Re: on to letsencrypt

On Tue, 2021-05-04 at 11:30 -0700, Jack Craig wrote: > i've been challenged finding these rules... > Thx! is this record format spelled out somewhere, RFC??? perhaps There probably is, but I would have learnt this from the BIND documentation years ago, and just kept pace with how BIND rewrites it

Re: on to letsencrypt

On Mon, May 3, 2021 at 6:32 PM Tim via users wrote: > On Mon, 2021-05-03 at 11:56 -0700, Jack Craig wrote: > > i think you are right, i've been wondering about the ns3's behaviour > > as the dnscheck page keeps telling me i have only one responding dns. > > as it is part of the at&t dns, i have b

Re: on to letsencrypt

On Mon, 2021-05-03 at 11:56 -0700, Jack Craig wrote: > i think you are right, i've been wondering about the ns3's behaviour > as the dnscheck page keeps telling me i have only one responding dns. > as it is part of the at&t dns, i have been ignoring this; now is the > time to deal with it > >

Re: on to letsencrypt

thx ed, i spent a whole day a week or so a couple weeks back to verify this secondary dns. i could swear that they said then i provide primary, they provide secondary. i'll pursue this more directly now. On Mon, May 3, 2021 at 1:24 PM Ed Greshko wrote: > On 04/05/2021 02:56, Jack Craig wrote: >

Re: on to letsencrypt

On 04/05/2021 02:56, Jack Craig wrote: That says that ws.linuxlighthouse.com is the one and only name server for the domain. Whereas whois shows the more normal 2 minimum: >whois LINUXLIGHTHOUSE.COM | grep ^Name Name Ser

Re: on to letsencrypt

On 04/05/2021 03:54, Mike Wright wrote: On 5/3/21 11:56 AM, Jack Craig wrote: *as an aside, if i add  'www in a  108.220.213.121'* oops, missed that one ;D Yes.  That is the right way to add a host.  Just duplicate the ws line and change the ws to www. fyi, the line below ws ... without

Re: on to letsencrypt

On 5/3/21 11:56 AM, Jack Craig wrote: *as an aside, if i add 'www in a 108.220.213.121'* oops, missed that one ;D Yes. That is the right way to add a host. Just duplicate the ws line and change the ws to www. fyi, the line below ws ... without a host specified is the one that also a

Re: on to letsencrypt

> Date: Monday, May 03, 2021 12:32:22 -0700 > From: Mike Wright > > On 5/3/21 11:56 AM, Jack Craig wrote: > > >> >> *is my registrar or attdns the player to whine to? > > Your registrar. Your "control panel" should allow you to update > your nameservers yourself. I don't think "whine to" i

Re: on to letsencrypt

On 5/3/21 11:56 AM, Jack Craig wrote: *is my registrar or attdns the player to whine to? Your registrar. Your "control panel" should allow you to update your nameservers yourself. ___ users mailing list -- users@lists.fedoraproject.org To unsubs

Re: on to letsencrypt

On Sun, May 2, 2021 at 1:58 PM Doug H. wrote: > On Sat, May 1, 2021, at 2:50 PM, Ed Greshko wrote: > > > BTW, if you decide to go ahead with using views it would be helpful if > you have > > a system on the "outside" for you to use to test queries. > > > > As I understand it, all your "internal"

Re: on to letsencrypt

On 03/05/2021 04:56, Doug H. wrote: That says that ws.linuxlighthouse.com is the one and only name server for the domain. Whereas whois shows the more normal 2 minimum: whois LINUXLIGHTHOUSE.COM | grep ^Name Name Server: WS.LINUXLIGHTHOUSE.COM Name Server: NS3.ATTDNS.COM So, even if you let

Re: on to letsencrypt

On Sat, May 1, 2021, at 2:50 PM, Ed Greshko wrote: > BTW, if you decide to go ahead with using views it would be helpful if you > have > a system on the "outside" for you to use to test queries. > > As I understand it, all your "internal" systems have 10.0.0.X IP addresses. Yup. Something else

Re: on to letsencrypt

On 01/05/2021 17:28, Jack Craig wrote: On Sat, May 1, 2021 at 2:19 AM Ed Greshko mailto:ed.gres...@greshko.com>> wrote: 2.  Configure your DNS server with, I think the correct term is "views", such that an internal system query returns internal IP addresses (10.0.0.X) and an interna

Re: on to letsencrypt

On Sat, May 1, 2021 at 5:25 AM Ed Greshko wrote: > On 01/05/2021 20:07, Tim via users wrote: > > On Sat, 2021-05-01 at 12:04 +0800, Ed Greshko wrote: > >> You are missing the fact that you attempting to run a *public* DNS > >> server. > >> > >> That means that your DNS server must accept queries

Re: on to letsencrypt

On 5/1/21 10:19 AM, Mike Wright wrote: > On 4/30/21 9:31 PM, Jack Craig wrote: > ps. Here is another set that includes your mailserver data based on the SOA. $TTL 3D; default ttl for records without a specified lifetime $ORIGIN linuxlighthouse.com. @ IN SOA ws.linuxlighthouse.com.

Re: on to letsencrypt

On 4/30/21 9:31 PM, Jack Craig wrote: On Fri, Apr 30, 2021 at 9:05 PM Ed Greshko wrote: On 01/05/2021 11:46, Jack Craig wrote: adding 108.220.213.121 to /etc/resolv.conf also doesnt seem to help... That file has nothing to do with the DNS server. I thought that list of NSs was the NS li

Re: on to letsencrypt

On 4/30/21 1:32 PM, Jack Craig wrote: almost, but no seegar,... i and continuing to have dig lookups for linuxlighthouse.com a is timing out(refused or servfail) anyone see my misconfiguration?? one error i need to address, my domain is 'linuxlighthouse.com' i have mistakenly tried to include

Re: on to letsencrypt

On 01/05/2021 20:05, Tim via users wrote: On Sat, 2021-05-01 at 17:28 +0800, Ed Greshko wrote: If you're not going to serve email and your not going to use email addresses in the linuxlighthouse.com domain then you don't want to define MX records. Or, you have an MX record that points to where

Re: on to letsencrypt

On 01/05/2021 20:07, Tim via users wrote: On Sat, 2021-05-01 at 12:04 +0800, Ed Greshko wrote: You are missing the fact that you attempting to run a *public* DNS server. That means that your DNS server must accept queries from *any* source address. allow-query { any; }; is what you'll nee

Re: on to letsencrypt

On Sat, 2021-05-01 at 12:04 +0800, Ed Greshko wrote: > You are missing the fact that you attempting to run a *public* DNS > server. > > That means that your DNS server must accept queries from *any* source > address. > > allow-query { any; }; > > is what you'll need. Supplemental info: You

Re: on to letsencrypt

On Sat, 2021-05-01 at 17:28 +0800, Ed Greshko wrote: > If you're not going to serve email and your not going to use email > addresses in the linuxlighthouse.com domain then you don't want to > define MX records. Or, you have an MX record that points to where your email is being hosted by something

Re: on to letsencrypt

On 01/05/2021 17:28, Jack Craig wrote: I'll hold off deciding this for the moment, i need some sleep, ... Still, i got a start on views/zones and /etc/named.conf is currently setup as .. * * *view "wan-view" { zone "linuxlighthouse.com " {            type master;    

Re: on to letsencrypt

On Sat, May 1, 2021 at 2:19 AM Ed Greshko wrote: > On 01/05/2021 16:31, Ed Greshko wrote: > > After I sent the previous post I realized what I *think* is your goal. If > I recall you're wanting your > DNS server to service queries from inside your network as well as from > outside. > > As curren

Re: on to letsencrypt

On 01/05/2021 17:16, Jack Craig wrote: Well I'm not going to serve mailbut,  I do want to have my DNS properly configured . so chasing down and resolving all these little issues is next If you're not going to serve email and your not going to use email addresses in the linuxlighthouse.com dom

Re: on to letsencrypt

On 01/05/2021 16:31, Ed Greshko wrote: After I sent the previous post I realized what I *think* is your goal.  If I recall you're wanting your DNS server to service queries from inside your network as well as from outside. As currently configured your DNS server is acting as an external/public

Re: on to letsencrypt

On Sat, May 1, 2021 at 1:32 AM Ed Greshko wrote: > On 01/05/2021 15:31, Jack Craig wrote: > > seems t be working better, how many holes do you see at this point?? > > Since this now works > Well let's say it's limping along, as you point out below, it has some issues but that's great huge s

Re: on to letsencrypt

On 01/05/2021 15:31, Jack Craig wrote: seems t be working better, how many holes do you see at this point?? Since this now works [egreshko@meimei ~]$ host ws.linuxlighthouse.com ws.linuxlighthouse.com has address 108.220.213.121 ws.linuxlighthouse.com mail is handled by 10 ws.linuxlighthou

Re: on to letsencrypt

On Fri, Apr 30, 2021 at 10:14 PM Ed Greshko wrote: > On 01/05/2021 12:31, Jack Craig wrote: > > > > > > On Fri, Apr 30, 2021 at 9:05 PM Ed Greshko > wrote: > > > > On 01/05/2021 11:46, Jack Craig wrote: > > > adding 108.220.213.121 to /etc/resolv.conf also

Re: on to letsencrypt

On 01/05/2021 12:31, Jack Craig wrote: On Fri, Apr 30, 2021 at 9:05 PM Ed Greshko mailto:ed.gres...@greshko.com>> wrote: On 01/05/2021 11:46, Jack Craig wrote: > adding 108.220.213.121 to /etc/resolv.conf  also doesnt seem to help... That file has nothing to do with the DNS server

Re: on to letsencrypt

On Sun, Apr 18, 2021 at 12:59 PM Ed Greshko wrote: > On 19/04/2021 03:18, Jack Craig wrote: > > > > > > On Fri, Apr 16, 2021 at 12:52 PM Doug H. > wrote: > > > > On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote: > > > On 16/04/2021 17:19, Ed Gresh

Re: on to letsencrypt

On Fri, Apr 30, 2021 at 9:05 PM Ed Greshko wrote: > On 01/05/2021 11:46, Jack Craig wrote: > > adding 108.220.213.121 to /etc/resolv.conf also doesnt seem to help... > > That file has nothing to do with the DNS server. > I thought that list of NSs was the NS list used to resolve any lookup, yet

Re: on to letsencrypt

On 01/05/2021 11:46, Jack Craig wrote: adding 108.220.213.121 to /etc/resolv.conf  also doesnt seem to help... That file has nothing to do with the DNS server. -- Remind me to ignore comments which aren't germane to the thread. ___ users mailing list

Re: on to letsencrypt

On 01/05/2021 11:28, Jack Craig wrote: On Fri, Apr 30, 2021 at 3:03 PM Ed Greshko mailto:ed.gres...@greshko.com>> wrote: > > >     [egreshko@meimei ~]$ host cnn.com > 108.220.213.121 >     Using domain server: >     Name:

Re: on to letsencrypt

adding 108.220.213.121 to /etc/resolv.conf also doesnt seem to help... On Fri, Apr 30, 2021 at 8:28 PM Jack Craig wrote: > > > On Fri, Apr 30, 2021 at 3:03 PM Ed Greshko wrote: > >> On 01/05/2021 04:32, Jack Craig wrote: >> > almost, but no seegar,... >> > >> > i and continuing to have dig loo

Re: on to letsencrypt

On Fri, Apr 30, 2021 at 3:03 PM Ed Greshko wrote: > On 01/05/2021 04:32, Jack Craig wrote: > > almost, but no seegar,... > > > > i and continuing to have dig lookups for linuxlighthouse.com < > http://linuxlighthouse.com> a is timing out(refused or servfail) > > > > anyone see my misconfiguratio

Re: on to letsencrypt

On 01/05/2021 04:32, Jack Craig wrote: almost, but no seegar,... i and continuing to have dig lookups for linuxlighthouse.com a  is timing out(refused or servfail) anyone see my misconfiguration?? one error i need to address, my domain is 'linuxlighthouse.com

