Re: on to letsencrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ed, i found the caching file test, results shortly,...

On Wed, Apr 21, 2021 at 11:21 AM Jack Craig <jack.craig.aptos@xxxxxxxxx> wrote:


On Wed, Apr 21, 2021 at 12:48 AM Tim via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
Tim:
>> Does your computer actually recognise one of its WAN ports as being
>> that IP?    (108.220.213.121)

Jack Craig:
> Apparently not
>
> I can do a telnet connect to IP for port 53 from 10.0.0.1 & localhost
>
> 10.0.0.101 and the external IP do not connect
>
> As my external IP is being supported by port mapping by router, all
> port 53 connects are routed to the internal address of 10.0.0.101:53.

Okay, as Ed's said, 108.220.213.121 isn't an address of your computer,
it's assigned to your public facing side of your first router.  So,
BIND cannot listen on it.  I'd go along with Ed's example:

Run a named server that listens to all interfaces, and allows queries
from any address.  Likewise with the webserver.

If you were doing something tricky with your webserver, it not actually
having that public IP might be an issue, too.  Things can get in a
confused circle if they try to resolve an IP to a name, that name back to an IP, and it's different.



>> But the supplied named.conf hasn't defined a "wan-view" acl, you've
>> only done "internals" and "slaves".

> Given these ACL's not employed  and questionable listen commands how
> should I properly have configured this interface to provide external
> IP processing for primary dns service?

For the time being, let your named server answer all queries for your
domain name with the public addresses.  See if it, then, works as
expected.

Once you've dealt with that, you can consider whether you really want
to do split DNS (answering outside queries with your public IPs, and
internal queries with your internal IPs), or whether you let your
register handle all outside queries (I would), or whether you use
different domain names for inside and outside (that's my approach in my
network).

i wasnt aware of this option/configuration. sounds perfect, then i am able refresh my cert.

after ed's caching test, perhap you guys can guide me to this KISS approach,...


_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux