In one company there is windows server 2008 hosting firebird 2 database.
Clients are using some software to connect from local machines to this database.
Network is running on few mikrotik routers.
When i change main gateway mikrotik router dns to cleanbrowsing ip addresses (185.228.168.10 and 185.228.169.11), software can not connect fo this firebird database.
When i use 8.8.8.8 dns or 1.1.1.1 - no such problems.
Software does not relate to dns, i know this because it is written by me in c#.
How possible is that and why it happens?
Changing the main gateway router's DNS server to another upstream server means you are potentially getting different responses to DNS queries. Assuming that nothing else has changed on your network, I imagine one of the following:
Your new DNS provider does not have special config for the dns entries you are querying
Your new DNS provider is located somewhere else physically, and you are running into a situation where geolocation matters (different dns responses to differently located users)
There is another gadget on the network intercepting DNS and is unaware of the change you are making. For example a NAT rule on a router that redirects 8.8.8.8 to an internal DNS server.
I agree with your assessment that the software is probably not causing this, because you changed infrastructure, I think that this is an infrastructure problem.
With 15+ years of experience running FirebirdSQL in small networks, I always set following things to prevent such problems:
The first DNS at the router's DHCP should point to the router's IP (gateway) itself, so it resolves local pc names easier
Setting a (random?) DHCP domain name at router's setup is recommended too
Edit/replace the firebird.conf file with one of fixed default port (3050) + event port (3051).
Opening those ports on each PC's firewall is a MUST. Both incoming and outgoing. You may narrow it to local IP range to prevent outside attacks. (Create a script once, run it on each PC as Admin once.)
Usually I also add "fbserver.exe" to firewall exception too
Restart FirebirdSQL service (or the whole PC) after changing gateway or DNS or firebird.conf
Related
I am currently developing a website with a virtual server based on Vagrant. Before that I always used my NAS-webserver to develop my sites.
I want to keep using my database on the NAS cause it's easy to handle through phpMyAdmin that is installed as an app on the NAS.
When ssh'ed into my virtualbox I can ping to the internal ip from my NAS, being 192.168.0.10. Making a database connection to it, does not work.
Usually I take static ip for my VirtualBox that does not belong to the range of my internal network, e.g. 192.168.33.23. I tried to change this to an ip that is in the range but then I get an error saying:
The specified host network collides with a non-hostonly network!
The specified host network collides with a non-hostonly network!
This will cause your specified IP to be inaccessible. Please change
the IP or name of your host only network so that it no longer matches that of a bridged or non-hostonly network.
What is the best method to solve this issue? I read the Vagrant Docs and other posts but I didn't get it up and running.
** UPDATE **
I added this line to my Vagrantfile:
config.vm.network 'public_network'
This invokes a bridged mode. After choosing 'en0: Wi-Fi (Airport)' as adapter when starting the VM, the ip of my VM is now 192.168.0.100 but I still can't connect to my database #192.168.0.10.
I already did a credential check by placing all files on the NAS-webserver and all worked well.
Solution:
set the network to bridged mode
grant the VM ip address access in the mysql users table
So I just added the same user in phpMyAdmin but now with the VM ip address as hostname.
I need to have an Access front end and SQL 2005 back end for a client. I would like to require them to have a static IP and I'll open a port for that IP. But they also want to be mobile, so their IP will change when they aren't in their office.
Is there another way to secure the connection?
Thanks.
I much don't see any problem or issue with this question. As a note, one could keep in mind with your requested setup the IP address of the mobile devices does not and should not matter.
What matters for the most part is that device can connect to the IP address of the SQL server in question (and that address is not likely to change – or at least not change often).
so their IP will change when they aren't in their office.
This question makes more sense. The internal IP address you use to connect to SQL server can be an unc path name to the server (with SQL on it). However, often just using the IP address of the server on your local network also works. So a typical address would be 192.168.1.100.
So, your Access front end can thus link to the above IP address (I assume you have some SQL re-link code on startup).
When you step outside of the office and that local network, then of course you have several choices.
You could as you suggest open up a port on the SQL serving to allow incoming connections. This is likely not such a great idea. It likely better to setup some type of VPN from that device back to your office network. Once you have that VPN connection setup, then the front end that linked to the fixed internal ip address should continue to work (and you can use the SAME internal address).
However, without a VPN, then you can certainly have the Access front end "re-link" to the external exposed IP address of your office network. This would require that you open a port and forward a port on your router to the machine running SQL server. And you would have to open the default port for sql server. The default is 1433 – but as noted, it is NOT such a great idea to open up your SQL server to the wild internet. Last time I did this, within a FEW minutes there was automated "bots" on the internet already attempting to logon (and the robot was testing all of the most common sql logons + most common passwords). So, this is high risk adventure to open up sql server ports this way.
So, the best approach here is some type of SSL tunnel, or a VPN to your office network, and the bonus part is you likely NOT have to re-link the front end to a different IP address since once that "tunnel" is setup to your office, then the result of the network setup, including the use of printers etc. from your laptop should thus work with any place you connect to the internet.
I'm doing some socket programming in C where I have one server and many clients on the local network. I want the client to find (search for) the server on the network by itself (i.e.not having to specify the server's address) and connect to it. The protocol between the clients and server should be TCP.
I've been searching the web for some time to find a good solution to this, but haven't found one yet.
Any suggestion to how I would tackle this problem would be greatly appreciated.
An IP and port number is necessary for a client to connect to the game server. However, if the IP address of the server is not available, a 'compromise' could be reached by:
Using a hostname to connect to the server, you can use gethostbyname() to resolve a hostname and obtain the IP address. This should solve the issue if the server's IP is not known or is not static.
Having a process running on a known IP which can give you a list of active servers.
Having the clients scan a particular range of IP addresses instead of trying to connect to a single IP (not a very good idea, but should be doable on a LAN).
Havinh your server broadcast packets (say UDP datagrams) at fixed intervals to all hosts on the current subnet (again not really a good idea, will lead to unnecessary network traffic).
A hybrid approach with more than one of the above could also employed, for example, try connecting via a hostname and if that fails, fallback to connecting to a known IP with list of active servers etc.
If you have control over the network layout and such, I would use a solution involving DHCP and DNS.
Basically, you want to connect your DHCP server to your DNS server so that it would automatically create entries for new computers on the network. This is a feature that most DHCP servers and DNS servers support, including BIND and named and Microsoft's solution.
Then you'll set the server hostname to some known value, and have the clients find the server using DNS. That is, gethostbyname() would work properly so you could use the first bullet point offered in Bhargav's answer.
Is there any way to detect if I am connected to a VPN using standard windows APIs in C?
Basically I have a client that has to sync with a server but only if the VPN is connected. This could be a standard windows VPN client or a Citrix.
Is RAS helpful here?
thank you, code is appreciated.
EDIT:
to make it clearer.
This is a client that will run on our customer's computer and they set the VPN and server however they want. So I wanted to know if windows keeps a setting somewhere that I can read via an API or registry or WMI or whatever that can tell me VPN: no or yes and if yes the info.
With the VPN I suspect you able to access resources that don't exists otherwise. So you could PING test a server on the VPN network. ICMP is the protocol for ping.
Here is some examples: http://www.alhem.net/project/ex10/index.html
Your IP space should be different if you're on VPN or not - if the VPN is set up right, the server shouldn't even be accessible unless you're on the VPN. You could try to ping the server, and only try to perform the sync if you get a response?
I'm fairly certain that one of the selling points of VPN is that userland applications should be, on the whole, entirely unaware of its existence. Your best course of action is likely to query, using COM or some other form of IPC, known VPN provider services, or just see if they are alive and/or active, and infer the situation based on this evidence.
I have looked for vendor specific registry settings to determine if the tunnel is active. This works well with Nortel and Cisco VPN clients.
Can your app lookup the IP of a domain name that's only available through the VPN? If the name lookup fails, you're not on the VPN. If the general Internet can't query the DNS server on the VPN, this may be a workable solution (but maybe not generalized enough for your needs?). You can then try connecting to that IP -- something that will only succeed if you're on the VPN.
