Setup DNS server to resolve my domain

How to setup DNS server on two host  to resolve my_domain:

Login into Godaddy account

Goto the Domain Detail of mydomain:

From Host Name:

         Register two hosts into mydomain:   ns1=host1_ip,. ns2=host2_ip

From Nameservers:

        Change Setup Type from Standard to Custom

       Add the two Nameservers:  ns1.mydomain  ns2.mydomain


Login into host1 & host2

Setup DNS server, with the following config:

T-NS record:       ns1.mydomain, ns2.mydomain  (dns server)

T_MX record:     mx1.mydomain,  mx2.mydoamin  (email server)

T_TXT record:  “v=spf1 …”       (for email  )

“goodle-site-verification=…”    (for email, and web server)


SPF record for email:

“v=spf1 a mx ip: -all”

Only following host allowed for SMTP delivery”,,, all in MX record


Google site notification:  (Verify domain by adding a TXT/SPF record)

Refer to:


 How to Add PTR record for mx server:

PTR record is managed by ISP,  not the DNS supplier, such as Godaddy

Some VPS supplier support PTR record modification, such as Hostus, ComfortHost.


 Tool for email server check:

setup reverse tunnel with stunnel

Unlike ssh,  stunnel dosen’t support the reverse tunnel by it’s self.

With the help of tgcd ( TCP/IP Gender Changer Daemon ), we are able to setup a reverse tunnel by chain the tgcd and stunnel:

For example:

We try to access the corp server from home,  but due to the NAT firewall of the corp, only out going 80/443 port are opened:

client  ==> tgcd LL node (home server)  ==> tgcd CC node (corp agent) ==> corp server:

Home Server:

Launching tgcd daemon in LL mode:

   tgcd -L -q 2222 -p 22222

Listen on port 2222 for client access

Listen on port 22222 for tgcd CC access


Launching stunnel in server mode:

       /usr/local/bin/stunnel /etc/stunnel/stunnel_server.conf

Listen on port 443 for incoming ssl connection

Forward link with sni=tgcd to port 2222

cat /etc/stunnel/stunnel_server.conf

accept =
connect =

sni = tls:tgcd
connect =


Corp Agent Server:

Launching tgcd daemon in CC mode:

tgcd -C -s -c

Connect to tgcd LL node at:

Connect to sshd server at:

Launching stunnel in client mode:

/usr/local/bin/stunnel /etc/stunnel/stunnel_client.conf

Listen on port from tgcd CC, and

Access Home server via port 443 behind NAT and http proxy

cat /etc/stunnel/stunnel_client.conf


accept =
protocolHost = home.serverip:443

connect = http_proxy_ip:http_proxy_port
protocol = connect
sni = tgcd



With such configuration, we can login into the corp server by means of:

ssh -p 22222   home.server.ip

Chain socks with http proxy upstream

Dante support both socks(socks4/socks5) and http proxy as upstream proxy.

logoutput: /var/log/sockd.log

internal: port=1080
external: eth0

clientmethod: none
socksmethod: none

user.privileged: root
user.notprivileged: nobody

timeout.negotiate: 30 86400

client pass {
from: to:
log: connect error

socks pass {
from: to:
log: connect error
protocol: tcp udp

route {
from: to: via: HTTP_PROXY_IP port = HTTP_PROXY_PORT
proxyprotocol: http
command: connect
protocol: tcp
method: none

road warrior & ssh share port 443

With help of SNI in stunnel,  we can  support both  road warrior and ssh function on the same TCP/443 port.


VPS Server:

Install  stunnel v5.31 with  openssl  v1.0.2, and listen on port 443

Install dante v1.4.1,  and listen on port 1080

Install openssh, and listen on port 22


Stunnel config for VPS server

chroot = /var/lib/stunnel/
setuid = stunnel
setgid = stunnel

;debug =debug
debug = err
;foreground = yes

log = append
;log = overwrite
output = /stunnel.log

cert = /etc/stunnel/stunnel.pem
;key = /etc/stunnel/stunnel.pem

verify = 3
CApath = /certs

; performance
socket = l:TCP_NODELAY=1

;compression = deflate
compression = zlib

accept =
connect =

sni =
connect =

sni =
connect =


stunnel listen on 22 for ssh connection

stunnel listen on 1080 for socks connection


Stunnel config for client within Corp’s network:

chroot = /var/lib/stunnel/
setuid = stunnel
setgid = stunnel

;debug = alert/crit/err/warning/notice/info/debug
debug = err

;foreground = yes

cert = /etc/stunnel/stunnel.pem

;compression = deflate | zlib
compression = zlib

client = yes

; performance
socket = l:TCP_NODELAY=1

accept =
connect = http_proxy_ip:http_proxy_port

protocol = connect
protocolHost =

accept =
connect = http_proxy_ip:http_proxy_port
protocol = connect
protocolHost =
sni =



How to

Road Warrier: 

set socks proxy of browser to


SSH to

ssh -p 22  user@localhost



1.                                   ( / 15 hops ,  8/22/2018)

2.               ( 16 hops,    July 21, 2019 )

3.                                    (  Quadranet / 15 hops,  8/22/2018 )

4.             (  Support rDNS / 17 hops,  July 2, 2019 )

5.             ( 17 hops ,  1/1/2019)

6.                      (  Support rDNS,   14 hops,  20 Apr, 2019 )  (  KVM/rDNS,  Quadranet/14 hops ,  Feb 22 ,2019 )

8.                        ( Stopped at 2016/8/24  )      (  OpenVZ/rDNS/5TB,  Quadranet / 14 hops  )


9.         (  Stopped at 5/2017 )                  ( Japan / 13 hops)


10. aliyun     ECS (1核/2GB RAM/ 1Mbps IP,   stopped at 2018/07 )

新手第一年 199元, 续费无优惠

DNS: /   (OpenVZ/rDNS/5TB, Quadranet / 14 hops, Feb 22,2019  )



Unix Benchmark On Debian VPS

# Install & Run UnixBench

apt-get install build-essential

apt-get install libx11-dev libgl1-mesa-dev libxext-dev

apt-get install git

git clone

cd byte-unixbench/UnixBench





# UnixBench Result

Spring VPS 1GB:

– 1024MB RAM
– 1024MB vSwap
– 2 vCPU
– 15GB Disk Space
– 2TB transfer
– 1000Mbps uplink
– 1x IPv4
– 20x IPv6 (free on request)
– DDoS Protection powered by QuadraNet Vest
– OpenVZ / SolusVM
– $14.00/year
System Benchmarks Index Score 1538.9

Owned-network:   512MB OVZLive Yearly Special/$13

1 CPU in system; running 1 parallel copy of tests
System Benchmarks Index Score 783.5


Hostodo – $12/year 512MB VPS in Miami

Score:   986.7            (4 CPUs in system; running 1 parallel copy of tests)

Score:   1833.9          (4 CPUs in system; running 4 parallel copies of tests)      256M OpenVZ,  Las Vegas,  $11.99/year

Score 1239.7  (1 parallel copies of tests)

Score 2259.6  (2 parallel copies of tests)      128M SpotVps Basic,  Buffalo/NewYork,  $11.99/year

Score 1152.2  (1 parallel copies of tests)