So I'm trying to deploy a Ghost blog into a Google Cloud vm instance and I can't get it to work. Part of the problem, I think, is that I haven't set up the DNS correctly. I bought farodefe.org via Google Domains and I tried to configure it following this tutorial, and it worked... partially. I used DIG in Ubuntu to try and verify that my DNS configuration. Here are the results:
enter image description here
As seen in the image above, when I do:
dig farodefe.org
and/or
dig www.farodefe.org
I do receive an answer to my query.
But then I do dig http://www.farodefe.org and I receive nothing.
enter image description here
Why is this happening and how can I fix it?
Thanks in advance!
But then I do dig http://www.farodefe.org
But this does not mean anything, or at least certainly not what you think. The DNS has no concept of URLs, only names.
So you are doing here a query for the name http://www.farodefe.org (which is possible in the DNS, but not just for an A record type which is the default one used by dig), which is certainly not what you had in mind.
Part of the problem, I think, is that I haven't set up the DNS correctly.
Don't think, test. If you are not familiar with DNS, use good online troubleshooting tools, like DNSViz. If you see any red things in the output, your DNS configuration needs to be fixed. Alternatively, your DNS provider should be able to help you.
DNS wise, you first need to understand the difference between authoritative and recursive nameservers and service, and hence when doing tests you need to first send your queries to the authoritative nameservers (which is what DNSViz does) and only when that is ok and you still have problems, then you query recursive nameservers as needed.
If you want to understand more, also learn about the OSI/Internet layers, and how HTTP is layered on top of TCP and IP, which are some protocols among others, and how the DNS (a service itself using TCP and UDP) is used to map data, and in a web setting, to map a given hostname (website) to one or more IPv4 or IPv6 addresses, for an HTTP client (like a browser) to be able to initiate its TCP/IP connection.
Related
I've set up Strongswan VPN with StrongMan(web-interface manager) on AWS.
It works great, my company employees can access contry-restricted site without any issues. But now I need to implement split-tunneling, because we also have to send terabytes of data, daily, to non-restricted sites.
I've coded small C# app that automaticaly manages split-tunneling routes with next command.
route ADD siteIP MASK 255.255.255.255 10.10.10.1 IF VPNInterfaceID
And it doesn't work like i'd like it to work.
Problem is: my DNS are leaking in split-tunnel mode.
If i route to "www.whatismyip.com" thru VPN, it masks my IP, so it works,
but i can't access restricted sites.
So i routed "www.dnsleaktest.com" thru VPN, and i can see that my DNS are in fact leaking.
I've found an app "Simple DNSCrypt", which fixed my problem, but i really dont want to use third-party software.
I'am very new to this topic, so any help would be appreciated.
I cant figure out how to hide my DNS.
Even overriding to 8.8.8.8 and 8.8.4.4 doesnt help.
What can i do? What should i read and learn? What could be the problem?
Sorry for my poor use of English.
Thank you in advance!
I've figured it out. Maybe, this answer will help someone someday.
You have also route DNS adresses thru VPN (in my case 8.8.8.8 and 8.8.4.4),
and "disabling" default ethernet adapter DNS by setting them to 127.0.0.1.
Dont forget to revert them back after disconnecting from VPN!
Just to explain my setup: I have a few websites hosted on a shared server (Lunarpages) and I use Google Apps (with modified MX records in Lunarpages) so the Google Apps emails work.
Now, I've noticed occationally that a mail script on one of my sites gets triggered without any content, though it includes IP information that the form collects. I looked up a couple of those IP address with AbuseIPDB, and they are known hacking IPs. So I want a good way to block all access to my server from known bad IPs.
I see in Cpanel in Lunarpages an option to turn on CloudFlare for security, and looking into them a little, it does appear that they block bad IPs. But I'm a little concerned about whether that would risk messing up how my site works or email works or how my analytics and email forms collect IP address information or if there would be anything different from me besides just turning it on and that the bad IPs would be blocked. I'm not looking to get myself in to a lot of troubleshooting.
Is CloudFlare a good solution, or are there other good alternatives?
Regarding the AbuseIPDB, they look like they have an API that I might be able to set up to block IPs, but if I understand right, I would have to modify all my sites and that still wouldn't block direct access to a lot of files. Unless I'm mistaken.
You can use ipset to block a list of IP addresses and you can set up ipset list of IP addresses from some spam DB.
To be clear, when I say "doesn't work", I meant that it returns a json object with a status of "REQUEST_DENIED". I always get a response.
I have a server key setup for the Geocode api, and I'm having an issue where it doesn't work with only one server. I've been using it locally (whitelisted my ip) without issue, and tested it with cURL on a Digital Ocean vps without issue.
On a WP Engine server, however, I cannot get it working. I've added the IP address and spent over and hour with their tech support verifying that it's the right address and there's nothing funny going on. They've used cURL from their command-line as well, but it doesn't work. I tried creating a new key just for that ip, and it still didn't work. I tried a 16-bit IP range, but no dice.
Can someone please shed some light on this? I wish Google provided a list of request IP's in the report so we could verify it's getting the expected IP. Is it possible that the IP was blacklisted by this point somehow?
Thanks!
Had a similar problem. Turned out I had to add the ipv6 to the allowed ips.
i want to do the following:
open a web browser on my local network. type in mydevice.com(or something similar) and have the browser redirect to the actual device (192.168.1.x)
the reason is, it really is NOT for me. it is for a product that hosts a web page and i do not want the users to have to type in the IP address.
also, i am aware of dyndns.org and related sites. i was wondering though if there isnt another (easier) alternative since i have no requirement whatsoever to get IN from OUTSIDE (i.e. no external access). i pretty much just want to tell my router whenever it sees a request for some made up domain name, to instead just redirect to a specific IP address on the local network. the only question then will be, if such a thing is possible, is it easy enough to instruct said users to set up.
is such a thing possible?
ps - somebody may have to change my problem title... i didnt know what this was called, which made it hard to google in the first place. so i turn to SO, but then naturally, have trouble writing a specific title
You could use a Hosts file. See Wiki Hosts file entry for the format for your OS.
Basically I want to display a hosts external public facing IP address regardless of whether or not it is part of a natted lan. What I'm doing now is just connecting to myipaddress.com and retrieving it from there. I just don't know if I trust that site as a stable source. Is there some authority that facilitates this?
Every web server on the public internet automatically sees your external IP address. There is just no standardized way to "talk it back" as far as I know (e.g. through a header or something).
If you want to do this manually, just use one of the numerous "what's my IP?" services around like www.infobyip.com/detectmyip.php
If you want to do it in an automated fashion, the most stable way would be to set up a script on a remote server, and have that output the requester's IP. In PHP, in most cases, it would look like so:
<? echo $_SERVER["REMOTE_ADDR"]; ?>
(Here is a detailed discussion on how to retrieve the IP in various ways, but if the above worked for you once, it is likely to work forever.)
STUN RFC 3489will do it, though you need access to an open STUN server. There are other sites (like myipaddress.com) that will report your apparent address back to you, but there is no "standard" service for this.