I both domain and Im setting up Hestia at my VPS but after I setup SMTP Relay to be at brevo. SMTP relay at Brevo (formerly Sendinblue) is a service that allows me to send emails through their servers using the Simple Mail Transfer Protocol (SMTP). Essentially, it acts as a middleman for sending emails from your system or application to the recipient's email server. So I can send mail to my gmail but I cant receive one from it, I'm getting an error 554 5.7.1 : Relay access denied I did the authentication for relay service for my domain, what is MTA? I'm a newbie so here is log from my machine $ tail -f -s0.1 /var/log/exim4/mainlog 2025-06-10 11:11:57 End queue run: pid=1218117 2025-06-10 11:25:51 TLS error on connection from cloud-scanner-260b560e.internet-research-project.net (masscan) [172.104.24.197] (gnutls_handshake): The TLS connection was non-properly terminated. 2025-06-10 11:41:57 Start queue run: pid=1219994 2025-06-10 11:41:57 End queue run: pid=1219994 2025-06-10 12:00:07 1uOxeB-0000000588J-2lFU myname@gmail.com R=send_via_smtp_relay T=smtp_relay_smtp H=smtp-relay.brevo.com [1.179.115.1] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=yes A=smtp_relay_login K C="250 2.0.0 OK: queued as " 2025-06-10 12:00:07 1uOxeB-0000000588J-2lFU Completed 2025-06-10 12:11:57 Start queue run: pid=1223637 2025-06-10 12:11:57 End queue run: pid=1223637 2025-06-10 12:18:37 TLS error on connection from azpdssbc3btd.stretchoid.com [20.65.194.188] (gnutls_handshake): An unexpected TLS packet was received. Somewhere I found similar issue and one guy asked to show log with that command, which log should I post if needed then ? Here is /etc/exim4/update-exim4.conf.conf # /etc/exim4/update-exim4.conf.conf # # This is a Debian specific file dc_eximconfig_configtype='local' dc_other_hostnames='mydomain' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' Here's a picture that might be useful:

I have provisioned my server to domain controller using samba sudo samba-tool domain provision \ --interactive \ --use-rfc2307 \ --backend-store=mdb \ --backend-store-size=16Gb \ --function-level=2016 \ --option="ad dc functional level = 2016" I can join other machines to domain (using sssd) and log in to them using my domain accounts. But I cannot login to my domain controller with my domain administrator account. I tried sssd, but in every instruction I saw - I need to join computer to domain (but I'm already in the domain as a domain controller). Can anyone tell me if it is possible and if so, how can I do it? While I try to log in sudo login administrator@domain.name I'm getting error - user not found If I id administrator@domain.name or id administrator I also get id: «administrator@domain.name»: There is no such user

In the default, the linux doesn't support the domain. But the user can join a domain by applictions, such as: Likewise, Winbind, and so on. For my project, my customers are all enterprise members. For the security problem, most customers' linux host will be joined a domain. Unfortunately, the customer can log in the local host even the linux host has been joined a domain. Such as: (1) The are two accounts in a linux host: a domain account: dev.com\john(the domain is developer.com) a local account: tom (2) The customer can log in with the domain account(dev.com\john) or local account(tom) freely. My task is that write a shell script that will be executed when the user log in. In the shell script, I need to check the user log in with a domain account or a local account. If the user log in with the domain name, I need to get the domain name ; otherwise, I need to get the host name. Then report the domain(or host) name and user name to the remote monitor server. I have tried the following code: hostName=$(hostname) hostFQDN=$(hostname -f) if [ "$hostName" = "$hostFQDN" ]; then # The user didn't log in a domain. hostInfo="$hostName" else # The user logged in a domain. hostInfo=$(hostname -d) fi In the above, I check the host FQDN is equal with the host name or not. If yes, I will believe the customer log in with the domain account; else, local account. Unfortunately, it doesn't work always. The reason is that the host FQDN will not equal with host name always if the linux host is joined a domain, even the customer log in with a local account. Such as: (1) The linux host is joined the domain "dev.com"; (2) The host fqdn will be "yw-host.dev.com" always("yw-host" is the host name), whether the customer log in with domain account or not. Anybody can give a solution please? As my customer can join the domain with multiple domain applications(such as: likewise, winbin, and so on), it is better the solution will not depend on a special domain application. Thanks a lot.

