Re: on to letsencrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Sun, May 2, 2021 at 1:58 PM Doug H. <fedoraproject.org@xxxxxxxxxxx> wrote:
On Sat, May 1, 2021, at 2:50 PM, Ed Greshko wrote:

> BTW, if you decide to go ahead with using views it would be helpful if you have
> a system on the "outside" for you to use to test queries.
>
> As I understand it, all your "internal" systems have 10.0.0.X IP addresses.


Yup. Something else I just noticed that *might* be important...

i think you are right, i've been wondering about the ns3's behaviour as the dnscheck page keeps telling me i have only one responding dns.
as it is part of the at&t dns, i have been ignoring this; now is the time to deal with it....

i am sporting mike's recent config file cuz its So much prettier than my hack. i hacked in a CAAA record & updated teh serial number giving me, ...

$TTL 3D    ; default ttl for records without a specified lifetime
$ORIGIN linuxlighthouse.com.
linuxlighthouse.com.     CAA       0 issue "letsencrypt.org"
@   IN  SOA     ws.linuxlighthouse.com. root.linuxlighthouse.com. (
                      2021050301   ;  serial number
                      16384        ;  ns refresh
                      2048         ;  ns retry
                      1048576      ;  authority expiry
                      2560        );  min (RFC2308 §4)
     IN NS      ws.linuxlighthouse.com.
     IN NS      ns3.attdns.com.
;    IN MX      linuxlighthouse.com.
ws   IN A       108.220.213.121
     IN A       108.220.213.121


as an aside, if i add  'www in a  108.220.213.121'

would properly define 'www.linuxlighthouse.com' ???

/usr/sbin/named-compilezone -i full -o - linuxlighthouse.com /var/named/linuxlighthouse.com.db

zone linuxlighthouse.com/IN: loaded serial 2021050301
linuxlighthouse.com.      259200 IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. 2021050301 16384 2048 1048576 2560
linuxlighthouse.com.      259200 IN NS ws.linuxlighthouse.com.
linuxlighthouse.com.      259200 IN NS ns3.attdns.com.
linuxlighthouse.com.      259200 IN CAA 0 issue "letsencrypt.org"
ws.linuxlighthouse.com.      259200 IN A 108.220.213.121


>dig @WS.LINUXLIGHTHOUSE.COM LINUXLIGHTHOUSE.COM ns

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @WS.LINUXLIGHTHOUSE.COM LINUXLIGHTHOUSE.COM ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39676
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2da4654bcbbfcf2e20c614f6608f10fb5882579a181961d8 (good)
;; QUESTION SECTION:
;LINUXLIGHTHOUSE.COM.           IN      NS

;; ANSWER SECTION:
linuxlighthouse.com.    86400   IN      NS      ws.linuxlighthouse.com.

;; ADDITIONAL SECTION:
ws.linuxlighthouse.com. 86400   IN      A       108.220.213.121

;; Query time: 97 msec
;; SERVER: 108.220.213.121#53(108.220.213.121)
;; WHEN: Sun May 02 13:52:11 PDT 2021
;; MSG SIZE  rcvd: 128


That says that ws.linuxlighthouse.com is the one and only name server for the domain. Whereas whois shows the more normal 2 minimum:

>whois LINUXLIGHTHOUSE.COM | grep ^Name
Name Server: WS.LINUXLIGHTHOUSE.COM
Name Server: NS3.ATTDNS.COM

So, even if you let NS3.ATTDNS.COM pull the zone from you it might not work correctly if they just use the zone you feed them without adding themselves to the mix with an NS record.

is my registrar or attdns the player to whine to?



--
Doug Herr
fedoraproject.org@xxxxxxxxxxx
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux