FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian ISP

 
 
LinkBack Thread Tools
 
Old 05-02-2011, 08:39 AM
Marek Podmaka
 
Default DNSSEC management

Hello all,

What do you use for DNSSEC management of your/customer's domains? Is
there some existing tools/scripts ready or everyone has its own
self-made scripts?

--
bYE, Marki


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 04972748.20110502103939@marki-online.net">http://lists.debian.org/04972748.20110502103939@marki-online.net
 
Old 05-02-2011, 04:57 PM
Michelle Konzack
 
Default DNSSEC management

Hello Marek Podmaka,

Am 2011-05-02 10:39:39, hacktest Du folgendes herunter:
> Hello all,
>
> What do you use for DNSSEC management of your/customer's domains? Is
> there some existing tools/scripts ready or everyone has its own
> self-made scripts?

Selfmade scripts because other solutions worked not as expected and it
was to comlicate to integrate it in my Admin-Panel.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +49-176-86004575 office

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber linux4michelle@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
 
Old 05-03-2011, 03:48 AM
Thomas Goirand
 
Default DNSSEC management

On 05/03/2011 12:57 AM, Michelle Konzack wrote:
> Hello Marek Podmaka,
>
> Am 2011-05-02 10:39:39, hacktest Du folgendes herunter:
>> Hello all,
>>
>> What do you use for DNSSEC management of your/customer's domains? Is
>> there some existing tools/scripts ready or everyone has its own
>> self-made scripts?
>
> Selfmade scripts because other solutions worked not as expected and it
> was to comlicate to integrate it in my Admin-Panel.
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack

Can you shortly describe what's needed to have DNSSEC working? How does
it work? Just add a new field or something?

Thomas


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DBF7B29.8040103@goirand.fr">http://lists.debian.org/4DBF7B29.8040103@goirand.fr
 
Old 05-03-2011, 12:27 PM
Matus UHLAR - fantomas
 
Default DNSSEC management

> >> What do you use for DNSSEC management of your/customer's domains? Is
> >> there some existing tools/scripts ready or everyone has its own
> >> self-made scripts?

> On 05/03/2011 12:57 AM, Michelle Konzack wrote:
> > Selfmade scripts because other solutions worked not as expected and it
> > was to comlicate to integrate it in my Admin-Panel.

On 03.05.11 11:48, Thomas Goirand wrote:
> Can you shortly describe what's needed to have DNSSEC working? How does
> it work? Just add a new field or something?

For providing DNSSEC, you need to sign the zones, periodically re-sign them,
and periodically push DS recors into parent zones.

For using DNSSEC, you need to provide one or more public keys to your
resolver (recursive nameserver) and maintain that list.

No, it's not easy. Try opendnssec, or google for dnssec and read all the
docs.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110503122728.GA28151@fantomas.sk">http://lists.debian.org/20110503122728.GA28151@fantomas.sk
 
Old 05-03-2011, 12:56 PM
Michelle Konzack
 
Default DNSSEC management

Hello Thomas Goirand,

Am 2011-05-03 11:48:57, hacktest Du folgendes herunter:
> Can you shortly describe what's needed to have DNSSEC working? How does
> it work? Just add a new field or something?

You can search google for "How to setup DNSSEC?" and you will find the
HOWTOs and more. Also you can install "bind9-doc" which describe how to
setup DNSSEC.

I was strictly following the Bv9ARM manual and then the files from
/usr/share/doc/bind9-doc/ and it just worked.

NOTE: Do NOT FORGET to update the serial number before signing
the zones because otherwise you will run into troubles..

> Thomas

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +49-176-86004575 office

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber linux4michelle@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
 
Old 05-03-2011, 01:26 PM
Henrique de Moraes Holschuh
 
Default DNSSEC management

On Mon, 02 May 2011, Marek Podmaka wrote:
> What do you use for DNSSEC management of your/customer's domains? Is
> there some existing tools/scripts ready or everyone has its own
> self-made scripts?

Well, you could roll out your own, of course, but there are good ones out
there already.

We're testing this one: http://registro.br/dnsshim/index-EN.html

DNSSHIM is software maitained by NIC.br, responsible for all of the .br TLD
operations. It works as a shadow master server, so it is extremely easy to
deploy on BIND-like DNSSEC infrastructures.

There are other such DNSSEC key lifetime management suites. I think RIPE
has published one as well (but I am not sure it is FLOSS). Google will find
them.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110503132606.GB13501@khazad-dum.debian.net">http://lists.debian.org/20110503132606.GB13501@khazad-dum.debian.net
 
Old 05-03-2011, 01:27 PM
Emanuele Balla
 
Default DNSSEC management

On 5/3/11 2:27 PM, Matus UHLAR - fantomas wrote:
> For using DNSSEC, you need to provide one or more public keys to your
> resolver (recursive nameserver) and maintain that list.

Or give it the initial root key and tell it to maintain it by itself ;-)

--
# Emanuele Balla # #
# System & Network Engineer # #
# Spin s.r.l. - AS6734 # Phone: +39 040 9869090 #
# Trieste # Email: balla@staff.spin.it #


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DC002AD.1010007@staff.spin.it">http://lists.debian.org/4DC002AD.1010007@staff.spin.it
 
Old 05-03-2011, 02:56 PM
Michelle Konzack
 
Default DNSSEC management

Hello Emanuele Balla,

Am 2011-05-03 15:27:09, hacktest Du folgendes herunter:
> On 5/3/11 2:27 PM, Matus UHLAR - fantomas wrote:
> > For using DNSSEC, you need to provide one or more public keys to your
> > resolver (recursive nameserver) and maintain that list.
>
> Or give it the initial root key and tell it to maintain it by itself ;-)

You mean using the "-i <interval>" option with dnssec-signzone?

I am puzzeling arround, how to use this option on an already signed
zone, because it sounds like the thing I need, to update the zones
automaticaly using a cronjob once a week...

Can you give me an example or a hint please?

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +49-176-86004575 office

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber linux4michelle@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
 
Old 05-03-2011, 03:02 PM
Matus UHLAR - fantomas
 
Default DNSSEC management

> On 5/3/11 2:27 PM, Matus UHLAR - fantomas wrote:
> > For using DNSSEC, you need to provide one or more public keys to your
> > resolver (recursive nameserver) and maintain that list.

On 03.05.11 15:27, Emanuele Balla wrote:
> Or give it the initial root key and tell it to maintain it by itself ;-)

that is the one I mentioned. Another may be the key for DLV.
but yes, named can manage it by itself
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110503150203.GC30043@fantomas.sk">http://lists.debian.org/20110503150203.GC30043@fantomas.sk
 

Thread Tools




All times are GMT. The time now is 04:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org