In February some workers in my office got new computers with Windows 11 version 22H2. After joining them to the domain (domain controller is Ubuntu 18.04.6 LTS), nobody could log in on these new computers. I found a solution - to check "Use only Kerberos DES encryption for this account" in AD Users and Computers. I turned this option on for users with new computers. Then they were able to log in, but were unable to change their passwords. I left such situation as temporary solution so they could work, but I was looking for a good solution - to resolve that issue. I found that this problem occured, because in Windows 11 22H2 update, Microsoft has changed some encryption method to avoid Year 2038 problem, but as a result Windows 11 22H2 became incompatible with samba Ubuntu server. After many research I found that probably the only solution is to update Samba to 4.16. I did it 3 days ago, just by running

apt-get update

,

apt-get upgrade

and

reboot

. Later I checked if I still have access to shared server folders on my Windows 10 computer and I had. But after running samba --version on server, I see Version 4.7.6... I don't know why. (In ADUC, I see the operating system of domain controller as Samba 4.10.16 (as before)). Now all workers in the office don't have access to shared folders (me too) except those 3 people who has Windows 11 22H2 and DES Kerberos turned on. What's more, when I start AD Users and Computers I'm getting an error: **Naming information cannot be located because: System cannot contact domain controller to resolve auhtentication request. Try again later. Contact your system administrator to verify that your domain is properly configured and is currently online.** When I click OK, then change domain controller and type server's IP address, I can see all domain data, but when I try to change any user setting, I'm getting errors **Domain does not exist or cannot be contacted.** and **Cannot display domain name for the user for system older than Windows 2000.** When I click OK, I can see all user settings - I can change them, then after reopening the program, I still see changes, but I'm not sure if they work (e.g. I tried creating new user and then logging in as it - not working.) I can access the server via Putty. Please help! What should I do? Is there any solution? Did the samba update went wrong? *****!!!UPDATE!!!***** I resolved the above issue - I don't know how... Suddenly, it just started working. But the main problem - Windows 11 22H2 incompatibility with Samba still persists. My ADUC still shows domain controller operating system as Samba 4.10.16 and

--version

on ubuntu server returns "Version 4.7.6-Ubuntu". I don't know why there's the difference and what's more important: **Why there is no Samba 4.16 version and how to upgrade it to 4.16 version?**

VPS: running Ubuntu linux, accessed remotely via ssh. I have a single ssl certificate, generated using Let's Encrypt. All is working fine. This was before I added another domain, which is now also pointing, via DNS/nameservice, to this same VPS server's ip address. Do I need to generate a separate ssl certificate for each domain-name? I plan to have 2 separate websites, 1 for each domain name. And also a mail server that services both/each domain name's email requirements. Presumably I don't need separate certificates for mail servers and web servers, just the separate domains, if that.

How do I set the fully qualified hostname on CentOS 7.0? I have seen a few posts online for example using: $ sudo hostnamectl set-hostname nodename.domainname However, running domainname returns nothing: $ domainname (none) Also: $ hostname nodename.domainname However, $ hostname -f hostname: Name or service not known $ hostname -d hostname: Name or service not known Some debug output: $ cat /etc/hostname nodename.domainname $ grep ^hosts /etc/nsswitch.conf hosts: files dns

I am having trouble (only recently) logging into a machine at work. I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore... I noticed that after typing the username, and before typing the password it says: **username@domain.local@machine.domain.local's password:** Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?

In Unix (Solaris) is there any command that returns the hostname and domain name together? For instance: hostname -> servername domainname -> us.xyz.com I need : servername.us.xyz.com

I am attempting to run my host machine as a DNS server, it will also function as the gateway. My **/etc/named.conf** is as follows: options { directory "/var/named/"; allow-query {127.0.0.1; 192.168.64.0/24;}; forwarders { 192.168.48.2; }; }; zone "localhost" { type master; file "named.localhost"; }; zone "huh.dod" { type master; file "mydb-huh-dod"; }; My **/var/named/mydb-huh-dod**: $TTL 3D @ IN SOA host.huh.dod. hostmaster.huh.dod.( 2018042901 ; Serial 8H ; Refresh 2H ; Retry 1W ; Expire 1D ; Negative Cache TTL ); @ IN NS host.huh.dod. host IN A 192.168.64.1 I set my hostname as host and configured domain name through the **/etc/sysconfig/network-scripts/ifcfg-eth0** file SEARCH parameter: DNS1="192.168.64.1" IPADDR="192.168.48.10" NETMASK="255.255.255.0" GATEWAY="192.168.48.2" SEARCH="huh.dod" so the **/etc/resolv.conf** looks like: # Generated by NetworkManager search huh.dod nameserver 192.168.64.1 Attempts at using the host command are refused: host host host.huh.dod has address 192.168.64.1 Host host.huh.dod not found: 5(REFUSED) Host host.huh.dod not found: 5(REFUSED) host host.huh.dod host.huh.dod has address 192.168.64.1 Host host.huh.dod not found: 5(REFUSED) Host host.huh.dod not found: 5(REFUSED) I am not sure what the problem is. Perhaps something to do with my iptables firewall? Output of **netstat -anlp | grep 53 | grep LISTEN** tcp 0 0 192.168.64.1:53 0.0.0.0:* LISTEN 942/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 942/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 942/named tcp6 0 0 ::1:953 :::* LISTEN 942/named named is running

