thursday morning 11:00am
o Mail/Exim -- Chris Wilson
+ Exim SMTP Authentication
- Why use SMTP Authentication
- Installing saslauthd
- Enabling SMTP Authentication
- Using RADIUS for Authentication
- Testing Authenticated Relaying
- Encrypting SMTP Sessions
- Enabling SSL Encryption
- Testing SSL Encryption
- Requiring SSL for Authentication
+ Exim Troubleshooting
- Logs and Debugging
- The Mail Queue
- Where to Get Help
Thursday afternoon 2:15pm thru to the Evening Session
o POP, IMAP and Webmail servers -- Joel Jaeggli & Michuki Mwangi
* IMAP4/POP3/WebMail Materials:
+ Dovecot - Server for POP and IMAP
- What is Dovecot?
- Installing dovecot from ports
- Configuring Dovecot
+ Mailserver scalability
- Linear password files
- Linear mbox files
- Too many files in one directory
- CPU limits
- Disk performance
- Keep your SMTP (smarthost) and POP3 services separate
+ SquirrelMail Webmail Interface
- Background
- Why SquirrelMail?
- Requirements for Installing SquirrelMail
- Installing SquirrelMail
- Configuring SquirrelMail
+ Notes and Clustering and NFS
- Using Network File System (NFS)
- Using Proxies
- Load balancing
- Database backends
- FreeBSD NFS
Friday morning 8:45am
o POP, IMAP and Web email servers -- Joel Jaeggli & Michuki Mwangi
+ Practical Exercise ( continued ):
Friday morning 11:00am
o Monitoring IP Services - Frank Kuse, Ayitey Bulley & Chris Wilson
* Monitoring Section Materials
+ Monitoring of Exim Logs & Queues
- What is ExiLog?
- Features of ExiLog
- ExiLog Target Audience
- Installing ExiLog
- Setting up the ExiLog MySQL Database
- Configuring Exilog
- Configuring the ExiLog Virtual Web Server
- Running ExiLog
Friday afternoon 2:00pm
o Monitoring IP Services -- Frank Kuse
+ Monitoring IP Services with Nagios
- Why Nagios
- What Can it Do?
- Sample Nagios Setup
- Nagios Notification Flow Diagram
- Nagios Configuration
- Sample Screen Shots
- Nagios Configuration Files
Friday afternoon 4:15pm
o Monitoring IP Services -- Frank Kuse
+ Practical Exercise:
- Setting up nagios
o Other stuff:
+ Nagios config files
Return to AfNOG Workshop Main Page