Reassure Two DNS Machines (a Primary And A Secondary) With Iptables
Dec 22, 2006
I would like to reassure two DNS machines (a primary and a secondary) with iptables
By default I block everything, but even with rules for the port 53, it blocks the queries needing to resolve via the primary, and the secondary does not manage to transfer the zones of the primary …
DNS are on public ip, but to simplify, we are going to say that:
The primary DNS is: 192.168.0.10
The secondary DNS is: 192.168.0.20
Here are iptables rules(sliders) which I have at present:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i lo --source 127.0.0.1 --destination 127.0.0.1 -j ACCEPT
Thus with these rules, I have quite a lot of problems (resolutions, transfersof zones)
I found these rules on a forum, that seems to be interesting but as I do not know there not iptable, I ignore if it is what I miss or not.
For information here is all the same what I found (not tested):
#iptables -A INPUT -p tcp -s 192.168.0.20/255.255.255.255 --sport 1024:65535 -d 192.168.0.10 -dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -p tcp -s 192.168.0.10/255.255.255.255 --sport 53:65535 -d 192.168.0.20 -dport 1024:65535 -m state state ESTABLISHED -j ACCEPT
PS: server are under Linux Mandrake
View 0 Replies
ADVERTISEMENT
Apr 22, 2009
I have the following three servers, which I'll call A, B, and C:
Server A - Web hosting server that uses cPanel on CentOS.
Server B - Free subdomain service (similar to afraid.org but on a much smaller scale), using PowerDNS with a MySQL database backend, on Debian.
Server C - Backup DNS server for the cPanel web hosting server, using the free cPanel "DNS Only" on CentOS.
Originally I had just A and B set up (they're two separate VPSes on the one dedicated server, I own the dedi and some friends and I have VPSes on it). Now I've got a VPS at a different data centre, and am using that for C.
To have a secondary DNS server for server B, I believe I can use MySQL replication to replicate the PowerDNS database to another server, then have a PowerDNS install on that server. My question is, is it possible to have server C as a backup DNS server for both server A (cPanel server) and server B (PowerDNS server)? ie. is there a way to check both PowerDNS and the cPanel BIND9 for domains (have them on different ports, and make one query the other if the lookup fails, perhaps)? Or perhaps use both the MySQL backend and the bind backend simultaneously in PowerDNS, and replace bind with PowerDNS (although I guess cPanel wouldn't like this)?
View 1 Replies
View Related
May 26, 2008
i have just bought a dedicated server with 2 ips.
i already put type master in named.conf along with a zone file having 2 nameservers pointing to A records
ns1 IN A 1.3.5.7
ns2 IN A 2.4.6.8
how do i setup ns2 (secondary nameserver)? how do i know it is running?
View 9 Replies
View Related
Aug 14, 2007
I have two nameservers, each running physically on a different server on different networks. Now I've noticed that whenever the primary NS goes down, clients requesting authoritative NS record lookups refuse to connect to the secondary NS, which I know is certainly up and running. The secondary NS has its own zone files and when you specifically request that server to resolve NS requests, it does the work. But generic NS lookups without specifying the server appears to fail when the primary server is down.
Does anyone know what might be happening here? I know that the domain registrar has both nameservers recorded for the domains I'm trying to resolve, but what is the point of a secondary NS, when it isn't contacted when the primary nameserver is down?
View 0 Replies
View Related
Mar 22, 2007
clarification on DNS.
We currently have gps devices which report x,y coords. The devices currently report to a fully qualified name: servername.mydomain.com. And only one fully qualified name.
We would like to have redudancy, so if the main server goes down, then the secondary takes over. I assume this is accomblished via DNS.
So out first task is to create name servers at our domain registar and have them register them, for example:
ns1.mydomain.com -> FIRSTSERVERIP
ns2.mydomain.com -> SECONDSERVERIP
Then on the both servers we setup DNS to accept the a record of servename.mydomain.com points to? This is where I get confused. Does the firstserver DNS say point to itself, and the second DNS server point to itself?
View 2 Replies
View Related
May 3, 2009
in setting up Primary & secondary MS DNS server for MS WIn 2003 server,
View 5 Replies
View Related
Jun 30, 2008
I have 2 servers 1 US and 1 UK.
What I wanna do is synchronize both of them using rsync. Once they've got synchronized, the UK will be the primary server and US will be secondary, in case the UK goes down.
my questions are
1. Is it possible that when the UK goes down, the A records for domain.com automatically switches to the US server so it can take over while UK is down.
ie. UK ip 112.113.114.1
US ip 222.111.444.5
domain.com A records = UK ip when up... but when UK is down, A records automatically changes to US ip.
