Problème configuration dns sur un VPS OVH

rodinux · October 3, 2022, 12:19pm

Mon serveur YunoHost

Matériel: VPS acheté en ligne
Version de YunoHost: 11.0.9.15
J’ai accès à mon serveur : En SSH |
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non

Description du problème

Cela fait plusieurs fois que j’essaie de résoudre une erreur assez connue sur un serveur Yunohost, et courante avec des vps OVH

[WARNING] DNS resolution seems to be working, but it looks like you're using a custom /etc/resolv.conf.
  - The file /etc/resolv.conf should be a symlink to /etc/resolvconf/run/resolv.conf itself pointing to 127.0.0.1 (dnsmasq). If you want to manually configure DNS resolvers, please edit /etc/resolv.dnsmasq.conf.

J’ai du bidouiller et me voici avec ces erreurs dans diagnosis

=================================
DNS records (dnsrecords)
=================================

[ERROR] Some DNS records are missing or incorrect for domain domain.tld (category basic)
  - Please check the documentation at https://yunohost.org/dns_config if you need help configuring DNS records.
  - The following DNS record does not seem to follow the recommended configuration:
    Type: A
    Name: @
    Current value: 127.0.0.1
    Expected value: XX.XX.XXX.XXX
  - The following DNS record does not seem to follow the recommended configuration:
    Type: AAAA
    Name: @
    Current value: ['::1', 'XXXX:XXXX:XXX:XXXX::XXXX']
    Expected value: XXXX:XXXX:XXX:XXXX::XXXX
  - The following DNS record does not seem to follow the recommended configuration:
    Type: A
    Name: www
    Current value: 127.0.0.1
    Expected value: XX.XX.XXX.XXX
  - The following DNS record does not seem to follow the recommended configuration:
    Type: AAAA
    Name: www
    Current value: ['::1', 'XXXX:XXXX:XXX:XXXX::XXXX']
    Expected value: XXXX:XXXX:XXX:XXXX::XXXX

[ERROR] Some DNS records are missing or incorrect for domain domain.tld (category mail)
  - Please check the documentation at https://yunohost.org/dns_config if you need help configuring DNS records.
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: mail._domainkey
    Value: "v=DKIM1; h=sha256; k=rsa; p=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: _dmarc
    Value: "v=DMARC1; p=none"

[WARNING] Some DNS records are missing or incorrect for domain domain.tld (category xmpp)
  - Please check the documentation at https://yunohost.org/dns_config if you need help configuring DNS records.
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CNAME
    Name: muc
    Value: domain.tld.
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CNAME
    Name: pubsub
    Value: domain.tld.
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CNAME
    Name: vjud
    Value: domain.tld.
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CNAME
    Name: xmpp-upload
    Value: domain.tld.

[WARNING] Some DNS records are missing or incorrect for domain domain.tld (category extra)
  - Please check the documentation at https://yunohost.org/dns_config if you need help configuring DNS records.
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: A
    Name: *
    Value: XX.XX.XXX.XXX
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: AAAA
    Name: *
    Value: XXXX:XXXX:XXX:XXXX::XXXX
  - According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CAA
    Name: @
    Value: 128 issue "letsencrypt.org"

J’avais aussi un soucis avec le reverse dns en ipv6 je crois, car j’ai chercher à déblacklister de spamhaus l’adresse ipv6. J’y suis arrivé apparemment…

Cette fois j’ai éditer le fichier /etc/resolv.dnsmasq.conf avec nameserver 127.0.0.1 et aussi un sudo rm /etc/resolv.conf et sudo ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
J’ai aussi édité le fichier /etc/network/interfaces.d/51-cloud-init-ipv6 pour l’adresse ipv6, qui était déjà édité comme il faut, j’ai du juste enlever une ligne mtu 1500

Mon fichier /etc/hosts

127.0.0.1	localhost

::1	localhost	ip6-localhost	ip6-loopback
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters


127.0.1.1	debian.example.com
127.0.1.1	vps-xxxxxxx.vps.ovh.net	vps-xxxxxxx


127.0.0.1	domain

là pour resolv.conf ça ne va pas !! il devrait avoir plétore d’adresses non ?

