Re: set domain name in Debian `

[Joe]

On 15/11/2016 15:45, Brian wrote:

On Tue 15 Nov 2016 at 15:02:54 +, Joe wrote:





That's fairly common, the exim4 default if enabled is to check that the HELO
is resolvable at all, not that it matches anything specific. It's a few
years since I last did it, but when I used telnet to talk to remote mail
servers I used a well-known six character domain name as HELO to save
typing, one to which I had no entitlement, and nothing ever complained.


Are you sure that is the default?



Not default, 'default if enabled'. HELO checking is initially turned 
off, if you just turn it on, it doesn't look for a specific match. There 
are systems which do look for a HELO which is related to the email 
itself, which I don't think is a good idea.


--
Joe

Re: set domain name in Debian `

[David Wright]

On Tue 15 Nov 2016 at 10:10:17 (-0500), Greg Wooledge wrote:
> On Tue, Nov 15, 2016 at 02:59:14PM +, Brian wrote:
> > On Tue 15 Nov 2016 at 09:18:33 -0500, Greg Wooledge wrote:
> > > Second choice:
> > >   System mail name:
> > >   eeg.ccf.org
> 
> > > Eighth choice:
> > >   Keep number of DNS-queries minimal?
> > >   No
> > 
> > You didn't use "yes"?
> 
> Of course not.  Why would I do that?  I'm not on dialup.  I'm on a
> corporate LAN where I run my own DNS nameservers.

I hadn't appreciated that you're entirely desktop oriented.
As for myself, there's no DNS service here, no dotty addresses
at all as I have no domain name to call my own, here.
Hence also no point in DNS-queries, but I can shut exim up
by letting it make pointless lookups. I don't have a clue whether
my router bothers to ask 8.8.8.8 for dotless requests.

OTOH I own a domain name 3000 miles away which has no ISP-type
connection with me at all; it's the destination for emails bound
for me, so it's kind of important that exim rewrites that my
emails come from its address.

> > It would also happily send a string without dots as the HELO.
> 
> Isn't that controlled by the "System mail name" option?  As you can
> see, mine is set to eeg.ccf.org.  Whether this is something I typed
> into exim config by hand long ago, or something that it picked up
> by itself from /etc/resolv.conf, I can no longer remember.
> 
> Either way, I would have made sure it was correct.

Again, correct for me is no dots. As you can see from my headers, my
email all goes out through alum (unless I'm on the road).

> > Whether the remote server is happy is another matter.
> 
> Indeed.  A mail server should be properly configured, not just left as
> "best guess from defaults".

Well, I don't see how a smarthost can enforce a dotty address unless
they issue you with a valid one. I can't put myself onto .cox.net
unilaterally, so unless I use the nonce domain name that is constructed
from the IP address (which could change at any time), I don't have
a FQDN except alum.

I assume Cox authenticate me by the physical wire I appear on. Maybe
they even check the MAC of the modem, though I'm not forced to use
theirs. When I'm on the road, I obviously use my own domain name for
the smarthost, but then I have to use a different port and a password.
Still no dotty HELO/EHLO though.

Cheers,
David.

Re: set domain name in Debian `

[Brian]

On Tue 15 Nov 2016 at 15:02:54 +, Joe wrote:

> On 15/11/2016 14:10, Brian wrote:

> >Exim wants to see a fqdn in the 127.0.1.1 line, written as specified in
> >hosts(5):
> >
> > IP_address canonical_hostname [aliases...]
> >
> >The canonical_hostname is used for the HELO/EHLO.
> 
> Default, can be overridden by the primary_hostname configuration, which can
> be overridden again by helo_data in individual transports.
> 
> My mail server's hostname does not exist in public DNS, like many small mail
> servers it is behind NAT, not directly exposed to the Net. My public MX
> hostname is not the same as the server's hostname.
> 
> Also exim4 can handle mail for multiple domains, using a separate HELO for
> each if required, and the per-transport setting allows even finer HELO
> control if you have a use for that.

I'm convinced it can all of these things but my needs are mostly
accomodated by the setups described in the Debian documentation.

> >With most large ISPs
> >it is not taken much notice of but there are servers which (rightly or
> >wrongly) would do a reverse lookup on wooledg and, getting a negative
> >response, reject the mail. Basically, you will get away with the line
> >you have when you use an understanding smarthost. I think Postfix
> >could behave in the same way.
> >
> 
> That's fairly common, the exim4 default if enabled is to check that the HELO
> is resolvable at all, not that it matches anything specific. It's a few
> years since I last did it, but when I used telnet to talk to remote mail
> servers I used a well-known six character domain name as HELO to save
> typing, one to which I had no entitlement, and nothing ever complained.

Are you sure that is the default?

brian@desktop:~$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 desktop ESMTP Exim 4.84_2 Tue, 15 Nov 2016 15:38:31 +
helo claptrap
250 desktop Hello localhost [::1]
mail from:brian
501 brian: sender address must contain a domain
mail from:brian@localhost
250 OK
rcpt to:brian@desktop
250 Accepted

-- 
Brian.

Re: set domain name in Debian `

[Brian]

On Tue 15 Nov 2016 at 10:10:17 -0500, Greg Wooledge wrote:

> On Tue, Nov 15, 2016 at 02:59:14PM +, Brian wrote:
> > On Tue 15 Nov 2016 at 09:18:33 -0500, Greg Wooledge wrote:
> > > Second choice:
> > >   System mail name:
> > >   eeg.ccf.org
> 
> > > Eighth choice:
> > >   Keep number of DNS-queries minimal?
> > >   No
> > 
> > You didn't use "yes"?
> 
> Of course not.  Why would I do that?  I'm not on dialup.  I'm on a
> corporate LAN where I run my own DNS nameservers.

It was the point of David Wright's mail and wouldn't have hurt. Also, it
may have indicated 'hostname -f' is not so "rubbish" after all. 
 
> > It would also happily send a string without dots as the HELO.
> 
> Isn't that controlled by the "System mail name" option?  As you can

A common misconception, no. It is the domain name used to qualify mail
addresses without a domain name. Mail to brian would get sent as
br...@eeg.ccf.org.

> see, mine is set to eeg.ccf.org.  Whether this is something I typed
> into exim config by hand long ago, or something that it picked up
> by itself from /etc/resolv.conf, I can no longer remember.

You typed it in. Unless another program had configured /etc/mailname
already. /etc/resolv.conf doesn't come into it.

> Either way, I would have made sure it was correct.
> 
> > Whether the remote server is happy is another matter.
> 
> Indeed.  A mail server should be properly configured, not just left as
> "best guess from defaults".

A mail server which accepts an EHLO without dots in it *is* properly
configured.

-- 
Brian.

Re: set domain name in Debian `

[Greg Wooledge]

On Tue, Nov 15, 2016 at 02:59:14PM +, Brian wrote:
> On Tue 15 Nov 2016 at 09:18:33 -0500, Greg Wooledge wrote:
> > Second choice:
> >   System mail name:
> >   eeg.ccf.org

> > Eighth choice:
> >   Keep number of DNS-queries minimal?
> >   No
> 
> You didn't use "yes"?

Of course not.  Why would I do that?  I'm not on dialup.  I'm on a
corporate LAN where I run my own DNS nameservers.

> It would also happily send a string without dots as the HELO.

Isn't that controlled by the "System mail name" option?  As you can
see, mine is set to eeg.ccf.org.  Whether this is something I typed
into exim config by hand long ago, or something that it picked up
by itself from /etc/resolv.conf, I can no longer remember.

Either way, I would have made sure it was correct.

> Whether the remote server is happy is another matter.

Indeed.  A mail server should be properly configured, not just left as
"best guess from defaults".

Re: set domain name in Debian `

[Joe]

On 15/11/2016 14:10, Brian wrote:

On Tue 15 Nov 2016 at 08:00:31 -0500, Greg Wooledge wrote:


On Mon, Nov 14, 2016 at 04:29:35PM -0600, David Wright wrote:

As your own   hostname -f   produces not dots, what approach do you
use to shut exim up, or do you just ignore (or suppress) the message?


I have (control over) a bunch of computers, and they're not all configured
the same.  The machine I believe you refer to is this one:

wooledg@wooledg:~$ hostname
wooledg
wooledg@wooledg:~$ hostname -f
wooledg

This is a dual-boot Windows/Debian workstation on my desk at work.

Here's the /etc/hosts:

wooledg@wooledg:~$ cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   wooledg


Exim wants to see a fqdn in the 127.0.1.1 line, written as specified in
hosts(5):

 IP_address canonical_hostname [aliases...]

The canonical_hostname is used for the HELO/EHLO.


Default, can be overridden by the primary_hostname configuration, which 
can be overridden again by helo_data in individual transports.


My mail server's hostname does not exist in public DNS, like many small 
mail servers it is behind NAT, not directly exposed to the Net. My 
public MX hostname is not the same as the server's hostname.


Also exim4 can handle mail for multiple domains, using a separate HELO 
for each if required, and the per-transport setting allows even finer 
HELO control if you have a use for that.




With most large ISPs
it is not taken much notice of but there are servers which (rightly or
wrongly) would do a reverse lookup on wooledg and, getting a negative
response, reject the mail. Basically, you will get away with the line
you have when you use an understanding smarthost. I think Postfix
could behave in the same way.



That's fairly common, the exim4 default if enabled is to check that the 
HELO is resolvable at all, not that it matches anything specific. It's a 
few years since I last did it, but when I used telnet to talk to remote 
mail servers I used a well-known six character domain name as HELO to 
save typing, one to which I had no entitlement, and nothing ever complained.


--
Joe

Re: set domain name in Debian `

[Brian]

On Tue 15 Nov 2016 at 09:18:33 -0500, Greg Wooledge wrote:

> On Tue, Nov 15, 2016 at 02:10:14PM +, Brian wrote:
> > With 'dpkg-reconfigure exim4-config' the message
> > 
> >  "Starting MTA:hostname --fqdn did not return a fully qualified name,
> >  dc_minimaldns will not work. Please fix your /etc/hosts setup."
> > 
> > should appear if "yes" is chosen for the option. 'hostname -f' is useful
> > for checking there is a sane hosts configuration for exim to use.
> 
> Now you're scaring me.  I'm afraid to run this thing to test your theory,
> because it might cause my perfectly working configuration to break.
> 
> Well, let's back up /etc/exim4 and try it

Backing up update-exim4.conf.conf would have been sufficient.
 
> wooledg@wooledg:~$ sudo tar czf /var/tmp/etc-exim4.tar.gz /etc/exim4
> [sudo] password for wooledg: 
> tar: Removing leading `/' from member names
> wooledg@wooledg:~$ sudo dpkg-reconfigure exim4-config
> [[ now it goes into dialog ]]
> 
> First choice:
>   mail sent by smarthost; received via SMTP or fetchmail
> 
> Second choice:
>   System mail name:
>   eeg.ccf.org
> 
> Third choice:
>   IP-addresses to listen on...:
>   127.0.0.1 ; ::1
> 
> Fourth choice:
>   Other destinations for which mail is accepted:
>   wooledg
> 
> Fifth choice:
>   Machines to relay mail for:
>   (blank)
> 
> Sixth choice:
>   IP address or host name of the outgoing smarthost:
>   gateway.eeg.ccf.org
> 
> Seventh choice:
>   Hide local mail name in outgoing mail?
>   No
> 
> Eighth choice:
>   Keep number of DNS-queries minimal?
>   No

You didn't use "yes"?

> Ninth choice:
>   Delivery method for local mail:
>   Maildir format in home directory
> 
> Tenth choice:
>   Split configuration into small files?
>   No
> 
> Voila.  No need for hostname -f to return a string with dots.  Exim
> was perfectly content with what I've been doing for years.

It would be if "Keep number of DNS-queries minimal?" was "No".  



It would also happily send a string without dots as the HELO.   

Whether the remote server is happy is another matter.

--

This reply is the second one I've sent to your mail. The first was sent
after removing canonical_hostname from /etc/hostame. 'hostname -f' said
"desktop". The first mail was rejected by ldo:

  debian-user@lists.debian.org  

SMTP error from remote mail server after RCPT 
TO::
host bendel.debian.org [82.195.75.100]: 504 5.5.2 :

Helo command rejected: need fully-qualified hostname

A quick check with the useful command 'hostname -f' revealed the problem.

-- 
Brian.

Re: set domain name in Debian `

[Greg Wooledge]

On Tue, Nov 15, 2016 at 02:10:14PM +, Brian wrote:
> With 'dpkg-reconfigure exim4-config' the message
> 
>  "Starting MTA:hostname --fqdn did not return a fully qualified name,
>  dc_minimaldns will not work. Please fix your /etc/hosts setup."
> 
> should appear if "yes" is chosen for the option. 'hostname -f' is useful
> for checking there is a sane hosts configuration for exim to use.

Now you're scaring me.  I'm afraid to run this thing to test your theory,
because it might cause my perfectly working configuration to break.

Well, let's back up /etc/exim4 and try it

wooledg@wooledg:~$ sudo tar czf /var/tmp/etc-exim4.tar.gz /etc/exim4
[sudo] password for wooledg: 
tar: Removing leading `/' from member names
wooledg@wooledg:~$ sudo dpkg-reconfigure exim4-config
[[ now it goes into dialog ]]

First choice:
  mail sent by smarthost; received via SMTP or fetchmail

Second choice:
  System mail name:
  eeg.ccf.org

Third choice:
  IP-addresses to listen on...:
  127.0.0.1 ; ::1

Fourth choice:
  Other destinations for which mail is accepted:
  wooledg

Fifth choice:
  Machines to relay mail for:
  (blank)

Sixth choice:
  IP address or host name of the outgoing smarthost:
  gateway.eeg.ccf.org

Seventh choice:
  Hide local mail name in outgoing mail?
  No

Eighth choice:
  Keep number of DNS-queries minimal?
  No

Ninth choice:
  Delivery method for local mail:
  Maildir format in home directory

Tenth choice:
  Split configuration into small files?
  No

Voila.  No need for hostname -f to return a string with dots.  Exim
was perfectly content with what I've been doing for years.

Re: set domain name in Debian `

[Brian]

On Tue 15 Nov 2016 at 08:00:31 -0500, Greg Wooledge wrote:

> On Mon, Nov 14, 2016 at 04:29:35PM -0600, David Wright wrote:
> > As your own   hostname -f   produces not dots, what approach do you
> > use to shut exim up, or do you just ignore (or suppress) the message?
> 
> I have (control over) a bunch of computers, and they're not all configured
> the same.  The machine I believe you refer to is this one:
> 
> wooledg@wooledg:~$ hostname
> wooledg
> wooledg@wooledg:~$ hostname -f
> wooledg
> 
> This is a dual-boot Windows/Debian workstation on my desk at work.
> 
> Here's the /etc/hosts:
> 
> wooledg@wooledg:~$ cat /etc/hosts
> 127.0.0.1 localhost
> 127.0.1.1 wooledg

Exim wants to see a fqdn in the 127.0.1.1 line, written as specified in
hosts(5):

 IP_address canonical_hostname [aliases...]

The canonical_hostname is used for the HELO/EHLO. With most large ISPs
it is not taken much notice of but there are servers which (rightly or
wrongly) would do a reverse lookup on wooledg and, getting a negative
response, reject the mail. Basically, you will get away with the line
you have when you use an understanding smarthost. I think Postfix
could behave in the same way.

> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 
> The hostname is defined in DNS (originally I just let it have a dynamic
> IP address and dealt with that, but later I arranged for it to have
> a non-changing IP address, for reasons beyond the scope of this email;
> but in all cases, DNS always had a working "A" record).
> 
> It looks like this one is running exim:
> 
> wooledg@wooledg:~$ ps -ef | grep exim
> Debian-+   949 1  0 Nov14 ?00:00:00 /usr/sbin/exim4 -bd -q30m
> wooledg  10865  2007  0 07:53 pts/400:00:00 grep exim
> 
> I never saw any errors like the one you showed, perhaps because exim
> used my default search domain (from /etc/resolv.conf) and found a sane
> DNS configuration, or perhaps because this machine is in a very simple
> "send to smarthost only" mode.  I don't really know exim very well.

With 'dpkg-reconfigure exim4-config' the message

 "Starting MTA:hostname --fqdn did not return a fully qualified name,
 dc_minimaldns will not work. Please fix your /etc/hosts setup."

should appear if "yes" is chosen for the option. 'hostname -f' is useful
for checking there is a sane hosts configuration for exim to use.

-- 
Brian.

Re: set domain name in Debian `

[Greg Wooledge]

On Mon, Nov 14, 2016 at 04:29:35PM -0600, David Wright wrote:
> As your own   hostname -f   produces not dots, what approach do you
> use to shut exim up, or do you just ignore (or suppress) the message?

I have (control over) a bunch of computers, and they're not all configured
the same.  The machine I believe you refer to is this one:

wooledg@wooledg:~$ hostname
wooledg
wooledg@wooledg:~$ hostname -f
wooledg

This is a dual-boot Windows/Debian workstation on my desk at work.

Here's the /etc/hosts:

wooledg@wooledg:~$ cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   wooledg

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


The hostname is defined in DNS (originally I just let it have a dynamic
IP address and dealt with that, but later I arranged for it to have
a non-changing IP address, for reasons beyond the scope of this email;
but in all cases, DNS always had a working "A" record).

It looks like this one is running exim:

wooledg@wooledg:~$ ps -ef | grep exim
Debian-+   949 1  0 Nov14 ?00:00:00 /usr/sbin/exim4 -bd -q30m
wooledg  10865  2007  0 07:53 pts/400:00:00 grep exim

I never saw any errors like the one you showed, perhaps because exim
used my default search domain (from /etc/resolv.conf) and found a sane
DNS configuration, or perhaps because this machine is in a very simple
"send to smarthost only" mode.  I don't really know exim very well.

I have other systems that run qmail (locally installed), and even one
that runs sendmail (part of the hosting provider's original image,
and I never bothered to replace it).  The only major MTA with which I
have absolutely no experience at all is postfix.

