Related
Hi guys,
since my Hermes is gone, I couldn't but stay in touch with technology and so...in the meantime...I couldn't resist and I'm trying to set my Windows Server 2k8 domain with DNS, IIS7, Exchange etc, the latter is in trial right now, can you give a little advice to set everything up?
The actual problem is I don't think I understood how to set DNS properly.
I mean, I saw some of you offer Exchange services using DDNS (mine is @ath.cx), so I guess you have a dynamic ip and if I'm not wrong, you don't have problems sending email to gmail, as I was having instead.
How have you solved this?
I found some pages saying I have to set the TXT spf field in DNS and to set a Reverse DNS zone and I've done the first with Microsoft site builder(don't know if in the right manner) but I can't do the latter...some sites say only my ISP can do it...but have to say I'm quite confused AT ALL...
how have you done?advices of any kind (noob simple guides instead of my entire book with 430+)?
Currently, I did -again- a good format and installed Win Server 2k8 std with only DNS Server Role, IIS7 and Exchange prerequisites (found on MS WebSite).
Let's see if there's something wrong in my conf, before going to Exchange again and find it not working:
Code:
*let's call my pc first name "pc"
*dyndns to my IP (under a NAT, router, then a bridge-switch, with DMZ on and working) @ mydns.ath.cx, switched on wildcards for *.mydns.ath.cx;
*domain mydomain.co.cc with a nameserver pc.mydns.ath.cx;
*dns for primary zone mydomain.co.cc with:
MX mail.mydomain.co.cc. ;
NS pc.mydns.ath.cx. ;
TXT (v=spf1 mx ptr ptr:vser.ilmeglio.co.cc mx:mail.ilmeglio.co.cc a:vser.ilmeglio.co.cc include:vser.ilmeglio.co.cc mx:vser.ilmeglio.co.cc -all) [Microsoft did this, I'm quite unsure of what I inserted there though] ;
mail CNAME pc.mydns.ath.cx. ;
www CNAME pc.mydns.ath.cx. ;
[just added] pc PTR pc.mydns.ath.cx. .
Is all this allright?
[more questions coming...]
When I install AD (dcpromo), do I have to use my mydomain.co.cc OR can I use AD only in my home network (let's say myname.mylocalnetwork) and so separate the two things: Exchange & AD?
If I can, are there -hard- additional modifications to make Exchange accept mails from my real web domain and not my local one?
And what about the "pc" name, does it need the network domain or can I leave it the local one? Will Exchange need changes for this too?
P.S. I'm messing with windows server, domains, dns, dcpromo, AD, exchange, ALL this stuff, from 3 days on only, I've learned just a miiinimal part of it all I think, so treat me as a noob
Infinite thanks.
Way off topic to be sure, but DNS is a confusing beast to set up at times.
Check this page out:
http://rscott.org/dns/
You can set up a rdns table yourself, but unless the lookups are set to go your DNS machines, it won't do any good.
Reverse lookups are usually delegated to whoever the IP is assigned to, normally your ISP. Some ISP's will forward the reverse lookups to your name server of choice, some will change their records to what you request, and others will either give you a blank look or refuse to do anything.
Also keep in mind that any kind of server is against the acceptable use policy of many ISP's, check with yours before opening anything up to the world.
As for the records you listed, I don't know how microsoft does theirs (I run bind on UNIX machines and always found the microsoft way of dealing with domains and 'NT domains' to be severely fscked up and confusing), but the basics are the same, and I already see some problems:
You only have a single NS
Your MX points to a CNAME, not an A
PTR records are used only for reverse lookup tables, not forward tables
(Mods, I would imagine that this should go in the general -> Off-Topic forum)
jdc said:
[...] but the basics are the same, and I already see some problems:
You only have a single NS
Your MX points to a CNAME, not an A
PTR records are used only for reverse lookup tables, not forward tables
(Mods, I would imagine that this should go in the general -> Off-Topic forum)
Click to expand...
Click to collapse
Thanks for your answer!
Actually I'm again starting from 0 after having understood it's better to maintain my home domain off the internet
Don't think my ISP policy is good for me, but perhaps I can obtain something about rDNS...not sure though
About NS, how can I have two if this is the unique pc doing the dns server?Is this a problem of RFC rules?
If I set both mydns.ath.cx and pc.mydns.ath.cx (which both point here) at the registrar would it do the trick?
About MX, mmh how can it point to an A if I have a dynamic IP? I mean ok, when it's all working perhaps my ip will stay one, but what if my router disconnects, or simply power goes down...my ip would change and I can't change it manually everytime, that's because I was pointing to an address hopped again from the other CNAME to my DDNS servers...is this, again, a problem of RFC roules or is simply wrong?Don't know how to solve though
Still have to learn much about forwarding, do you mean I should add it into a primary reverse zone?
Thanks again,
sorry, that's OT of course
How could I get the IP address to my G1? thats the Ip my phone uses for internet not the ip when its connect via wifi
You have a couple options. Using Terminal Emulator you can use the netstat command or you can use the easy way and go to www.ip-address.com. What do you need your uip address for anyway? You can't remote in through edge or 3g like you can wifi though telnetd.
thanks...................
aad4321 said:
now i dont know the name of the app which was released last week in the market, but it uses dynamic dns and updates your G1's IP address automaticly to a domain name.
Click to expand...
Click to collapse
You're referring to DynDNS and you can also find it in some routers. Unfortunatly, I believe there is a service charge for it. I use no-ip instead because it works just as well. But as far as I know DynDNS is the only app that offers this. But again... why do you need it??? I noticed that when I go to whatismyipaddress.com and when I do Netstat in Terminal Emulator I get two different ip addresses. I don't know what's up with that but I'm thinking that the netstat is the ACTUAL ip address and the ip address shown on the web site is a proxy. I would imagine that T-Mobile would not be stupid enough to leave their subscribers phones open to everyone else. It's very simple to get someone elses ip address if you're a host of a web server since all ip addresses are logged and without security (such as a proxy) it could leave all users vunerable. So my conclusion... if you had your real ip address... what do you plan on doing with it? You can only access your G1 through WiFi as far as I know. But correct me if I'm wrong.
Hi,
Using a HTC HD2 I am trying to access my home network via WIFI (WPA2/PSK - AES). Some of it works, some of it doesn't and I was hoping some of you would be able to point me in the right direction:
I can connect to intranet pages (for instance utorrent web interface) via IP, but not via hostname.
I cannot connect to network (smb) shares at all, either via IP or hostname.
A program which requires the hostname to work (since I use it over Hamachi VPN as well as locally and don’t want to change the IP based on how I use it) does work over Hamachi and not over WIFI.
I'm quite confused
Any help would be greatly appreciated!
Cheers,
Elco
Sounds like your DNS isn't working. Do you have custom DNS servers configured in the "Name Servers" tab of network card config?
Yhanks for responding!
It should get it from DHCP (though I have tried assigning a static IP and dns, but this gave the same result)
Also, I have another older win mobile device, and with the same setttings it does allow me to access the network shares (by IP and hostname)
I've combed all settings regarding wifi and network, but since they are the same I am guessing it is probably a different at the registry level?
The HTC HD2 does have 2 broadcom wifi adapters mentioned though, a normal one and one with a DHD postfix.
Cheers,
Elco
@Talisman_: same problem here. have you solved it?
Exactly same problem on xperia x2. I just set on manual temporary.
Are you using Hamachi on your phone?
Did you have this problem prior to installing Hamachi?
The reason being is Hamachi installs a network interface which exists whether or not Hamachi is running
You may want to check your Data Connection settings and see if it has applied the "requires a proxy" setting
What are you using as your DNS server though, that is the question.
If it's your broadband router, then chances are it won't be able to serve DNS requests for internal devices (ie computers on your home network).
If that's the case, you'll need a proper DNS server (get an old PC and install Linux) and create a local domain such as home.local, or if you've got a registered domain, you can even set it up the same (domain.com for instance) just tell the DNS server it's the domain master.
It's been yonks since I played around with Linux so I can't tell you how, much easier with Windows Server
Some people advise against using the same public domain name as an internal domain name, but it just means you add A records for any public addressess such as WWW.domain.com or mail.domain.com if it's accessable outside your network as well as inside.
Alternatively, if you're only going to be accessing them via the home network then you could try adding a few hosts to your registry (use the windows calc or similar to convert each IP address number to Hex)
http://windowsmobilepro.blogspot.com/2006/04/etchosts-file-equivalent-in-windows.html
As always, you modify the registry at your own risk.
This is a simple tutorial to allow you to connect to the internet using VPN through your home router.
:NOTE: At present, the steps here are sparse. They assume some technical capability to set things up yourself, this is just kindof a guide as to WHAT you'll need to setup.
Why, you ask? Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer. Not going into all that here, basically a simple guide. I assume we're all smart here, so the basics.
Prerequisites
1. DD-WRT V24 Capable router. If you don't have this, then you will need to instead use a different method involving installing software on your PC that I won't cover here. The advantage of the DD-WRT router is ease of setup on the router, and not having to have your computer turned on.
