A Sticky Problem with Glue Records and 1&1 Internet

Recently I had a tidy up with my hosting infrastructure which involved moving a slave DNS server from one IP address to another. The easy part was setting up the server and changing the existing DNS A record to point to the new IP address, the fun started when it came to updating the Glue record held with 1&1.

If you weren’t already aware a Glue record is something set by the domain registrar (1&1 in this case) that points directly to the server where the domains DNS records are kept. This makes it possible  to have domain names with nameservers that are a subdomain of itself, for example nerdkey.co.uk could point to ns1.nerdkey.co.uk and ns2.nerdkey.co.uk.

The last time I’d update Glue records with 1&1 was a good few years ago, but it was a simple case of logging into the control panel, searching for the domain and then heading to the record for subdomain, hitting an edit button and then changing the existing A record IP address for a new one but it wasn’t that easy this time round.

After a little trial and error and a lot of head scratching it seems that since they rolled out their new control panel it just isn’t possible anymore to set or update Glue records – you could see the records don’t get me wrong, just not update them. Not to worry though, their technical support team will be able to update the records, right? WRONG! I emailed them several times, making things as clear as possible whilst at the same time thinking that their support advisers would be savvy enough to understand terms used within the industry they work in, didn’t go too well.

In a nutshell, here is the correspondence between us:

  • [Me] – Outlined the domain, that I wanted Glue records updating and the exact subdomains and IP addresses
  • [Them] – Asked me to confirm if these changes has already been made as my website was working fine (not what I asked?)
  • [Me] – Sent a slightly reworded version of the first, again outlining the essential details and that it hadn’t been updated
  • [Them] – Confirmed that website was working fine again, asked me to clear my cache and reply with any error messages (did they even read the email?)
  • [Me] – Sent a similar email along the lings of the first and second stating that they are the domain registrar and this is something they need to do, again included essential details
  • [Me] – Emailed them to see if any updates available
  • [Them] – Replied asking me to confirm that I wanted the NS2 record updated as well (because the last emails didn’t state that?)
  • [Them] – Responded saying the nameservers may possibly need to be reverted back to them for this to work, but they used a special “tool” instead and said to wait up to 48 hours
  • [Them] – Replied this morning (after the domain was transferred and Glue set correctly with a different provider) saying that everything is now set correctly

Enough was enough, it got to a point where I’d given them over a weeks worth of my time and they’d done little more then send me a few standard responses and ask for confirmation which was already given. My last attempt to gain faith in them involved changing the nameservers back to them to see if it would work and allow me to set the records, it partly did – I managed to set the NS1-4 subdomains to the correct A records then updated the domains nameservers to another provider temporarily straight after to avoid any downtime and left it a few hours. I came back a few hours later and tried to set the nameservers back to ns1-4.koserver.co.uk but got an error message saying the nameservers weren’t registered and found out that the update to the temporary nameservers hadn’t taken affect, slowly grinding my entire hosting network to a halt – great!

I know I hadn’t waited the standard propagation times, but given the past experience and useless support and the fact that everything was slowly grinding to a halt, it was time to transfer. After research I’d narrowed things down to two providers – I wanted to give Name.com a try, but as their system for transferring in .UK’s wasn’t automated I abandoned that plan and went for NameCheap. Within an hour the domain was with them and Glue records were set through the control panel and things are slowly coming back online.

In all my years of website hosting I have never had such a catastrophic outage, aside from looking into a second domain to host nameservers all my domains with 1&1 will be transferred elsewhere.

So in summary, if you know what you’re doing don’t go with 1&1. You’ll be treated like an idiot and just wasting your time throwing emails back and forth with them. They don’t really read your emails and the fact they removed such a critical feature without telling anyone speaks volumes in my opinion, I mean they still have an old support article on how to set Glue records, obviously doesn’t work though. It is a shame, but that’s life.

 

pfSense on SonicWALL SRA 4200

By now if you haven’t already guessed, I like to tinker! Couple that with the fact I have a few saved sellers on eBay that keep me surround with EoL hardware and it quickly becomes a dangerous situation for my wallet.

My latest find is a pair of SonicWALL SRA 4200’s, my ultimate goal is to get pfSense installed and revive these beasts. As it stands the units both work as “Secure Remote Access” servers, they don’t include any licenses for the included OS, so are kinda useless, but normally they’d be dedicated VPN servers for massive companies with millions of employees that need to connect in and from remote locations.

I’ve only been playing with them for a couple of hours so far but I’ve managed to get pfSense installed. There are two issues at the moment which I’ve yet to resolve:

  1. There’s a driver issue with the network cards, so the setup wizard can’t detect any NIC’s and can’t continue
  2. By default it wants to boot off the internal CF card, so I have to manually keep changing it to boot of my USB flash drive – If you remove the CF card completely the unit doesn’t even attempt to boot, it beeps twice then powers off so there’s some sort of security mechanism in place

So how did I get this far?

Well it was fun! I started by trying to get console output to my ancient Dell laptop (which has an ACTUAL serial port,  woah!).

I bought a run of the mill RJ45 to DB9 cable but that didn’t work, so I had to get my soldering iron out and knock something up – See original diagram here or pictures below:

As you can see from above, whilst I did get output it was AFTER P.O.S.T. so in other words, it was output from the SonicWALL operating system and of no use to me.

Next I went to extremes and tried changing on the AMIBIOS chip for a spare I had floating around from the WatchGuards, not a lot happened so it was back to square one.

After that I went on a pin hunt and noticed “VGA” markings and then a set of 15 pins, I didn’t expect it to work but I hooked up a monitor and had output!