Re: set domain name in Debian `

[David Wright]

On Mon 14 Nov 2016 at 08:27:06 (-0500), Greg Wooledge wrote:

> [...]   So when you do your "hostname -f"
> (which I still contend is a rubbish command which serves no useful
> purpose, but it's what you seem to want, so I'll roll with it), it
> looks up "srv" in this file as a whole word/field, and finds this line
> as the first match.
> 
> Therefore hostname -f writes "www.slsware.dmz" to stdout.

You asked earlier how we might even know about   hostname -f   and
the obvious answer is because exim emits:
"Starting MTA:hostname --fqdn did not return a fully qualified name,
dc_minimaldns will not work. Please fix your /etc/hosts setup."
if you have no domain name, but have   dc_minimaldns='true'   in
/etc/exim4/update-exim4.conf.conf

As your own   hostname -f   produces not dots, what approach do you
use to shut exim up, or do you just ignore (or suppress) the message?

Cheers,
David.

Re: set domain name in Debian `

[Glenn English]

> On Nov 14, 2016, at 6:27 AM, Greg Wooledge  wrote:
> 
> On Sat, Nov 12, 2016 at 08:50:46AM -0700, Glenn English wrote:
>>> On Nov 12, 2016, at 3:25 AM, Andy Smith  wrote:
>>> I am 95% confident that the reason that Glenn's system thinks the
>>> FQDN is "www.slsware.dmz" is because the first instance of "srv" in
>>> the /etc/hosts is:
>>> 
> 192.168.2.203 www.slsware.dmz wsd srv

Who'da thunk it -- it's looking at the aliases in hosts, and grabbing the first 
one where the alias matches the hostname. If it sees any. I thought it was 
looking at IPs. But the way I had it set up, it wouldn't have worked that way 
either.

DNS wouldn't have worked either, if it's doing a reverse lookup. Not with this 
ghastly IP net I'm setting up -- there are several services on one server, so 
FTP and WWW both have the same IP. It would just do the first one, I suspect.

I rebooted with a perfectly good and unique IP and FQDN and an alias that 
didn't match the hostname, and it came up with an empty domain. I put in an 
alias (unique) the same as the hostname, and there was the domain. I didn't 
even have to reboot (Jessie, if it matters).

Thanks very much to all. This has been an educational experience. I guess I've 
been lucky with positioning for these 15 years.

I'm not going to toss hosts, though. I need to be able to move around the nets 
when DNS is down (or misconfigured). I'm just going to be a little bit more 
careful...

-- 
Glenn English

Re: set domain name in Debian `

[Greg Wooledge]

On Sat, Nov 12, 2016 at 08:50:46AM -0700, Glenn English wrote:
> > On Nov 12, 2016, at 3:25 AM, Andy Smith  wrote:
> > I am 95% confident that the reason that Glenn's system thinks the
> > FQDN is "www.slsware.dmz" is because the first instance of "srv" in
> > the /etc/hosts is:
> > 
> >>> 192.168.2.203 www.slsware.dmz wsd srv

> But that isn't the first; it's the fourth. A grep of the hosts file:

Andy is correct.  The line that Andy cited is the first instance of
the name "srv" as a SEPARATE WORD all unto itself.

> > root@srv:~# egrep srv /etc/hosts
> > 127.0.0.1   srv.slsware.org

Does not contain "srv" as a whole word.

> > 216.17.203.66   srv.slsware.org sso

Does not contain "srv" as a whole word.

> > # 192.168.2.203 srv.slsware.dmz srv

Is a comment.  Ignored.

> > 192.168.2.203   www.slsware.dmz wsd srv

THIS one contains srv as a whole word.  So when you do your "hostname -f"
(which I still contend is a rubbish command which serves no useful
purpose, but it's what you seem to want, so I'll roll with it), it
looks up "srv" in this file as a whole word/field, and finds this line
as the first match.

Therefore hostname -f writes "www.slsware.dmz" to stdout.

> > 192.168.2.203   mail.slsware.dmzmsd srv
> > 192.168.2.203   ntp.slsware.dmz ntp srv
> > 192.168.2.203   ns1.slsware.dmz ns1dns1 srv

This is just nonsense.  You've got the whole word "srv" in the file
multiple times.  But it can't resolve to multiple FQDNs using the
"hostname -f" resolution mechanism, which only returns the first match.
The "srv" on these lines is just noise.

I concur with the previous advice to stop using /etc/hosts for this
configuration, and move everything into DNS.

Here's my entire /etc/hosts file from my Internet-facing VPS (originally
imaged by the VPS provider as squeeze, which I have upgraded to wheezy):

greg@remote:~$ cat /etc/hosts
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.0.1 localhost.localdomain localhost
# Auto-generated hostname. Please do not remove this comment.
199.231.184.176 remote.wooledge.org  remote
::1 localhost ip6-localhost ip6-loopback


This machine acts as a web server for "wooledge.org" and
"mywiki.wooledge.org" and yet neither of those names appears in
/etc/hosts.  Why should they?  They are only meaningful to the web
server.  They are defined in DNS.

Re: set domain name in Debian `

[Glenn English]

> On Nov 12, 2016, at 11:31 AM, Henrique de Moraes Holschuh  
> wrote:
> 
> But the whole thing really doesn't need any DNS servers *as long as*
> everything you need is resolved statically by some module in
> /etc/nsswitch.conf... such as the default "files" module, which reads
> /etc/hosts.

> root@srv:~# cat /etc/nsswitch.conf 
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd: compat
> group:  compat
> shadow: compat
> gshadow:files
> 
> hosts:files dns
> networks:   files
> 
> protocols:  db files
> services:   db files
> ethers: db files
> rpc:db files
> 
> netgroup:   nis

If I understand this, it looks at hosts first.

With bind9 stopped, ping sso works and says it's pinging 216.17.203.66, 
srv.slsware.org.

> At which point, it boils down to a complete enough, correct /etc/hosts
> 
>> It does seem that /etc/hosts should work, though...
> 
> It does work, provided that you have "files" first in the list of NSS
> modules, and you have both the nodename and the FQDN in /etc/hosts for
> the correct IPs and in the correct order.  Otherwise, it depends.

The nodename is another word for hostname, right? (I'd never heard that word 
before. Wikipedia said it just meant hostname.)

/etc/hosts, as I said before:

> root@srv:~# cat /etc/hosts
> # /etc/hosts:  This file describes a number of hostname-to-address
> #
> # This is to be sent to all hosts that need a hosts file
> # (don't really know how yet...)
> #  
> # Host Database
> # localhost is used to configure the loopback interface
> # sudo cp hosts /etc ; dist `pwd`/hosts /etc all hosts
> # The following lines are desirable for IPv6 capable hosts
> # when the system is booting.  Do not change this entry.
> #   
> ::1   ip6-localhost   ip6-loopback
> fe00::0   ip6-localnet
> ff00::0   ip6-mcastprefix
> ff02::1   ip6-allnodes
> ff02::2   ip6-allrouters
> ff02::3   ip6-allhosts
> 
> 127.0.0.1 localhost localhost.localdomain lh lcl
> 
> # pass I slsware.org -- all routable IPs; no NAT
> 216.17.203.64 slsware.org
> 216.17.203.65 out.slsware.org oso
> 216.17.203.66 srv.slsware.org sso
> 216.17.203.67 gobook.slsware.org  gso gbo
> 216.17.203.68 unused0.slsware.org u0so
> 216.17.203.69 unused1.slsware.org u1so
> 216.17.203.70 printer.slsware.org pso
> 216.17.203.71 broadcast.slsware.org   bso
> 
> # misc ne'r-do-wells
> 127.0.0.2   ad.doubleclick.net
> 127.0.0.2   mmv.admob.com

Here's the line:

> 216.17.203.66 srv.slsware.org sso

That's OK, right?

hosts ought to work. But it doesn't -- not on this machine, not today. I've had 
the FQDN way down in hosts before, and hostname -f found it with no trouble. 
For many years, I had a CVS playpen to be sure exactly the same hosts file was 
on all my machines, and as far as I know, there was never a problem.

Many years ago I wrote a big shell script to set up iptables (ipchains back 
then). It uses hostname -f to find out which machine it's on, and how the 
filter should be configured -- if that command fails, iptables won't be set up 
on the machine. It's a very important command here. If it gives the wrong 
answer, it'll be filter the wrong stuff.

> The *installer* either asks the user for the FQDN and gets the nodename,
> domain name and FQDN from that (and it *should* write them to /etc/hosts
> and /etc/hostname appropriately),

It always has, all of them. I use the curses netinst expert, and it's always 
worked flawlessly.

This is the first time I've had trouble with the domain. I think I may need to 
do a little more investigation. Apparently, hosts is supposed to work...

> or gets information from DHCP/DHCPv6
> and the DNS while autoconfiguring.

I don't use DHCP or autoconfig, so that's never come up.


I disabled bind, put the big hosts file (with slsware.org at the top) back, 
rebooted, and -f said srv.slsware.dmz.

I removed all but one occurrence of 'srv' from the big hosts, rebooted, and -f 
was correct.

