Wildcard DNS only working selectively - apache

I'm trying to setup my own DNS server to be able to customize it. Now, I have it working (for the most part) by having a record of
*.technolobuzz.tk. IN A 184.153.205.110
That works when I do "www." or even a random "no.", but if I try to do "blog." in my web browser, I get server not found. So, I don't know what I'm doing wrong to have only certain domains work. (I'm doing this so I can use Wordpress multisite, and .TK doesn't offer wildcards.)

The format you are using is correct, however have you upated the serial number of the record you have set?
example.com. 86400 IN SOA example.com. hostmaster.example.com. (
>>>>>>>>>>>>>>>>>>>>>> 2005100804 ; Serial YYYYMMDDXX
10800 ; Refresh
3600 ; Retry
3600000 ; Expire
86400 ) ; minimum
IN NS ns1.example.com.
IN NS ns2.example.com.
IN MX 10 mail.example.com.
IN A 192.168.1.1
mail IN A 192.168.1.1
ns1 IN A 192.168.1.1
ns2 IN A 10.0.0.2
*.example.com. IN A 192.168.1.1
Every time you update your record you need to also update the serial number so tha the changes are propogated out (ie after the TTL expires it knows the record has changed).

Related

dns entries for wilcard certificate with traefik [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 days ago.
Improve this question
I'm trying to setup traefik to generate wildcard certificates for my domain, such that containers that I create can automatically use a subdomain. For that I've installed traefik on docker (compose) with the following settings:
version: "3.3"
services:
traefik:
image: "traefik:v2.9"
container_name: "traefik"
command:
# Tell Traefik to discover containers using the Docker API
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
# Enable the Trafik dashboard
- "--api.dashboard=true"
- "--api.insecure=true"
# Set up LetsEncrypt
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=hetzner"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=my#email.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Set up an insecure listener that redirects all traffic to TLS
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
# Set up the TLS configuration for our websecure listener
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
- "--entrypoints.websecure.http.tls.certResolver=myresolver"
- "--entrypoints.websecure.http.tls.domains[0].main=domain.tld"
- "--entrypoints.websecure.http.tls.domains[0].sans=*.domain.tld"
... (some other things like ports and volumes)
As you can see I'm using the Hetzner DNS to manage the DNS records. This also works fine (I can see the _acme-challenge entries being created).
But how exactly do I need to setup the DNS records for this? I'm confused with the trailing "dots".
Here is how the zone currently looks like:
$ORIGIN domain.tld.
$TTL 7200
; SOA Records
# IN SOA ns1.your-server.de. postmaster.your-server.de. 123455678 86400 10800 3600000 3600
; NS Records
# IN NS helium.ns.hetzner.de
# IN NS hydrogen.ns.hetzner.com
# IN NS oxygen.ns.hetzner.com.
; A Records
*.domain.tld. 60 IN A 123.123.123.123
domain.tld. 60 IN A 123.123.123.123
The error I get from traefik is:
level=error msg="Unable to obtain ACME certificate for domains \"domain.tld,*.domain.tld\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=MY_SERVICE#docker rule="Host(`MY_SERVICE.domain.tld`)" error="unable to generate a certificate for the domains [domain.tld *.domain.tld]: error: one or more domains had a problem:\n[*.domain.tld] time limit exceeded: last error: dial udp: lookup helium.ns.hetzner.de.domain.tld.: i/o timeout\n[domain.tld] time limit exceeded: last error: read udp 172.19.0.2:34189->123.123.123.123:53: i/o timeout\n"
For everybody coming to this thread with the same issue. I solved my problem by appending the dot to the name servers (NS entries). Thanks #PatrickMevzek I saw that the NS entries are not a sub-domain. With this zone file everything is working now:
$ORIGIN domain.tld.
$TTL 7200
; SOA Records
# IN SOA ns1.your-server.de. postmaster.your-server.de. 123 86400 10800 3600000 3600
; NS Records
# 60 IN NS helium.ns.hetzner.de.
# 60 IN NS hydrogen.ns.hetzner.com.
# 60 IN NS oxygen.ns.hetzner.com.
; A Records
* 60 IN A 123.123.123.123
# 60 IN A 123.123.123.123
domain.tld 60 IN A 1123.123.123.123
Note the trailing dots after the NS entries.

