18 Apr

New cheap VPS provider

I just noticed that my VPS just expired 3 weeks ago, and there is no way to retrieve it back. That VPS equipped with 128MB RAM, 10GB HDD space for USD4.99 per year (damn cheap).

Then I’m seeking for another poor man VPS. I do not need humongous memory and disk space, just enough for me to SSH and perform remote network troubleshooting (nmap, nslookup, dig, telnet and sometimes for R&D purpose). Ramnode was the best candidate due to their SSD or SSD-Cached disk, but I want to explore another cheap provider.

I found a good deal with HostUS, for USD12 per year they provide:
– 768MB RAM
– 768MB vSwap
– 1 vCPU Core (Fair Use)
– 20GB Disk Space
– 2TB transfer
– 1Gbps uplink
– 1x IPv4
– 4x IPv6
– OpenVZ / Breeze Panel

Breeze Panel is their modified WHCMS integrated with SolusVM (maybe).
vps1
Benchmark:
hwinfo
bench

USD12/year available from this link (affiliate). You can’t find from their main page. While stock last.

p/s: From TM Unifi, I’m getting better latency when I choose London Data Center.
pp/s: You can also use coupon code TOPPROVIDER for 20% off any unmanaged plans on their site

11 May

Compile and Install BIND 9.9.7 ESV in Debian

This article will guide you step by step to get Bind DNS running.

Install Dependencies:

root@dns:~# apt-get update
root@dns:~# apt-get upgrade
root@dns:~# apt-get install build-essential openssl libssl-dev libdb5.1-dev

Download Bind:

root@dns:~# wget ftp://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz

Unpack Bind:

root@dns:~# tar zxvf bind-9.9.7.tar.gz

Configure and then compile Bind9 source pre:

root@dns:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --with-openssl=/usr  --with-gnu-ld --with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes --with-dlz-filesystem=yes  --with-dlz-stub=yes  CFLAGS=-fno-strict-aliasing --enable-rrl --enable-newstats

If compile success, you will see below screen:

========================================================================
Configuration summary:
------------------------------------------------------------------------
Optional features enabled:
Multiprocessing support (--enable-threads)
Response Rate Limiting (--enable-rrl)
New statistics (--enable-newstats)
Print backtrace on crash (--enable-backtrace)
Use symbol table for backtrace, named only (--enable-symtable)
Dynamically loadable zone (DLZ) drivers:
Berkeley DB (--with-dlz-bdb)
Filesystem (--with-dlz-filesystem)
Stub (--with-dlz-stub)

Features disabled or unavailable on this platform:
GSS-API (--with-gssapi)
PKCS#11/Cryptoki support (--with-pkcs11)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Automated Testing Framework (--with-atf)
XML statistics (--with-libxml2)
========================================================================

Compile and install bind9:

root@dns:~# make install

Last step, we need to manually create the /var/cache/bind directory:

root@dns:~# mkdir /var/cache/bind

Start the service:

root@dns:~# sudo /etc/init.d bind9 start

Hopefully, bind9 will start just fine.

Explanation:

Tell Bind9 to utilize DLZ (Dynamically Loadable Zones) using BDB.

--with-dlz-postgres=no
--with-dlz-mysql=no
--with-dlz-bdb=yes
--with-dlz-filesystem=yes

Enable Response Rate Limiting, to limit DNS answer and help mitigate DNS amplification attacks

--enable-rrl

Readings:
https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
https://nlnet.nl/project/bind-dlz/200205-sane/paper.html
http://bind-dlz.sourceforge.net/

Incoming search terms:

  • recompile bind9 with dlz features in debian
08 Jan

Install OpenVPN Access Server (Debian/Ubuntu)

logo
All configuration is performed in Virtual Private Server (VPS). If you have the intention to use VPS, make sure your provider support and enable TUN/TAP module in your VPS container. For the following example, I’m using Ramnode VPS (affiliate link) because of their good support, you can enable and disable TUN/TAP easily on your own and their price is relatively cheap. For myself, I’m subscribed to their OpenVZ SSD VPS (128MB RAM, 10GB SSD Space) for 20.40 USD Annually (USD1.70 per month). Don’t forget to enter the promotional code RN15OFF to enjoy 15% Recurring Discount off your VPS price.

Enable TUN/TAP

Go to your VPS Control Panel, and at the bottom you will see an option to enable TUN/TAP module. Turn it on and reboot your VPS.
2

Once boot up, check whether the module is enabled or not by executing below command:

root@advanxer:~# cat /dev/net/tun

If you receive the message File descriptor in bad state your TUN/TAP device is ready for use.
If you receive the message No such device the TUN/TAP device was not successfully created.

Download and Install OpenVPN Access Server

Go to OpenVPN Access Server download page and select your architecture. I’m using Debian 7 32bit OS.

root@advanxer:/home# wget http://swupdate.openvpn.org/as/openvpn-as-2.0.3-Debian7.i386.deb

Perform installation by executing:

root@advanxer:/home# dpkg -i openvpn-as-2.0.3-Debian7.i386.deb

Change openvpn default password:

root@advanxer:/home#  passwd openvpn

Now you can access OpenVPN Admin UI from below link:
Admin UI: https://serverip:943/admin
Client UI: https://serverip:943/

Incoming search terms:

  • TUN / TAP enable or disable on vps?