Install and configure BIND DNS Server in Windows 7

Power up your Web Developer environment installing Bind 9 DNS Server. Specially it will delight you if you are using VirtualBox or Vagrant to run your Back-end stack, but your browser still is in the Host OS, in this case Windows (More about this in the next blog post)

These are the main benefits you will get:

• You want to have a domain *.dev or *.l being resolved to your localhost or IP of your Virtual Machine.
• It allows you to run complex forwarding rules, including port forwarding. Forget the limitations of the Windows hosts file.
• Bind acts also as local DNS Cache: maximum performance when browsing. (*)
• With the Bind installation you will get all those yummy linux network tools: dig, nslook, nsupdate, etc in your Windows Command shell.

The caveat it's that Bind it's not that easy to configure. That's the reason I created this tutorial:
Let's go:

1. Download BIND (latest release now is 9.9.1-P3)

2. Let's start with the Installation:

In the installer window, leave the default name "named" and password.

3. In System Properties => Environment Variables, find the variable PATH and append the string ;%SYSTEMROOT%\SysWOW64\dns\bin; (in case of Windows 64 bits) or;%SYSTEMROOT%\system32\dns\bin; for Windows 32 bits.

4. Search for the DOS prompt cmd.exe and important!, right click and "Start as administrator". Now browse to:
C:\Windows\SysWOW64\dns\etc
or in Windows 32 bits:
C:\Windows\system32\dns\etc

5.. By default the dns\etc folder is empty. Not for long. Execute the command:

rndc-confgen -a

This will create a file rndc.key.

In some tutorials you will see a extra step to create a rndc.conf file. That is not needed. If you do it. you will end up probably with messages like this when trying to "rndc reload":
WARNING: key file (rndc.key) exists, but using default configuration file (rndc.conf) (See)

Also you don't need to create a resolv.conf file, since Bind will look in the registry for the required nameserver information.

7. BIND Configuration files:

Let's configure Bind. It's better to run notepad commands directly from the already opened "Admin" shell, so you won't have Access denied problems later when saving the file.

notepad named.conf

Copy/paste this configuration:

options {        
  directory "c:\windows\SysWOW64\dns\etc";
  allow-transfer { none; };
};

logging{
  channel my_log{
    file "named.log" versions 3 size 2m;
    severity info;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    my_log;
  };
};

At the beginning, is useful a verbose log with severity: info. Later when you get the DNS server working, change it to severity: warning.
All the options for the logging are explained here.

There is no controls statement, so the default configuration will be Bind running on127.0.0.1 port 953.
If you are curious, the full list of statements that can be used (with default values in bold).

Use that IP in your DNS configuration of your Internet Connection, and you will start using Bind to resolve DNS lookups.

8. Search for "Services" in the Windows Start Menu and find in the list ISC BIND and start it.

If for some reason it's not working and you are trying different BIND configurations, check the named.log file for hints.

Each time you change the configuration you will need to follow these 2 steps, in this order:

ipconfig /flushdns
rndc reload

Or you can reload the BIND Service from the GUI too. See the screenshot:

That's all.
You should be able to surf the web normally and you could disable the Windows built-in DNS Cache Client (in the Services).

---

The purpose of this first part is to have a minimalistic configuration to get BIND running with logging so it's easier to debug if you run into problems.

But with this configuration, you are letting Bind to resolve the DNS using its built-in list of root name servers, a quite slow process. DNS Lookups can take as much as 3 seconds.

You can tell to Bind to forward the requests to a faster DNS services, like Google's 8.8.8.8

Change the options of your named.conf to add the "forwarders" line:

options {        
  directory "c:\windows\SysWOW64\dns\etc";  
  forwarders {8.8.8.8; 8.8.4.4;};
  allow-transfer { none; };
};

Restart the ISC BIND Service. Now the DNS lookups are taking in my case about 22ms-40ms

If you want to optimize your DNS configuration, run some Benchmark with any of these tools: GRC DNS Benchmarking or NameBench. Here are some screenshots from Helsinki, a Welho Cable connection:

Let's explore more advanced configuration and options in the next blog post. I will post it in Twitter or by RSS.

