What’s My DNS?

Reading Time: 3 minutes

What is DNS?

If you are new to web hosting, you may have heard the term DNS, but you might not be sure what it means or how it is essential to you. DNS is short for Domain Name System, and it is the process by which the whole Internet organizes and easier way for humans to reach websites. Numbers or IP addresses identify all of the computers/websites connected to the Internet. While computers have no trouble identifying each other using these strings of numbers, it would be challenging for humans if we had to remember a set of numbers for every website we wanted to visit! Fortunately, DNS translates domain names like liquidweb.com to an IP address and back, so all we need to know to find a website is the name. For a more in-depth discussion of the DNS system, see Understanding the DNS Process.

You can use the DNS Tree for a quick, visual comparison of the records that exist on all of your nameservers. Making sure your records match across nameservers and that they match your server is an essential part of troubleshooting possible website issues. If you’re error messages like “This site can’t be reached” or “webpage is not available”, the DNS Tree may help you figure out where the problem exists.

 

How Do I Check My DNS?

Verifying accurate DNS records is essential for navigating traffic to the correct web server. You can use Liquid Web’s Internet Webhosting Toolkit to view your current, authoritative DNS records. Just go to the toolkit’s site, click on the DNS Tree tab, enter your domain name, and click Submit.

Note
Our servers will query your domain’s nameservers for the most common DNS record types. If a domain is not registered or if no DNS records exist for the domain, you’ll receive an error message indicating that the records are not available. This may suggest that your nameservers are unavailable for some reason, especially if you are hosting those nameservers on a private server.

If you have registered your domain and set DNS records our tool will display the results in an easy to see “tree” of records, organized from most general to most specific.

In our example, we are looking up the records for liquidweb.com, so the tree begins with that domain at the far left of the screen.

The next set of records displayed are the Authoritative Nameservers for the domain. These are the servers designated as the holders of the records for this domain. If you want to change the records for this domain, you must change them on these servers. Changing records anywhere else won’t make reflect DNS changes. Your domain can have one, two, or as many Authoritative Nameservers as you would like but most websites use at least two for redundancy and stability.

 

The next set of entries in the DNS Tree show the Types of records that are available. DNS record types are unique for each kind of DNS function.

  • An “A Record” is used to identify primary IP addresses of given domains.
  • MX Records” are used for email routing and delivery.
  • TXT records” hold additional information about the domain, like SSL validations, DKIM entries, or SPF records.

For more information about DNS record types, see DNS Record Types.

The final “column” of entries displays the actual DNS record. This is typically an IP address for an “A record”, and domain name for an “MX record”, or a string of text for a “TXT record”. Hovering the mouse over a circle will display all of the information for the record in a pop-out window, including the TTL, Type, and Data.

 

 

 

 

 

 

 

 

If you’ve made recent changes to your DNS records, the toolkit may be showing an older, or cached, version of the records. The TTL portion of the record indicates how frequently the DNS system should update its records. TTL is shown in seconds, so a typical setting of 3600 means that servers will be asked to update your records every 6 minutes. The delay that occurs during this period is referred to as propagation. Some DNS changes, like nameserver changes, can up to 72 hours to propagate, so if you are going to be making changes to your DNS records, you’ll want to lower your TTL values for a quick update. For more information on reducing your TTLs, see How To: Lowering Your DNS TTLs.

If you need additional help, Liquid Web customer’s can contact the Most Helpful Humans in Hosting via ticket, chat, or phone at any time and we’ll do our best to make sure everything is working correctly.

 

How to Install Squid Proxy Server on Ubuntu 16.04

Reading Time: 6 minutes

A Squid Proxy Server is a feature rich web server application that provides both reverse proxy services and caching options for websites. This provides a noticeable speed up of sites and allows for reduced load times when being utilized.

Squids reverse proxy is a service that sits between the Internet and the web server (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access. A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.

Squid can be used as a caching service to SSL requests as well as DNS lookups. It can also provide a wide variety of support to multiple other types of caching protocols, such as ICP, HTCP, CARP, as well as WCCP. Squid is an excellent choice for many types of setups as it provides very granular controls by offering numerous system tools, as well as a monitoring framework using SNMP to provide a solid base for your caching needs.

When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.

