Certbot DNS Bind Address?

Is there a way to execute certbot such that the outgoing IP will be one of a set of interfaces on the machine instead of the default interface?

One of the messages certbot gives when using:

certbot certonly --manual --preferred-challenges dns 

is:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that.  Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: 

However, I’m running a server with multiple IP addresses with distinct PTR records for each and don’t want the reverse DNS associated with some of the certs to be linkable to the others.

If there isn’t a way to tell certbot itself which interface to use, is there a way within Centos 7 to restrict a command to a particular interface such that it will bind there automatically on a per-execution basis (I still would like to be able to stick this into a cron job, with one for each address.)

SFTP folder permission on mounted Windows share with –bind, it works, but is it secure?

I’m setting up an SFTP server and it works!! Let me start with that. But I’m not sure about the security of my setup or if there is perhaps a better way. To be specific, I’m concerned about the group rights being 770. This was the only way I could get it to work though.

It’s an ubuntu 16 machine (as I can’t figure out how to mount DFS on 18, but that’s a different topic.)

The main Windows Share:
mounted as a limited privilege user

uid=sftp gid=grp_sftp file_mode=0660 dir_mode=0770 

Full mount command

mount -t cifs -o rw,uid=sftp,gid=grp_sftp,file_mode=0660,dir_mode=0770,credentials=/file,domain=EXAMPLE.COM //dfs-server.example.com/Share /mnt/dfs 

SFTP Home folder
The /sftp_users folder contains all users home dirs. Permissions are set with

chown -R sftp:grp_sftp /sftp_users chmod -R 0770 /sftp_users 

SFTP Users
Each user has one or several subfolders on the /mnt/dfs share mapped within their home. This is accomplished with mount --bind and thus takes over the dfs share permissions set in the previous mount.

mount --bind /mnt/dfs/folder/subfolder1/ /sftp_users/testuser/in/ mount --bind /mnt/dfs/folder/subfolder2/ /sftp_users/testuser/out/ 

MySecureShell
This is an excerpt from the important parts of mysecureshell config file /etc/ssh/sftp_config

<Default>         StayAtHome              true    #limit client to his home         VirtualChroot           true    #fake a chroot to the home account         Home                    /sftp_users/$  USER       #overrite home of the user but if you want you can use         ResolveIP               true    #resolve ip to dns         DirFakeUser             true    #Hide real file/directory owner (just change displayed permissions)         DirFakeGroup            true    #Hide real file/directory group (just change displayed permissions)         DirFakeMode             0400    #Hide real file/directory rights (just change displayed permissions)         DefaultRights           0660 0770       #Set default rights for new file and new directory         MinimumRights           0660 0770       #Set minimum rights for files and dirs         ShowLinksAsLinks        false   #show links as their destinations </Default> 

New-PSDrive : Cannot bind argument to parameter ‘Root’ because it is null

Function CleanUp-PSDrive { Get-PSDrive -PSProvider FileSystem | Where { $ .Name -in (69..90 | ForEach-Object { [char]$ })} | Remove-PSDrive }

$ Csv = Import-Csv “path”

$ Csv.Name | ForEach-Object -Begin { $ Letter = 69 } {

New-PSdrive -Root $  _ -Name ([char]$  Letter) -PSProvider FileSystem  #Do some stuff..  if ($  Letter -lt 90)  {      $  Letter++  }  else  {      CleanUp-PSDrive     $  Letter = 69 } 

} -End { CleanUp-PSDrive }

Compiling error Bind in Ubuntu

I am trying to compile a code from a third person that I know it was working in a different computer with this installed: -CentOS 6 64-bit -gcc with full C++14 support. They were using 5.3.1 -kernel 2.6.30 -glibc 2.12

Now, I have: -Ubuntu 18.04.2 LTS -gcc (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0 -Kernel 4.15.0-46-generic #49-Ubuntu -ldd (Ubuntu GLIBC 2.27-3ubuntu1) 2.27

And when I try to compile the next, I get these errors:

enter image description here

src/datasource.cpp: In constructor ‘DataLoop::DataLoop(std::shared_ptr, std::shared_ptr)’: src/datasource.cpp:74:93: error: no matching function for call to ‘libattach::LocalAttach::set_receive_callback(std::_Bind_helper)(std::__cxx11::list&&), DataLoop, const std::_Placeholder<1>&>::type)’ _attach->set_receive_callback (std::bind (&DataLoop::callback, this, std::placeholders::_1));

I think the problem has something to do with the bind and the ubuntu version. Can someone help me? Thank you.

