search for: rsasha1

I am reading: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html I have bind installed and default config running. I have not applied my customizations yet. The first step I am taking is getting rndc.key created. So reading the guide I am trying to run (while logged in as root, and in /etc): dnssec-keygen -a hmac-md5 -b 256 -n HOST rndc.key The system is just

...y dnssec-keygen. > > Has anyone else done this? Am I doing things in the right order? If it > works for others, then there is something wrong with my setup... It's working fine for me. I'm using the command ldns-keygen to generate keys though - e.g. ZSK=`/usr/bin/ldns-keygen -a RSASHA1-NSEC3-SHA1 -b 1024 ${zone}` and KSK=`/usr/bin/ldns-keygen -k -a RSASHA1-NSEC3-SHA1 -b 2048 ${zone}` ldns-keygen is from the ldns package. Mine is currently all scripted and automated, has been for months - I started with an Ubuntu tutorial though, not CentOS documentation, and adapted it. I&...

...anyone else done this? Am I doing things in the right order? If it >> works for others, then there is something wrong with my setup... > > It's working fine for me. > > I'm using the command ldns-keygen to generate keys though - e.g. > > ZSK=`/usr/bin/ldns-keygen -a RSASHA1-NSEC3-SHA1 -b 1024 ${zone}` > > and > > KSK=`/usr/bin/ldns-keygen -k -a RSASHA1-NSEC3-SHA1 -b 2048 ${zone}` > > ldns-keygen is from the ldns package. > > Mine is currently all scripted and automated, has been for months - I > started with an Ubuntu tutorial though, not C...

...he problem, first. As it happens, I refined my search phrase a few more times and ultimately discovered the problem ... and the fix: <http://kiteplans.info/2015/01/15/solved-bug-centos-yum-rpm-broken-by-nss-softokn-3-14-3-19-el6_6-update-error-rpmts_hdrfromfdno-error-rpmdbnextiterator-header-v3-rsasha1-signature-key-id-bad/> Both servers are behaving properly now. Thanks again for your kind reply & regards, Carl

Dear All, Version 7.4 of X.509 certificates support for OpenSSH was published yesterday. New feature: - RSASHA1 algorithm for DNS CERT RR as described in RFC 4034 Deprecated option X509rsaSigType is finally removed. More detailed description is available on http://roumenpetrov.info/openssh/ Yours sincerely, Roumen Petrov

Hi All, I had some health issues for a few months and I barely recall dealing with Heartbleed ... it's all just a blur. Now I'm getting back up to speed, but I have a pair of CentOS 6.6 x86_64 + Virtualmin 4.13 GPL servers which no longer seem to be picking up available updates. 'yum check' ran for about 25 minutes this evening on one of them and returned nothing useful. rpm -qa

...--- Jul 21 23:49:14 dc-cloud named[637]: adjusted limit on open files from 524288 to 1048576 Jul 21 23:49:14 dc-cloud named[637]: found 4 CPUs, using 4 worker threads Jul 21 23:49:14 dc-cloud named[637]: using 4 UDP listeners per interface Jul 21 23:49:14 dc-cloud named[637]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448 Jul 21 23:49:14 dc-cloud named[637]: DS algorithms: SHA-1 SHA-256 SHA-384 Jul 21 23:49:14 dc-cloud named[637]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512 Jul 21 23:49:14 dc-clo...