Check the installation
Here a few steps to follow before publishing the domain on internet. If any of this step fails, jump directly to the next section, installation troubleshooting.
All the checking are now done on the target server.
Users list
Once the installation is finished, you should now see the users list, by running the command getent passwd -s ldap
:
root@bochica:~# getent passwd -s ldap
frodo:x:1001:1001:Frodo Baggins:/home/users/frodo:/bin/dash
samwise:x:1002:1002:Samwise Gamgee:/home/users/samwise:/bin/dash
peregrin:x:1003:1003:Peregrin Took:/home/users/peregrin:/bin/dash
meriadoc:x:1004:1004:Meriadoc Brandybuck:/home/users/meriadoc:/bin/dash
postmaster:x:2000:2000:postmaster account:/home/users/postmaster:/bin/dash
DNS status
At this time, your DNS contains all the information needed, but it is not yet “plugged” on the big wide internet…We’ll see on the next page the command to run to “plug” your system on internet.
The status of your DNS server can be seen using the dns-status
command:
root@bochica:~# dns-status
DNS server for sweethome.box is not live.
;; resolution failed: ncache nxdomain
; negative response, fully validated
; sweethome.box. 179 IN \-ANY ;-$NXDOMAIN
; box. SOA ns0.centralnic.net. hostmaster.centralnic.net. 1705252800 900 1800 6048000 3600
; box. RRSIG SOA ...
; 44kend9dtc8m5troibn8vggq7dqjvtnp.box. RRSIG NSEC3 ...
; 44kend9dtc8m5troibn8vggq7dqjvtnp.box. NSEC3 1 1 0 - M1K4M0PMES14HTVF726HSLVQBFOHL3I2 NS DS RRSIG
; m1k4m0pmes14htvf726hslvqbfohl3i2.box. RRSIG NSEC3 ...
; m1k4m0pmes14htvf726hslvqbfohl3i2.box. NSEC3 1 1 0 - OV2J9819PPF66UJFCBMB33GI392HJ1O7 NS SOA RRSIG DNSKEY NSEC3PARAM
Once the server is live, you should see instead something like this:
DNS keys are published:
Zone Type Act Pub Size Algorithm ID Location Keytag
------------------------------------------------------------------------------------------
weethome.box ZSK Act Pub 256 ECDSAP256SHA256 3 cryptokeys 35623
weethome.box KSK Act Pub 256 ECDSAP256SHA256 1 cryptokeys 17507
weethome.box KSK Act Pub 256 ECDSAP256SHA256 2 cryptokeys 41341
Certificates status
Since your server is not live yet, all your certificates are signed with a temporary root certificate. Once your DNS server is live, you will be able to recreate all the certificates, with one command.
For now, this is what you should see when typing the command cert-status
:
root@bochica:~# cert-status
Domain | Valid from | Valid until | Days left | Issuer | Full domains list | Status
sweethome | Jan 14 17:33:53 2024 GMT | Feb 11 17:33:53 2024 GMT | 27 | Temporary CA | DNS:sweethome.box | OK
main | Jan 14 17:34:02 2024 GMT | Feb 11 17:34:02 2024 GMT | 27 | Temporary CA | DNS:main.sweethome.box | OK
* | Jan 14 17:34:11 2024 GMT | Feb 11 17:34:11 2024 GMT | 27 | Temporary CA | DNS:*.sweethome.box | OK
ldap | Jan 14 17:34:43 2024 GMT | Feb 11 17:34:43 2024 GMT | 27 | Temporary CA | DNS:ldap.sweethome.box,DNS:bochica.sweethome.box | OK
www | Jan 14 17:36:11 2024 GMT | Feb 11 17:36:11 2024 GMT | 27 | Temporary CA | DNS:www.sweethome.box | OK
mta | Jan 14 17:37:18 2024 GMT | Feb 11 17:37:18 2024 GMT | 27 | Temporary CA | DNS:mta-sts.sweethome.box | OK
smtp | Jan 14 17:37:47 2024 GMT | Feb 11 17:37:47 2024 GMT | 27 | Temporary CA | DNS:smtp.sweethome.box | OK
imap | Jan 14 17:39:15 2024 GMT | Feb 11 17:39:15 2024 GMT | 27 | Temporary CA | DNS:imap.sweethome.box | OK
pop | Jan 14 17:39:29 2024 GMT | Feb 11 17:39:29 2024 GMT | 27 | Temporary CA | DNS:pop3.sweethome.box | OK
sogo | Jan 14 17:41:16 2024 GMT | Feb 11 17:41:16 2024 GMT | 27 | Temporary CA | DNS:sogo.sweethome.box | OK
autoconfig | Jan 14 17:41:50 2024 GMT | Feb 11 17:41:50 2024 GMT | 27 | Temporary CA | DNS:autoconfig.sweethome.box | OK
root@bochica:~#
Now that your server is ready to use, you can publish the DNS server on internet
The backup folder
The credentials created from the installation, should be stored in a folder named from the domain name, in the backup folder. This folder is excluded from git as well:
ls -lR backup
backup:
total 8
-rw-r--r-- 1 andre andre 485 Jan 13 11:36 readme.md
drwx------ 6 andre andre 4096 Jan 14 17:42 sweethome.box
backup/sweethome.box:
total 16
drwx------ 2 andre andre 4096 Jan 14 17:42 dns
drwx------ 2 andre andre 4096 Jan 14 17:40 ldap
drwx------ 2 andre andre 4096 Jan 14 17:40 postgresql
drwx------ 2 andre andre 4096 Jan 14 17:42 user
backup/sweethome.box/dns:
total 4
-rw------- 1 andre andre 17 Jan 14 17:33 api-key
backup/sweethome.box/ldap:
total 32
-rw------- 1 andre andre 17 Jan 14 17:34 admin
-rw------- 1 andre andre 21 Jan 14 17:34 frodo
-rw------- 1 andre andre 17 Jan 14 17:34 manager
-rw------- 1 andre andre 21 Jan 14 17:34 meriadoc
-rw------- 1 andre andre 21 Jan 14 17:34 peregrin
-rw------- 1 andre andre 21 Jan 14 17:34 postmaster
-rw------- 1 andre andre 17 Jan 14 17:34 readonly
-rw------- 1 andre andre 21 Jan 14 17:34 samwise
backup/sweethome.box/postgresql:
total 4
-rw------- 1 andre andre 17 Jan 14 17:40 sogo
backup/sweethome.box/user:
total 4
-rw------- 1 andre andre 21 Jan 14 17:42 admin