On Sat, May 1, 2021 at 1:32 AM Ed Greshko <ed.gres...@greshko.com> wrote:
> On 01/05/2021 15:31, Jack Craig wrote: > > seems t be working better, how many holes do you see at this point?? > > Since this now works.... > Well let's say it's limping along, as you point out below, it has some issues but that's great huge step for me thanks to you guys > > [egreshko@meimei ~]$ host ws.linuxlighthouse.com > ws.linuxlighthouse.com has address 108.220.213.121 > ws.linuxlighthouse.com mail is handled by 10 ws.linuxlighthouse.com. > > I'd say you're very close. People outside of your network can now query > just fine. > > Yes the proverbial devil in the details As for holes..... > > 1. If you are going to host an email server then you have some changes to > make. > Well I'm not going to serve mailbut, I do want to have my DNS properly configured . so chasing down and resolving all these little issues is next Normally email addresses are "domain" addresses as opposed to "host" > addreses. > So, you'd normally want your email address to be e.g. " > j...@linuxlighthouse.com". > But you don't have an MX record for your domain. You have it for a host. > I actually have a host to serve this IP number so this error too must go what's 'not clear to me is how I can expose that host/ip through my firewall configuration but in either case I want to get this MX configuration correct > [egreshko@meimei ~]$ host ws.linuxlighthouse.com > ws.linuxlighthouse.com has address 108.220.213.121 > ws.linuxlighthouse.com mail is handled by 10 ws.linuxlighthouse.com. > > You'd really want these returns (I've, of course, made those up) > > [egreshko@meimei ~]$ host linuxlighthouse.com > linuxlighthouse.com has address 108.220.213.121 > linuxlighthouse.com mail is handled by 10 ws.linuxlighthouse.com. > > and > > [egreshko@meimei ~]$ host ws.linuxlighthouse.com > ws.linuxlighthouse.com has address 108.220.213.121 > > 2. You now want to fix your named.conf to have "recursion no;" The > default is "yes". > You don't want your DNS server acting as a server every domain. If > someone queries > your server directly you want it to return (using cnn.com as the example). > This recursion option has been turned off right now , thank you for that Host cnn.com not found: 5(REFUSED) > > 3. And, I think you already know this, your web server's cert is wrong. > The security > report is > It's a result of a confusion on my part about the difference between domain names and subdomains, i am updating letsencrypt now and looking to verify my ssl layer is setup correctly. > This server could not prove that it is linuxlighthouse.com; its security > certificate is from ws.linuxlighthouse.com. This may be caused by a > misconfiguration or an attacker intercepting your connection > Linuxlighthouse.com is the domain name ,ws.linuxlighthouse.com is the DNS servers' name. It's definitely misconfiguration. in this case there's nothing on this side of the firewall that any attacker would want :( > > > > -- > Remind me to ignore comments which aren't germane to the thread. > > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
