[SOLVED] Bare CNAME with MX record

just thought i’d throw this out into the interwebz since it seems to be such a well known no-can-do that is actually a very handy can-do (where applicable)…

Background

DNS admin warnings advise against doing a “bare” (no prefix) CNAME along with an MX record, example

Disclaimer

What i’m successfully demonstrating here is clearly non-standard according to the specs
however, i’ve proven it does work for SOME servers implementation of the standards (including major provider Office 365 on the MX side) so it’s worth trying with your servers if this provides a convenient solution for your needs… and it will be immediately verifiably working or not; no “sometimes” ambiguity to worry about.

Solution

Very simple – just try positioning the MX record ABOVE the CNAME in the record order, e.g.

along with a happy O365 MX record (sorry i can’t slam dunk it with showing actual host names, you’ll have to trust me that it really did work and i didn’t make this up)

I’ve found this “MX ToolBox” to be loads of help for double checking the various DNS responses:

Cheers!

Free SSL Certs

LetsEncrypt.org is a wonderfully progressive initiative… free certs for all, to promote better internet security, nice!
 

this windows tool made quick work of plugging it into IIS vs the more unix’y stuff they suggest on their home page
literally just seconds to launch the win tool and hitting a key to select which IIS site you want the cert for… none of the ol’ CSR hassle, yay!
 

Tips:

  • your web server has to be reachable on the public internet at the domain url (port 80) you wish to gen the cert for
  • the win tool will be most automatic when you plug your domain into the host-header (port 80)

Note: The LetEncrypt certs come set to expire in 90 days – BUT, the windows tool schedules a recurring task to reach out and automatically renew the certs before that expiration. Pretty slick… will have watch if that actually works come time.
 

[SOLVED] Comodo v7 blocking HTTP/S and FTP/S on Windows 8.1 IIS 8.5

Besides opening incoming HTTP ports in the firewall via “Global Rules”, the annoying thing for me to find was also adding an “Application Rule” for “Windows Operating System” on those same ports.

Comodo v7.0.317799.4142

And this guy explains what’s necessary for FTP very nicely…

  • in comodo > global settings > application rule – add 20,21 & 5000-6000 as allowed incoming TCP ports on “Windows Operating System”… you will also hopefully get prompted to allow svchost which is responsible for running the ftpsvc
  • on internet router – forward ports 20,21 and 5000-6000
  • in IIS FTP settings
  • filezilla settings
    • require explicit ftp over tls

Blogger Custom Domain

(taken from here)

Enter Blogger Dashboard > Settings image
Under Publishing section:

Enter your custom domain in the first box complete with the www prefix.
Check the redirect box under it.

Save those settings.

You’re done with the Blogger side.

image
Log in to your domain registry account (Name.com, GoDaddy, etc.) image
First, especially if you ported your domain from another registrar like me,
make sure that your domain is set to use your new registrar’s Nameservers.
image
Now access your raw DNS record settings (aka “Total DNS”). image
Enter IP Address 216.239.32.21 as ARecord (@), this is a primary Google endpoint.  
and ghs.google.com as CNAME (for www)  
Save Domain registry settings.  
You’re done.  
Fire your page.  

Configuring a Windows 7 PC as a WiFi Router

Update 2011-07-11: Primary WiFi client user ran into dismal buffering on video streaming… that’s primary usage scenario so PC as a Router is a NO-GO.  I loaded DD-WRT (following the wiki guide) and it’s working much better… should have done that in the first place, thanks bro! :)  (read something about a port forwarding bug in the standard build and went with the recommend VPN build) I finally gave up on my piece of sh_t Linksys WRT310N as a viable router… I can’t believe those guys can sell such crap… even on the latest firmware (09/09/2010 v1.0.10 build 2) it would crash and crash… I tried mixed mode, G only & N only and whenever it would have to do any significant WiFi traffic at all, it would fail… just absolute junk… amazing there’s even a market for those bricks… plus the HTTP menus were pathetically slow when you’d click around. To be fair, it is a “v1” hardware model and apparently there is a v2 out there going by the Linksys firmware downloads page. (My serial #: CSF01HB0919) Since my mobo has a built in WiFi NIC, I decided to see how hard it would be to just use what I already have rather than dinking around with finding another router that would actually work. As with anything, there are pros and cons… here’s a few off the top of my head:

  • PRO: you gain quite a bit of control leveraging less overall equipment (software firewalls are generally much more robust than a consumer router)
  • CON: you have to have your central PC powered up for any household WiFi action… in our case that seems inherently ok… wifey can hop on the central PC if I’m not using it… and if I am, then WiFi is available.