Not blocking off original domain when setting up BIND server

I am trying to set up a BIND server so that I can access my office SFTP servers with the same address both locally and from outside the network. This has worked well, however after setting up the BIND server I am no longer able to access my site, (hosted by Linode), by its domain name from within the local network. I tried adding an A record on my local BIND server to direct potato.com back to the linode server, but that hasn’t worked.

On Linode’s end I’ve configured any subdomain (*.potato.com) to go to my businesses ip address.

I’ve included by configurations:

named.conf.local

zone "potato.com" {     type master;     file "/etc/bind/zones/db.potato.com"; # zone file path     allow-transfer { 192.168.7.63; };           # ns2 private IP address - secondary };  zone "168.192.in-addr.arpa" {     type master;     file "/etc/bind/zones/db.192.168";  # 10.128.0.0/16 subnet     allow-transfer { 192.168.7.63; };  # ns2 private IP address - secondary };  

named.conf.options

acl "trusted" {         192.168.7.62;    # ns1 - can be set to localhost         192.168.7.63;    # ns2         192.168.7/24;    # All? };  options {         directory "/var/cache/bind";         dnssec-validation auto;         auth-nxdomain no;    # conform to RFC1035         listen-on-v6 { any; };         recursion yes;                 # enables resursive queries         allow-recursion { trusted; };  # allows recursive queries from "trusted" clients         listen-on { 192.168.7.62; };   # ns1 private IP address - listen on private network only         allow-transfer { none; };      # disable zone transfers by default          forwarders {                 8.8.8.8;                 8.8.4.4;         }; }; 

db.192.168

$  TTL    604800 @       IN      SOA     potato.com. admin.potato.com. (                               6         ; Serial                          604800         ; Refresh                           86400         ; Retry                         2419200         ; Expire                          604800 )       ; Negative Cache TTL ; name servers       IN      NS      ns1.potato.com.       IN      NS      ns2.potato.com.  ; PTR Records 62.7   IN      PTR     ns1.potato.com.    ; 192.168.7.62 63.7   IN      PTR     ns2.potato.com.    ; 192.168.7.63 70.7   IN      PTR     pickle.potato.com.  ; 192.168.7.70 80.7   IN      PTR     pork.potato.com.  ; 192.168.7.80 62.7   IN      PTR     office-rpi.potato.com.    ; 192.168.7.62 63.7   IN      PTR     suite-rpi.potato.com.    ; 192.168.7.63 

db.potato.com

; ; BIND data file for local loopback interface ; $  TTL    604800 @       IN      SOA     ns1.potato.com. admin.potato.com. (                               7         ; Serial                          604800         ; Refresh                           86400         ; Retry                         2419200         ; Expire                          604800 )       ; Negative Cache TTL  ; name servers - NS records     IN      NS      ns1.potato.com.     IN      NS      ns2.potato.com.  ; name servers - A records ns1.potato.com.          IN      A       192.168.7.62 ns2.potato.com.          IN      A       192.168.7.63  ; 10.128.0.0/16 - A records pickle.potato.com.        IN      A      192.168.7.70 pork.potato.com.        IN      A      192.168.7.80 office-rpi.potato.com.      IN      A      192.168.7.62 suite-rpi.potato.com.  IN      A      192.168.7.63 potato.com                  IN      A      555.555.555.555 

Difference between –rbind and –bind in mounting

I am confused. Linux filesystem is a tree structure, with the root node(starting node) as the root directory. Now let’s suppose I have a folder abc at location /home/abc and another folder xyz at location /home/xyz

Folder xyz consists of some other folders and files inside it. (ex def and mno are folders inside it)

     xyz     /   \    def   mno 

When I run the command

mount –rbind /home/xyz /home/abc

(rbind is recursively bind) I see all the contents of the folder xyz in abc. Now, when i just run the command

mount –bind /home/xyz /home/abc

I still see all the contents of xyz in abc.

Why is that?

--bind to work just as similarly to --rbind

Clients not registering IP in AD with BIND DNS

We have one main office and several foreign offices. Most clients are Windows based, and connect to their respective domain controller.

Some time ago, we switched DNS servers and we made changes to reflect this. However, in foreign offices, client computers are not resolvable.

In the event log on the client, the following event 8019 shown:

The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings:

       Adapter Name : {F8786DCC-C76F-4513-9362-77D8992FD482}        Host Name : COMPITER-001        Primary Domain Suffix : domain.com        DNS server list :             192.168.8.253, 192.168.8.254        Sent update to server : 192.168.1.142:53        IP Address(es) :          10.153.111.35 

192.168.1.142 is our old DNS server. But I have no idea how the client figures this out. Am I missing a setting somewhere?

In our domain controllers, all DNS entries are changed.