netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
May 22, 2010
Check connected IPs to port 80 and number of connections on linux
May 17, 2010
How to check domain NS glue records using dig
Lets check microsoft.com NS glue records by dig command.
As it is a .com domain first we should check root servers for .com by the following command :
dig NS com
Result :
com. 22124 IN NS d.gtld-servers.net. com. 22124 IN NS f.gtld-servers.net. com. 22124 IN NS a.gtld-servers.net. com. 22124 IN NS c.gtld-servers.net. com. 22124 IN NS g.gtld-servers.net. com. 22124 IN NS i.gtld-servers.net. com. 22124 IN NS l.gtld-servers.net. com. 22124 IN NS m.gtld-servers.net. com. 22124 IN NS k.gtld-servers.net. com. 22124 IN NS e.gtld-servers.net. com. 22124 IN NS h.gtld-servers.net. com. 22124 IN NS b.gtld-servers.net. com. 22124 IN NS j.gtld-servers.net.
We can choose any root server for next query , I will choose m.gtld-servers.net :
dig NS microsoft.com @m.gtld-servers.net
Result :
;; AUTHORITY SECTION: microsoft.com. 172800 IN NS ns1.msft.net. microsoft.com. 172800 IN NS ns2.msft.net. microsoft.com. 172800 IN NS ns3.msft.net. microsoft.com. 172800 IN NS ns4.msft.net. microsoft.com. 172800 IN NS ns5.msft.net. ;; ADDITIONAL SECTION: ns1.msft.net. 172800 IN A 65.55.37.62 ns2.msft.net. 172800 IN A 64.4.59.173 ns3.msft.net. 172800 IN A 213.199.161.77 ns4.msft.net. 172800 IN A 207.46.75.254 ns5.msft.net. 172800 IN A 65.55.226.140
OK we are done , the ADDITIONAL SECTION in last query contains the glue records :
ns1.msft.net. 172800 IN A 65.55.37.62 ns2.msft.net. 172800 IN A 64.4.59.173 ns3.msft.net. 172800 IN A 213.199.161.77 ns4.msft.net. 172800 IN A 207.46.75.254 ns5.msft.net. 172800 IN A 65.55.226.140
May 11, 2010
“ASN1 bad tag value met” error when processing a certificate request in IIS 7
We’ve seen a few instances of the following error message on 64 bit servers when IIS 7.0 is attempting to process a pending certificate request:
Complete Certificate Request There was an error while performing this operation. Details: CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267)
This error seems to mean that the private key (created when the certificate request was made) does not match the public key (the .crt file). The keypair is not successfully joined into a working SSL certificate.
So far this behavior seems most common with .crt files (instead of the .cer files many of us are more used to) issued by one specific Certification Authority—which will remain nameless here.
The error shows up after reaching the point in the process where you ‘specify certificate authority response’ and guide the wizard to the ‘File name containing the certification authority’s response…’ (the .crt file).
Solution :
Begin by importing the .crt file into the Personal certificate store for the local computer. (Start button > Run: MMC > File Menu > Add/Remove Snap-in > highlight Certificates snap-in and click the ADD button > select Computer Account and click Finish > Click OK > drill into Personal > Certificates > right-click and select All Tasks > select Import > guide to the .crt file.) At this point your certificate is basically a half-certificate. It is still missing its private key.
Second, double-click the crt certificate file you just imported, select the Details tab, scroll all the way down to Thumbprint and highlight Thumbprint. In the lower pane, block and copy all the letters of the thumbprint. Paste the thumbprint characters into notepad. Open the command prompt and run this command: Certutil /?
The command you’ll want to run is:
certutil -repairstore my "{insert all of the thumbprint characters here}"
When you see the response: “CertUtil: -repairstore command completed successfully” you should have a private key associated with the .crt file in the personal store. There should no longer be any need to run through the “Complete Certificate Request…” wizard. The certificate should show up in the IIS Manager’s list of server certificates at this point. It should also be available in the SSL Certificates drop-down list when attempting to edit the https binding for a website.