Dediabn LAMP ISPConfig Fresh Install , Not Resolving Domain Correctly

Thx, you were absolutely right. When I ran the install for the optional packages directly as written in the tutorial, it defaulted to versions 8.0 because it was the last installed.

Therefore, I ran " apt cache search X.X " and installed the optional packages according to each version of PHP I installed.

Now, all is well.

 

I am hardening the shell and I installed lynis 3.0.3 it has reported an error in the bind configuration, I did some further investigation, but can't solve it.

Code:

  ! Errors discovered in BIND configuration file [NAME-4206]
      https://cisofy.com/lynis/controls/NAME-4206/

When I run:

Code:

# named-checkconf -t /usr/lib/klibc/bin/chroot /etc/bind/named.conf " 
Outputs:
isc_dir_chroot: invalid file

(debian 10.5 file paths)

When I run:

Code:

# named-checkconf /etc/bind/named.conf "
Outputs:
/etc/bind/named.conf.options:23: dnssec-lookaside 'auto' is no longer supported

Any tips for resolving this warning?

 

Thx for the quick follow-up. I went ahead and hashed out the dnssec-lookaside in " nano named.conf.options " file.

However, I still have this problem:

Code:

# named-checkconf -t /usr/lib/klibc/bin/chroot "
Outputs:
isc_dir_chroot: invalid file

 

Sorry, I just re-checked lynis and the warning is gone... so mission accomplished... Thx again.

 

@Th0m Afraid, I need to dig up buried bones....

I need to setup DNSSEC, on my various domains... however according to this HTF thread
https://www.howtoforge.com/community/threads/simple-complicated-dnssec-with-ispconfig.65713/

I will need "dnssec-lookaside auto;" to complete DNSSEC configuration. Which means, if I un-hash the value in " /etc/bind/named.conf.options ", the serious warning will return in Lynis 3.0.3.

Is there a more up-to-date set of instructions for setting up DNSSEC? Do you have any suggestions for getting rid of the warning & simultaneously setting up DNSSEC?

thanx

 

Thanks for tip (reminder)... I just re-checked my DNS Zone and sure enough, I previously selected the DNSSEC checkbox for my domain...

However, I still have a question, about exactly what parts of this info gets entered into my AlibabaDNS interface:

Specifically, "Digest Type" and "Digest" shown above. Is there a guide somewhere that I haven't found?

thanx

 

Actually, I just figured it out... (I think ) I plugged this into my AlibabaDNS interface and it seems to work:

AlibabaDNS seems happy:

 

FYI, Lynis is still happy and "dnssec-lookaside auto;" is still hashed out in " /etc/bind/named.conf.options "... so I guess its on to the next challenge... unless I got something wrong?

 

Excellent tool!! Thanks for that... it just joined my bookmark list... and yes, all lights are "green"... no problems found.!

 

Two quick questions:

Is this the most up-to-date, HowTo for installing ModSecurity on/with ISPConfig?
https://www.howtoforge.com/community/threads/mini-howto-modsecurity-crs-3-0-on-debian-jessie.74898/

Is this the most up-to-date "HowTo" for installing Mod_Evasive on/with ISPConfig?
https://www.howtoforge.com/community/threads/ispconfig-3-ddos-attack-mitigation.82316/

I just to verify these as the best sources before I do the work and potentially break something

thanks

 

Answering my own question: Yes, this is the latest version and it works greatly!

I just have 2 related questions... when I create / edit the files below according to the HowTo, should I leave "<host>" & "<ip>" as shown in the HowTo or should I replace "<host>" & "<ip>" with my own info, such as <host> = server1.example.com & <ip> xx.xx.xxx.xx-publicIP?

/etc/fail2ban/filter.d/apache-mod_evasive.local


/etc/fail2ban/action.d/apache-mod_evasive-cleanup.local


thx

Also I still have a prior question:

 

Thanks for the feedback on all fronts... I will definitely start using separate threads.... and, of course, keep it short..