To find open ports on a computer, you can use netstat command line.
1. To display all open ports, open DOS command, type netstat and press Enter.
2. To list all listening ports, use netstat -an |find /i "listening" command.
3. To see what ports your computer actually communicates with, use netstat -an |find /i "established"
4. To find specified open port, use find switch. For example, to find if the port 3389 is open or not, do netstat -an |find /i "3389".
5. You can use PULIST from the Windows Resource Kit to find which process is using a specified port. For example, pulist |find /i "4125" may display
Process PID User
test.exe 1124 system/user
Sunday, December 2, 2007
Wednesday, October 24, 2007
Sample Code to Kill/Destroy ASP sessions
Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the session ends
Try
'FormsAuthentication.SignOut()
Dim userObj As cUser = Session.Item("user")
If Not userObj Is Nothing Then
If Not Session("LogOut") = "True" Then
userObj.SaveUsageTrackingOnly(userObj.memberInfo.mUserName, "Session timeout", "Session timeout", "", , , Session("ClientAddress"))
End If
End If
userObj = Nothing
Session("Logout") = Nothing
'Reset system search session variable
Session("SystemSearchResult") = Nothing
Catch excobj As Exception
Dim j As Integer = 0
End Try
End Sub
' Fires when the session ends
Try
'FormsAuthentication.SignOut()
Dim userObj As cUser = Session.Item("user")
If Not userObj Is Nothing Then
If Not Session("LogOut") = "True" Then
userObj.SaveUsageTrackingOnly(userObj.memberInfo.mUserName, "Session timeout", "Session timeout", "", , , Session("ClientAddress"))
End If
End If
userObj = Nothing
Session("Logout") = Nothing
'Reset system search session variable
Session("SystemSearchResult") = Nothing
Catch excobj As Exception
Dim j As Integer = 0
End Try
End Sub
Saturday, October 20, 2007
Windows Server 2003 Remotely Restart Tricks:
go to CMD -> Shutdown
Switches:
-a - Abort Shutdown
-s - SHUTDOWN
-f - Force
-r - Restart
Example: Shutdown -a -m \\Machine_Name --- it will Abort Shutdown
C:\>shutdown /r /m \\Machine_Name ---- It will Restart machine
shutdown -s -m \\Machine_Name - Shuts down a remote machine called 'victim'
Note: The sequence of switches is important shutdown -m -s \\ machine does not work
For more details click Here
Switches:
-a - Abort Shutdown
-s - SHUTDOWN
-f - Force
-r - Restart
Example: Shutdown -a -m \\Machine_Name --- it will Abort Shutdown
C:\>shutdown /r /m \\Machine_Name ---- It will Restart machine
shutdown -s -m \\Machine_Name - Shuts down a remote machine called 'victim'
Note: The sequence of switches is important shutdown -m -s \\ machine does not work
For more details click Here
Saturday, October 13, 2007
How to Disable SMTP Service Socket Pooling
Use the Mdutil.exe utility that is located on the Windows 2000 CD-ROM distribution media to disable SMTP Service socket pooling:
1. Copy the Mdutil.ex_ file from the I386 folder on the Windows 2000 CD-ROM to the InetPub\Adminscripts folder on your local hard disk.
2. Open a command prompt, change the location to the folder in which you copied the Mdutil.ex_ file, and then type the following command:
expand mdutil.ex_ mdutil.exe
3. Type the following command at the command prompt, and then press ENTER:
mdutil.exe enum -path:smtpsvc
4. Type the following command at the command prompt, where number is the SMTP Service number for which you want to disable socket pooling, and then press ENTER:
mdutil set -path smtpsvc/number -value 1 -dtype 1 -prop 1029 -attrib 1
NOTES:
• Run this command for each virtual server with a different value for number if you have multiple SMTP virtual servers.
• When you type the command, do not include a space between "smtpsvc/" and "number".
5. In the IIS snap-in, change the listening address for SMTP Service to an internal interface on the server.
After you disable socket pooling and change the SMTP Service listening address, you can use Server Publishing rules to publish an internal SMTP server.
1. Copy the Mdutil.ex_ file from the I386 folder on the Windows 2000 CD-ROM to the InetPub\Adminscripts folder on your local hard disk.
2. Open a command prompt, change the location to the folder in which you copied the Mdutil.ex_ file, and then type the following command:
expand mdutil.ex_ mdutil.exe
3. Type the following command at the command prompt, and then press ENTER:
mdutil.exe enum -path:smtpsvc
4. Type the following command at the command prompt, where number is the SMTP Service number for which you want to disable socket pooling, and then press ENTER:
mdutil set -path smtpsvc/number -value 1 -dtype 1 -prop 1029 -attrib 1
NOTES:
• Run this command for each virtual server with a different value for number if you have multiple SMTP virtual servers.
• When you type the command, do not include a space between "smtpsvc/" and "number".
5. In the IIS snap-in, change the listening address for SMTP Service to an internal interface on the server.
After you disable socket pooling and change the SMTP Service listening address, you can use Server Publishing rules to publish an internal SMTP server.
Install the FrontPage Server Extensions for Windows
FrontPage Server Extensions are installed and configured by default in windows 2000. However, if the user has removed FrontPage Server Extensions or chose not to install them when Windows was installed, follow these steps to install and configure them:
Frontpage Installation steps are same for windows 2000 and 2003 server
1. In Control Panel -> double-click Add/Remove Programs.
2. In Add/Remove Programs -> click Add/Remove -> Windows Components.
3. Here click Internet Information Services (IIS)-> click Details
4. Select FrontPage 2000 Server Extensions -> click OK.
5. In the Windows Components Wizard, click Next.
6. Installation will run, you may need Windows 2000 Installation CD. Click Finish at last.
Note: Your system administrator account will be your Frontpage administrator.
Frontpage Installation steps are same for windows 2000 and 2003 server
1. In Control Panel -> double-click Add/Remove Programs.
2. In Add/Remove Programs -> click Add/Remove -> Windows Components.
3. Here click Internet Information Services (IIS)-> click Details
4. Select FrontPage 2000 Server Extensions -> click OK.
5. In the Windows Components Wizard, click Next.
6. Installation will run, you may need Windows 2000 Installation CD. Click Finish at last.
Note: Your system administrator account will be your Frontpage administrator.
Can I run my site created on Visual Studio .Net 2002 and .Net Framework 1.0. Planning to upgrade to Windows Server 2003 as Web Server?
Can I run my site created on Visual Studio .Net 2002 and .Net Framework 1.0. Planning to upgrade to Windows Server 2003 as Web Server?
Windows Server 2003 comes with .Net Framework 1.1, build 4322 pre-installed. This is the same version that comes with Visual Studio .Net 2003. It is possible that some of your code will fail on .Net Framework 1.1, as it is more secure, and you might have to change things to get your code to work. It is also possible to run .Net Framework 1.0 side-by-side with 1.1, until you have fixed your code to be 1.1 compatible.
Windows Server 2003 comes with .Net Framework 1.1, build 4322 pre-installed. This is the same version that comes with Visual Studio .Net 2003. It is possible that some of your code will fail on .Net Framework 1.1, as it is more secure, and you might have to change things to get your code to work. It is also possible to run .Net Framework 1.0 side-by-side with 1.1, until you have fixed your code to be 1.1 compatible.
I am getting error in using in asp file. I get error or similar:
IIS 6 is locked down by default. Parent Paths is a way for a hacker to navigate to a folder on the web server that has execute permissions, and in that way execute scripts that you normally shouldn't and wouldn't execute. If you enable this, make sure that you do not give execute permissions to a parent folder. To enable Parent Paths, follow these steps:
* Click Start->Programs->Administrative Tools->Internet Information Services
* Expand Web Sites and right click the web site you want to enable this for (i.e Default Web Site), click Properties
* Click the Home directory tab and click the Configuration button
* Click on the Options tab
* Check the box Enable Parent Paths
* Click Start->Programs->Administrative Tools->Internet Information Services
* Expand Web Sites and right click the web site you want to enable this for (i.e Default Web Site), click Properties
* Click the Home directory tab and click the Configuration button
* Click on the Options tab
* Check the box Enable Parent Paths
HTTP Error 404 - File or directory not found
Created a new *.ASP file but it is giving "HTTP Error 404 - File or directory not found". What is need to do?
