Re: Automated DNSSEC (command line)

On May 28, 2010, at 5:11 PM, Michelle Konzack wrote: > > I have updated the serialnumber manualy and it just updated ... > > OK, now I have tried the second Zone > > > > but it tell me: > > RRSIG itsystems.tamay-dogan.net/SOA by 005+

Re: Automated DNSSEC (command line)

In message <20100529001832.gb4...@tamay-dogan.net>, Michelle Konzack writes: > > Hello Mark, > > Am 2010-05-29 09:06:40, hacktest Du folgendes herunter: > > You can just let named re-sign the zone for you. Treat the zones > > as dynamic and named from BIND 9.6 onwards will maintain the > > sign

Re: Automated DNSSEC (command line)

Hello Mark, Am 2010-05-29 09:06:40, hacktest Du folgendes herunter: > You can just let named re-sign the zone for you. Treat the zones > as dynamic and named from BIND 9.6 onwards will maintain the > signatures for you. What do you mean with "Treat the zones as dynamic"? Is there a special optio

Re: Automated DNSSEC (command line)

Hello again, Am 2010-05-28 14:43:54, hacktest Du folgendes herunter: > Looks okay to me. Here's what your signed zone looks like visually: > > http://dnsviz.net/d/tamay-dogan.net/dnssec/ > > Although, it looks like you perhaps didn't increment the zone serial, as > only one of your authoritativ

Re: Automated DNSSEC (command line)

In message <20100528211806.gx4...@tamay-dogan.net>, Michelle Konzack writes: > Hello DNSSEC Experts, > > I am ongoing to install 4 new Name Servers and increse my registrar and > hosting service... =20 > > OK, I have tried to make my own 4 domains with 16 zones signed and it > took me one ho

Re: Automated DNSSEC (command line)

Hello Casey, Am 2010-05-28 14:43:54, hacktest Du folgendes herunter: > Yes, and you really should use one. The two most important things with > signed zones are that your signatures don't expire, and that the right > DNSSEC RRs are included in the zone. So not only does it need to be > resigned

Re: Automated DNSSEC (command line)

Hello Michael, Am 2010-05-28 14:40:30, hacktest Du folgendes herunter: > Check out zkt (http://www.hznet.de/dns/zkt/). > > There are a few more involved tools out there, but zkt sounds like > what you want. OK... > >Can an expert please check 'dig ANY tamay-dogan.net' whether this is > >rig

Re: Automated DNSSEC (command line)

On Fri, May 28, 2010 at 2:18 PM, Michelle Konzack < linux4miche...@tamay-dogan.net> wrote: > Hello DNSSEC Experts, > > I am ongoing to install 4 new Name Servers and increse my registrar and > hosting service... > > OK, I have tried to make my own 4 domains with 16 zones signed and it > took m

Re: Automated DNSSEC (command line)

On 05/28/10 14:18, Michelle Konzack wrote: Hello DNSSEC Experts, I am ongoing to install 4 new Name Servers and increse my registrar and hosting service... OK, I have tried to make my own 4 domains with 16 zones signed and it took me one hour of my life! Since I have to re-sign the zones i

Automated DNSSEC (command line)

Hello DNSSEC Experts, I am ongoing to install 4 new Name Servers and increse my registrar and hosting service... OK, I have tried to make my own 4 domains with 16 zones signed and it took me one hour of my life! Since I have to re-sign the zones if something change it will give me heada

Re: dnssec-keygen is waiting endless...

On 05/28/10 13:53, Michelle Konzack wrote: Hello Evan, Am 2010-05-28 18:33:14, hacktest Du folgendes herunter: Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version 1:9.7.0.dfsg.P1-1~bpo50+1 I get the same problem on Ubuntu, which is Debian-based. /dev/random runs out of ent

Re: dnssec-keygen is waiting endless...

Hello Evan, Am 2010-05-28 18:33:14, hacktest Du folgendes herunter: > > Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version > > 1:9.7.0.dfsg.P1-1~bpo50+1 > > I get the same problem on Ubuntu, which is Debian-based. /dev/random > runs out of entropy rapidly and takes a long tim

Re: dnssec-keygen is waiting endless...

On Fri, May 28, 2010 at 11:25 AM, Michelle Konzack < linux4miche...@tamay-dogan.net> wrote: > > Currently I need to secure my bind9 since I had a massive attack on my > which is the master. Also I have had more then 30 million queries > in less then one week and bind9 has eaten arround 2.4 GByt

Re: dnssec-keygen is waiting endless...