2) Capable Android Phone & Provider. I can't troubleshoot your ROM or provider. Some Android Roms don't support VPN, and it's broken in some. Some providers apparently block it. If your Rom is good and your provider doesn't block it, you're golden. In some cases (such as on the G2X) custom kernels (such as Faux123's) will add the necessary TUN support. Or you may need to add a TUN.KO file if it doesn't... again, device specific, refer to appropriate device forums.
3) If you don't have a static IP (I assume you don't) you'll need a dynamic DNS provider compatible with DD-WRT. I prefer freedns.afraid.org, but you can use any o these: dyndns.org, zoneedit.com, No-Ip.com, 3322.org, easydns.com tzo.com or dynsip.org.
Got all that? Great!
Okay, here's the fun bit.
STEP 1
First, you need to hack your router. It's a LOT like rooting your Android phone. How to do it is BEYOND the scope of what I can write here, but what you need to do is visit http://www.dd-wrt.com and have a look around. Or, you can actually purchase routers with DD-WRT pre-installed. Basically you have to flash a custom ROM onto your router. It needs to support VPN, and be at least version "v24 SP1". Older versions may have a DIFFERENT VPN setup that's not as easy. Don't say I didn't warn you. I flashed the full-featured VOIP version to my router, a Buffalo WHR-G54S.
Unlocking (if necessary) and flashing your router with DD-WRT is a topic as broad as rooting/flashing Android - so I can't help you here. But once it is done, you are ready for....
STEP 2
Setup your dynamic DNS provider. I used http://freedns.afraid.org/ to do this. Basically you go to the site and sign up for the free "subdomain" services. You can pick a name that will be on a number of different domains, such as "us.to", where you could maybe pick something like "kick.us.to" if it isn't taken yet. All that matters is you remember the name.
Next, in DD-WRT, go to the Setup->DDNS tab and select the proper DDNS service and enter the information it asks for -- your service used, username, password and hostname usually. You can usually leave update interval at the default, and normally you don't need to use external IP check.
NOTE: You need to make sure you are not "Double NAT-ed".. this means two routers stacked is a nono. If you have a router connected to a cable/dsl router (instead of a cable/dsl modem), then it needs to be set to BRIDGE mode. Again.. complicated and really a topic best dealt with on its own.
Once you've setup your Dynamic DNS, you're well on your way. You can actually use that hostname for all sorts of things, such as always being able to get Audiogalaxy to connect to the right host without having to know a numeric IP that could change.
STEP 3
You're on a roll... Now, time to setup the VPN in the router. This is done under the Services->VPN tab. If that tab doesn't exist, then you got the wrong version of DD-WRT and need to go back to Step 1.
Enable PPTP Server, Broadcast Support, MPPE Encryption. Under Server IP enter your ROUTER's IP address (usually 192.168.1.1, or whatever you use to connect to your router). Under Client IP's, enter the range of clients on your local network in the format: 192.168.1.100-149 (where 100-149 represents possible IP addresses I've set in DD-WRT for my LAN)... this doesn't seem as important since we'll be connecting from outside.. Just do it.
Under CHAP-Secrets enter in your preferred username and password in the format:
username * password *
that is, the username, a space, *, a space, the password, a space and then *
Save and apply settings. (You need to click both SAVE and APPLY, DD-WRT is weird like this)
STEP 4
Back to Android! Yay! This part of the procedure may vary by phone, but this is how it is on my Gingerbread T-Mobile G2X with faux123's kernel.
Goto Settings->Wireless & Networks->VPN Settings->Add VPN->Add PPTP VPN
VPN Name=whatever you want
VPN server= your dynamic IP name you selected in Step 2
Enable encryption = Yes
now, hit Menu->Save
You should now see your VPN listed under VPNs. Click on it, and select CONNECT. Type in your username and password you selected at the end of Step 3.
It should connect. CONGRATULATIONS!
You should also have a notification in your taskbar that will now let you disconnect from the VPN.
STEP 5
Enjoy! .. wait, what? It didn't work? It did for me!!!
I guess.... ask questions here, or if it appears to be a phone issue, ask in your device's appropriate forum (and link to this thread so people know what guide you're following)
And, if anybody reading this is a better expert in setting this stuff up than I am, feel free to critique/laugh/criticize/constructively comment on this little howto and I'll correct anything I Rick Perry'd.
Nice tutorial! Would have been better if you also included more details in hacking our router
DroidVPN said:
Nice tutorial! Would have been better if you also included more details in hacking our router
Click to expand...
