This might be a tricky question but I'd like to forward a domain to a website that's currently hosted on an IP address on a different port.
This website is not operated so I have no control over the port number.
Specifically http://chaincoinexplorer.com
Should load up this: http://104.238.153.140:3001/
Currently it just redirects. But that's not good enough, and neither is stealth forwarding or iframes or anything of that sort.
If it's impossible through dns or similar, I can just clone the website. But I'd like to make sure there is absolutely no better way.
You can not use DNS to map the request to another port: browser only use DNS to map the hostname to an IP address. So, you MUST use a redirect, as you have done.
Related
I was wondering about security with setting up a domain for WAMP / XAMPP.
Lets say that I want to publish website hosted on my PC with WAMP or XAMPP.
So, I have to register a domain.. and set it in WAMP / XAMPP. But, what would happen, if I set some already used domain in WAMP? For example if I set stackoverflow.com, which is already registered. What would happen? I guess that people will not see my website, but this one (stackoverflow), but how does WAMP or XAMPP recongnise that it is my website?
I am begginer with this matter, so please, dont be angry if its something obious :)
I think you are forgetting about DNS Servers and what they do.
When your browser see's any domain name you enter in the address bar, it goes to a DNS Server and asks, "Please give me the IP address for this domain name". Domain names are only there for us humans as its easier to remember stackoverflow.com than it is to remember an ip address, and that gets even more difficult for us to remember if it is on the IPV6 network.
So unless you can get all the DNS Servers in the universe changed to point the domain name stackoverflow.com to your routers external IP you wont effect anything by setting WAMP or XAMPP to use any existing domain name.
But lets say you do set WAMP/XAMPP to use an existing domain name. You would amend your HOSTS file to tell the Browser where to find that domain like this
127.0.0.1 localhost
127.0.0.1 stackoverflow.com
::1 localhost
::1 stackoverflow.com
This has the effect of seeding the local machines DNS Cache with these addresses. Now the browser will always check the DNS Cache before committing to the expence of asking a DNS Server to get the ip address, so your browser thinks that stackoverflow.com lives on your PC i.e. for IPV4 127.0.0.1 or for IPV6 ::1
All this will do is stop you getting to the real stackoverflow.com because the browser will attempt to connect to 127.0.0.1 every time you use stackoverflow.com as a domain name in the browser address bar instead of going to the real ip address for SO.
Reply to your comment
When you register a domain, you normally get access to an admin panel of some sort, where you set the ip address to use for this domain. This will set the DNS Server of who you purchased the domain from and this is then automatically propergated to all top level DNS Servers.
At that point you would set this to the External IP/WAN IP address of your router.
But be aware, if your ISP allocates IP addresses to you dynamically i.e. not a Static IP address you cannot do this, as your ISP Allocated IP Address is liable to change over time.
As a final note
WAMPServer and XAMPP are designed to be single seat developer tools and not LIVE Servers. That is not to say that the Apache in them is somehow less capable but that there is so much more to securing a web site than first meats the eye.
Also, you may not realise, but a Windows desktop OS is not a good target to run a live web server on. They are configured to be clients and as such have various limitations, mainly that a desptop OS can only manage around 20-30 external connections MAX. So if your site actually takes off, you are going to have a lot of complaints about the speed and accessibility of your site.
This destop limitation cannot be reconfigured.
Google has multiple servers at multiple locations. When I search Google in my web browser, how does the DNS map this name to the corresponding IP address? Google has multiple servers in multiple locations with separate IPs. Is a load balancer used first?
A couple of different approaches are used:
Geographic DNS
When a request comes in for a domain name, the DNS server looks at the IP address making the request and returns an IP address of a nearby server.
Some complicated extensions are required to deal with large shared caching DNS servers (like ISP nameservers), but that's the general idea.
Anycast DNS
Anycast is a weird routing trick where a single IP range can be advertised by multiple ASes. This will cause requests to an IP address in that range to be routed to whichever server is closest.
If a DNS server is hosted on an anycast IP, different instances of that server can be configured to return different IPs. This can be used as a computationally easier alternative to geographic DNS.
Anycast HTTP
If anycast can be used to route DNS to the closest server, why not just go to the next step and use it to route HTTP as well?
(It turns out there's a reason why you usually don't want to do this: Routing changes can break a HTTP connection. This doesn't affect DNS as it's usually used over UDP. Cloudflare does it anyway, though, and it usually works fineā¦ YMMV.)
In large scale reverse proxy server is usually used for this purpose and it can do various tasks including load balancing as well. To the client it appears that you connect only to one server while reverse proxy hides servers behind it.
In small scale you can do similar things just with DNS settings mapping different domain names to different IP addresses. See this article
Reading a lot about servers, load balancing and similar topics, a question came to mind.
DNS servers are servers which gives you the IP for a given domain name. Is there a "dictator" knowing all the valid DNS servers in the world? If I want to make a DNS server, and someone requests a website it doesn't have. How would it know which other DNS to redirect the request to? What if I tell facebook.com to have a spoof IP, and everyone getting the IP from my DNS server would be communicating with a spoof facebook server? Obviously, this isn't how it works (at least not at a big degree), because then someone would have done it already to attack hundreds of people.
