Is it possible to operate Active Directory while the DNS server is running on another computer ? or it should be installed exactly on the Active Directory running computer ? thnx.
No this is not possible.A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server has authority or is authoritative.In all DNS is the authority level registration.
You cannot install Active Directory without having DNS on your network, because Active Directory uses DNS as its location service.
However, you can install DNS separately, without Active Directory. If you install DNS on a domain controller, you can also choose whether or not to use Active Directory to provide storage and replication for DNS. Using Active Directory for storage and replication provides some benefits like :
Increased fault tolerance, Security, Easier management, More efficient replication of large zones.
Have a look to Setting Up DNS for Active Directory.
Related
In our organization, we've a in house maven repository say http://mymavenrepo.com to store private artifacts and that is being used across projects.
But recently ip address of machine, where mymavenrepo was hosted, has changed and hence we had to make a change in hosts file with new ip to build maven projects successfully.
My question is why we need to make change in hosts file with changed ip and what can be done to avoid change in hosts file every time ip is changed, like for http://www.google.com, we never have to make entry in hosts file.
Well I would say this is somewhat of a loaded question. The Hosts file on your machine may overwrite a DNS query because it is the first file that a computer reads to find a domain. The Hosts file essentially acts as the DNS in the sense that it translates IPs to Domains.
Now, I am assuming that the local repository is a private repository or in other words NOT published on the internet. Which I might be wrong, but that would mean that it might have a private IP address accessible only to the local network which would make it reasonable to stay in the hosts file. If it DID have a public address, or accessible to the outside internet, then removing its entry from the hosts file would allow for the DNS to query it.
My suggested solution here based on my local-local assumption is to SET a static IP to the repository and exclude it from the DHCP server so it doesn't change. The way to do that depends on the solution you have and the underlying OS.
I am using the meteorhacks:cluster package to load balance my application. https://github.com/meteorhacks/cluster
I am confused about how to setup DNS entries with this package.
It seems like for each server you should provide a local env variable called CLUSTER_BALANCE_URL, which is the DNS entry for that specific server. This makes sense as I can point a DNS entry at a single server.
But what about the ROOT_URL that is set on both server. That needs to be the shared DNS entry that the user goes to. When I setup that DNS entry which server to I point it too?
The DNS entries that you have pointing to your CLUSTER_BALANCE_URLs will take care of the DDP balancing.
You can have your DNS point the ROOT_URL to any server ip. There won't be a conflict. The ROOT_URL ip(s) will be the one(s) to take care of static load balancing.
https://github.com/meteorhacks/cluster#dns--ssl
We have a website deployed on AWS EC2 running on ubuntu,Apache, MYSQL. We have been getting continous requestes from below IP
"195.154.105.219"
"88.150.242.243". Requesting for xmlrpc.php file using POST method. As a result our website has become really slow and our clients work has been effected. As of now we have blocked these IP values by dropping them from iptables. We would like to know how to safegaurd our site from any future attacks like this.
The question is very general, and depending to your application's requirements, your budget and other factors, there are several techniques you can use, separately or together to mitigate DDOS and SPAM attacks.
Use Auto Scaling and an Elastic Load Balancer, to let AWS scale your infrastructure depending on traffic : http://aws.amazon.com/autoscaling/
Use S3 to serve static content. S3 is designed is scaling automatically for incoming traffic. All content served by S3 directly allows to offload your EC2 based web server : http://aws.amazon.com/s3/
Use CloudFront to distribute and server your content from AWS' edge location. This mitigates DDOS by distributing attackers' request to the network of edge locations instead of sending the traffic to your web server : http://aws.amazon.com/cloudfront/
All these three options have a cost associated, be sure to understand the pricing structure before deciding to implement any of these.
If you have a relatively short and stable list of IP addresses you want to block, you can customise either your EC2 instance's Security Group (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) either your VPC Subnet ACL (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) to deny traffic from these IP addresses. This approach is not very scalable and, most of the time, you will play a mouse / cat game trying to catchup with whatever new addresses are used by your attackers
Last but not least, using plain old Apache configuration to block certain URL or restrict access to these by IP Addresses is very effective too (http://httpd.apache.org/docs/current/en/mod/mod_authz_core.html#require and File Directive)
Last but not least, I would encourage everyone to watch this re:invent talk about DDOS resiliency for AWS : https://www.youtube.com/watch?v=V7vTPlV8P3U)
Seb
xmlrpc.php is from wordpress. install the Disable xmlrpc pingback plugin, or better yet , in the wordpress site. .htaccess , deny xmlrpc.php file ;). that will fix it. Also checkup the wp-admin/scripts for any wierd script or just . find /var/www/ -type f -mtime -10 , to find the latest modified files.. check for any wierd php script..
We are a few web developers and currently edit our host file to point domain names to the local web server but this is becoming hard as number of clients are increasing and we need to continuously change each host file of computers.
What do you think is the best possible solution for us, use a proxy server or a dns server, and could you possibly tell me how to fix this problem?
Thanks in advance
I would use a DNS server, or use mDNS, on your LAN. Then an administrator can simply add an A or CNAME entry to the zone, and all the computers on the LAN will see that record.
I developed an asp.net (2.0) intranet Application for local network in an organisation..
so we have 10 systems every one should access that site by ://192.xxx.x.xx/xyz(website name) ...
so now their requirement is not to type total ip adress.they need just by typing ://xyz they have to browse the intranet application..how to solve this issue..?
Thanks
Veduru
Go to every one of this 10 computers, and in this directory
c:\WINDOWS\system32\drivers\etc\
find the host file and add the conversion of ip to name as
192.168.1.10 xyz
etc
and then you can access the site as http://xyz
Talk to your network admin about setting up a DNS entry for your application in the local DNS server. If you have multiple web sites running on your web server, look into configuring IIS host headers to ensure the users get directed to the proper web application.
Please do not manually edit the hosts file on each machine unless it is absolutely, positively necessary, and only do so as a last resort. When your 10-machine application expands to 100, or if your server IP ever changes, you will thank me later :)