2. And when the UK server goes up again, whatever changes made to US server will be pushed to UK. May it be files, accounts or e-mails.
I.E.
UK and US are synchronized every 30mins. UK and US both have e-mails 1-10.
Just before the sync time, UK server received an e-mail 11-15 then goes down. So the US Server will take over but do not have 11-15 mails, since it was received before sync time. During the UK downtime, US server received e-mails 16-20.
When the UK server goes up, will it be possible to sync both servers that both of them will have the e-mails 1-20?
I hope you get my point...
If these are not feasible, what can you advice as an alternative solution. All I want is to avoid downtimes, especially with mails as the business relies on this.
View 9 Replies
View Related
Apr 6, 2008
Could anyone tell me if they heard of this hosting company is OK? I checked they speed and it's ok, the prices are great as well,but i haven't seen much reviews
View 6 Replies
View Related
Mar 15, 2008
I've been trying to get hold of Nick at Peerless Machines for some weeks regarding a service I have purchased being significantly different than what was advertised. I have received some replies, each after several days, but they have been unsatisfactory in my opinion and nothing has picked up.
About a week ago I was asked for my Live Messenger address so that we could discuss the matter there, but after forwarding it to Nick and waiting several days I have received nothing. Their website also does not publish any significant contact details, and their billing system is disfunctional.
Does anyone have functional, direct contact details for Nick at Peerless Machines? A telephone number or Live Messenger address would be great.
View 5 Replies
View Related
Jul 17, 2007
In your environment, have you ever used diskless machines (e.g. booted with BOOTP/DHCP/TFTP) for any reason? Where in your environment are you making use of them (e.g. what types of servers - web, application, database, DNS, etc...), and how has it turned out for you?
Has it actually yielded any of the promised benefits that the literature on them says, or was it a pain to set up and maintain?
Any interesting use cases on what you use them for and, as importantly, what are your criteria for determining whether a particular type of server should be diskless or not?
As this forum is filled with people with lots of experience running hosting businesses or their own web applications and therefore have managed thousands of machines between yourselves, I figured this is an appropriate and interesting question to ask. I'm hoping to get insights from here that I can't get from reading any old web article.
View 1 Replies
View Related
Jul 29, 2007
Anyone know where to find preconfigured virtual machines? I'm looking for Cent OS 5 preconfigured with all the normal stuff (http, php, mysql, bind). I could set this all up myself but surely someone is in the business of creating preconfigured VMs?
I don't know all the precautions to take as far as securing a linux box, so a VM that is fairly secure like this would be very nice. I'm sure someone is already doing this, I just have yet to find them.
I think I'm going to use VMWare, but if the preconfigured VMs is for another virtual software, I'll reconsider.
View 14 Replies
View Related
Jul 25, 2008
In recent weeks Peerless Machines was sold by a competent owner to PC-Core.net. Since that time, the server performance has been HORRIBLE, responses have been UNACCEPTABLY delayed, and none of their systems work.
They moved all shared and reseller clients over to a PC-Core sever. They had MySQL settings so tight that their own Kayako support desk didn't even function. Each time I tried to submit a ticket, their SQL server had "gone away."
When I contacted support (finally...manually through e-mail), the support responses were incoherent and ignorant.
I decided to cancel... but apparently that was too difficult of a task for them to complete.
I cancelled my account on July 14th. I received multiple e-mails from them saying that my invoice (due on the 20th) was overdue. When I replied to the bill, they said that the had no record of my account and that no invoice had been generated. Hmm.
So, I got two other e-mails informing me that my bill STILL had not been paid.
Please beware. Peerless Machines is no longer peerless..... It's now owned by PC-Crap . net!
Stay away....
View 14 Replies
View Related
Nov 9, 2007
How do you go about setting up virtual machines so that they can see sites hosted on the host machine?
I've got Virtual PC 2007 and the disk image that MS supply for testing IE6 on Vista machines and I'm having trouble accessing my local Apache server (set up with XAMPP). Until recently I was able to set the XP VM's LAN settings to use a proxy server with the IP address of the host machine, but I got migrated to ADSL2+ yesterday by my ISP and now that's no longer working.
To access my sites locally, I set up httpd.conf like this:
PHP Code:
<VirtualHost *:80> DocumentRoot "C:PathToFolder" ServerName siteName.local</VirtualHost><Directory "C:PathToFolder"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all</Directory>
and then in Windows hosts file I add 127.0.0.1 siteName.local.
So what's the best way of getting the host and VMs to talk to each other?
View 0 Replies
View Related
Jun 25, 2014
Allow from 192.168.0.*
to the httpd-manual.conf to enable access by other machines on my network but it seems to be hard coded to localhost only.
Is there something else I can add to httpd-manual.conf to enable it or do I need to copy manual folder to the htdocs folder and then restrict that <Directory> ?
View 1 Replies
View Related
May 24, 2009
How do I configure dedicated IP's on Virtual Machines running on a CentOS5 Host?
I installed VMWare Server 2 almost without a problem using no GUI, I now have the web interface for the VMWS2 and any machine I create and run on it seems to do so without a problem.
The thing is, I can't connect or know how to configure this virtual network so I end up using 2 dedicated IPs on the Virtual Machine.
View 8 Replies
View Related
Jan 5, 2008
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
View 2 Replies
View Related
Sep 29, 2008
Is there any cheap / stable VPS vendor in UK likes cheapvps.co.uk? I just need a minimum VPS (128MB RAM?) for secondary DNS.
View 4 Replies
View Related
Dec 2, 2007
I signed up with cheapvps.co.uk a month ago, and I'm very happy with them . Now I'm looking for a very small VPS to host a secondary DNS server, and maybe a backup MX server.
It's just for personal use.
I think 5GB disk space would be enough, and I would like not to spend more than $10 USD/month. Do you know any VPS that suits my needs?
View 7 Replies
View Related
Sep 19, 2008
So you may have noticed im starting a few threads..
my boss told me that he wants to expand our market into hosting
im going to be putting some servers togeter and starting from scratch so to say
we'll be running alot of 2003 XP linux VM's
____________________________
we are going to be pushing some into the gaming server market
alot of sites offer dedicated servers
but with VM's taking off are these really *DEDICATED* or are they VM's?
will will be hosting some "dedicated" servers for not only game servers but for other aplications as well
View 14 Replies
View Related
May 22, 2009
We need a secondary DNS for our cPanel server, as we want to have separate nameservers. What is the cheapest vps anyone knows that is hosted outside of Bluesquare House (UK). Global location isn't important.
View 2 Replies
View Related
Jun 13, 2008
I have a VPS with LXADMIN Hostinabox single server and want to use this VPS as a secondary/slave DNS server. My primary/master DNS is hosted elsewhere.
Does the LXADMIN Hostinanox interface facilitate the ability to setup the secondary zone?
View 2 Replies
View Related
May 20, 2008
mount secondary H.D.D to /backup, but i have following error after run "mount /dev/sdb1 backup"
mount: unknown filesystem type 'ntfs'
How can change secondary hard disk file system to linux?
View 11 Replies
View Related
Mar 28, 2007
I have searched for setting up automatic secondary DNS, but couldn't find anything, if I missed it, please post a link
I have 2 VPS's one running cPanel/WHM with about 15 low traffic sites on it. The other is a very slow spec VPS, hopefully just for DNS services.
I only have 1 domain server running currently, this is on the same server as the all the websites, what I want is a secondary DNS mirroring that of the DNS on my cPanel VPS, automaitically....
I was thinking of writting a little script to scp all the .db files in /var/named/ to my secondary server, then login to the secondary server and restart BIND?
View 6 Replies
View Related
Jul 22, 2008
What happens if your primary nameserver goes down? Meaning that it goes completely off the net, not even denying dns requests but completely ignoring them.
I'd guess that resolvers would query the secondary NS after a specified timeout, but what is that timeout set to? Does it differ from ISP to ISP? How much of a slowdown are we looking at for end users?
View 0 Replies
View Related
Jul 5, 2007
would it be possible to have my main box running apache, a second box for dns/other and an offsite secondary dns such as DNS1.PUBLIC-DNS.NET?
Is it possible to authenticate the primary and offsite secondary nameserver so the zone is transferred to the secondary? Would i need to pay for a special service, or do free ones exist? Are there any security implications with zone files being transferred out over the public internet, would a vpn need to be configured or can the process be encrypted via the transfer procedure?
Finally, how would this affect the way the entire virtual hosting works? I know when the nameserver on the host machine serves resolves a name request for a computer trying to browse the site in question, but when the actual http request goes to the web server does it incldue the domain it is looking at also?
View 4 Replies
View Related
Jul 29, 2007
I just ran into something about Secondary DNS services.
What exactly is that?
Is that where if my primary name server goes down, a secondary name server kicks in and resolves all my donmains to another server somewhere?
I've been thinking about getting setup with some kind of fail safe setup in case my primary name server goes down.
Would Secondary DNS services take care of that?
If so, anybody know where I can find a reliable, affordable secondary DNS service?
View 9 Replies
View Related
Apr 21, 2008
I got a new server and need to move my primary and secondary DNS. I use cpanel.
My idea was too:
1. Shut off my secondary DNS ns2. on my old server. (which I don't know how to do.) I was able to delete it from the nameserver Ip's link in whm. It deleted it but the server still has the IP assigned to it.
2. Set up my secondary dns on the new server. (cpanel wont let me because it says it already exists so I'm kind of stuck on this one too.)
3. Once the secondary is set up go to my registar and change the IP address.
4. move the sites, and turn off the primary ns server forcing everything to go to the new server or secondary dns.
5. move the primary..
View 2 Replies
View Related
Mar 15, 2007
I've been having this issue for almost a week now and it's driving me crazy.
I made an IP switch from one peer to another. Anyways, I setup the gateway, primary IP, subnet, etc.
Once the box was rebooted and came up with the new IPs I noted that cPanel was whining that the license was incorrect and noted that instead of xxx.xxx.xxx.98 it was recognizing xxx.xxx.xxx.99
I just switched the license over and it was done. But I'm having some major email issues as some remote hosts does not receive/send emails to my server as the hostname cannot be found since they also recognize the secondary IP .99 and not primary .98 as it should be.
I've checked the entire settings again but just can't get around it. An ipconfig shows that the primary IP is in fact .98 which keeps me puzzled:
eth0 Link encap:Ethernet HWaddr 00:50:45:5C:0D:90
inet addr:xxx.xxx.xxx.98 Bcast:xxx.xxx.xxx.111 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:134016363 errors:0 dropped:0 overruns:0 frame:0
TX packets:178062904 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1556429887 (1.4 GiB) TX bytes:2181442479 (2.0 GiB)
Interrupt:17
View 12 Replies
View Related
May 15, 2007
Anyone using this for VPS? Good or Bad?
View 14 Replies
View Related
Jun 22, 2007
My experience with them:
Signed up for my 1st VPS recently, after Primary VPS had initial problems setting up my CPanel VPS, they offered me 'free full management ' for 2 months and Free Security Installation. Nice i thought. On the 16th June, experienced around 12 hours of downtime, had not moved my main sites over to them at that time so didn't kick up any fuss.
After moving my main sites over to them, soon after and they all working ok, on Wednesday 20th June night, I requested this free security installation they offered and was told APF and BFD had been installed some time in the night.
Checking sites next morning (thursday 21st - coincidently same time everyone else was having problems) saw no sites were available, was getting 'server not found'. So started 'critical support ticket':
Quote:
Hello,
I went onto the internet this morning to find my websites/IP addresses down and my control panel inaccessible. It has now been 40 minutes and its still the same. God knows how long it may have down before i checked. I tried live support twice and both times i have been cut off/ no response. Please can this problem with my VPS and your live support system be looked at.
VPS ID: *****.vm
Dedicated IP(s): ***.**.***.***, ***.**.***.***, ***.**.***.***
User : *****
password : *****
This resulted in 20 hours of no sites for me. Same thing in the ticket, I would say, 'My IP addresses and sites are still down' and i would get response back, 'Your VPS is back up and running fine'. Great help that was!
14 hours after my 'critical' support ticket and not getting anywhere, finally speaking to someone in live support, they figured it was the firewall they had installed earlier was blocking access to everything. They excepted no responsibility for the time sites were offline or any loss of earnings saying it was my fault for not configuring the firewall.
Response was:
Quote:
The issue is that you did not request any ports to be open or any applications to be allowed through
I thought ok, maybe it was my fault, i'm new to VPS and didnt know i had to request ports to be open and no-one told/asked me either (but isnt that what managed hosting is for - to make them deal with everything).
Anyway, Regarding why it took them 14 hours to figure out the problem, Victor responded:
Quote:
You were not able to state your exact issue, so all we were able to go on wa guess work. So obviously it will take some time to figure out your issue if you do not tell us what it is exactly.
14 hours to figure it out why my IP's and sites were down because my original ticket was vague!?!
As someone new to VPS's i would think that this is there fault. But Victor clearly makes out that they are not to blame and it is all my fault! Everything is up and working fine now and I was at first surprised with the high levels of service and support but after experience, its its like banging your head against a brick wall chatting with these guys!
View 6 Replies
View Related
Apr 18, 2009
I got 4 IP from server.lu
A friend install windows 2008 on top of the vmware.
Then I noticed that the connection is not very right.
So I go to network connection in the hope of changing the DNS.
I just right click the connection and found out that I lost my connection to the server.
Restarting the server allow me to ssh and ping the main IP but none of the secondary IPs work.
View 5 Replies
View Related
