Server hostname's virtual server as default server for hosts IP - SSL doesn't terminate when using the server IP to connect - Also number based change to date based SSL serials breaks BIND

Operating system Ubuntu Linux 20.04.3
Webmin version 1.984 Usermin version 1.834
Virtualmin version 6.17-3 Authentic theme version 19.84.7

Hi,

SSL terminates correctly when using any other virtual server for the servers IP.

Apparently the serial number format is wrong, according to MX tools.

I changed Zone File Options to date based rather than number based to try and fix this, but it’s broken BIND all together. Even when switched back to number based and BIND still wouldn’t start.

This change looks like it’s broken BIND:

[root@host ~]# systemctl status bind9
● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-03-01 16:52:12 UTC; 11min ago
Docs: man:named(8)
Process: 548 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=0/SUCCESS)
Process: 360769 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
Main PID: 548 (code=exited, status=0/SUCCESS)

Mar 01 16:52:12 host.bsserv.net named[548]: no longer listening on 10.0.2.4#53
Mar 01 16:52:12 host.bsserv.net named[548]: no longer listening on ::1#53
Mar 01 16:52:12 host.bsserv.net named[548]: no longer listening on fe80::222:48ff:fe07:2b15%2#53
Mar 01 16:52:12 host.bsserv.net named[548]: shutting down
Mar 01 16:52:12 host.bsserv.net named[548]: stopping command channel on 127.0.0.1#953
Mar 01 16:52:12 host.bsserv.net named[548]: stopping command channel on ::1#953
Mar 01 16:52:12 host.bsserv.net named[548]: exiting
Mar 01 16:52:12 host.bsserv.net rndc[360769]: rndc: connect failed: 127.0.0.1#953: connection refused
Mar 01 16:52:12 host.bsserv.net systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
Mar 01 16:52:12 host.bsserv.net systemd[1]: named.service: Failed with result ‘exit-code’.

host.bsserv.net - is for illustrative purposes only.

Any ideas?

Check it with named-checkconf and named-checkzone. That will tell you exactly what’s wrong (the BIND log would also tell you).

I couldn’t find the BIND log, and restored already. No sign of it in var/logs.

Any ideas on how to fix the serial number format, is this an expected issue for the hosts default virtual server, strangely it only occurs when connecting using the IP?

Re-read my comment. You can ask bind to tell you what’s wrong using the commands I mentioned.

BIND is up and running again already.

So in the case of the IP’s SSL termination to the server hostnames default virtual server I would use:

named-checkzone -IPADDRESS -zonefile location ?

Or the problem could be due to a man in the middle attack?

I don’t see how any of this conversation points to a MITM attack.

I sent you a PVT message, check for yourself. The BIND problem at the top of the thread was an attempt to resolve it.

The issue doesn’t appear to have been with BIND, although the change as mentioned broke it.

Issue was with serial number format on the SSL cert.

If there are multiple questions about unrelated problems in a post, I’ll answer the part of it I understand first. Thus, this topic is about BIND not starting and nothing else. Open a new one about SSL termination if it continues to be an issue.

I really must insist everyone focus on one problem per topic. I simply can’t be helpful if I can’t quickly understand what problem I’m trying to solve. I have a desire to help everyone who has a problem, but I do not have a lot of free time.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.