I replaced the big hosts file.

I retyped the srv...org line at the top if the file, rebooted, and -f said 
srv...dmz.

I moved slsware.org to the bottom of the file, rebooted, and -f said srv...dmz.

I removed the srv.slsware.dmz line, moved the slsware.org collection back to 
the top, rebooted, and -f said www...dmz.

I give up. This is acting like I've never seen it -- there's never been a 
problem with hosts before. I have to have those alien FQDNs and aliases and IPs 
in there so I can SSH to them during the switchover.

-- 
Glenn English

Re: set domain name in Debian `

[Glenn English]

> On Nov 12, 2016, at 11:17 AM, sunr...@mailbug.com wrote:
> 
> 
> Hi Glenn,
> 
> 
> On Sat, 12 Nov 2016 08:50:46 -0700
> Glenn English  wrote:
> 
> ...
>>> 216.17.203.65   out.slsware.org oso
>>> 216.17.203.66   srv.slsware.org sso
> 
> This might be your problem??   ^
> I suspect the above line should be:
> 
> 216.17.203.66 srv.slsware.org srv
> 
> with the last field matching the hostname.

Don't think so. sso stands for srv.slsware.org. I've been making aliases like 
that for years.

The problem was fixed by futzing with DNZ and resolv.conf. But it's not a good 
solution if you're trying to understand how Debian really works.

-- 
Glenn English



-- 
Glenn English
Did you just click Reply?
If so, change the send
address from gmail to
g...@slsware.net

Re: set domain name in Debian `

[sunrise]

Hi Glenn,


On Sat, 12 Nov 2016 08:50:46 -0700
Glenn English  wrote:

...

>
>It never occurred to me that something might be looking at aliases; I thought 
>the IP
>address was the important thing. And the srv...dmz entry is commented out 
>because I
>thought it might somehow be used.
>
>I'll remove all mentions of srv (and lots of others to make it shorter) and 
>see. 
>
>The hosts file is now:
>
>> root@srv:~# cat /etc/hosts
>> # /etc/hosts:  This file describes a number of hostname-to-address
>> #
>> # This is to be sent to all hosts that need a hosts file
>> #(don't really know how yet...)
>> #  
>> # Host Database
>> # localhost is used to configure the loopback interface
>> # sudo cp hosts /etc ; dist `pwd`/hosts /etc all hosts
>> # The following lines are desirable for IPv6 capable hosts
>> # when the system is booting.  Do not change this entry.
>> #   
>> ::1  ip6-localhost   ip6-loopback
>> fe00::0  ip6-localnet
>> ff00::0  ip6-mcastprefix
>> ff02::1  ip6-allnodes
>> ff02::2  ip6-allrouters
>> ff02::3  ip6-allhosts
>> 
>> 127.0.0.1localhost localhost.localdomain lh lcl
>> 
>> # pass I slsware.org -- all routable IPs; no NAT
>> 216.17.203.64slsware.org
>> 216.17.203.65out.slsware.org oso
>> 216.17.203.66srv.slsware.org sso

This might be your problem??   ^
I suspect the above line should be:

216.17.203.66   srv.slsware.org srv

with the last field matching the hostname.
-Jason


>> 216.17.203.67gobook.slsware.org  gso gbo
>> 216.17.203.68unused0.slsware.org u0so
>> 216.17.203.69unused1.slsware.org u1so
>> 216.17.203.70printer.slsware.org pso
>> 216.17.203.71broadcast.slsware.org   bso
>> 
>> # misc ne'r-do-wells
>> 127.0.0.2   ad.doubleclick.net
>> 127.0.0.2   mmv.admob.com
>
>The *only* mention of srv is with the right domain and the right IP.
>
>After a reboot:
>
>> root@srv:~# hostname
>> srv
>> root@srv:~# hostname -f
>> hostname: Name or service not known
>
>And just in case it's the IP:
>
>> root@srv:~# ifconfig
>> eth0  Link encap:Ethernet  HWaddr 00:25:90:d5:16:34  
>>  inet addr:216.17.203.66  Bcast:216.17.203.71  Mask:255.255.255.248
>>  inet6 addr: fe80::225:90ff:fed5:1634/64 Scope:Link
>>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>  RX packets:459 errors:0 dropped:0 overruns:0 frame:0
>>  TX packets:470 errors:0 dropped:0 overruns:0 carrier:0
>>  collisions:0 txqueuelen:1000 
>>  RX bytes:47597 (46.4 KiB)  TX bytes:49637 (48.4 KiB)
>>  Interrupt:16 Memory:fbce-fbd0 
>> 
>> eth1  Link encap:Ethernet  HWaddr 00:25:90:d5:16:35  
>>  inet addr:192.168.3.66  Bcast:192.168.3.255  Mask:255.255.255.0
>>  UP BROADCAST MULTICAST  MTU:1500  Metric:1
>>  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>  collisions:0 txqueuelen:1000 
>>  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>  Interrupt:17 Memory:fbde-fbe0 
>> 
>> loLink encap:Local Loopback  
>>  inet addr:127.0.0.1  Mask:255.0.0.0
>>  inet6 addr: ::1/128 Scope:Host
>>  UP LOOPBACK RUNNING  MTU:65536  Metric:1
>>  RX packets:68 errors:0 dropped:0 overruns:0 frame:0
>>  TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
>>  collisions:0 txqueuelen:0 
>>  RX bytes:17189 (16.7 KiB)  TX bytes:17189 (16.7 KiB)
>
>And:
>
>> root@srv:~# cat /proc/sys/kernel/domainname 
>> (none)
>
>It doesn't give the www answer anymore; it must have been doing something 
>(odd) with
>hosts. But now it claims it can't find anything.
>
>> "hostname" returns what is in /etc/hostname (unless changed agfter
>> system startup).
>> 
>> "hostname -f" returns the part up to the first dot from whatever is
>> returned by resolving "hostname" against /etc/hosts.
>
>The 2 dots after resolving hostname, maybe? That does sound very reasonable, 
>but it
>doesn't seem to be working. And how does /proc get a domainname.
>

Re: set domain name in Debian `

[Henrique de Moraes Holschuh]

On Sat, 12 Nov 2016, Glenn English wrote:
> Thanks all. It's been quite a ride. Now everybody write it down: it
> has nothing to do with what's in /etc/hosts or /etc/resolv.conf. There
> has to be a live, accessible DNS server for the domain somewhere. At
> least at slsware.org there does.

Maybe for the install.

But the whole thing really doesn't need any DNS servers *as long as*
everything you need is resolved statically by some module in
/etc/nsswitch.conf... such as the default "files" module, which reads
/etc/hosts.

At which point, it boils down to a complete enough, correct /etc/hosts

> It does seem that /etc/hosts should work, though...

It does work, provided that you have "files" first in the list of NSS
modules, and you have both the nodename and the FQDN in /etc/hosts for
the correct IPs and in the correct order.  Otherwise, it depends.

> No, I take it back. I don't think DNS is the whole story. It worked in
> this case, but how does the installer get a domainname?

The *installer* either asks the user for the FQDN and gets the nodename,
domain name and FQDN from that (and it *should* write them to /etc/hosts
and /etc/hostname appropriately), or gets information from DHCP/DHCPv6
and the DNS while autoconfiguring.

Now, *what* the DHCP/DHCPv6 and DNS will answer, well, that's up to your
local network.

-- 
  Henrique Holschuh

Re: set domain name in Debian `

[Glenn English]

> On Nov 12, 2016, at 8:46 AM, Henrique de Moraes Holschuh  
> wrote:
> 
> hostname -f does this:
> 
> 1. Asks glibc for the hostname, using gethostname().
> 
> 2. Does an IP lookup on the hostname, using getaddrinfo() and the
>   hostname it got from gethostname(), and returns the result from
>   getaddrinfo().
> 
> Since it uses glibc for the host name lookup, it is subject to the glibc
> name resolver, which is configured through /etc/nsswitch.conf.
> 
> Now, gethostname() works like this [in glibc]: it calls the uname()
> syscall, and uses the node name returned.  I.e. it looks up the
> *hostname* the kernel was set to.
> 
> So, glibc's gethostname() will match the output of "uname -n".  This
> information was set on the kernel by either systemd, or by the
> initscripts.
> 
> Initscripts use /etc/hostname to set this information.  I am not well
> versed on how exactly systemd persists this information, but it likely
> uses /etc/hostname as well.

Bingo! I had a feeling it was convoluted.

> root@srv:~# host srv.slsware.org
> srv.slsware.org has address 216.17.203.66
> root@srv:~# hostname
> srv
> root@srv:~# hostname -f
> srv.slsware.org
> root@srv:~# hostname -d
> slsware.org

I edited /etc/resolv.conf to point the nameserver at the host's IP instead of 
pointing at localhost (this host is the (temporary) DNS server for the .org 
domain).

Now all is well. Except for /proc, which I'll ignore in the future.

Just why the IP worked and 'localhost' didn't is another question -- I assume 
it has something to do with machinations in glibc. I'm not afraid of C, but 
things are working and I've got more interesting things to do today.

