架不住XEN的诱惑,小站又又搬家了。
1、我自己访问和管理貌似要快点;
2、可以做L2TP/IPSec PSK的VPN,ssh转发和pptp似乎不能满足某些时候的需求,哈哈
3、对于XEN架构的VPS来说,价格还不错,有兴趣也去看看吧:Colo2VM
标签:
原因是sudo会检查是否是在tty中,系统启动的时候,不属于tty环境,因此无法执行

解决方法,命令行执行visudo,找到Defaults    requiretty并注释掉!
标签: ,

Dear Customer,

We'd like to inform you that HighVPS has been acquired by OSHS Ltd (Open Source Hosting Solutions Limited). OSHS (http://www.oshs.co.uk) operates a number of online brands providing shared/reseller web hosting, virtual private servers, dedicated servers, server management, audio/video streaming, as well Linux/Unix consulting.

In terms of your changes, for some of you; we will be migrating VMs from present server nodes to new server nodes. Once the migration has been completed, you will receive details of your new VPS, your VPS control panel, and your new VPS IP/s.

We will then be migrating your client details from http://manage.highvps.com/ to http://www.opensourcehostingsolutions.com/client/ so that we can consolidate client portal systems at our central location to provide the fastest and most efficient customer support.

Finally, we hope this new development brings you an improved level of customer service, as we continue business as usual.

If you have any questions, please reply to this email.

Regards,
HighVPS Customer Services.


提几点希望:
1、价格不要涨啊
2、母鸡时间给我弄对了!
3、co.uk!母鸡不要搬到uk去了哦?!网络、母鸡性能要保持呀
4、提供功能丰富点的Control Panel吧

标签:
扛不住VPS的诱惑,把站点搬家了。

这次选择的是HighVPS.com中最低配置的Unmanaged VPS,感觉还行,偶尔抽风,米国便宜的似乎都是这个样子,机房在米国东海岸,每次访问都要穿过海底光纤,在米国西岸登录,然后再横跨了米国大陆才能到。HyperVM的虚拟技术和平时用的VPC、VM、VBox什么的有不同,使用上只能说是近似真正的服务器,还是还是有点点限制,不过对于一般的应用,完全没问题。

遇到除了一个很恶的问题。我发现VPS的时间在时区正确的情况下,慢了4个小时,于是发ticket要求修改母鸡的时间,和鬼子纠缠了3天3夜,从头到尾都在喊我用不同的方式改timezone,最终还是不给我改母鸡的时间,算了,我放弃,ticket就open放在那里,评价全是poor。自己把VPS的时区和博客的时区都调到GMT-12,然后把历史博客涉及日期的数据都减了14400秒(4小时,不然我历史数据就会快4小时)。期间还想过把linux或者php的time()函数源码改了重新编译,但是好麻烦,日后也不好维护,还是直接改数据算了。

现在用的组合如下,全部用源码编译安装,咱也玩玩现在流行的nginx+php-fpm,免得变成outMAN:
bind-9.7.0-P2
vsftpd-2.2.2
mysql-5.1.47
nginx-0.7.65
php-5.2.13 + php-5.2.13-fpm-0.5.14 + eaccelerator-0.9.6

BTW.前几天的某天,Domain.com有0.99美元注册.com .net .org域名的优惠,考虑已经有.net和.info的了,于是买了个allmoneygomyhome.org来玩。

装了才几天,发现暴多的网络攻击,主要是密码试探,做了很多加固的工作,不要变成肉鸡了。。。
标签:

作为域名NS记录指向的DNS服务器,不同于开放给公众的DNS服务器,不需要提供本机配置域名之外的域名解析。当DNS解析的域名本机中没有的时候,就会发起递归(recursion)或者转发(forward)到远程DNS去查询。

递归:本机直接从根服务器上寻找对应域名的NS记录,再由本机到NS指向的服务器中查询记录
转发:本机将解析请求转发到指定的服务器去解析,将转发服务器的响应结果直接反馈给查询者

BIND9默认打开递归查询和关闭转发功能,如何彻底关闭递归,就成了主要问题,设置中还发现一些有趣的问题。

测试平台:Debian 5.0.4
BIND9版本:BIND 9.5.1.dfsg.P3-1+lenny1

配置文件:/etc/bind/named.conf.options
1、只设置“recursion no;”
C:\>nslookup
> server 192.168.99.104
> www.google.com
Server: [192.168.99.104]
Address: 192.168.99.104

Name: www.google.com
Served by:
- K.ROOT-SERVERS.NET
- I.ROOT-SERVERS.NET
- L.ROOT-SERVERS.NET
- B.ROOT-SERVERS.NET
- M.ROOT-SERVERS.NET
- G.ROOT-SERVERS.NET
- F.ROOT-SERVERS.NET
- A.ROOT-SERVERS.NET
- J.ROOT-SERVERS.NET
- C.ROOT-SERVERS.NET


服务器虽然没有进行递归查询,但是还是响应了客户端根服务器的地址。如何彻底关闭呢,这个问题折腾了很久,未果。BIND9的文档(http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html)中有这样的描述:

recursion
If yes, and a DNS query requests recursion, then the server will attempt to do all the work required to answer the query. If recursion is off and the server does not already know the answer, it will return a referral response. The default is yes. Note that setting recursion no does not prevent clients from getting data from the server's cache; it only prevents new data from being cached as an effect of client queries. Caching may still occur as an effect the server's internal operation, such as NOTIFY address lookups. See also fetch-glue above.

allow-recursion
Specifies which hosts are allowed to make recursive queries through this server. If not specified, the default is to allow recursive queries from all hosts.
Note that disallowing recursive queries for a host does not prevent the host from retrieving data that is already in the server's cache.

可问题是,这个cache如何关闭呢?文档里没有详细描述,找了很久,发现个配置allow-query-cache,这个似乎在官方的文档中没有呢?


2、同时设置“recursion no;”和"allow-query-cache { none; };"
C:\>nslookup
> server 192.168.99.104
> www.google.com
Server: [192.168.99.104]
Address: 192.168.99.104

*** [192.168.99.104] can't find www.google.com: Query refused

彻底关闭了递归查询,拒绝响应,达到目的。


3、只设置"allow-recursion { none; };"
测试结果同2

这是在后来改配置的时候偶尔发现的,allow-recursion貌似不需要关闭cache。一直认为allow-recursion和recursion是完全一样的,看来不是这样。当然,这个也许是我的测试有限。


附1:转发BIND9默认是关闭的,如果需要声明可以在named.conf.options这样写
forwarders {};
forward only;

附2:如何关闭BIND9对于ls命令功能,对于有slave或者特殊需要的,用ip替换none即可
allow-transfer { none; };

标签: , ,
分页: 1/1 第一页 1 最后页 [ 显示模式: 摘要 | 列表 ]