---

Extra: Tips for debugging DNS issues and more

Hint: Almost every DNS problem I had configuring BIND and testing were because a DNS Cache in my way:

Query logs

This useful command will make that all DNS lookups are logged in the named.logfile. If you reload the service, it will stop.

rndc querylog

About the internal Windows DNS Cache

You can locate this Service by the name "DNS Client". Related commands:

• To inspect the Windows DNS Cache: ipconfig /displaydns.
• To clear the Windows DNS Cache: ipconfig /flushdns.
Tip: Create a shortcut in the Desktop with the value"C:\Windows\System32\ipconfig.exe /flushdns"

What's the benefit of Bind as your DNS Cache, instead of Windows DNS Local Cache?
I don't think there are any performance benefits, and both caches are non-persistent, in the way that rebooting the computer will clear the DNS Caches.
But one adventage of using Bind, it's that you can disable then the Windows DNS Cache and protect against some DNS Poisioning attacks due of malicious software manipulating the Windows DNS cache.

Talking about security, preparing this post I've seen multiple articles article about blacklisting DNS domains using some huge hosts files. (Those can be converted to Bind zone files). I don't use them, but it's nice to know that exists.

Dig and nslookup own DNS Cache

The dig and nslookup commands are quite independent from Windows. These commands use their own DNS Cache, and they bypass the Windows DNS Cache.
For example. If Windows DNS Cache has already cached drupal.org (see with command ipconfig /displaydns), and you stop the DNS Cache Service, then dig drupal.org will not work. In the other hand, ping drupal.org will work, because ping will consult the Windows DNS Cache before hitting the DNS Server.

About your browser DNS Cache

When debugging issues about DNS, remember that your browser also stores internally the DNS lookups.
Normally a CTRL + F5 should be enough to clear.
This (one year old) chart shows you specific times:

Source: http://dyn.com/web-browser-dns-caching-bad-thing/.

About Fiddler

If you use fantastic tool Fiddler, be aware that has its own DNS Cache that will interfere with your tests. Look my Stackoverflow question, where Eric answered. After following that advice, it's the most reliable tool I've found to inspect DNS lookups.

About Firebug

I wouldn't rely on the DNS Lookup Time of the Network tab. Always is 0 ms, even when it takes several seconds for the DNS request.

About Navigation Timing API

Todo: Test accuracy of Navigation Timing API. I will update soon.

Extra: Resources.

The single best guide for BIND I found is the book Pro DNS and BIND, available for free, who has also installation guides for every OS, including Windows 7.

Ref1:

freeSSHd is a handy little application. Learn how to use freeSSHd to get an SSH server up and running on a Windows 7 machine.

There are many ways to remote in to a machine--some of them are secure, some of them are not. For the old school administrators, you can't beat secure shell for security. Unfortunately, the Windows platform doesn't include either a secure shell client or server. In order to connect to a machine via SSH (default port 22), the secure shell daemon must be present on the machine in question.

Thanks to the freeSSHd application, it is possible to set up a secure shell and secure ftp server on a Windows XP/Vista/7/Server machine and even have a handy GUI tool for the configuration of both services. Let's walk through the steps of getting an SSH server up and running on yourWindows 7 machine.

What you'll need

• Windows-based desktop (or server)
• freeSSHd installation file
• Admin access to open port 22 on either server or network

I included the admin access requirement in case there is an issue with your network passing port 22 through. If this happens, you will need to set up a rule to allow (or pass) the default SSH port into the target machine. If you cannot, you can always change to a non-standard port that you know is open.

Installing freeSSHd

Download and double-click the installation file. The installation is fairly straightforward except for these points:

• Private keys should be generated (you will be prompted during the installation), and
• Do not start freeSSHd as a system service (this will cause problems with the configuration and can cause security issues).

Once you follow all the steps in the wizard, freeSSHd will be installed.

Using freeSSHd

Since we're not running this as a system service, we have to start it manually by double-clicking the freeSSHd desktop icon. It will seem like nothing happened, but you should see a new icon in the system tray (Figure A). Figure A

The freeSSHd is in the bottom right corner.

Right click the system tray icon and select Settings. You should see a green check next to the SSH server and a red X next to the Telnet server (Figure B). That is exactly how it should look.Figure B

If you see a red X next to the SSH server, click the link labeled Click Here To Start It. (Click the image to enlarge.)

Your SSH server should be running now, but you have no means of authenticating a user. freeSSHd doesn't need (nor should have) access to your Active Directory information, so you'll want to set up a user who can access the machine. To do this, follow these steps:

1. Open the freeSSHd settings window.
2. Click the Users tab.
3. Click the Add button.
4. Fill out the necessary information in the User Properties dialog (Figure C) and click OK. You should be able to connect to your Windows machine using secure shell now.

Figure C

Be sure to enable the features to be allowed by the user. (Click the image to enlarge.)