Hello Casey, Am 2010-05-28 11:15:30, hacktest Du folgendes herunter: > Running 'cat /proc/sys/kernel/random/entropy_avail' should show you what > your available entropy is during the keygen process. It show me a number between 0 and several 100 > There are a variety of things you can do to incre

Re: dnssec-keygen is waiting endless...

> Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version > 1:9.7.0.dfsg.P1-1~bpo50+1 I get the same problem on Ubuntu, which is Debian-based. /dev/random runs out of entropy rapidly and takes a long time to recover. Using "dnssec-keygen -r /dev/urandom" will make it finish much f

RE: dnssec-keygen is waiting endless...

Disregard my statement. An incorrect chroot setup will affect the named executable, but not the dnssec-keygen -Original Message- From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Michelle Konzack Sent: Friday

Re: dnssec-keygen is waiting endless...

Hi again, Am 2010-05-28 10:36:51, hacktest Du folgendes herunter: > Or it is a chroot jail and it does not have a source of entropy AFAIK does a chroot give a fals impression bind could be more secure... Currently I need to secure my bind9 since I had a massive attack on my which is the maste

Re: dnssec-keygen is waiting endless...

Hello Jack, Am 2010-05-28 10:36:51, hacktest Du folgendes herunter: > Or it is a chroot jail and it does not have a source of entropy Ehm no... Where must this entrophy be? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant

Re: dnssec-keygen is waiting endless...

On Fri, May 28, 2010 at 10:41 AM, Michelle Konzack < linux4miche...@tamay-dogan.net> wrote: > Hello Paul, > > Am 2010-05-28 12:34:16, hacktest Du folgendes herunter: > > My bet is that this is a VM and you have no entropy. Either generate some > > entropy (eg run in paralel something like: find /

Re: dnssec-keygen is waiting endless...

Hello Paul, Am 2010-05-28 12:34:16, hacktest Du folgendes herunter: > My bet is that this is a VM and you have no entropy. Either generate some > entropy (eg run in paralel something like: find / -type f | xargs grep > KSdgajkgdaksdga) > or create the keys on real iron instead of a VM. No, this

RE: dnssec-keygen is waiting endless...

Or it is a chroot jail and it does not have a source of entropy -Original Message- From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Paul Wouters Sent: Friday, May 28, 2010 9:34 AM To: Michelle Konzack Cc: Bin

Re: dnssec-keygen is waiting endless...

On Fri, 28 May 2010, Michelle Konzack wrote: Hello *; I am retrying to setup DNSSEC but I have a problem with: dnssec-keygen -a RSASHA1 b 1024 -n ZONE tamay-dogan.net because if I issue the command, it waits forever and nothing happen. What can this be? Operating System is "Debian GNU/Li

dnssec-keygen is waiting endless...

Hello *; I am retrying to setup DNSSEC but I have a problem with: dnssec-keygen -a RSASHA1 b 1024 -n ZONE tamay-dogan.net because if I issue the command, it waits forever and nothing happen. What can this be? Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version 1:9.7.0.df

Re: Regarding CNAME Chains

On May 28, 2010, at 8:55 AM, Ashwin wrote: Hi, From the server I get a response like aaa CNAME bbb ccc CNAME ddd bbb CNAME ccc The ordering of the CNAME chain is incorrect, ideally it should be like aaa CNAME bbb bbb CNAME c

Regarding CNAME Chains

Hi, From the server I get a response like aaa CNAME bbb ccc CNAME ddd bbb CNAME ccc The ordering of the CNAME chain is incorrect, ideally it should be like aaa CNAME bbb bbb CNAME ccc ccc CNAME ddd

Re: Weird problem with zone transfer...

Hello Michelle Konzack, Am 2010-05-28 12:17:37, hacktest Du folgendes herunter: > Hello, > > since some days I have weird error messages in my > I have no quota and permissions are right, so what can it be? FSCK! -- Found the error... The replication of my pam-pgsql database was not successf

Re: Weird problem with zone transfer...

See the Linux FAQ entries http://www.isc.org/software/bind/faq -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org h

Weird problem with zone transfer...

Hello, since some days I have weird error messages in my [ '/var/log/namd.log' ]- May 28 08:31:53 vserver4 named[18289]: 28-May-2010 08:31:53.803 general: info: zone tamay-dogan.net/IN: Transfer started. May 28 08:31:53 vserver4 named[18289]: 28-M