I have a PBX hosted on Vultr. The NIC is set for DHCP. (Not sure if that is related to this problem or not)
At what seems to be random times, the hostname changes on the PBX. I can change it back either through the GUI or the CLI in the distro, but it will revert back to something like ipaddress.vultr.com.
Why does this occur, and can it be changed to always keep the name I specify?
On the vultr control panel, you can set the reverse dns appropriately, But do that in coordination with your DNS Service, (Servers should never rely on DHCP, DNS (name resolution) should always end up directing connections to the same machine at both layer 3 and layer 2 , both on your LAN and WAN (internet))
I have never had a FreePBX instance on Vultr do that.
What do the logs say about it?
When
dig x your.domain.name
returns your IP and the vultr reverse DNS is “your.domain.name”
you should be good if
cat /etc/hostname
agrees
Unless you have an unusual application, I recommend against setting a reverse DNS entry for a PBX.
Configuring a system so services respond only to the correct domain name provides excellent security against attackers who scan every IPv4 address looking for vulnerable systems. This applies to all services (SIP, provisioning, UCP, admin). A matching reverse DNS would allow the attacker to easily bypass this measure.
My Vultr systems do not have reverse DNS set up, yet I’ve never had an issue with hostname corruption.
Hmmm. A mailserver(because it is exactly that also) without a valid reverse DNS record? How is that working out for you?
I use SendGrid (a few competitors work the same way), for several reasons: Systems can be distributed to multiple customers, with mail configured with just one API key, rather than requiring several different parameters for Outlook, Gmail, etc. It works fine with cloud providers such as Google who block outbound connections to standard SMTP ports. If the key does get compromised, the attacker cannot use it to access non-PBX mail sent or received by the customer. (He could impersonate the customer sending mail, but there are many other ways of doing that anyhow.)
And I use Postfix, it’s quite clever but absolutely relies on your hosts’s apparent legitimacy when sending mail (rDNS being #1 ) (you probably do also as your MTA) .
Please explain why you think
“A matching reverse DNS would allow the attacker to easily bypass this measure.”
and what exactly you mean by “measure” , they have your IP , by what measure do they deduct your name? and if they do (or have), why is that a problem and not a protection for you if so using postfix or any domain dependent service?
Hi Did uou get to the bottom of this ? as we have seen similar on a PBXact server on Vultr but no other server we have there or on Digital ocean.
Seems to be after module updates.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.