Michael Brandonisio

Hello,

There may come a time when your DNS server is the authoritative DNS for a client or customer that has secured an IP block from a 3rd party, perhaps for T1 or DSL service. They want to use one of the IP addresses for an email server located in their office and have asked you to setup rDNS or Reverse DNS for the IP address specified. Since the IP address did not come from your ISP you cannot ask them to setup the rDNS for you. You must accept IP delegation and configure your DNS server to give an authoritative response.

Here are 3 links that helped me figure this out:
http://www.dnsstuff.com
http://www.faqs.org/rfcs/rfc2317.html
http://www.fdcservers.net/vbulletin/archive/index.php/t-578.html

I’m going to illustrate this using 10.x.x.x IP address ranges. This setup is for Bind DNS servers. You will be creating a zone for x.x.x.x.in-addr.arpa on your DNS server.

The scenario is that the client secured a new T1 line and wanted to use IP 10.0.142.162 for an email server in their office.

On your DNS server, open a terminal window. Then edited /etc/named.conf and added this to the end:

zone “160/28.142.0.10.in-addr.arpa” {
type master;
file “/var/named/142.0.10.in-addr.arpa.db”;
};

I have to admit that I do not fully understand why some delegations may be looking for zone 160/28.142.0.10.in-addr.arpa and others 142.0.10.in-addr.arpa. Both can contain the IP 10.0.142.162. It may have something to do with this delegation being a /28 giving the client 16 IP addresses with 14 usable starting from 10.0.142.160.

Save your changes then create a new zone DB named /var/named/142.0.10.in-addr.arpa.db

You can do this like this:

touch /var/named/142.0.10.in-addr.arpa.db

Then open /var/named/142.0.10.in-addr.arpa.db and add:

; Zone file for 160/28.142.0.10.in-addr.arpa
$TTL 14400
@      86400    IN      SOA     ns1.yournameserver.net. support.example.com. (
2008092801      ; serial, todays date+todays
14400           ; refresh, seconds
7200            ; retry, seconds
1209600         ; expire, seconds
86400 )         ; minimum, seconds
160/28.142.0.10.in-addr.arpa.         IN      84600   NS      ns1.yournameserver.net.
160/28.142.0.10.in-addr.arpa.         IN      84600   NS      ns2.yournameserver.net.

162.142.0.102.in-addr.arpa.           IN      14400   CNAME   162.160/28.142.0.102.in-addr.arpa.
162.160/28.142.0.10.in-addr.arpa.     IN      14400   PTR     mail.example.com.

Save and restart Bind. You can test your results here:
http://www.dnsstuff.com

Sincerely,
Mike

Hello,

If you are running a web site resource usage and performance can play a big part in your site visitors experience, namely their experience in how long it takes your web site’s pages to load. There are modules called GZip and mod_deflate for Apache web servers that will compress the data requested by a web browser using Zip compression to create a compress stream that is decompressed at the browsers end. This is server wide and effects all web services on the server. The result is less data sent from the server to the browser. This has two huge affects one, it can reduce bandwidth usage by as much as 75% and two, decrease page load times by a factor of 4. Here is some data on this BLOG:

URL: http://mbrando.com

File Size Comparison (in bytes):
Original size: 61964 bytes
Compressed size: 19077 bytes
Savings: 42887 bytes
Percentage saved by
compression: 70.0%
Transfer speed
improvement: 3.2 X

Dial-up Modem 56.0 Kbps - 8.645s vs. 2.661s
DSL/Cable Modem 256.0 Kbps - 1.891s vs. 0.582s

( Above data by: port80software.com )

Here are some links with additional information

GZip works with Apache 1.3x and Apache 2.x.
GZip Site Home
Compressing Web Output Using mod_gzip for Apache 1.3.x and 2.0.x

Apache 2.x comes with a module called mod_deflate.
Apahce 2.x documentation
Compressing Web Content with mod_gzip and mod_deflate

Sincerely,
Mike

Hello,

I run a few cPanel servers and run Munin as my resource monitor. At the time I wrote this the version included with cPanel was munin 1.24. Ever since I have installed the plugin from cPanel it would monitor MySQL upon first install and then stop if the server was reboot. Uninstalling and reinstalling would once again get Munin to monitor MySQL but having to uninstall and reinstall just for a reboot, just did not seem like something that you should have to do. After many months of on and off testing this is the fix I have come up with.