I'm running a server that is using a VPN with port forwarding. The IP is only accessible to the outside internet through the port '12345'. So when I want to connect to the server I have to access it by '111.111.111.111:12345' or 'example.com:12345'. I'm wondering if I can set up either a URL Forwarding (Redirect) or a DNS Type record where I can put a domain as 'ssh.example.com' so I can use that to ssh into the server. I would want to run the command: ssh user@ssh.example.com

I am renting a server, running Ubuntu 16.04 at a company, let's name it company.org. Currently, my server is configured like this: - hostname: server737263 - domain name: company.org Here's my FQDN: user@server737263:~ $ hostname --fqdn server737263.company.org This is not surprising. I am also renting a domain name, let's name it domain.org. What I would like to do would be to rename my server as server1.domain.org. This means configuring my hostname as server1 and my domain name as domain.org. **How can I do it correctly?** Indeed, the manpage for hostname is not clear. To me at least: > HOSTNAME(1) > > [...] > > SET NAME > > - When called with one argument or with the --file option, the commands set the host name or the NIS/YP domain name. hostname uses > the sethostname(2) function, while all of the three domainname, > ypdomainname and nisdomainname use setdomainname(2). *Note, that this > is effective only until the next reboot. Edit /etc/hostname for > permanent change.* > > [...] > > THE FQDN > > - *You cannot change the FQDN with hostname or dnsdomainname.* > > [...] So it seems that editing /etc/hostname is not enough? Because if it really changed the hostname, it would have changed the FQDN. There's also a trick I read to change the hostname with the command sysctl kernel.hostname=server1, but nothing says whether this is the correct way or an ugly trick. So: 1. **What is the correct way to set the hostname?** 2. **What is the correct way to set the domain name?**

I am using a Raspberry Pi 2 running Ubuntu Server acting as an active directory domain controller with samba and kerberos etc as detailed in [this video](https://www.youtube.com/watch?v=tgBuvA6J-_8) . I have three Windows 11 Professional clients part of the domain. The clients are configured with their own IP address, use the same network-wide subnet mask, and dns settings are routed to the dc, with the secondary (alternative dns server) as the default wifi router (as a device off the network domain would use). In the video, it shows changing the default gateway of the windows clients to the IP address of the DC. I made this change, and connected to the domain successfully. However, when performing basic searches or accessing external sites online on the clients, it is EXTREMELY SLOW or fails to load even the simplest page. If I change the default gateway of the client back to the router IP address (as it would have been originally), then the webpages load completely fine, however, the client loses the domain entirely, and doesn't even recognise it as existing. E.g. a ping to exampledomain.local doesn't reach. **Is there a way to remain part of the domain, in touch with the DC, whilst using the gateway of the router on the clients?** Very new to all this, including IT forums etc, so feedback on my question appreciated.

I am trying to add mininet hosts to domain in a test environment. I have a host OS (WIn 10) with 2 VMs. One mininet VM and the other WIndows Server 2012 VM which is domain controller. I want the mininet hosts to join the domain. First of all I am unable to reach AD VM from the hosts. Please guide that I am working in the right direction and it is possible for mininet hosts to be part of domain.

what is the difference between idn and idn2 ? (why two that do almost the same. why the output is different. Which one should be used) infile: Amazon.com ama--zon.com a--mazon.com --amazon.com amazon--.com amazon-.com cat infile | idn Amazon.com ama--zon.com a--mazon.com --amazon.com amazon--.com amazon-.com cat infile | idn2 amazon.com ama--zon.com a--mazon.com idn2: toAscii: string start/ends with forbidden hyphen (for 3 last entry) THK **Update:** This is the answer what i'm looking for. Thanks. Vote close. GNU IDN Library - Libidn Please be aware that GNU libidn2 is the successor of GNU libidn. It comes with IDNA 2008 and TR46 implementation and also provides a compatibility layer for GNU libidn.