You could even have a public DNS server provide the IP address. Just use a special hostname that never resolves to a public IP. If the VPN isn't up, you won't be able to reach that address.
Suppose the following:
I have a database set up on database.mywebsite.com, which resolves to IP 111.111.1.1, running from a local DNS server on our network.
I have countless ASP, ASP.NET and WinForms applications that use a connection string utilising database.mywebsite.com as the server name, all running from the internal network.
Then the box running the database dies, and I switch over to a new box with an IP of 222.222.2.2.
So, I update the DNS for database.mywebsite.com to point to 222.222.2.2.
Will all the applications and computers running them have cached the old resolved IP address?
I'm assuming they will have.
Any suggestions along the lines of "don't have your IP change each time you switch box" are not too welcome as I cannot control this aspect of the situation, unfortunately. We are currently using the machine name of the box, which changes every time it dies and all apps etc. have to be updated with the new machine name. It hurts.
Even if the DNS is not cached local to the machine, it will likely be cached somewhere along the DNS chain between the machine and the name servers, at least for a short while. My understanding is this situation would usually be handled with IP takeover where you just make the new machine 111.111.1.1.
Probably a question for serverfault.
You're looking for DNS TTL (Time To Live) I guess.. In my opinion applications may cache the IP for at most the value of the TTL. I'm afraid however that some applications/technologies might actually cache it longer (agian in my opinion completely wrong)
Each machine will cache the ip address.
The length of time it is cached is the TTL (Time To Live). This is a setting on your DNS server, if you set it very low say 5 mins, then you show be up and running fairly quikly. A bit of a hack but it should work.
Yes, the other comments are correct in that what controls this is the DNS TTL set for the hostname database.mywebsite.com.
You'll have to decide what the maximum amount of time you're willing to wait for if you have a failure on your primary address (111.111.1.1) after you make the switch to the secondary address. Lower settings will give you a quicker recovery time, but will also increase the load and bandwidth to your DNS server because clients will have to re-query it to refresh their cache more often.
You can use nslookup using the -d option from your cmd prompt to see what your default TTL times and remaining TTL times are for the DNS server you are querying.
%> nslookup -d google.com
You should assume that they are cashed for two reasons not clearly mentioned before:
1- Many "modern" versions of OS families do DNS caching.
2- Many applications do DNS caching or have poor error/failure detection on live connections and/or opening new connections. This would possibly include your database client.
Also, this is probably not well documented. I did some googling, and found this for MySQL:
http://dev.mysql.com/doc/refman/5.0/en/connector-net-programming-connecting-connection-string.html#connector-net-programming-connecting-errors
It does not clearly explain its behavior in this regard.
I had a similar issue with a web site that disables the application pool recycling features and runs for weeks on end. Sometimes, a clustered SQL Server box would restart and for some reason, my SqlConnection's were not reconnecting. I was getting the error:
A network-related or instance-specific
error occurred while establishing a
connection to SQL Server. The server
was not found or was not accessible.
Verify that the instance name is
correct and that SQL Server is
configured to allow remote
connections. (provider: Named Pipes
Provider, error: 40 - Could not open a
connection to SQL Server)
The server was there - and running - in fact, if I just recycled the app pool, the app would work fine - but I don't like recycling app pools!
The connections that were being held in the connection pool were somehow using old connection information, and that could have been old IP addresses. This is what seems so similar to the poster's question, that it appears to be cached DNS information, because as soon as some sort of a cache is cleared, the app works fine.
This is how I solved it - by forcing all of the connections in the pool to be re-created:
Try
' Example: SqlDependency, but this could also be any SqlConnection.Open call
Dim result As Boolean = SqlClient.SqlDependency.Start(ConnStr)
Catch sqlex As SqlClient.SqlException
SqlClient.SqlConnection.ClearAllPools()
End Try
The code sample is just the boiled-down basics - it should be tweaked for your situation!
The DNS gets cached, but for any server that resolves to the wrong ip address, you can update the HOSTS file of the server and the ip should be updated immediately. This could be a solution if you have a limited amount of servers accessing your database server.