I want to check a particular website from various locations. For example, I see a site example.com from the US and it works fine. The colleague in Europe says he cannot see the site (gets a dns eror).
Is there any way I can check that for my self instead of asking him every time?
This is a bit of self promotion, but I built a tool to do just this that you might find useful, called GeoPeeker.
It remotely accesses a site from servers spread around the world, renders the page with webkit and sends back an image. It will also report the IP address and DNS information of the site as it appears from that location.
There are no ads, and it's very stream-lined to serve this one purpose. It's still in development, and feedback is welcome. Here's hoping somebody besides myself finds it useful!
Sometimes a website doesn't work on my PC and I want to know if it's the website or a problem local to me(e.g. my ISP, my router, etc).
The simplest way to check a website and avoid using your local network resources(and thus avoid any problems caused by them) is using a web proxy such as Proxy.org.
Well, DNS should be the same worldwide, wouldn't it? Of course it can take up to a day or so until your new DNS record is propagated around the world. So either something is wrong on your colleague's end or the DNS record still takes some time...
I usually use online DNS lookup tools for that, e.g. http://network-tools.com/
It can check your HTTP header as well. Only a proxy located in Europe would be better.
Besides using multiple proxies or proxy-networks, you might want to try the planet-lab. (And probably there are other similar institutions around).
The social solution would be to post a question on some board that you are searching for volunteers that proxy your requests. (They only have to allow for one destination in their proxy config thus the danger of becoming spam-whores is relatively low.) You should prepare credentials that ensure your partners of the authenticity of the claim that the destination is indeed your computer.
DNS info is cached at many places. If you have a server in Europe you may want to try to proxy through it
It depends on wether the locatoin is detected by different DNS resolution from different locations, or by IP address that you are browsing from.
If its by DNS, you could just modify your hosts file to point at the server used in europe. Get your friend to ping the address, to see if its different from the one yours resolves to.
To browse from a different IP address:
You can rent a VPS server. You can use putty / SSH to act as a proxy. I use this from time to time to brows from the US using a VPS server I rent in the US.
Having an account on a remote host may or may not be enough. Sadly, my dreamhost account, even though I have ssh access, does not allow proxying.
The only thing that springs to mind for this is to use a proxy server based in Europe. Either have your colleague set one up [if possible] or find a free proxy. A quick Google search came up with http://www.anonymousinet.com/ as the top result.
Related
I run a small e-commerce platform, and over the past two years have grown customers.
There's around 100 customers now and their domains point to our server IP by the use of two A records (# and www).
I'm not experienced in this area so I need someone who's knowledgable about setting up major SaaS projects.
The worry I have is, if for whatever reason I change host, wouldn't I lose the IP address? And surely at that point, I may need to ask over 200 customers to change their DNS settings to point to our new server?
A friend said to me about using a CNAME (pointing to a domain I own), but another professional server contact told me that it's not ideal. What further confuses me is this:
If my point remains true (and that an IP isn't able to be owned), then how come Squarespace and a few other major players have an option to instruct their users that they can use an A record to point to their (squarespace/wix..) IP address? Do they know something I don't (do they own an IP?)? What happens if squarespace for whatever reason have to change IP, surely 100,000's+ customers would need to change their IP A records? This seems very impractical and not realistic. It really confuses me.
I'd really appreciate some enlightening in this area, because I need to know sooner rather than later if I dig myself into a hole if I get over 500 customers and for whatever reason I end up having to ask 500 of them to change DNS settings.
Thanks.
Searched the web and unable to find a solution. I have an umbraco site using IIS to host on a Windows server. Any ideas on approach to block users accessing site outside the UK? Htaccess approach would be too slow.... thank you in advance!
That's quite hard to do accurately, as you could have someone based in the UK using a European network provider, which means that they might appear to come from say Holland instead of the UK. It's also possible for people to spoof their location fairly easily if they really want to get at your site.
As Lex Li mentions there are plenty of commercial databases and tools for looking up a user's location, but the accuracy of these varies considerably, not to mention the fact that some of them only support IPv4. Any of these options are going to be slow though, as you'll have to check on every request. You also have to make sure you keep the databases up to date.
Another option would be to proxy your site through something like CloudFront or CloudFlare which both support blocking traffic by country.
I've discovered a couple Node.js modules that allow for checking DNS records for domains, but none that allow for changing and setting DNS records to update domains.
