Displaying 6 results from an estimated 6 matches for "dsset".
Did you mean:
asset
2019 Feb 13
3
DNSSEC Questions
...t site suggested the use of dnssec-signzone after key creation ala a
command like (the stuff that follows has been sanitized):
> dnssec-signzone -3 `head -c 1000 /dev/random | sha1sum | cut -b 1-16`
-N INCREMENT -o domain.tld -t domain.tld.zone
After resigning with that command a file named dsset-domain.tld. is
created which contains 2 digests.
> cat dsset-domain.tld.
domain.tld. IN DS 20716 7 1 04E3E6C87CD4190F74DD0371A14AD5CC42B71521
domain.tld. IN DS 20716 7 2
FA6D0EF0100855E5C85C6CD5A33590681DD9D7D9F6C773785C53E865 E02FF572
It is the keytag (20716) and the digests (hex fields) t...
2019 Feb 13
0
DNSSEC Questions
...ssec-signzone after key creation ala a
> command like (the stuff that follows has been sanitized):
>
> > dnssec-signzone -3 `head -c 1000 /dev/random | sha1sum | cut -b 1-16`
> -N INCREMENT -o domain.tld -t domain.tld.zone
>
> After resigning with that command a file named dsset-domain.tld. is
> created which contains 2 digests.
>
> > cat dsset-domain.tld.
> domain.tld. IN DS 20716 7 1 04E3E6C87CD4190F74DD0371A14AD5CC42B71521
> domain.tld. IN DS 20716 7 2
> FA6D0EF0100855E5C85C6CD5A33590681DD9D7D9F6C773785C53E865 E02FF572
>
> It is the keyta...
2017 Feb 01
4
Script not running correctly as cronjob
...t;/var/named/chroot/var/named"
LOG="/var/named/chroot/var/log/dnssec_resign.log"
MAILREC="monitor at xx"
#delete old signed files
rm -rf $ZONEDIR/*.signed
#delete the old log
rm -rf $LOG
#read the zonefiles
ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
for FILES in $ZONEFILES; do
#remove the .zone at the end
ZONE=$(echo "${FILES%.*}")
#remove the old signed zone
rm -rf $ZONEDIR/$ZONE.signed
#Sign the zone
cd $ZONEDIR
dnssec-signzone -o $ZONE -k $KSKDIR/K$ZONE.*.key -e +3024000 -f $ZONE.signed $ZONED...
2019 Feb 13
2
DNSSEC Questions
Last weekend I had my DNSSEC keys expire. I discovered that they had
expired the hard way... namely randomly websites could not be found and
email did not get delivered. It seems that the keys were only valid for
what I estimate was about 30 days. It is a real PITA to have update the
keys, restart named and then update Godaddy with new digests.
The first part of the problem is fairly
2017 Feb 01
1
Script not running correctly as cronjob
.../named/chroot/var/log/dnssec_resign.log"
> MAILREC="monitor at xx"
>
> #delete old signed files
> rm -rf $ZONEDIR/*.signed
>
> #delete the old log
> rm -rf $LOG
>
> #read the zonefiles
> ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
>
> for FILES in $ZONEFILES; do
> #remove the .zone at the end
> ZONE=$(echo "${FILES%.*}")
Why not just: ZONE=${FILES%.*}
> #remove the old signed zone
> rm -rf $ZONEDIR/$ZONE.signed
You deleted them all further up.
> #Sign the zone
>...
2017 Feb 01
0
Script not running correctly as cronjob
.../named/chroot/var/log/dnssec_resign.log"
> MAILREC="monitor at xx"
>
> #delete old signed files
> rm -rf $ZONEDIR/*.signed
>
> #delete the old log
> rm -rf $LOG
>
> #read the zonefiles
> ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
>
> for FILES in $ZONEFILES; do
> #remove the .zone at the end
> ZONE=$(echo "${FILES%.*}")
Why not just: ZONE=${FILES%.*}
> #remove the old signed zone
> rm -rf $ZONEDIR/$ZONE.signed
You deleted them all further up.
> #Sign the zone
>...