amazon ec2 - name server issue - amazon-ec2

i have created new instance in amazon ec2, and assigned the elastic ip for instance. But i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
I have installed whm in amazon instance. Only domain cannot point to the correct name server. That is because ip cannot load.
Now, my problem is that how i get new ip. Can i add another two elastic ip in amazon? But i configured two elastic ip for name server in dns zone within whm. The name server is not working. And i cannot open the elastic ip in browser. I am confuse for it. Please anyone help me.

There are lots of things that can go wrong here. I'll try to troubleshoot step by-step:
I'll assume the goal is "You want to type 'whm.foo.com' and see your WHM"
1) Go to your domain registrar and make an entry that points "whm.foo.com" to your EIP. (Depending on what you want, maybe you should setup a "*.foo.com" wildcard for that EIP.
2) Test that step #1 worked by typing "ping whm.foo.com" or "dig whm.foo.com" (one linux/mac, not sure about Windows). This should return your EIP. If not, go back to step 1.
3) Check that WMH is acually running. Read the docs to find what port it's running on. (Usually 2083, or 2082 for insecure access)
On your instance, run "curl -v localhost:2083" (or whatever port. It should return a login screen. If it says "couldn't connect to host", then you have the wrong port or it's not running.
4) run "netstat -na | grep :2083" (or whatever port). It should say "0.0.0.0:*". If it says "127.0.0.1:*", then you need to configure it to allow outside access.
5) Make sure your WHM port is enabled in the AWS firewall. Go to the AWS control panel and find the security group for your box. Make sure that port is allowed. Ideally, you'd only add your personal IP instead of opening it up to the world. (If there is a bug in WHM, people will scan all IPs trying to exploit it. They can't exploit your server if the AWS firewall denies them access.)
6) Now type "https://whm.foo.com:2083" (or whatever port) in your browser. (or http://whm.foo.com:2082 for insecure access). It should work!
i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
As rdrey said, you need to go to your DNS provider (most registrars also do DNS) and tell them what boxes should point to your EIP.
That is because ip cannot load.
There is no such thing as "ip cannot load". Either "DNS is giving the wrong IP" or "some IP operations (TCP ports) were blocked by a firewall somewhere".
Now, my problem is that how i get new ip
I don't think that should be your goal. You can easily change EIPs, but it won't fix the problem. Nothing works unless everything in between is set up correctly. The goal should be understanding all the steps in the process and verifying that each step was done correctly.

OK, you have two options here:
Use the DNS servers provided by your Domain Registrar OR
Use AWS Route53 to let Amazon provide DNS services for you.
Option 1:
You bought your domain name from a registrar, like one of these: http://lifehacker.com/5683682/five-best-domain-name-registrars
Most, if not all, registrars run a free DNS service for their customers. You should be able to log into some kind of management console and set your domain's DNS zone entries to point at your AWS EIP. (I am using gandi.net and used to use godaddy. You simply leave the DNS Servers as they are and set your AWS EIP as the 'A' record.)
Option 2:
Go to https://console.aws.amazon.com/route53/home and follow instructions. I haven't read up on Route53's pricing, so this option might not be free.
---- EDIT:
Some more help:
The site you've linked to (http://www.intodns.com/xantec.com.sg) states that you've used your EIP (54.251.169.7) as the nameserver for the domain. You don't want that. You're running a cPanel installation, NOT a DNS nameserver.
Put 54.251.169.7 as your site's A record. (Sometimes called the www field.) Remove it from the NS fields and put ns3.thesimpledns.com & ns4.thesimpledns.com into those.

Related

EC2, RHEL - No Route To Domain

This is probably incredibly simple and I'm just missing one step. The problem I was (originally) trying to solve was how to get a statically allocated hostname, one that would not change with each restart. I've done the following steps:
I have a domain registered on GoDaddy, and it points to my EIP. I use it to connect over SSH (putty) to my EC2 instance, so I know that part is working. I've opened ports 9080, 9060, 9043, and 9443 as well as SSH and FTP ports. And I've installed and started the software that uses those ports, and that stuff normally just works on a local RHEL install, so I think what's different here is the custom domain name.
I've added my EIP and fully qualified host name to my /etc/hosts file.
I've added my fully qualified host name to my /etc/hostname file and modified the /etc/rc.local script to set the hostname properly on a restart, and that works. If I execute the command hostname, it returns my fully qualified hostname, so that looks ok.
I cannot ping my server, but I think that's ok, because probably amazon blocks pings. So I don't think that's a symptom of anything.
I cannot open a to http://myserver.mydomain:9080/, which normally just works. Here it just times out.
If I do a wget http://myserver.mydomain:9080 from inside the EC2 instance, it returns failed: No Route To Host
But if I do a wget against localhost instead of the fully qualified name I get what I expect as a response.
So.... routing tables? Do those need to change? And if so how?
You probably don't want to do what you did. Everything in EC2 is NAT'd. Meaning that the IP assigned to your instance is a private/internal ip and the public IP is mapped to it by the routing system.
So internally, you want everything to resolve to the private IP, or you will get charged for traffic as it has to get routed to the edge and then route back in. Using the public DNS name will resolve correctly from the default DNS servers.
If you are using RHEL, you will need to make sure both the security group and the internal firewall (iptables) have ports opened. You could just disable the internal firewall since its a bit redundant with the security groups. On the other hand, it can provide some options security groups do not if you need them.

Configuring Amazon EC2 for a dynamic website

I am curious about Amazon webservices and so I thought of creating a dynamic webpage with Amazon EC2. I created an instance, installed apache and php and made sure it is working in EC2(using remote access). I have assigned a elastic IP to the instance. My question is how to access the webpage that I created in the instance. I am not sure what to give the servername in httpd.conf. My goal is access the page like http://amazonaddress/test.php
I am using windows server, but I think it is basically the same. My documents are in the same folder as mentioned in conf file. But when I use my elastic IP, it isn't working . Not even the basic index page in the apache htdocs(that's the home folder according to conf). To throw more light I will explain what I have done till now.
I have created a micro instance(EC2) and logged into it using remote desktop. I have installed apache msi file and php after that. I have created a elasticIP and attached the instance and to my security group I have added http service to port 80. I have tested if localhost is working in my remote machine(points to index.html). After that I have tried accessing it using elastic IP and it just times out. Is there any step I have missed?
You can access it via http://255.255.255.255 where you replace the 255.255.255.255 with your elastic IP address.
Then you want to setup DNS for your domain name. So you'll need to create an A Record mapping www.yourdomain.com to whatever your elastic IP address is. You can usually do this via your domain name registrar as most of them also run basic DNS services for free.
You can access an ec2 instance using it's public DNS name (or elastic IP since you already have one of those), which can be seen in the instances description tab. Configuring your personal domain name to point to that server will involve creating an A Record mapping to that public IP.
Assuming apache has been setup correctly, that's all you should need to do to get started (and your test.php page is in /var/www/). For your purposes, you probably shouldn't even need to modify the httpd.conf file at all.
Also, be sure to remember to open a port on the security group (under Network & Security from the EC2 Console) that the instance belongs to. In your example, you will want to open port 80 inbound with source 0.0.0.0/0 (unless you want to limit access to a specific IP range).
Hope this helps.

Recaptcha IP addresses

Okay, so we implement Recaptcha in production. We get errors because it can't reach the IP address it needs to use the service. We open a port for the IP address to reach Google. No problem. We do that and configure that IP address explicitly to work. It works great. Then, the next day, we start getting errors again because Recaptcha is using a different IP address. I can allow requests from that IP address, too, but now I'm unsettled. Where are these addresses coming from? How do I configure this to work reliably?
Recatpcha from Google can use any Google IP address and there are lots of them.
Ran this from Windows:
_netblocks.google.com text =
nslookup -type=TXT _netblocks.google.com
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
That's all the network Google uses currently. These can change so check them often.
Google suggest allowing port 80 to all IPs outbound, this highly insecure. They recommend going through a proxy server but again that is highly insecure if your web server is an DMZ. Proxy aware trojans do exist. All that need to be done is exploit a vulnerability to execute arbitrary code and you can create reverse connection on port 80 through a proxy server to download the payload. Then it is trivial to escalate privileges and own the box. I don't mean just Windows servers but Linux as well. I've done it in lab environment on security was on. It's really easy to do.
This is the Google website I got this from:
http://code.google.com/p/recaptcha/wiki/FirewallsAndRecaptcha
I wanted to append to this answer with more recent information. The documentation that Chris is pointing to does not include all of the TXT records necessary to dig (thanks Google):
_netblocks2.google.com (IPv6 subnets)
_netblocks3.google.com (Additional IPv4 subnets)
In my particular case, the _netblocks3 entry contained 2 large /19's that made my initial rule ineffective
(I found additional references here: https://support.google.com/a/answer/60764?hl=en)
Perhaps you should be using a hostname rather than IP

How can I test my DNS and site configuration

I've received a few messages from users of my site that they can not access it from home.
They can access the server from the IP, but not by the domain name.
I think it has something to do with the way my DNS is configured. I setup my own DNS server about 4 years ago on my server, which I probably should not have done, and I'm not sure if everything is configured correctly. There are plenty of people who can access the site without any problems, but some users get 'server can not be found'.
Server Details: Windows 2003 co-located server at a small local hosting company.
Are there good tools or sites that can test and provide configuration recommendations? How do I test this problem when it works fine for me and so many other users? What type of questions should I ask users that can't access the site?
Can I provide / point to another DNS server that can be used if the first server isn't working?
Thanks!
Nevertheless here some pointers:
Questions that you can ask the users:
Run the following command: nslookup test.company.com. The result should be the IP they could access by IP. If it's a wrong IP or no IP, then this hostname A / CNAME record isn't propagated correctly to the outside world.
It could be a ipv4/v6 problem. Maybe the DNS resolves to a ipv6 IP by AAAA record and your ISP (or any provider inbetween) doesn't support ipv6 correctly yet. Under windows, you can ping -6 or ping -4 to see if it resolves to anything at all.
Possible workaround:
Tell your users to hardcode the IP of your server into their HOSTS file...
DNS problems are usually lying at the companies infrastructure though (e.g. not propagating the DNS notifications correctly, wrong DNS servers at your registrar, wrong DNS configuration on your DNS server...)
There's an excellent on-line resource to verify your DNS settings: intoDNS.com
If you think the problem is in your DNS server and you don't need it this way anyway, you can just turn your DNS to any DNS hosting - see my biased list. Setup your DNS records from scratch with any DNS provider and tell your domain registrar to use that provider nameservers. Often registrars themselves provide DNS servers as well.
As for questions to ask users, Khoi explained everything.

host network solutions domain on an amazon ec-2 box

I have looked this up and what was described in other answers did not work for me. I created a elastic ip from my ec-2 dashboard, and I set the A records of my domain (www, *, and #(none)) but it does not work. When I try to go directly to the ip address it also does not work though so I am not sure why this is happening.
Also where exactly does the elastic ip point? To my home folder, to the ec-2 user? It is not working now so I couldn't test it, but when it does work I still won't know.
Two things: remember that your domain will need to propagate, so leave it a few hours. Also, your elastic IP points to the machine you bound it to.
Almost forgot, you also need to edit your security zone to open up ports to allow incoming connections on those ports, as the default is to block everything except SSH.

Resources