By Default IIS 6 is lockdown, so you can not run asp, php scripts pages without enabling them in web service extension. Steps to enable ASP
* Click Start->Programs->Administrative Tools->Internet Information Services Manager
* Expand and click Web Service Extensions
* In the right pane, right click Active Server Pages and select Allow
By Default IIS 6 is lockdown, so you can not run asp, php scripts pages without enabling them in web service extension. Steps to enable ASP
* Click Start->Programs->Administrative Tools->Internet Information Services Manager
* Expand
* In the right pane, right click Active Server Pages and select Allow
ASP.NET Installation
ASP.NET Installation Steps for IIS:
If you install ASP.NET you will get it in the Web Service Extensions. To install it, follow these steps:
* Go to Control Panel, and double click Add or Remove Programs
* Click Add/Remove Windows Components
* Highlight Application Server and click Details
* Select to install ASP.NET and click OK
* Click Next, then click Finish
* Go to IIS, Click on Web Service Extension. Allow ASP.NET here.
If you install ASP.NET you will get it in the Web Service Extensions. To install it, follow these steps:
* Go to Control Panel, and double click Add or Remove Programs
* Click Add/Remove Windows Components
* Highlight Application Server and click Details
* Select to install ASP.NET and click OK
* Click Next, then click Finish
* Go to IIS, Click on Web Service Extension. Allow ASP.NET here.
Why is the date and time stamp on entries in the Internet Information Services (IIS) log file wrong with several hours?
If you have selected log file format as W3C Extended Log File Format, the date and time stamp will be in GMT. Solutions for this, either change the logging format or use the "convlog" utility to add the GMT offset in the log files.
For more details click here
For more details click here
I am getting "snap-in failed to initialize" when starting IIS Manager, how can I start IIS Manager?
The complete error message is:
Snap-in failed to initialize.
Name:
CLSID:{A841B6C2-7577-11D0-BB1F-00A0C922E79C}
To solve this problem, re-register the inetmgr.dll file.
* Click Start->Run, type cmd and press ENTER
* Type regsvr32 %systemroot%\system32\inetsrv\inetmgr.dll and press ENTER
Snap-in failed to initialize.
Name:
CLSID:{A841B6C2-7577-11D0-BB1F-00A0C922E79C}
To solve this problem, re-register the inetmgr.dll file.
* Click Start->Run, type cmd and press ENTER
* Type regsvr32 %systemroot%\system32\inetsrv\inetmgr.dll and press ENTER
Thursday, October 11, 2007
Opening the Port on Windows server 2003
Steps are: -
1. Go to Start à Control Panel à Administrative Tools à Services
Select the “Windows Firewall/Internet Connection Sharing (ICS)” service and right click then start the service.
2. Please run the following command from MS DOS prompt
> netsh firewall add portopening TCP 7799 "Application_Name"
"Application_Name" - your application for which you are opening port. Need to use without Quotes.
3. After the command executed successful, stop the ‘Windows Firewall/Internet Connection Sharing (ICS)’ service by right clicking the service and click on Stop menu (refer below screenshot).
1. Go to Start à Control Panel à Administrative Tools à Services
Select the “Windows Firewall/Internet Connection Sharing (ICS)” service and right click then start the service.
2. Please run the following command from MS DOS prompt
> netsh firewall add portopening TCP 7799 "Application_Name"
"Application_Name" - your application for which you are opening port. Need to use without Quotes.
3. After the command executed successful, stop the ‘Windows Firewall/Internet Connection Sharing (ICS)’ service by right clicking the service and click on Stop menu (refer below screenshot).
Thursday, September 13, 2007
Steps to register the DLL in COM+ Applications Component Services.
Steps to register the DLL in COM+ Applications Component Services are:
1. Stop Website to prevent use of site
2. Shutdown the Website application in Component Services
- Start -> Settings -> Control Panel-> Administrative Tools -> Component services
- Under Component Services -> My Computer -> COM+ Applications you must see 'Website'
3. The ‘example.dll’ is Unregistered from the appropriate folder. The dll is found in the folder 'website' under Inetpub
Regsvr32 /u
4. Take the backup of the example.dll and delete the unregistered DLL from the 'website' folder under Inetpub
5. Also, delete ‘exampledll.Report’ from the MTS package COM + application of component services
6. Copy the dll form Source and Paste the modified DLL into 'website' DLL lcoation folder on the destination (Prod) webserver.
7. Register the modified DLL
Regsvr32
8. Drag and Drop the DLL into the COM+ application of component Services window
9. Start the Website COM+ application
10. Start the website in the 'IIS' manager.
1. Stop Website to prevent use of site
2. Shutdown the Website application in Component Services
- Start -> Settings -> Control Panel-> Administrative Tools -> Component services
- Under Component Services -> My Computer -> COM+ Applications you must see 'Website'
3. The ‘example.dll’ is Unregistered from the appropriate folder. The dll is found in the folder 'website' under Inetpub
Regsvr32 /u
4. Take the backup of the example.dll and delete the unregistered DLL from the 'website' folder under Inetpub
5. Also, delete ‘exampledll.Report’ from the MTS package COM + application of component services
6. Copy the dll form Source and Paste the modified DLL into 'website' DLL lcoation folder on the destination (Prod) webserver.
7. Register the modified DLL
Regsvr32
8. Drag and Drop the DLL into the COM+ application of component Services window
9. Start the Website COM+ application
10. Start the website in the 'IIS' manager.
Saturday, September 8, 2007
Forgot mysql root password change Mysql root password in a Unix environment,
In a Unix environment, the procedure for resetting the root password is as follows:
MySQL Enterprise. For expert advice on security-related issues, subscribe to the MySQL Enterprise Monitor. For more information see http://www.mysql.com/products/enterprise/advisors.html.
1. Log on to your system as either the Unix root user or as the same user that the mysqld server runs as.
2. Locate the .pid file that contains the server's process ID. The exact location and name of this file depend on your distribution, hostname, and configuration. Common locations are /var/lib/mysql/, /var/run/mysqld/, and /usr/local/mysql/data/. Generally, the filename has the extension of .pid and begins with either mysqld or your system's hostname.
You can stop the MySQL server by sending a normal kill (not kill -9) to the mysqld process, using the pathname of the .pid file in the following command:
shell> kill `cat /mysql-data-directory/host_name.pid`
Note the use of 'backticks' rather than forward quotes with the cat command; these cause the output of cat to be substituted into the kill command.
3. Create a text file and place the following command within it on a single line:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');
Save the file with any name. For this example the file will be ~/mysql-init.
4. Restart the MySQL server with the special --init-file=~/mysql-init option:
shell> mysqld_safe --init-file=~/mysql-init &
The contents of the init-file are executed at server startup, changing the root password. After the server has started successfully you should delete ~/mysql-init.
5. You should be able to connect using the new password.
Alternatively, on any platform, you can set the new password using the mysql client(but this approach is less secure):
Stop mysqld and restart it with the --skip-grant-tables --user=root options (Windows users omit the --user=root portion).
Connect to the mysqld server with this command:
shell> mysql -u root
Issue the following statements in the mysql client:
mysql> UPDATE mysql.user SET Password=PASSWORD('newpwd')
-> WHERE User='root';
mysql> FLUSH PRIVILEGES;
Replace “newpwd” with the actual root password that you want to use.
6. You should be able to connect using the new password
MySQL Enterprise. For expert advice on security-related issues, subscribe to the MySQL Enterprise Monitor. For more information see http://www.mysql.com/products/enterprise/advisors.html.
1. Log on to your system as either the Unix root user or as the same user that the mysqld server runs as.
2. Locate the .pid file that contains the server's process ID. The exact location and name of this file depend on your distribution, hostname, and configuration. Common locations are /var/lib/mysql/, /var/run/mysqld/, and /usr/local/mysql/data/. Generally, the filename has the extension of .pid and begins with either mysqld or your system's hostname.
You can stop the MySQL server by sending a normal kill (not kill -9) to the mysqld process, using the pathname of the .pid file in the following command:
shell> kill `cat /mysql-data-directory/host_name.pid`
Note the use of 'backticks' rather than forward quotes with the cat command; these cause the output of cat to be substituted into the kill command.
3. Create a text file and place the following command within it on a single line:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');
Save the file with any name. For this example the file will be ~/mysql-init.
4. Restart the MySQL server with the special --init-file=~/mysql-init option:
shell> mysqld_safe --init-file=~/mysql-init &
The contents of the init-file are executed at server startup, changing the root password. After the server has started successfully you should delete ~/mysql-init.
5. You should be able to connect using the new password.
Alternatively, on any platform, you can set the new password using the mysql client(but this approach is less secure):
Stop mysqld and restart it with the --skip-grant-tables --user=root options (Windows users omit the --user=root portion).
Connect to the mysqld server with this command:
shell> mysql -u root
Issue the following statements in the mysql client:
mysql> UPDATE mysql.user SET Password=PASSWORD('newpwd')
-> WHERE User='root';
mysql> FLUSH PRIVILEGES;
Replace “newpwd” with the actual root password that you want to use.
6. You should be able to connect using the new password
Forgot Mysql root password change Mysql root password using mysqld
If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. However, it is recommended to set a password for each & every account.
If you set a root password previously, but have forgotten it, you can reset old password. The following procedure is for Windows systems. The procedure under Windows:
1. Log on to your system as Administrator.
2. Stop the MySQL server if it is running. For a server that is running as a Windows service, go to the Services manager:
Start Menu -> Control Panel -> Administrative Tools -> Services
Then find the MySQL service in the list, and stop it.
If your server is not running as a service, you may need to use the Task Manager to force it to stop.
3. Create a text file and place the following command within it on a single line:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');
Save the file with any name. For this example the file will be C:\mysqlchpwd.txt.
4. Open a console window to get to the DOS command prompt:
Start Menu -> Run -> cmd
5. We are assuming that you installed MySQL to c:\mysql If you installed MySQL to another location, adjust the following commands accordingly.
At the DOS command prompt, execute this command:
C:\> C:\mysql\bin\mysqld-nt --init-file=C:\mysqlchpwd.txt
The contents of the file named by the --init-file option are executed at server startup, changing the root password. After the server has started successfully, you should delete C:\mysqlchpwd.txt.
If you install MySQL using the MySQL Installation Wizard, you may need to specify a --defaults-file option:
C:\> "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe"
--defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini"
--init-file=C:\mysql-init.txt
The appropriate --defaults-file setting can be found using the Services Manager:
Start Menu -> Control Panel -> Administrative Tools -> Services
Find the MySQL service in the list, right-click on it, and choose the properties option. The path to executable field contains the --defaults-file setting.
6. Stop the MySQL server, then restart it in normal mode again. If you run the server as a service, start it from the Windows Services window. If you start the server manually, use whatever command you normally use.
You should be able to connect using the new password.
If you set a root password previously, but have forgotten it, you can reset old password. The following procedure is for Windows systems. The procedure under Windows:
1. Log on to your system as Administrator.
2. Stop the MySQL server if it is running. For a server that is running as a Windows service, go to the Services manager:
Start Menu -> Control Panel -> Administrative Tools -> Services
Then find the MySQL service in the list, and stop it.
If your server is not running as a service, you may need to use the Task Manager to force it to stop.
3. Create a text file and place the following command within it on a single line:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');
Save the file with any name. For this example the file will be C:\mysqlchpwd.txt.
4. Open a console window to get to the DOS command prompt:
Start Menu -> Run -> cmd
5. We are assuming that you installed MySQL to c:\mysql If you installed MySQL to another location, adjust the following commands accordingly.
At the DOS command prompt, execute this command:
C:\> C:\mysql\bin\mysqld-nt --init-file=C:\mysqlchpwd.txt
The contents of the file named by the --init-file option are executed at server startup, changing the root password. After the server has started successfully, you should delete C:\mysqlchpwd.txt.
If you install MySQL using the MySQL Installation Wizard, you may need to specify a --defaults-file option:
C:\> "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe"
--defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini"
--init-file=C:\mysql-init.txt
The appropriate --defaults-file setting can be found using the Services Manager:
Start Menu -> Control Panel -> Administrative Tools -> Services
Find the MySQL service in the list, right-click on it, and choose the properties option. The path to executable field contains the --defaults-file setting.
6. Stop the MySQL server, then restart it in normal mode again. If you run the server as a service, start it from the Windows Services window. If you start the server manually, use whatever command you normally use.
You should be able to connect using the new password.
Different tricks: How to Change the MySQL Password using command prompt
Setting up mysql password is one of the essential tasks. root user is MySQL admin account. Remember Linux/UNIX login root account for your operating system and MySQL root are different. They are separate and have nothing to do with each other (indeed some admin removes root account and setup admin as mysql super user).
Method # 1
If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:
$ mysqladmin -u root password NEWPASSWORD However if you want to change (or update) a root password, then you need to use following command:
$ mysqladmin -u root -p oldpassword newpass Enter password:
To change a normal user password you need to type (let us assume you would like to change password for pcsmitpra):
$ mysqladmin -u pcsmitpra -p oldpassword newpass Method # 2:
MySQL stores username and passwords in user table within MySQL database. You can directly update password using following method to update or change password for user pcsmitpra:
1) Login to mysql server, type following command at shell prompt:
$ mysql -u root -p 2) Use mysql database (type command at mysql> prompt):
mysql> use mysql; 3) Change password for user pcsmitpra:
mysql> update user set password=PASSWORD("NEWPASSWORD") where User='pcsmitpra'; 4) Reload privileges (very important), this method you need to use while using PHP or Perl scripting.:
mysql> flush privileges;
mysql> quit
Your comments are valuable for me.
Thursday, September 6, 2007
Script to change the https to http for PASSWORD change page
By default the password change pages require SSL.
You can change the PasswordChangeFlags to enable non-secure password changing:
cscript c:\inetpub\adminscripts\adsutil.vbs set w3svc/passwordchangeflags 1
The value defaults to 6 which means password change is disabled and no advance notice is given.
A value of 1 means allow non-secure password change and give notice prior to password expiring.
You can change the PasswordChangeFlags to enable non-secure password changing:
cscript c:\inetpub\adminscripts\adsutil.vbs set w3svc/passwordchangeflags 1
The value defaults to 6 which means password change is disabled and no advance notice is given.
A value of 1 means allow non-secure password change and give notice prior to password expiring.
Friday, August 31, 2007
PRB: Server Object Error 'ASP 0178 : 800a0005' From WebClasses
SYMPTOMS
When debugging a WebClass from the Visual Basic IDE, the following error occurs:
Server object error 'ASP 0178 : 800a0005'
Server.CreateObject Access Error
/Temp/WebClass1.ASP, line 14
The call to Server.CreateObject failed while checking permissions.
Access is denied to this object.
You might also notice a Transaction Server Error entry in the NT Application Event Log. The details of the error message should look similar to this: Server.CreateObject Access Error
/Temp/WebClass1.ASP, line 14
The call to Server.CreateObject failed while checking permissions.
Access is denied to this object.
