All posts by Sumarsono

How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04

Introduction

DNS, or the Domain Name System, is often a difficult component to get right when learning how to configure websites and servers. While most people will probably choose to use the DNS servers provided by their hosting company or their domain registrar, there are some advantages to creating your own DNS servers.

In this guide, we will discuss how to install and configure the Bind9 DNS server as authoritative-only DNS servers on Ubuntu 14.04 machines. We will set these up two Bind servers for our domain in a master-slave configuration.

Prerequisites and Goals

To complete this guide, you will first need to be familiar with some common DNS terminology. Check out this guide to learn about the concepts we will be implementing in this guide.

You will also need at least two servers. One will be for the “master” DNS server where the zone files for our domain will originate and one will be the “slave” server which will receive the zone data through transfers and be available in the event that the other server goes down. This avoids the peril of having a single point of failure for your DNS servers. Continue reading How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04

How To Configure Bind as a Caching or Forwarding DNS Server on Ubuntu 14.04

Introduction

DNS, or the Domain Name System, is often a difficult component to get right when learning how to configure websites and servers. While most people will probably choose to use the DNS servers provided by their hosting company or their domain registrar, there are some advantages to creating your own DNS servers.

In this guide, we will discuss how to install and configure the Bind9 DNS server as a caching or forwarding DNS server on Ubuntu 14.04 machines. These two configurations both have advantages when serving networks of machines.

Prerequisites and Goals

To complete this guide, you will first need to be familiar with some common DNS terminology. Check out this guide to learn about some of the concepts we will be implementing in this guide.

We will be demonstrating two separate configurations that accomplish similar goals: a caching and a forwarding DNS server.

To follow along, you will need to have access to two computers (at least one of which should be an Ubuntu 14.04 server). One will function as the client and the other will be configured as the DNS server. The details of our example configuration are:

Role IP Address
DNS Server 192.0.2.1
Client 192.0.2.100

We will show you how to configure the client machine to use the DNS server for queries. We will show you how to configure the DNS server in two different configurations, depending on your needs.

Caching DNS Server

The first configuration will be for a caching DNS server. This type of server is also known as a resolver because it handles recursive queries and generally can handle the grunt work of tracking down DNS data from other servers.

When a caching DNS server tracks down the answer to a client’s query, it returns the answer to the client. But it also stores the answer in its cache for the period of time allowed by the records’ TTL value. The cache can then be used as a source for subsequent requests in order to speed up the total round-trip time.

Almost all DNS servers that you might have in your network configuration will be caching DNS servers. These make up for the lack of adequate DNS resolver libraries implemented on most client machines. A caching DNS server is a good choice for many situations. If you do not wish to rely on your ISPs DNS or other publicly available DNS servers, making your own caching server is a good choice. If it is in close physical proximity to the client machines, it is also very likely to improve the DNS query times.

Forwarding DNS Server

The second configuration that we will be demonstrating is a forwarding DNS server. A forwarding DNS server will look almost identical to a caching server from a client’s perspective, but the mechanisms and work load are quite different.

A forwarding DNS server offers the same advantage of maintaining a cache to improve DNS resolution times for clients. However, it actually does none of the recursive querying itself. Instead, it forwards all requests to an outside resolving server and then caches the results to use for later queries.

This lets the forwarding server respond from its cache, while not requiring it to do all of the work of recursive queries. This allows the server to only make single requests (the forwarded client request) instead of having to go through the entire recursion routine. This may be an advantage in environments where external bandwidth transfer is costly, where your caching servers might need to be changed often, or when you wish to forward local queries to one server and external queries to another server.

Install Bind on the DNS Server

Regardless of which configuration choice you wish to use, the first step in implementing a Bind DNS server is to install the actual software.

The Bind software is available within Ubuntu’s default repositories, so we just need to update our local package index and install the software using apt. We will also include the documentation and some common utilities: Continue reading How To Configure Bind as a Caching or Forwarding DNS Server on Ubuntu 14.04

How To Set Up a Host Name with DigitalOcean

DigitalOcean’s DNS allows you to easily set up your hostname from the DigitalOcean control panel.

