Fake DNS lookup for private IP - ajax

I have a machine running lighttpd to allow me to do a small scale web-based project. Up until now I've been accessing the project by using the private IP of the machine running lighttpd. The problem I have is that if I disconnect the server and attempt to run my code to test for all cases is realize that the site hangs (after an AJAX call) instead of returning a 404 error because of the direct IP.
Besides for ensuring that the server never goes offline, how can I make sure that the website won't hang up. Is there a way for me to look up the private IP but going through a DNS Lookup to ensure that if it isn't there I don't try to load it anyways.

If it is a unix-compatible resolver (Linux, *BSD etc.), just add an entry to your private IP in into /etc/hosts, following the same format of the other entries of the file. Like this:
10.0.1.6 my_private_host_name
That solution will only work individually on the machine you changed the /etc/hosts file.
Your second option is to create a private-DNS-server and add the your.domain.internal domain to that DNS, and enable DNS forwarding to your internal network, and set your clients to use that DNS server. This way if you try to call your private domain, your DNS server will be SOA (Start of Authority) and answer for it, but if you ask for something that it isn't SOA for it will just pass your request to the old DNS server, that will answer it the usual way.
Now if you need to use a "real" DNS name for your private IP (I want it it to answer on www.my_company.com), the first /etc/hosts method will do the trick,but if you need to set up a DNS server, follow the tutorials on "Split DNS".

Related

How a dns proxy works? (smart dns)

I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.

Can not join to active directory

I installed ws2016 server as a domain controller on virtualbox using internal network .
Everything was successfully installed about active directory and i created domain name as 'stark.local'
Also i created another ws2016 on virtualbox using internal network and I want to join new virtual machine to my domain controller.
Can ping dns server(which is my domain controller) and also Firewall off, no anti-virus installed.
However when i try to join dc it gives below error;
what i realized that i can not make nslookup to my dns server ip.
Even if on domain controller can not nslookup its self.
ipconfig of Domain Controller
ipconfig of node1;
I had no hair now and need your help.
Finally solved!
The problem was using internal network. I changed to host-only network and it worked.
AC DC
Using public IP addresses will always get you in trouble, try changing them to something like:
192.168.1.10 & 192.168.1.20
(Please read entire answer before modifying)
Also, i would recommend checking this link on the official microsoft forum. I know it's from windows 7, but i think the main problem you have is with the DNS configuration and it's very well explained there.
I'll summarise the link above here:
#Meinolf Weber's answer
If domain machines contain public DNS servers as 200.88.127.23 and 196.3.81.5 you will always have trouble.
Remove them on ALL domain machines and run ipconfig /flushdns and ipconfig /registerdns and reboot clients and domain member servers and restart the netlogon service on DCs instead reboot.
For internet access please configure the FORWARDERS in the DNS server properties in the DNS management console with the public DNS servers.
Explanation:
You can't join a machine to the domain using public IP because it is trying to locate your domain to the public IP which has not information of the private build domain.
Use only local IP in the clients NIC.
Hope it helps, if not please give more detailed information of the issue as well as the DNS configuration (screenshot or whatever you can).
EDIT 1: also check "time settings" on both machines, i know it might seem silly, but that sometimes gives DNS and DC issues. Check IPv6, could be another probable cause of the issues you're having (Go to the network and sharing center, modify the properties of the NIC and unselect TCP/IPv6).
I'd check first IPv6, that'll save you work if it's only that.
EDIT 2: again, i would recommend changing the IPs (if possible) to another network, as long as the 169.254.x.x is used (assigned) when there's no DHCP server, but as you say they can ping to each other, it may not be necessary the problem.
I can see there's no router in the network but, a Windows Server should be providing DHCP, otherwise things like DNS suffix don't work.
So check that:
- You have the DNS role installed and configured to support AD.
SOLVED on answer below
The explanation i would give for this is that "secure communication" is an often requirement, thing that internal network doesn't provide.

Proxmox external VM / CT access

I've just begun the setup of proxmox for our none profit educational VPS service. However, the problem we're facing is a lack of IPv4 addresses available to us.
Is it possible to route a sub-domain to the host servers IP address and then get that forwarded to the individual containers accordingly. For example:
SSH root#node-123.w-a-s-d.me
Will allow a client with the VM ID of 123 to access their server
And the same goes for things like: node-123.w-a-s-d.me
This would be the web address allowing any applications running on port 80 for that specific node
I'm unsure how to go about this and have looked online with no luck. I hope our goal is clear. I look forward to hearing from you. Josh
Exposing SSH that way will not be easy as you can only have one thing listening on port 22 for every given IP address, and while you could just adding random ports to each VPS and the forward it from primary box which holds public IP (and vms are behind nat) this is not exactly the best solution.
What you may want to do instead is set up one public-facing box that people can ssh into via public IP and from it SSH to subsequent private machines by their internal IP. Alternatively you can set that box with openVPN and set it to assign internal IP address to anyone connecting via it. While openVPN takes more time to set up right, it can come with it's own DNS so when connected to it calling out SSH root#node-123.w-a-s-d.me will automatically route you to the private IP address rather than the shared public facing one.
With HTTP this is much easier as you can set up a proxy on the front-facing machines which then proxies requests for given sub domain to specific internal IP address.

EC2, RHEL - No Route To Domain

This is probably incredibly simple and I'm just missing one step. The problem I was (originally) trying to solve was how to get a statically allocated hostname, one that would not change with each restart. I've done the following steps:
I have a domain registered on GoDaddy, and it points to my EIP. I use it to connect over SSH (putty) to my EC2 instance, so I know that part is working. I've opened ports 9080, 9060, 9043, and 9443 as well as SSH and FTP ports. And I've installed and started the software that uses those ports, and that stuff normally just works on a local RHEL install, so I think what's different here is the custom domain name.
I've added my EIP and fully qualified host name to my /etc/hosts file.
I've added my fully qualified host name to my /etc/hostname file and modified the /etc/rc.local script to set the hostname properly on a restart, and that works. If I execute the command hostname, it returns my fully qualified hostname, so that looks ok.
I cannot ping my server, but I think that's ok, because probably amazon blocks pings. So I don't think that's a symptom of anything.
I cannot open a to http://myserver.mydomain:9080/, which normally just works. Here it just times out.
If I do a wget http://myserver.mydomain:9080 from inside the EC2 instance, it returns failed: No Route To Host
But if I do a wget against localhost instead of the fully qualified name I get what I expect as a response.
So.... routing tables? Do those need to change? And if so how?
You probably don't want to do what you did. Everything in EC2 is NAT'd. Meaning that the IP assigned to your instance is a private/internal ip and the public IP is mapped to it by the routing system.
So internally, you want everything to resolve to the private IP, or you will get charged for traffic as it has to get routed to the edge and then route back in. Using the public DNS name will resolve correctly from the default DNS servers.
If you are using RHEL, you will need to make sure both the security group and the internal firewall (iptables) have ports opened. You could just disable the internal firewall since its a bit redundant with the security groups. On the other hand, it can provide some options security groups do not if you need them.

amazon ec2 - name server issue

i have created new instance in amazon ec2, and assigned the elastic ip for instance. But i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
I have installed whm in amazon instance. Only domain cannot point to the correct name server. That is because ip cannot load.
Now, my problem is that how i get new ip. Can i add another two elastic ip in amazon? But i configured two elastic ip for name server in dns zone within whm. The name server is not working. And i cannot open the elastic ip in browser. I am confuse for it. Please anyone help me.
There are lots of things that can go wrong here. I'll try to troubleshoot step by-step:
I'll assume the goal is "You want to type 'whm.foo.com' and see your WHM"
1) Go to your domain registrar and make an entry that points "whm.foo.com" to your EIP. (Depending on what you want, maybe you should setup a "*.foo.com" wildcard for that EIP.
2) Test that step #1 worked by typing "ping whm.foo.com" or "dig whm.foo.com" (one linux/mac, not sure about Windows). This should return your EIP. If not, go back to step 1.
3) Check that WMH is acually running. Read the docs to find what port it's running on. (Usually 2083, or 2082 for insecure access)
On your instance, run "curl -v localhost:2083" (or whatever port. It should return a login screen. If it says "couldn't connect to host", then you have the wrong port or it's not running.
4) run "netstat -na | grep :2083" (or whatever port). It should say "0.0.0.0:*". If it says "127.0.0.1:*", then you need to configure it to allow outside access.
5) Make sure your WHM port is enabled in the AWS firewall. Go to the AWS control panel and find the security group for your box. Make sure that port is allowed. Ideally, you'd only add your personal IP instead of opening it up to the world. (If there is a bug in WHM, people will scan all IPs trying to exploit it. They can't exploit your server if the AWS firewall denies them access.)
6) Now type "https://whm.foo.com:2083" (or whatever port) in your browser. (or http://whm.foo.com:2082 for insecure access). It should work!
i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
As rdrey said, you need to go to your DNS provider (most registrars also do DNS) and tell them what boxes should point to your EIP.
That is because ip cannot load.
There is no such thing as "ip cannot load". Either "DNS is giving the wrong IP" or "some IP operations (TCP ports) were blocked by a firewall somewhere".
Now, my problem is that how i get new ip
I don't think that should be your goal. You can easily change EIPs, but it won't fix the problem. Nothing works unless everything in between is set up correctly. The goal should be understanding all the steps in the process and verifying that each step was done correctly.
OK, you have two options here:
Use the DNS servers provided by your Domain Registrar OR
Use AWS Route53 to let Amazon provide DNS services for you.
Option 1:
You bought your domain name from a registrar, like one of these: http://lifehacker.com/5683682/five-best-domain-name-registrars
Most, if not all, registrars run a free DNS service for their customers. You should be able to log into some kind of management console and set your domain's DNS zone entries to point at your AWS EIP. (I am using gandi.net and used to use godaddy. You simply leave the DNS Servers as they are and set your AWS EIP as the 'A' record.)
Option 2:
Go to https://console.aws.amazon.com/route53/home and follow instructions. I haven't read up on Route53's pricing, so this option might not be free.
---- EDIT:
Some more help:
The site you've linked to (http://www.intodns.com/xantec.com.sg) states that you've used your EIP (54.251.169.7) as the nameserver for the domain. You don't want that. You're running a cPanel installation, NOT a DNS nameserver.
Put 54.251.169.7 as your site's A record. (Sometimes called the www field.) Remove it from the NS fields and put ns3.thesimpledns.com & ns4.thesimpledns.com into those.

Resources