Failed on creation from object context: IClassFactory::CreateInstance
(ProgId: Project1.WebClass1) (CLSID: {C2B16A1D-3C8F-11D2-8015-
00C04FB9D877}) (Interface: IUnknown) (IID: {00000000-0000-0000-C000-
000000000046}) (Microsoft Transaction Server Internals Information: File:
d:\viper\src\runtime\context\ccontext.cpp, Line: 1220)
(ProgId: Project1.WebClass1) (CLSID: {C2B16A1D-3C8F-11D2-8015-
00C04FB9D877}) (Interface: IUnknown) (IID: {00000000-0000-0000-C000-
000000000046}) (Microsoft Transaction Server Internals Information: File:
d:\viper\src\runtime\context\ccontext.cpp, Line: 1220)
RESOLUTION
You need to give the IUSR_| 1. | Launch DCOMCNFG by clicking the Start button, selecting Run, and typing Dcomcnfg.exe in the Run dialog box. |
| 2. | In the Default Security tab, click Edit Default in the Default Access Permissions frame. The Registry Value Permissions dialog box appears. |
| 3. | Add the IUSR_ |
| 4. | In the Default Security tab, click Edit Default in the Default Launch Permissions frame. The Registry Value Permissions dialog box appears. |
| 5. | Add the IUSR_ |
| 6. | Close and re-open Visual Basic. |
Reference: http://support.microsoft.com/kb/192152
Thursday, August 30, 2007
System.Web.HttpRequestValidationException : A potentially dangerous Request.Cookies value was detected from the client
Solution:
Entry need to made in web.config
Complete details are mentioned here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;821343
Error details:
1. This application is using ASP.NET 1.1.4 version.
2. is enabled in "web.config" file.
3. .NET running under ASP.NET user account.
4. We got following error during Perf duration on application :
" System.Web.HttpRequestValidationException : A potentially dangerous Request.Cookies value was detected from the client (SMSESSION="...d74c2ihfD7oNQ==")"
What is ValidateRequest is a nice feature that tells ASP.NET whether to examine all data from the browser for potentially malicious input — particularly anything that looks like HTML or scripting that form the basis for many types of attacks, such as cross-site scripting. By introducing validateRequest and setting it to true by default, Microsoft has very effectively put a halt to some of the most common Web site attacks. But with such efficiency comes some costs.
Problem with validateRequest
1). You’ll get an exception of “A potentially dangerous Request.Form value was detected from the client” when it detects unencoded input.
2). Another problem with validateRequest set to true is that it is a rather broad and stupid protection, erring on the side of catching too much rather than letting something dangerous slide by.
How to disable validateRequest
1). You can do this for a single page by setting it to false in the page directive:
<%@ Page ... validateRequest="false" %>
2). You can also set it to false for the entire application by including it in the pages element in the section of your web.config file:
Aftermath Of Disabling ValidateRequest
Setting validateRequest to false stops the “potentially dangerous” message, but opens your apps to attacks. If you take this step, you must take responsibility for protecting your app from attack. There are several ways to accomplish this:
· HTML encode all input from the browser. This is pretty easy to accomplish, because the Server object has HtmlEncode and HtmlDecode methods. Encode all text input because it’s quite easy to send bogus HTTP posts and gets.
· Use ASP.NET server validation controls rigorously. In particular, use the regular expression validator to prevent illegal characters wherever you can. Be careful, however, of trying to prevent only characters known to be used in attacks, such as <>, because then you won’t be protected against new attacks.
· Don’t use only client-side validation. Again, it is far too easy to send bogus data, bypassing those client-side protections.
· Always encode tests that you display back to the user. This will help prevent cross-site scripting attacks.
Solution of Aftermath
Request Validation - Preventing Script Attacks
http://www.asp.net/learn/whitepapers/request-validation/#2
Reference:
1. Article on Net
2. Article from MS - http://support.microsoft.com/default.aspx?scid=kb;en-us;821343
3. http://forums.asp.net/p/389708/389721.aspx
Entry need to made in web.config
Complete details are mentioned here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;821343
Error details:
1. This application is using ASP.NET 1.1.4 version.
2.
3. .NET running under ASP.NET user account.
4. We got following error during Perf duration on application :
" System.Web.HttpRequestValidationException : A potentially dangerous Request.Cookies value was detected from the client (SMSESSION="...d74c2ihfD7oNQ==")"
What is ValidateRequest is a nice feature that tells ASP.NET whether to examine all data from the browser for potentially malicious input — particularly anything that looks like HTML or scripting that form the basis for many types of attacks, such as cross-site scripting. By introducing validateRequest and setting it to true by default, Microsoft has very effectively put a halt to some of the most common Web site attacks. But with such efficiency comes some costs.
Problem with validateRequest
1). You’ll get an exception of “A potentially dangerous Request.Form value was detected from the client” when it detects unencoded input.
2). Another problem with validateRequest set to true is that it is a rather broad and stupid protection, erring on the side of catching too much rather than letting something dangerous slide by.
How to disable validateRequest
1). You can do this for a single page by setting it to false in the page directive:
<%@ Page ... validateRequest="false" %>
2). You can also set it to false for the entire application by including it in the pages element in the
Aftermath Of Disabling ValidateRequest
Setting validateRequest to false stops the “potentially dangerous” message, but opens your apps to attacks. If you take this step, you must take responsibility for protecting your app from attack. There are several ways to accomplish this:
· HTML encode all input from the browser. This is pretty easy to accomplish, because the Server object has HtmlEncode and HtmlDecode methods. Encode all text input because it’s quite easy to send bogus HTTP posts and gets.
· Use ASP.NET server validation controls rigorously. In particular, use the regular expression validator to prevent illegal characters wherever you can. Be careful, however, of trying to prevent only characters known to be used in attacks, such as <>, because then you won’t be protected against new attacks.
· Don’t use only client-side validation. Again, it is far too easy to send bogus data, bypassing those client-side protections.
· Always encode tests that you display back to the user. This will help prevent cross-site scripting attacks.
Solution of Aftermath
Request Validation - Preventing Script Attacks
http://www.asp.net/learn/whitepapers/request-validation/#2
Reference:
1. Article on Net
2. Article from MS - http://support.microsoft.com/default.aspx?scid=kb;en-us;821343
3. http://forums.asp.net/p/389708/389721.aspx
Saturday, August 25, 2007
ASP_0147|500_Server errors
"not enough storage" is generally a memory problem which sounds about right looking at your memory usage. It sounds like part of your site has a memory leak (i.e. failing to release resources).
What you can try is switching the application protection on content directories you think -may- have problem content over to high. (IIS Management console, right click directory, properties, Home/Virtual Directory, "Application Protection").
This will set each of the directories up in separate memory spaces and each will show up as a separate component in component services. The other benefit is that one "application" crashing should not cause the whole site to fall over.
Identify the problem dllhost.exe thread in task manager or use performance monitor logging to track memory use over time.
Get the process id (pid) of the problem dllhost.exe and then open the component services
snapin for mmc.
Drill down to "com+ applications" and switch your view on the right hand side over to "status view" to show the process id's of each thread. Match up the name column to the pid you identified earlier and you've found your problem site.
Then you need to look at your code and pinpoint the problem. The best place to start is making your code more efficient, if you need some ideas let me know.
What you can try is switching the application protection on content directories you think -may- have problem content over to high. (IIS Management console, right click directory, properties, Home/Virtual Directory, "Application Protection").
This will set each of the directories up in separate memory spaces and each will show up as a separate component in component services. The other benefit is that one "application" crashing should not cause the whole site to fall over.
Identify the problem dllhost.exe thread in task manager or use performance monitor logging to track memory use over time.
Get the process id (pid) of the problem dllhost.exe and then open the component services
snapin for mmc.
Drill down to "com+ applications" and switch your view on the right hand side over to "status view" to show the process id's of each thread. Match up the name column to the pid you identified earlier and you've found your problem site.
Then you need to look at your code and pinpoint the problem. The best place to start is making your code more efficient, if you need some ideas let me know.
Thursday, August 23, 2007
IIS Hung
IIS (All threads) is hanging on enabling asp.net 2.0 for any new website running on asp.net 1.1.
Could you suggest us the possible cause?
Ans: - It hangs because 1. it locks the metabase, and 2 it doesn't change the
app pool that causes the 1.1 pool to lock up and then need a restart
It is why we use the workaround method manually changing the entries,
it takes longer but works better.