Re: on to letsencrypt

almost, but no seegar,... i and continuing to have dig lookups for linuxlighthouse.com a is timing out(refused or servfail) anyone see my misconfiguration?? one error i need to address, my domain is 'linuxlighthouse.com' i have mistakenly tried to include ws.linuxlighthouse.com & www.linuxlight

Re: on to letsencrypt

This is wonderful ED, Thank YOU!! first tho, a backup of key files... On Fri, Apr 23, 2021 at 7:37 PM Ed Greshko wrote: > On 24/04/2021 10:29, Jack Craig wrote: > > ok, done. now we have, > > > > > > Apr 23 19:25:59 ws.linuxlighthouse.com > named[6483]: usin

Re: on to letsencrypt

On 24/04/2021 10:29, Jack Craig wrote: ok, done. now we have, Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: using 7 UDP listeners per interface Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: listening on IPv6 inte

Re: on to letsencrypt

ok, done. now we have, systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2021-04-23 19:25:59 PDT; 39s ago Process: 6480 ExecSta

Re: on to letsencrypt

On 24/04/2021 10:13, Jack Craig wrote: Maybe send your current named.conf?  attaching isnt happening for some reason so i'l need to inline it. it should be exactly as you sent me, pls yell if not so? Ahhh.  the file you sent me contains exactly what it *should not* contain. The fi

Re: on to letsencrypt

On Fri, Apr 23, 2021 at 6:24 PM Ed Greshko wrote: > On 24/04/2021 08:47, Jack Craig wrote: > > since you've been guiding, i have changed only as guided,... rebooting, > ... > > Well, I don't think this is exactly correct. > > As I noted, the incorrect output started on 4/16 > > Apr 16 11:55:33 w

Re: on to letsencrypt

On 24/04/2021 08:47, Jack Craig wrote: since you've been guiding, i have  changed only as guided,... rebooting, ... Well, I don't think this is exactly correct. As I noted, the incorrect output started on 4/16 Apr 16 11:55:33 ws.linuxlighthouse.com named[49681

Re: on to letsencrypt

*post reboot* *systemctl status named* ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2021-04-23 17:51:14 PDT; 5s ago Process: 3507 ExecStartPre=/bin/ba

Re: on to letsencrypt

since you've been guiding, i have changed only as guided,... rebooting, ... On Fri, Apr 23, 2021 at 5:20 PM Ed Greshko wrote: > On 24/04/2021 08:00, Jack Craig wrote: > > ps -ax | grep named > > 1814955 pts/4S+ 0:00 sudo vi /etc/named.conf > > 1814962 pts/4S+ 0:00 /usr/bin/vim

Re: on to letsencrypt

On 24/04/2021 08:00, Jack Craig wrote: ps -ax | grep named 1814955 pts/4    S+     0:00 sudo vi /etc/named.conf 1814962 pts/4    S+     0:00 /usr/bin/vim /etc/named.conf 1815795 ?        Ssl    0:09 /usr/sbin/named -u named -c /etc/named.conf 1825164 pts/0    S+     0:00 grep --color=auto named [

Re: on to letsencrypt

ps -ax | grep named 1814955 pts/4S+ 0:00 sudo vi /etc/named.conf 1814962 pts/4S+ 0:00 /usr/bin/vim /etc/named.conf 1815795 ?Ssl0:09 /usr/sbin/named -u named -c /etc/named.conf 1825164 pts/0S+ 0:00 grep --color=auto named [root@ws named$ [root@ws named$ ncat -l 10

Re: on to letsencrypt

On 24/04/2021 07:13, Ed Greshko wrote: On 24/04/2021 06:40, Jack Craig wrote: netstat -nap | grep named tcp        0      0 127.0.0.1:53        0.0.0.0:*             LISTEN      1815795/named tcp        0      0 127.0.0.1:953         0.0.0.0:*      

Re: on to letsencrypt

On 24/04/2021 06:40, Jack Craig wrote: netstat -nap | grep named tcp        0      0 127.0.0.1:53            0.0.0.0:*             LISTEN      1815795/named tcp        0      0 127.0.0.1:953           0.0.0.0:*             LISTEN      1815795/named t

Re: on to letsencrypt

netstat -nap | grep named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 1815795/named tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1815795/named tcp6 0 0 ::1:53 :::*LISTEN 18157

