Reverse-DNS and Apache Virtual Host

Hi there.

I have a domain on a linode example.com, that is one of many domains I host via Apache 2.2.16 using virtual hosts.

For this particular domain, I was having issues with emails that were being sent out by the site bouncing due to the sending domain not being resolved (mx.example.com).

So, I went in and set the reverse DNS for the linode to be example.com in an attempt to resolve this. However, since that change took affect, any time I access example.com, I get a forbidden error with Apache complaining 'client denied by server configuration'. If I access https://example.com, I have no issues as the site comes up fine (due to the different port #, which leads me to believe this is a networking issue rather than an Apache issue, as the sites Apache config file has not changed in months). Removing example.com from the Linode reverse-dns seems to resolve the issue, but then I am left with the mail issue…

Any suggestions on how to tackle this?

3 Replies

Does anything show up in Apache's log file? Are you sure you're hitting the right server? (curl -I http://example.com/ and curl -I https://example.com/ should look roughly the same.)

Also, what does the output of "apache2ctl -S" look like?

The apache error log is showing the 'client denied by server configuration' errors.

Yes, definitely hitting the right server, nothing has changed about IP addresses, etc and in some cases these sites were working for years without any IP/DNS/Apache changes - the only thing I've changed is changing the reverse DNS.

apache2ctl -S returns:

VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server example.com (/etc/apache2/sites-enabled/example.com:52)
         port 443 namevhost example.com (/etc/apache2/sites-enabled/example.com:52)
*:80                   is a NameVirtualHost
         default server example.com (/etc/apache2/sites-enabled/000-default:1)
         port 80 namevhost example.com (/etc/apache2/sites-enabled/000-default:1)
         port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com:1)
Syntax OK

It looks like the default server on *:80 is in 000-default, and it is using example.com as its ServerName. So, it's the first thing matching (since sites-enabled/000-default comes before sites-enabled/example.com).

The best all-around solution would be to set your hostname to something other than example.com. Something like "bob.example.com". This will require you to explicitly configure everything involving "example.com", especially with e-mail. That's a good thing: letting the system assume things is often a bad idea.

You can also disable the 000-default configuration, although it's often nice to have an unrelated "catch-all" to ensure you've configured your "real" sites correctly. If you add more VirtualHosts in the future, it helps with troubleshooting and keeps things predictable.

So I think solving the mail problem is probably what you're going to want to do. If you have working forward and reverse DNS on whatever.example.com, it should work OK; you can also tell your application to send mail out as something@example.com instead of something@whatever.example.com, which will also ensure that bounces and replies go to somewhere useful.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct