31Aug/180

SRV Records – How do I use them correctly?

Definition of an SRV record

With a Service Resource Record (short: SRV record) you can make services, which are usually available via an IP:PORT combination, reachable using a DNS host name. Important to note regarding SRV record is the fact, that they only work if an application has been specifically programmed to make use of them. Examples for this are TeamSpeak3 or Minecraft. SRV-Records can not be used to point a DNS name to an IP address/port combination for arbitrary use by any application.

Example - Teamspeak:
Usually TeamSpeak is using the protocol UDP over port 9987. If you are running a TeamSpeak instance with the IP 123.124.125.126 every client that wants to connect has to enter the IP:port combination of 123.124.125.126:9987. If you change the port or the server IP, you have to inform everyone about the new combination. With SRV records it is possible to connect to TeamSpeak using a DNS host name like ts.mydomain.com

In general every SRV record contains the same information:

_SERVICE._PROTOCOL.yourdomain.tld 86400 IN SRV PRIORITY WEIGHT PORT SERVER

In this example:

_ts3._udp.ts.mydomain.com 86400 IN SRV 0 5 9987 ts.mydomain.com

Values for priority and weight can usually be left at their defaults, they are only used if two or more SRV records with the same name exist. Please note that for the data field, you cannot simply add an IP address here. Instead, you will have to add a valid DNS host name which in turn resolves to an IP address by using an A record, so make sure that the host name you set there exists.

How to create an SRV record at Contabo

  1. Log in into your Contabo customer control panel using https://my.contabo.com
  2. Using the menu item "DNS Zone Management" you can edit a DNS zone and create a new record
  3. The type has to be SRV
  4. Fill in the form. An example can be seen below (please click on the picture in order to increase its size):
  5. The finished record should look like this:

From now on your users can connect to TeamSpeak using only the subdomain ts.mydomain.com

For Minecraft, the record may look like this:

_minecraft._tcp.mc.mydomain.com 86400 IN SRV 0 5 25565 server01.mydomain.com

Please make sure to consult the documentation of your service or application regarding whether SRV records are supported and what scheme they should use.

Posted by: Markus | Tagged as: , , , , No Comments
7Oct/137

Adding IPv6 connectivity to your server

With the recent deployment of IPv6 in our data centre network, newly installed servers should be configured with an IPv6 address out of the box. For existing installations that you do not want to reinstall or colocation devices not installed with our operating system deployment solution, the necessary information needs to be added to your system manually. This guide should give you enough information to get IPv6 up and running on your server.

Obtaining the necessary information

We have already assigned an IPv6 address to every one of your services where applicable. You can find this address in your customer control panel, which should look like this:

ipv6ccp

Do not use the address space shown in the image, "2a02:c200:0:10:3:0:7:1". Use your own IPv6 address space from your customer control panel instead.

At this time, the following additional information is valid for every IPv6 enabled server:

netmask / prefix length: 64
gateway address: fe80::1

For servers with a /64 network starting with "2a02:c205", please use the following IP addresses as resolving name servers:

Resolver/DNS server 1: 2a02:c205::1:53
Resolver/DNS server 1: 2a02:c205::2:53

For servers with a /64 network starting with "2a02:c207", please use the following IP addresses as resolving name servers:

Resolver/DNS server 1: 2a02:c207::1:53
Resolver/DNS server 1: 2a02:c207::2:53

Initial configuration (Linux-based operating systems)

Before adding this IPv6 address to your configuration files and thus making the changes persist after a server reboot, you might want to configure it manually. I will use the IPv6 address 2001:db8::1 in this example. Please replace it with the appropriate address assigned to the server in question. If your network card is not eth0, you will have to replace "eth0" with the appropriate value, too.

Add the address to the server's network interface in the format /:

ip addr add 2001:db8::1/64 dev eth0

You can validate that the address has been enabled by running

ip -6 addr show

which should show, among others, the following lines:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:db8::1/64 scope global valid_lft forever preferred_lft forever

In order to reach everyone else in the ever growing IPv6 world, add a default route to the server's configuration:

ip route add default via fe80::1 dev eth0

Again, you can verify the setting by running

ip -6 route show

which should show the following output:

default via fe80::1 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295

You can now check your IPv6 connectivity by using the ping6 command:

ping6 2a02:c205:0:5001::1

Making things persist (Linux-based operating systems)

Different operating systems have different ways of setting up the network configuration. If in doubt, please search the documentation for your operating system. Sample configurations for Debian/Ubuntu and CentOS/Fedora/RedHat will be provided here. Please be very careful when applying these changes. Errors may result in your server no longer responding to any network traffic at all!

