I would like to open firewall rules for Microsoft LUIS. I have the port number, but I'm unable to find the IP ranges it uses.
The answer would depend on your app's deployment region, and keep in mind, the IP range could change without notice.
You can find a list of Microsoft Azure datacenter IP ranges here:
This file contains the Compute IP address ranges (including SQL ranges) used by the Microsoft Azure Datacenters.
This file contains the IP address ranges (including Compute, SQL and Storage ranges) used in the Microsoft Azure Datacenters. An updated file is posted weekly which reflects the currently deployed ranges and any upcoming changes to the IP ranges. New ranges appearing in the file will not be used in the datacenters for at least one week. Please download the new xml file every week and perform the necessary changes on your site to correctly identify services running in Azure. Express Route users may note this file used to update the BGP advertisement of Azure space in the first week of each month.
Note: These IP ranges change every week so whitelisting by Azure IP is at your own risk.
Related
According to https://cloud.google.com/compute/docs/regions-zones/, the region/zone "asia-northeast1-a/b/c/" should suppose to be in Tokyo, Japan. But once I came up with the virtual machine with that zone/region, an IP trace/lookup website such as http://www.ip-tracker.org/locator/ip-lookup.php would say the VM is still in California where Google is. I meant to have the VM set up as a proxy (server) so that the VM appears to be in Japan to be able to browse content restricted to Japan. Am I misunderstanding the region/zone here? Thanks!
Many external Geo IP services solely depend on SWIP database/ WHOIS entry. Almost all Google IP addresses are SWIP’ed to Mountain View, California. Both of these do not reflect anything about the physical location of the machine answering packets to an IP address nor the decisions on how packets are routed to the destination.
Rest assured, although the IPs seem to be US based; the VM instances will be running in the geographical zone you selected. It is a common practice to remap a block of IPs from one location to another, especially given the elasticity of IP addresses for the Google Cloud Platform. You can learn more about the different regions and zones from this article.
Let's say my computer name is "MY_PC". It will be "MY_PC" no matter which LAN I am currently connected to. So at home or at some open wirless access point, my computer name will be the same, right?
How does this come into play with DNS? The way I understand it, my computer's FQDN is used for DNS lookup. How does this work exactly?
When I connect my PC to a network, my PC sends its computer name to the nearest DNS server (usually the router, I guess) and is added to its DNS table?
I guess what I am asking is: What role does my computer's name play in my everyday internet activities. I was a little suprised to find out, it is the same in any network, but when is my computer's name actually used? Why does it have to be the same in any network?
Your computer name has little to do with DNS unless it is joined to a domain. Even then the computer name is not a DNS entry.
A FQDN is something like www. google. com:
Each period represents a subgrouping
www - is the world wide web group #
google - this is the company owning that group which belongs to
com - this is the entire group of companies in the united states with registered web addresses
The point of a DNS is to allow you to remember logical word groups instead of IP addresses (ie. it is easier to remember www.google.com, instead of 172.217.9.132).
Even on a company/private network the same is true, a DNS is used to allow a central administrator to assign names to certain network addresses.
When you assign your computer name it is similar but it not a DNS entry, as it is not administered on a centralized computer(s).
So if no one on your network, or outside of your network, need to easily remember where to find your computer (for some service) then you do not need a DNS entry.
This is just a basic version of why we use DNS. Other benefits include Disaster Recovery, ease of system migration and ease of building nested systems. Let me know if you would like me to elaborate further on this answer to accept it.
I have an Amazon EC2 instance that hosts different services (cassandra db, elasticsearch, rabbitmq, mysql...) used by several developers at different locations. Since these developers have dynamic IP addresses, and this EC2 instance is used only for development, I left inbound access to required ports opened to 0.0.0.0. I'm aware that this is absolutely not recommended, and I should limit access, but I don't want to change the rules every day as someone's IP address change.
However, I just got report from Amazon that my instance is used for DoS attack, so I would like to fix this.
My question is if it is possible to make a rule that will limit access to several ranges such as:
94.187.128.0 - 94.187.255.255
147.91.0.0 - 147.91.255.255
Definitely yes, because the ranges you meant aren't just ranges but match CIDR.
The range which cannot be expressed as CIDR won't be accepted:
You can use IPcalc or similar site to make it easier.
If it fits you, you can use port range like 2000-3000, or, better, use custom ports for the services. Then the range will be e.g. 2000-2001, and using port ranges you can fit one user into one rule.
Alternative, more secure but more difficult way: a web page, user connects there with proper security key. If the key is recognized then a script on the server adds rule to a group using the client's IP. Another script by cron deletes the rules older than X hours. To check it deeper you may want to look e.g. here: On apache side check Two-way SSL authentication, on AWS side check API and Command Overview
I'm trying to do something pretty simple. I have a domain on godaddy. I want to use Azure Dns to host the domain and connect it to an azure website.
I have it working for www.mydomain.com with the CNAME approach. However I cannot get the root domain, i.e. my domain.com to work with this approach. I tried adding an * A record but that didn't work. I also tried to do CNAME with # but that didn't work either.
Does anyone know how to get the root domain to work? This seems pretty basic but there is no documentation and it is not obvious.
Thanks
Thanks for feedback on this one!
If you need to create the isolated deployment with the static IP, take a look at the Service Environment. The reference first and second.
As you mentioned Azure DNS, i assume that you refer to the Azure DNS service. If so, then it is possible if you have the needed access. Reference for the DNS zones.
Regarding your question about www and CNAME, there are some nuances that should be taken into account and set up. Please refer to that post.
You can set up a DNS 'A' record in Azure DNS to point to the IP address listed for the site in the Web Apps portal (as per the screenshot provided by an earlier answer). The Web Apps team provide the IP address for precisely this purpose, and they know that they can't change these IP addresses because DNS entries would break.
Note that there's no need to use a wildcard record (name = '*'). You should instead use an A record at the domain apex (name = '#', or if using the Azure Portal you can also leave the name blank).
If your hosted your WebAPP in free website plan didn't have any option for adding * A record. You have to Change your web App plan to at least Shared Plan instead of free Plan.
I need to move dynamic CRM servers along with SQL Servers to one data center to another. I have new servers in the second DC and both DC's are accessible in different Subnet. What are my option to move this without much downtime?
We are using Microsoft Dynamic CRM 2013 and SQL Server 2012.
If you are keeping the same hostnames and just changing the IPs - then it should be just a matter of copying the VMs and then changing the IPs. A reboot, and you should be good.
Just check the registry to make sure you are using hostnames and not IP addresses. Check this location: HKLM\Software\Microsoft\MSCRM