Tuesday, June 23, 2020

About zone files

We own the mylino.net domain, and our registrar is ovh.com. The OVH web interface lets us edit the zone file for our domain. But this interface is meant for simple setups. The mylino.net zone file is more complex than usual as it is used for several servers. That’s why we probably prefer to edit the file directly. Which has another advantage: we can store a local backup of our zone file on our computers.

I did this and had a look at our zone file. I am far from understanding every detail in this file. The Wikipedia article on Zone file is useful here because it has a section about the file format.

If the $ORIGIN keyword (which specifies the starting point for the zone in the DNS hierarchy) is omitted, the origin is inferred by the server software from the reference to the zone file in its server configuration.

The $TTL keyword specifies the default expiration time of all resource records without their own TTL value.

As a minimum, the zone file must specify the SOA record (Start of Authority) with the name of the authoritative master name server for the zone and the email address of someone responsible for management of the name server. The email address in the SOA RR has the @ symbol replaced by a period.

In the zone file, host names that do not end in a period are relative to the origin. Names ending with a full stop (or point) are said to be fully qualified domain names.

Introductions into the DNS system:

• Steve Cope explains basic concepts of DNS by comparing it to a football team in his guide DNS Zones and Zone Files Explained

• What is a DNS ZONE file: A Complete Tutorial on zone file and its contents

Configuring the avanti server

I worked on avanti server (mdg2):

$ sudo apt-get install opendkim opendkim-tools
$ sudo nano /etc/opendkim.conf

Configure laudate mailing lists

https://lists.laudate.ee/ says “502 Bad gateway”.

The nginx error.log says:

2020/06/23 08:17:01 [crit] 750#750: *3828 connect() to
  unix:/opt/mailman/mailman-suite/mailman-suite_project/mailman.sock
  failed (13: Permission denied) while connecting to upstream,
  client: 176.46.90.31, server: lists.laudate.ee,
  request: "GET / HTTP/1.1",
  upstream: "uwsgi://unix:/opt/mailman/mailman-suite/mailman-suite_project/mailman.sock:",
  host: "lists.laudate.ee"

I changed the user in /etc/supervisor/conf.d/mailman.conf from “hamza” to “www-data”.

I changed the owner of the socket file:

$ sudo chown www-data:www-data /opt/mailman/mailman-suite/mailman-suite_project/mailman.sock

Now the error message changed from (13: Permission denied) to (111: Connection refused):

2020/06/23 08:30:32 [error] 1791#1791: *6 connect() to
unix:/opt/mailman/mailman-suite/mailman-suite_project/mailman.sock
failed (111: Connection refused) while connecting to upstream,
client: 176.46.90.31, server: lists.laudate.ee,
request: "GET / HTTP/1.1",
upstream: "uwsgi://unix:/opt/mailman/mailman-suite/mailman-suite_project/mailman.sock:",
host: "lists.laudate.ee"

Aha, the files below /opt/mailman were not group-owned by www-data.

Now the connect works and I can see the mailman web interface. But it says:

Something went wrong.
Mailman REST API not available. Please start Mailman core.

Here is the status of what I would call the “Mailman core”:

$ sudo service mailman3 status
● mailman3.service - LSB: Mailman3 server
   Loaded: loaded (/etc/init.d/mailman3; generated)
   Active: active (exited) since Tue 2020-06-23 09:11:16 CEST; 2s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 2675 ExecStart=/etc/init.d/mailman3 start (code=exited, status=0/SUCCESS)

Jun 23 09:11:16 laudate systemd[1]: mailman3.service: Succeeded.
Jun 23 09:11:16 laudate systemd[1]: Stopped LSB: Mailman3 server.
Jun 23 09:11:16 laudate systemd[1]: Starting LSB: Mailman3 server...
Jun 23 09:11:16 laudate systemd[1]: Started LSB: Mailman3 server.

Looks okay, doesn’t it?

The /var/log/mailman3/uwsgi-error.log file says:

*** Starting uWSGI 2.0.18 (64bit) on [Sun Jun  7 01:08:30 2020] ***
compiled with version: 8.3.0 on 06 June 2020 23:03:41
os: Linux-4.19.0-8-amd64 #1 SMP Debian 4.19.98-1+deb10u1 (2020-04-27)
nodename: jane
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /opt/mailman/mailman-suite/mailman-suite_project
detected binary path: /opt/mailman/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
cannot setgid() as non-root user

I asked Ecosia about “mailman3 no internal routing support, rebuild with pcre support” and found this page. So I tried:

$ sudo apt-get install libpcre3 libpcre3-dev
libpcre3 is already the newest version (2:8.39-12).
The following additional packages will be installed:
  libpcre16-3 libpcre32-3 libpcrecpp0v5
The following NEW packages will be installed:
  libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5

$ . /opt/mailman/venv/bin/activate
$ pip freeze | grep uWSGI
uWSGI==2.0.18

But no, that didn’t help.