Bottom line, this works and covers all my bases so far:

Windows 7 as a Wireless Access Point
  • one time: netsh wlan set hostednetwork mode=allow ssid=XYZ key=PDQ keyUsage=persistent
  • after every reboot: netsh wlan start hostednetwork
ICS – Internet Connection Sharing Snap7
DynDNS update client The DynDNS update feature is common to all routers… it’s nice that such a simple app alternative plugs this hole so I can keep on rocking my personal domain (I host all our photos directly from my home PC via zenPhoto).
Firewall settings Since I’m plugged into a cable modem now, my PC is basically swinging directly out on the net so a software firewall is much more important now than before when I’d be more safely behind the NAT barrier of the router. 

I use the 100% free Comodo Internet Security… the UI is clean, e.g. one can resize it’s data grid based screens to view full detail (yes I’m talking about you BitDefender 2010!), I’ve never seen it jack CPU, and it provides a good mix between wizard style prompting and completely granular manual editing of the low level firewall rules.

Firewall configs are always “fun”… What worked for me just now was to select “Stealth Ports Wizard” and choose the “Alert me to incoming connections and make my ports stealth on a per-case basis” option.

*PLUS* the following individual rules under Firewall > Network Security Policy > …
(don’t forget to move them to the top so that they override any other block rules in the same bundle)

  • Application Rule on C:WindowsSystem32svchost.exe
    • For external HTTP/FTP hosting: Allow TCP Or UDP In/Out From MAC Any To BeejQuad Where Source Port Is Any And Destination Port Is In [HTTP/FTP Ports (21,80,443)]
    • For ICS client DNS “passthrough”: Allow And Log TCP Or UDP Out From In/Out [WiFi Home Access Point] To MAC Any Where Source Port Is Any And Destination Port Is In [DNS Ports (53)]
      • (interesting, normal pings would resolve fine with simple *in* enabled, but an SSL web site from the ICS client required *out* enabled as well, the firewall logs also showed a blocked packet coming from an external ip on port 53 to my central PC on a random port, but that didn’t seem to hurt… maybe my network buddy can explain this stuff)
  • Global rule
    • For ICS client Ping/ICMP support: Allow ICMP In/Out From In [WiFi Home Access Point] To MAC Any Where ICMP Message Is Any

I use Gibson Research’s “Shields Up!” (GRSU) online port scanner to check whether I’ve made any progress…

Interestingly, Comodo immediately prompted me for port 80 when GRSU scanned, but I had to use the above Stealth Ports selection to allow my port 21 rule to take effect.

    Considering Home Network Storage Alternatives

    My current bottom line is that I’ve got a 6 x SATA ICH9R just sitting there on my main Windows 7 machine’s mobo for free so I slapped on 2 TB x 2 in RAID1, published a few shared folders and leave that machine powered on 24/7. After everything else (optical & OS drives) I had two ports left doing nothing so the previous gen 750GB’s x 2 are in RAID0 receiving scheduled backups for a little more cheap peace of mind. I’m hoping by the time I actually need more space, that there will be something along the lines of a 5-bay Drobo engineered around SATA 3.0 (6 Gb/s) internally and USB 3.0 (5 Gb/s!!) externally to finally give us some serious speed for that $700 price point. My big up front consideration: NAS vs DAS

