Bind behind router--query-source address??

Discussion in 'Installation/Configuration' started by mini14, Oct 10, 2010.

  1. mini14

    mini14 New Member

    Howdy,

    Centos 5.5 (fresh install and updated), ISPConfig 2 (latest)

    How do I resolve this so that it is both secure and does not get over written by ISPConfig 2?

    Should I specify a range of ports to allow on my router for the randomization? What is that range?

    TIA for any help!
     
    Last edited: Oct 10, 2010
  2. falko

    falko Super Moderator ISPConfig Developer

    You can find the BIND templates in /root/ispconfig/isp/conf/. You can place your modified templates to /root/ispconfig/isp/conf/customized_templates/, and they will be used instead of the original templates.
     
  3. mini14

    mini14 New Member

    Thank You!

    So creating a modified template as opposed to editing the original is the correct way to modify any of the templates then correct?

    I appreciate the help in understanding this system!

    Have a great day
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Yes, that's right. If you modify the original template, your changes will be lost when you upgrade ISPConfig.
     
  5. mini14

    mini14 New Member

    Thank Falko!

    A not-so-related question...does ISPConfig 2 need IPv6? I would like to turn off IPv6 support on this box to eliminate upstream DNS issues that I see in my log files.

    How can I properly disable this and have it stay put--also so as not to break any ISPConfig controlled modules?

    There are apparently many interrelationships in these templates and since I don't fully understand them as of yet I need to ask.

    To clarify: If I follow this from the centos 5.5 FAQ's will it break anything?

    8. How do I disable IPv6?

    * Edit /etc/sysconfig/network and set "NETWORKING_IPV6" to "no"
    * Add the following to /etc/modprobe.conf :

    alias ipv6 off
    alias net-pf-10 off

    *

    Run /sbin/chkconfig ip6tables off to disable the IPv6 firewall
    * Reboot the system
    * For 5.4 and later, replace in /etc/modprobe.conf

    alias ipv6 off

    by

    options ipv6 disable=1

    Alternative (which might be easier and works on any release with /etc/modprobe.d):

    # touch /etc/modprobe.d/disable-ipv6.conf
    # echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf

    * With the 5.4 update symbol/ipv6 module dependency capabilities have been introduced; therefore, if IPv6 has been previously disabled as above an upgrade to the bonding driver in 5.4 will result in the bonding kernel module failing to load. For the module to load properly use instead:

    # touch /etc/modprobe.d/disable-ipv6.conf
    # echo "options ipv6 disable=1" >> /etc/modprobe.d/disable-ipv6.conf


    Thanks for your help and for a great product in ISPConfig!
     
    Last edited: Oct 11, 2010
  6. mini14

    mini14 New Member

    Ok..I followed this recommendation in Centos 5 FAQ's

    * With the 5.4 update symbol/ipv6 module dependency capabilities have been introduced;
    therefore, if IPv6 has been previously disabled as above an upgrade to the bonding driver in 5.4
    will result in the bonding kernel module failing to load.
    For the module to load properly use instead:

    # touch /etc/modprobe.d/disable-ipv6.conf
    # echo "options ipv6 disable=1" >> /etc/modprobe.d/disable-ipv6.conf

    It seems to have done the trick..all is well with the overall system, no problems evident with ISPConfig, and no more pesky errors from upstream DNS servers.
     

Share This Page