Changing Servers for a Website – Redirect Traffic to New IP for No Downtime While DNS Propagates

Wednesday, December 20th, 2023

Moving a Website to Another Server – Redirect Traffic to the New Server While DNS Propagates (for No Downtime)

If you're migrating a website from one server to another and have updated the DNS for the domain to point to the new server, some traffic will still be directed to the old server due to DNS caching.  So, while the DNS changes propagate over the internet (can take up to three days), you can still redirect traffic to the new server from the old server so that you won't suffer any downtime. 

On the old server, run these commands to redirect web traffic on port 80 (http) and port 443 (https) to the new server (adjust the {DESTINATION_IP_ADDRESS} variable accordingly):

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination {DESTINATION_IP_ADDRESS}:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination {DESTINATION_IP_ADDRESS}:443
iptables -t nat -A POSTROUTING -p tcp -d {DESTINATION_IP_ADDRESS} --dport 80 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -d {DESTINATION_IP_ADDRESS} --dport 443 -j MASQUERADE

Reference:  https://serverfault.com/questions/371833/changing-servers-redirect-to-new-ip-no-downtime#371870

Disable BIND9 Recursive DNS Queries to Prevent UDP DDOS Flood Attacks

Sunday, January 12th, 2014

Turn Off BIND9 Recursion

By default, BIND9 is configured to allow recursive DNS queries.  This allows others to use your DNS server to query other domains on your server's behalf.  Unfortunately, recursive DNS queries can be used to amplify a UDP flood DDOS attack.  As such, for a shared web hosting environment, it is best to disable recursive DNS queries.  You can disable BIND9 recursion easily by running the following script:

cd ~/Downloads
wget -N "http://dinofly.com/files/linux/disable_bind9_recursion.tar.gz"
tar -zxvf disable_bind9_recursion.tar.gz
sudo bash disable_bind9_recursion.sh

It should work on all versions of Linux but has been tested and works perfectly on Ubuntu.  You may need to change the path used for the BIND config file. 

PeerGuardian Linux Ubuntu Prerequisites and Install Guide

Saturday, March 24th, 2012

PeerGuardian Installation Guide Ubuntu / Debian

Installing PeerGuardian:

Open a new terminal and install the prerequisites for PeerGuardian Linux but using the following commands:

sudo apt-get install libdbus-1-dev zlib1g-dev iptables libnetfilter-queue-dev libnfnetlink-dev qt4-bin-dbg qt4-dev-tools qt4-bin-dbg g++ libpolkit-qt-1-1 libpolkit-qt-1-dev

Download the latest source of PeerGuardian Linux from:  http://sourceforge.net/projects/peerguardian/files/PeerGuardian%20Linux/

Open a terminal, change to the peerguardian source directory, and run the configure file to generate the makefile.

./configure --sysconfdir=/etc

If you get an error stating that looks like this:

checking for ZLIB... configure: error: Package requirements (zlib) were not met:

No package 'zlib' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables ZLIB_CFLAGS
and ZLIB_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

You'll need to download and compile the source of zlib from  http://www.zlib.net/

To do this, just change to the directory of the extracted zlib folder, run:

./configure
sudo make
sudo make install

Now, go back to the peerguardian source directory, and re-run ./configure

You will not receive this error anymore.  Why does this happen in the first place?  Installing zlib1g-dev should have been enough to satisfy this requirement, but for some reason it doesn't work sometimes and could be a bug.

Errors Post Installation:

BELOW ISSUE (BOTH Bricking your System and Resolv.conf Issue) APPEARS TO HAVE BEEN FIXED IN MAY of 2013
I'm going to leave this here though in case someone needs it.
 

As of 3/17/13, I've noticed that installing Peerguardian Linux from the latest SourceForge source causes a number of serious problems that could brick your Linux install. You must run the following commands after "make install" is completed to avoid running into problems.

If your gksudo or sudo commands no longer work after installing because of a "Unable to copy the user's .Xauthorization file" error message, your .Xauthority file may no longer exist.  To fix this issue, run the following commands:

gksudo synaptic
sudo chown youruser:youruser ~/.Xauthority
chmod 600 ~/.Xauthority

If the above does not work for you, try this:

cd ~
touch .Xauthority
sudo chown youruser:youruser ~/.Xauthority
chmod 600 ~/.Xauthority 

For some reason, the installer also changes the permissions on the tmp system folder.  To fix this, run the following command:

sudo chmod 1777 /tmp

Peerguardian Linux can also break your DNS settings rendering your internet connection useless.  To fix this issue, run the following commands:

sudo nano /etc/resolv.conf

In it, put your router's dns information in. For example:

nameserver 192.168.1.1

Save and close the file.  Everything should be good to go and your system is not hosed from a buggy compilation of Peerguardian Linux