I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.
Related
I have the proxy profile added with a working proxy(checked through curl). I have also setup the proxification rules using the individual applications as well as tried setting the default rule to connect via the proxy profile. But to no avail. When I look up my ip address i see my real IP not the proxy.
It was working fine earlier before i changed the Name Resolution settings to "resolve hostnames through proxy". But now even when i change the Name resolution settings to "Detect DNS settings automatically" my traffic is still going direct through my isp and not the proxy.
The connections list shows all the applications connecting through the proxy but still what is my ip and whoer.net show my real ip address.
Can somebody please guide me through this, i desperately need this to route through a proxy. I am particularly trying to use noxplayer to connect to a proxy.
I have an issue I can't seem to figure how to solve. I am thinking of using Squid for this but not 100% sure how to configure. A developer is writing a script that will request an XML file from a secure web server.
The script will live in a cloud-based application and will send the request for this XML file to the web server, the script will then translate the XML file content into readable data using API calls and presented to the user in the application.
The problem is the following:
The application server (A) its load balanced and the IP address may not always be the same. We do not own this app server only have access to APIs
The Web server (B) that owns the XML is behind a firewall and it has to specify the incoming IP address allowed to access this content
I am thinking I would have to configure reverse proxy on Squid that will receive the script/request from any IP address (preferably from the application servers only) and would have to forward the exact request to the IP address of the Web server that owns the XML file.
This means that I would have to specify the IP address of the proxy server rather than the web server in the script and somehow allow the proxy server to know it needs to forward it to the web server.
I'm not sure how to do this securely since in this scenario as ANY external IP address coming the proxy server will be forwarded over.
(A) App server ======> Squid Proxy =======> (B) Webserver
I hope this makes sense thank you so much in advance for your help.
i have created new instance in amazon ec2, and assigned the elastic ip for instance. But i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
I have installed whm in amazon instance. Only domain cannot point to the correct name server. That is because ip cannot load.
Now, my problem is that how i get new ip. Can i add another two elastic ip in amazon? But i configured two elastic ip for name server in dns zone within whm. The name server is not working. And i cannot open the elastic ip in browser. I am confuse for it. Please anyone help me.
There are lots of things that can go wrong here. I'll try to troubleshoot step by-step:
I'll assume the goal is "You want to type 'whm.foo.com' and see your WHM"
1) Go to your domain registrar and make an entry that points "whm.foo.com" to your EIP. (Depending on what you want, maybe you should setup a "*.foo.com" wildcard for that EIP.
2) Test that step #1 worked by typing "ping whm.foo.com" or "dig whm.foo.com" (one linux/mac, not sure about Windows). This should return your EIP. If not, go back to step 1.
3) Check that WMH is acually running. Read the docs to find what port it's running on. (Usually 2083, or 2082 for insecure access)
On your instance, run "curl -v localhost:2083" (or whatever port. It should return a login screen. If it says "couldn't connect to host", then you have the wrong port or it's not running.
4) run "netstat -na | grep :2083" (or whatever port). It should say "0.0.0.0:*". If it says "127.0.0.1:*", then you need to configure it to allow outside access.
5) Make sure your WHM port is enabled in the AWS firewall. Go to the AWS control panel and find the security group for your box. Make sure that port is allowed. Ideally, you'd only add your personal IP instead of opening it up to the world. (If there is a bug in WHM, people will scan all IPs trying to exploit it. They can't exploit your server if the AWS firewall denies them access.)
6) Now type "https://whm.foo.com:2083" (or whatever port) in your browser. (or http://whm.foo.com:2082 for insecure access). It should work!
i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
As rdrey said, you need to go to your DNS provider (most registrars also do DNS) and tell them what boxes should point to your EIP.
That is because ip cannot load.
There is no such thing as "ip cannot load". Either "DNS is giving the wrong IP" or "some IP operations (TCP ports) were blocked by a firewall somewhere".
Now, my problem is that how i get new ip
I don't think that should be your goal. You can easily change EIPs, but it won't fix the problem. Nothing works unless everything in between is set up correctly. The goal should be understanding all the steps in the process and verifying that each step was done correctly.
OK, you have two options here:
Use the DNS servers provided by your Domain Registrar OR
Use AWS Route53 to let Amazon provide DNS services for you.
Option 1:
You bought your domain name from a registrar, like one of these: http://lifehacker.com/5683682/five-best-domain-name-registrars
Most, if not all, registrars run a free DNS service for their customers. You should be able to log into some kind of management console and set your domain's DNS zone entries to point at your AWS EIP. (I am using gandi.net and used to use godaddy. You simply leave the DNS Servers as they are and set your AWS EIP as the 'A' record.)
Option 2:
Go to https://console.aws.amazon.com/route53/home and follow instructions. I haven't read up on Route53's pricing, so this option might not be free.
---- EDIT:
Some more help:
The site you've linked to (http://www.intodns.com/xantec.com.sg) states that you've used your EIP (54.251.169.7) as the nameserver for the domain. You don't want that. You're running a cPanel installation, NOT a DNS nameserver.
Put 54.251.169.7 as your site's A record. (Sometimes called the www field.) Remove it from the NS fields and put ns3.thesimpledns.com & ns4.thesimpledns.com into those.
I googled, followed all the instructions but still stuck, and unable to create a home ftp server.
My internet is from dsl modem -> vonage router -> wifi router
FileZilla server ip is 127.0.0.1 and it works fine when tried from command prompt. But I need it to be accessible from outside.
I enabled ftp on wifi router's web settings page using virtual server setting.
I am stuck at this point, I don't know what else to do further. Any help is greatly appreciated.
Also, if you are planning on accessing your server remotely, (not in your network) you will have to enable port forwarding on your router. (Use the ip address of the machine running the server and use port 21) Otherwise, you only be able to connect while in your LAN.
This pretty much summarizes your needs(via lifehacker.com)
If you're FTP'ing across your home
network (like from your upstairs PC to
your bedroom PC), you can reach the
server by using its internal network
address (most likely something like
192.168.xx.xx.) From the command line, type ipconfig to see what that address
is. If you want to log into your FTP
server over the internet, set up a
memorable URL for it and allow
connections from outside your network.
To do so, check out how to assign a
domain name to your home server and
how to access your home server behind
a router and firewall.
Original Article
How to assign a domain name to your home server
How to access a server behind a router and firewall
You need to be able to access your internal network from the internet. Consider using a service like dynDNS if your router supports it.
For example, I have a development site on a different server but I'm trying to copy content over from the live site so it'd be handy to have the live site in IE and the dev site in FF.
I tried FoxyProxy but I can't seem to get it to work.
I use this to override system's DNS with localserver
in about:config
change this value:
network.dns.forceResolve
network.dns.ipv4OnlyDomains
network.dns.localDomains
with IP address of local DNS server (for exsample 192.168.1.88)
Sorry for my english
It's now possible, with the DNS over HTTPS function:
Open Options, General, scroll to very bottom and open Network Settings,
On the very bottom, you can find DNS over HTTPS:
You had to use about:config before to change this setting, here's for documentation:
Type about:config in firefox address bar.
search for:
network.trr.uri
You can use one of the DNS servers below:
Cloudflare: https://cloudflare-dns.com/dns-query
Google: https://dns.google/dns-query
Secure DNS EU: https://doh.securedns.eu/dns-query
Quad 9: https://dns.quad9.net/dns-query
And set network.trr.mode to 1
Hijacked from here:
https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
It appears from your question that you already have a second set of DNS servers available that reference the development site instead of the live site.
I would suggest that you simply run a standard SOCKS proxy either on that DNS server system or on a low-end spare system and have that system configured to use the development DNS server. You can then tell Firefox to use that proxy instead of downloading pages directly.
Doing it this way, the actual DNS lookups will be done on the proxy machine and not on the machine that's running the web browser.
DNS resolving is usually done at the system level and not at the application level, so you can't normally have one program use one dns and another program use a different dns. I'm not aware of any firefox extensions that allow you to use a different dns.
What about having different names for your dev and prod servers? That should avoid any confusions and you'd not have to edit the hosts file every time.
I am using the SwitchHost extension exactly for this problem:
https://addons.mozilla.org/en-US/firefox/addon/14258
It is easy to configure, and even more easy to switch hosts.
I wonder if you could write a custom rule for Fiddler to do what you want? IE uses no proxy, Firefox points to Fiddler, Fiddler uses custom rule to direct requests to the dev server...
http://www.fiddlertool.com/fiddler/
Since http proxy protocol is similar to raw http protocol, you can redirect desired traffic to your development server by telling firefox it's a proxy server.
two limitations:
A. this won't let you use https connections.
B. some frameworks (e,g: wordpress) don't like this method and redirect the request the wrong way
just copy the following code into a .pac file (enter your site domain and IP address, of course), and switch development/production just by changing proxy configuration.
function FindProxyForURL(url, host) {
var prox4site = {
"mysite.com":"PROXY 10.0.1.100:80",
"www.mysite.com":"PROXY 10.0.1.100:80"
}
return prox4site[host] || "DIRECT";
}
Go to options->Advanced->Network->Settings->Automatic proxy configuration url and enter 8.8.8.8 All you Mozilla traffic uses Google dns now.