1. Use both a router firewall and a software firewall
2. Your name servers should be hosted on at least two different servers
3. If you use content delivery services, make sure they have servers close to your primary users
4. Block all ports except the most essential (i.e. web server, ssh, ftp)
5. Use traceroute and dns lookups to test network connectivity issues
6. Be sure to follow Internet standards with your DNS records
7. Use SSH, SCP, SFTP, and other secure protocols whenever you need to connect to your server

Photo Source: Flickr

Whenever you change configuration for a service or need to reinitialize it, you should perform a service restart. This is much more convenient than what people normally do with desktop computers, which is to restart the entire system. On a server, you want to keep the server running and just restart the necessary service. This is a much faster and less invasive solution.

To restart a service, you can use the “net” command to stop it and then start it again: “net stop service” followed by “net start service”. For example, if you want to restart DNS, the commands would be:

net stop dns
net start dns

That is all it takes for basic restarting of Windows services. For more information on advanced tasks consult your Windows Server documentation.

Photo Source: Flickr

2. IP Whois – Find out what a website’s true IP address is, where it originates, who owns it, and more.

3. Reverse DNS – Test reverse DNS to make sure your server is setup correctly according to Internet protocols.

4. SPAM DB Lookup – Is your website or server on the spam list? This tool will tell you if you need to do some housecleaning or beefing up of security.

5. DNS Lookup – Make sure all of your DNS records (A, CNAME, MX, and more) are setup correctly.

There are websites that have all of these tools available either for free or for small fees. You can also perform many of them from the Linux command line, if that is available to you.

Answer: Usually, you will only be accused of spamming in one of three situations: (1) you actually are a spammer, (2) your account is hosted on an unsecured mail server, or (3) You have a dedicated server or VPS, and you have left your mail server unsecured.

In the case of the first situation, I cannot help you. If you are in situation number 2, then you are truly one of the victims, and whoever is running the server needs to fix the problem. Usually this will happen if the server admin is someone different than the web host. Contact the web host and let them know that you are not in charge of the server but have been blacklisted.

In the third situation, you need to find the security hole in your server and fix it. You could have an open relay in your SMTP system. Another possibility is that a user account has been comprised. And the third unfortunate possibility is that one of your users may knowingly be a spammer. In any case, get the problem fixed first and then tell your web host. You should then automatically start dropping off of DNS blacklists, and everything will go back to normal.

Image: Wikimedia Commons

Many nameservers are set to a default time of 86400 seconds (24 hours). With that setting, it takes 24 hours before all of the DNS servers globally are updated, although some Internet servers will update before others. The lower the number of seconds to live updates, the more often the nameserver will access the authoritative records.

While one’s first inclination might be to lower the TTL number so that nameservers are updated almost immediately, having a setting that is too low can cause too great of a strain on the server. If you change your DNS often, you might want to make the setting lower than one day, but if you only change it once in a while, that default setting might be fine. Some system administrators will lower the setting temporarily if they know they are about to make a big change to critical network services.

Image Source: Wikimedia Commons

Whatever method you choose, it is important to contribute tot he fight against SPAM by reporting known spammers. The first place to report to is the spammers web hosting provider. The provider is most likely unaware of the spammer’s actions and will suspend their accounts once you tell them.

The second method to try is to contact their Internet service provider. Just as it is a violation of the terms of service for most web hosts, most ISPs will not tolerate SPAM either. Finally, you can contribute to global blacklists by reporting the spammer to SPAM prevention websites. This will ensure that offenders cannot get away with SPAM even if their providers allow it.

Photo Source: Flickr

OpenDNS provides a lot more than just speed, however. Benefits include phishing and botnet protection, a content filter, and URL typo correction.

You can configure a single computer to use Open DNS or even all the computers on your network. The site provides a handy set-up guide after signing up for using the service on Windows, Mac OS X, Linux, as well as routers made by companies such as Linksys and Netgear.

WARNING: Not all of your nameservers are in different subnets

Answer: If you are receiving this error, it means that the nameservers for your domain are both originating from the same server (or two servers within the same subnet). Generally speaking, this is actually just a warning and not an error. Your server may still function just fine.

To be in full compliance with networking standards, however, you will need to host one nameserver at a different location, or at least on a different subnet. In other words, your domain registrar will require two IP addresses for your nameservers. You can have one on your actual server and have the other hosted on a separate server.

Some web hosting providers will offer remote nameserver hosting as part of their unmanaged dedicated server offerings. If they do not, there are other DNS hosting services that may offer what you need. As a last resort, you can configure your server to use two distinct IP addresses for each nameserver even if they actually both originate from the same place, although this is not ideal.

Image Source: Wikimedia Commons

The domain name system is under attack today as it has never been before. I have personally consulted with over 20 CEOs of the top registries and the top registrars globally, all of whom are seeing increasing attacks and complexity of attacks and who are extremely concerned,

While Beckstrom is perfectly accurate in his statement, to those with a vested in interest in certain start-up extensions and developing ccTLDs, them is fightin’ words. Specifically, Chris Disspain, chairman of the Country Code Name Supporting Organization (ccNSO) council, called the ICANN CEO out on the comment.

As a representative of the various companies that run ccTLDs for many governments, Disspain is worried that Beckstrom “could cause great concern among governments regarding how elements of critical Internet resources are operated and managed in their countries.” In other words, the ccNSO chairman is worried about how this could affect his associate’s for-profit operations running ccTLDs.

Source | Computer World
Photo | Flickr

Dynamic DNS notifies the user’s domain that the IP address has been changed and needs to be updated. When someone remotely connects to the domain, they will get the right computer, even if the IP address changes regularly. The Linux command called nsupdate is a utility that allows the user to update a DNS zone without having to manually edit the zone file.

“nsupdate is a fantastic little utility that enable quick and secure DNS zone updates. Setup is quick and painless, and use is fairly intuitive for anyone remotely familiar with DNS, and skilled enough to admin their own Linux system.”

Read the full article
Photo Source: Flickr