How to change Terminal Server's listening port
Use Registry Editor at your own risk.
To change the default port for all new connections created on the Terminal Server:
To change the default port for all new connections created on the Terminal Server:
| 1. | Run Regedt32 and go to this key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp NOTE: The above registry key is one path; it has been wrapped for readability. | ||
| 2. | Find the "PortNumber" subkey and notice the value of 00000D3D, hex for (3389). Modify the port number in Hex and save the new value. To change the port for a specific connection on the Terminal Server:
| ||
| 3. | Find the "PortNumber" subkey and notice the value of 00000D3D, hex for (3389). Modify the port number in Hex and save the new value. NOTE: Because the use of alternate ports has not been fully implemented for Terminal Server 4.0, support will be provided as "reasonable effort" only, and Microsoft may require you to set the port back to 3389, if any problems occur. Use Registry Editor at your own risk. |
SMTP Authentication in CDOSYS
SMTP Authentication in CDOSYS
eMail = new MailMessage();
eMail.BodyFormat = MailFormat.Text;
eMail.From = user@yourdomain.com;
eMail.Fields[http://schemas.microsoft.com/cdo/configuration/smtsperver]= "mail.yourdomain.com";
eMail.Fields["http://schemas.microsoft.com/cdo/configuration/smtpserverport"] = 25;
eMail.Fields["http://schemas.microsoft.com/cdo/configuration/sendusing"] = 2;
if (SMTPUser != null && SMTPPassword != null)
{
eMail.Fields["http://schemas.microsoft.com/cdo/configuration/smtpauthenticate"] = 1;
eMail.Fields["http://schemas.microsoft.com/cdo/configuration/sendusername"] ="user@yourdomain.com";
eMail.Fields["http://schemas.microsoft.com/cdo/configuration/sendpassword"] ="userpasssword";
}
eMail.To = "recipients";
SmtpMail.SmtpServer = SMTPServerName;
SmtpMail.Send(eMail);
DNS Records Explained with Examples
DNS Records Explained with Examples
DNS (Domain Name System), is the service which translates between Internet names and Internet addresses.
Internet names are the names which we use to refer to hosts on the Internet, such as www.debianhelp.co.uk.
Internet addresses are the numbers which routers use to move traffic across the Internet, such as 211.1.13.115 and
What are DNS Records ?
DNS records or Zone files are used for mapping URLs to an IPs. Located on servers called the DNS servers, these records are typically the connection of your website with the outside world. Requests for your website are forwarded to your DNS servers and then get pointed to the WebServers that serve the website or to Email servers that handle the incoming email.
Different Types of DNS Records With Syntax and Examples
Types of DNS Records
A
AAAA
CNAME
MX
PTR
NS
SOA
SRV
TXT
NAPTR
Record Type Description
SOA Required for every domain. Stores information about DNS itself for the domain.
NS Stores information used to identify the name servers in the domain that store information for that domain.
A Stores the host name and IP address of individual hosts in the domain. This is the record used to translate host names to IP addresses
CNAME Stores additional host names, or aliases, for hosts in the domain.
MX Stores information about where mail for the domain should be delivered.
PTR Stores the IP address and host name of individual hosts in the domain. Used to translate IP addresses into host names.
Host Information (HINFO) Stores information about the hardware for specific hosts.
Well Known Services (WKS) Stores information about the various network services available from hosts in the domain.
Text Information (TXT) Stores up to 256 characters of text per line.
Responsible Person (RP) Stores information about the person responsible for the domain.
The above DNS records are mostly used in all DNS Configurations. Now we will see each one with examples.
A Record
An A record or address record.
Address Record, assigns an IP address to a domain or subdomain name. When the domain name system was designed it was recommended that no two A records refer to the same IP address.
Suppose you have the somedomain.tld domain and want to assign 10.10.0.1 IP address to your web server, then you should create an A record with "www.somedomain.tld" as Fully Qualified Domain Name and "10.10.0.1" in the value field.
From now on, all the requests for www.somedomain.tld will be sent to a server with that IP.
Basically is useful to use an A record when you have subdomains residing on various systems.
Usefultip: you might use a "*.somedomain.tld" A record to allow WHATEVER.somedomain.tld to be resolved to your IP, though a wildcard CNAME record is often better than a wildcard A record.
Example of A Record with Syntax
example.com. IN A 69.9.64.11
Where
IN indicates Internet
A indicates the Address record.
The above example indicate that the IP Address for the domain example.com is 69.9.64.11
AAAA Record
An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.
The regular DNS Address resource record is defined for a 32-bit IPv4 address, so a new one was created to allow a domain name to be associated with a 128-bit IPv6 address. The four “A”s (“AAAA”) are a mnemonic to indicate that the IPv6 address is four times the size of the IPv4 address. The AAAA record is structured in very much the same way as the A record in both binary and master file formats; it is just much larger. The DNS resource record Type value for AAAA is 28.
Example of AAAA Record with Syntax
The AAAA record is to help transition and coexistence between IPv4 and IPv6 networks.An IPv4 nameserver can provide IPv6 addresses:
linux aaaa 3ffe:1900:4545:2:02d0:09ff:fef7:6d2c
CNAME Record
A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.
You should use a CNAME record whenever you want associate a new subdomain to an already existing A record; i.e. you can make "www.somedomain.tld" to "somedomain.tld", which should already have been assigned an IP with an A record.
This allows you to have as many subdomains as you wish without having to specify the IP for every record. Use a CNAME if you have more services pointing to the same IP. This way you will have to update only one record in the convenience of a change of IP address.
Example of a CNAME record: "stuff.everybox.com CNAME www.everybox.com" where 'www.everybox.com' is an A record listing an IP address, and 'stuff.everybox.com' points to 'www.everybox.com'. It will NOT allow you to foward a domain to a specific web page. Use a webhop for that. Port numbers can be changed with webhops, as well; CNAMEs cannot change the HTTP default of 80 to any other port number.
Do not use CNAME defined hostnames in MX records. For example, this is not recommended
Example Of CNAME With syntax
mail.example.com IN CNAME mail.example.net
where
IN indicates Internet
CNAME indicates CNAME record.
MX Record
An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
Example with MX Record Syntax - Single mail servers
mydomain.com. 14400 IN MX 0 mydomain.com.
The MX record shows that all emails @ mydomain.com should be routed to the mail server at mydomain.com. The DNS record shows that mydomain.com is located at 26.34.9.14. This means that email meant for test@mydomain.com will be routed to the email server at 26.34.9.14. This finishes the task of the MX record. The email server on that server then takes over, collects the email and then proceeds to distribute it to the user ``test''.
It is important that there be a dot(``.'') after the domain name in the MX record. If the dot is absent, it routes to ``mydomain.com.mydomain.com''. The number 0, indicates Preferance number. Mail is always routed to the server which has the lowest Preferance number. If there is only one mail server, it is safe to mark it 0.
Using Multiple mail servers
If you want to use multiple mail servers you have to use MX record preferences.The MX record preference values indicate which mail server to use and in which order to try them when they fail or don't respond. A larger preference number is less preferred. Thus, a mail exchanger with a preference of zero (0) is always preferred over all other mail exchangers. Setting preference values to equal numbers makes mail servers equally preferred.
Example with MX Record Syntax - Multiple mail servers
mydomain.com. 14400 IN MX 0 mydomain.com.
mydomain.com. 14400 IN MX 30 server2.mydomain.com
You can have unlimited MX entries for Fallback or backup purpose.If all the MX records are equal Preference numbers, the client simply attempts all equal Preference servers in random order, and then goes to MX record with the next highest Preference number.
PTR Record
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address. For example www.name.net has the IP address 122.0.3.16, but a PTR record maps 16.3.0.122.in-addr.arpa.
Example of PTR Record with syntax
16.3.0.122.in-addr.arpa. IN PTR name.net
Here as you see the IP Address is reversed and added with in-addr.arpa and this has come to the left side while the actual domain name has gone to right side of IN PTR.
This is mostly used as a security and an anti-spam measure wherein most of the webservers or the email servers do a reverse DNS lookup to check if the host is actually coming from where it claims to come from. It is always advisable to have a proper reverse DNS record (PTR) is been setup for your servers especially when you are running a mail / smtp server.
NS Record
An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.
NS Record Name Server Record which indicates the Authoritative Name Servers for a particular Domain. The NS records of the Authoritative Name Server for any given Domain will be listed on the Parent Server. These are called as the Delegation Records as these records on the Parent Server indicates the delegation of the domain to the Authoritative servers.
The NS record will also be listed in the Zone records of the Authoritative Name Server itself. These records are called as the Authoritative Records.
The NS records found on the Parent Server should match the NS records on the Authoritative Server as well. However, you can have NS records listed on the Authoritative server that is not listed in the Parent Server. This arrangement is normally used to configure Stealth Name Servers.
Example of NS Record With syntax
example.com. IN NS ns1.live.secure.com.
where
IN indicates the Internet
NS indicates the type of record which Name Server record
The above indicates that the ns1.live.secure.com is the authoritative server for the domain example.com
SOA Record
An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
An SOA(State of Authority) Record is the most essential part of a Zone file. The SOA record is a way for the Domain Administrator to give out simple information about the domain like, how often it is updated, when it was last updated, when to check back for more info, what is the admins email address and so on. A Zone file can contain only one SOA Record.
A properly optimized and updated SOA record can reduce bandwidth between nameservers, increase the speed of website access and ensure the site is alive even when the primary DNS server is down.
Example of SOA Record with syntax
Here is the SOA record. Notice the starting bracket ``(``. This has to be on the same line, otherwise the record gets broken.
; name TTL class rr Nameserver email-address
mydomain.com. 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (
2004123001 ; Serial number
86000 ; Refresh rate in seconds
7200 ; Update Retry in seconds
3600000 ; Expiry in seconds
600 ; minimum in seconds )
name - mydomain.com is the main name in this zone.
TTL - 14400 - TTL defines the duration in seconds that the record may be cached by client side programs. If it is set as 0, it indicates that the record should not be cached. The range is defined to be between 0 to 2147483647 (close to 68 years !) .
Class - IN - The class shows the type of record. IN equates to Internet. Other options are all historic. So as long as your DNS is on the Internet or Intranet, you must use IN.
Nameserver - ns.nameserver.com. - The nameserver is the server which holds the zone files. It can be either an external server in which case, the entire domain name must be specified followed by a dot. In case it is defined in this zone file, then it can be written as ``ns'' .
Email address - root.ns.nameserver.com. - This is the email of the domain name administrator. Now, this is really confusing, because people expect an @ to be in an email address. However in this case, email is sent to root@ns.nameserver.com, but written as root.ns.nameserver.com . And yes, remember to put the dot behind the domain name.
Serial number - 2004123001 - This is a sort of a revision numbering system to show the changes made to the DNS Zone. This number has to increment , whenever any change is made to the Zone file. The standard convention is to use the date of update YYYYMMDDnn, where nn is a revision number in case more than one updates are done in a day. So if the first update done today would be 2005301200 and second update would be 2005301201.
Refresh - 86000 - This is time(in seconds) when the slave DNS server will refresh from the master. This value represents how often a secondary will poll the primary server to see if the serial number for the zone has increased (so it knows to request a new copy of the data for the zone). It can be written as ``23h88M'' indicating 23 hours and 88 minutes. If you have a regular Internet server, you can keep it between 6 to 24 hours.
Retry - 7200 - Now assume that a slave tried to contact the master server and failed to contact it because it was down. The Retry value (time in seconds) will tell it when to get back. This value is not very important and can be a fraction of the refresh value.
Expiry - 3600000 - This is the time (in seconds) that a slave server will keep a cached zone file as valid, if it can't contact the primary server. If this value were set to say 2 weeks ( in seconds), what it means is that a slave would still be able to give out domain information from its cached zone file for 2 weeks, without anyone knowing the difference. The recommended value is between 2 to 4 weeks.
Minimum - 600 - This is the default time(in seconds) that the slave servers should cache the Zone file. This is the most important time field in the SOA Record. If your DNS information keeps changing, keep it down to a day or less. Otherwise if your DNS record doesn't change regularly, step it up between 1 to 5 days. The benefit of keeping this value high, is that your website speeds increase drastically as a result of reduced lookups. Caching servers around the globe would cache your records and this improves site performance.
SRV Record
The theory behind SRV is that given a known domain name e.g. example.com, a given service e.g. web (http) which runs on tcp in this case, a DNS query may be issued to find the host name that provides such on behalf of the domain - and which may or may not be within the domain.
Example of SRV Record with syntax
srvce.prot.name ttl class rr pri weight port target
_http._tcp.example.com. IN SRV 0 5 80 www.example.com.
srvce
Defines the symbolic service name (see IANA port-numbers) prepended with a '_' (underscore). Case insensitive. Common values are:
_http - web service
_ftp - file transfer service
_ldap - LDAP service
prot
Defines the protocol name (see IANA service-names) prepended with a '_' (underscore). Case insensitive. Common values are
_tcp - TCP protocol
_udp - UDP protocol
name
Incomprehensible description in RFC 2782. Leaving the entry blank (without a dot) will substitute the current zone root (the $ORIGIN), or you can explicitly add it as in the above _http._tcp.example.com. (with a dot).
ttl
Standard TTL parameter. For more information about TTL values.
pri
The relative Priority of this service (range 0 - 65535). Lowest is highest priority.
weight
Used when more than one service with same priority. A 16 bit unsigned integer in the range 0 - 65535. The value 0 indicates no weighting should be applied. If the weight is 1 or greater it is a relative number in which the highest is most frequently delivered i.e. given two SRV records both with Priority = 0, one with weight = 1 the other weight = 6, the one with weight 6 will have its RR delivered first 6 times out of 7 by the name server.
port
Normally the port number assigned to the symbolic service but does this is not a requirement e.g. it is permissible to define a _http service with a port number of 8100 rather than the more normal port 80.
target
The name of the host that will provide this service. Does not have to be in the same zone (domain).
TXT Record
A TXT record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework specification.
Example of TXT Record with syntax
SPF domains have to publish at least two directives: a version identifier and a default mechanism.
mydomain.com. TXT "v=spf1 -all"
This is the simplest possible SPF record: it means your domain mydomain.com never sends mail.
It makes sense to do this when a domain is only used for web services and doesn't do email.
MX servers send mail, designate them.
mydomain.com. TXT "v=spf1 mx -all"
Let's pretend mydomain.com has two MX servers, mx01 and mx02. They would both be allowed to send mail from mydomain.com.
other machines in the domain also send mail, designate them.
mydomain.com. TXT "v=spf1 mx ptr -all"
This designates all the hosts whose PTR hostname match mydomain.com.
any other machines not in the domain also send mail from that domain, designate them.
mydomain.com. TXT "v=spf1 a:mydomain.com mx ptr -all"
mydomain.com's IP address doesn't show up in its list of MX servers. So we add an "a" mechanism to the directive set to match it.
mydomain.com. TXT "v=spf1 a mx ptr -all"
This is shorthand for the same thing.
Each of your mail servers should have an SPF record also.When your mail servers create a bounce message, they will send it using a blank envelope sender: <>. When an SPF MTA sees a blank envelope sender, it will perform the lookup using the HELO domain name instead. These records take care of that scenario.
amx.mail.net. TXT "v=spf1 a -all"
mx.mail.net. TXT "v=spf1 a -all"
NAPTR Record
NAPTR records (NAPTR stands for "Naming Authority Pointer") are a newer type of DNS record that support regular expression based rewriting.
Example of NAPTR Record with syntax
$ORIGIN 3.8.0.0.6.9.2.3.6.1.4.4.e164.arpa.
NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:info@example.com!" .
NAPTR 10 101 "u" "E2U+h323" "!^.*$!h323:info@example.com!" .