Setup

Before you get started, you do need to have the following:

  • A Droplet (virtual private server) from DigitalOcean. If you don’t have one, you can register and set one up in under a minute
  • A Registered Domain Name. As of yet, you cannot register a domain through DigitalOcean.

Step One—Look Up Information with WHOIS

The first thing you need to do to set up your host name is to change your domain name server to point to the DigitalOcean name servers. You can do this through your domain registrar’s website. If you do not remember where you registered your name, you can look it up using “WHOIS”, a protocol that displays a site’s identifying information, such as the IP address and registration details.

Open up the command line and type: Continue reading How To Set Up a Host Name with DigitalOcean

A Comparison of DNS Server Types: How To Choose the Right DNS Configuration

Introduction

DNS, or the Domain Name System, is an integral part of how systems connect with each other to communicate on the internet. Without DNS, computers, and the people who use them, would be required to connect using only numerical addresses known as IP addresses.

Besides the obvious problem of having to remember a large number of complex numbers for simple tasks, communicating through IP addresses also causes some additional problems. Moving your website to a different hosting provider, or moving your servers to different locations would require you to inform every client of the new location.

DNS servers, the computers that together form the system that allow us to use names instead of addresses, can server many different functions, each of which can contribute to your ability to accessing servers by name.

In a previous guide we discussed some of the basic terminology and concepts of the domain name system. We will assume some familiarity with the concepts covered in that article. In this guide, we will talk about some of the different types of DNS server setups and what the advantages, use cases, and properties are of each. Continue reading A Comparison of DNS Server Types: How To Choose the Right DNS Configuration

An Introduction to DNS Terminology, Components, and Concepts

Introduction

DNS, or the Domain Name System, is often a very difficult part of learning how to configure websites and servers. Understanding how DNS works will help you diagnose problems with configuring access to your websites and will allow you to broaden your understanding of what’s going on behind the scenes.

In this guide, we will discuss some fundamental DNS concepts that will help you hit the ground running with your DNS configuration. After tackling this guide, you should be ready to set up your domain name with DigitalOcean or set up your very own DNS server.

Before we jump into setting up your own servers to resolve your domain or setting up our domains in the control panel, let’s go over some basic concepts about how all of this actually works.

Domain Terminology

We should start by defining our terms. While some of these topics are familiar from other contexts, there are many terms used when talking about domain names and DNS that aren’t used too often in other areas of computing.

Let’s start easy: Continue reading An Introduction to DNS Terminology, Components, and Concepts

How To Mitigate DDoS Attacks Against Your Website with CloudFlare

How To Mitigate DDoS Attacks Against Your Website with CloudFlare

Introduction

CloudFlare is a company that provides content delivery network (CDN) and distributed DNS services by acting as a reverse proxy for websites. CloudFlare’s free and paid services can be used to improve the security, speed, and availability of a website in a variety of ways. In this tutorial, we will show you how to use CloudFlare’s free tier service to protect your web servers against ongoing HTTP-based DDoS attacks by enabling “I’m Under Attack Mode”. This security mode can mitigate DDoS attacks by presenting an interstitial page to verify the legitimacy of a connection before passing it to your web server.

Prerequisites

This tutorial assumes that you have the following:

  • A web server
  • A registered domain that points to your web server
  • Access to the control panel of the domain registrar that issued the domain

You must also sign up for a CloudFlare account before continuing. Note that this tutorial will require the use of CloudFlare’s nameservers.

Configure Your Domain to Use CloudFlare

Before using any of CloudFlare’s features, you must configure your domain to use CloudFlare’s DNS.

If you haven’t already done so, log in to CloudFlare. Continue reading How To Mitigate DDoS Attacks Against Your Website with CloudFlare

Steam Controllers Don’t Work in Ubuntu, Here’s What You Need to Do

It’s not a difficult fix, but it should work by default

The Steam Controllers have started to ship to gamers across the world, and some people are already using them to play games. Unfortunately, the Steam Controllers don’t work by default with Ubuntu, but there is a workaround in place.

The fact that Steam Controllers don’t work in Ubuntu is not new information. In fact, a couple of bugs on Launchpad were opened a while back, and it looks like the Ubuntu devs didn’t take care of them. It’s not clear why they didn’t fix the issue, but the fact of the matter is that they don’t work with Ubuntu OSes. A workaround is available; it’s not ideal, but it should only be a temporary solution.

A question and an answer were posted on askubuntu.com to prevent the eventual problems that the community would encounter. As I said before, it’s not the easiest or most elegant solution, but at least it’s possible, and it won’t create too many issues, with the exception of the fact that you might need to download a lot more packages than you would want.

Continue reading Steam Controllers Don’t Work in Ubuntu, Here’s What You Need to Do

How To Protect WordPress with Fail2Ban on Ubuntu 14.04

Introduction

WordPress is a very robust content-management system (CMS) that is free and open source. Because anyone can comment, create an account, and post on WordPress, many malicious actors have created networks of bots and servers that compromise and spam WordPress sites through brute-force attacks. The tool Fail2ban is useful in preventing unauthorized access to both your Droplet and your WordPress site. It notes suspicious or repeated login failures and proactively bans those IPs by modifying firewall rules for your Droplet.

In this guide, we will be using version 0.9.3 of Fail2ban on an Ubuntu 14.04 LAMP server, and integrating it with WordPress by using a spam log plugin.

Prerequisites

To complete this guide, you need

Continue reading How To Protect WordPress with Fail2Ban on Ubuntu 14.04

How to Set Up Apache Traffic Server as a Reverse-Proxy on Ubuntu 14.04

Introduction

Apache Traffic Server is a highly scalable caching proxy server capable of handling large volumes of concurrent requests while maintaining a very low latency. Compared to other popular proxy servers, such as Varnish or Squid, it usually consumes less memory and responds faster. It is also designed to make the most of modern multi-core processors. Depending on your requirements, you can use it as a reverse proxy or as a forward proxy.

This tutorial will cover how to install Apache Traffic Server on Ubuntu 14.04 and configure it to behave as a caching reverse proxy.

Prerequisites

To follow this tutorial, you will need:

Continue reading How to Set Up Apache Traffic Server as a Reverse-Proxy on Ubuntu 14.04

Understanding Nginx HTTP Proxying, Load Balancing, Buffering, and Caching

Understanding Nginx HTTP Proxying, Load Balancing, Buffering, and Caching

Introduction

In this guide, we will discuss Nginx’s http proxying capabilities, which allow Nginx to pass requests off to backend http servers for further processing. Nginx is often set up as a reverse proxy solution to help scale out infrastructure or to pass requests to other servers that are not designed to handle large client loads.

Along the way, we will discuss how to scale out using Nginx’s built-in load balancing capabilities. We will also explore buffering and caching to improve the performance of proxying operations for clients.

General Proxying Information

If you have only used web servers in the past for simple, single server configurations, you may be wondering why you would need to proxy requests.

One reason to proxy to other servers from Nginx is the ability to scale out your infrastructure. Nginx is built to handle many concurrent connections at the same time. This makes it ideal for being the point-of-contact for clients. The server can pass requests to any number of backend servers to handle the bulk of the work, which spreads the load across your infrastructure. This design also provides you with flexibility in easily adding backend servers or taking them down as needed for maintenance.

Another instance where an http proxy might be useful is when using an application servers that might not be built to handle requests directly from clients in production environments. Many frameworks include web servers, but most of them are not as robust as servers designed for high performance like Nginx. Putting Nginx in front of these servers can lead to a better experience for users and increased security.

Proxying in Nginx is accomplished by manipulating a request aimed at the Nginx server and passing it to other servers for the actual processing. The result of the request is passed back to Nginx, which then relays the information to the client. The other servers in this instance can be remote machines, local servers, or even other virtual servers defined within Nginx. The servers that Nginx proxies requests to are known as upstream servers.

Nginx can proxy requests to servers that communicate using the http(s), FastCGI, SCGI, and uwsgi, or memcached protocols through separate sets of directives for each type of proxy. In this guide, we will be focusing on the http protocol. The Nginx instance is responsible for passing on the request and massaging any message components into a format that the upstream server can understand. Continue reading Understanding Nginx HTTP Proxying, Load Balancing, Buffering, and Caching