Over the past year, we have covered many networking tips for servers. Here is a brief summary of the most important networking tips you should keep in mind for your dedicated server.

1. Use both a router firewall and a software firewall
2. Your name servers should be hosted on at least two different servers
3. If you use content delivery services, make sure they have servers close to your primary users
4. Block all ports except the most essential (i.e. web server, ssh, ftp)
5. Use traceroute and dns lookups to test network connectivity issues
6. Be sure to follow Internet standards with your DNS records
7. Use SSH, SCP, SFTP, and other secure protocols whenever you need to connect to your server

Photo Source: Flickr

Continue reading: Server Networking Tips

Services are memory resident programs that normally run constantly, as long as your server is on. Programs like your web server, database server, DNS system, and others are all services that start at boot time and continuing running at all times.

Whenever you change configuration for a service or need to reinitialize it, you should perform a service restart. This is much more convenient than what people normally do with desktop computers, which is to restart the entire system. On a server, you want to keep the server running and just restart the necessary service. This is a much faster and less invasive solution.

To restart a service, you can use the “net” command to stop it and then start it again: “net stop service” followed by “net start service”. For example, if you want to restart DNS, the commands would be:

net stop dns
net start dns

That is all it takes for basic restarting of Windows services. For more information on advanced tasks consult your Windows Server documentation.

Photo Source: Flickr

Continue reading: How to Restart Services on a Windows Server

1. Traceroute - With this quick tool, you can trace the network path from your server to any destination, including your house. If you ever have connection problems with your website or server, this tool may give you clues.

2. IP Whois - Find out what a website’s true IP address is, where it originates, who owns it, and more.

3. Reverse DNS - Test reverse DNS to make sure your server is setup correctly according to Internet protocols.

4. SPAM DB Lookup - Is your website or server on the spam list? This tool will tell you if you need to do some housecleaning or beefing up of security.

5. DNS Lookup - Make sure all of your DNS records (A, CNAME, MX, and more) are setup correctly.

There are websites that have all of these tools available either for free or for small fees. You can also perform many of them from the Linux command line, if that is available to you.

Continue reading: 5 Indispensable DNS Tools

Question: My web host has accused me of being a spammer and has suspended my account. How do I prove I am not a spammer?

Answer: Usually, you will only be accused of spamming in one of three situations: (1) you actually are a spammer, (2) your account is hosted on an unsecured mail server, or (3) You have a dedicated server or VPS, and you have left your mail server unsecured.

In the case of the first situation, I cannot help you. If you are in situation number 2, then you are truly one of the victims, and whoever is running the server needs to fix the problem. Usually this will happen if the server admin is someone different than the web host. Contact the web host and let them know that you are not in charge of the server but have been blacklisted.

In the third situation, you need to find the security hole in your server and fix it. You could have an open relay in your SMTP system. Another possibility is that a user account has been comprised. And the third unfortunate possibility is that one of your users may knowingly be a spammer. In any case, get the problem fixed first and then tell your web host. You should then automatically start dropping off of DNS blacklists, and everything will go back to normal.

Image: Wikimedia Commons

Continue reading: When You Are Accused of Spamming...

Time to Live or TTL refers to when the nameserver checks with the authoritative nameserver to get the latest record. I caches that record for however long the TTL specifies before checking again. The lower the number, the sooner records will be updated.

Many nameservers are set to a default time of 86400 seconds (24 hours). With that setting, it takes 24 hours before all of the DNS servers globally are updated, although some Internet servers will update before others. The lower the number of seconds to live updates, the more often the nameserver will access the authoritative records.

While one’s first inclination might be to lower the TTL number so that nameservers are updated almost immediately, having a setting that is too low can cause too great of a strain on the server. If you change your DNS often, you might want to make the setting lower than one day, but if you only change it once in a while, that default setting might be fine. Some system administrators will lower the setting temporarily if they know they are about to make a big change to critical network services.

Image Source: Wikimedia Commons

Continue reading: Setting Time to Live for your DNS records

When you are faced with relentless spamming, it is a good idea to use tools that go beyond simple filtering. One way to stop SPAM is to develop some type of proxy that stops known spammers before the messages reach the mail server. Another is to rely on DNS black lists that are periodically updated.

Whatever method you choose, it is important to contribute tot he fight against SPAM by reporting known spammers. The first place to report to is the spammers web hosting provider. The provider is most likely unaware of the spammer’s actions and will suspend their accounts once you tell them.

The second method to try is to contact their Internet service provider. Just as it is a violation of the terms of service for most web hosts, most ISPs will not tolerate SPAM either. Finally, you can contribute to global blacklists by reporting the spammer to SPAM prevention websites. This will ensure that offenders cannot get away with SPAM even if their providers allow it.