Installing Squid

Let’s start by ensuring our server is up to date:
[root@test ~]# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]Hit:2 http://us.archive.ubuntu.com/ubuntu xenial InReleaseHit:3 http://ppa.launchpad.net/libreoffice/ppa/ubuntu xenial InReleaseGet:4 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]Get:5 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]Fetched 325 kB in 0s (567 kB/s)Reading package lists... Done

Next, at the terminal prompt, enter the following command to install the Squid server:
[root@test ~]# apt install squid
Reading package lists... DoneBuilding dependency treeReading state information... DoneThe following packages were automatically installed and are no longer required:linux-headers-4.4.0-141 linux-headers-4.4.0-141-generic linux-image-4.4.0-141-genericUse 'apt autoremove' to remove them.
The following additional packages will be installed:
libecap3 squid-common squid-langpack ssl-cert
Suggested packages:
squidclient squid-cgi squid-purge smbclient ufw winbindd openssl-blacklist
The following NEW packages will be installed:
libecap3 squid squid-common squid-langpack ssl-cert
0 upgraded, 5 newly installed, 0 to remove and 64 not upgraded.
Need to get 2,672 kB of archives.
After this operation, 10.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Fetched 2,672 kB in 0s (6,004 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libecap3:amd64.
(Reading database ... 160684 files and directories currently installed.)
Preparing to unpack .../libecap3_1.0.1-3ubuntu3_amd64.deb ...
Unpacking libecap3:amd64 (1.0.1-3ubuntu3) ...
Selecting previously unselected package squid-langpack.
Preparing to unpack .../squid-langpack_20150704-1_all.deb ...
Unpacking squid-langpack (20150704-1) ...
Selecting previously unselected package squid-common.
Preparing to unpack .../squid-common_3.5.12-1ubuntu7.6_all.deb ...
Unpacking squid-common (3.5.12-1ubuntu7.6) ...
Selecting previously unselected package ssl-cert.
Preparing to unpack .../ssl-cert_1.0.37_all.deb ...
Unpacking ssl-cert (1.0.37) ...
Selecting previously unselected package squid.
Preparing to unpack .../squid_3.5.12-1ubuntu7.6_amd64.deb ...
Unpacking squid (3.5.12-1ubuntu7.6) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up libecap3:amd64 (1.0.1-3ubuntu3) ...
Setting up squid-langpack (20150704-1) ...
Setting up squid-common (3.5.12-1ubuntu7.6) ...
Setting up ssl-cert (1.0.37) ...
Setting up squid (3.5.12-1ubuntu7.6) ...
Skipping profile in /etc/apparmor.d/disable: usr.sbin.squid
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...

That’s it! The install is complete!

 

Configuring Squid

The default Squid configuration file is located in the ‘/etc/squid/ directory, and the main configuration file is called “squid.conf”. This file contains the bulk of the configuration directives that can be modified to change the behavior of Squid. The lines that begin with a “#”, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.

To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.

[root@test ~]# cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

 

Change Squid’s Default Listening Port

Next, the Squid proxy servers default port is 3128. You can change or modify this setting to suit your needs should you wish to modify the port for a specific reason or necessity. To change the default Squid port, we will need to edit the Squid configuration file and change the “http_port” value (on line 1599) to a new port number.

[root@test ~]# vim /etc/squid/squid.conf
http_port 2946

(Keep the file open for now…)

 

Change Squid’s Default HTTP Access Port

Next, to allow external access to the HTTP proxy server from all IP addresses, we need to edit the “http_access” directives. By default, the HTTP proxy server will not allow access to anyone at all unless we explicitly allow it!

Caution!:
Multiple settings mention http_access. We want to modify the last entry.

1164 # Deny requests to certain unsafe ports
1165 http_access deny !Safe_ports
...
1167 # Deny CONNECT to other than secure SSL ports
1168 http_access deny CONNECT !SSL_ports
...
1170 # Only allow cachemgr access from localhost
1171 http_access allow localhost manager
1172 http_access deny manager
...
1186 #http_access allow localnet
1187 http_access allow localhost
...
1189 # And finally deny all other access to this proxy
1190 http_access deny all
# > change to “allow all” <

Now, let’s save and close the configuration file using vim’s :wq command.