    • What’s better, a true stand alone NAS box –OR- a large/fast DAS array shared from your primary machine???
    • FOR THE HOME scenario: I always go back to preferring DAS connected to my main beefiest workstation/”home-server”
    • You get to rally the performance wagons around at least one location where you have absolute top end HDD access when you want it…
    • If you go with a NAS, you basically accept that GbE is your top end… true, even DAS RAID0 HDD configs generally level out around 100MB/s average xfer rate which is basically the GbE saturation point (1 Gb/s = 125 MB/s minus some packet overhead puts you right around 100 MB/s)… but sequential burst rates can go upwards of 300MB/s (2.4 Gb/s) … so I believe NAS over GbE could very well prevent your drives from spitting the bits as fast as they’re capable.
    • After chasing NAS box performance specs for a while you start to realize that the end game is basically spec’ing out a mid-range PC… so that’s why I can’t stop swinging back to throwing my money at the primary machine’s horsepower and just leave that powered up all the time to share files.
    • My current working scenario is based on a main machine that’s sits at the center of our home’s media universe as the do-it-all living room media player… projector, good speakers, VLC, iTunes, etc… after that, it’s a matter of streaming (primarily video) wirelessly for individual needs (internet tablet, wifey’s PC, etc)… even if I did have the luxury of hiding that main machine somewhere other than the main living space, I think I’d just roll with a cheapo networked media player (e.g. Western Digital TV) in the living room with network storage requirements still covered by the main box.
    • Invariably one wants to share a few things out on the internet as well as around the home… my config readily lends itself to accomplishing this from simple IIS Directory Browsing up to a full blown photo gallery (PHP/MySQL based zenPhoto, love it!!)… other NAS boxes (Synology, etc.) market themselves on more and more “server” oriented features, but why fuss with learning and navigating around the limitations of various embedded linux flavors when you can have the full power of your primary machine’s OS to load up all kinds of goodies?? e.g. Synology’s built in photo gallery is nice but open source is always going to be ahead of the game
    • Another consideration: you don’t hear much talk about virus checking and NAS… maybe I’m worrying about this too much but full scans are something that one must do from time to time… ok yes, most of what we’re putting out there is going to be non executable media that doesn’t require scanning… but being a developer, I’ve developed a fairly extensive library of software that I like to have on hand… it’s doesn’t add up as fast as movies but it’s substantial… and apparently even JPG’s can get viruses… the thought of scanning all those files over the wire (repeatedly) just doesn’t appeal to me.
    • I like the idea of running a reasonable database in this space… granted the optimal database drive configuration is not the same as your primary storage volume –BUT- you do still benefit from having those byte buckets near each other for backups and such
    • [29 Sep 2010] Another one hit me: We finally have full symbolic/hard-link flexibility under Windows 7 NTFS… we can cross phyiscal drives with a link, etc… this allows full granularity to choose exactly what consumes the more valuable RAID1 space but still symlink anything into the same visible folder hierarchy… e.g. a single “movie” shared folder is physically comprised of “classics” subfolder (hosted on RAID1) in addition to “unwatched” (hosted on RAID0)… Shell Link Extension makes symlinks awesomely convenient to create with Windows Explorer.
    • For the HOME sized problem: There starts to be a pile of compelling reasons in favor of connecting the physical storage to the main CPU horsepower over the highest bandwidth possible

    Pertinent specs:

    • MB/s = MegaBytes per second, Mbit/s & Mb/s = MegaBits per sec, GbE = GigaBit Ethernet, Gb/s = GigaBits per sec
    • Notable NAS vendors: Synology, QNapBuffalo, LaCieHP, Acer, AsusNetGear, Cisco, ZyXEL
    • Performance rundown of many popular NAS boxes
      • RAID0 based units hold the crown – and nothing tops out much over 100MB/s read or write
      • Didn’t realize the Qnap’s were kicking so much arse
      • The NetGear seems to be the champ but she’s pricey (see my note about their X-RAID technology below under Holy Grail)
    • HD Video Streaming, minimum required bandwidth: in the ballpark of <10MB/s (per client)
      • Blu-ray spec max data transfer rate = 54 Mbit/s (~7 MB/s)
      • HD DVD spec max data transfer rate = 36 Mbit/s
    The Holy Grail (at the raw storage level):
    1. Single Volume – a single logical storage pool
    2. Redundancy – at least single drive failure redundancy (with RAID 5 style efficiency)
    3. Different Size Drives – we all want to take advantage of the biggest/cheapest drive available from one year to the next