Photo Source: Flickr

Continue reading: How to handle known spammers

Looking to speed up your web browsing? Working from a huge cache of web requests made by other users, OpenDNS is a free DNS service that is considerably faster than the name servers provided by your ISP.

OpenDNS provides a lot more than just speed, however. Benefits include phishing and botnet protection, a content filter, and URL typo correction.

You can configure a single computer to use Open DNS or even all the computers on your network. The site provides a handy set-up guide after signing up for using the service on Windows, Mac OS X, Linux, as well as routers made by companies such as Linksys and Netgear.

Continue reading: Speed up web browsing with OpenDNS

Question: What does the following error mean:

WARNING: Not all of your nameservers are in different subnets

Answer: If you are receiving this error, it means that the nameservers for your domain are both originating from the same server (or two servers within the same subnet). Generally speaking, this is actually just a warning and not an error. Your server may still function just fine.

To be in full compliance with networking standards, however, you will need to host one nameserver at a different location, or at least on a different subnet. In other words, your domain registrar will require two IP addresses for your nameservers. You can have one on your actual server and have the other hosted on a separate server.

Some web hosting providers will offer remote nameserver hosting as part of their unmanaged dedicated server offerings. If they do not, there are other DNS hosting services that may offer what you need. As a last resort, you can configure your server to use two distinct IP addresses for each nameserver even if they actually both originate from the same place, although this is not ideal.

Image Source: Wikimedia Commons

Continue reading: Nameserver subnet warnings

While speaking at an ICANN international meeting in Nairobi this week, Rod Beckstrom criticized the security of DNS, saying it “can stop any time.” Furthermore, he went on to state:

The domain name system is under attack today as it has never been before. I have personally consulted with over 20 CEOs of the top registries and the top registrars globally, all of whom are seeing increasing attacks and complexity of attacks and who are extremely concerned,

While Beckstrom is perfectly accurate in his statement, to those with a vested in interest in certain start-up extensions and developing ccTLDs, them is fightin’ words. Specifically, Chris Disspain, chairman of the Country Code Name Supporting Organization (ccNSO) council, called the ICANN CEO out on the comment.

As a representative of the various companies that run ccTLDs for many governments, Disspain is worried that Beckstrom “could cause great concern among governments regarding how elements of critical Internet resources are operated and managed in their countries.” In other words, the ccNSO chairman is worried about how this could affect his associate’s for-profit operations running ccTLDs.

Source | Computer World
Photo | Flickr

Continue reading: Rod Beckstrom draws criticism over DNS security comment

Computer users with dynamic IP addresses often have to contend with the reality that their internet identity can literally change without warning. For average Internet use, this is not a problem, but if you ever need to host something from home (even a private server that only gives you password access), you will need some support for dynamic DNS.

Dynamic DNS notifies the user’s domain that the IP address has been changed and needs to be updated. When someone remotely connects to the domain, they will get the right computer, even if the IP address changes regularly. The Linux command called nsupdate is a utility that allows the user to update a DNS zone without having to manually edit the zone file.

“nsupdate is a fantastic little utility that enable quick and secure DNS zone updates. Setup is quick and painless, and use is fairly intuitive for anyone remotely familiar with DNS, and skilled enough to admin their own Linux system.”

Read the full article
Photo Source: Flickr

Continue reading: The nsupdate for dynamic DNS

Question: Why do domain registrars require two name servers?

Answer: The short answer to this question is that Internet standards require it according on RFC 1034, published by the Internet Engineering Task Force (IETF). But there is a good reason for it.

The intent of the standard is to ensure that domain name servers have redundancy. If one name server goes down, a website will still have at least one more to keep it alive. In other words, your server could be working perfectly fine, but without name servers, no one will see your site. Furthermore, sites with heavy loads might be able to distribute that load between the two name servers.

Because of the above reasons, the intent is to have two distinct name servers, at two locations, using two different IP addresses. If you have your own server and do not have access to a another server for DNS, I recommend using one of the many DNS services that are available at low cost. It will save you trouble in the long run and will make sure your site is up to standards.

Photo: Flickr

Continue reading: Why do domain registrars require two name servers?

Visitors to RollingStone.com were surprised a few days ago when instead of seeing the popular magazine’s website, they were greeted with a generic “coming soon” landing page. The website is now back up, for but some time people speculated that Rolling Stone forgot to renew its domain. What happened?

Luckily for the magazine, the domain had not expired and is actually registered through next September. The issue was most likely a DNS glitch. Regardless of the cause, Rolling Stone most likely lost a good bit of money from this slip.

Source | Mashable
Photo | Flickr

Continue reading: Did Rolling Stone let its domain expire?