Showing posts with label dns. Show all posts
Showing posts with label dns. Show all posts

Sunday, December 29, 2019

Understanding DNS setting

What is an MX Record

MX stands for Mail Exchange Records. MX records are used in DNS records(or Zone files) to specify how email should be routed.
Lets take an example of say liz@mydomain.com.
This is how a typical DNS record(for mydomain.com) looks like. 
;
; Zone file for mydomain.com
 
 
 
 
 
 
 
 
 
@ 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (
                       109157199 
                       86000 
                       7200 
                       3600000 
                       600 ) 
mydomain.com. 14400 IN NS ns.mynameserver.com. 
mydomain.com. 14400 IN NS ns2.mynameserver.com. 
mydomain.com. 14400 IN NS ns3.mynameserver.com.
 
; A Record
mydomain.com. 14400 IN A 216.34.94.184
 
localhost.mydomain.com. 14400 IN A 127.0.0.1
 
; MX record
mydomain.com. 14400 IN MX 0 mydomain.com. 
 
mail 14400 IN CNAME mydomain.com. 
www 14400 IN CNAME mydomain.com. 
ftp 14400 IN CNAME mydomain.com. 
 
Notice the line with the ``MX'' in it. This is called the MX record. 
mydomain.com. 14400 IN MX 0 mydomain.com.
The MX record shows that all emails @ mydomain.com should be routed to the mail server at mydomain.com. The DNS record shows that mydomain.com is located at 216.34.94.184. This means that email meant for liz@mydomain.com will be routed to the email server at 216.34.94.184. This finishes the task of the MX record. The email server on that server(say sendmail) then takes over, collects the email and then proceeds to distribute it to the user ``liz''.
It is important that there be a dot(``.'') after the domain name in the MX record. If the dot is absent, it routes to ``mydomain.com.mydomain.com''. The number 0, indicates Preferance number. Mail is always routed to the server which has the lowest Preferance number. If there is only one mail server, it is safe to mark it 0.

Multiple mail servers

Multiple email servers are useful for the sake of redundancy. If the Highest Priority email server (one with the lowest Preference number) is down, then the email is routed to the Server with the second highest Preference number.
For example 
mydomain.com. 14400 IN A 216.34.94.184
server2.mydomain.com. 14400 IN A 216.34.94.185
mydomain.com. 14400 IN MX 0 mydomain.com. 
mydomain.com. 14400 IN MX 30 server2.mydomain.com.
You can have unlimited MX entries for Fallback.
If all the MX records are equal Preference numbers, the client simply attempts all equal Preference servers in random order, and then goes to MX record with the next highest Preference number.

Pointing MX records to an IP

Its not possible to have an MX record pointing directly to an IP. For example 'mydomain.com. 14400 IN MX 0 216.34.94.184`` is wrong. Define an ``A Record'' first and then have the MX record pointing to it. 
server2.mydomain.com. 14400 IN A 216.34.94.185
mydomain.com. 14400 IN MX 30 server2.mydomain.com.

MX records for Subdomains

A Subdomain is something like this ``Subdomain.mydomain.com''. Assume you want to send an email to liz@subdomain.mydomain.com and to capture that on another server. 
mydomain.com. 14400 IN A 216.34.94.184
server2.mydomain.com. 14400 IN A 216.34.94.185
mydomain.com. 14400 IN MX 30 mydomain.com. 
subdomain.mydomain.com. 14400 IN MX 30 server2.mydomain.com.
In this configuration, liz@subdomain.mydomain.com would go to 216.34.94.185 and liz@mydomain.com would go to 216.34.94.184.

Testing the MX record

Once you setup your MX record, always test it to see if it is setup correctly. You can do with tools like nslookup. 
[root@localhost sangeetha]# nslookup
> set q=mx 
> yahoo.com 
Server: 192.168.1.1 Address: 192.168.1.1#53
Non-authoritative answer: 
yahoo.com mail exchanger = 1 mx1.mail.yahoo.com. 
yahoo.com mail exchanger = 1 mx2.mail.yahoo.com. 
yahoo.com mail exchanger = 1 mx3.mail.yahoo.com. 
yahoo.com mail exchanger = 5 mx4.mail.yahoo.com.
Authoritative answers can be found from: 
yahoo.com nameserver = ns2.yahoo.com. 
yahoo.com nameserver = ns3.yahoo.com. 
yahoo.com nameserver = ns4.yahoo.com. 
yahoo.com nameserver = ns5.yahoo.com. 
yahoo.com nameserver = ns1.yahoo.com. 
mx1.mail.yahoo.com internet address = 4.79.181.14 
mx1.mail.yahoo.com internet address = 4.79.181.15 
mx1.mail.yahoo.com internet address = 67.28.113.10 
mx1.mail.yahoo.com internet address = 67.28.113.11 
ns1.yahoo.com internet address = 66.218.71.63 
ns2.yahoo.com internet address = 66.163.169.170 
ns3.yahoo.com internet address = 217.12.4.104 
ns4.yahoo.com internet address = 63.250.206.138 
ns5.yahoo.com internet address = 216.109.116.17

- No comments:
Labels: , , , , , , ,

Thursday, May 17, 2007

Network security - Firewall setting

You probably know that you need firewall security; in fact, you may even already have a firewall management program in place. But what exactly is firewall security, and what does firewall management entail?

The word firewall originally referred literally to a wall, which was constructed to halt the spread of a fire. In the world of computer firewall protection, a firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. It is analogous to a physical firewall in the sense that firewall security attempts to block the spread of computer attacks.


How Does Firewall Management Work?

A firewall management program can be configured one of two basic ways:

* A default-deny policy. The firewall administrator lists the allowed network services, and everything else is denied.
* A default-allow policy. The firewall administrator lists network services which are not allowed, and everything else is accepted.

A default-deny approach to firewall security is by far the more secure, but due to the difficulty in configuring and managing a network in that fashion, many networks instead use the default-allow approach. Let's assume for the moment that your firewall management program utilizes a default-deny policy, and you only have certain services enabled that you want people to be able to use from the Internet. For example, you have a web server which you want the general public to be able to access. What happens next depends on what kind of firewall security you have.

Below is a firewall security script, has been tested with Kerio Personal Firewall, may this rule can accepted to others firewall:

LSA Shell (lsass.exe) -> Ask - Permit - Ask - Ask
Windows NT Logon Application (winlogon.exe) -> Ask - Permit - Ask - Ask (log)
Userinit Logon Application (userinit.exe) -> Ask - Permit - Ask - Ask
Generic Host Process (svchost.exe) -> Ask - Permit - Ask - Ask (log)
Microsoft File & Printer Sharing -> Deny All (For LAN can be: Ask - Permit - Ask - Ask)
Any Other Application -> Deny - Ask - Deny - Ask (log & alert). invisible mode
Internet Browser Application -> ask - deny - deny - permit (log)
Kaspersky AntiVirus/ Kaspersky Internet Security -> ask - deny - deny - permit (log)
FTP Manager Application -> permit - permit - permit - permit (log & alert)
Yahoo Messenger -> deny - ask - deny - permit (log & alert)


Below is the rule script for Filter packet in Ferio Firewall or Tiny firewall and may can accepted to others firewall:

RULE 1
Description: ISP Domain Name Server Any App UDP
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: IP number (Your ISP DNS server)
Port type: Single
Port number: 53
Action PERMIT

RULE 2
Description: Other DNS
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Single
Port number: 53
Action DENY

RULE 3
Description: Back Orifice Block (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 54320,54321,31337
Remote Address Type: Any
Port type: Any
Action DENY

RULE 4
Description: Netbus Block (Logged)
Protocol: TCP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 12456,12345,12346,20034
Remote Address Type: Any
Port type: Any
Action DENY

RULE 5
Description: RPCSS (Logged)
Protocol: UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 135
Remote Address Type: Any
Port type: Any
Action DENY

RULE 6
Description: Block Low Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 1
Last port number: 79
Remote Address Type: Any
Port type: Any
Action DENY

RULE 7
Description: Block High Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 5000
Last port number: 65535
Remote Address Type: Any
Port type: Any
Action DENY

RULE 8
Description: Block Outbound Unauthorized Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
Nb: Kaspersky Antivirus 6 & Kaspersky Internet Security 6 usage, the remote port address choose Any)

RULE 9
Description: Block Inbound Unknown Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

RULE 10
Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY

RULE 11
Description: In Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY

RULE 12
Description: Out Block Ping and Trace Route ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY

RULE 13
Description: Block Common Ports (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports:
113,79,21,80,443,8080,143,110,25,23,22,42,53,98
Remote Address Type: Any
Port type: Any
Action DENY

RULE 14
Description: Loopback
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: 127.0.0.1
Port type: Any
Action PERMIT

RULE 15
Description: Block Inbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

RULE 16
Description: Block Outbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Port/Range
First Port: 137
Last Port: 139
Action DENY

RULE 17
Description: Bootpc (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 68
Remote Address Type: Any
Port type: Any
Action DENY

RULE 18
Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT

RULE 19
Description: In Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT

RULE 20
Description: Internet Explorer-Web browsing (logged)
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => iexplore.exe
Remote Address Type: Any
Port type: Any
List of ports: Any
Action PERMIT

RULE 21
Description: Outlook Express
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => msimn.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 25,110,119,143
Action PERMIT

RULE 22
Description: Yahoo Messenger
Protocol: TCP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => yahoomessenger.exe
Remote Address Type: Any
Port Type: List of ports
List of ports: 443,80,5050
Action PERMIT

RULE 23
Description: Yahoo Messenger
Protocol: UDP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => yahoomessenger.exe
Remote Address Type: Any
Port Type: single
List of ports: 3478
Action PERMIT

RULE 24
Description: Download Manager (logged)
Protocol: TCP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => (your download manager file)
Remote Address Type: Any
Port Type: List of ports
List of ports: 80,21
Action PERMIT


For filter packet setting on Local Area Network (LAN) can added with below rule script to allow NetBIOS access at specific port:

RULE 15a
Description: Trusted Inbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Any
Action PERMIT

RULE 16b
Description: Trusted Outbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Port/Range
First Port: 137
Last Port: 139
Action PERMIT

- No comments:
Labels: , , , , , , , , , , ,

Wednesday, May 2, 2007

SMTP Investigation for Telkom adsl connection


Investigate SMTP Connection for TELKOM ADSL :

Below is a FAQ to investigate SMTP Relay, smtp.telkom.net. Follow this step to do smtp investigation:

1. Run test nslookup to the smtp telkom server :








IP not found from smtp.telkom.net?, check your DNS number, don’t know your DNS number ? You can asked what’s the DNS number for your telkom connection to astinet customer service (147).

2. Run ping to smtp server :



When your ping results is RTO (Request Time Out), that’s means your computer/network is unconnected with telkom server. You have to checked your adsl connection or adsl modem indicator. ADSL indicator lamps is blink that’s mean no adsl signal to your modem or cannot login.

3. Tracert into smtp server :


Tracert result display is indicated server found.



4. Test send email via telnet :



Sending email via telnet, used for tested into smtp telkom.net server. Do this test if sending mail via Outlook express failed.

Above picture is a Linux testing result, for the process step you can do via cmd (command prompt) windows, but the words that you type is disappear.

If you see the above picture result, that’s means sending email via telnet is successful, but send mail using Outlook Express almost failed, Had to checked your Outlook express software.

If all step had been done, but cannot send mail, check from your server side :

1. Are your server using Firewall ?
2. Check your ADSL configuration, do not block smtp (25 port)
3. Do you have anothers application problem with your server ?, example : wingate ?

Note for wingate had special configuration for SMTP mail server, check your wingate configuration.


Technorati Cosmos: other blogs commenting on this post


- No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)

Linux Software RAID

Introduction The main goals of using redundant arrays of inexpensive disks (RAID) are to improve disk data performance and provide data re...

  • My Visitor
    This site started on Wednesday, May 2, 2007, This site is talking about the Computer Technology, networking, gadgets and others regarding t...
  • Blog reaction exchange
    The intention of tagged train or exchange link is to increase your Technorati rating as well as your Google PR and other search engines. Tha...
  • Computer threat - continued
    Another threat to the computer and network as follows: Denial of Service (DoS) This type entangling the hacker and or a certain party to sen...