 

I couldn’t get into a “classic” BIOS screen, although here’s what I found through trial and error:

  • Mashing F5/F8 takes you to slightly different FreeDOS screens
  • Mashing F11 takes you to a familiar looking boot device menu screen

The unit is running Wind River’s VxWorks operating system, which looks pretty cool, although I had never heard of it until now.

I installed pfSense 2.3.5 (x86) by connecting a CD drive to one of the internal SATA headers, connected a 16GB Sandisk Flash Drive to one of the USB ports and then mashed F11 and selected the disk drive.

What followed was the familiar installation screens of pfSense – Notice how the colours keep changing, it was loose cables or artistic flare, I’ll let you decide!

What’s next?

Well, this was just a bit of fun but when I get chance I’ll look at sorting the network card drivers out and see if I can re-purpose the CF card, worst case I’ll move the USB drive inside the chassis and make the CF card the second boot device.

Install EPEL Repository on CentOS 7 (x64)

The simple one line command below will enable the EPEL repository on CentOS 7

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm

Once ran you will see confirmation that it has been installed successfully, that’s it!

Notes

  • You can find out more about the EPEL repository here
  • If you don’t already have a server, I’d strongly recommend starting with DigitalOcean

Icecast PHP Stats

A recent project of mine called Coop Cam uses several live video streams served by an Icecast server at different mount points which works great, but I found there was no real solution to simply display how many viewers were actually watching the live streams.

I put together a basic PHP code that reads the Icecast XML stats file and retrieves the current overall viewers (or listeners as its officially known) of all available mount points.

Code

// get the stats xml file //
$output = file_get_contents('http://admin:[email protected]:8000/admin/stats');

// explode to make the magic happen //   
$listeners = explode('',$output);
$listeners = explode('',$listeners[1]);

// output to the world //
echo "Currently <b>$listeners[0]</b> people are watching the live stream!";

Once you have amended the admin password, server name and port the code above will then connect to your server and read the /admin/stats XML file. From here it will literally pick out the content shown between the <listeners></listeners> tags and that then becomes the $listeners[0] variable, simply place this wherever you want to display the amount of current viewers.

Notes

  • This code may or may not work depending on if your hosting provider allows the file_get_contents function – In my case I use my own dedicated servers and it works without issue, if you have any problems I’m sure I can sort something for you!
  • You can show the amount of sources, file connections and so on by amending the code to reflect the correct tags – A full list of tags can be seen by visiting the youricecastservername.com:8000/admin/stats page
  • You can find a live working example of this script here or actually see it in place here
  • Finally, you can download the script by clicking here

Disable Virtualmin Two-factor Authentication

Virtualmin is constantly being developed and gaining ever useful features, and for a while now has featured two-factor authentication which is great, although what happens if you get locked out of your system? As long as you have SSH or console access then you can follow the steps below to easily get back in.

Disabling two-factor authentication for a single user

  • Get root SSH or console access
  • Edit the file /etc/webmin/miniserv.users, comment out the current line for the user then create a fresh copy above it
  • Remove any mention of “totp” and the long string of characters near the end and save, for example your file should now look like the following:
...
root:x::::::::0:0:::
#root:x::::::::0:0:totp:ZZZZZZZZZZZZZZZZ:
...
  • Restart Webmin and log back in normally

Disabling two-factor authentication entirely

  • Get root SSH or console access
  • Edit the file /etc/webmin/miniserv.conf and find the line “twofactor_provider=totp” and replace with “twofactor_provider=” and save
  • Edit the /etc/webmin/miniserv.users as mentioned above
  • Restart Webmin and log back in normally

Notes

  • I’ve had success with this on Webmin 1.760 running on CentOS 7.0

How to List the Contents of a Web Directory

Any good web host will secure the contents of website directories which don’t have an index page by not allowing the  files or folders to be listed, instead you’ll get a 403 error page saying access is forbidden. Whilst this is good in practice, sometimes you might actually need to list the contents – and its simple to enable on an Apache web server – add one line to your .htaccess file and you’re done!

How it’s done

Options +Indexes

Notes

  • If you have access you can edit your web server configuration and make it global

Add a NAS drive to your Livedrive account for free

I used to be a customer of popular cloud backup service Livedrive. The upload and download speeds were nothing to shout about and one annoyance was having to pay extra to add a NAS drive to your account, but there is a workaround!

How so?

All you need to do is add a symbolic link to your NAS drive from your computer. Think of a symbolic link as a fancy shortcut, the only difference being it masks the destination instead of taking you straight there – you’ll see what I mean when you read on.

Imagine you have a Windows computer with your NAS drive with the root of the drive already mapped to Z:, you have a folder on your NAS called MyFiles and would be able to browse to Z:\MyFiles to see whatever is stored there. Next imagine we have a folder called C:\Backup which is already uploading to your Livedrive account, using  the following command we will make C:\Backup\MyFiles lead to your NAS and in turn be included with your Livedrive backup.

mklink /d "C:\Backup\MyFiles" "Z:\MyFiles"

For me, this worked absolutely fine and I had a couple of TB uploaded without ever being caught out. I’ve since jumped ship to Amazon Drive, whilst it is more expensive per year I’ve got it running from multiple computers and the upload and download speed always tops out my connection, so I can’t complain!

Notes

  • Use the above guide at your own risk – I won’t be held liable if anything happens to your Livedrive account, files or anything else because of this!
  • This doesn’t work with Dropbox or Google Drive  – sorry
  • You only need to run the command once, after that the link will be remembered
  • To remove the link just delete it as you would any other  file or folder