 

Define the Default NIC Card Squid Listens On

If you would like Squid to listen on a specific NIC (in a server with multiple NIC cards), you can update the configuration file with the NIC’s IP address that Squid will listen on.

For example, we can change it to an internal IP of 10.1.1.5:3128

 

Define Who Can Access the Proxy Server

Next, we’ll setup who is allowed access to our Squid proxy. Locate the http_access section (which should begin around line 1860) and uncomment the following two lines:#acl our_networks src 10.1.1.0/16 10.1.2.0/16
#http_access allow our_networks
-- VVV change to VVV --
acl our_networks src 10.1.1.0/16 10.1.2.0/16
http_access allow our_networks

You will need to modify the IP ranges (10.1.1.0/16 10.1.2.0/16) to your own internal IP’s to match what your network uses unless you have several subnets you can use. (Netmasks are further explained here.)

 

Define the Hours that are Available to Access the Proxy

You can literally control the hours of access to the proxy server! The ACL section starts about line 673:
671 # none
672
673 #  TAG: acl
674 #  Defining an Access List
675 #
To set this up, let’s add this info to the bottom of the ACL section of the /etc/squid/squid.conf file:

acl liquidweb src 10.1.10.0/24
acl liquidweb time M T W T F 9:00-17:00
Granted, this is an example using liquidweb as the business name, but you can use any name.

 

Other ACL options include:

***** ACL TYPES AVAILABLE *****
711 #
712 #       acl aclname src ip-address/mask ...     # clients IP address [fast] 713 #       acl aclname src addr1-addr2/mask ...    # range of addresses [fast] 714 #       acl aclname dst [-n] ip-address/mask ...        # URL host's IP address [slow] 715 #       acl aclname localip ip-address/mask ... # IP address the client connected to [fast] 717 #       acl aclname arp      mac-address ... (xx:xx:xx:xx:xx:xx notation)
...
730 #       acl aclname srcdomain   .foo.com ...
731 #         # reverse lookup, from client IP [slow] 732 #       acl aclname dstdomain [-n] .foo.com ...
733 #         # Destination server from URL [fast] 734 #       acl aclname srcdom_regex [-i] \.foo\.com ...
735 #         # regex matching client name [slow] 736 #       acl aclname dstdom_regex [-n] [-i] \.foo\.com …

… (all the way down to line 989)

968 # Example rule allowing access from your local networks.
969 # Adapt to list your (internal) IP networks from where browsing
970 # should be allowed
971 #acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
972 #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
973 #acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
974 #acl localnet src fc00::/7       # RFC 4193 local private network range
975 #acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
976
977 acl SSL_ports port 443
978 acl Safe_ports port 80          # http
979 acl Safe_ports port 21          # ftp
980 acl Safe_ports port 443         # https
981 acl Safe_ports port 70          # gopher
982 acl Safe_ports port 210         # wais
983 acl Safe_ports port 1025-65535  # unregistered ports
984 acl Safe_ports port 280         # http-mgmt
985 acl Safe_ports port 488         # gss-http
986 acl Safe_ports port 591         # filemaker
987 acl Safe_ports port 777         # multiling http
988 acl CONNECT method CONNECT
989

All Squid Configuration Options

A full accounting of Squid’s available configurations can be found here:

(Make sure you plan to take some time because there is a lot of info there)

Restart Squid

After making those changes, let’s restart the Squid service to reload the configuration file.

[root@test ~]# systemctl restart squid.service

 

Other Important File Locations for Squid

 

Even More Information about Squid

How Can We Help?

Our Most Helpful Humans in Hosting can provide clarity and further information about Squid and how it can be utilized in our specific environments.  Our Support team contains many talented individuals with intimate knowledge of web hosting technologies, especially like those discussed in this article. If you are uncomfortable walking through the steps outlined here, we are just a phone call, chat or ticket away from providing you info to walk you through the process. Let us assist you today!

 

 

What is Power DNS?

Reading Time: 2 minutes

PowerDNS (pdns) is an open source authoritative DNS server that works as an alternative to traditional BIND (named) DNS. PowerDNS offers better performance and has minimal memory requirements. PowerDNS also works with many supporting backends ranging from simple zone files to complex database setups as well as various SQL platforms (Mysql, MariaDB, Oracle, PostgreSQL). Continue reading “What is Power DNS?”