Debian / Ubuntu

Edit the file /etc/network/interfaces and add the following lines:

iface eth0 inet6 static
address 2001:db8::1
netmask 64
gateway fe80::1
accept_ra 0
autoconf 0
privext 0

CentOS / Fedora / RedHat

Make sure IPv6 networking is enabled at all by editing /etc/sysconfig/network. Add the following line to this file:

NETWORKING_IPV6=yes

Then add the IP configuration to the file /etc/sysconfig/network-scripts/ifcfg-eth0

IPV6INIT=yes
IPV6ADDR=2001:db8::1/64
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0

This should make sure the IPv6 address gets enabled again after your server reboots.

Configuration steps for Windows Server operating systems

After you have connected to your server using RDP, click on "Start" > "Control Panel" > "Network and Internet" > "Network and Sharing Center". Click on "Change Adapter Settings" on the left side of the window. Right-click the icon for the network connection, select "Properties" from the menu:

IPv6-Windows-1

Highlight the entry "Internet Protocol Version 6 (TCP/IP)" on the list, make sure that the checkbox is ticked and click on "Properties" again. Enter the information you gathered from step one as shown below:

IPv6-Windows-2

Click on "OK", to close the dialogues and save the changes.

Still cannot reach your server via IPv6?

If you have made the changes as described above and if the ping6 command did return a response but you nevertheless cannot reach your server via IPv6 from your local computer, chances are that IPv6 might not yet be enabled in your local network. Your local ISP can help in this case.

Posted by: Markus | Tagged as: , , , , , 7 Comments
27Aug/130

Process Controlling With Supervisor

If you run your own virtual or dedicated server, chances are that you want to run a specific program or a number of programs that make up the service you want to use or offer. If the program you want to run is part of the Linux distribution of your choice there usually is not much more to it than installing the package and configuring the program. However, if the program comes from an external source or you are writing it yourself, you need to make sure it is started automatically when the server is booting. Additionally, during development or early testing phases of your own program, there might be errors in the code leading to a crash of your application and you might want to make sure that it gets restarted automatically in such a case. A few years ago, the solution to the first issue was quite simple. All you needed to do was to create an init script that would then handle the starting and stopping of the server. However, recently many Linux distributions changed the way they handle the boot process. Some are still using init, others may be using upstart or even systemd now. Providing the files necessary for all of this systems can be quite a hassle and while upstart and systemd support restarting programs on unexpected termination, implementing this with init is possible but requires to change init's configuration itself.

For my own needs I have become attached to using supervisor for this task - the program and the documentation can be found on http://supervisord.org, but most Linux distributions provide pre-built packages in their repositories. Supervisor itself is a daemon that is run by the system's process management so it gets run by init or it's counterparts. To run your own program, you have to add it to supervisord's configuration and it will make sure that it gets started on boot and restarted in case it crashes.

As an example, I will be using a very small custom web application written in Python using the bottle framework. Since this article is not about web programming, I am keeping it simple:

1 from bottle import route, run
2
3 @route('/')
4 def index():
5     return 'Hello World'
6
7 run(host='0.0.0.0', port=8080)

All this does is run a webserver on port 8080 and displaying Hello World in your web browser when you navigate to it. If the above code is saved to a file app.py, you can run it using python app.py and it will just run forever (or until it crashes). Now would be a good time to configure supervisor to run this application for us. Supervisor provides a command line tool called supervisorctl to check the status of configured applications and to start or stop them if needed. Running supervisorctl status will show you... nothing, as we did not set up anything yet. We create a new file called hello.conf which will contain everything supervisor needs to know to run our application and place it in /etc/supervisor/conf.d/. The most basic configuration defines a new program to run with a given name and a command to be executed as well as a user name that the program should be run with - if you leave this, your program will run as root which is almost always a bad idea:

[program:hello]
command=/usr/bin/python /home/markus/app.py
user=markus

Note that it is usually a good idea to provide absolute paths in such configurations. After the file has been saved, you can use supervisorctl reread to cause supervisor to reread its configuration file. If everything is right, the output of the command should tell you that a program named hello is now available:

# supervisorctl reread
hello: available

We can now start the program by running

# supervisorctl start hello
hello: started

Check the status again to see if its actually running now:

# supervisorctl status
hello                 RUNNING    pid 32675, uptime 0:00:46

As you can see, it tells us that the program is running, it's PID and the time elapsed since it's start. To simulate a crash, we will forcefully terminate the program and check if supervisor restarts it as expected:

# kill -9 32675
# supervisorctl status
hello                 RUNNING    pid 32686, uptime 0:00:04

The supervisor homepage gives you a lot more information about possible values to configure supervisor itself and the programs it runs. You can even configure the location of log files and automatic rotation for them in case they grow over a given size. More details about this can be found here: http://supervisord.org/configuration.html. Finally, no more reason to run your applications in detached screen sessions... 😉