0

I have a VPS (CentOS 7) with 2 IP addresses.

I am hosting my own DNS server using Bind. Running Apache. Amongst others I have "A" records for

ns1.example.com -> X.X.X.X
ns2.example.com -> Y.Y.Y.Y
mail.example.com -> X.X.X.X
server.example.com -> X.X.X.X (Fully Qualified Hostname)

If I type mail.example.com in my browser, it shows the website located at example.com.

How do I make mail.example.com inaccessible from a browser without affecting the DNS setup ?

Similarly how do I block access to ns1.example.com, ns2.example.com and server.example.com ?

Froggiz
  • 3,043
  • 1
  • 19
  • 30
Green
  • 11
  • 2
    You want a default virtualhost on the server that handles any domain you don't explicitly want to serve. – ceejayoz Dec 13 '15 at 15:24

2 Answers2

2

Remove the wildcard definition from apache2 configuration and/or set it up so it only "answers" requests directed to example.com and www.example.com

It's not a DNS issue, it's an apache2 configuration issue

You should have something like the described set-up here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7

but replacing the "*:80" parameter with your VPS IP that corresponds with example.com

<VirtualHost PUT_YOUR_VPS_IP_HERE>
    ServerName www.example.com
    ServerAlias example.com
</VirtualHost>

There are some other examples here: https://httpd.apache.org/docs/2.2/vhosts/examples.html

kamihack
  • 312
  • 1
  • 6
  • my /etc/httpd/conf/httpd.conf does not contain * in the VirtualHost blocks. My ServerName is example.com and ServerAlias is www.example.com. I cant find any reference to ns1 so why is my website still displayed when I type ns1.example.com into my browser? How do I only answer requests for example.com and www.example.com? – Green Dec 14 '15 at 02:22
  • please post a copy of your httpd.conf at http://pastebin.com or similar, it's hard to help by guessing what your configuration might be most probably your IP is somewhere in httpd.conf and that matches the IP where ns1.example.com points. That would be a reason, but without knowing your httpd.conf contents, it's a guessing game from this side :) – kamihack Dec 14 '15 at 09:46
0

You can use Alias * to catch any other trafic than thoose allowed in your virtual host, for this you have to use in the last position a virtual host with * as alias.

Like that only defined domain will be served.

<VirtualHost *:80>
ServerName example.com
ServerAlias server.example.com
DocumentRoot /var/www/default
...
</VirtualHost>

# /!\ THIS HAS TO BE ON THE LAST POSITION /!\
<VirtualHost *:80 *:443>
# [ Server Domain ]
ServerName localhost
ServerAlias *
# [ Cancel trafic ]
RewriteRule .* - [END,R=406]
# [ Custom Log ]
CustomLog ${APACHE_LOG_DIR}/other.log combined
</VirtualHost>

In my example only example.com & www.example.com will be allowed, all other domains or IP will have trafic cancelled.

To cancel the trafic you can use a redirect to - and then add an error code, for example i used a RewriteRule to redirect to 406 Not Acceptable (R=406).

Here you can find the list of redirect codes: https://fr.wikipedia.org/wiki/Liste_des_codes_HTTP

Froggiz
  • 3,043
  • 1
  • 19
  • 30