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 213.186.33.99
nameserver 127.0.0.1

Un truc ne va pas avec cette commande

$ sudo resolvectl status
Failed to get global data: Unit dbus-org.freedesktop.resolve1.service not found.

Bref, ce serai bien de remettre en état tout cela… pourtant tout fonctionne et est accessible ???

Aleks · October 3, 2022, 2:19pm

Beh du coup je ne sais pas comment ça fait pour “marcher” chez toi, mais un enregistrement DNS qui pointe vers 127.0.0.1 c’est clairement problématique …

rodinux · October 3, 2022, 9:33pm

Bon, ça c’est remis un peu en place, j’ai fait un sudo apt install resolvconf --reinstall, sudo rm /etc/resolv.conf, sudo ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf, sudo yunohost tools regen-conf dnsmasq --force
Je reviens au même diagnostique qu’avant

$ sudo yunohost diagnosis show --issues --human-readable
=================================
Internet connectivity (ip)
=================================

[WARNING] DNS resolution seems to be working, but it looks like you're using a custom /etc/resolv.conf.
  - The file /etc/resolv.conf should be a symlink to /etc/resolvconf/run/resolv.conf itself pointing to 127.0.0.1 (dnsmasq). If you want to manually configure DNS resolvers, please edit /etc/resolv.dnsmasq.conf.



=================================
Email (mail)
=================================

[ERROR] Your IP or domain XXXX:XXXX:XXX:XXXX::XXXX is blacklisted on Spamhaus ZEN
  - The blacklist reason is: "https://www.spamhaus.org/query/ip/XXXX:XXXX:XXX:XXXX::XXXX", "https://www.spamhaus.org/sbl/query/SBLCSS"
  - After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://www.spamhaus.org/zen/

Encore l’adresse ipv6 blacklistée… Voici ce que j’inspecte

/etc/resolv.conf

cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 213.186.33.99
nameserver 127.0.0.1

/etc/network/interfaces.d/51-cloud-init-ipv6

iface eth0 inet6 static
address XXXX:XXXX:XXX:XXXX::XXXX
netmask 128
post-up /sbin/ip -6 route add XXXX:XXXX:XXX:XXXX::1 dev eth0
post-up /sbin/ip -6 route add default via XXXX:XXXX:XXX:XXXX::1 dev eth0
pre-down /sbin/ip -6 route del default via XXXX:XXXX:XXX:XXXX::1 dev eth0
pre-down /sbin/ip -6 route del XXXX:XXXX:XXX:XXXX::1 dev eth0

/etc/hosts

127.0.0.1	localhost

::1	localhost	ip6-localhost	ip6-loopback
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters


127.0.1.1	debian.example.com
127.0.1.1	vps-XXXXXXXX.vps.ovh.net	vps-XXXXXXXX


127.0.0.1	domain_name

/etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The normal eth0
allow-hotplug eth0
iface eth0 inet dhcp

# Additional interfaces, just in case we're using
# multiple networks
allow-hotplug eth1
iface eth1 inet dhcp

allow-hotplug eth2
iface eth2 inet dhcp

# Set this one last, so that cloud-init or user can
# override defaults.
source /etc/network/interfaces.d/*

/etc/resolv.dnsmasq.conf

nameserver 91.239.100.100
nameserver 2a0c:e300::101
nameserver 2a00:5881:8100:1000::3
nameserver 2001:910:800::40
nameserver 2001:67c:28a4::
nameserver 89.233.43.71
nameserver 84.200.69.80
nameserver 84.200.70.40
nameserver 80.67.169.40
nameserver 89.234.141.66
nameserver 2001:1608:10:25::9249:d69b
nameserver 185.233.100.100
nameserver 2a0c:e300::100
nameserver 2001:910:800::12
nameserver 2a01:3a0:53:53::
nameserver 194.150.168.168
nameserver 80.67.169.12
nameserver 195.160.173.53
nameserver 185.233.100.101
nameserver 2001:1608:10:25::1c04:b12f

system · November 2, 2022, 9:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.