Is what I'm asking even possible? I'm just looking for a step in the right direction.
I am using DNS Made Easy for my DNS servers, if that helps.
I think it really depends on the DNS server you're using. There are some standardized ways to update DNS servers - see https://en.wikipedia.org/wiki/Dynamic_DNS, or if you're using a service like afraid.org, then they have a REST-ish/HTTP endpoint you can call to update DNS records. There's no reason you couldn't initiate that call from node.js. That said - if you're trying to do real DDNS, you might have to implement a more tricky protocol to get it to happen. Some DNS servers just read text files from the disk, so you could also build something that updates those files and the domain serial number and reloads the server when an update occurs. TL;DR: it's possible, but you might have to implement some tricky stuff to get it to work.
The scenario is - I need to send push notification to Apple push server hosted at gateway.sandbox.push.apple.com. This Apple server is load balanced and the destination IP address can be anything in 17.x.x.x block.
Now my server which will be requesting Apple server is in secure environment and is behind firewalls. I have got the IP range 17.x.x.x unblocked, but DNS resolving is not possible on that server. That server also doesn't have Internet access on it.
What I did was - I pinged the Apple server from another system and got the Apple server's IP address for the moment. Then I mapped that IP address with the DNS name in the hosts file of my Windows server. This worked, but now the IP address can change anytime at the Apple end, and this will break things.
What can I do in this scenario?
You can talk to your security people and in cooperation with them come up with a proper, internally supported, way to provide what you need. What you need is to look up an address, and then talk to that address. Currently, you are only provided half of that.
What you're asking us for is a way to circumvent your own organization's security policies (policies that admittedly appear stupid, but that's another matter entirely). Even if someone here can come up with a technical way to do what you ask that works for now, it's likely to break at any time, since you're working at odds with your own workplace. Also, what will your bosses say if they find out that you're violating security policies?
Security very often comes down to tradeoffs. As the saying goes, the only truly secure system is one that has been encased in concrete and sunk to the bottom of the sea. But such a system will also be somewhat difficult to get useful work out of, so usually we accept lesser security in order to get work done. In your case, the tradeoff currently sits in a place that prevents you from doing whatever it is you're working on. So your organization needs to make a choice: change the tradeoff so that your machine can look up names, or keep the current tradeoff and accept that your task will not be done.
I'm sorry that I can't give you a straight up "Sure, do this" kind of answer, but your problem really is not technical.
How are dynamic dns entries discovered by hackers and what tools are they using to glean this information?
A few days ago I signed up at no-ip.org for a free dns entry in order to open up my e-commerce site to a third party that needs to make calls to it in my development environment. Within a day I saw ip addresses coming to my site that are NOT from this third party. I’m wondering how this brand new dns entry was discovered and so quickly. At least one of these persons was attempting to hack the site and knew exactly the base product I was working with, an open source e-commerce system, and attempted to gain access to the admin area which has got me curious on how exactly these hackers are able to pull this information so quickly and know exactly the product I’m working with.
For now I’ve white-listed the ip addresses from this third party but I’d like to use the same logic these hackers are to look at my site from a security standpoint and better protect against it when we go to production.
To be alerted to new IPs listed in a nameserver requires privileged access to the zone files on the server, regardless of whether those IPs are entered through manual edits to the zone files or through an automated process like DDNS. A quick check shows that those rights aren't enabled by default through the standard mechanism at no-ip.
> server nf5.no-ip.com
Default Server: nf5.no-ip.com
Address: 83.222.240.75
> ls no-ip.com
[nf5.no-ip.com]
*** Can't list domain no-ip.com: Server failed
The DNS server refused to transfer the zone no-ip.com to your computer. If this
is incorrect, check the zone transfer security settings for no-ip.com on the DNS
server at IP address 83.222.240.75.
They do enable zone-transfers by-request, and I suppose that would be a nice thing for a hacker monitor. Fresh servers have the easiest vulnerabilities.
But honestly, it's just as likely that it was a random IP hit, as Marc suggested. To get your product info also isn't hard. After cataloging the server as a new device, it's typically easy to identify the service platform. Just establishing a TCP/IP connection to the server will typically reveal the operating system it runs through subtle tells in number sequences in IP packets and other tidbits of information. It can look deceptively like someone knew all about your server upon first connection.