Below you will find pages that utilize the taxonomy term “Notes”

Posts

Migrating from OpenDNSSEC to DNSSEC-Tools

My first DNSSEC setups were using OpenDNSSEC, but at some point I prefered to migrate to DNSSEC-Tools.

Here’s a hack (howto) to migrate the KSK keys to .krf format. The ZSK keys will be generated by the first zonesigner run.

#!/bin/sh

ZONE="$1"
KEY="$2"
ALGO="$3"

cd keys
sudo softhsm --export $ZONE.zsk --slot 0 --pin 1234 --id $KEY
softhsm-keyconv --tobind --in $ZONE.zsk --name $ZONE. --algorithm $ALGO

BINDKEY=$(ls K$ZONE*key)
sed -i -e 's/256/257/' $BINDKEY
BASEKEY=$(basename $BINDKEY .key)

cd ..

cat > $ZONE.krf <<EOF
zone	"$ZONE"
	serial		"2011112202"
	kskcur		"$ZONE-signset-00001"
	signedzone	"$ZONE.signed"
	kskcount	"1"
	archivedir	"/var/lib/dnssec-tools/archive"
	kskdirectory	"/cb/ns.df7cb.de/keys"
	zskdirectory	"/cb/ns.df7cb.de/keys"
	endtime		"+2592000"
	lastset		"$ZONE-signset-00004"
	zonefile	"$ZONE"
	keyrec_type	"zone"
	keyrec_signsecs	"1321964086"
	keyrec_signdate	"Tue Nov 22 12:14:46 2011"

set	"$ZONE-signset-00001"
	keys		"$BASEKEY"
	set_type	"kskcur"
	zonename	"$ZONE"
	keyrec_setsecs	"1321961247"
	keyrec_setdate	"Tue Nov 22 11:27:27 2011"

key	"$BASEKEY"
	zonename	"$ZONE"
	keyrec_type	"kskcur"
	algorithm	"$ALGO"
	random		"/dev/urandom"
	keypath		"/cb/ns.df7cb.de/keys/$BINDKEY"
	ksklength	"2048"
	ksklife		"15552000"
	revperiod	"3888000"
	keyrec_gensecs	"1321961248"
	keyrec_gendate	"Tue Nov 22 11:27:28 2011"

EOF

zonesigner -keydirectory keys -usensec3 -genzsk -verbose $ZONE

rollinit $ZONE >> all.rollrec

echo "/cb/ns.df7cb.de/$ZONE.signed $ZONE cb@df7cb.de" >> checkzones.txt

(The filenames at the end are those used by http://www.incertum.net/archives/11-DNSSEC-mit-Debiansqueeze-dnssec-tools,-bind9.html)

read more
Posts

I need to look this up every time

I need to look this up every time I need a backport (mostly PostgreSQL) at a customer site with limited networking:

$ lftp -c 'mget http://backports.debian.org/debian-backports/pool/main/p/postgresql-8.4/*_8.4.5-1~bpo50+1_amd64.deb'

Hopefully I can remember this in the future.

read more
Posts

6to4

Setting up a 6to4 tunnel on freewrt:

#!/bin/sh
# http://tldp.org/HOWTO/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html

ip -6 route flush dev tun6to4
ip link set dev tun6to4 down
ip tunnel del tun6to4

sleep 2

ttldefault=15
ipv4=$(ip a show ppp0 | sed -ne 's/.*inet \([^ ]*\).*/\1/p')
local6to4prefix=$(printf "2002:%02x%02x:%02x%02x" `echo $ipv4 | tr "." " "`)
local6to4address="$local6to4prefix::1"

ip tunnel add tun6to4 mode sit ttl $ttldefault remote any local $ipv4
ip link set dev tun6to4 up
ip -6 addr add $local6to4address/16 dev tun6to4
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4

ip -6 addr add $local6to4address/64 dev eth0.0
ip -6 route add $local6to4address/64 dev eth0.0

sed -i -e "s/prefix.*/prefix $local6to4prefix::\\/64/" /etc/radvd.conf
/etc/init.d/S51radvd restart
read more
Posts

Apt options

Set dpkg options: -o DPkg::Options::=–force-confmiss

Turn off apt key verification: -o Apt::Get::AllowUnauthenticated=true

read more
Posts

C1VE

Setting up X.org on a Sony PCG C1VE on Debian/etch:

  • dpkg-reconfigure xserver-xorg
  • ati
  • rest default
  • edit xorg.conf:
  • Section “Monitor”: ModeLine “1024x480” 65.00 1024 1032 1176 1344 480 488 494 560 -hsync -vsync
  • Section “Screen”, SubSection “Display”: Modes “1024x480” …
read more