01 Jul 10 Implementing DNS backup

Maintaining a backup DNS server is an example of prudent planning, even if you don’t run a major website. With backup DNS, you can ensure the timely delivery of your e-mail if your server should ever go down, or if you use an external e-mail service such as Google Apps. It will also give your visitors an entirely different error message when your site is down– a connection failure message as opposed to your site not being found.

Backup DNS servers are quite easy to set up. You can use one of the many backup services on the Internet, or you can arrange your own backup servers, configuring the zone files appropriately. But one of the most important adjustments that needs to be made is often overlooked: adjustment of your named.conf file, which controls your nameserver, which in turn is the heart of your server.
(more…)

Tags: backup, bind, dns, named

27 Apr 10 Disable recursion (public DNS) with Bind

I’ve just set up two new nameservers, and after only a few weeks, I’ve noticed that random IP addresses are hitting my nameservers requesting DNS records for 3rd party domains. What’s worse is that my nameservers are responding with the results.

To disable this in bind, add the following to the ‘options’ stanza within named.conf:

allow-recursion {”none”;};
recursion no;

Tags: bind, dns, named, recursion

25 Sep 09 PHP MySQL Developer – Using MySQLi Prepared Statements to Avoid SQL Injection

I’m going to demonstrate a very short and simple method of avoiding SQL Injection at the SQL query level. You’ll need MySQLi support, on Debian you can apt-get install php5-mysql will contain everything that you need, and would be installed by default with your LAMP Installation.
(more…)

Tags: apt-get, bind, blob, double, execute, integer, MySQL, mysqli, mysql_real_escape_string, object oriented, oo, PHP, prepared statements, sql injection, string

15 Dec 08 A BIND9 zonefile and commentary

I’m often asked for a copy of various zone files for Bind, that other users may use as a template. Here’s the zonefile for www.adamsinfo.com:

I’ll now cover each type of record briefly, and explain the ellusive decimal point.

The SOA or “start of authority” record indicates the domain name “adamsinfo.com” and the email address of the domain administrator “root@adamsinfo.com”, replacing the at symbol with a decimal point (this decimal point does not have the same meaning as those later on). There is only one SOA record allowed per domain. Contained within the SOA record is also a serial number, refresh, retry, expiry and TTL. The serial number is the ‘version’ of the zone. This is generally incremented each time the zone is updated. The refresh is used by the slave or secondary DNS server as an instruction on how often to update in seconds. The ‘retry’ is the length in seconds that the slave DNS server should wait before retrying to contact an unreachable primary DNS server. The expiry specifies how long until the slave DNS server stops responding to requests for this domain name, should the primary DNS server remain unreachable. If the primary DNS server becomes available again, the timer is reset. Lastly, the Negative TTL or ‘time to live’ value indicates how long the server will cache a NAME ERROR (NXDOMAIN) record. The longest permitted is 3h (10800 seconds).

On to the more simple records…
(more…)

Tags: a, adamsinfo.com, bind, bind9, cname, dns, mx, name error, ns, nxdomain, soa, ttl

14 Sep 08 Linux virtualization, vmware, xen, hosting, and squeezing the most out of your resources

I’d guess that 90% of hosting providers ‘oversell’. This essentially means that should they have 1,000GB allocated, they might offer 15 packages of 100Gb to 15 of their customers, banking on the fact that no one will fully use their 100GB allocation – Selling 5 Virtual Machines with 256MB RAM on a 1GB host, assuming that no one will use their full RAM allocation. This is bad, because you’ll generally be able to confirm that you’ve been allocated the resources, but nonetheless benchmark tests will show that you’re just not getting them, and your environment will be sluggish and unresponsive. This is the same as airlines selling 110 seats on a 100 seat plane. When that 101st paying customer does show up to claim his seat, he’s stuck without a flight.

The general consensus is that a VPS is a cheaper and lower-grade option than a dedicated service, however VPSs have a number of undisputable advantages over dedicated servers and I’m going to discuss why almost all the dedicated machines I manage are hosts for a range of VPSs.
(more…)

Tags: 10mbit, adamsinfo.com, advantages, allocation, apache2, backup service, benchmark, bind, cheap, client, co-locate, colocate, config, CPU, datacenter, debian, dedicated, dedicated servers, disk access, disk IO, endpoint, environment, exim, host, Hosting, hosting providers, Intel, kernel, kernel upgrade, mailserver, mppc, mppe, MySQL, named, noc, oversell, packages, php5, pptp, processor type, Quad Core, racks, reboot, remote services, routing, seek time, spamassassin, system administrator, tick speed, virtualization, vmware, vmware free server, vmware gsx, VPN, vps, xen, Xeon