Re: on to letsencrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Thu, Apr 15, 2021 at 6:38 PM Tim via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On Thu, 2021-04-15 at 11:00 -0700, Jack Craig wrote:
> so my bind config has apparently not worked despite my dig'ing.
>
> an external config checker says it finds no valid IP' for
> linuxlighthouse.com, i am failing http challenge.

The DNS records need to be fixed before all else.  They need to be held
on a public DNS server that propagates them to the other DNS servers.
Holding them on an isolated server won't do you any good, and
referencing that isolated server within the unavailable record is
compounding the problem.

First I get my static IP from AT&T actually a block of eight addresses of which only the first do they agree to pass through. 


Second this used to work. I get my static IP from AT&T in a block of actually eight addresses only the first of which do they agree to pass through so I have been using DNS via name HTTP HTTPS for some time and only since I've upgraded to fedora 30 to have I had this dns battle .

 In times past I have managed the system and I thought I had a good handle on it but now clearly I am the problem so I'm gonna have to back up and take another run at it because something is not adding up.

When I registered my domain name the records were published in the
registrant's DNS servers.  While I may set the IPs that are pointing to
my domain name to find my website, and the MX ones for my mail server,
I leave the nameserver (NS) records pointing to the registrant's DNS
servers.

Networksolutions is my registrar, they provide to the world my domain name my primary and
secondary DNS servers so I guess that's the external place where you were referring to?

So AT&T provides the internet road, networksolutions provides the signage along the road to my place .

isn't it the way it supposed to work?


This is the usual way of doing things.

Later on, after changing hosting provider, I transferred the DNS
records to *their* domain servers, too.  Again, my www and MX records
point to *my* hosting servers, and the NS records point to the *hosts*
DNS servers.

Usually, the hard work is done for you.  When setting up the website,
their system gets you to tell you what name server holds the records,
and their system programs their name server with the data it needs to
hold.  Sometimes they screw up, and you have to contact your host and
get them to manually fix things.  I've had to do that a few times.

DNS records are like a family tree, they're researched to find your
records, all the records have to be held on public servers.  Boiling
this down to a simplistic example - if I want to browse a site like
www.example.com, my system tries to find the IP for it, if it doesn't
already know the answer (*).  The approach is to ask the .com root DNS
server *which* DNS server holds records for example.com, then query
that DNS server for the IP for www.example.com.

* If, at some stage, your system has looked up a DNS record, it will
cache it for a while (an so can intermediate DNS servers and caching
proxies).  If the records change, such as you experimenting, there's a
propagation delay before the changes are noticed elsewhere.  This can
be confusing for debugging.

If your plan is for you to run your webserver on your own computer and
for people to connect to it, you have to find out if that's actually
possible with your ISP.  Many will forbid it, or their network
structure makes it nearly impossible.  And you'll need to be able to
handle all the attacks you'll be under.  There probably isn't a website
on the planet that someone isn't trying to exploit.

I was hoping that wireguard would provide that kind of coverage via vpn..
 I have two routers in my access path the first one is the AT&T router and its firewall is set to forward packets only from ports 53 for 43 and 80 those packets alone are forwarded to my internal server internal router which in turn contacts in my server on my 10.0.0 net

I thought that having two firewalls between me in the world would be a larger advantage
but it sounds like what you're saying is that people can penetrate that no matter what.   that's depressing. 


But you'll need to get your DNS records sorted before you can worry
about trying to get SSL to work, and they'll need to be hosted outside
of your computer.

My goal was simply to serve files from my server HTTPS to the world that doesn't seem like such a unreasonable goal.

comments?

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux