On Thu, Apr 15, 2021 at 6:38 PM Tim via users <users@lists.fedoraproject.org> wrote:
> On Thu, 2021-04-15 at 11:00 -0700, Jack Craig wrote: > > so my bind config has apparently not worked despite my dig'ing. > > > > an external config checker says it finds no valid IP' for > > linuxlighthouse.com, i am failing http challenge. > > The DNS records need to be fixed before all else. They need to be held > on a public DNS server that propagates them to the other DNS servers. > Holding them on an isolated server won't do you any good, and > referencing that isolated server within the unavailable record is > compounding the problem. > First I get my static IP from AT&T actually a block of eight addresses of which only the first do they agree to pass through. Second this used to work. I get my static IP from AT&T in a block of actually eight addresses only the first of which do they agree to pass through so I have been using DNS via name HTTP HTTPS for some time and only since I've upgraded to fedora 30 to have I had this dns battle . In times past I have managed the system and I thought I had a good handle on it but now clearly I am the problem so I'm gonna have to back up and take another run at it because something is not adding up. When I registered my domain name the records were published in the > registrant's DNS servers. While I may set the IPs that are pointing to > my domain name to find my website, and the MX ones for my mail server, > I leave the nameserver (NS) records pointing to the registrant's DNS > servers. > Networksolutions is my registrar, they provide to the world my domain name my primary and secondary DNS servers so I guess that's the external place where you were referring to? So AT&T provides the internet road, networksolutions provides the signage along the road to my place . isn't it the way it supposed to work? > This is the usual way of doing things. > > Later on, after changing hosting provider, I transferred the DNS > records to *their* domain servers, too. Again, my www and MX records > point to *my* hosting servers, and the NS records point to the *hosts* > DNS servers. > > Usually, the hard work is done for you. When setting up the website, > their system gets you to tell you what name server holds the records, > and their system programs their name server with the data it needs to > hold. Sometimes they screw up, and you have to contact your host and > get them to manually fix things. I've had to do that a few times. > > DNS records are like a family tree, they're researched to find your > records, all the records have to be held on public servers. Boiling > this down to a simplistic example - if I want to browse a site like > www.example.com, my system tries to find the IP for it, if it doesn't > already know the answer (*). The approach is to ask the .com root DNS > server *which* DNS server holds records for example.com, then query > that DNS server for the IP for www.example.com. > > * If, at some stage, your system has looked up a DNS record, it will > cache it for a while (an so can intermediate DNS servers and caching > proxies). If the records change, such as you experimenting, there's a > propagation delay before the changes are noticed elsewhere. This can > be confusing for debugging. > > If your plan is for you to run your webserver on your own computer and > for people to connect to it, you have to find out if that's actually > possible with your ISP. Many will forbid it, or their network > structure makes it nearly impossible. And you'll need to be able to > handle all the attacks you'll be under. There probably isn't a website > on the planet that someone isn't trying to exploit. > I was hoping that wireguard would provide that kind of coverage via vpn.. I have two routers in my access path the first one is the AT&T router and its firewall is set to forward packets only from ports 53 for 43 and 80 those packets alone are forwarded to my internal server internal router which in turn contacts in my server on my 10.0.0 net I thought that having two firewalls between me in the world would be a larger advantage but it sounds like what you're saying is that people can penetrate that no matter what. that's depressing. > But you'll need to get your DNS records sorted before you can worry > about trying to get SSL to work, and they'll need to be hosted outside > of your computer. > My goal was simply to serve files from my server HTTPS to the world that doesn't seem like such a unreasonable goal. comments? > > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