Re: on to letsencrypt

On 24/04/2021 02:49, Jack Craig wrote: named now comes up just fine. how do i verify the correct binding by interface has been done? The output of sudo netstat -nap | grep named Also, please provide the output of systemctl --no-pager -l status named -- Remind me to ignore comments which

Re: on to letsencrypt

On Wed, Apr 21, 2021 at 7:08 PM Ed Greshko wrote: > On 22/04/2021 04:47, Jack Craig wrote: > > > > i have zone files for llh & reverse zone > > Oh, BTW, there is very little point in defining > > zone "213.220.108.in-addr.arpa" { > type master; > > You only have been assigned

Re: on to letsencrypt

On Thu, 2021-04-22 at 14:32 +0800, Ed Greshko wrote: > I should have mentioned, not talking about other places, but here in > Taiwan it seems the TTL on dynamic IP's is rather long. My nephew, > while he doesn't run a web server, has told me he gets the same IP > address even if his notebook has b

Re: on to letsencrypt

On 22/04/2021 13:50, Ed Greshko wrote: On 22/04/2021 13:30, Tim via users wrote: On Thu, 2021-04-22 at 12:23 +0800, Ed Greshko wrote: No need for that if you're using a good registrar. My registrar supports Dynamic DNS Records. FWIW, the OP has indicated early on that he has 6 usable static I

Re: on to letsencrypt

On 22/04/2021 13:33, Tim via users wrote: On Thu, 2021-04-22 at 10:08 +0800, Ed Greshko wrote: And why expose services to the world that are open to attack if you can have them hosted elsewhere? I suppose we should explicitly point out: All servers can be attacked, and that includes DNS server

Re: on to letsencrypt

On 22/04/2021 13:30, Tim via users wrote: On Thu, 2021-04-22 at 12:23 +0800, Ed Greshko wrote: No need for that if you're using a good registrar. My registrar supports Dynamic DNS Records. FWIW, the OP has indicated early on that he has 6 usable static IP addresses. Even with support for DDNS

Re: on to letsencrypt

On Thu, 2021-04-22 at 10:08 +0800, Ed Greshko wrote: > And why expose services to the world that are open to attack if you > can have them hosted elsewhere? I suppose we should explicitly point out: All servers can be attacked, and that includes DNS servers. So if you run your own, you need to k

Re: on to letsencrypt

On Thu, 2021-04-22 at 12:23 +0800, Ed Greshko wrote: > No need for that if you're using a good registrar. > > My registrar supports Dynamic DNS Records. > > FWIW, the OP has indicated early on that he has 6 usable static IP > addresses. Even with support for DDNS, I wouldn't use it for a real we

Re: on to letsencrypt

On 22/04/2021 03:42, Joe Zeff wrote: On 4/21/21 12:56 PM, Tim via users wrote: My "simple" method would be to configure your public DNS records on your registrar, and let them serve them to the publid. This will work fine, if and only if you have a static IP.  If not, you can use a public dyn

Re: on to letsencrypt

On 22/04/2021 04:47, Jack Craig wrote: i have zone files for llh & reverse zone Oh, BTW, there is very little point in defining     zone "213.220.108.in-addr.arpa" {    type master; You only have been assigned 8 IP addresses (6 usable + network + broadcast) within the zone out of

Re: on to letsencrypt

On 22/04/2021 04:47, Jack Craig wrote:  all but named.empty are empty.  cat *named.empty $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 ::1* i have zone files for llh & reverse zone Well, there is "this" problem.  I thi

Re: on to letsencrypt

On 4/21/21 1:37 PM, Jack Craig wrote: On Wed, Apr 21, 2021 at 12:31 PM Tim via users < users@lists.fedoraproject.org> wrote: On Wed, 2021-04-21 at 11:47 -0700, Jack Craig wrote: b) You have a public domain name. Your registrar can handle public queries for its data, and doesn't need to know an

