Im using DNS filter in a LogStash's pipeline.
From official DOC nameserver has to be an array:
dns {
nameserver => {
address => [ "8.8.8.8", "8.8.4.4" ]
}
If not set, logstash will use /etc/resolv.conf
I need to read the nameserver addresses from file because they can be changed from my Frontend Application.
Im generating a dns.yml file but I don't know how to force dns filter to use my dictionary.
Is it possible?
Related
I'd like to setup a Caddy server where the subdomain is static but the domain part is "wildcard", such as "api.*"
From my understanding of Caddy, the wildcard is possible for one part of the full domain (*.domain.com matches bar.domain.com but not foo.bar.domain.com).
Moreover, this configuration would automatically create a SSL certificates (which Caddy does in general, but I'm not sure here) for any new DNS entry that points to my server with a domain starting with "api.*".
The "*" here would be the domain directly, not any subdomain (it would work for api.domain.com, but not for api.foo.domain.com).
Is this something possible using a simple Caddy command (such as api.* { ... }, which I tried without luck), or does it need a more complex implementation?
Thank you for your help!
I found a working solution with the help of the Caddy Community.
Here's the code :
{
on_demand_tls {
ask https://static.site.com/domain/verify
interval 2m
burst 5
}
}
static.site.com {
...
}
:443 {
tls {
on_demand
}
// Your custom config, for instance:
reverse_proxy * ...
}
The nifty part is the tls { on_demand } part for your generic HTTPS, which will create a certificate automatically. But, this can be abused by anyone that points one of their DNS entry to your server.
So to avoid that, the Caddy community highly recommends you to set a on_demand_tls that will query an endpoint, and allow the SSL certificate to be created only if that endpoint returns true.
NOTE: The ask is a GET request that DO NOT FOLLOW redirects! Anything but a 200 status code will be considered a failure, even a 3xx!
The ask url will have the ?domain appended and will allow you to verify that domain against your logic, such as custom value in the domain like "starting by static.*", and verify that the domain exists in your database (for example).
If your URL already contains some query parameter, don't worry, Caddy is clever enough to add them. (https://static.site.com/domain/verify?some=query will become https://static.site.com/domain/verify?some=query&domain={domain}.
Caddy support https for the ask parameter, and that URL can also be external with no problems at all (no need for localhost or local server configuration).
I met the same problem, and after 1 day's stucking, here is my solution:
Assuming the site name is: site.com, and I want caddy handle these domains for me:
a.dot.site.com
b.dot.site.com
c.dot.site.com
a.eth.site.com
b.eth.site.com
c.eth.site.com
1.make sure you set SSL access available. e.g. via cloudflare:
2.set the A address pointing to your Caddy server's IP.
2.Caddy file should looks like:
# the key is: you have to list all the patterns for your multiple subdomains
*.site.com *.eth.site.com *.dot.site.com {
reverse_proxy 127.0.0.1:4567
log {
output file /var/log/access-wildcard-site.com.log
}
tls {
dns cloudflare <your cloud flare api key>
}
}
I want to know the IP of a public domain name like stackoverflow.com e.g. using my esp8266.
I know there is a method WiFi.hostByName("www.stackoverflow.com",IP);
But this does not allow me to specify a particular specified DNS like 8.8.8.8
And I don't want to connect my esp8266 by specifying a primary and secondary DNS, instead it will get these info automatically from the router.
I want this procedure to overcome an issue with my esp8266. So I need to get the IP from a specified DNS server.
I have seen this interesting library but it uses EthernetUDP which I shouldn't be dealing with.
I tried the following :
#include <Dns.h>
#include <ESP8266WiFi.h>
void setup() {
WiFi.begin("SSID", "password");
DNSClient dnClient;
IPAddress IPtofind;
const IPAddress DNS_IP( 8, 8, 8, 8 );
dnClient.begin( DNS_IP );
if(dnClient.getHostByName("stackoverflow.com", IPtofind) == 1) {
Serial.println(IPtofind);
}
else Serial.print(F("dns lookup failed"));
}
but the compiler complains about
static void EthernetClass::begin(uint8_t*, IPAddress, IPAddress, IPAddress, IPAddress)
and it has the right for that.