Click to collapse
I would have, but like I said, that's a topic as big as phone hacking itself. Every model of router is going to be different! There may be models that support VPN in the router as well without DD-WRT, but I'm not familiar with that setup.
DD-WRT's website has a pretty huge forum on what routers are compatible and how to set it all up.
The optimal speed can be achieved by the compression of traffic and by minimizing server loads. Web acceleration will enable you bring about a drastic improvement in the web page response time. This kind of acceleration usually come in lesser costs and offers the best web application performance.
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
evilgenius00 said:
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
Click to expand...
Click to collapse
lotherius said:
Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer.
Click to expand...
Click to collapse
Yeah, that.
...
10char.
Nice TUT, VPN working
Thanks. I mostly appreciated the idea of using afraid.org.
For some reason, Dyndns and no-ip wouldn't work with ICS as client.
thanks for this tut, keep it up
nice.. thanks for sharing
The cool thing is, once you start hacking your router, you open up all sorts of fun. Like using a virtual wireless network to bridge the open wifi network that gets 1 bar of signal in one little corner of your apartment to be a full strength WPA protected network with your own SSID and subnet that all of your devices can use ... not like I would do such a thing. Now, I *am* a bit afraid to try to set up a VPN on the bridged virtual network..... that could get complicated.
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
katinatez said:
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
Click to expand...
Click to collapse
Any service which gives you a stable hostname to the outside network should work.
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
australix said:
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
Click to expand...
Click to collapse
Still using a (now antiquated) Buffalo WHR-G54S which has 4MB flash and 16MB Ram... so while it has a lot of features, OpenVPN is lacking... so I can't test that method personally.
This Buffalo is the best router I've ever owned, though. I still can do without gigabit or N networking, so I'm not upgrading. I went through 5 or 6 bad routers (even a Linksys WRT-54G that crashed constantly) before I got this one.
Thanks for all the info here. I've deleted the post because I think my issue is with something else.
Thanks..
p
very...helpfull..!!!
Very easy guide! Thanks!
455
nice cool...
bumpin this because i have a question regarding this, i just set this up and it works great
there are mainly two types of auth vpn servers use, certificate authentication and username/password
i tried to set up password one, and you still need the server public certificate along with username/password, but you don't need client public and private keys unlike with cert auth.
now, i placed the server key, ca.crt, on my internal storage and together with username/password, works great, my concern is security of this file. this file needs to be accessible right, so you can't put it in /etc or /system, having it in internal storage, any app with storage permission can read it... isn't this a security risk? how is this solved? where do i put the file?
thanks
edit: also, how do i *prevent* network traffic without vpn? i know there is always on option and start on boot, but i did, and when the boot finnishes there is a brief moment when the phone connects on mobile network just before initializing vpn and in that brief moment android probably sends all sorts of passwords and data through the network ... how do i delay this until vpn is initialized?
Hello everyone,
So I've been doing some work on my A1. Managed to root it via Magisk and something strange happened after that, though now i don't even know if it's related to root or the newest software update. But here is what I've found.
I have a home DNS server with some local network DNS entries.
I also have a DHCP which is providing home DNS server IP along together with 8.8.8.8 as secondary DNS to DHCP clients.
On my phone, i have set a static IP address but pointed DNS servers, as first server to be my home server and secondary to be 8.8.8.8 (as if i were to get these settings via DHCP).
All works well. I am able to get to my devices by looking them up like "pc.lan" or "printer.lan" ... In the first 5 minutes OR LESS!
After that SHORT period expires, my phone no longer queries my local DNS. I couldn't see which server is he trying to reach, i was afraid that i have rooted my phone badly and somehow installed malware onto it which is overwriting my DNS settings.
TBH i even checked /etc/resolv.conf and noticed that i do not have my entries there, but onle 8.8.8.8 and 8.8.4.4. Even after editing that file i still have no luck (maybe it's not reading that file).
So I've done little snooping and sniffing. Moved PCAP file to PC and looked it up in wireshark and there i saw something interesting!
Basically, he was querying google's 8.8.8.8 over port 853 (TLS) and completely ignoring my entry.
When i removed 8.8.8.8 as secondary DNS from my static entries, all worked fine, i was able to query my local DNS just fine!
So my question is. Is anyone aware of anything new regarding DNS queries? Maybe android is now forcing encrypted DNS traffic when available ?
EDIT:
Just for the record. I am using Android 9 with V10.0.5.0 build number (as earlier mentioned, Xiaomi Mi A1)