Hello,
since some days I have weird error messages in my
[ '/var/log/namd.log' ]-
snip
May 28 08:31:53 vserver4 named[18289]: 28-May-2010 08:31:53.803 general: info:
zone tamay-dogan.net/IN: Transfer started.
May 28 08:31:53 vserver4 named[18289]:
Hello Michelle Konzack,
Am 2010-05-28 12:17:37, hacktest Du folgendes herunter:
Hello,
since some days I have weird error messages in my
snip
I have no quota and permissions are right, so what can it be?
FSCK! -- Found the error...
The replication of my pam-pgsql database was not
Hi,
From the server I get a response like
aaa CNAME bbb
ccc CNAME ddd
bbb CNAME ccc
The ordering of the CNAME chain is incorrect, ideally it should be like
aaa CNAME bbb
bbb CNAME ccc
ccc CNAME ddd
Hello *;
I am retrying to setup DNSSEC but I have a problem with:
dnssec-keygen -a RSASHA1 b 1024 -n ZONE tamay-dogan.net
because if I issue the command, it waits forever and nothing happen.
What can this be?
Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version
On Fri, 28 May 2010, Michelle Konzack wrote:
Hello *;
I am retrying to setup DNSSEC but I have a problem with:
dnssec-keygen -a RSASHA1 b 1024 -n ZONE tamay-dogan.net
because if I issue the command, it waits forever and nothing happen.
What can this be?
Operating System is Debian
Or it is a chroot jail and it does not have a source of entropy
-Original Message-
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Paul
Wouters
Sent: Friday, May 28, 2010 9:34 AM
To: Michelle Konzack
Cc:
Hello Paul,
Am 2010-05-28 12:34:16, hacktest Du folgendes herunter:
My bet is that this is a VM and you have no entropy. Either generate some
entropy (eg run in paralel something like: find / -type f | xargs grep
KSdgajkgdaksdga)
or create the keys on real iron instead of a VM.
No, this a
On Fri, May 28, 2010 at 10:41 AM, Michelle Konzack
linux4miche...@tamay-dogan.net wrote:
Hello Paul,
Am 2010-05-28 12:34:16, hacktest Du folgendes herunter:
My bet is that this is a VM and you have no entropy. Either generate some
entropy (eg run in paralel something like: find / -type f
Hi again,
Am 2010-05-28 10:36:51, hacktest Du folgendes herunter:
Or it is a chroot jail and it does not have a source of entropy
AFAIK does a chroot give a fals impression bind could be more secure...
Currently I need to secure my bind9 since I had a massive attack on my
dns1 which is the
Disregard my statement.
An incorrect chroot setup will affect the named executable, but not
the dnssec-keygen
-Original Message-
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of
Michelle Konzack
Sent:
Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version
1:9.7.0.dfsg.P1-1~bpo50+1
I get the same problem on Ubuntu, which is Debian-based. /dev/random
runs out of entropy rapidly and takes a long time to recover.
Using dnssec-keygen -r /dev/urandom will make it finish much
Hello Casey,
Am 2010-05-28 11:15:30, hacktest Du folgendes herunter:
Running 'cat /proc/sys/kernel/random/entropy_avail' should show you what
your available entropy is during the keygen process.
It show me a number between 0 and several 100
There are a variety of things you can do to
On Fri, May 28, 2010 at 11:25 AM, Michelle Konzack
linux4miche...@tamay-dogan.net wrote:
Currently I need to secure my bind9 since I had a massive attack on my
dns1 which is the master. Also I have had more then 30 million queries
in less then one week and bind9 has eaten arround 2.4 GByte
Hello Evan,
Am 2010-05-28 18:33:14, hacktest Du folgendes herunter:
Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version
1:9.7.0.dfsg.P1-1~bpo50+1
I get the same problem on Ubuntu, which is Debian-based. /dev/random
runs out of entropy rapidly and takes a long time to
On 05/28/10 13:53, Michelle Konzack wrote:
Hello Evan,
Am 2010-05-28 18:33:14, hacktest Du folgendes herunter:
Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version
1:9.7.0.dfsg.P1-1~bpo50+1
I get the same problem on Ubuntu, which is Debian-based. /dev/random
runs out of
On 05/28/10 14:18, Michelle Konzack wrote:
Hello DNSSEC Experts,
I am ongoing to install 4 new Name Servers and increse my registrar and
hosting service...
OK, I have tried to make my own 4 domains with 16 zones signed and it
took me one hour of my life!
Since I have to re-sign the zones
On Fri, May 28, 2010 at 2:18 PM, Michelle Konzack
linux4miche...@tamay-dogan.net wrote:
Hello DNSSEC Experts,
I am ongoing to install 4 new Name Servers and increse my registrar and
hosting service...
OK, I have tried to make my own 4 domains with 16 zones signed and it
took me one
Hello Michael,
Am 2010-05-28 14:40:30, hacktest Du folgendes herunter:
Check out zkt (http://www.hznet.de/dns/zkt/).
There are a few more involved tools out there, but zkt sounds like
what you want.
OK...
Can an expert please check 'dig ANY tamay-dogan.net' whether this is
right?
Hello Casey,
Am 2010-05-28 14:43:54, hacktest Du folgendes herunter:
Yes, and you really should use one. The two most important things with
signed zones are that your signatures don't expire, and that the right
DNSSEC RRs are included in the zone. So not only does it need to be
resigned
Hello again,
Am 2010-05-28 14:43:54, hacktest Du folgendes herunter:
Looks okay to me. Here's what your signed zone looks like visually:
http://dnsviz.net/d/tamay-dogan.net/dnssec/
Although, it looks like you perhaps didn't increment the zone serial, as
only one of your authoritative
Hello Mark,
Am 2010-05-29 09:06:40, hacktest Du folgendes herunter:
You can just let named re-sign the zone for you. Treat the zones
as dynamic and named from BIND 9.6 onwards will maintain the
signatures for you.
What do you mean with Treat the zones as dynamic?
Is there a special option?
In message 20100529001832.gb4...@tamay-dogan.net, Michelle Konzack writes:
Hello Mark,
Am 2010-05-29 09:06:40, hacktest Du folgendes herunter:
You can just let named re-sign the zone for you. Treat the zones
as dynamic and named from BIND 9.6 onwards will maintain the
signatures for
22 matches
Mail list logo
