This feed contains various notes on stuff I'd like to be able to look up again eventually.

My first DNSSEC setups were using OpenDNSSEC, but at some point I prefered to migrate to DNSSEC-Tools.

Here's a hack (howto) to migrate the KSK keys to .krf format. The ZSK keys will be generated by the first zonesigner run.



cd keys
sudo softhsm --export $ZONE.zsk --slot 0 --pin 1234 --id $KEY
softhsm-keyconv --tobind --in $ZONE.zsk --name $ZONE. --algorithm $ALGO

BINDKEY=$(ls K$ZONE*key)
sed -i -e 's/256/257/' $BINDKEY
BASEKEY=$(basename $BINDKEY .key)

cd ..

cat > $ZONE.krf <<EOF
zone    "$ZONE"
    serial      "2011112202"
    kskcur      "$ZONE-signset-00001"
    signedzone  "$ZONE.signed"
    kskcount    "1"
    archivedir  "/var/lib/dnssec-tools/archive"
    kskdirectory    "/cb/"
    zskdirectory    "/cb/"
    endtime     "+2592000"
    lastset     "$ZONE-signset-00004"
    zonefile    "$ZONE"
    keyrec_type "zone"
    keyrec_signsecs "1321964086"
    keyrec_signdate "Tue Nov 22 12:14:46 2011"

set "$ZONE-signset-00001"
    keys        "$BASEKEY"
    set_type    "kskcur"
    zonename    "$ZONE"
    keyrec_setsecs  "1321961247"
    keyrec_setdate  "Tue Nov 22 11:27:27 2011"

key "$BASEKEY"
    zonename    "$ZONE"
    keyrec_type "kskcur"
    algorithm   "$ALGO"
    random      "/dev/urandom"
    keypath     "/cb/$BINDKEY"
    ksklength   "2048"
    ksklife     "15552000"
    revperiod   "3888000"
    keyrec_gensecs  "1321961248"
    keyrec_gendate  "Tue Nov 22 11:27:28 2011"


zonesigner -keydirectory keys -usensec3 -genzsk -verbose $ZONE

rollinit $ZONE >> all.rollrec

echo "/cb/$ZONE.signed $ZONE" >> checkzones.txt

(The filenames at the end are those used by,-bind9.html)

Posted Di 27 Dez 2011 18:01:45 CET Tags: notes

I need to look this up every time I need a backport (mostly PostgreSQL) at a customer site with limited networking:

$ lftp -c 'mget*_8.4.5-1~bpo50+1_amd64.deb'

Hopefully I can remember this in the future.

Posted Fr 12 Nov 2010 11:25:04 CET Tags: notes

Setting up a 6to4 tunnel on freewrt:


ip -6 route flush dev tun6to4
ip link set dev tun6to4 down
ip tunnel del tun6to4

sleep 2

ipv4=$(ip a show ppp0 | sed -ne 's/.*inet \([^ ]*\).*/\1/p')
local6to4prefix=$(printf "2002:%02x%02x:%02x%02x" `echo $ipv4 | tr "." " "`)

ip tunnel add tun6to4 mode sit ttl $ttldefault remote any local $ipv4
ip link set dev tun6to4 up
ip -6 addr add $local6to4address/16 dev tun6to4
ip -6 route add 2000::/3 via :: dev tun6to4

ip -6 addr add $local6to4address/64 dev eth0.0
ip -6 route add $local6to4address/64 dev eth0.0

sed -i -e "s/prefix.*/prefix $local6to4prefix::\\/64/" /etc/radvd.conf
/etc/init.d/S51radvd restart
Posted So 08 Mär 2009 19:58:37 CET Tags: notes

Set dpkg options: -o DPkg::Options::=--force-confmiss

Turn off apt key verification: -o Apt::Get::AllowUnauthenticated=true

Posted Mi 06 Feb 2008 13:46:09 CET Tags: notes

Setting up on a Sony PCG C1VE on Debian/etch:

  • dpkg-reconfigure xserver-xorg
  • ati
  • rest default
  • edit xorg.conf:
  • Section "Monitor": ModeLine "1024x480" 65.00 1024 1032 1176 1344 480 488 494 560 -hsync -vsync
  • Section "Screen", SubSection "Display": Modes "1024x480" ...
Posted Mi 11 Jul 2007 22:50:41 CEST Tags: notes