DNSSEC management
Hello all,
What do you use for DNSSEC management of your/customer's domains? Is there some existing tools/scripts ready or everyone has its own self-made scripts? -- bYE, Marki -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 04972748.20110502103939@marki-online.net">http://lists.debian.org/04972748.20110502103939@marki-online.net |
DNSSEC management
Hello Marek Podmaka,
Am 2011-05-02 10:39:39, hacktest Du folgendes herunter: > Hello all, > > What do you use for DNSSEC management of your/customer's domains? Is > there some existing tools/scripts ready or everyone has its own > self-made scripts? Selfmade scripts because other solutions worked not as expected and it was to comlicate to integrate it in my Admin-Panel. Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle Konzack Owner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office <http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/> <http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/> Jabber linux4michelle@jabber.ccc.de ICQ #328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
DNSSEC management
On 05/03/2011 12:57 AM, Michelle Konzack wrote:
> Hello Marek Podmaka, > > Am 2011-05-02 10:39:39, hacktest Du folgendes herunter: >> Hello all, >> >> What do you use for DNSSEC management of your/customer's domains? Is >> there some existing tools/scripts ready or everyone has its own >> self-made scripts? > > Selfmade scripts because other solutions worked not as expected and it > was to comlicate to integrate it in my Admin-Panel. > > Thanks, Greetings and nice Day/Evening > Michelle Konzack Can you shortly describe what's needed to have DNSSEC working? How does it work? Just add a new field or something? Thomas -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4DBF7B29.8040103@goirand.fr">http://lists.debian.org/4DBF7B29.8040103@goirand.fr |
DNSSEC management
> >> What do you use for DNSSEC management of your/customer's domains? Is
> >> there some existing tools/scripts ready or everyone has its own > >> self-made scripts? > On 05/03/2011 12:57 AM, Michelle Konzack wrote: > > Selfmade scripts because other solutions worked not as expected and it > > was to comlicate to integrate it in my Admin-Panel. On 03.05.11 11:48, Thomas Goirand wrote: > Can you shortly describe what's needed to have DNSSEC working? How does > it work? Just add a new field or something? For providing DNSSEC, you need to sign the zones, periodically re-sign them, and periodically push DS recors into parent zones. For using DNSSEC, you need to provide one or more public keys to your resolver (recursive nameserver) and maintain that list. No, it's not easy. Try opendnssec, or google for dnssec and read all the docs. -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20110503122728.GA28151@fantomas.sk">http://lists.debian.org/20110503122728.GA28151@fantomas.sk |
DNSSEC management
Hello Thomas Goirand,
Am 2011-05-03 11:48:57, hacktest Du folgendes herunter: > Can you shortly describe what's needed to have DNSSEC working? How does > it work? Just add a new field or something? You can search google for "How to setup DNSSEC?" and you will find the HOWTOs and more. Also you can install "bind9-doc" which describe how to setup DNSSEC. I was strictly following the Bv9ARM manual and then the files from /usr/share/doc/bind9-doc/ and it just worked. NOTE: Do NOT FORGET to update the serial number before signing the zones because otherwise you will run into troubles.. > Thomas Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle Konzack Owner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office <http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/> <http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/> Jabber linux4michelle@jabber.ccc.de ICQ #328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
DNSSEC management
On Mon, 02 May 2011, Marek Podmaka wrote:
> What do you use for DNSSEC management of your/customer's domains? Is > there some existing tools/scripts ready or everyone has its own > self-made scripts? Well, you could roll out your own, of course, but there are good ones out there already. We're testing this one: http://registro.br/dnsshim/index-EN.html DNSSHIM is software maitained by NIC.br, responsible for all of the .br TLD operations. It works as a shadow master server, so it is extremely easy to deploy on BIND-like DNSSEC infrastructures. There are other such DNSSEC key lifetime management suites. I think RIPE has published one as well (but I am not sure it is FLOSS). Google will find them. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20110503132606.GB13501@khazad-dum.debian.net">http://lists.debian.org/20110503132606.GB13501@khazad-dum.debian.net |
DNSSEC management
On 5/3/11 2:27 PM, Matus UHLAR - fantomas wrote:
> For using DNSSEC, you need to provide one or more public keys to your > resolver (recursive nameserver) and maintain that list. Or give it the initial root key and tell it to maintain it by itself ;-) -- # Emanuele Balla # # # System & Network Engineer # # # Spin s.r.l. - AS6734 # Phone: +39 040 9869090 # # Trieste # Email: balla@staff.spin.it # -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4DC002AD.1010007@staff.spin.it">http://lists.debian.org/4DC002AD.1010007@staff.spin.it |
DNSSEC management
Hello Emanuele Balla,
Am 2011-05-03 15:27:09, hacktest Du folgendes herunter: > On 5/3/11 2:27 PM, Matus UHLAR - fantomas wrote: > > For using DNSSEC, you need to provide one or more public keys to your > > resolver (recursive nameserver) and maintain that list. > > Or give it the initial root key and tell it to maintain it by itself ;-) You mean using the "-i <interval>" option with dnssec-signzone? I am puzzeling arround, how to use this option on an already signed zone, because it sounds like the thing I need, to update the zones automaticaly using a cronjob once a week... Can you give me an example or a hint please? Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle Konzack Owner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office <http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/> <http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/> Jabber linux4michelle@jabber.ccc.de ICQ #328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
DNSSEC management
> On 5/3/11 2:27 PM, Matus UHLAR - fantomas wrote:
> > For using DNSSEC, you need to provide one or more public keys to your > > resolver (recursive nameserver) and maintain that list. On 03.05.11 15:27, Emanuele Balla wrote: > Or give it the initial root key and tell it to maintain it by itself ;-) that is the one I mentioned. Another may be the key for DLV. but yes, named can manage it by itself -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20110503150203.GC30043@fantomas.sk">http://lists.debian.org/20110503150203.GC30043@fantomas.sk |
| All times are GMT. The time now is 11:06 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.