Thanks all. It's been quite a ride. Now everybody write it down: it has nothing 
to do with what's in /etc/hosts or /etc/resolv.conf. There has to be a live, 
accessible DNS server for the domain somewhere. At least at slsware.org there 
does.

What idiot designed that?

It does seem that /etc/hosts should work, though...


No, I take it back. I don't think DNS is the whole story. It worked in this 
case, but how does the installer get a domainname?

-- 
Glenn English

Re: set domain name in Debian `

[Glenn English]

> On Nov 12, 2016, at 3:25 AM, Andy Smith  wrote:
> 
> The system thinks Glenn's domain name is "slsware.dmz". Glenn wants it
> to be "slsware.org" (I think).

Correct.

> Glenn has set the host name to be "srv".

Correct.

> I am 95% confident that the reason that Glenn's system thinks the
> FQDN is "www.slsware.dmz" is because the first instance of "srv" in
> the /etc/hosts is:
> 
>>> 192.168.2.203   www.slsware.dmz wsd srv

But that isn't the first; it's the fourth. A grep of the hosts file:

> root@srv:~# egrep srv /etc/hosts
> 127.0.0.1 srv.slsware.org
> 216.17.203.66 srv.slsware.org sso
> # 192.168.2.203   srv.slsware.dmz srv
> 192.168.2.203 www.slsware.dmz wsd srv
> 192.168.2.203 mail.slsware.dmzmsd srv
> 192.168.2.203 ntp.slsware.dmz ntp srv
> 192.168.2.203 ns1.slsware.dmz ns1dns1 srv
> 216.17.134.203srv.slsware.net ssn

The first mentions of srv are at the top, both with IPs that could have been 
used to grab the correct domain.

It never occurred to me that something might be looking at aliases; I thought 
the IP address was the important thing. And the srv...dmz entry is commented 
out because I thought it might somehow be used.

I'll remove all mentions of srv (and lots of others to make it shorter) and 
see. 

The hosts file is now:

> root@srv:~# cat /etc/hosts
> # /etc/hosts:  This file describes a number of hostname-to-address
> #
> # This is to be sent to all hosts that need a hosts file
> # (don't really know how yet...)
> #  
> # Host Database
> # localhost is used to configure the loopback interface
> # sudo cp hosts /etc ; dist `pwd`/hosts /etc all hosts
> # The following lines are desirable for IPv6 capable hosts
> # when the system is booting.  Do not change this entry.
> #   
> ::1   ip6-localhost   ip6-loopback
> fe00::0   ip6-localnet
> ff00::0   ip6-mcastprefix
> ff02::1   ip6-allnodes
> ff02::2   ip6-allrouters
> ff02::3   ip6-allhosts
> 
> 127.0.0.1 localhost localhost.localdomain lh lcl
> 
> # pass I slsware.org -- all routable IPs; no NAT
> 216.17.203.64 slsware.org
> 216.17.203.65 out.slsware.org oso
> 216.17.203.66 srv.slsware.org sso
> 216.17.203.67 gobook.slsware.org  gso gbo
> 216.17.203.68 unused0.slsware.org u0so
> 216.17.203.69 unused1.slsware.org u1so
> 216.17.203.70 printer.slsware.org pso
> 216.17.203.71 broadcast.slsware.org   bso
> 
> # misc ne'r-do-wells
> 127.0.0.2   ad.doubleclick.net
> 127.0.0.2   mmv.admob.com

The *only* mention of srv is with the right domain and the right IP.

After a reboot:

> root@srv:~# hostname
> srv
> root@srv:~# hostname -f
> hostname: Name or service not known

And just in case it's the IP:

> root@srv:~# ifconfig
> eth0  Link encap:Ethernet  HWaddr 00:25:90:d5:16:34  
>  inet addr:216.17.203.66  Bcast:216.17.203.71  Mask:255.255.255.248
>  inet6 addr: fe80::225:90ff:fed5:1634/64 Scope:Link
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>  RX packets:459 errors:0 dropped:0 overruns:0 frame:0
>  TX packets:470 errors:0 dropped:0 overruns:0 carrier:0
>  collisions:0 txqueuelen:1000 
>  RX bytes:47597 (46.4 KiB)  TX bytes:49637 (48.4 KiB)
>  Interrupt:16 Memory:fbce-fbd0 
> 
> eth1  Link encap:Ethernet  HWaddr 00:25:90:d5:16:35  
>  inet addr:192.168.3.66  Bcast:192.168.3.255  Mask:255.255.255.0
>  UP BROADCAST MULTICAST  MTU:1500  Metric:1
>  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>  collisions:0 txqueuelen:1000 
>  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>  Interrupt:17 Memory:fbde-fbe0 
> 
> loLink encap:Local Loopback  
>  inet addr:127.0.0.1  Mask:255.0.0.0
>  inet6 addr: ::1/128 Scope:Host
>  UP LOOPBACK RUNNING  MTU:65536  Metric:1
>  RX packets:68 errors:0 dropped:0 overruns:0 frame:0
>  TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
>  collisions:0 txqueuelen:0 
>  RX bytes:17189 (16.7 KiB)  TX bytes:17189 (16.7 KiB)

And:

> root@srv:~# cat /proc/sys/kernel/domainname 
> (none)

It doesn't give the www answer anymore; it must have been doing something (odd) 
with hosts. But now it claims it can't find anything.

> "hostname" returns what is in /etc/hostname (unless changed agfter
> system startup).
> 
> "hostname -f" returns the part up to the first dot from whatever is
> returned by resolving "hostname" against /etc/hosts.

The 2 dots after resolving hostname, maybe? That does sound very reasonable, 
but it doesn't seem to be working. And how does /proc get a domainname.

-- 
Glenn English
-- 
Glenn English
Did you just click Reply?
If so, change the send
address from gmail to

Re: set domain name in Debian `

[Henrique de Moraes Holschuh]

On Fri, 11 Nov 2016, Glenn English wrote:
> /proc/sys/domainname says "(none)". hostname -f gives the old domain

/proc/sys/domainname is the kernel's idea of a domain name, which is
only used by some network filesystems (kernel-based NFS, I think),
AFAIK.

Nothing else needs it.  And if you set up such a filesystem, the
userspace utilities should set the kernel domainname properly by
themselves.

Note that the kernel also needs to know the node name (host name without
a domain)... and _this_ is used everywhere.

> name (where does it get it). grep -ir doesn't find the old name string
> anywhere in /etc or in /lib.

hostname -f does this:

1. Asks glibc for the hostname, using gethostname().

2. Does an IP lookup on the hostname, using getaddrinfo() and the
   hostname it got from gethostname(), and returns the result from
   getaddrinfo().

Since it uses glibc for the host name lookup, it is subject to the glibc
name resolver, which is configured through /etc/nsswitch.conf.

Now, gethostname() works like this [in glibc]: it calls the uname()
syscall, and uses the node name returned.  I.e. it looks up the
*hostname* the kernel was set to.

So, glibc's gethostname() will match the output of "uname -n".  This
information was set on the kernel by either systemd, or by the
initscripts.

Initscripts use /etc/hostname to set this information.  I am not well
versed on how exactly systemd persists this information, but it likely
uses /etc/hostname as well.

> I know it must be simple to do -- the installer does it without
> downloading a C library, but it must be in a secret place I don't know
> about...

1. Set /etc/hostname to the *node name* (i.e. just the host name,
   without the domain)

2. Ensure the *node name* _locally_ resolves to an IPv4/IPv6.  Usually
   this is done by adding it to /etc/hosts, so that things will not
   break when the network is down.

   Do it like this in /etc/hosts:
 

   For example:

   /etc/hostname:
   examplehost

   /etc/hosts:
   192.0.2.42  examplehost.example.com  examplehost

   Refer to the item (3) below for the reasoning.

   Full answer:  anything that is resolvable locally when piped by
   glibc through the "hosts" nss module pipeline configured in
   /etc/nsswitch.conf will do.  /etc/hosts is a configuration
   file processed for the "files" nss module typically used in
   /etc/nsswitch.conf.

3. Ensure the IPv4/IPv6 you used for the *node name* resolves to
   the full host name (FQDN).

   Now, there is a trick to doing this when using /etc/hosts.  You
   *must* list the FQDN first in /etc/hosts, as it will return just the
   first match when doing a "reverse lookup".

   The complete answer is: ensure the "hosts" nss module pipeline
   configured in /etc/nsswitch.conf will return as the *first* match,
   for the *node name*'s IPv4/IPv6, the FQDN of the host.


There, this is a bit harder to understand than other answers you got,
but it should get the details right and might be helpful in more
convoluted scenarios.

"man nsswitch.conf" for mode details about /etc/nsswitch.conf.
"man hosts" for more details about /etc/hosts

and each libc function I mentioned also has its own manpage.

-- 
  Henrique Holschuh

Re: set domain name in Debian `

[Brian]

On Sat 12 Nov 2016 at 10:25:16 +, Andy Smith wrote:

> Glenn has set the host name to be "srv".
> 
> I am 95% confident that the reason that Glenn's system thinks the
> FQDN is "www.slsware.dmz" is because the first instance of "srv" in
> the /etc/hosts is:
> 
> > > 192.168.2.203 www.slsware.dmz wsd srv

Do you fancy adding 5% to that figure?
 
