This document is intended for support and customers who use in house installation of HyperDoc Online (HIS Server). This basic document might not be complete or work on all systems and DNS configuration panels.
Java applet can perform various security checks that we cannot control, so that even if Java applet is run on client it might want to do reverse DNS look-up on HIS server. Common problems that might be caused by improper configuration of DNS include:
Slow load time for applets and/or Errors during applet execution (eg. Error receiving XML file)
When the applet is loaded, it performs some security checks (if the domain is ”safe”). This is done using normal port and if not successful, using 137 UDP port – this port is closed on any normal firewall due to security reasons.
If the DNS server does not support reverse DNS record ( or so called PTR) it will take a long time for java applet to load.
Load time difference is significant and on a sample server was:
Initial load of HIS from HyperHouse (with fix: 15 seconds, was 30 seconds)
Initial document load (with fix: 3 sec, was 8)
Initial load of print preview (with fix: 3, was 8-10)
Normal HOPA is not affected as it is not using any Java components. HopaEX can be affected. In some cases also depending on Java version and error can be seen instead of an image / data.
To verify if DNS configuration is an issue, you can perform client side check by telling your computer how to resolve the domain in question properly:
Lets say your HIS is running on domain.com/his.
To find out what is the IP address open CMD (Command prompt in Windows) and use ping command.
You should receive Reply from... with an IP address. Use this IP address to create PTR record in your local hosts file:
Find your hosts file in:
C:\windows\system32\drivers\etc\hostsand add the following line: [
IPaddress returned by ping] domain.com
This will allow Java applet to do reverse DNS lookup, even if domain.com does not support this. If it helps this means that domain.com administrators must enable and properly configure reverse DNS for their domain (PTR record). You will find an example on how to do that later in this document.
Crossdomain.xml required by HIS applets
We do not contact any external domains so the crossdomain.xml file should not be necessary.
Even if we do not know why (because we cannot reverse engineer Java Applets) it helps in some
cases and for example is used for all HyperHouse services. You can find countless examples on the
internet when people complain about how Java handles ”crossdomain” problem.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy>
Java expects presence of crossdomain.xml file in root folder of web server.
To be sure that this file exists please perform two tests:
Use standard url to receive file:
http://domain.com/crossdomain.xmlUse
IP-based url to receive file.http://195.123.123.123/crossdomain.xml
Startup DNS configuration utility:
In DNS Manager, please note that there are Forward and Reverse Lookup Zones. First level of his.domain.com is registered by your ISP. Next level can be registered by you in your DNS manager. If you have multiple services like:
service1.domain.com, service2.domain.com....serviceN.domain.com
You can use a trick and register only www.domain.com with your ISP.
If you want to add proper Pointer record (PTR) in this example, a reverse zone must be defined first (in this case 129.149.195.in-addr.arpa).
Than you can simply select checkbox and the pointer will be added while registering Forward Lookup Zones.
If your pointer was not added, you can add it manually. Please note the reverse order of IP. 129.149.195.in-addr.arpa is correct zone for 195.149.129.xxx address.
The dot at the end of cadq.tessel.pl. is not a typo mistake.
You can use this test website to check whether your domain supports PTR:
http://www.kloth.net/services/nslookup.php
This is incorrect result:
Any service under 195.149.129.43 will fail PTR check.
And this is the correct result:
Any service under 195.149.129.42 will pass PTR check.
Tested service is under demo.hyperhouse.se and the returned domain from PTR is www.hyperhouse.se.
As we can see only the first level must match.
If a new update of Java will require full compatibility (that is PTR = demo.hyperhouse.se) it will not work.
We are unable to register all of our services (abc.hyperhouse.se) with Interoute as they require a minimum of 32 addresses