NAPTR 10 102 "u" "E2U+msg" "!^.*$!mailto:info@example.com!" .
This record set maps the phone number +441632960083 onto three possible identically ordered URIs, with a preference for SIP, then H323, and finally email. In each case, the regular expression matches the full AUS (^.$), and replaces it with a URI (e.g., sip:info@example.com). As this is a terminal record, this URI is returned to the client.Though most NAPTR records replace the full AUS, it is possible for the regular expression to back-reference part of the AUS, to grab an extension number, say:
$ORIGIN 0.6.9.2.3.6.1.4.4.e164.arpa. *
NAPTR 10 100 "u" "E2U+sip""!^+441632960(.*)$!sip:\1@example.com!" .
Once the client has the URI it must be resolved using DNS, but this is no longer part of the DDDS algorithm..
wildcard DNS record
A wildcard DNS record is a record in a DNS zone file that will match all requests for non-existent domain names, i.e. domain names for which there are no records at all.
DNS (Domain Name System), is the service which translates between Internet names and Internet addresses.
Internet names are the names which we use to refer to hosts on the Internet, such as www.debianhelp.co.uk.
Internet addresses are the numbers which routers use to move traffic across the Internet, such as 211.1.13.115 and
What are DNS Records ?
DNS records or Zone files are used for mapping URLs to an IPs. Located on servers called the DNS servers, these records are typically the connection of your website with the outside world. Requests for your website are forwarded to your DNS servers and then get pointed to the WebServers that serve the website or to Email servers that handle the incoming email.
Different Types of DNS Records With Syntax and Examples
Types of DNS Records
A
AAAA
CNAME
MX
PTR
NS
SOA
SRV
TXT
NAPTR
Record Type Description
SOA Required for every domain. Stores information about DNS itself for the domain.
NS Stores information used to identify the name servers in the domain that store information for that domain.
A Stores the host name and IP address of individual hosts in the domain. This is the record used to translate host names to IP addresses
CNAME Stores additional host names, or aliases, for hosts in the domain.
MX Stores information about where mail for the domain should be delivered.
PTR Stores the IP address and host name of individual hosts in the domain. Used to translate IP addresses into host names.
Host Information (HINFO) Stores information about the hardware for specific hosts.
Well Known Services (WKS) Stores information about the various network services available from hosts in the domain.
Text Information (TXT) Stores up to 256 characters of text per line.
Responsible Person (RP) Stores information about the person responsible for the domain.
The above DNS records are mostly used in all DNS Configurations. Now we will see each one with examples.
A Record
An A record or address record.
Address Record, assigns an IP address to a domain or subdomain name. When the domain name system was designed it was recommended that no two A records refer to the same IP address.
Suppose you have the somedomain.tld domain and want to assign 10.10.0.1 IP address to your web server, then you should create an A record with "www.somedomain.tld" as Fully Qualified Domain Name and "10.10.0.1" in the value field.
From now on, all the requests for www.somedomain.tld will be sent to a server with that IP.
Basically is useful to use an A record when you have subdomains residing on various systems.
Usefultip: you might use a "*.somedomain.tld" A record to allow WHATEVER.somedomain.tld to be resolved to your IP, though a wildcard CNAME record is often better than a wildcard A record.
Example of A Record with Syntax
example.com. IN A 69.9.64.11
Where
IN indicates Internet
A indicates the Address record.
The above example indicate that the IP Address for the domain example.com is 69.9.64.11
AAAA Record
An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.
The regular DNS Address resource record is defined for a 32-bit IPv4 address, so a new one was created to allow a domain name to be associated with a 128-bit IPv6 address. The four “A”s (“AAAA”) are a mnemonic to indicate that the IPv6 address is four times the size of the IPv4 address. The AAAA record is structured in very much the same way as the A record in both binary and master file formats; it is just much larger. The DNS resource record Type value for AAAA is 28.
Example of AAAA Record with Syntax
The AAAA record is to help transition and coexistence between IPv4 and IPv6 networks.An IPv4 nameserver can provide IPv6 addresses:
linux aaaa 3ffe:1900:4545:2:02d0:09ff:fef7:6d2c
CNAME Record
A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.
You should use a CNAME record whenever you want associate a new subdomain to an already existing A record; i.e. you can make "www.somedomain.tld" to "somedomain.tld", which should already have been assigned an IP with an A record.
This allows you to have as many subdomains as you wish without having to specify the IP for every record. Use a CNAME if you have more services pointing to the same IP. This way you will have to update only one record in the convenience of a change of IP address.
Example of a CNAME record: "stuff.everybox.com CNAME www.everybox.com" where 'www.everybox.com' is an A record listing an IP address, and 'stuff.everybox.com' points to 'www.everybox.com'. It will NOT allow you to foward a domain to a specific web page. Use a webhop for that. Port numbers can be changed with webhops, as well; CNAMEs cannot change the HTTP default of 80 to any other port number.
Do not use CNAME defined hostnames in MX records. For example, this is not recommended
Example Of CNAME With syntax
mail.example.com IN CNAME mail.example.net
where
IN indicates Internet
CNAME indicates CNAME record.
MX Record
An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
Example with MX Record Syntax - Single mail servers
mydomain.com. 14400 IN MX 0 mydomain.com.
The MX record shows that all emails @ mydomain.com should be routed to the mail server at mydomain.com. The DNS record shows that mydomain.com is located at 26.34.9.14. This means that email meant for test@mydomain.com will be routed to the email server at 26.34.9.14. This finishes the task of the MX record. The email server on that server then takes over, collects the email and then proceeds to distribute it to the user ``test''.
It is important that there be a dot(``.'') after the domain name in the MX record. If the dot is absent, it routes to ``mydomain.com.mydomain.com''. The number 0, indicates Preferance number. Mail is always routed to the server which has the lowest Preferance number. If there is only one mail server, it is safe to mark it 0.
Using Multiple mail servers
If you want to use multiple mail servers you have to use MX record preferences.The MX record preference values indicate which mail server to use and in which order to try them when they fail or don't respond. A larger preference number is less preferred. Thus, a mail exchanger with a preference of zero (0) is always preferred over all other mail exchangers. Setting preference values to equal numbers makes mail servers equally preferred.
Example with MX Record Syntax - Multiple mail servers
mydomain.com. 14400 IN MX 0 mydomain.com.
mydomain.com. 14400 IN MX 30 server2.mydomain.com
You can have unlimited MX entries for Fallback or backup purpose.If all the MX records are equal Preference numbers, the client simply attempts all equal Preference servers in random order, and then goes to MX record with the next highest Preference number.
PTR Record
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address. For example www.name.net has the IP address 122.0.3.16, but a PTR record maps 16.3.0.122.in-addr.arpa.
Example of PTR Record with syntax
16.3.0.122.in-addr.arpa. IN PTR name.net
Here as you see the IP Address is reversed and added with in-addr.arpa and this has come to the left side while the actual domain name has gone to right side of IN PTR.
This is mostly used as a security and an anti-spam measure wherein most of the webservers or the email servers do a reverse DNS lookup to check if the host is actually coming from where it claims to come from. It is always advisable to have a proper reverse DNS record (PTR) is been setup for your servers especially when you are running a mail / smtp server.
NS Record
An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.
NS Record Name Server Record which indicates the Authoritative Name Servers for a particular Domain. The NS records of the Authoritative Name Server for any given Domain will be listed on the Parent Server. These are called as the Delegation Records as these records on the Parent Server indicates the delegation of the domain to the Authoritative servers.
The NS record will also be listed in the Zone records of the Authoritative Name Server itself. These records are called as the Authoritative Records.
The NS records found on the Parent Server should match the NS records on the Authoritative Server as well. However, you can have NS records listed on the Authoritative server that is not listed in the Parent Server. This arrangement is normally used to configure Stealth Name Servers.
