Displaying 20 results from an estimated 10000 matches similar to: "DNSSEC / Security stats (forked from php thread)"
2015 Dec 24
0
Centos7 poblems with dnssec-keygen
On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
> I am reading:
>
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
>
> I have bind installed and default config running. I have not applied my
> customizations yet. The first step I am taking is getting rndc.key
> created. So reading the guide I am trying to run (while logged in as
> root, and
2015 Dec 24
2
Centos7 poblems with dnssec-keygen
On 12/24/2015 03:50 PM, Alice Wonder wrote:
>
>
> On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
>> I am reading:
>>
>> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
>>
>>
>> I have bind installed and default config running. I have not applied my
>> customizations yet. The first step I am taking is getting
2017 Feb 01
0
Script not running correctly as cronjob
In article <86827d81f1944333ae213f2d3f19856a at 2sic.com>,
Daniel Reich <Daniel.Reich at 2sic.com> wrote:
> Hi
>
> I have a script to resign all DNS zones every two weeks. When i run the script from bash, it works like it should. But
> when it is executed in cron not. Its starting normal as cronjob:
> Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh
2017 Feb 01
4
Script not running correctly as cronjob
Hi
I have a script to resign all DNS zones every two weeks. When i run the script from bash, it works like it should. But when it is executed in cron not. Its starting normal as cronjob:
Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh /opt/dnssec/resign_dnssec_zones.sh)
But after i get a mail that everything is finsihed, but it isn't.
03:04:28 DNSSEC-Signierung abgeschlossen
The script
2017 Feb 01
1
Script not running correctly as cronjob
Thank you for the hints
I modified like you described.
I also moved the permission part out of the loop (once at the end of the script is enough).
Now with the "set -x" the script is working also in cron.
Best regards
Daniel
-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Tony Mountifield
Sent: Wednesday, February 1, 2017 11:04 AM
To:
2015 Dec 24
2
Centos7 poblems with dnssec-keygen
I am reading:
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
I have bind installed and default config running. I have not applied my
customizations yet. The first step I am taking is getting rndc.key
created. So reading the guide I am trying to run (while logged in as
root, and in /etc):
dnssec-keygen -a hmac-md5 -b 256 -n HOST rndc.key
The system is just
2019 Feb 13
0
DNSSEC Questions
On 2/12/19 7:26 PM, Paul R. Ganci wrote:
> Last weekend I had my DNSSEC keys expire. I discovered that they had
> expired the hard way... namely randomly websites could not be found and
> email did not get delivered. It seems that the keys were only valid for
> what I estimate was about 30 days. It is a real PITA to have update the
> keys, restart named and then update Godaddy
2019 Feb 13
0
DNSSEC Questions
On 2/12/19 11:49 PM, Paul R. Ganci wrote:
>
> On 2/12/19 10:55 PM, Alice Wonder wrote:
>> DNSSEC keys do not expire. Signatures do expire. How long a signature
>> is good for depends upon the software generating the signature, some
>> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>>
>> The keys are in DNSSKEY records that are signed
2019 Feb 13
2
DNSSEC Questions
Last weekend I had my DNSSEC keys expire. I discovered that they had
expired the hard way... namely randomly websites could not be found and
email did not get delivered. It seems that the keys were only valid for
what I estimate was about 30 days. It is a real PITA to have update the
keys, restart named and then update Godaddy with new digests.
The first part of the problem is fairly
2019 Jul 10
2
Samba and DNSSEC
Hi community,
we have tow DCs there works under domain babis.local
We are using unbound on our firewall for the interfaces as default DNS-Server.
Unbound is activated and has an overwrite from our AD-Domain babis.local to the DCs.
When DNSSEC is disabled on unbound, DNS-Queries to dc works perfect.
When DNSSEC is activated on unbound, DNS-Queries will be send to root DNS-Servers and i got
2016 Apr 27
2
Apache/PHP Installation - opinions
On Wed, Apr 27, 2016 at 1:04 AM, Alice Wonder <alice at domblogger.net> wrote:
> Not with a smtp that enforces DANE.
I'm aware of how DANE works.
The only problem is no MTA outside of Postfix implements it.
You can thank the hatred of DNSSEC for that.
Brandon Vincent
2016 Apr 27
0
Apache/PHP Installation - opinions
On 04/27/2016 01:06 AM, Brandon Vincent wrote:
> On Wed, Apr 27, 2016 at 1:04 AM, Alice Wonder <alice at domblogger.net> wrote:
>> Not with a smtp that enforces DANE.
>
> I'm aware of how DANE works.
>
> The only problem is no MTA outside of Postfix implements it.
>
> You can thank the hatred of DNSSEC for that.
>
I never understood the hatred for DNSSEC.
2016 Apr 27
2
Apache/PHP Installation - opinions
On 04/27/2016 07:50 PM, Alice Wonder wrote:
> On 04/27/2016 12:41 AM, Alice Wonder wrote:
>> On 04/27/2016 12:30 AM, James Hogarth wrote:
>> *snip*
>>>
>>> Unless you have a very specific requirement for a very bleeding edge
>>> feature it's fundamentally a terrible idea to move away from the
>>> distribution packages in something as exposed
2016 Apr 27
0
Apache/PHP Installation - opinions
On Wed, Apr 27, 2016 at 1:10 AM, Rob Kampen <rkampen at kampensonline.com> wrote:
> Sounds good, but how many domain MX servers have set up these fingerprint
> keys - 1%, maybe 2%, so how do you code for that? I guess I'm thinking it
> uses it if available. So even if you do post it on your DNS, how many
> clients out there are using DANE on their set up? By the time it
2019 Feb 13
3
DNSSEC Questions
On 2/12/19 10:55 PM, Alice Wonder wrote:
> DNSSEC keys do not expire. Signatures do expire. How long a signature
> is good for depends upon the software generating the signature, some
> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>
> The keys are in DNSSKEY records that are signed by your Key Signing
> Key and must be resigning before the signature
2017 Aug 11
0
is a self signed certificate always invalid the first time?
On 11.08.2017 11:36, Michael Felt wrote:
> This is what Ralph means when he says "have been running a CA for
> 15+ years" - not that he is (though he could!) sell certificates
> commercially - rather, he is using an initial certificate to sign
> later certificates with.
Actually, I do sell certificates to my customers. :-) In small numbers,
and only for servers to which I
2017 Aug 18
0
is a self signed certificate always invalid the first time?
On Fri, August 18, 2017 5:02 pm, Michael Felt wrote:
> On 8/11/2017 1:29 PM, Ralph Seichter wrote:
>>> And, Ralph, I salute you. I have never been able to be disciplined
>>> enough to be my own CA.
>> I encourage you to look into the subject again.
>>
> I actually have been, which is why I could give a near sensible reply.
> Thanks for the encouragement!
2016 Apr 27
0
Apache/PHP Installation - opinions
On 04/27/2016 12:41 AM, Alice Wonder wrote:
> On 04/27/2016 12:30 AM, James Hogarth wrote:
> *snip*
>>
>> Unless you have a very specific requirement for a very bleeding edge
>> feature it's fundamentally a terrible idea to move away from the
>> distribution packages in something as exposed as a webserver ...
>
> I use to believe that.
>
> However I no
2017 Aug 18
5
is a self signed certificate always invalid the first time?
On 8/11/2017 1:29 PM, Ralph Seichter wrote:
> On 11.08.2017 11:36, Michael Felt wrote:
>
>> This is what Ralph means when he says "have been running a CA for
>> 15+ years" - not that he is (though he could!) sell certificates
>> commercially - rather, he is using an initial certificate to sign
>> later certificates with.
> Actually, I do sell certificates
2013 Nov 08
15
Dovecot MTA
Hi all,
I've never really wanted to create my own MTA, because I like Postfix quite a lot. And I always thought it would require a horribly lot of time to be able to create something that was anywhere even close to having Postfix's features. (I would shudder to even think about recreating Dovecot from scratch nowadays.) But slowly over time I've also been thinking of ways how things