nd also what to do if they are not
the same. I know a client who doesn't do that is not compliant with the
standard, but that would not stop people from doing it ;-(
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26
valuable information for people considering it.
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
pgppiwBTopEWV.pgp
Description: OpenPGP digital signature
__
he basics, if
> there is interest we can add the details.
As I mentioned during the IETF meeting, I am interested in the idea and
would like to contribute.
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
htt
thing about sending a signal when signatures are (about to)
expire.
[1]
https://datatracker.ietf.org/doc/draft-grubto-dnsop-dns-out-of-protocol-signalling/
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNH
trying to reach out to the operators of the upstream servers.
Without any information about the domain name itself, people can only
give general hints.
[1]
https://nlnetlabs.nl/documentation/unbound/unbound.conf/#domain-insecure
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue,
On Wed, 07 Sep 2022 11:54:22 +0200
Berry van Halderen wrote:
> On 2022-09-07 07:26, Stefan Ubbink wrote:
> > Hello,
> >
> > We want to configure OpenDNSSEC to comply with RFC9276 (Guidance for
> > NSEC3 Parameter Settings) and some parts of this RFC are very easy,
&g
the configuration to get an empty salt?
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
pgp_nLr7b3Q_j.pgp
Description: OpenPGP digital signa
ll is stuck in the past, over the last ~1 year, the use of
> algorithm 7 has dropped from a peak of ~2.2 million zones to
> just ~350k zones and lately continuing to fall ~10k/day.
We are currently in the process of an algorithm rollover for our second
level domains.
--
Stefan Ubbink
DNS &
t TCP? The man page on my machine has the
following mentioned under BUGS:
Does not support TCP at this time.
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.n
.
> ods-signer queue shows them, ods-enforcer queue does not.
Did you restart OpenDNSSEC (ods-control stop; ods-control start)?
Before restarting ODS, you might want to write the new files for the
signer using the `ods-enforcer signconf` command.
--
Stefan Ubbink
DNS & Systems Engineer
repository, everything looks normal to me.
When everything looks normal, it seems to me that it should continue to
work normally.
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
opendnssec.org/2020/10/opendnssec-2-1-7/
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
pgpZUV_DQITL3.pgp
Description: OpenPGP digital signature
cc4a433a33a40fce18717beea330a3d1
root@ede1-signa1:~#
How can I tell OpenDNSSEC that this key has already been removed from
the HSM and it should no longer try to remove it from the HSM.
I thought about removing it from hsmKey table in the MySQL database
directly. But I don't know if this has any side effects.
--
Stefan
the bad assumption,
> and get it fixed?
Yesterday a new RC has been released [1] which fixes a signer crash. You
could try to use that version to see if it stays alive.
[1]
https://lists.opendnssec.org/pipermail/opendnssec-user/2021-February/004574.html
--
Stefan Ubbink
DNS & Systems
On Wed, 25 Nov 2020 10:37:19 +0100
Stefan Ubbink via Opendnssec-user
wrote:
> To be able to test the ZSK rollover, I want to change the policy to
> the lab policy, but that fails. I have already mentioned this to Berry
> offlist.
[cut ods-enforcer segfault]
I have created SUPPO
On Tue, 24 Nov 2020 12:57:00 +0100
Anders Löwinger wrote:
> On 2020-11-24 06:06, Stefan Ubbink wrote:
> I tried to compile softhsm2 and opendnssec. I have no keys to purge,
> but it accepts the command.
>
> $ sbin/ods-enforcer --version
> opendnssec version 2.1.8rc1
>
>
"key purge\n"
" --policy | --zoneaka -p
| -z\n"
-" --delete or -d");
+" --delete or -d\n");
}
static void
So the shell PS1 will be shown at a newline instead o
On Mon, 23 Nov 2020 20:15:54 +0100
Anders Löwinger via Opendnssec-user
wrote:
Hello Anders,
> On 2020-11-23 07:12, Stefan Ubbink via Opendnssec-user wrote:
> > Error parsing arguments key purge command line key purge
> > --zone=politie --delete
>
> Do you really have
On Fri, 20 Nov 2020 12:30:34 +0100
Stefan Ubbink via Opendnssec-user
wrote:
> On Wed, 18 Nov 2020 13:22:50 +0100
> "\(Berry\) A.W. van Halderen via Opendnssec-user"
> wrote:
>
> > To the key purge problem. Either when manually purging keys, or
> > havi
gt; a 1 or 2 weeks grace period.
I'll continue testing the new release and will let you know if I find
something else.
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
ion less secure. And of
course it is not supported.
[cut problem with FreeIPA being single homed]
[1] https://github.com/abbra/freeipa/pull/9/files
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
[1] certtool is provided by the gnutls-utils package.
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
pgpXtgYGaGGnu.pgp
Description: OpenPGP digital signature
__
3] shows the CVE's which are fixed in the 1.10.1 release.
[1]
https://github.com/NLnetLabs/unbound/blob/release-1.10.1/doc/Changelog
[2] https://nlnetlabs.nl/projects/unbound/about/
[3] https://github.com/NLnetLabs/unbound/blob/master/doc/Changelog
--
Stefan Ubbink
DNS & Systems Engineer
Prese
On Tue, 11 Feb 2020 08:47:43 +0100
"Berry A.W. van Halderen via Opendnssec-user"
wrote:
> Dear all,
Hello Berry,
> Version 2.1.6 of OpenDNSSEC has been released a few hours ago.
Thank you very much for this new version.
This version is now running in our acceptance setup.
-
ias or something would have been nice.
It is a good thing that ods-enforcer accepts the same arguments.
Remember ods-ksmutil shows a date of next transition for every key,
but ods-enforcer shows only the first date of next transition and shows
it for every key.
[1] https://issues.opendnssec.org/
Because I don't have the dapper system anymore, it is no problem for me.
I don't know about darthanubis.
--
winbindd won't start
https://bugs.launchpad.net/bugs/62921
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
A while ago a security update has been released for Edgy and this
resulted in a reappearance for the bug, because I had fixed it myself.
It would be nice to have the bugfix applied to Edgy as well.
--
mysqlhotcopy emits warning about invalidating an active handle
I have had a look at the log file and I see the following:
[2007/08/15 16:03:44, 0] nsswitch/winbindd.c:main(1071)
unable to initalize domain list
I think this is the reason why it will not stay alive, but I don't know how to
fix this.
Maybe I should create a new bug for this, but it could
** Attachment added: requested smb.conf
http://launchpadlibrarian.net/9201806/smb.conf
--
winbindd won't start
https://bugs.launchpad.net/bugs/62921
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Thank you for this information.
I'll have a look at my log file and see how I can make sure that winbind is not
killed anymore.
--
logrotate unable to restart winbind
https://bugs.launchpad.net/bugs/62921
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
It was produced on a Dapper (6.06) system.
But currently I don't have winbind installed anymore and thus I don't get the
error.
Since it has been a long time since I reported the issue, I don't know for sure
if I got it all the time or once. I thought I got this message every day.
If you want I
Public bug reported:
Binary package hint: mysql-server-5.0
See http://bugs.mysql.com/bug.php?id=20153 for a description and a patch
** Affects: mysql-dfsg-5.0 (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
mysqlhotcopy emits warning about invalidating an active handle
Public bug reported:
Binary package hint: winbind
I get this message from my anacron:
/etc/cron.daily/logrotate:
sh: line 1: kill: (4516) - No such process
error: error running postrotate script for /var/log/samba/log.winbindd
run-parts: /etc/cron.daily/logrotate exited with return code 1
How
33 matches
Mail list logo