Server Naming Considerations

After a long week of fending off hackers trying to use brute force password guessing to ssh into my clients servers, I realized my naming conventions were wreaking all kinds of havok on my administrative tasks.

I had to come up with a system that would take into consideration a myriad of “situations”. It had to be distinguishable in a terminal (not all hostnames are good names). For example all of my live servers had the hostname “server” and development servers “dev”. When you have 4 live servers up and they all report back [email protected], how do you know which one you’re on, without typing “hostname -f” constantly? I tried editing my .bashrc to report a FQDN in the terminal, but I wasn’t doing something right. Exim4 was having issues sending fail2ban emails from root domain, I had to make sure that some sub-domains were on CDN (content delivery networks) and so needed a real, FQDN to be reachable via SSH, SFTP, VPN, etc.

What I came up with simply works, and works great on a vanilla Ubuntu 14.04 LTS install. The hostname is now “srv-moebis”, the hosts file just resolves to localhost.localdomain and localhost, then the fully exposed static IP on the internet is mapped to “ srv-moebis”, you can also use if you don’t have a static IP. > hostname reports “srv-moebis”, terminal shows “[email protected]”, hostname -f repost “”, DNS entries are (pass thru CDN), CNAME (pass thru CDN), CNAME (pass around CDN).

For send only mail via exim4, it’s simple. Now I use the FQDN (you can use the root domain, but I advise against it). My digitalocean droplet has a PTR record that reverse lookups my IP to Listen is on the normal ; ::1 and the rest is blank during “dpkg-reconfigure exim4-config”, I choose maildir at the end, choose whatever you want, doesn’t really matter.

This new system now accounts for development servers. So lets say I’m building a parallel that I want to work on and maybe switch out live at some point. Well same deal. Hostname is “dev-moebis”, hosts dev-moebis, DNS records, I just create a new A NAME for the new Everything else goes the same, exim4 config, etc. When the time comes to bring the server up live, I just rename its hostname, edit the hosts, reconfigure exim4, change the PTR record and point the DNS at the new changes.