I recently installed some new servers on my home network to discover that systemd-resolved doesn't resolve hostnames without dots. This got me on a journey on the internet trying to find what is the best practice for choosing a TLD for a private network and future-proof it. To summon it up: there is no possibility to be sure of this. In the early age, during the 90s, the Internet was more a playground for everyone. Then, in the end of the 90s, commercialism took a good grip over the Internet, it's future and over the TLDs. After reading this: https://www.theregister.com/2018/02/12/icann_corp_home_mail_gtlds it is obvious that we will never be sure. The private IP-ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) that will never see the day of light on the public Internet is really common knowledge and regarded as a fact. But concerning TLDs for private networks, there seems to be a lot of confusion . Some of the camps and sources for them are: 1) Never use private TLD - buy a domain! 2) According to https://www.rfc-editor.org/rfc/rfc2606 these are the only valid ones: .test, .example, .invalid, .localhost 3) Here https://www.rfc-editor.org/rfc/rfc6762#appendix-G they advocate to not use private TLDs at all, but if you must, choose one of these: .intranet, .internal, .private, .corp, .home, .lan 4) According to https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#User-assigned_code_elements there are some 2 character TLDs that can be used for private networks. Please read an active draft from ICANN on this subject: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-private-use-tld-00 5) Some suggests using .[0-9] as a private TLD because it is not valid according to RFC-3696 and therefore will never be delegated by ICANN. See: https://cr.yp.to/djbdns/dot-local.html As you can see, for example choosing .home as your private local network TLD could be a gamble. Maybe ICANN will drop it for commercial purposes, maybe not. Questions that comes to mind are: why don't we have a plethora of TLDs for private networks? Is it because there is no money for ICANN in this? Is it because there is no advocate for private users there? Of course this is a reflection of where the main body of people come from that are engaged in these organizations: the universities, the commercial sector and the government. Question: what would be the best mature path to take in this matter? ::: UPDATED WITH CONCLUSIONS ::: After further readings on this subject and looking at the answers and discussions on SE and elsewhere, I have come to the conclusion that these are the future-proof TLDs for private networks: - AA, QM to QZ, XA to XZ, and ZZ - [0-9]{1,}

After upgrading Debian11/KDE to Debian12, restarting and running sudo apt-get upgrade it shows errors like Could not resolve ftp.XX.debian.org. These also show when running sudo apt-get update. I then tried to open websites in the Firefox-esr browser and it can't open any (it shows the "Hmm. We're having trouble finding that site." error). I can't ping any sites either, it shows "*Name or service not known*". So it has problems resolving domain names with DNS. ---- **Details** and what I tried: I tried sudo mv /etc/resolv.conf /etc/backup.resolv.conf. DNS still works on a Debian11 machine and it worked before upgrading to Debian12. The nftables firewall rules are the same as before. The time was off by minutes again but I corrected it so it shouldn't be off by more than seconds. At the end of upgrading at 99% I tried to open the browser when it asked me to replace a certain config file, this caused a black screen (once during updating the screen could not get woken up too) and logged me out so I had to finish upgrading with sudo dpkg --configure -a which seemed to have worked. Maybe I need to check if the upgrading worked. Right now I can't use the Internet on that machine while NetworkManager displays it's properly connected and my router page also shows the device as connected. * grep ^hosts /etc/nsswitch.conf shows hosts: files mdns4_minimal [NOTFOUND=return] dns mymachines * /etc/resolv.conf contains #Generated by NetworkManager nameserver: 1.1.1.1 (I already tried adding nameserver 1.0.0.1 beneath it which didn't help) * nmcli c show | grep -i dns shows the below for the Internet connection (not the VPN connection). On the Debian11 machine where DNS still works those values are different: it does not have connection.dns-over-tls. I think **dns-over-tls** likely has to do with the problem. It's also configured in the router that is used by multiple machines of which only the Debian12 machine can't reach websites. I use IPv4-only for good reasons and a VPN.

connection.mdns:                        -1 (default)
connection.dns-over-tls:                -1 (default)
ipv4.dns:                               1.1.1.1
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.ignore-auto-dns:                   yes
ipv6.dns:                               --
ipv6.dns-search:                        --
ipv6.dns-options:                       --
ipv6.dns-priority:                      0
ipv6.ignore-auto-dns:                   no
IP4.DNS:                             1.1.1.1

----- **Why** is that and how to solve this problem?