Re: on to letsencrypt

On Wed, Apr 21, 2021 at 1:06 PM Ed Greshko wrote: > On 22/04/2021 02:39, Jack Craig wrote: > > Apr 21 11:36:07 ws.linuxlighthouse.com > bash[1451129]: zone localhost.localdomain/IN: has 0 SOA records > > Apr 21 11:36:07 ws.linuxlighthouse.com

Re: on to letsencrypt

On Wed, Apr 21, 2021 at 12:31 PM Tim via users < users@lists.fedoraproject.org> wrote: > On Wed, 2021-04-21 at 11:47 -0700, Jack Craig wrote: > > perhaps in the meantime you could outline how to configure my setup > > for your simler, /etc/hosts approach? > > I suppose that before going into mass

Re: on to letsencrypt

On 22/04/2021 02:39, Jack Craig wrote: Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost.localdomain/IN: has 0 SOA records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost.localdomain/IN: has

Re: on to letsencrypt

On 4/21/21 12:56 PM, Tim via users wrote: My "simple" method would be to configure your public DNS records on your registrar, and let them serve them to the publid. This will work fine, if and only if you have a static IP. If not, you can use a public dynamic DNS service such as DNSEXit.com

Re: on to letsencrypt

On Wed, 2021-04-21 at 11:47 -0700, Jack Craig wrote: > perhaps in the meantime you could outline how to configure my setup > for your simler, /etc/hosts approach? I suppose that before going into masses of technicalities, what does your system actually *need* to do? a) We know you're intending t

Re: on to letsencrypt

On Wed, 2021-04-21 at 11:39 -0700, Jack Craig wrote: > -- A start job for unit named.service has begun execution. > -- > -- The job identifier is 28649. > Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone > localhost.localdomain/IN: has 0 SOA records > Apr 21 11:36:07 ws.linuxlighthouse.

Re: on to letsencrypt

Tim: >> Once you've dealt with that, you can consider whether you really >> want to do split DNS (answering outside queries with your public >> IPs, and internal queries with your internal IPs), or whether you >> let your register handle all outside queries (I would), or whether >> you use differen

Re: on to letsencrypt

the results of the caching test aren't too encouraging, the error msg doesnt tell me much, recommended next step is? perhaps in the meantime you could outline how to configure my setup for your simler, /etc/hosts approach? tia, jackc... On Wed, Apr 21, 2021 at 11:21 AM Jack Craig wrote: > >

Re: on to letsencrypt

-- A start job for unit named.service has begun execution. -- -- The job identifier is 28649. Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost.localdomain/IN: has 0 SOA records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost.localdomain/IN: has no NS record

Re: on to letsencrypt

ed, i found the caching file test, results shortly,... On Wed, Apr 21, 2021 at 11:21 AM Jack Craig wrote: > > > On Wed, Apr 21, 2021 at 12:48 AM Tim via users < > users@lists.fedoraproject.org> wrote: > >> Tim: >> >> Does your computer actually recognise one of its WAN ports as being >> >> that

Re: on to letsencrypt

On Wed, Apr 21, 2021 at 12:48 AM Tim via users < users@lists.fedoraproject.org> wrote: > Tim: > >> Does your computer actually recognise one of its WAN ports as being > >> that IP?(108.220.213.121) > > Jack Craig: > > Apparently not > > > > I can do a telnet connect to IP for port 53 from 10.0

Re: on to letsencrypt

ed, would you resend that caching cfg file; i cant find that email any where!! :( sorry,... On Wed, Apr 21, 2021 at 12:48 AM Tim via users < users@lists.fedoraproject.org> wrote: > Tim: > >> Does your computer actually recognise one of its WAN ports as being > >> that IP?(108.220.213.121)

Re: on to letsencrypt

Tim: >> Does your computer actually recognise one of its WAN ports as being >> that IP?(108.220.213.121) Jack Craig: > Apparently not > > I can do a telnet connect to IP for port 53 from 10.0.0.1 & localhost > > 10.0.0.101 and the external IP do not connect > > As my external IP is being s

Re: on to letsencrypt

i'll do it first thing in the am and report results. THANKS!!! On Tue, Apr 20, 2021 at 8:02 PM Ed Greshko wrote: > On 21/04/2021 10:27, Jack Craig wrote: > > named.service > > > > it? > > ps -eaf | grep named > > named1263562 1 0 13:59 ?00:00:05 /usr/sbin/named > -

Re: on to letsencrypt

On 21/04/2021 10:27, Jack Craig wrote: named.service it? ps -eaf | grep named named    1263562       1  0 13:59 ?        00:00:05 /usr/sbin/named -u named -c /etc/named.conf -4 root     1280487  311233  0 19:09 pts/0    00:00:00 grep --color=auto named It almost sounds as i

Re: on to letsencrypt

On Tue, Apr 20, 2021 at 4:16 PM Ed Greshko wrote: > On 21/04/2021 03:36, Jack Craig wrote: > > netstat -nap | grep named > > > > tcp0 0 127.0.0.1:53 > 0.0.0.0:* LISTEN 1090819/named > > tcp0 0 127.0.0.1:953 > 0

Re: on to letsencrypt

On 21/04/2021 03:36, Jack Craig wrote: netstat -nap | grep named tcp        0      0 127.0.0.1:53            0.0.0.0:*           LISTEN      1090819/named tcp        0      0 127.0.0.1:953           0.0.0.0:*           LISTEN      1090819/named udp

Re: on to letsencrypt

On Tue, Apr 20, 2021 at 5:47 AM Tim via users wrote: > On Tue, 2021-04-20 at 03:09 -0700, Jack Craig wrote: > > attached named.conf > > It has the following lines in it: > > listen-on port 53 { 127.0.0.1; 10.0.0.1; 108.220.213.121; }; > allow-query { localhost; 10.0.0.1; 108.220.213.1

Re: on to letsencrypt

On Tue, Apr 20, 2021 at 6:24 AM Ed Greshko wrote: > On 20/04/2021 20:47, Tim via users wrote: > > I can see reasons to be your own webserver (e.g. not having to pay more > > for someone else to do it, you can configure your server any that way > > you like, etc). But when you register a domain n

Re: on to letsencrypt

On Tue, Apr 20, 2021 at 4:30 AM Ed Greshko wrote: > On 20/04/2021 18:09, Jack Craig wrote: > > attached named.conf > > Well a quick look and it doesn't seem too bad. First a couple of > questions. > > 1. Why did you use "acl" statements and then not refer to them? > This file has been the side

Re: on to letsencrypt

On 20/04/2021 20:47, Tim via users wrote: I can see reasons to be your own webserver (e.g. not having to pay more for someone else to do it, you can configure your server any that way you like, etc). But when you register a domain name, you're already paying for someone to host your DNS records,

Re: on to letsencrypt

On 20/04/2021 20:47, Tim via users wrote: I can see reasons to be your own webserver (e.g. not having to pay more for someone else to do it, you can configure your server any that way you like, etc). But when you register a domain name, you're already paying for someone to host your DNS records,

Re: on to letsencrypt

On Tue, 2021-04-20 at 03:09 -0700, Jack Craig wrote: > attached named.conf It has the following lines in it: listen-on port 53 { 127.0.0.1; 10.0.0.1; 108.220.213.121; }; allow-query { localhost; 10.0.0.1; 108.220.213.121; }; Does your computer actually recognise one of its WAN ports

Re: on to letsencrypt

On 20/04/2021 18:09, Jack Craig wrote: attached named.conf Well a quick look and it doesn't seem too bad.  First a couple of questions. 1.  Why did you use "acl" statements and then not refer to them? 2.  Did you mean this?     /* allow-recursion { 10.0.0.0/24; };     allow-recursio

Re: on to letsencrypt

attached named.conf registrar = network solutions where they reference => ns3.attdns.com & ws.llinuxlighthouse.com On Tue, Apr 20, 2021 at 12:02 AM Ed Greshko wrote: > On 20/04/2021 13:32, Jack Craig wrote: > > > > the second problem is the secondary IP as identified by AT&T to be my > sec

Re: on to letsencrypt

On 20/04/2021 13:32, Jack Craig wrote: the second problem is the secondary IP as identified by AT&T  to be my secondary refusing to reply  is refusing to provide answers BTW, this may have been answered but I can't find it in the 2 threads. Who is your registrar? -- Remind me to ignore comm

Re: on to letsencrypt

On 20/04/2021 13:32, Jack Craig wrote: Well as of tomorrow morning I will be down to two problems the first problem is my primary DNS server is not listening / connecting g/conneenin on external IP As port 53 is still closed you may want to post your named.conf -- Remind me to ignore comment

Re: on to letsencrypt

Well as of tomorrow morning I will be down to two problems the first problem is my primary DNS server is not listening / connecting g/conneenin on external IP the second problem is the secondary IP as identified by AT&T to be my secondary refusing to reply is refusing to provide answers below

Re: on to letsencrypt

On 20/04/2021 10:02, Jack Craig wrote: Sorry it's been a long day on the phone with AT&T only to find out I got nowhere yeah I'm tired I made a few mistakes today my apologies OK. Well let us know when you think you have thinks working.  I see you've not yet configured it at 12:50GMT+8. [root

Re: on to letsencrypt

Sorry it's been a long day on the phone with AT&T only to find out I got nowhere yeah I'm tired I made a few mistakes today my apologies thanks for your corrections now that's what's really important is what's the right thing to do so again thanks for your help On Mon, Apr 19, 2021 at 6:57 PM Ed

Re: on to letsencrypt

On 20/04/2021 09:27, Jack Craig wrote: on the other hand, ... ;O nmap -sS 108.220.213.121 Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-19 18:26 PDT Nmap scan report for ws (108.220.213.121) Host is up (0.0014s latency). Not shown: 994 closed ports PORT      STATE SERVIC

Re: on to letsencrypt

On 20/04/2021 09:25, Jack Craig wrote: On Mon, Apr 19, 2021 at 5:27 PM Ed Greshko mailto:ed.gres...@greshko.com>> wrote: On 20/04/2021 07:31, Jack Craig wrote: > > > On Mon, Apr 19, 2021 at 3:11 PM Ed Greshko mailto:ed.gres...@greshko.com>

Re: on to letsencrypt

on the other hand, ... ;O nmap -sS 108.220.213.121 Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-19 18:26 PDT Nmap scan report for ws (108.220.213.121) Host is up (0.0014s latency). Not shown: 994 closed ports PORT STATE SERVICE 80/tcpopen http 443/tcp open https 631/tcp open

Re: on to letsencrypt

On Mon, Apr 19, 2021 at 5:27 PM Ed Greshko wrote: > > On 20/04/2021 07:31, Jack Craig wrote: > > > > > > On Mon, Apr 19, 2021 at 3:11 PM Ed Greshko > wrote: > > > > On 19/04/2021 03:18, Jack Craig wrote: > > > > > > On Fri, Apr 16, 2021, at 10:56 AM

Re: on to letsencrypt

On 20/04/2021 07:31, Jack Craig wrote: On Mon, Apr 19, 2021 at 3:11 PM Ed Greshko mailto:ed.gres...@greshko.com>> wrote: On 19/04/2021 03:18, Jack Craig wrote: > >     On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote: >     > On 16/04/2021 17:19, Ed Greshko wrote: >   

Re: on to letsencrypt

On Mon, Apr 19, 2021 at 3:11 PM Ed Greshko wrote: > On 19/04/2021 03:18, Jack Craig wrote: > > > > On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote: > > > On 16/04/2021 17:19, Ed Greshko wrote: > > > > On 16/04/2021 10:35, Jack Craig wrote: > > > >> First I get my static IP fro

Re: on to letsencrypt

On 19/04/2021 03:18, Jack Craig wrote: On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote: > On 16/04/2021 17:19, Ed Greshko wrote: > > On 16/04/2021 10:35, Jack Craig wrote: > >> First I get my static IP from AT&T actually a block of eight addresses of which only the first do

Re: on to letsencrypt

On 19/04/2021 03:18, Jack Craig wrote: On Fri, Apr 16, 2021 at 12:52 PM Doug H. mailto:fedoraproject@wombatz.com>> wrote: On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote: > On 16/04/2021 17:19, Ed Greshko wrote: > > On 16/04/2021 10:35, Jack Craig wrote: > >> First I ge

  1   2   >