I am trying to setup an email server using an EC2 instance(postfix)
I am trying to understand the value "10 mailserver.domainame.com".
does it mean I must do "hostname mailserver.domainame.com" on my email server? which means having mailserver.domainame.com as the hostname?
what about the number "10"?
thanks.
10 is the "cost" of the mail exchanger. If you had a primary and a backup, you'd set the backup as a higher value, such as 20... so that servers trying to deliver mail to your domain would try the "lowest cost" (10) before the higher cost (20) server, and only use the 20 machine if they found the 10 machine inaccessible. The number 10 is arbitrary. It could be 5 or 0 or 17. It has no real meaning if you only have one mail exchanger, but is still required.
You do not need to set the internal hostname of the machine at mailserver.example.com. Nobody really sees or cares about that except you. As long as you have a DNS A record for mailserver.example.com that returns the correct IP address, that is sufficient for MX configuration.
Related
I am trying to set up an inbound call center with AWS connect. It should be straight forward, but when I try to claim my first phone number and hit save, it says:
"You've reached the limit of Phone Numbers. To increase limit, contact support.". The default for AWS Connect says I should be able to have 5 phone numbers, so why is it preventing me from making 1?
I have a hosted zone created in Route53 and updated the NS records under the namespaces of the purchased domain.
Unfortunately the DNS check does not return or point to the new NS records instead gets resolved to old/ previously existing records.
I waited more than 72 hours and still i get "This site can’t be reached"failing with error DNS_PROBE_FINISHED_NXDOMAIN in the browser.
Below is a screenshot from the DNS check provided by https://mxtoolbox.com/,
It shows that the old NS records (First 4 rows with TTL to 48 hours) are present in the Parent and not in local whereas the newly updated records (The last 4 records) are present in the parent and not in the local.
Ping to the domain fails with Unknown host.
What are the next steps?
When you update the name servers for a domain, remove the old name server records.
Your TTL is set to 48 hours. That means any recursive resolver such as dns.google will not refresh for 48 hours after last update. For resolvers that have not cached your resource records, they might update immediately but might also get stale data from an upstream resolver. Wait a few hours so that you do not force a new cache load with old data and then check with an Internet tool such as dnschecker.org Change the selection box from A to NS to see the name server changes.
In general I recommend that it takes 48 to 72 hours for authoritative name server changes to propagate around the world.
Google DNS supports "Flush Cache". Wait an hour or two and then request that Google update their DNS cache. Flush Cache
Cloudflare also supports Purge Cache
Google and Cloudflare are very popular DNS resolvers.
Also, do not forget to flush your local computer's DNS cache:
Windows: ipconfig /flushdns
Linux: sudo service network-manager restart (ubuntu) or sudo /etc/init.d/nscd restart
macOS: sudo dscacheutil -flushcache followed by sudo killall -HUP mDNSResponder
I deployed 2 instances of Eureka server and a total of 12 instances microservices. .
Renews (last min) is as expected 24. But Renew Threshold is always 0. Is this how it supposed to be when self preservation is turned on? Also seeing this error - THE SELF PRESERVATION MODE IS TURNED OFF. THIS MAY NOT PROTECT INSTANCE EXPIRY IN CASE OF NETWORK/OTHER PROBLEMS. What's the expected behavior in this case and how to resolve this if this is a problem?
As mentioned above, I deployed 2 instances of Eureka Server but after running for a while like around 19-20 hours, one instance of Eureka Server always goes down. Why that could be possibly happening? I checked the processes running using top command and found that Eureka Server is taking a lot of memory. What needs to be configured on Eureka Server so that it don't take a lot of memory?
Below is the configuration in the application.properties file of Eureka Server:
spring.application.name=eureka-server
eureka.instance.appname=eureka-server
eureka.instance.instance-id=${spring.application.name}:${spring.application.instance_id:${random.int[1,999999]}}
eureka.server.enable-self-preservation=false
eureka.datacenter=AWS
eureka.environment=STAGE
eureka.client.registerWithEureka=false
eureka.client.fetchRegistry=false
Below is the command that I am using to start the Eureka Server instances.
#!/bin/bash
java -Xms128m -Xmx256m -Xss256k -XX:+HeapDumpOnOutOfMemoryError -Dspring.profiles.active=stage -Dserver.port=9011 -Deureka.instance.prefer-ip-address=true -Deureka.instance.hostname=example.co.za -Deureka.client.serviceUrl.defaultZone=http://example.co.za:9012/eureka/ -jar eureka-server-1.0.jar &
java -Xms128m -Xmx256m -Xss256k -XX:+HeapDumpOnOutOfMemoryError -Dspring.profiles.active=stage -Dserver.port=9012 -Deureka.instance.prefer-ip-address=true -Deureka.instance.hostname=example.co.za -Deureka.client.serviceUrl.defaultZone=http://example.co.za:9011/eureka/ -jar eureka-server-1.0.jar &
Is this approach to create multiple instances of Eureka Server correct?
Deployment is on AWS. Is there any specific configuration needed for Eureka Server on AWS?
Spring Boot version: 2.3.4.RELEASE
I am new to all these, any help or direction will be a great help.
Let me try to answer your question one by one.
Renews (last min) is as expected 24. But Renew Threshold is always 0. Is this how it supposed to be when self-preservation is turned on?
What's the expected behaviour in this case and how to resolve this if this is a problem?
I can see that eureka.server.enable-self-preservation=false in your configuration, This is really needed if you want to remove an already registered application as soon as it fails to renew its lease.
