Server Upgrade / FreeBSD / ZFS and More

Today, Esther and I drove to Amsterdam to replace the old Dell R310 named ‘Pandora’ (when all the shit is out the box, only hope remains…) with the new Pandora, a Supermicro XEON-Beastly machine which I bought from Giorgio.

This post will be some form of write-up of what I did, so you can learn from my failure :’-)

The New Pandora…
Lees verder
Geplaatst in Daily stuff | Getagged , , , | Een reactie plaatsen

Holy Cow

Hoeveel wachtwoorden wil je hebben? https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm

Geplaatst in Daily stuff | Reacties uitgeschakeld voor Holy Cow

diederik.nl at DNSSEC?

A small update on DNSSEC.

Infrastructure

I’m running FreeBSD 11 at a dedicated server hosted by ColoClue (<3). My DNS-Server is PowerDNS with MySQL.

Domain registrations are done by OpenProvider (<3), with the great guys from Afraid.org running the slave-DNS Server.

Whilst I’m still in doubt whether DNSSEC is ‘mandatory’ for the internet, several mail-addons (like DANE) run on DNSSEC.

Today, it seems that I have got DNSSEC running for diederik.nl, with help from the awesome pdnsutil tool. I will tell short what I did, and then later on elaborate on why I did it.

Key generation

First, I generated a Private-Public key pair, that is just saved in PowerDNS.

pdnsutil secure-zone diederik.nl

Then I rectified the zone:

pdnsutil rectify-zone diederik.nl

At this point, it seems that the KSK is available, but to have DNSSEC to work, I also need to have a ZSK. Both need to be entered in OpenProvider.

pdnsutil show-zone diederik.nl

Gives me the KSK. I’ll add a ZSK and ZSK rollover-key with the following commands:

pdnsutil add-zone-key diederik.nl zsk 1024 active rsasha256
pdnsutil add-zone-key diederik.nl zsk 1024 inactive rsasha256

Then

pdnsutil show-zone diederik.nl

gives the output:

Openprovider

So we have the KSK and ZSK. Within Openprovider I added the following data:

So the KSK is the Elliptic Curve Key (Also starting with CSK DNSKEY = diederik.nl. IN DNSKEY 257) and the ZSK is starting with CSK DNSKEY = diederik.nl. IN DNSKEY 256

From there, the only thing I needed to do was *TEST*. You can use the website https://en.internet.nl for that…

If this ‘guide’ was any good for you, please drop me a line! It is much appreciated!

Geplaatst in Daily stuff | Reacties uitgeschakeld voor diederik.nl at DNSSEC?

Interessant – Desinformatie

Een groep mensen heeft een interessante website in elkaar gezet over hóe desinformatie zou werken. https://www.slechtnieuws.nl ziet er leuk uit

Geplaatst in Daily stuff | Reacties uitgeschakeld voor Interessant – Desinformatie

Nieuwe treinen….

Gevonden in de NRC:

https://www.nrc.nl/nieuws/2019/02/24/trein-van-de-toekomst-is-snel-en-duur-a3655224#/handelsblad/2019/02/25/#310

Laten ze eerst de oude goed laten rijden…

Geplaatst in Daily stuff | Reacties uitgeschakeld voor Nieuwe treinen….