BenderNotes

For those of you using the `gigo.com` server, you may have noticed a few changes.

This means lots of changes to how things work, and how things are laid out. This is mostly intended for people who I’ve shared administrative controls to.

bender.jpg

Web

New Info Notes
/var/www/domain.com All domains are now in this location; and the directory names canonicalized to match the primary domain name. These directory names are expected to match the configuration file names, for my sanity.
/etc/apache/sites-available/domain.com Configurations for virtual hosts go here. See also next line.
/etc/apache/sites-enabled/domain.com Symlinked to ../sites-available/domain.com. A shortcut to enable and disable a site, without actually removing the config file, is to use sudo a2ensite example.com and sudo a2dissite example.com.
sudo service apache2 restart Use this to restart apache.

DNS Hosting

bender.gigo.com aka “gigo.com” is the top level master for DNS. However, it does not run a DNS server. Edits are made here; validated (with email sent on validation status); and then published. This cycle takes 1-2 minutes total.

Also worth noting: ns1.gigo.com and ns2.gigo.com changed IP addresses. If you have domains that refer to those by name, no action is required. However, if you have DNS servers branded with your domain name but my IP address, you should update the IP address used. ns1 and ns2 are located in Fremont, CA and Rancho Cordova, CA, respectively.

New Info Notes
/home/dns/zones/jfesler For those of you used to editing in /etc/namedb, note the new location.
/home/username/dnsdir If we have a pre-arranged place for you to stick your zone files, this has not changed.
/home/dns/etc/config You probably don’t care about this file
/home/dns/update Still runs automatically, roughly once a minute.

DNS Servers

Authoritative Servers: ns1.gigo.com and ns2.gigo.com. Note that ns3 and ns4 will work, but are not redundant (they are aliases of ns1 and ns2). IF your domain still uses ns3 and ns4, I recommend removing those.

Public Resolvers: Avoiding your ISP’s resolver is usually a great performance boost. Unfortunately, public resolvers have become unwilling attackers against the public, harming both the resolver and the actual victims. We are no longer offering public resolvers. Consider using Google’s public DNS resolvers. If you’re too paranoid for that, consider deploying your own in-home resolver.

Firewall

We are running a basic firewall - but mostly to defend applications from specific malicious attacks. We are maintaing these files, to make changes to the firewall:

File Purpose
/etc/rc.local Starts the firewalls with the latest on-disk configs
/etc/iptables/rules.v4 iptables for IPv4
/etc/iptables/ipset.sh Script to configure iptables for -m set --match-set badguys src

For the most part, all ports are open. Applications installed are expected to bind to 127.0.0.1 unless meant to be publicly accessible. If we want to install something “risky”, please contact me. Chances are that we’ll either find a way to limit that risk; or I’ll build you a VM for the application instead.

[permalink] · Announcements ·