I am using Rocky Linux 8.7 on 64-bit
I am configuring and trying to start a BIND domain as follows:
[root@dbwr1 ~]# ls -l /var/named/localdomain.zone
-rw-r-----. 1 root named 506 May 14 19:29 /var/named/localdomain.zone

[root@dbwr1 ~]# cat /var/named/localdomain.zone
$TTL 86400
@ IN SOA dbwr1.localdomain.com. root.localdomain.com. (
2014051001 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum
)
;Name Server Information
@ IN NS dbwr1.localdomain.

;IP address of Name Server
localhost IN A 127.0.0.1
dbwr1 IN A 192.168.24.1
dbwr2 IN A 192.168.24.2
dbwr1-priv IN A 192.168.10.1
dbwr2-priv IN A 192.168.10.1
dbwr1-vip IN A 192.168.24.31
dbwr2-vip IN A 192.168.24.32
dbwr-scan IN A 192.168.24.41
dbwr-scan IN A 192.168.24.42
dbwr-scan IN A 192.168.24.43



-----------------------------------------------

[root@dbwr1 ~]# ls -l /var/named/24.168.192.in-addr.arpa
-rw-r-----. 1 root named 440 May 14 19:27 /var/named/24.168.192.in-addr.arpa

[root@dbwr1 ~]# cat /var/named/24.168.192.in-addr.arpa
$TTL 86400
@ IN SOA dbwr1.localdomain.com. root.localdomain.com. (
2
3H
1H
1W
1H )
;Name Server Information
@ IN NS dbwr1.localdomain.com.
@ IN PTR localdomain.com.

;Reverse lookup for Name Server
dbwr1 IN A 192.168.24.1
dbwr-scan IN A 192.168.24.41
dbwr-scan IN A 192.168.24.42
dbwr-scan IN A 192.168.24.43
1 IN PTR dbwr1.localdomain.com.
41 IN PTR dbwr-scan.localdomain.
42 IN PTR dbwr-scan.localdomain.
43 IN PTR dbwr-scan.localdomain.
-----------------------------------------------

[root@dbwr1 ~]# ls -l /etc/named.conf
-rwxrwxr-x. 1 root root 2018 May 14 19:31 /etc/named.conf

[root@dbwr1 ~]# cat /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; 192.168.24.1; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { localhost; 192.168.24.0/24; };

/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
– If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.root.key”;

managed-keys-directory “/var/named/dynamic”;

pid-file “/run/named/named.pid”;
session-keyfile “/run/named/session.key”;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

zone “localdomain.com” IN {

type master;
file “localdomain.zone”;
allow-update { none; };
};

zone “24.168.192.in-addr.arpa.” IN {

type master;
file “24.168.192.in-addr.arpa”;
allow-update { none; };
};

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

-----------------------------------------------

And I get this output when running

[root@dbwr1 ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2023-05-15 18:30:13 MDT; 14s ago
Process: 6749 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exi>

May 15 18:30:13 dbwr1.localdomain systemd: Starting Berkeley Internet Name Domain (DNS)...
May 15 18:30:13 dbwr1.localdomain bash: /etc/named.conf:14: expected quoted string near '“'
May 15 18:30:13 dbwr1.localdomain systemd: named.service: Control process exited, code=exited status=1
May 15 18:30:13 dbwr1.localdomain systemd: named.service: Failed with result 'exit-code'.
May 15 18:30:13 dbwr1.localdomain systemd: Failed to start Berkeley Internet Name Domain (DNS).


-----------------------------------------------

Can anyone help me to debug this? I appreciate any help

Preferably something similar to iptables. Basically, I want to do domain filtering/whitelisting/blacklisting like I would with IPs in iptables. Are there any recommendations on how to do this?

Maybe I could use tcpdump, filter out all non-HTTP packets to reduce disk consumption, and then parse the output looking for domain names. Maybe there is a better solution. Do you know one?

A domain name is an abstraction for an IP address. Regardless of which computer is at that IP, the domain name should point there. So why then do we associate a domain name with a computer using the /etc/{hosts,hostname} and/or systemd's hostnamectl? I'm definitely clueless, but this just seems wrong to me. I'm setting up my first server at home that will be publicly accessible, using a dynamic DNS for the domain name, and so came across this hosts/hostname question. I'm not the only one to [ask it](https://unix.stackexchange.com/questions/187032/why-must-a-server-know-its-own-host-name-and-domain-name) , but that person didn't get an answer.