> "hostname" returns what is in /etc/hostname (unless changed agfter
> system startup).
> 
> "hostname -f" returns the part up to the first dot from whatever is
> returned by resolving "hostname" against /etc/hosts.
> 
> "hostname -d" returns the part after the first dot from whatever is
> returned by resolving "hostname" against /etc/hosts.
> 
> I think that if Glenn placed a line higher up that read:
> 
> 192.168.2.203   srv.slsware.org srv
> 
> then the desired result would be achieved.

I'd use

127.0.0.1   localhost
127.0.1.1   srv.slsware.org srv

-- 
Brian.

Re: set domain name in Debian `

[Andy Smith]

Hi,

On Sat, Nov 12, 2016 at 02:00:11AM -0700, Glenn English wrote:
> (Resend. Accidentally sent to a human instead of to the list...)

I responded off-list to Glenn since that one arrived first and I
wasn't sure if Glenn intended the contents of their /etc/hosts to be
private. Later I saw this copy on-list.

> > On Nov 11, 2016, at 11:45 PM, Andy Smith  wrote:
> > 
> > Okay. So I think we should focus on why "hostname -f" returns the
> > wrong/outdated info. I'm not sure yet.
> > 
> > Out of interest what does "hostname -d" return?
> 
> slsware.dmz

The system thinks Glenn's domain name is "slsware.dmz". Glenn wants it
to be "slsware.org" (I think).

> cat /etc/hostname: srv

Glenn has set the host name to be "srv".

I am 95% confident that the reason that Glenn's system thinks the
FQDN is "www.slsware.dmz" is because the first instance of "srv" in
the /etc/hosts is:

> > 192.168.2.203   www.slsware.dmz wsd srv

"hostname" returns what is in /etc/hostname (unless changed agfter
system startup).

"hostname -f" returns the part up to the first dot from whatever is
returned by resolving "hostname" against /etc/hosts.

"hostname -d" returns the part after the first dot from whatever is
returned by resolving "hostname" against /etc/hosts.

I think that if Glenn placed a line higher up that read:

192.168.2.203   srv.slsware.org srv

then the desired result would be achieved.

I would also add that this is a fairly large hosts file which is
ripe for causing confusion. I would generally recommend keeping
hosts files small, containing only enough information as needed for
bootstrapping, and using DNS for everything else. The rest of the
systems on the Internet (and maybe intranet) will be using DNS, and
it is desirable for there to be one source of truth.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: set domain name in Debian `

[Glenn English]

(Resend. Accidentally sent to a human instead of to the list...)


> On Nov 11, 2016, at 11:45 PM, Andy Smith  wrote:
> 
> Okay. So I think we should focus on why "hostname -f" returns the
> wrong/outdated info. I'm not sure yet.
> 
> Out of interest what does "hostname -d" return?

slsware.dmz

(Wrong)

> Should be just the
> domain name part

It is. Of the wrong FQDN.

> And what is the contents of /etc/hostname and /etc/hosts?

cat /etc/hostname: srv

(Right) 

This is what plain hostname returns, and this is the CLI prompt, too. But 
hostname -f claims the hostname is 'www'. Must be coming from different places.

/etc/hosts, see below.

> I'm assuming you have actually rebooted at least once after changing
> /etc/hostname and /etc/hosts, yes?

At least once. But I didn't change /etc/hostname -- nothing wrong with it.

-- 
Glenn English

> # Host Database
> # localhost is used to configure the loopback interface
> # sudo cp hosts /etc ; dist `pwd`/hosts /etc all hosts
> # The following lines are desirable for IPv6 capable hosts
> # when the system is booting.  Do not change this entry.
> #   
> ::1   ip6-localhost   ip6-loopback
> fe00::0   ip6-localnet
> ff00::0   ip6-mcastprefix
> ff02::1   ip6-allnodes
> ff02::2   ip6-allrouters
> ff02::3   ip6-allhosts
> 
> 127.0.0.1 localhost localhost.localdomain lh lcl
> 
> # misc ne'r-do-wells
> 127.0.0.2   ad.doubleclick.net
> 127.0.0.2   mmv.admob.com
> 
> # Pasadena
> 206.135.251.11rrserv.richeyrentals.comrrrc rrc rrserv
> 
> $ an indra IP
> 209.169.0.5   indra.net   indra inc
> 
> # a FRII IP
> 216.17.135.75 www.frii.netfrii
> 
> 
> # pass I slsware.org -- all routable IPs; no NAT
> 216.17.203.64 slsware.org
> 216.17.203.65 out.slsware.org oso
> 216.17.203.66 srv.slsware.org sso
> 216.17.203.67 gobook.slsware.org  gso gbo
> 216.17.203.68 unused0.slsware.org u0so
> 216.17.203.69 unused1.slsware.org u1so
> 216.17.203.70 printer.slsware.org pso
> 216.17.203.71 broadcast.slsware.org   bso
> 
> 
> # around the router
> 192.168.0.5   brouterloopback.slsware.per brouterloopback blsp blo
> 192.168.0.9   brouter2.slsware.perbrouter2 b2sp
> 
> # perimeter boxen
> 192.168.1.1   brouter.slsware.per brouter bsp
> 192.168.1.2   firewall.slsware.perfsp pixp
> 
> 192.168.1.3   1721.slsware.perlrsp lsp
> 192.168.1.4   gobook.slsware.per  gsp 
> 
> # .net DMZ
> 192.168.2.1   firewall.slsware.dmzfsd pixd
> 
> 192.168.2.150 rpd0.slsware.dmzrpd0
> 192.168.2.151 rpd1.slsware.dmzrpd1
> 192.168.2.152 rpd2.slsware.dmzrpd2
> 192.168.2.153 rpd3.slsware.dmzrpd3
> 
> 192.168.2.201 outgoing.slsware.dmzosd
> 192.168.2.202 ns2.slsware.dmz ns2
> # 192.168.2.203   srv.slsware.dmz srv
> 192.168.2.203 www.slsware.dmz wsd srv
> 192.168.2.203 mail.slsware.dmzmsd srv
> 192.168.2.203 ntp.slsware.dmz ntp srv
> 192.168.2.203 ns1.slsware.dmz ns1dns1 srv
> # 192.168.2.204   server.slsware.dmz  ssd
> 192.168.2.205 log.slsware.dmz lsd 
> 192.168.2.205 ns0.slsware.dmz ns0 lsd
> 
> 192.168.2.9   gobook.slsware.dmz  gsd
> 
> # virtuals
> 192.168.2.203 www.bouldermedicaladvocate.com  bma
> 
> # LAN
> 192.168.3.1   firewall.slsware.lanfsl pixl
> 
> # DMZ on the LAN 192.168.3.150..55
> # the unused rpi mark3B
> 192.168.3.150 rpl0.slsware.lanrpl0
> # the piPile -- .151 is 1 3B, the others are 2Bs
> 192.168.3.151 rpl1.slsware.lanrpl1
> 192.168.3.152 rpl2.slsware.lanrpl2
> 192.168.3.153 rpl3.slsware.lanrpl3
> # the HP/3.5" screen
> 192.168.3.154 rpl4.slsware.lanrpl4
> # the main sls server
> 192.168.3.155 supermicro.slsware.lan  sml sm5
> 
> 192.168.3.2   timecapsule.slsware.lan tsl
> 192.168.3.3   lanserver.slsware.lan   lsl
> 192.168.3.4
> 192.168.3.5   4240n.slsware.lan   4240 printer
> 192.168.3.6   maxi.slsware.lanmaxi msl
> 192.168.3.7
> 192.168.3.8
> 192.168.3.9   gobook.slsware.lan  gbl
> # 192.168.3.10gobook wifi (below)
> 192.168.3.11
> 192.168.3.12  sbox.slsware.lansbox ssl
> 192.168.3.13
> 192.168.3.14  lmaxi.slsware.lan   lmaxi lmsl
> 192.168.3.15
> 192.168.3.16  air.slsware.lan air asl
> 192.168.3.17  mini.slsware.lanminisl
> ;
> 192.168.3.22  se30.slsware.lansesl
> 192.168.3.25  tv.slsware.lan  tvsl
> 192.168.3.26  bd.slsware.lan  bdsl
> 
> # Juniper firewall - WAN
> 
> # Juniper firewall - DMZ
> 
> # Juniper firewall - LAN 192.168.3.50..59
> 

Re: set domain name in Debian `

[Andy Smith]

Hi Glenn,

On Fri, Nov 11, 2016 at 11:13:02PM -0700, Glenn English wrote:
> > On Nov 11, 2016, at 9:58 PM, Andy Smith  wrote:
> > After you have done that, what command are you using which shows you
> > the old/incorrect values?
> 
> Mostly hostname - f. That's what I've used in a number if shell
> scripts, and it's always worked (on systems who've been labeled by
> the installer).

Okay. So I think we should focus on why "hostname -f" returns the
wrong/outdated info. I'm not sure yet.

Out of interest what does "hostname -d" return? Should be just the
domain name part, so I expect it to say the wrong thing here. And
what is the contents of /etc/hostname and /etc/hosts?

I'm assuming you have actually rebooted at least once after changing
/etc/hostname and /etc/hosts, yes?

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: set domain name in Debian `

[Glenn English]

> On Nov 11, 2016, at 9:58 PM, Andy Smith  wrote:
> 
> I normally put the short name in /etc/hostname and then the:
> 
>  
> 
> in /etc/hosts. That works for me both for setting initial host name
> and FQDN, and for changing it later.

Yeah, that's what I hear, and exactly that's in there. IIRC, I've had some 
success with that in the past. But it doesn't work for me today. Debian needs a 
domainname command like hostname. Or maybe a man page explaining what looks up 
what and where the string is. A file in /etc called domainname wouldn't be too 
much to ask, IMHO.

> After you have done that, what command are you using which shows you
> the old/incorrect values?

Mostly hostname - f. That's what I've used in a number if shell scripts, and 
it's always worked (on systems who've been labeled by the installer). hosts and 
DNS can both find the IP, given the FQDN, but hostname -f is wrong. hostname 
returns 'srv' like it should. But hostnane -f returns 'www.slsware.dmz' -- way 
wrong. I've grep'ed for that www string and haven't been able to find it.

> Note that the domain part comes from name resolution, so will
> involve /etc/hosts and potentially DNS or other name services you
> have configured in /etc/nsswitch.conf.

I haven't done nsswitch.conf yet. I'll try it in the morning...

I got curious. nsswitch.conf on the old host (working hostname -f):

> passwd: compat
> group:  compat
> shadow: compat
> 
> hosts:files  dns 
> networks:   files
> 
> protocols:  db files
> services:   db files
> ethers: db files
> rpc:db files
> 
> netgroup:   nis


On the new one (bent hostname -f):

> passwd: compat
> group:  compat
> shadow: compat
> gshadow:files
> 
> hosts:files dns
> networks:   files
> 
> protocols:  db files
> services:   db files
> ethers: db files
> rpc:db files
> 
> netgroup:   nis

See anything interesting? I don't. Except the mention of gshadow on the bad 
one, and I have no idea what that makes happen. Is it possible one of those 
files has bad data in it? If so, what are their names and where are they?

-- 
Glenn English

Re: set domain name in Debian `

[Andy Smith]

Hi Glenn,

On Fri, Nov 11, 2016 at 01:27:28PM -0700, Glenn English wrote:
> I have to change the domain name of a Jessie server I'm working on. How do 
> you do it? (Aside from putting the FQDN in /etc/hostname, which kinda works.)

I normally put the short name in /etc/hostname and then the:

 

in /etc/hosts. That works for me both for setting initial host name
and FQDN, and for changing it later.

After you have done that, what command are you using which shows you
the old/incorrect values?

Note that the domain part comes from name resolution, so will
involve /etc/hosts and potentially DNS or other name services you
have configured in /etc/nsswitch.conf.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: set domain name in Debian `

[Glenn English]

> On Nov 11, 2016, at 3:31 PM, Greg Wooledge  wrote:
> 
> On Fri, Nov 11, 2016 at 02:47:48PM -0700, Glenn English wrote:
>>> On Nov 11, 2016, at 1:52 PM, Greg Wooledge  wrote:
>>> 
>>> So... what are you actually trying to do?  Be very specific.
>> 
>> Well, I'd like the domain name to be the same everywhere. hostname -f
> 
> hostname -f is totally useless.  Why do people even KNOW about it, let
> alone use it? :(
> 
> wooledg@wooledg:~$ hostname
> wooledg
> wooledg@wooledg:~$ hostname -f
> wooledg

I claim you've got the same problem I do :-)

I looked at bit at hostname -f. It goes through a few levels (of .sh, it looks 
like) and finally asks something in a C library. So if hostname -f is giving 
bad data, the shell just doesn't have the right info.

> Including a domain name in that output is ridiculous if all of your
> systems are used within the same organization.

Maybe. But mine aren't. They've been in slsware.net, .dmz, and .lan.

> This is a DNS registrat thing.  It has nothing to do with Debian

OK. Then it's not what I'm looking for. I'm pretty sure what I need very much 
has to do with Debian.

> If your computer has a preferred fully qualified domain name, then you
> can put it in there.  Debian puts the computer's own hostname (with or
> without an attached domain name) on the IP 127.0.1.1, thus:
> 
> 127.0.0.1 localhost
> 127.0.1.1 wooledg

Just did that. Didn't work. Is a reboot required? (This thing takes a long time 
to reboot.)

> host(1) is indeed one of the many commands that can look up a name in
> DNS.  

host www.slsware.org gets the right IP. (localhost; there's no DNS info on the 
'Net about this server yet.)

From an alien domain, running that command, specifying my DNS with an IP, works 
too.

> As I said before, if you don't specify a fully qualifed domain
> name, then the "search" line(s) in /etc/resolv.conf will tell the
> resolver which domain names to slap onto the end of the hostname before
> looking it up.
> 
> wooledg@wooledg:~$ cat /etc/resolv.conf
> search eeg.ccf.org
> nameserver 10.76.142.103
> nameserver 10.76.142.42
> nameserver 172.28.254.24
> 
> wooledg@wooledg:~$ host wooledg
> wooledg.eeg.ccf.org has address 10.76.172.109

Says 'Host slsware not found' here. (Still no reboot.)

> Thus, you need to be looking at your DNS setup with your domain registrar.

Don't need to. I do my own.

> That should be your top priority.

I read that and ran and configured DNS. Nobody cares, AFAICT.

> All that matters is what's in DNS.

I hear you. But it's a nagging piece of config that the kernel doesn't know its 
name. It exists for a reason, and it's built in to the kernel for something. It 
may well be something hanging over from 1975 -- if so, I'd like to know for 
sure, one way or the other.

> Set the local hostname to something that will help you remember which
> machine you're logged into.  That's all.

That's already done. Setting the host's name is easy. It's the domain that's 
making me crazy.

-- 
Glenn English
Did you just click Reply?
If so, change the send
address from gmail to
g...@slsware.net

Re: set domain name in Debian `

[Glenn English]

> On Nov 11, 2016, at 3:45 PM, Joe  wrote:
> 
> I think we still do not have the terms of reference straight.
> 
> First of all, it's a server. Who is it serving? People within the local
> network only, people out on the Net, or both?

Both. It's on the 'Net, but it's also where the email comes in.

And do you guys need to know it's a /29 namespace with fixed IPs on a T1 
connection?

> You're replacing an older server. If you are serving to the Net, are
> you on a new ISP connection or still the one which has worked until
> now? I.e., has the public IP address and any external DNS changed?

Same ISP, new piece of wire, new IPs, new domain name (I have 
slsware.com/net/org -- I'm moving from .net to the unused .org.) At the old 
place, I NAT'ed the globals to 1918 IPs on a DMZ and a LAN. 

> Are there DNS servers out on the Net which hold information for this
> domain?

Not yet. I haven't told the registrar about the new nameserver IPs. 

I just configured DNS. BIND says there are no errors. But there are; I deleted 
the SFP records from all the virtual domains to make it shut up. I haven't yet 
tried to figure out why BIND was unhappy with the SFPs. Nor have I tested it 
significantly. But DNS is there.

> If so, using a local DNS server with records for other local
> hostnames on the same domain becomes problematic,

I've done that for years with no problems. They're sometimes even the same 
host/IP, with different names. If you ask for a function, you get the IP. If 
you ask for a reverse on an IP, I don't know what you get. I have a feeling 
that I should go the CNAME route (and I have more recently), but I've never 
really needed to.

> and the question of
> what IP address is returned if you ask for the usual hostname of your
> public IP address may be dependent on the behaviour of your router.

No. The router has nothing to do with it, in my experience. I don't do DHCP, 
not at the server anyway, and the router has no DMS table(s).

> To sum up, we need to know who sees this domain, and from where, and
> for what services.

Everybody, internal (LAN, DMZ) and external (WAN). 

Same: internal and external. 

For your standard 'Net services (HTTP, SMTP, SSH, FTP, IMAP, POP3, etc.)

-- 
Glenn English

Re: set domain name in Debian `

[Joe]

On Fri, 11 Nov 2016 14:47:48 -0700
Glenn English  wrote:

> > On Nov 11, 2016, at 1:52 PM, Greg Wooledge 
> > wrote:
> > 
> > So... what are you actually trying to do?  Be very specific.  
> 
> Well, I'd like the domain name to be the same everywhere. hostname -f
> and whois  (that currently returns the ISP's info) and /etc/hosts
> and host  and a DNS lookup and everything else I can't think of
> right now should all report the same thing: the name of the domain
> I'm trying to set up this server for.
> 
> As yet, I'm looking at hostname -f (plain hostname gets the host
> right), and ping'ing and SSH'ing using /etc/hosts (that works). I've
> set my local DNS to look first at hosts, then at DNS.
> 
> The DNS server isn't set up yet. mailname is just the host. postfix
> is the SMTP server -- editing its config doesn't seem to do anything.
> 
> I've moved to a new domain, and I copied lots of data from the old
> server. The domain name I see is that of the old server.
> 

I think we still do not have the terms of reference straight.

