Let’s Encrypt

Let’s Encrypt Let’s Encrypt is a free, automated, and open certificate authority (CA). It simplifies digital certificates management, providing tools to automatize certificates release, renewal and revocation. Let’s Encrypt supports several methods to make sure that an account key holder is the entity that is requesting certificates for a specific FQDN. One of such methods is known as DNS challenge. GSLB.me can be used as your fully integrated DNS solution to provide letsencrypt with DNS challenges, so that your certificates are automatically released and managed. The certbot script can be used to simplify the whole process.     Certbot official documentation is available here: https://certbot.eff.org/docs/using.html#hooks To use certbot and GSLB.me… Read More

Continue Reading

Configuring and using Recursive DNS

Scenario: You want to use a fully hosted, fast and secure recursive DNS for your network (office, home/home office, branch) You need to protect your internal clients and your whole network from malware activity, from phishing attempts and from botnets at the DNS level – that is – before any harm is done GSLB.me recursive DNS provides you with: Redundant, highly performing recursive DNS Realtime protection from thousands of malicious domains used by malware, phishing attacks, botnets Fully visibility and statistics on your DNS queries, with details on internal clients (private IPs) trying to access malicious/dangerous domains     How to configure it: Log on to GSLB.me using your credentials… Read More

Continue Reading

Configuring and using georouting

Scenario: You have several servers around the world publishing a website or an application that is accessed by users coming from different countries and geographies. You want to be able to decide which server(s) users will reach based on their country/countries of origin, and you want to handle “fallback” scenarios in case one or more servers are not available. GSLB.me georouting allows the creation of an unrestricted number of “routing rules” to achieve flexible, granular and precise DNS balancing and traffic distribution. Georouting rules can be based on: country of origin of the requesting DNS client region of origin of the requesting DNS client ASN (Autonomous System Number) of origin… Read More

Continue Reading

Enabling DNSSEC

Scenario: You need to enable the “Domain Name System Security Extensions” for one authoritative DNS zone you previously configured (please see the “Create an authoritative DNS zone” howto).     How to configure DNSSEC: Log on to GSLB.me using your credentials From the main interface dashboard, click on the authoritative zone you want to enable DNSSEC for   The zone configuration dashboard is then displayed. By default DNSSEC is disabled: click on the “Enabled” switch button to turn it on: After turning on the “Enabled” flag, a warning is displayed to remind you that you will have to send the DS record to your registrar, in order to establish the chain… Read More

Continue Reading

Configuring and using passive checks

Scenario: You need to set up your smart DNS configuration so that the DNS resolution algorithm is driven by externally-fed performance/availability indicators, also known as metrics. In the following configuration example we will assume: the FQDN that will be resolved by clients worldwide is mytest.gslb.eu. This is your website/application host name. you have two servers (targets) that run contents for mytest.gslb.eu: 1 server with IP address 8.8.8.8 1 server with IP address 8.8.4.4 each server is considered available if its CPU load average is < 60% (this is handled by a passive check through metrics pushed to GSLB.me)     How to configure it: Log on to GSLB.me using your… Read More

Continue Reading

Using 2-factor authentication

Scenario: You want to use strong authentication when logging on to GSLB.me to configure and manage your DNS services. GSLB.me administration GUI and REST API are accessed via HTTPS. Enabling 2-factor authentication leverages Google Authenticator to provide One-Time Passwords for Web GUI access.     How to configure it: Log on to GSLB.me using your credentials or register if you still don’t have an account. Username and password are required at this stage: since 2-factor authentication is not enabled yet, the “OTP Code” field can be left blank.   After logging in, select the “Profile” menu at the top of the GUI and select the “2-factor authentication” option.     The 2-factor… Read More

Continue Reading

Importing authoritative zones

Scenario: You want to perform a DNS migration from your current DNS infrastructure (either owned or hosted by a third party) to GSLB.me, and you want to leverage automatic import of your already existing zones. Import must not require manual configuration and must be based on standard DNS zone transfer from your existing authoritative DNS.     How to configure it: Log on to GSLB.me using your credentials or register if you still don’t have an account   The authoritative zones import dashboard can be accessed either by right-clicking on “Customer zones” on the left panel or on the “DNS zones import” icon in the main screen section.    … Read More

Continue Reading

Using Reporting and Data Intelligence

Scenario: You need to keep track and analyze DNS requests and responses for one of your running geohosts by configuring and customizing graphical reports.     How to configure it: Log on to GSLB.me using your credentials or register if you still don’t have an account: To create a new graph from the main screen you can either right-click on the geohost name and select “Reporting engine“: Or you can select the “Geohost reporting engine” from the main panel:   After clicking the “Geohost reporting engine” icon you can select the geohost you want to define graphs for using the dropdown menu:   Accessing the “Geohost reporting engine” brings you… Read More

Continue Reading

Configuring and using DNS firewall

Scenario: You are running a service that is dinamically resolved through a geohost (ie. myservice.gslb.info) and you need to set up security and DNS resolution rules to: respond “NXDOMAIN” (FQDN not found) to all Internet clients running malware that try to resolve myservice.gslb.info always allow (whitelist) DNS resolution from your own public IP subnet (ie. 1.1.1.0/24). DNS resolution will take place according to the geohost configuration (to set up your geohost please refer to one of our howtos listed here below) respond with CNAME “www.google.com” to queries coming from subnet 6.5.4.0/28     How to configure it: Log on to GSLB.me using your credentials or register if you still don’t… Read More

Continue Reading

Create an authoritative DNS zone

Scenario: You want to use GSLB.me as the authoritative DNS for your domain “mydomain.com“. mydomain.com can be a new domain you’re about to register, or it can be an already existing domain.     What you get: flexible IPv4 and IPv6 support support for A, AAAA, ALIAS, CAA, CERT, CNAME, LOC, MX, NS, RP, SOA, SPF, SRV, SSHFP, TXT records dynamic DNS support for as many FQDNs as you need configurable TTL for all records (subscribers only) support for wildcard records works with all Internet top level domains easy migration from your legacy DNS provider fast and advanced web user interface seamless configuration, no need to manage master and slave… Read More

Continue Reading