Do you have any simple solution ?
It really should be simple I feel !
The esp8266 core for Arduino doesn't have setDNS like the WiFi libraries from Arduino, even if it should have the same API.
To set the DNS server without static IP configuration to change the DNS obtained by DHCP, you could use the espconn_dns_setserver function of the underlying SDK.
I have created an Application Gateway that needs to fulfill the working of my previous Resource (F5).
As a listener I use a hostname: hostname.stackoverflow.com that listens on 443
As a Http Setting I am using a specific port being 4443
As a BackEnd pool I use the URL/FQDN of my dev VM.
This totally works If i create a VM in the VNET and add "hostname.stackoverflow.com" to the hosts file with the ip of the application gateway.
Now I want to get a little further and add paths to my Application Gateway.
The goal is that if I use "hostname.stackoverflow.com" I need to redirect this to "Hostname.stackoverflow.com/login.aspx?guestlogin".
As far I have tried the following.
Add the "/login.aspx?guestLogin" to the HTTPS settings like this.
When I try this inside my VM. The URL changes but the path that I added there was not added in the right way, This is what I got:
So That made me think override backend path is maybe not the right way to do this.
Wanted To create a Redirection Rule That will redirect my "hostname.stackoverflow.com" to the "hostname.stackoverflow.com/login.aspx?guestLogin" But in the settings of the Application Gateway I need to provide a source path (meaning: I can not redirect from an empty hostname to a new url I think)
I am very new to Azure and even more new to the Application Gateway. Is there something that I did wrong. Is there a better way to do this ?
The iRule that I need to get in Application Gateway is as followed.
if { [string tolower [HTTP::host]] equals "hostname.stackoverflow.com" } {
if {[HTTP::path] eq "/"} {
HTTP::redirect "login.aspx?guestLogin"
}
elseif {[string tolower [HTTP::uri]] starts_with "/login.aspx?id="} {
set tail [string range [HTTP::uri] 12 end]
HTTP::redirect "login.aspx?guestLogin&$tail"
}
pool default.pool
}
I am using libresolv library to create an application which takes DNS server names in command line arguments and query host names to this specific DNS server.
_res.nsaddr_list[0].sin_family = AF_INET;
_res.nsaddr_list[0].sin_addr.s_addr = inet_addr(argv[2]);
_res.nsaddr_list[0].sin_port = htons(NS_PORT);
_res.nscount = 1;
res_init ();
l = res_query(argv[1], ns_c_any, ns_t_a, nsbuf, sizeof(nsbuf));
This works for local DNS servers if used. But when I try to pass 8.8.8.8 (google nameserver) res_query always returns -1.
I searched something similar on net and found res_init loads /etc/resolv.conf. Which I do notwant. I want to override resolv.conf and tell resolver to use user entered name server to be used.(Which fails for google server)
What steps do I have to take to configure my sendmail server to implement domainkeys properly?
Also what do I have to do on the DNS end?
There are detailed descriptions on the web. For example:
http://www.elandsys.com/resources/sendmail/domainkeys.html
http://www.erikberg.com/notes/milters.html
http://www.technoids.org/dk-milter.html/
I had success with dkfilter.
On the dns side you need to setup 3 TXT entries:
(blank).domain.com value="YOUR-SPF-CODE-HERE"
(get your spf code at openspf.org)
_sldomain.domain.com value="o=~"
yourselector._sldomain.domain.com value="YOUR-PUBLIC-DOMAIN-KEY"
Generate your public domain key like shown in this tutorial:
http://www.howtoforge.com/postfix_dkfilter_domain_keys_implementation
Download dkfilter here:
http://jason.long.name/dkfilter/