Setup DNS server to resolve my domain

How to setup DNS server on two host  to resolve my_domain:

Login into Godaddy account

Goto the Domain Detail of mydomain:

From Host Name:

         Register two hosts into mydomain:   ns1=host1_ip,. ns2=host2_ip

From Nameservers:

        Change Setup Type from Standard to Custom

       Add the two Nameservers:  ns1.mydomain  ns2.mydomain

 

Login into host1 & host2

Setup DNS server, with the following config:

T-NS record:       ns1.mydomain, ns2.mydomain  (dns server)

T_MX record:     mx1.mydomain,  mx2.mydoamin  (email server)

T_TXT record:  “v=spf1 …”       (for email  )

“goodle-site-verification=…”    (for email, and web server)

 

SPF record for email:

“v=spf1 a a:host1.domain.net a:host2.domain.net mx ip:11.22.33.44 -all”

Only following host allowed for SMTP delivery”

host1.domain.net, host2.domain.net, 11.22.33.44, all in MX record

 

Google site notification:  (Verify domain by adding a TXT/SPF record)

Refer to:

https://www.google.com/webmasters/verification/home?hl=en

 

 How to Add PTR record for mx server:

PTR record is managed by ISP,  not the DNS supplier, such as Godaddy

Some VPS supplier support PTR record modification, such as Hostus, ComfortHost.

 

 Tool for email server check:

https://mxtoolbox.com/

setup reverse tunnel with stunnel

Unlike ssh,  stunnel dosen’t support the reverse tunnel by it’s self.

With the help of tgcd ( TCP/IP Gender Changer Daemon ), we are able to setup a reverse tunnel by chain the tgcd and stunnel:

For example:

We try to access the corp server from home,  but due to the NAT firewall of the corp, only out going 80/443 port are opened:

client  ==> tgcd LL node (home server)  ==> tgcd CC node (corp agent) ==> corp server:

Home Server:

Launching tgcd daemon in LL mode:

   tgcd -L -q 2222 -p 22222

Listen on port 2222 for client access

Listen on port 22222 for tgcd CC access

 

Launching stunnel in server mode:

       /usr/local/bin/stunnel /etc/stunnel/stunnel_server.conf

Listen on port 443 for incoming ssl connection

Forward link with sni=tgcd to port 2222

cat /etc/stunnel/stunnel_server.conf

[tls]
accept = 0.0.0.0:443
connect = 127.0.0.1:1080

[tgcd]
sni = tls:tgcd
connect = 127.0.0.1:2222

 

Corp Agent Server:

Launching tgcd daemon in CC mode:

tgcd -C -s 127.0.0.1:222 -c 127.0.0.227:2222

Connect to tgcd LL node at:   127.0.0.227:2222

Connect to sshd server at:     127.0.0.1:222

Launching stunnel in client mode:

/usr/local/bin/stunnel /etc/stunnel/stunnel_client.conf

Listen on port 127.0.0.227:2222 from tgcd CC, and

Access Home server via port 443 behind NAT and http proxy

cat /etc/stunnel/stunnel_client.conf

 

[ssh-tgcd-home]
accept = 127.0.0.227:2222
protocolHost = home.serverip:443

connect = http_proxy_ip:http_proxy_port
protocol = connect
sni = tgcd

 

******************************************

With such configuration, we can login into the corp server by means of:

ssh -p 22222   home.server.ip

Chain socks with http proxy upstream

Dante support both socks(socks4/socks5) and http proxy as upstream proxy.

logoutput: /var/log/sockd.log

internal: 0.0.0.0 port=1080
external: eth0

clientmethod: none
socksmethod: none

user.privileged: root
user.notprivileged: nobody

timeout.negotiate: 30
timeout.io: 86400

client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}

socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
protocol: tcp udp
}

route {
from: 0.0.0.0/0 to: 0.0.0.0/0 via: HTTP_PROXY_IP port = HTTP_PROXY_PORT
proxyprotocol: http
command: connect
protocol: tcp
method: none
}

road warrior & ssh share port 443

With help of SNI in stunnel,  we can  support both  road warrior and ssh function on the same TCP/443 port.