1. Create a MySQL user with a password that is NOT granted privilege to any DB. Simply create the user.
2. Create a file called /etc/munin/plugin-conf.d/munin-node
3. In the file /etc/munin/plugin-conf.d/munin-node put this:
   [mysql*]
   user root
   group wheel
   env.mysqladmin /usr/bin/mysqladmin
   env.mysqlopts -u [MySQL_usr] -p[MySQL_usrpassword]
4. Then Save. Where [MySQL_usr] is a valid MySQL user and [MySQL_usrpassword] is it’s password. Note that there is NO space between -p and the password. This is critical.

Now what about 30 minutes to an hour to allow the munin-node to gather enough info to have something to graph. Then go view your Munin graphs. All of your MySQL graphs should have something in them.

Sincerely,
Mike

Hello,

I’m sure the internet has changed quite a bit since you first unveiled your web site to the world. The technologies used to build web sites and internet presentations have also changed too. You may be thinking that the time is right to redesign your web site. A new look/ feel and fresh content will go far to better reflect your business services today. Make sure you have someone who understands search engine optimization involved with your project. This is very important for a web site redesign.

In the past it was possible to simply write code to display your pages properly in the few browsers available. Today if your web site enjoys any traffic that comes from the search engines, you want to keep it. This means that your REDESIGNED web site cannot have broken links that come from the search engines or dump all of your old site links to the home page. Doing so will impact your search engine ranking. This cause your rank to drop. For some business this could have a serious financial impact.

You need to redirect all of your old page to the new pages that have similar content. Often a web site is transitioned from a static HTML web site to a dynamically scripted web site like those coded with ASP, PHP, .net, Cold Fusion, Java to name a few server side scripting languages. Your old web site may have had links that looked like this:

http://www.example.com/folder/products.htm

or something similar. Your new site may simply have restructured how the pages are stored by changing the folder names or your web site is now dynamic. Either way you want your old web page links to be redirected to the new web page links. If you are running apache server you can use an htaccess file in the root of your public folder to preform the redirect of OLD to NEW. This is just one way to make use of htaccess files. Feel free to use your favorite search engine to find other htaccess tutorials for password protected folders or event URL rewriting.

How to use htaccess files with apache server for URL redirect

Create a plain text file named: .htaccess

in the root of your public folder. In this file you will use the following structure to create a redirect that tells the search engines that a permanent change to the old link has been made, meaning the old link is being redirected permanently. The format is action, error code, OLD URL, NEW URL. Each redirect is on its own line like this:

Redirect 301 /your_file_name.html http://www.example.com/index.php?a=12&b=39
Redirect 301 /file_name.htm http://www.example.com/index.php?a=657&b=354&c=234

If your OLD URL happened to have a space, %20, in the file name or folder name put the entire URL in double quotes like this:

Redirect 301 “/folder name/file name.htm” http://www.example.com/content/view/215/27/

This will allow the directive to be performed properly. With out double quote around the URL with a space it can cause an internal error 500 on the server. Often this error is associated with htaccess files the have invalid syntax.

Note:

1. 301 is the error code for a permanent redirect
2. The OLD URL starts with a forward slash
3. The NEW URL is a fully qualified URL
4. The new URL can also be on a different domain too.

That is all there is to it. Save your htaccess file and test it by access an old URL. It should redirect your browser without incident. Using the 301 error tells the search engines to update their index with the new URL.

Sincerely,
Mike

Hello,

I recently upgraded my servers to the cpanel 11 when I received a notice from cpanel that stated, “Unable to automaticlly update the mailer config…”. So I manually performed the upgrade only to discover that email was being handled very differently after the upgrade. No email that was marked as SPAM was was being delivered. Instead it was being dropped. This meant that there would be no way to check for a false positive email marked as SPAM. Normally spammy email has it’s subject rewritten to prefixed with, “[spam]“. This allowed the user to then use a filter in their email client to filter email with “[spam]” in the subject to a folder for later review. This would keep the inbox clean.

I did some research and found that this was a common issue with the new cPanel 11. After many hours of thinking that I may have to downgrade the server to cPanel 10, I found my answer in WHM. When you log into WHM as root there is a section called, “Service Configuration”. In this section you will find, “Exim Configuration Editor”.

In the “Exim Configuration Editor” page in the, “Mail” section just above the the buttons marked, “Visualized ACLs and Save” is an option to use the old old transport, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)”. When I first saw this and it said it was not recommended I looked for an alternative. I could not find one. I need my email spammy or not to be delivered to each users inbox for their review.

Check this option, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)” and click the save button. If you were previously using subject rewrites SPAM Assassin will again rewrite your subjects. You can also make use tof the X-Spam-Flag header for filtering this is a YES or NO value.

At least by doing this you can continue to make use of the NEW cPanel 11 features while monitoring the cPanel forums to see of the Exim ACL’s have been fixed to allow subject rewrites and delivery of email marked as SPAM.

Sincerely,
Mike

Hello,

No surprise here, Norton Personal Firewall blocks NetBIOS. The assumption by Norton Personal Firewall is that it is the only line of protection for your computer and the only you do not have a windows network. However, in an office environment any personal firewall can create a problem if the network is not planned properly and rollout policies noted. Often it is not enough to simple install a piece of software these days, especially a firewall. Once in stalled the default configure should be checked to verify compatibility with the installed environment.

For example, a client contacted me about having a new laptop added to the office network. They need drives mapped and the computer should be added to the domain. Their network is a domain controller with Active Directory. I was thinking it should take no more than an hour or so to get these tasks completed. It turned out to be more of a learning experience. To add, this was my first exposure to Windows Vista. It took me some time hunting around to find the tools I needed to get my work done. Once I found them, I ran into a road block. I could not get the laptop to join the domain. I threw a few darts left and right. They missed. I see that it is a NetBIOS issue. I could not reach the server by typing ‘\\server’. I could reach it by ‘\\192.168.0.10′. However NetBIOS is required for the domain controller to be found via it’s name space. I first thought a Firewall must be blocking NetBIOS but the Windows Firewall was off and I did not notice that this laptop had Norton Personal Firewall installed on it as well. It was a pre-installed 30-day trial. When I finally discovered Norton Personal Firewall was on, it all came together. Only when I turned off the Norton Personal Firewall was I able to use NetBIOS names and join the domain. This was not the fix but a confirmation that Norton Personal Firewall was blocking NetBIOS.

The 2 challenges that I was faced with was pre-installed trial software and a new operating system. I should have taking a few minutes to review what the laptop had installed on it from the manufacturer before starting my work.

My Personal opinion:
You can take a few routes. If the network is a new network and does not have a domain controller running on it, use all IP based URI’s (Universal Resource Identifier). This way you will not have to deal with NetBIOS issues, ever.

If you have an existing network and it does not have a domain controller running on it, update all your existing URI’s to IP based URI’s. It may take some time but this will set you up for the next item.

By running a personal firewall on all your workstations, even if your shared internet connection is protected via a router/ Firewall, will prevent worms and viruses from running rampant on your local network. This will add another level of protect for your workstations from those worms and viruses that are brought into the network on portable media like flash drives, CD-ROMs and good old fashion floppies disks. You may even go as far as blocking SMTP port 25 and configuring your email server to operate on an alternate port of 26 for outgoing mail. This will prevent viruses from emailing themselves from your network.

If you are in a network environment that makes use of NetBIOS names in URI’s extensively or has a Domain Controller running on the network, either unblock NetBIOS from your personal firewall or turn it off. Turning it off should only be done as a last resort since you will be more vulnerable without the firewall operating. Unblocking these port is less risky: 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service; 139-TCP-NetBIOS Session Service.

According to the Norton user guide, you need to organize your local computers, printer servers and servers into network zones. Place the local computers, printer servers and servers into your Norton Trusted zone. Do not place computers that connect over the internet in your trusted zone unless they are also running properly installed firewall software and can be trusted, really trusted. If a trusted computer is compromised your computer can be at risk.

Microsoft Personal Firewall also blocks NetBIOS. Here is a link to Microsoft Personal Firewall. It has more detailed information on how to unblock these ports.

This is not a definitive explanation of firewall rules or usage. You must consider your own risk comfort level before performing any of these tasks. Use at your own risk.

Sincerely,
Mike

Hello,

I have two computers in my life a Mac Mini and a Windows XP Pro computer. I do about 99% of my work on my mac. However there is the occasion when I need to use a windows only program like Web Position. I also use my windows computer to review web sites that I have created. I check them with windows browsers like Internet Explorer or Fire Fox to make make sure things render correctly. For many years I had a monitor, keyboard and mouse for each computer. It took up a lot of desk top space. Then Windows XP Pro came along.

Windows XP Pro has a built-in technology called Remote Desktop Protocol, RDP. If anyone remembers a product called Timbuktu, It is very similar to that. It allows you to access your Windows XP Pro computer remotely over a low bandwidth connection like dial up or any network connection for that matter. With the RDP client you can work on your computer as if you were sitting in front of it with the actual monitor, keyboard and mouse.

When I realized that I can do this over my home network, I was able to remove the Window’s XP Pro monitor, keyboard and mouse, freeing up a huge amount of desk space. What was even more shocking is that Microsoft has a RDP client for Mac. So all of you Mac users can make use of Windows computer as needed.

Here is what I did:

NOTE: These instructions worked for me. There may security considerations or other issues that I have not addressed here. Use these instructions at your own risk.

Preparing My Mac:

1. To prepare my Mac I went to Microsoft’s Mac Downloads and downloaded ‘Remote Desktop Connection Client 1.0.3 for Mac OS X‘. I then installed it on my Mac.
2. I upgraded my mouse to a 2 button wheel mouse. Windows uses RIGHT-CLICK for context menus.

To prepare my PC it was a little more work but worth it.

1. First set a password for any account that will be allowed remote access to your computer. To do this go the Start menu -> Control Panel and click. If you see the words ‘Pick a Category’ in the control panel, look in the left column for a link named ’switch to classic view’. Once clicked you will see a bunch of icons. Double click the ‘user accounts’ icon. From there follow the prompts to add a password to any account that will be allowed remote access. Close the account window when done.
2. Next confirm that your Windows computer is actual XP Pro. XP Home does not support this feature. If your control panel window is not open, go the Start menu -> Control Panel. If you see the words ‘Pick a Category’, look in the left column for a link named ’switch to classic view’. Once clicked you will see a bunch of icons. Double click the ’system’ icon. The window that pops up should read ‘Microsoft Windows XP Professional’. Keep this window open.
3. Turn on the ‘Remote Desk Top’ Protocol. To do this look at the tabs in the ’system’ window. Click the ‘Remote tab. The second item down is ‘Remote Desk Top’. Put a check next to the text that reads ‘Allow users to connect remotely to this computer.’
4. Select user to be allowed remote access. Click the button to ’select remote users’. The ‘Administrator’ should be allowed by default. To select more users click ‘Add’ -> then ‘Advanced’ -> then ‘Find Now’. You will see a list of all of the users on your computer. You can make multiple selections using the ‘Shift’ or ‘Control’ keys. Click ‘okay’ -> then ‘Okay’ -> then ‘Okay’ -> then ‘Okay’ a fourth time. Your Windows computer is now set to accept RDP connections and allow the selected users access the computer remotely.
5. Now we need to know the IP address of your windows computer. Go the control panel window. It should still be in ‘classic view’. Double click the icon named ‘network connections’. Double click the ‘local area connection’. Then click the tab named ’support’. The second item should read ‘IP Address’. Write down this IP Address. It should look something like 192.168.0.100 or 10.10.10.50.
6. Now armed with the IP Address return to your Mac. Launch the RDP client you previously installed. Enter the IP Address you wrote down from your windows computer in the computer field. Then click Connect. You should get a black window with a floating login prompt. If you use the number pad remember to click your ‘num lock’ key or the number pad will not work. Otherwise use the horizontal number across the top of the keyboard. Enter a user and Password. Then click ‘okay’. If the user is allowed remote connections and your typed your password correctly you should be logged in.

Now some of you may have noticed the word ‘Options’ below ‘computer’ in the Mac RDP client. Click on Options’ to set pre-login options. I’ll leave these to another day. Also if it is not obvious, your Mac and Windows computer need to be networked in someway. It could be wired Ethernet or wireless, but they do need to be networked. They can even be in different time zones. They may be connected via the internet. For this to work you might employ a VPN (virtual private network) or at the very least open the proper ports on your router and firewall to allow the connect to pass through. The default RDP port is 3389.

Now lets shut down your windows computer via your Mac so you can remove the monitor, keyboard and mouse. Right-click on the men bar. Select ‘task manager. look at the pull down menu options. Click Shutdown options -> Shutdown. During the shut down process your Mac will be disconnect. Once off, remove the extra hardware from your Windows computer. Store it. Do not get rid of it. Boot you Windows computer and test one more time. I changed the function of my power button on my windows computer so it goes to sleep instead of turning off. Happy Computing.

Sincerely,
Mike