Please note, this document is well out of date and is awaiting an overhaul.

APANA(tm) Internet host guidelines

Australian Public Access Network Association Inc.
ARBN 081 355 722

This document lists a number of guidelines that when followed will assist in the smooth running of your machine and the APANA  network(tm)as a whole. Any questions, comments or discussion relating to this should be mailed to posted to the newsgroup apana.tech.ip.

Strongly recommended

fully qualified news name

Your news name should be your fully qualified name - e.g. blah.apana.org.au, not just blah.

This prevents any conflicts with other UUCP and Internet sites around the world.

identd (RFC1413) support

Your machine should be running an identd.  This supports virtually all modern unix and unix-like systems, including BSD systems and Linux. This assists with network service auditing, and improves the overall security of our network. It also makes us better net.citizens.

IP routing

Your IP hosts (including your router, if applicable) should be setup to have a default route to your main upstream IP link.

This helps prevent problems when new networks come online.

RIP

Your IP hosts should be setup to broadcast RIP (routing information protocol) information.

This helps people maintain an accurate picture of what links are currently operational, as well as allowing hubs to avoid the need for static routes.

msend

Your hosts should support the msend messaging protocol.

msend is a very convenient connectionless protocol. It is better than email for short questions and comments, and since it uses UDP by default it continues to work even when there are problems with TCP. It is quite widely supported within the APANA network.

Optional extras and suggestions

resolver setup

Setup the file /etc/resolv.conf with the first nameserver line pointing to the closest (network-wise) site that runs a named:
nameserver <blah-address>
nameserver <another-address>
nameserver 192.188.107.13
domain apana.org.au
The extra nameserver addresses listed above provide alternatives if the first name server in the list is unavailable. See resolver(5).

If you're running a local named (see below - "secondary named") your own machine obviously runs the closest named, so the first nameserver entry in your /etc/resolv.conf should be:

nameserver 127.0.0.1
or equivalent.

secondary named

Local resolver performance will be improved if you setup a secondary DNS server on your machine. To do this, create an /etc/named.boot file similar to the following:
directory       /etc/namedb
;
; type  domain  source file or host
;
primary         localhost               localhost
primary         0.0.127.in-addr.arpa    localhost.rev

; only include the following secondary entries if your site is the main
; nameserver for your region (e.g. cleese in Adelaide, sydgate in Sydney,
; ogre in Brisbane).

secondary apana.org.au                  192.188.107.10 secondary/apana
secondary 107.188.192.in-addr.arpa      192.188.107.10 secondary/107.188.192.in-addr.arpa
secondary 88.12.202.in-addr.arpa        192.188.107.10 secondary/88.12.202.in-addr.arpa
secondary 89.12.202.in-addr.arpa        192.188.107.10 secondary/89.12.202.in-addr.arpa
secondary 90.12.202.in-addr.arpa        192.188.107.10 secondary/90.12.202.in-addr.arpa

forwarders      your.nearest.named.site ; (n/a, if your site is the main
                                        ; server for your region)

forwarders      192.189.54.17           ; (generally a good idea)

cache           .                       root.cache
Make sure you create the directories /etc/namedb and /etc/namedb/secondary. localhost should be placed in /etc/namedb:
@       IN      SOA     blah.apana.org.au. root.blah.apana.org.au. (
                        1994071200      ; serial - yyyymmdd##
                        10800
                        1800
                        3600000
                        86400 )
        IN      NS      blah.apana.org.au.
        IN      A       127.0.0.1
As should localhost.rev:
@       IN      SOA     blah.apana.org.au. root.blah.apana.org.au. (
                        1994071200      ; serial - yyyymmdd##
                        10800
                        1800
                        3600000
                        86400 )
        IN      NS      blah.apana.org.au.
1       IN      PTR     localhost.
And root.cache:
;
; Initial data for named to figure out where the `root' servers are.
; This is not used in normal operating mode.
;
.                       IN      NS      NS.NASA.GOV.
                        IN      NS      NS.INTERNIC.NET.
                        IN      NS      NS1.ISI.EDU.

NS.NASA.GOV.            IN      A       192.52.195.10
                        IN      A       192.52.195.247
                        IN      A       128.102.16.10
NS.INTERNIC.NET.        IN      A       198.41.0.4
NS1.ISI.EDU.            IN      A       128.9.0.107

TCP/IP firewalling and connection logging

TCP/IP "wrappers" or the inetd replacement, xinetd, allow your machine to reject TCP/IP connections from certain addresses and networks, if desired. Perhaps more importantly, they enable connections to be logged, complete with ident (see above - "identd (RFC1413) support") information if available. This can be invaluable for tracking access to your system.

time synchronisation

It is useful to have your host's clock synchronised to global standard time. ntp, the network time protocol, is the best way to achieve this. The xntp package is the best software to use for this on Unix(-like) systems. Once you have built an xntpd, the following /etc/ntp.conf can be used to get things going:
peer 192.188.107.13     # eplet
driftfile /etc/ntp.drift
restrict default nomodify notrap
werple's IP address should be replaced with that of the hub site closest to you (e.g. seldon.apanix, sydgate). You should read the xntp documentation to sort out what you really want in your ntp.conf file, however.
 
APANA(tm) , apana newsgroups(tm), APANA network(tm)and the APANA logo(tm) are trademarks of the Australian Public Access Network Association Inc.

Copyright © 1994 by Andrew Herbert
Last revised 26 November 1994

[ Home page ]