 

VPS Server:

Install  stunnel v5.31 with  openssl  v1.0.2, and listen on port 443

Install dante v1.4.1,  and listen on port 1080

Install openssh, and listen on port 22

 

Stunnel config for VPS server

chroot = /var/lib/stunnel/
pid=/stunnel.pid
setuid = stunnel
setgid = stunnel

;debug =debug
debug = err
;foreground = yes

log = append
;log = overwrite
output = /stunnel.log

cert = /etc/stunnel/stunnel.pem
;key = /etc/stunnel/stunnel.pem

verify = 3
CApath = /certs

; performance
socket = l:TCP_NODELAY=1

;compression = deflate
compression = zlib

[tls]
accept = 0.0.0.0:443
connect = 127.0.0.1:1080

[ssh]
sni = tls:22.vps.server.net
connect = 127.0.0.1:22

[socks]
sni = tls:vps.server.net
connect = 127.0.0.1:1080

 

stunnel listen on 22 for ssh connection

stunnel listen on 1080 for socks connection

 

Stunnel config for client within Corp’s network:

chroot = /var/lib/stunnel/
pid=/stunnel.pid
setuid = stunnel
setgid = stunnel

;debug = alert/crit/err/warning/notice/info/debug
debug = err

;foreground = yes

cert = /etc/stunnel/stunnel.pem

;compression = deflate | zlib
compression = zlib

client = yes

; performance
socket = l:TCP_NODELAY=1

[socks-http-proxy]
accept = 127.0.0.1:1080
connect = http_proxy_ip:http_proxy_port

protocol = connect
protocolHost = vps.server.net:443

[ssh-http-proxy]
accept = 0.0.0.0:22
connect = http_proxy_ip:http_proxy_port
protocol = connect
protocolHost = vps.server.net:443
sni = 22.vps.server.net

 

 

How to

Road Warrier: 

set socks proxy of browser to 127.0.0.1:1080

 

SSH to vps.server.net

ssh -p 22  user@localhost

 

VPS

1. hostodo.com                                   (  as8100.net / 15 hops ,  8/22/2018)

2. www.owned-networks.net               ( 16 hops,    July 21, 2019 )

3. hostodo.com                                  (  Quadranet / 15 hops,  8/22/2020 )

4. http://www.comforthost.net/             (  Support rDNS / 17 hops,  July 2, 2019 )

5. http://www.comforthost.net/             ( 17 hops ,  1/1/2020 )

6. https://www.hostus.us/                      (  Support rDNS,   14 hops,  20 Apr, 2020 )

https://manage.woothosting.com  (  KVM/rDNS,  Quadranet/14 hops ,  Feb 22 ,2019 )

8. https://justhost.ru/auth/login          ( 512m/1cpu/6G Disk/KVM  / 16 hops)

https://cn8.justhost.ru:8006/ Login: u23245 Passwd=xxxxxx Proxmox VE authentication server  

9. https://www.linode.com/                  ( Japan / 13 hops)  

10. manage.woothosting.com   (OpenVZ/rDNS/5TB, Quadranet / 14 hops, Feb 22,2019  )    

Unix Benchmark On Debian VPS

# Install & Run UnixBench

apt-get install build-essential

apt-get install libx11-dev libgl1-mesa-dev libxext-dev

apt-get install git

git clone  https://github.com/kdlucas/byte-unixbench

cd byte-unixbench/UnixBench

./Run

 

 

 

# UnixBench Result

AlphaRacks
Spring VPS 1GB:

– 1024MB RAM
– 1024MB vSwap
– 2 vCPU
– 15GB Disk Space
– 2TB transfer
– 1000Mbps uplink
– 1x IPv4
– 20x IPv6 (free on request)
– DDoS Protection powered by QuadraNet Vest
– OpenVZ / SolusVM
– $14.00/year
System Benchmarks Index Score 1538.9

Owned-network:   512MB OVZLive Yearly Special/$13

1 CPU in system; running 1 parallel copy of tests
System Benchmarks Index Score 783.5

 

Hostodo – $12/year 512MB VPS in Miami

Score:   986.7            (4 CPUs in system; running 1 parallel copy of tests)

Score:   1833.9          (4 CPUs in system; running 4 parallel copies of tests)

 

Comforthost.net:      256M OpenVZ,  Las Vegas,  $11.99/year

Score 1239.7  (1 parallel copies of tests)

Score 2259.6  (2 parallel copies of tests)

 

Comforthost.net:      128M SpotVps Basic,  Buffalo/NewYork,  $11.99/year

Score 1152.2  (1 parallel copies of tests)

 

继续阅读