as this thread is approaching 100 msgs, time for a wrap up. below is where i *Think* i am, .... ;)
*1. thanks to all that have provided dns configuration/testing insights*
*2. i am not going to serve email*
*3. i am not going to use views in named.conf, /etc/hosts trimmed to include only 127.0.0.1 & ::1*
*4. my current /etc/named.conf*
// // named.conf //
options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { any; };
recursion no;
dnssec-enable yes; dnssec-validation yes;
managed-keys-directory "/var/named/dynamic"; geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "linuxlighthouse.com" { type master; file "/var/named/linuxlighthouse.com.db"; allow-update { none; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
*5. dns config file* ; $TTL 3D ; default ttl for records without a specified lifetime $ORIGIN linuxlighthouse.com. linuxlighthouse.com. CAA 0 issue "letsencrypt.org" @ IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. ( 2021050301 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 §4) IN NS ws.linuxlighthouse.com. IN NS ns3.attdns.com. ; IN MX linuxlighthouse.com. ws IN A 108.220.213.121 www IN A 108.220.213.121 IN A 108.220.213.121
*6. added www definition, caa record, and updated serial number*
*7. finally, an att service issue, do they secondary my dns config (or not)*
On 04/05/2021 04:42, Jack Craig wrote:
*3. i am not going to use views in named.conf, /etc/hosts trimmed to include only 127.0.0.1 & ::1
How many hosts are internal? If you don't define 10.0.0.x ip/hostnames in your /etc/hosts then how will you get the internal address of internal hosts?
*5. dns config file* ; $TTL 3D ; default ttl for records without a specified lifetime $ORIGIN linuxlighthouse.com http://linuxlighthouse.com. linuxlighthouse.com http://linuxlighthouse.com. CAA 0 issue "letsencrypt.org http://letsencrypt.org" @ IN SOA ws.linuxlighthouse.com http://ws.linuxlighthouse.com. root.linuxlighthouse.com http://root.linuxlighthouse.com. ( 2021050301 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 §4) IN NS ws.linuxlighthouse.com http://ws.linuxlighthouse.com. IN NS ns3.attdns.com http://ns3.attdns.com. ; IN MX linuxlighthouse.com http://linuxlighthouse.com. ws IN A 108.220.213.121 www IN A 108.220.213.121 IN A 108.220.213.121
[egreshko@meimei ~]$ host linuxlighthouse.com [egreshko@meimei ~]$
returns nothing. So, entering http://linuxlighthouse.com will fail.
On 5/3/21 1:42 PM, Jack Craig wrote:
as this thread is approaching 100 msgs, time for a wrap up. below is where i *Think* i am, .... ;)
*1. thanks to all that have provided dns configuration/testing insights*
*2. i am not going to serve email*
*3. i am not going to use views in named.conf, /etc/hosts trimmed to include only 127.0.0.1 & ::1*
*4. my current /etc/named.conf*
// // named.conf //
options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { any; };
recursion no;
dnssec-enable yes; dnssec-validation yes;
managed-keys-directory "/var/named/dynamic"; geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "linuxlighthouse.com" { type master; file "/var/named/linuxlighthouse.com.db"; allow-update { none; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
*5. dns config file* ; $TTL 3D ; default ttl for records without a specified lifetime $ORIGIN linuxlighthouse.com. linuxlighthouse.com. CAA 0 issue "letsencrypt.org" @ IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. ( 2021050301 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 §4) IN NS ws.linuxlighthouse.com. IN NS ns3.attdns.com. ; IN MX linuxlighthouse.com. ws IN A 108.220.213.121 www IN A 108.220.213.121 IN A 108.220.213.121
*6. added www definition, caa record, and updated serial number*
*7. finally, an att service issue, do they secondary my dns config (or not)*
Since they are publishing an SOA for you they already are. Just waiting for a zone transfer.
On 04/05/2021 06:13, Ed Greshko wrote:
*5. dns config file* ; $TTL 3D ; default ttl for records without a specified lifetime $ORIGIN linuxlighthouse.com http://linuxlighthouse.com. linuxlighthouse.com http://linuxlighthouse.com. CAA 0 issue "letsencrypt.org http://letsencrypt.org" @ IN SOA ws.linuxlighthouse.com http://ws.linuxlighthouse.com. root.linuxlighthouse.com http://root.linuxlighthouse.com. ( 2021050301 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 §4) IN NS ws.linuxlighthouse.com http://ws.linuxlighthouse.com. IN NS ns3.attdns.com http://ns3.attdns.com. ; IN MX linuxlighthouse.com http://linuxlighthouse.com. ws IN A 108.220.213.121 www IN A 108.220.213.121 IN A 108.220.213.121
[egreshko@meimei ~]$ host linuxlighthouse.com [egreshko@meimei ~]$
returns nothing. So, entering http://linuxlighthouse.com%C2%A0will%C2%A0fail.
BTW, the reason the above fails is due to the incorrect format of the zone file.
the last line contains "white-space IN A 108.220.213.121" which means that info applies to the previous line.
As an example, my zone file contains.
acer A 211.75.128.211 AAAA 2001:470:67:cce::5 A 192.168.2.116
So.....
[root@f33k named]# host acer.greshko.com localhost Using domain server: Name: localhost Address: ::1#53 Aliases:
acer.greshko.com has address 211.75.128.211 acer.greshko.com has address 192.168.2.116 acer.greshko.com has IPv6 address 2001:470:67:cce::5
On Mon, 2021-05-03 at 13:42 -0700, Jack Craig wrote:
$TTL 3D ; default ttl for records without a specified lifetime $ORIGIN linuxlighthouse.com. linuxlighthouse.com. CAA 0 issue "letsencrypt.org" @ IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. ( 2021050301 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 §4) IN NS ws.linuxlighthouse.com. IN NS ns3.attdns.com. ; IN MX linuxlighthouse.com. ws IN A 108.220.213.121 www IN A 108.220.213.121 IN A 108.220.213.121
Usually, that'd be done like this (don't cut and paste this, I've just shown the sequence of things, without checking for correct content):
$ORIGIN linuxlighthouse.com. $TTL 3D; @ IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. ( 2021050301 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 §4) IN NS ws.linuxlighthouse.com. IN NS ns3.attdns.com. ; IN MX linuxlighthouse.com. IN A 108.220.213.121
ws IN A 108.220.213.121 www IN A 108.220.213.121
I have no idea about CAA lines, so I won't comment on where they're supposed to go.
Origin before TTL, it's the first thing in the record. The word means exactly what it says. For what it's worth, it was often omitted from typed-in records, and the server would presume it was there where it's supposed to be.
Your Start of Authority (SOA) record lists your name server, then the contact address for your domain (root@linuxlighthouse.com, with the @ sign represented by the first dot, as you already typed it). If you're not actually doing a mail service for your domain name, it *ought* to be the real contact address.
The "IN A" record that starts with a blank space goes *above* all your subdomains.
All those records starting with blank spaces (NS, MX, first A) are base definitions for your entire domain - it's nameserver(s), mail servers, and the IP for the domain name (that's the domain name without any prefixes: linuxlighthouse.com).
-
Ed Greshko -
Jack Craig -
Mike Wright -
Tim