Server Upgrade / FreeBSD / ZFS and More

Today, Esther and I drove to Amsterdam to replace the old Dell R310 named ‘Pandora’ (when all the shit is out the box, only hope remains…) with the new Pandora, a Supermicro XEON-Beastly machine which I bought from Giorgio.

This post will be some form of write-up of what I did, so you can learn from my failure :’-)

The New Pandora…
Lees verder
Geplaatst in Daily stuff | Getagged , , , | Een reactie plaatsen

Holy Cow

Hoeveel wachtwoorden wil je hebben?

Geplaatst in Daily stuff | Reacties uitgeschakeld voor Holy Cow at DNSSEC?

A small update on DNSSEC.


I’m running FreeBSD 11 at a dedicated server hosted by ColoClue (<3). My DNS-Server is PowerDNS with MySQL.

Domain registrations are done by OpenProvider (<3), with the great guys from running the slave-DNS Server.

Whilst I’m still in doubt whether DNSSEC is ‘mandatory’ for the internet, several mail-addons (like DANE) run on DNSSEC.

Today, it seems that I have got DNSSEC running for, with help from the awesome pdnsutil tool. I will tell short what I did, and then later on elaborate on why I did it.

Key generation

First, I generated a Private-Public key pair, that is just saved in PowerDNS.

pdnsutil secure-zone

Then I rectified the zone:

pdnsutil rectify-zone

At this point, it seems that the KSK is available, but to have DNSSEC to work, I also need to have a ZSK. Both need to be entered in OpenProvider.

pdnsutil show-zone

Gives me the KSK. I’ll add a ZSK and ZSK rollover-key with the following commands:

pdnsutil add-zone-key zsk 1024 active rsasha256
pdnsutil add-zone-key zsk 1024 inactive rsasha256


pdnsutil show-zone

gives the output:


So we have the KSK and ZSK. Within Openprovider I added the following data:

So the KSK is the Elliptic Curve Key (Also starting with CSK DNSKEY = IN DNSKEY 257) and the ZSK is starting with CSK DNSKEY = IN DNSKEY 256

From there, the only thing I needed to do was *TEST*. You can use the website for that…

If this ‘guide’ was any good for you, please drop me a line! It is much appreciated!

Geplaatst in Daily stuff | Reacties uitgeschakeld voor at DNSSEC?

Interessant – Desinformatie

Een groep mensen heeft een interessante website in elkaar gezet over hóe desinformatie zou werken. ziet er leuk uit

Geplaatst in Daily stuff | Reacties uitgeschakeld voor Interessant – Desinformatie

Nieuwe treinen….

Gevonden in de NRC:

Laten ze eerst de oude goed laten rijden…

Geplaatst in Daily stuff | Reacties uitgeschakeld voor Nieuwe treinen….