Plesk install and security audit

[laughingbuddha]

Ok, for the time being as I only have on machine I'll stick with what I have. Either that or spend more time change nameservers and so on....

I would like to consider in the new year hirering a consultants time in order to plan for future role outs, and server/network structure.

With rdns I only have one running, which is for s1.mycompany.net. Now can I have 2 rdns entries for the same ip?

Reason for asking is that s1.mycompany.net and ns1.mycompany.net are both on the same ip being the first and primary ip of the server. I wish to put in place rdns entries for both nameservers, but wondered if this was possbile?

Thanks again for your help guys.

Matt

[biggles]

Wel, you don't need more servers to have secondary DNS that will respond if your server isn't. Just check my post above: http://atomicrocketturtle.com/forum/vie ... ght=#14821

[faris]

no, you should (can?) only have one rdns entry per IP.

Remember rdns is basically taking an IP and turning it into a "domain name".

I don't understand why you'd want the rdns lookup on your primary IP to randomly result in one of two different names (which is what would happen if you have two rdns records for the same IP -- asuming your isp would even let you do so, and assuming it is even allowed in the RFCs)?

Faris.

[breun]

Remember rdns is basically taking an IP and turning it into a "domain name".

It's more like taking an IP address and turning it into a hostname.

[laughingbuddha]

Well as I have an rdns already running on the first ip I'll request an rdns for ns2 with is on the next ip along.

What's the benefit of using xname? I'm currently using the server houses primary and secondary dns servers in my settings, and ns1 and ns2 are on the same server (as I only have one).

For now I want to make this first server earn its money, then I can spend cash on another server (more powerful and possibly new this time).

Matt

[biggles]

xname is free... For me it was nice to have secondary dns outside my current hosting company. You never know what happens and even if they got redundant, BGP, RAID, super-duper with extra glue on the sides security, they will eventually loose internet connectivity for a shorter or longer time. When that happens, you can relay, knewing that you secondary DNS answers all your DNS requests...

It's easily implemented, it's free (exept your time of course...) and it provides quite a lot of extra fault tolerance...

[coolemail]

I wonder if a problem I have could be related to something I have just discovered, and wondered if anybody can help. My resolv.conf file is

[root@plesk2 ~]# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver IP_1
nameserver IP_2
[root@plesk2 ~]#

Neither IP_1 or IP_2 are the IP address of my own server. Should that be there? I think it should. It certainly was on the last server before this migration. IP_1 is to do with the colo company I use for rack space. IP_2 is ns3a.secondarydomainnameserver.com

The issue I have been having is that mail from some people (principally btconnect, but also some internal ones) are not getting through, and I have created a post on that at http://www.atomicrocketturtle.com/forum ... f=1&t=3097.

Could anybody help me with this as I am really baffled. Could it be that I have configured ASL incorrectly which has caused this to happen?

[laughingbuddha]

Scott mentioned easyDNS can do the same thing, so I'm going to give that a try once I work out how to do it.

Matt

[coolemail]

I have done it slightly differently by having secondary name servers. The key thing in the above is that the primary name servers for my domains are my server (like yours, Matt). And therefore, I think that it is essential to have the server's IP address in resolv.conf. Do others agree?

I did not go with easyDNS because I did not fully understand it, and because the name servers for all my domains had already been set, so it would have been a nightmare to try and change registrar records for over 100 domains, and I could not find any easier way of getting around what I was doing.

[breun]

The key thing in the above is that the primary name servers for my domains are my server (like yours, Matt). And therefore, I think that it is essential to have the server's IP address in resolv.conf. Do others agree?

No. You just need one or more nameservers in /etc/resolv.conf that can resolve domains to IP addresses, so processes on your server can resolve domain names to IP addresses. You could use your ISP's nameservers, your nameserver on localhost or any other nameserver that will do the job of resolving domains. On machines that run a nameserver we usually just use 'nameserver 127.0.0.1' in /etc/resolv.conf.