Red Hat – Disable DNS Recursion (BIND)
Disable DNS Recursion KB ID 0000981 Problem I got a Tweet, to say the site was down. I checked and the VPS was off-line? So I powered it on and waited a few minutes. Linux is not one of my strongest technical areas so I did some Googling about what logs to check etc. When I looked in the var/log/messages log it was full of these, up to the point where it went down; Aug 7 03:51:52 MY-HOSTNAME named[490]: error (unexpected RCODE...
Using LDP to Find an Objects ‘Distinguished Name’ in Active Directory
KB ID 0001337 Problem There are a few occasions when you need to know an objects ‘Distinguished Name’ (DN). For me it’s usually when I’ve got a device that needs to do LDAP/LDAPS lookups, (RSA Appliance, Netscaler, Cisco FirePOWER, etc). Today someone needed to ‘bind’ a Checkpoint firewall to Active Directory, and asked me to create user, and give them the DN and password. I’ve mentioned...
Citrix NetScaler – Simple HTTP Site Load Balancing
KB ID 0001188 Problem Here is the simplest load balancing scenario I can think of, I’ve got two web servers, (on http port 80) and I’m presenting them though my NetScaler as an HTTP (Virtual Server). Solution First we add the ‘back-end’ servers. Connect to the management IP of your NetScaler and login > Configuration > Traffic Management > Load Balancing > Servers > Add. Define a name for the...
Cisco ISE – Replace the Self Signed Certificate
KB ID 0001068 Problem Cisco ISE arms itself with a self generated certificate out of the box, (well the NFR appliance does anyway). To replace that cert with one signed by your own CA, this is the procedure. (Note: I’m using Microsoft Certificate Services on Server 2012 R2). Solution Step 1: Import the CA Certificate into ISE Note: If you have a lot issuing servers it’s a good idea the repeat this procedure for EVERY...
CentOS BIND DNS Not Responding To DNS Queries
KB ID 0000906 Problem While moving my DNS records from my old hosting company, I finally got round to pointing my domain name server records at my own server. I then saw my web traffic nose dive! Some troubleshooting steps later I realised I could not connect to my server on TCP port 53 (use an online port scanner to test yours). Solution Allow Access to DNS BIND From Remote Clients 1. Firstly let’s make sure that the firewall...