Self-preservation feature is to prevent the above-mentioned situation since it can happen if there are some network hiccups. Say, you have two services A and B, both are registered to eureka and suddenly, B failed to renew its lease because of a temporary network hiccup. If Self-preservation is not there then B will be removed from the registry and A won't be able to reach B despite B is available.
So we can say that Self-preservation is a resiliency feature of eureka.
Renews threshold is the expected renews per minute, Eureka server enters self-preservation mode if the actual number of heartbeats in last minute(Renews) is less than the expected number of renews per minute(Renew Threshold) and
Of course, you can control the Renews threshold. you can configure renewal-percent-threshold (by default it is 0.85)
So in your case,
Total number of application instances = 12
You don't have eureka.instance.leaseRenewalIntervalInSeconds so default value 30s
and eureka.client.registerWithEureka=false
so Renewals(last minute) will be 24
You don't have renewal-percent-threshold configured, so the default value is 0.85
Number of renewals per application instance per minute = 2 (30s each)
so in case of self-preservation is enable Renews threshold will be calculated as 2 * 12 * 0.85 = 21 (rounded)
And in your case self-preservation is turned off, so Eureka won't calculate Renews Threshold
One instance of Eureka Server always goes down. Why that could be possibly happening?
I'm not able to answer this question time being, this can be because of multiple reasons.
You can find the reason mostly from logs, or if you can post logs here it would be great.
What needs to be configured on Eureka Server so that it doesn't take a lot of memory?
From the information that you have provided, I cannot tell about your memory issue and in addition to that you already specified -Xmx256m and I didn't face any memory issues with the eureka servers so far.
But I can say that top is not the right tool for checking the memory consumed by your java process. When JVM starts, It takes some memory from the operating system.
This is the amount of memory you see in tools like ps and top. so better use jstat or jvmtop
Is this approach to create multiple instances of Eureka Server correct?
It seems you are having the same hostname(eureka.instance.hostname) for both instances. Replication won't work if you use the same hostname.
And make sure that you have the same application names in both instances.
Deployment is on AWS. Is there any specific configuration needed for Eureka Server on AWS?
Nothing specifically for AWS as per my knowledge, other than making sure that the instances can communicate with each other.
i want to create mx record in aws r53 like this. my domain is in godadday
1) Host as # and points to as smtp.secureserver.net with priority 0 and TTL one hour.
2) Host as # and points to as mailstore1.secureserver.net with priority 10 and TTL one hour.
bust while creating this error flash .The record set could not be saved because:
- The Value field contains invalid characters or is in an invalid format.
If your image is accurate, the priority needs to proceed the FQDN
Your example shows:
smtp.secureserver.net
And should be:
0 smtp.secureserver.net
The following worked for me
I have a path (mysite.com/myapiendpoint for sake of example) that is both resource intensive to service, and very prone to bot abuse. I need to rate limit access to that specific path to something like 10 requests per minute per client IP address. How can this be done?
I'm hosting off an EC2 instance with CloudFront and AWS WAF in front. I have the standard "Rate Based Rule" enabled, but its 2,000 requests per minute per IP address minimum is absolutely unusable for my application.
I was considering using API Gateway for this, and have used it in the past, but its rate limiting as I understand it is not based on IP address, so bots would simply use up the limit and legitimate users would constantly be denied usage of the endpoint.
My site does not use sessions of any sort, so I don't think I could do any sort of rate limiting in the server itself. Also please bear in mind my site is a one-man-operation and I'm somewhat new to AWS :)
How can I limit the usage per IP to something like 10 requests per minute, preferably in WAF?
[Edit]
After more research I'm wondering if I could enable header forwarding to the origin (running node/express) and use a rate-limiter package. Is this a viable solution?
I don't know if this is still useful to you - but I just got a tip from AWS support. If you add the rate limit rule multiple times, it effectively reduces the number of requests each time. Basically what happens is each time you add the rule, it counts an extra request for each IP. So say an IP makes a single request. If you have 2 rate limit rules applied, the request is counted twice. So basically, instead of 2000 requests, the IP only has to make 1000 before it gets blocked. If you add 3 rules, it will count each request 3 times - so the IP will be blocked at 667 requests.
The other thing they clarified is that the "window" is 5 minutes, but if the total is breached anywhere in that window, it will be blocked. I thought the WAF would only evaluate the requests after a 5 minute period. So for example. Say you have a single rule for 2000 requests in 5 minutes. Say an IP makes 2000 requests in the 1st minute, then only 10 requests after that for the next 4 minutes. I initially understood that the IP would only be blocked after minute 5 (because WAF evaluates a 5 minute window). But apparently, if the IP exceeds the limit anywhere in that window, it will be locked immediately. So if that IP makes 2000 requests in minute 1, it will actually be blocked from minute 2, 3, 4 and 5. But then will be allowed again from minute 6 onward.
This clarified a lot for me. Having said that, I haven't tested this yet. I assume the AWS support techie knows what he's talking about - but definitely worth testing first.
AWS have now finally released an update which allows the rate limit to go as low as 100 requests every 5 minutes.
Announcement post: https://aws.amazon.com/about-aws/whats-new/2019/08/lower-threshold-for-aws-waf-rate-based-rules/
Using rule twice will not work, because WAF rate based rule will count on cloud watch logs basis, both rule will count 2000 requests separately, so it would not work for you.
You can use AWS-WAF automation cloud front template, and choose lambda/Athena parser, this way, request count will perform on s3 logs basis, also you will be able to block SQL,XSS and bad bot requests.