Allow-Request in Bind

Recently i figured out that using Openvpn on my Android phone failed to properly query DNS using my Bind9 service.
Following entries appeared in syslog in my attempts to access http sites:

client 74.125.189.18#38921: query (cache) ‘ns1.domain2.com/A/IN’ denied

I had to do the following to make it work.

Add following line in /etc/bind/named.conf.local

// Managing acls
acl internals { 127.0.0.0/8; 192.168.1.0/24; 10.8.0.0/24; };

and

// Allow recursive queries to the local hosts
allow-recursion { internals; };

in /etc/bind/named.conf.options

And it worked!

Revoke OpenVpn Certificate

First step is to navigate to /etc/openvpn/easy-rsa where keys and certificates are stored.

After that we should run source ./vars and then ./revoke-full CertificateName. The latter should be only the name without the extension.

Index.txt file inside keys folder should write R in front of each certificate revoked before.

OpenVPN – Adding a new client without having to ./clean-all

When you try to add a new client in OpenVPN you are instructed to ./clean-all with the after-effect to start transferring again all the keys to the clients.

That’s not desirable at all…

You can do the following to bypass this:

chmod +x vars
./vars
source ./vars
./build-key clientname