Jul 24, 2015

5 big name websites who use round-robin DNS and their TTL values

There are many ways to make your websites redundant. The best way to do that is by using multiple websites with a load balancer, or with load balancing built in (Microsoft Load Balancing for instance). I've written about using HAProxy in the past for a cheap alternative to something like a Barracuda 340 Load Balancer.

Another popular method for load balancing is round-robin DNS. If you are unfamiliar with it, Wikipedia describes round-robin DNS as:
...a technique of load distribution, load balancing, or fault-tolerance provisioning multiple, redundant Internet Protocol service hosts, e.g., Web server, FTP servers, by managing the Domain Name System's (DNS) responses to address requests from client computers according to an appropriate statistical model.

In its simplest implementation, Round-robin DNS works by responding to DNS requests not only with a single IP address, but a list of IP addresses of several servers that host identical services. The order in which IP addresses from the list are returned is the basis for the term round robin. With each DNS response, the IP address sequence in the list is permuted. Usually, basic IP clients attempt connections with the first address returned from a DNS query, so that on different connection attempts, clients would receive service from different providers, thus distributing the overall load among servers.
In short, instead of adding one IP address for a website in DNS, you add multiple IP addresses for a website.

There are some that don't like this method for load balancing, and rightfully so. For instance, Bob Plankers from The Lone Sysadmin writes:
On paper, round-robin DNS seems like an easy way to spread the load between multiple servers, but if one of those servers is down some clients will see outages as they are told to connect to the unavailable host. Round-robin DNS only works well with protocols and applications that have robust failover capabilities built in, and frankly, that isn’t too many of them.
He is not wrong there, but there is a way to fix, or mitigate that problem by lowering your TTL value. According to Akadia.com:
We set the TTL low (to 60 seconds) to prevent any intervening caching DNS servers from hanging onto one sort order for too long, which will hopefully help keep the number of requests to each host more or less equal.
Setting the low TTL number also makes it so that if one site is down, it only takes a few seconds or minutes for the client to clear their DNS cache and try another site that might be up.

So now you get the idea, you might be thinking that round-robin DNS still might not be a good solution. Well, there are several big name websites that currently use it, and use it effectively. Here are some of them:
  1. Twitter (TTL 30)
  2. Google (TTL 278)
  3. Reddit (TTL 300)
  4. Yahoo (TTL 382)
  5. Outlook (TTL 300)
As you can see above, all of these guys use a TTL value of 382 (~6 minutes) or less.

If you want real redundancy, I wouldn't recommend relying totally on round-robin DNS though. You should have multiple web servers per site and have load balancing configured there. Using that in conjunction with round-robin DNS should give you considerable redundancy, and I'm sure that is exactly what the above sites are doing.

What do you think about round-robin DNS? Do you use it? Why or why not? Let us know in the comments.

Jul 17, 2015

How to hack VMWare ESXi 4.1 to run Windows 2012 R2

Before we get too far, you are probably asking, "Why not just upgrade to VMWare 5.5" or something right? Well, there could be a number of reasons why someone wouldn't want to upgrade from VMWare 4.1 to 5.5. Maybe they have a budget issue. Who knows? Maybe stop judging!

Anyway, we have the need for Windows 2012 R2 virtual servers in my environment, and we're currently running VMWare 4.1 still, and can't upgrade to the latest and greatest until next year. The problem is that Windows 2012 R2 isn't currently supported in VMWare 4.1. If you are in a similar situation, don't dispare. There is a hack that works to make Windows 2012 R2 run in VMWare 4.1.
  • Create a new VM using the Windows 2008 R2 template but don't power it on
  • Download this bios.440.rom file, then upload it to the same directory where your new VM files are located on the ESXi server.
  • Now edit the vmx file for your new VM using your favorite text editor, and add the following lines to the bottom of the file:
bios440.filename = "bios.440.rom"
mce.enable = TRUE
cpuid.hypervisor.v0 = FALSE
vmGenCounter.enable = FALSE
  • Now power on your VM and you should be able to install like normal!
Here is a screenshot from a test VM I made:

Officially this is unsupported by VMWare, but if you need Windows 2012 now, it will work and it's a lot easier than upgrading your entire environment.

Jul 10, 2015

VoIP calls dropping after two minutes over a Fortigate 100D firewall

A Cisco 7960G IP telephone
A Cisco 7960G IP telephone (Photo credit: Wikipedia)
This past week has seriously made me want to drown my sorrows in alcohol. One of the issues we had was all of a sudden users phone calls would drop after 2:30. We just couldn't figure it out. We called our hosted VoIP provider and they double checked that we had SIP ALG and SIP Session Helper disabled on our Fortigate 100D firewall. That didn't help.

