On Thu, 2021-04-15 at 11:00 -0700, Jack Craig wrote: > so my bind config has apparently not worked despite my dig'ing. > > an external config checker says it finds no valid IP' for > linuxlighthouse.com, i am failing http challenge. The DNS records need to be fixed before all else. They need to be held on a public DNS server that propagates them to the other DNS servers. Holding them on an isolated server won't do you any good, and referencing that isolated server within the unavailable record is compounding the problem. When I registered my domain name the records were published in the registrant's DNS servers. While I may set the IPs that are pointing to my domain name to find my website, and the MX ones for my mail server, I leave the nameserver (NS) records pointing to the registrant's DNS servers. This is the usual way of doing things. Later on, after changing hosting provider, I transferred the DNS records to *their* domain servers, too. Again, my www and MX records point to *my* hosting servers, and the NS records point to the *hosts* DNS servers. Usually, the hard work is done for you. When setting up the website, their system gets you to tell you what name server holds the records, and their system programs their name server with the data it needs to hold. Sometimes they screw up, and you have to contact your host and get them to manually fix things. I've had to do that a few times. DNS records are like a family tree, they're researched to find your records, all the records have to be held on public servers. Boiling this down to a simplistic example - if I want to browse a site like www.example.com, my system tries to find the IP for it, if it doesn't already know the answer (*). The approach is to ask the .com root DNS server *which* DNS server holds records for example.com, then query that DNS server for the IP for www.example.com. * If, at some stage, your system has looked up a DNS record, it will cache it for a while (an so can intermediate DNS servers and caching proxies). If the records change, such as you experimenting, there's a propagation delay before the changes are noticed elsewhere. This can be confusing for debugging. If your plan is for you to run your webserver on your own computer and for people to connect to it, you have to find out if that's actually possible with your ISP. Many will forbid it, or their network structure makes it nearly impossible. And you'll need to be able to handle all the attacks you'll be under. There probably isn't a website on the planet that someone isn't trying to exploit. But you'll need to get your DNS records sorted before you can worry about trying to get SSL to work, and they'll need to be hosted outside of your computer. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