AWS Certificate pending validation for S3 site

Under Route 53 I have registered a domain name domain.name and created a hosted zone which, by default, has the NS and SOA records.
In Certificates I have requested a public certificate for the domain name domain.name in the us-east-1 region (N. Virginia).
Under the new certificate, I see the notice Add the following CNAME record to your DNS configuration and it has name _1abc2cd5ac5ee12c1234f1234c123b1c.domain.name. and value _e8f2db123456789c2b1a1234ab123456.abcdefghij.acm-validations.aws.
When, under the new domain.name certificate, I click Request Record in Route 53 I see the Success message and this leads me to see the CNAME record under Route 53 with Record name _1abc2cd5ac5ee12c1234f1234c123b1c.domain.name and value _e8f2db123456789c2b1a1234ab123456.abcdefghij.acm-validations.aws.
From this point on the certificate status persistently shows Pending validation (for >3 hours now.)
While I notice that the name property appears to have a trailing period on the certificate page, but does not have the trailing period on the record name, I cannot see anything else which would cause this to fail validation.
As described on this SO post the problem was that when I deleted and created a new hosted zone the DNS names were incorrect.
To solve this I copied the Name servers from under my Registered domains entry and updated the name server addresses for the NS record of my hosted zone.

resolve.conf (generated) wrong order? (2 routers)

I have 2 routers in my network.
A) The one issued by my ISP (limited settings, had even to ask to get portforwarding settings), which is alo my modem.
B) My own router (wher i set my DHCP etc)
Now the generated resolve.txt on raspberrian and archlinux list:
domain local
nameserver <IP of A>
nameserver <IP of B>
As in understand it this is the order it will try to use when resolving names, but her it schould try my internal B before trying to resolve using A.
PS: Both subnetmasks are 255.255.255.0
Router A has 192.168.0.1
Router B has 192.168.1.1
All devices are in the 192.168.1.### range.
PPS: Archlinux is setup to use networkmanager, not a manual configured dhcpcd
NetworkManager may use dnsmasq for dhcp and to handle dns lookups.
I noticed that dnsmasq reverses the order of nameservers. Look at your logs. That would show up better in log if we also set dnsmasq to call dns servers in parallel:
#/etc/dnsmasq.conf
#all-servers
#/etc/dnsmasq.d/laptop.conf
all-servers
log-queries=extra
log-async=100
log-dhcp
#/etc/dnsmasq.d/servers.conf
server=66.187.76.168
server=162.248.241.94
server=165.227.22.116
/var/log/dnsmasq.log--
Mar 14 02:14:20 dnsmasq[3216]: 71700 127.0.0.1/38951 cached firefox.settings.services.mozilla.com is <CNAME>
Mar 14 02:14:20 dnsmasq[3216]: 71700 127.0.0.1/38951 forwarded firefox.settings.services.mozilla.com to 165.227.22.116
Mar 14 02:14:20 dnsmasq[3216]: 71700 127.0.0.1/38951 forwarded firefox.settings.services.mozilla.com to 162.248.241.94
Mar 14 02:14:20 dnsmasq[3216]: 71700 127.0.0.1/38951 forwarded firefox.settings.services.mozilla.com to 66.187.76.168
...order of calls is reversed in log lines!
I got rid of systemd-resolved to rely on dnsmasq.

Custom load balancing in HAProxy

I am using HAProxy for load balancing my HTTP requests. I would like to know if there is any way to customize the selection of backend server based on the responses returned by each server. I have a servlet which can return the responses (number of clients connected to it). I would like to use this information and route the request to the backend server which has the lowest number.
My HAProxy configuration looks like:
listen http_front xx.xx.xx.xx:8080
mode http
option httpchk GET /servlet/GetClientCountServlet
server app1 xx.xx.xx.xx:8080 check port 8080
server app2 xx.xx.xx.xx:8080 check port 8080
server app3 xx.xx.xx.xx:8080 check port 8080
Would not leastconn balance mode work for your use case? Otherwise I you can use Lua scripts to customize the way load balancing is done using HAProxy
As I am searching for a solution in the same direction, maye this helps as a base:
Loadbalancing via custom lua script
Create a file called least_sessions.lua and add the following code:
local function backend_with_least_sessions(txn)
-- Get the frontend that was used
local fe_name = txn.f:fe_name()
local least_sessions_backend = ""
local least_sessions = 99999999999
-- Loop through all the backends. You could change this
-- so that the backend names are passed into the function too.
for _, backend in pairs(core.backends) do
-- Look at only backends that have names that start with
-- the name of the frontend, e.g. "www_" prefix for "www" frontend.
if backend and backend.name:sub(1, #fe_name + 1) == fe_name .. '_' then
local total_sessions = 0
-- Using the backend, loop through each of its servers
for _, server in pairs(backend.servers) do
-- Get server's stats
local stats = server:get_stats()
-- Get the backend's total number of current sessions
if stats['status'] == 'UP' then
total_sessions = total_sessions + stats['scur']
core.Debug(backend.name .. ": " .. total_sessions)
end
end
if least_sessions > total_sessions then
least_sessions = total_sessions
least_sessions_backend = backend.name
end
end
end
-- Return the name of the backend that has the fewest sessions
core.Debug("Returning: " .. least_sessions_backend)
return least_sessions_backend
end
core.register_fetches('leastsess_backend', backend_with_least_sessions)
This code will loop through all of the backends that start with the same letters as the current frontend, for example finding the backends www_dc1 and www_dc2 for the frontend www. It will then find the backend that currently has the fewest sessions and return its name.
Use a lua-load directive to load the file into HAProxy. Then, add a use_backend line to your frontend to route traffic to the backend that has the fewest, active sessions.
global
lua-load /path/to/least_sessions.lua
frontend www
bind :80
use_backend %[lua.leastsess_backend]
backend www_dc1
balance roundrobin
server server1 192.168.10.5:8080 check maxconn 30
backend www_dc2
balance roundrobin
server server1 192.168.11.5:8080 check maxconn 30
More details:
https://www.haproxy.com/de/blog/5-ways-to-extend-haproxy-with-lua/

Move account from one server to another with WHM

I have a question that I hope can be answered and I don't know of any other place to do it so I hope you guys can help.
I have a account that I want to move from my one dedicated server to a new dedicated server. Now I have done this using WHM account transfer, and the domain is showing on the new server. But when I do a ping to the domain, the IP address is still the same as the old server. But after the transfer was complete, it said in WHM that the IP address was updated to the new servers address. Is there something I'm missing or I did wrong?
Please help. I'm a virgin with this (My first time hahaha)
See how your domain mytracer.mobi is resolving right now.
mytracer.mobi. 86400 IN NS ns.dns2.co.za.
mytracer.mobi. 86400 IN NS ns.dns1.co.za.
mytracer.mobi. 86400 IN NS ns.otherdns.com.
mytracer.mobi. 86400 IN NS ns.otherdns.net.
;; Received 138 bytes from 199.249.126.1#53(b2.mobi.afilias-nst.org) in 18 ms
mytracer.mobi. 7260 IN A 196.38.40.144
;; Received 47 bytes from 197.242.144.5#53(ns.dns2.co.za) in 272 ms
It is using the name servers as shown with NS records and still pointing to your old server IP 196.38.40.144.
So you will have to change/edit the A record with new server IP 154.0.160.35 from your name server end. Thant means A record should change where your name servers are pointing to.
I hope this will resolve your confusion.