Well, after being on the phone with Fortinet support for about three hours the other day my Systems Administrator and Fortinet tech support found out that it was the timeout setting in our traffic shaper for VoIP!

By default the session-ttl timeout is set for 150 seconds (2:30), which is why out calls were dropping out. We increased that number to 14400 (4 hours) and calls stopped dropping!

To configure that from the command line interface (cli) in FortiOS 5.2 run:
  • config system session-ttl
  • set default 14400
  • end
I hope this helps you out because troubleshooting VoIP issues is enough to make you want to kick a cat, drink nine beers out of a funnel then punch someone in the mouth!

Jul 3, 2015

How to force SSL in Ubuntu 14.04 Apache

English: Logo of the Apache Software Foundation.
 (Photo credit: Wikipedia)
Years ago I wrote about a PHP script you can include in your PHP websites to force SSL. Well, It turns out it's easier, more effective and more secure to make this change using a rewrite rule in your Apache configuration file.

In Ubuntu 14.04, you need to enable the Apache rewrite module by running:
a2enmod rewrite
Next you need to edit your website configuration file located in /etc/apache2/sites-available and add the following under DocumentRoot /var/www/yoursitedirectory:

<Directory /var/www/yoursitedirectory/>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
After that, save your configuration file and restart Apache by running:
service apache2 restart
After that, not matter what page visitors land on they will be redirected to httpS!

Jun 26, 2015

How to make WordPress custom permalinks work with SSL on Ubuntu 14.04

English: The logo of the blogging software Wor...
English: The logo of the blogging software WordPress. Deutsch: WordPress Logo 中文: WordPress Logo (Photo credit: Wikipedia)
I manage a WordPress server, and the way this particular server works is weird. We have the domain name currently pointing at a Windows IIS site that uses rewrite rules to proxy everything over to Wordpress running on an Ubuntu Apache server. Right now the IIS server handles SSL, so there aren't any weird issues.

Well pretty soon we are going to remove the Windows IIS server from the equation, and we're going to point DNS directly to the WordPress server. The problem is that we still want SSL, and we currently use custom permalinks. The permalinks we use are /%category%/%postname%/.

Ok, well the problem comes down to how WordPress handles SSL, and apparently if you don't use permalinks it works fine with SSL, but if you have permalinks enabled with SSL, then your pages will come up with page not found errors.

To fix this, on Ubuntu 14.04 anyway, you need to edit your SSL Apache config file, and under the line that says:
DocumentRoot /var/www/yoursitedirectory
You need to paste the following:
<Directory /var/www/yoursitedirectory/>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
After you add that and save your config file, you need to restart Apache to see the changes take effect:
service apache2 restart
You may need to enable the Apache rewrite module for this to take effect, but it should generally be enabled anyway for WordPress. If it's you you can enable it by running:
a2enmod rewrite
Boom! Now SSL will work on your WordPress server without any weird page not found errors!

Jun 19, 2015

Free Open Source Secure Email Gateway

Sweet baby Jesus do I love Linux! Just about anything you need or want can be done in Linux. For instance, the other day my ex-wife sent me an email from her work email. I noticed that she was using a free Gmail account for business and so I offered to stand her up an iRedmail email server running on Linode.com which would cost her company as little as $20 per month hosting. I told them I would charge a flat rate consulting fee, and a nominal monthly fee to keep it backed up.

If you aren't familiar with iRedmail, here is a Tech Chop video I did talking about it:

Well my ex-wife came back and asked if I can make the emails encrypted. She works with a lot of Psychologists, so they need encryption for HIPPA compliance when communicating with clients. Makes sense right? Well, since they are Psychologists and not tech geeks like me that means they need an easy solution to encrypt messages, and that means an encryption gateway!

I found a solution that runs in, you guessed it, Linux! It's called Ciphermail!

From their page:
CipherMail email encryption gateway supports four encryption standards: S/MIME, OpenPGP, TLS and PDF encrypted email. S/MIME and OpenPGP provide authentication, message integrity and non-repudiation and protection against message interception. S/MIME and OpenPGP use public key encryption (PKI) for encryption and signing. PDF encryption can be used as a lightweight alternative to S/MIME and OpenPGP. PDF allows you to decrypt and read encrypted PDF documents. PDF documents can even contain attachments embedded within the encrypted PDF. The password for the PDF can be manually set per recipient or a password can be randomly generated. The generated password can then be automatically delivered to the recipient via an SMS Text message or, the password can be sent back to the sender of the message.
Setup is easy too, just watch this video:

If your company is looking for a low cost solution to email encryption, you should definitely check it out!

What do you use for message encryption? Let us know in the comments.

Jun 17, 2015

Harness Your Creativity: 7 Must-Have Digital Tools

In the popular AMC series "Mad Men," it took an entire agency on Madison Avenue to churn out the world's most creative advertising campaigns for companies like Kodak and Honda. Dozens of directors, copywriters, editors, and designers collaborated over long hours to create just one campaign for a big client.

Obviously, a lot has changed since the 1960s. And while there are still agencies filled with men and women in these positions, there are even more freelancers out there building entire campaigns all on their own. So how do they do it? With nothing more than a laptop and an Internet connection -- along with some powerful web tools that replace the need for an entire Madison Avenue agency. Before your next creative project, look to these tools to help you create a masterpiece from start to finish.


Trello -- Even a one-man/woman show needs help organizing tasks. Trello is a digital kanban, a system that tracks tasks in stages (also known as sprints) -- what needs to get done, what's currently being worked on, and what's completed. You can do this with a whiteboard and a stack of Post-It notes, but Trello shrinks the concept down to your laptop screen.

Evernote -- If you truly want to keep all your tools digital, that includes your notes as well. Evernote is a great platform for your PC, tablet, and smartphone that organizes everything from the brief note, to pictures, sketches, and even files. It's all synced between your devices and it's easy to search and organize. You'll never go back to pen and paper again.


Hemingway -- Great copy is the lifeblood of a campaign. It's the spirit of the project and can make or break your work. Hemingway is a fantastic distraction-free platform for writing and editing. The writing portion blanks out everything on the screen so you can focus, and the editing section points out unnecessary adverbs, adjectives, and other fluff that Ernest Hemingway himself would have despised.

Kopywriting Kourse -- Apps can't teach you how to write, but people can. Neville Medhora of KopywritingKourse.com is an expert in creative copy and he goes in depth on the topic in his blog, while also covering efficiency, the business of writing, and improving technical skills. Brush up on his tips to hone your own skills.


Shutterstock -- There are dozens of places to buy images online, but they either carry a puny library or charge individually for images. Shutterstock's inventory has vectors, editorial, and stock images and their library is enormous. Plus you can sign up for monthly subscriptions that let you download up to 750 images per month.

Canva -- Comprehensive campaigns involve graphics for all mediums -- print, web, television, and social media. Canva is an easy to use platform with thousands of fonts, vectors, and custom images (like your own from Shutterstock) that you can arrange into stunning designs for all your collateral. While professional designers will always use Photoshop and InDesign, Canva is perfect for beginners who aren't familiar with the pro tools.

Theme Forest -- Websites need design too, and unless you know how to code in several languages, it helps to lean on wireframes for Wordpress to build on. Theme Forest is the digital marketplace for thousands of themes for any industry. Each theme is customizable, so you can shape it to your client's brand and needs.

Jun 12, 2015

Protect Your BitTorrent Privacy With Tribler

English: Official logo from the non-profit Tri...
 (Photo credit: Wikipedia)
I wrote a few weeks back about how after years of torrenting I finally received a nasty graham from my ISP about downloading torrents. For the last year or so I've been using TorrentPrivacy's VPN service, and recently switched to EarthVPN. Both are around the same price at $40 per year.

$40 per year isn't a lot if you do a decent amount of torrenting. It's certainly cheaper than a subscription to Hulu or Netflix. What if you don't want to spend any money though and still protect your anonymity?

A client is available with a built in custom version of the TOR network that is designed to do just that. It's called Tribler! From their page:
Tribler offers anonymous downloading. Bittorrent is fast, but has no privacy. We do NOT use the normal Tor network, but created a dedicated Tor-like onion routing network exclusively for torrent downloading. Tribler follows the Tor wire protocol specification and hidden services spec quite closely, but is enhanced to need no central (directory) server.
You can read more about how their anonymity system works here: (Tribler Anonymity)

To avoid liability, Tribler is saying that their anonymity system is still experimental. In fact, when you install it you get this warning before you begin:

Tribler is available for Windows, Mac and Ubuntu Linux.

To me Tribler sounds like a good idea, and if you don't want to spend money on a private VPN solution, then you should give it a shot. It's got to be better than downloading completely unprotected right? Still though, I think I'm going to stick with my current solution. I also don't like how Tribler handles RSS feeds.

What do you think about this? Will you use Tribler? Do you use it already? Should it be avoided? Let us know in the comments!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | spam filter in the cloud