When one registers a domain, one has to specify the name server for that domain. What happens during this process? Is a request sent to this DNS server to notify it there is a new domain to save in the database? If so, how can anyone own the top domains like .com? And why cannot I for example make my own top domain name if I can make my own DNS server?
After looking at nginx as a load balancing system, I'm starting to wonder a bit. Is it so that a request to http://www.google.com/ works like this? The computer asks a DNS server for the IP address for google.com, and then requests it? This will only be one IP, and all requests to Google ends up at this one server? And then this IP will be connected to a nginx server, or a more basic hardware unit to route the request internally to other servers? So all requests go to one server before it redirects the request to a data center?
After looking up google.com, it says the name servers are ns1.google.com etc.. But what is the point of them, if you need a different name server to get to ns1.google.com in the first place?
Obviously what I've written doesn't make sense, because if it were true, the web as a whole would be unusable because of people exploiting the possibilities for malicious causes. And I can't imagine how ONE server could handle ALL the requests thrown at google.com.
I've tried searching Google, but all I get is theoretical explanations that led me to where I am now. It would have been great if someone would point me to some articles that explain this thoroughly, and hopefully a lot of other people will find this question useful.
Anyone can run a DNS server, but the challenge is getting someone to use it. Normally the DNS server IP is provided as a DHCP option or is statically assigned. If you can get someone to use your server, you can return any IP for any hostname, including creating new top-level domains (subject to any filtering at the client, of course. Web browsers might have difficulty with a new TLD, for example). Note that with DNSSEC, this will eventually change, as the name record will be digitally signed and your server won't be able to fake the signature exactly.
DNS servers operate in a tree. When one server receives a request for a domain it does not control, it forwards the request on to another DNS server. The other DNS server may be the one which returns the IP (this is called the authoritative server), or it may return a NS record which points to another server which then must be queried. The DNS root servers provide for resolving TLDs.
A DNS server does not need to always return the same IP for a given name. It may choose to return a different IP based on region, client IP, or even per-request. This is the most typical way to load balance. Multiple DNS servers can also load balance the DNS requests by using anycast routing, where many servers share the same public IP and traffic is routed to them randomly by publishing multiple routes for the same IP.
I have a couple EC2 instances behind an Elastic Load Balancer. These instances serve HTTP requests for a single web site. I recently started looking at the HOST header of the traffic, because I am planning to split my app into virtual hosts.
With some regularity (dozens of times a day), I log a request for a host name that is totally unrelated to my servers. As a couple examples, today I saw requests with the host names ad.adserverplus.com and r1---sn-upfn-hp5e.c.youtube.com. I looked these up and the IP addresses are not the same as any of my servers, nor of the ELB, so I am trying to develop a theory as to how this happens.
I realize that someone could be spoofing the host header, but it happens often enough that I am pretty sure this is not what is going on. My other idea is that somehow there is stale DNS data that just happens to resolve one of those hosts to my IP address, but again this seems like it could happen once in a great while but not regularly. What are some other possibilities, and how might I verify / discredit them?
EDIT
I looked at some of the unexpected host names today, and it seems that they actually do resolve to an IP that is one of the possible IPs that my domain apex resolves to. I use Route 53 for DNS, and I have the zone apex pointed to the ELB, so when I query the IP address for my domain, I get different answers depending on when I ask. So this makes me very curious, how do these IP addresses get assigned to me and how does EC2 make sure they are not co-opting an IP address that someone else is already using.
There are any number of reasons for this. First you should understand that the public host name for your EC2 instances and load balancers have likely been used before. If you have an elastic IP associated with your load balancer, it has also probably been used before.
As such you can get traffic to your servers that is intended for a previous tenant of that hostname of IP address that you are currently using.
One thing you can do is to configure your web servers to reject traffic (respond with 403) to traffic that is not arriving with the proper hostname specified or that comes from a specific external host.
Your IP or your ELBs IP may have at one point in time been an open proxy. meaning that someone is hoping that you would forward the requests on to their intended destination.
but in general open port 80 to the internet and all kinds of bots and zombies will visit you with a pretty constant flow of dodgy requests. I would imagine though that the \ec2 IP ranges would be a particularly juicy range to search for poorly patched websites to exploit.
I am hoping there is a simple answer to this! My webserver has a number of IP addresses. one particular website has one of these IP addresses mapped to it. On said website, I have a java applet which is making outbound http requests.
Now, I am wondering what is the IP address that people will see for my server? Will they see the machine's default IP address or the IP address mapped in IIS for this website?
Java applet? So it's client side? It feels like a red herring.
The IP people will "see" (if they go looking) is whatever you set in the DNS, surely...
Perhaps you should specify which "people" you expect to see seeing your IP. If you mean the people owning the server you are making HTTPS requests to, and this is client side, they will see the IP of the website user. They won't see any of your IPs.
If this is server-side logic (ie something like a Java servlet), they will see whichever IP is the default outbound IP on that server. In some situations on some servers, the server will use the mapped IP, but as soon as you layer things out through connectors, it's anybody's guess which network adapter/IP actually gets used.
The java applet will be run by your visitors. So the IP address to be seen will be the visitor one and not one that your server owns.