    These are the only options I’m currently aware of:
    • Drobo
    • Windows Home Server
    • NeatGear has something called X-RAID2 in their ReadyNAS line that looks pretty good as well… 6 bay Pro model (empty) = $1000 street <yikes>
    • zFS – Solaris only…various OpenSolaris based versions out there… people do run it under a Windows VM with some success but seems clunky
    • BeyondRAID is like RAID 5 striping & redundancy yet with the freedom of on-the-fly swapping of any drive size
    • Pre-emptive, automatic self healing
    • Tool-less, Tray-less HDD slots
    • Sexy Health lights
    • OS X TimeMachine compatible
    • Downsides:
      • – a bit pricey (5 bay, eSata “Drobo S” = ~$700 empty!) … i feel like they’re charging about $100-$200 over average hardware for their secret sauce
      • – unfortunately it’s run of the mill speedy (60-90 MB/s over eSATA)… too bad we can’t justify the cost with some extra performance
      • – unavoidably it’s running a proprietary format in order to work its magic … the million dollar questions is: What is Drobo’s track record now that they’ve been out there a while??  Definitely need to dig up some solid reliability satistics…  If it ever does totally puke on you, you’d have to wait for a replacement unit to drop in your drives and see what’s still there… and after that, only Data Robotics Inc can possibly save you and it’ll cost you.
      • but is this really any different than RAID5?  RAID is pretty much the same vendor specific lock-in isn’t it??… if your RAID controller up and dies (for me that’d be my mobo 😐 … you’d have to obtain nearly identical duplicate hardware to salvage your drives… apparently you can migrate across same vendor like ICH9R –> ICH10R which does give slightly more flexibility
    Windows Home Server
    • You can install PHP
    • It does run fine in a VM
    • OS X TimeMachine compatible
    • – When you add a drive you must designate it as either Storage or Backup (the Storage pool offers no redundancy)
    • – Obnoxious – there’s something whacky about how it does not balance allocation very well across available drives
    • WHS “v2” aka “Vail” due sometime 2010 (V2 is Windows 2008 based, V1 is Windows 2003 based)
    • Great AnandTech.com dissection
      • v1 was basically a fancy tack-on above NTFS – “Drive Extender was the biggest component of the secret sauce that made WHS unique from any other Microsoft OS. It was Drive Extender that abstracted the individual hard drives from the user so that the OS could present a single storage pool, and it was Drive Extender that enabled RAID-1 like file duplication on WHS v1. Drive Extender was also the most problematic component of WHS v1 however: it had to be partially rewritten for WHS Power Pack 1 after it was discovered that Drive Extender was leading to file corruption under certain situations.
      • v2 Drive Extender is now ‘below’ NTFS… proprietary block based storage… single file can/will be spread across multiple disks (“chunking”)
        • biggest downside is that you can no longer just plop a WHS drive in another server to pull files in an emergency
        • chunking means that you’re in a more RAID0 like risk category for your main storage
        • enables backup of open files… to me, Drive Extender v2 provides similar freedoms to what Volume Shadow Copy provides us elsewhere
      • Great stuff in the many comments:
        • This comment basically sums up my WHS vs Drobo question => [RE: Almost there by davepermen on Wednesday, April 28, 2010, on comment page 2] – “in storage-loss for the security, raid5 is superior. if all your data is in duplication mode on whs, it needs 2x the storage space. raid5 needs "one additional disk".” … so Drobo is more like WHS flexibility + RAID5 reliability… so they really are the only game in town and hence the price.
    • Generally accepted as a solid WHS implementation: HP Storage Works x510 (rebranded MediaSmart EX495)


    Links:

    Enable IIS7 under BitDefender 2009 Firewall Rules

    Create the following rule and make sure that it’s positioned numerically “above” (i.e. lower number) than all the service.exe related rules… especially above the main “deny” rule at the last slot… i’m assuming we’re dealing with the System process because IIS7 (Windows Vista/Server 2008) moved the core listener daemon responsibility down to a lower level than W3SVC.exeimage  image image

    Nifty 'WhatIsMyIP' Script – put current WAN IP on Clipboard

    Pre-req’s:

    • 4NT – love love love that little bugger… but i guess PowerShell is probably the new cool kid in town for this kind of stuff 
      • ‘echos’ command in 4NT outputs test w/o a linefeed… so I can tack something else I wanted onto the URL… obviously the sky is your limit (can’t find the equivalent in PowerShell yet??)
    • curl – everybody’s favorite web mashup tool

    echos http:// >clip:
    curl -s "http://whatismyip.org" >>clip:
    echos /training >>clip: