Hi, the checks are based on perls Net::DNS modules which usually use the local resolver configuration from the OS.
There is currently no central config item but you can pass other servers to the action class, see docs for OpenXPKI::Server::Workflow::Activity::CSR::CheckPolicyDNS The DNS Check to color-code the output on the WebUI is done "live" by the "CheckDNS" Plugin which is defined in the workflows fields, those also accept a server as parameter. HTH Oliver Am 17.05.19 um 15:01 schrieb Siekmann, Marco: > Hi guys, > > > > I am facing some issues with the DNS checks. > > I entered CN and SAN’s that are public domains but got an unknown DNS > check e.g. www.google.de which results in an additional step in the > workflow. > > With nslookup everything can be reached properly on that system. > > > > In addition, internally we are having non valid DNS names for some > system, but need to add them in the SANs and these lookups are failing > completely. > > So I would like to have a closer look at the DNS policy check as well. > Where can I find that? > > > > Kind regards > > > > Marco > > > > *Marco Siekmann* > > Security & DevOps Engineer > > Bereich Compliance & Information Security > > E-Mail: [email protected] > <mailto:[email protected]> > > Web: www.adesso-service.com <http://www.adesso-service.com/> > > adesso as a service GmbH > Frühlingstraße 8 > 76131 Karlsruhe > > > adesso as a service GmbH *·*Sitz der Gesellschaft: Dortmund > *·*Amtsgericht Dortmund HRB 25321 *·*Geschäftsführer: Stefan Schmitt, > Christopher Schmelter > > > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
