Questions on how to setup Reverse DNS in bind 9

Spork Schivago sporkschivago at
Thu Jul 21 18:06:51 UTC 2016


I can tell cPanel which IP address to use but I can't pick both of them.
 So Apache doesn't have an entry for the second IP address.   I can
manually add one, but the problem is it'll get replaced every night with
one generated from the templates.   I might be able to just manually edit
the template and add a line that adds the VirtualHost entry for the second
IP address, but I'm not exactly sure how I'd do it.

The templates are a bit weird.   Here's what the beginning of the
ssl_vhost.local template.

<VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[%
ipblock.port %][% END %]>
  # Enable HTTP Strict Transport Security
  Header always set Strict-Transport-Security "max-age=63072000;

  ServerName [% wildcard_safe(vhost.servername) %]
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
  ServerAlias [% alias %]
[% END -%]
[% ELSE -%]
  ServerAlias [% vhost.serveralias %]
[% END -%]

There's a bunch of templates, like main.default, vhost.default and
ssl_vhost.default.   If I want to customize them, I make a copy and replace
the .default extension with the .local extension and then cPanel will use
my custom .local instead of the .default.

I think we're good though.   If I had Apache listening on the second IP
address, I think everything would have been fine.   I believe I
accomplished what I wanted to accomplish.   When we move into the new
house, I'll setup a server in the work room and I'll get a static IP and
try again then, with two different servers instead of one.

Thanks for all the help!

On Thu, Jul 21, 2016 at 2:00 PM, Spork Schivago <sporkschivago at>

> Okay, I do think it was working correctly.   I think that's why I was
> getting the ERR_SSL_PROTOCOL_ERROR in Chrome when I went to my site when
> I had the second IP address added, but other users weren't.  I think the
> users getting the error message in Chrome were pulling the second IP
> address from their DNS servers, but the people who successfully could go to
> their site where getting the first IP address and could successfully see my
> site.
> I can try to explain the cPanel / Apache stuff a bit better.   I have an
> Apache config file, /usr/local/apache/conf/httpd.conf.    There's a bunch
> of comments that say don't edit this file directly.   Use the cPanel
> interface or the "templates".   cPanel has these templates and we run a
> script to rebuild the config file.   It'll automatically populate it with
> stuff like:
> <VirtualHost>
> I can tell cPanel which IP address to use but I can't pick both of them.
> So Apache doesn't have
> On Thu, Jul 21, 2016 at 2:49 AM, Matus UHLAR - fantomas <uhlar at
> > wrote:
>> On 20.07.16 21:40, Spork Schivago wrote:
>>> I don't remember the tools, but I know that the way cPanel handles stuff
>>> with Apache, it broke my website for me.   Using the cPanel / WHM
>>> interface, I could tell Apache to listen on one IP or the other, not
>>> both,
>>> unfortunately.   Some people (my wife's cell for instance) could make it
>>> to
>>> my site, but on her laptop, I could not.   I believe this is because I
>>> redirect everything to port 443 and the SSL certs were setup for the
>>> first
>>> IP, not the second.
>> huh? SSL certs should be created with required hostname, e.g.
>> in CommonName - not the IPs.
>> you just need transfer both public and private keys to other server...
>> just watch out if you don't make the private key available to others.
>>   I believe when I assigned the second IP address to
>>> the A record, sometimes I'd go to the first IP and Apache
>>> would
>>> pick it up, other times, I'd go to the second IP and Apache wouldn't know
>>> how to handle it.   Maybe it was because the SSL certs were created when
>>> I
>>> only had the one IP, I don't know.   But it really messed things up and I
>>> had to remove the second IP again.   I think if I manually edited the
>>> httpd.conf file and regenerated the SSL certs, things might have started
>>> working.
>> this is your problem. don't generate ssl keys when adding IPs.
>> --
>> Matus UHLAR - fantomas, uhlar at ;
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> We are but packets in the Internet of life (
>> _______________________________________________
>> Please visit to
>> unsubscribe from this list
>> bind-users mailing list
>> bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list