First of all, it's a server. Who is it serving? People within the local
network only, people out on the Net, or both?

You're replacing an older server. If you are serving to the Net, are
you on a new ISP connection or still the one which has worked until
now? I.e., has the public IP address and any external DNS changed?

Are there DNS servers out on the Net which hold information for this
domain? If so, using a local DNS server with records for other local
hostnames on the same domain becomes problematic, and the question of
what IP address is returned if you ask for the usual hostname of your
public IP address may be dependent on the behaviour of your router.

To sum up, we need to know who sees this domain, and from where, and
for what services.

Internet email, for example, needs your mail server to know the domain,
and for a public DNS MX record for that domain to point to a hostname
which resolves to your public IP address, and not much more. A server
can host many email domains, none of which need to be related to the
domain in which the server lives, if any. A public web server might
need to know the domain name, and again may serve multiple domains, but
for simple sites, it will not need to know. A computer in a private
network, even when providing public Internet services, does not
inherently belong to any domain, but it may be administratively
convenient if it is assigned one. It may well have a hostname
completely different to any hostname which resolves to it from the Net.

-- 
Joe

Re: set domain name in Debian `

[Greg Wooledge]

On Fri, Nov 11, 2016 at 02:47:48PM -0700, Glenn English wrote:
> > On Nov 11, 2016, at 1:52 PM, Greg Wooledge  wrote:
> > 
> > So... what are you actually trying to do?  Be very specific.
> 
> Well, I'd like the domain name to be the same everywhere. hostname -f

hostname -f is totally useless.  Why do people even KNOW about it, let
alone use it? :(

wooledg@wooledg:~$ hostname
wooledg
wooledg@wooledg:~$ hostname -f
wooledg

The output of hostname is largely irrelevant.  The only purpose it serves
is to help you, the sysadmin or competent user, remember which system
you're currently logged into.

Including a domain name in that output is ridiculous if all of your
systems are used within the same organization.

> and whois  (that currently returns the ISP's info)

This is a DNS registrat thing.  It has nothing to do with Debian, or
anything that you do on your own computer.  You need to contact the
hosting provider, or ISP, or whoever owns this block of IP addresses
and have them set it up.

It's incredibly cosmetic.

> and /etc/hosts

This is used only by the local processes on the computer, and it's used
mostly to find OTHER computers that aren't in DNS.  Either because your
organization is so small that you don't even bother to use DNS (say,
half a dozen computers or less), or because your network was set up
by less than competent admins back in the 1990s.

If your computer has a preferred fully qualified domain name, then you
can put it in there.  Debian puts the computer's own hostname (with or
without an attached domain name) on the IP 127.0.1.1, thus:

127.0.0.1   localhost
127.0.1.1   wooledg

If I cared about writing out really long domain names in /etc/hosts
then I might change the second line to:

127.0.1.1   wooledg.eeg.ccf.org wooledg

This is largely pointless.

> and host  and a DNS lookup

host(1) is indeed one of the many commands that can look up a name in
DNS.  As I said before, if you don't specify a fully qualifed domain
name, then the "search" line(s) in /etc/resolv.conf will tell the
resolver which domain names to slap onto the end of the hostname before
looking it up.

wooledg@wooledg:~$ cat /etc/resolv.conf
search eeg.ccf.org
nameserver 10.76.142.103
nameserver 10.76.142.42
nameserver 172.28.254.24

wooledg@wooledg:~$ host wooledg
wooledg.eeg.ccf.org has address 10.76.172.109

As you can see here, host told the resolver to look up "wooledg", and
the resolver looked in /etc/resolv.conf and found the default search
domain, and appended that, and then did a DNS lookup of
"wooledg.eeg.ccf.org".

The default search domain doesn't even have to be one of the domain names
by which your machine is known to others.  It can be whatever you want
for your own convenience.  USUALLY your machine's default search domain
and "self-idenfies as" domain name will be the same.

> and everything else I can't think of right now

What your server calls itself doesn't really matter.

What matters is how OTHER COMPUTERS reach you.

Thus, you need to be looking at your DNS setup with your domain registrar.

> The DNS server isn't set up yet.

That should be your top priority.

> mailname is just the host. postfix is the SMTP server

Configuring mail without having working DNS is just an exercise in
frustration.  Get DNS correct first, and then get mail working.

Since you've "changed" your "domain" (which I interpret to mean
"I have a server on the Internet, and it used to receive mail sent
to u...@example1.com and now I want it to receive mail sent to
u...@example2.com") you probably really want your mail server to
continue to receive email for BOTH of these domains, at least for a
transitional period during which people might still be sending to the
original domain name.

Once you've got DNS set up correctly, you'll want to tell your mail
server "accept mail for example1.com and example2.com".  I don't
know how to do that with Postfix specifically.

Also, while you're in there, tell Postfix that you would like outgoing
mail to appear as coming from "example2.com".  Again, I don't know how
to do this with Postfix, but it should be relatively straightforward
once you find the documentation.

After a year or so, then you might choose to stop accepting mail sent
to example1.com, but that's up to you.

For a server on the public Internet, the output of hostname is completely
irrelevant.  All that matters is what's in DNS.

Example: I have a VPS on the public Internet.  It processes web requests
sent to the hostnames "wooledge.org" and "mywiki.wooledge.org".
Neither of these names is present in the output of "hostname".
The web server simply does not care what "hostname" is set to.  It only
cares about the hostname used in the HTTP requests that are sent to it.

Set the local hostname to something that will help you remember which
machine you're logged into.  That's all.

Re: set domain name in Debian `

[Glenn English]

> On Nov 11, 2016, at 1:52 PM, Greg Wooledge  wrote:
> 
> So... what are you actually trying to do?  Be very specific.

Well, I'd like the domain name to be the same everywhere. hostname -f and whois 
 (that currently returns the ISP's info) and /etc/hosts and host  and a 
DNS lookup and everything else I can't think of right now should all report the 
same thing: the name of the domain I'm trying to set up this server for.

As yet, I'm looking at hostname -f (plain hostname gets the host right), and 
ping'ing and SSH'ing using /etc/hosts (that works). I've set my local DNS to 
look first at hosts, then at DNS.

The DNS server isn't set up yet. mailname is just the host. postfix is the SMTP 
server -- editing its config doesn't seem to do anything.

I've moved to a new domain, and I copied lots of data from the old server. The 
domain name I see is that of the old server.

-- 
Glenn English

Re: set domain name in Debian `

[Greg Wooledge]

On Fri, Nov 11, 2016 at 01:27:28PM -0700, Glenn English wrote:
> This seems to be a common question -- it's all over the 'Net. 
> 
> I have to change the domain name of a Jessie server I'm working on. How do 
> you do it? (Aside from putting the FQDN in /etc/hostname, which kinda works.)

That depends on what you mean.

Normally the only time a domain name is used is when you look up a
hostname in DNS but you don't specify the fully qualified name.  Like,
if you're on your corporate LAN and you type "ping server7", your system
is probably configured so that it knows to look up "server7.example.com"
or whatever is appropriate for your organization.

That usage of the concept of "domain name" is defined by the "search"
lines in /etc/resolv.conf.  If your corporate environment is set up for
it, then you probably get these lines added to your resolv.conf by DHCP
and you don't have to do anything at all.

If your resolv.conf doesn't get the default search domain that you want,
then you can edit /etc/dhcp/dhclient.conf to fix things.

Now, on the other hand, you might mean something like "I am setting up
a web server on the Internet and I want people to be able to get to it
under such-and-such a name."  Then it's an ENTIRELY different question
and it has nothing at all to do with your /etc/hosts or /etc/resolv.conf
files.  It has to do with domain name registrars and DNS configuration,
and then (probably) with web server virtual host configuration.
What you see when you type "hostname" is COMPLETELY IRRELEVANT.

There's another variant of this question that involves email server
configuration, but I consider this the least likely interpretation.

Then, there's a concept of domain names in NIS, and probably in Kerberos,
and probably in LDAP, though of those things I only know NIS.

So... what are you actually trying to do?  Be very specific.

set domain name in Debian `

[Glenn English]

This seems to be a common question -- it's all over the 'Net. 

I have to change the domain name of a Jessie server I'm working on. How do you 
do it? (Aside from putting the FQDN in /etc/hostname, which kinda works.)

I've seen several posts on the subject, all contradicting each other, and none 
of them work. The answer must be in this list's archive, but I can't find it. 

The most common answer has to do with /etc/hosts, but the data is already in 
there (at the top, with the correct IP), and the system isn't impressed 
(rebooting makes no difference). Man is no help. Editing /etc/resolv.conf has 
no effect. Books on Debian and Linux don't help, although it seems to be 
trivial on RedHat.

/proc/sys/domainname says "(none)". hostname -f gives the old domain name 
(where does it get it). grep -ir doesn't find the old name string anywhere in 
/etc or in /lib.

I know it must be simple to do -- the installer does it without downloading a C 
library, but it must be in a secret place I don't know about...

-- 
Glenn English