So what can you do with this application? One nice feature of freeSSHd is the ability to use the scp command (secure copy); this allows you to securely move files to and from a machine. The scp command structure looks like this: scp filename:username@ADDRESS_TO_DESTINATION:filename (username is the username on the machine the file is to be copied to, ADDRESS_TO_DESTINATION is the IP address of the machine the file is to be copied to, and the filename is the name of the file to be copied).

Let's say you want to copy test.odt to jlwallen on a machine with an address of 192.168.100.74 (that machine will need to have a form of the secure shell daemon running as well). Here's how to execute this successfully:

1. Log in to your Windows machine via secure shell.
2. Issue the command scp test.odt jlwallen@192.168.100.74:test.odt.
3. Enter the remote user's password and let the file copy. If you go to the remote machine, you should see that file is in the user's home directory.

Conclusion

The ability to run a secure shell server on a Windows machine makes remote administration or use even easier than just adding a third-party solution such as LogMeIn or TeamViewer. When you don't need a full-blown GUI for remotes, you want to know you're getting in to your machine with at least a modicum of security--freeSSHd offers that in the true UNIX/Linux fashion. Slap this little beauty on one of your Windows machines, and see if it makes your life easier.

Ref:1

Port Forwarding / Port Mapping on Windows

As a long time friend of linux’s itables command, I mistakenly assumed that trying to port forward on Windows Server 2008 R2 would be just as easy. After quite a long while of searching I was able to determine the correct command; through use of netsh on the command line, it is easy to map incoming TCP traffic from one port to another port.

In my scenario, I needed to have an SSL connection initiated on a port other than 443 on the same machine, but handled by a service listening on port 443. To do this, the following command is entered on the command line; in this example, port 12345 is used as the initiating port.

C:\Users\Administrator> netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.1.1 connectport=443 connectaddress=192.168.1.1




Port 12345 is mapped to port 443 on the same machine. To have the traffic transferred to another machine, change the ip address for the connect address to the desired ip address.

C:\Users\Administrator> netsh interface portproxy add v4tov4 listenport=80 listenaddress=192.168.1.1 connectport=80 connectaddress=10.210.10.10

Source  IP and Port:192.168.1.1:80

Destination IP and Port: 10.210.10.10:80

C:\Users\Administrator> netsh interface portproxy add v4tov4 listenport=80 listenaddress=200.100.50.25 connectport=80 connectaddress=10.210.10.10

Source  IP and Port:200.100.50.25:80

Destination IP and Port: 10.210.10.10:80

If we want to delete particular Rule

C:\Users\Administrator> netsh interface portproxy delete v4tov4 listenport=80 istenaddress=192.168.0.25 protocol=tcp

C:\Users\Administrator> netsh interface portproxy delete v4tov4 listenport=80 listenaddress=200.100.50.25 protocol=tcp

If we want to reset all rules

C:\Users\Administrator> netsh interface portproxy reset

If we want to view all rules

C:\Users\Administrator> netsh interface portproxy show all



Ref:1
Open Port in windows firewall

Utility Spotlight Screenrecorder

Utility Spotlight

Screenrecorder

Code download available at: UtilityOnlineMarch092009_03.exe (10,209 KB) 

Whether you are having problems yourself getting something to work correctly on your computer and are working with tech support, or you're trying to solve such problems for your customers, friends, or your Mom, you have probably spent hours describing or explaining events over and over again in an effort to deal with the lack of clarity that exists when one party can't see what is going on. Now there's a solution. Screenrecorder is a very easy-to-use screen-to-video capture program, developed on top of Windows Media Encoder, that lets you easily capture what is going on to a small video file, which you can then send via e-mail to the appropriate person. That person can then watch the video just as if he is sitting next to you and you are showing him what's is happening on the screen.

Figure 1 You can choose to capture either the full screen or a particular window

Using Screenrecorder is very easy. When you first run the program, you will see a window like the one in Figure 1. You simply select either Full Screen or any program window from the drop down list, check the audio box if you want to record audio as well, and then click OK.

Next you'll see the screen shown in Figure 2. Just supply a filename for the video and then hit START to begin the capture. Screenrecorder starts to capture screen movements to the video file you specified. You can pause capturing at any time. When you click STOP, a PLAY button will be displayed at the bottom right. Just click and your captured video will be played by your default video player for .wmv files. That's about all there is to it!

Figure 2 After you specify a filename, press the Start button

So what is Screenrecorder good for? Just about any onscreen situation where visualization would help. You can record step-by step instructions to create training videos. You can capture problems as they happen to send to tech support. Instead of telling Grandma where she will find the photos on her machine, you can show her. Or she can show you what is happening if she gets an error when trying to run a particular program. With Screenrecorder, you don't need to read any help file—the program lets you know what to do from the beginning to your final video. Moreover, the tool is optimized for the best resolution and smallest-size video, so you never have to worry about any settings. There are no complex menus to wade through or to try to figure out what they're for. And Screenrecorder produces a .wmv file so it can be played on any Windows computer without the need for an audio/video decoder.

Screenrecorder simplifies screen capture for everyone. PLEASE NOTE: For 32 bit Vista, Windows 7 and Windows Server 2008, if you get the error "Screenrecorder has stopped working", then apply fix in http://support.microsoft.com/kb/929182 by right clicking and selecting "Run as administrator".

Installation Instructions

NTP Time Server Configuration in Windows Server 2008R2

Introduction

Time synchronization is one one of the most important aspect in a modern computer network. Network Time Protocol (UDP 123) is the protocol designed to synchronize the clocks of your computers over the network. This tutorial will guide you to configure an NTP Time server in your network. This server will act like an authoritative time server in your domain which will serve the client computers. The NTP Time server in your network will get time from an external time source like time.windows.com or time.nist.gov or from the system BIOS. In our scenario I am going to configure an NTP Server in a PDC Emulator that will obtain time from an external source.But Windows recommend us to configure an NTP server to obtain the time from a hardware source for improved security and accuracy. So optionally I will mention how to get the time from an internal source too.

Here I am listing out few importance of Time synchronization in a network:

1. Effective DC & DFS Replication.

2. Tracking security breaches, network usage, or problems affecting a large number of components can be nearly impossible if timestamps in logs are inaccurate. Time is often the critical factor that allows an event on one network node to be mapped to a corresponding event on another.

3. To reduce confusion in shared filesystems, it is important for the modification times to be consistent, regardless of what machine the filesystems are on.

This document will help you to configure a NTP Time server in Windows Server 2008.

Enabling & Configuring NTP Server

1. Change the server type to NTP.

Click Start, click Run, type regedit, and then click OK.

Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

In the pane on the right, right-click Type, and then click Modify. In Edit Value, type NTP in the Value data box, and then click OK.

2. Set AnnounceFlags to 5. 

Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
 In the pane on the right, right-click AnnounceFlags, and then click Modify. In Edit DWORD Value, type 5 in the Value data box, and then click OK.

3. Enable NTPServer.

Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

 In the pane on the right, right-click Enabled, and then click Modify .In Edit DWORD Value, type 1 in the Value data box, and then click OK.

4. Specify the time sources.

Open a command prompt and type the command as below: w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes /update

peers: time.windows.com or time.nist.gov

5. At the command prompt, type the following command to restart the Windows Time service, and then press Enter:
    net stop w32time & net start w32time  

Some Useful commands

1. To resynchronize time : w32tm /resync

2. To verify the configuartion : w32tm /query /configuration and w32tm /query /status

3. Display the current time zone settings : w32tm /tz

4. To reset the registry settings of NTP server: 

     net stop w32time

     w32tm /unregister

     w32tm /register

     net start w32time

5. To synchronize time with a linux client : ntpdate server_IP

For more information visit http://technet.microsoft.com/en-us/library/cc773263%28v=ws.10%29.aspx  

Allow UPD Port 123 through Firewall

Make an exception in your firewall to allow UDP port number 123.

Apply the NTP client settings via Group Policy(Optional)

Now we have to tell the client computers to obtain the time from the NTP Server. The policy is applied via GPO. The procedure is as follows:

1. Locate the Group Policy Object : Computer configuration/ Policies/Administrative Templates/ System /Windows Time Services/ Time providers

2.  Enable the below settings:
    Configure Windows NTP Client (In our case, it is the IP of the PDC)
    Enable Windows NTP Client

Obtaining time from a Local Source (Optional)

This configuration forces the PDC master to announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock. To configure the PDC master by using an internal hardware clock, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
In the right-pane, right-click AnnounceFlags, and then click Modify.
In Edit DWORD Value, type A in the Value data box, and then click OK.
 Close Registry Editor.
 At the command prompt, type the following command to restart the Windows Time service:
    net stop w32time && net start w32time 

By accomplishing the above tasks you can configure an NTP server in your domain.

For more information about NTP you can visit : http://www.ntp.org/