Example of NS Record With syntax
example.com. IN NS ns1.live.secure.com.
where
IN indicates the Internet
NS indicates the type of record which Name Server record
The above indicates that the ns1.live.secure.com is the authoritative server for the domain example.com
SOA Record
An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
An SOA(State of Authority) Record is the most essential part of a Zone file. The SOA record is a way for the Domain Administrator to give out simple information about the domain like, how often it is updated, when it was last updated, when to check back for more info, what is the admins email address and so on. A Zone file can contain only one SOA Record.
A properly optimized and updated SOA record can reduce bandwidth between nameservers, increase the speed of website access and ensure the site is alive even when the primary DNS server is down.
Example of SOA Record with syntax
Here is the SOA record. Notice the starting bracket ``(``. This has to be on the same line, otherwise the record gets broken.
; name TTL class rr Nameserver email-address
mydomain.com. 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (
2004123001 ; Serial number
86000 ; Refresh rate in seconds
7200 ; Update Retry in seconds
3600000 ; Expiry in seconds
600 ; minimum in seconds )
name - mydomain.com is the main name in this zone.
TTL - 14400 - TTL defines the duration in seconds that the record may be cached by client side programs. If it is set as 0, it indicates that the record should not be cached. The range is defined to be between 0 to 2147483647 (close to 68 years !) .
Class - IN - The class shows the type of record. IN equates to Internet. Other options are all historic. So as long as your DNS is on the Internet or Intranet, you must use IN.
Nameserver - ns.nameserver.com. - The nameserver is the server which holds the zone files. It can be either an external server in which case, the entire domain name must be specified followed by a dot. In case it is defined in this zone file, then it can be written as ``ns'' .
Email address - root.ns.nameserver.com. - This is the email of the domain name administrator. Now, this is really confusing, because people expect an @ to be in an email address. However in this case, email is sent to root@ns.nameserver.com, but written as root.ns.nameserver.com . And yes, remember to put the dot behind the domain name.
Serial number - 2004123001 - This is a sort of a revision numbering system to show the changes made to the DNS Zone. This number has to increment , whenever any change is made to the Zone file. The standard convention is to use the date of update YYYYMMDDnn, where nn is a revision number in case more than one updates are done in a day. So if the first update done today would be 2005301200 and second update would be 2005301201.
Refresh - 86000 - This is time(in seconds) when the slave DNS server will refresh from the master. This value represents how often a secondary will poll the primary server to see if the serial number for the zone has increased (so it knows to request a new copy of the data for the zone). It can be written as ``23h88M'' indicating 23 hours and 88 minutes. If you have a regular Internet server, you can keep it between 6 to 24 hours.
Retry - 7200 - Now assume that a slave tried to contact the master server and failed to contact it because it was down. The Retry value (time in seconds) will tell it when to get back. This value is not very important and can be a fraction of the refresh value.
Expiry - 3600000 - This is the time (in seconds) that a slave server will keep a cached zone file as valid, if it can't contact the primary server. If this value were set to say 2 weeks ( in seconds), what it means is that a slave would still be able to give out domain information from its cached zone file for 2 weeks, without anyone knowing the difference. The recommended value is between 2 to 4 weeks.
Minimum - 600 - This is the default time(in seconds) that the slave servers should cache the Zone file. This is the most important time field in the SOA Record. If your DNS information keeps changing, keep it down to a day or less. Otherwise if your DNS record doesn't change regularly, step it up between 1 to 5 days. The benefit of keeping this value high, is that your website speeds increase drastically as a result of reduced lookups. Caching servers around the globe would cache your records and this improves site performance.
SRV Record
The theory behind SRV is that given a known domain name e.g. example.com, a given service e.g. web (http) which runs on tcp in this case, a DNS query may be issued to find the host name that provides such on behalf of the domain - and which may or may not be within the domain.
Example of SRV Record with syntax
srvce.prot.name ttl class rr pri weight port target
_http._tcp.example.com. IN SRV 0 5 80 www.example.com.
srvce
Defines the symbolic service name (see IANA port-numbers) prepended with a '_' (underscore). Case insensitive. Common values are:
_http - web service
_ftp - file transfer service
_ldap - LDAP service
prot
Defines the protocol name (see IANA service-names) prepended with a '_' (underscore). Case insensitive. Common values are
_tcp - TCP protocol
_udp - UDP protocol
name
Incomprehensible description in RFC 2782. Leaving the entry blank (without a dot) will substitute the current zone root (the $ORIGIN), or you can explicitly add it as in the above _http._tcp.example.com. (with a dot).
ttl
Standard TTL parameter. For more information about TTL values.
pri
The relative Priority of this service (range 0 - 65535). Lowest is highest priority.
weight
Used when more than one service with same priority. A 16 bit unsigned integer in the range 0 - 65535. The value 0 indicates no weighting should be applied. If the weight is 1 or greater it is a relative number in which the highest is most frequently delivered i.e. given two SRV records both with Priority = 0, one with weight = 1 the other weight = 6, the one with weight 6 will have its RR delivered first 6 times out of 7 by the name server.
port
Normally the port number assigned to the symbolic service but does this is not a requirement e.g. it is permissible to define a _http service with a port number of 8100 rather than the more normal port 80.
target
The name of the host that will provide this service. Does not have to be in the same zone (domain).
TXT Record
A TXT record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework specification.
Example of TXT Record with syntax
SPF domains have to publish at least two directives: a version identifier and a default mechanism.
mydomain.com. TXT "v=spf1 -all"
This is the simplest possible SPF record: it means your domain mydomain.com never sends mail.
It makes sense to do this when a domain is only used for web services and doesn't do email.
MX servers send mail, designate them.
mydomain.com. TXT "v=spf1 mx -all"
Let's pretend mydomain.com has two MX servers, mx01 and mx02. They would both be allowed to send mail from mydomain.com.
other machines in the domain also send mail, designate them.
mydomain.com. TXT "v=spf1 mx ptr -all"
This designates all the hosts whose PTR hostname match mydomain.com.
any other machines not in the domain also send mail from that domain, designate them.
mydomain.com. TXT "v=spf1 a:mydomain.com mx ptr -all"
mydomain.com's IP address doesn't show up in its list of MX servers. So we add an "a" mechanism to the directive set to match it.
mydomain.com. TXT "v=spf1 a mx ptr -all"
This is shorthand for the same thing.
Each of your mail servers should have an SPF record also.When your mail servers create a bounce message, they will send it using a blank envelope sender: <>. When an SPF MTA sees a blank envelope sender, it will perform the lookup using the HELO domain name instead. These records take care of that scenario.
amx.mail.net. TXT "v=spf1 a -all"
mx.mail.net. TXT "v=spf1 a -all"
NAPTR Record
NAPTR records (NAPTR stands for "Naming Authority Pointer") are a newer type of DNS record that support regular expression based rewriting.
Example of NAPTR Record with syntax
$ORIGIN 3.8.0.0.6.9.2.3.6.1.4.4.e164.arpa.
NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:info@example.com!" .
NAPTR 10 101 "u" "E2U+h323" "!^.*$!h323:info@example.com!" .
NAPTR 10 102 "u" "E2U+msg" "!^.*$!mailto:info@example.com!" .
This record set maps the phone number +441632960083 onto three possible identically ordered URIs, with a preference for SIP, then H323, and finally email. In each case, the regular expression matches the full AUS (^.$), and replaces it with a URI (e.g., sip:info@example.com). As this is a terminal record, this URI is returned to the client.Though most NAPTR records replace the full AUS, it is possible for the regular expression to back-reference part of the AUS, to grab an extension number, say:
$ORIGIN 0.6.9.2.3.6.1.4.4.e164.arpa. *
NAPTR 10 100 "u" "E2U+sip""!^+441632960(.*)$!sip:\1@example.com!" .
Once the client has the URI it must be resolved using DNS, but this is no longer part of the DDDS algorithm..
wildcard DNS record
A wildcard DNS record is a record in a DNS zone file that will match all requests for non-existent domain names, i.e. domain names for which there are no records at all.
Subscribe to:
Posts (Atom)