Re: on to letsencrypt

-- -- The job identifier is 28649. Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost.localdomain/IN: has 0 SOA records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost.localdomain/IN: has no NS records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost.localdomain/IN: not loaded due to errors. Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: _default/localhost.localdomain/IN: bad zone Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost/IN: has 0 SOA records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost/IN: has no NS records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone localhost/IN: not loaded due to errors. Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: _default/localhost/IN: bad zone Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: has 0 SOA records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: has no NS records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: not loaded due to errors. Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: _default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: bad zone Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone 1.0.0.127.in-addr.arpa/IN: has 0 SOA records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone 1.0.0.127.in-addr.arpa/IN: has no NS records Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone 1.0.0.127.in-addr.arpa/IN: not loaded due to errors. Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: _default/1.0.0.127.in-addr.arpa/IN: bad zone Apr 21 11:36:07 ws.linuxlighthouse.com bash[1451129]: zone 0.in-addr.arpa/IN: loaded serial 0 Apr 21 11:36:07 ws.linuxlighthouse.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE -- Subject: Unit process exited -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel i just swapped the provided file to /etc/named.conf and restarted, thoughts? On Wed, Apr 21, 2021 at 11:33 AM Jack Craig jack.craig.aptos@gmail.com wrote: > ed, i found the caching file test, results shortly,... > > On Wed, Apr 21, 2021 at 11:21 AM Jack Craig jack.craig.aptos@gmail.com > wrote: > >> >> >> On Wed, Apr 21, 2021 at 12:48 AM Tim via users < >> users@lists.fedoraproject.org> wrote: >> >>> Tim: >>> >> Does your computer actually recognise one of its WAN ports as being >>> >> that IP? (108.220.213.121) >>> >>> Jack Craig: >>> > Apparently not >>> > >>> > I can do a telnet connect to IP for port 53 from 10.0.0.1 & localhost >>> > >>> > 10.0.0.101 and the external IP do not connect >>> > >>> > As my external IP is being supported by port mapping by router, all >>> > port 53 connects are routed to the internal address of 10.0.0.101:53. >>> >>> Okay, as Ed's said, 108.220.213.121 isn't an address of your computer, >>> it's assigned to your public facing side of your first router. So, >>> BIND cannot listen on it. I'd go along with Ed's example: >>> >>> Run a named server that listens to all interfaces, and allows queries >>> from any address. Likewise with the webserver. >>> >>> If you were doing something tricky with your webserver, it not actually >>> having that public IP might be an issue, too. Things can get in a >>> confused circle if they try to resolve an IP to a name, that name back >>> to an IP, and it's different. >>> >>> >>> >>> >> But the supplied named.conf hasn't defined a "wan-view" acl, you've >>> >> only done "internals" and "slaves". >>> >>> > Given these ACL's not employed and questionable listen commands how >>> > should I properly have configured this interface to provide external >>> > IP processing for primary dns service? >>> >>> For the time being, let your named server answer all queries for your >>> domain name with the public addresses. See if it, then, works as >>> expected. >>> >>> Once you've dealt with that, you can consider whether you really want >>> to do split DNS (answering outside queries with your public IPs, and >>> internal queries with your internal IPs), or whether you let your >>> register handle all outside queries (I would), or whether you use >>> different domain names for inside and outside (that's my approach in my >>> network). >>> >> >> i wasnt aware of this option/configuration. sounds perfect, then i am >> able refresh my cert. >> >> after ed's caching test, perhap you guys can guide me to this KISS >> approach,... >> >> >>>