Sugar Labs

Service/Nameservers: Difference between revisions

← Older editNewer edit →
No edit summary
No edit summary
Tag: visualeditor-switched
Line 25: Line 25:
!  '''ns1.sugarlabs.org'''
!  '''ns1.sugarlabs.org'''
|  lightwave
|  lightwave
MIT Media Lab, Cambridge, USA
Sonic, Santa Rosa CA, USA
18.85.44.64
192.184.220.216
2002:1255:2c40::1 BROKEN
2001:5a8:601:f::216/64
|-
|-
|  ns2.sugarlabs.net
|  ns2.sugarlabs.net
Line 89: Line 89:
For other domains hosted on Sugar Labs infrastructure (such as eg. somosazucar.org) use:
For other domains hosted on Sugar Labs infrastructure (such as eg. somosazucar.org) use:


  ./update-zone somosazucar.org
  ./update-zone turtleartday.org


This will check the zone before pushing.
This will check the zone before pushing.
Line 102: Line 102:


=== How to create keys for a new domain ===
=== How to create keys for a new domain ===
We standardized on algorithm 13 (ECDSAP256SHA256) because it's what RFC 8624 recommends and what Cloudflare uses:
  cd keys
  cd keys
  dnssec-keygen -a RSASHA1 -b 1024 -n ZONE codewiz.org
  dnssec-keygen -K keys -3 -a ECDSAP256SHA256 -n ZONE codewiz.org
  dnssec-keygen -a RSASHA1 -b 2048 -n ZONE -f KSK codewiz.org
  dnssec-keygen -K keys -3 -a ECDSAP256SHA256 -n ZONE -f KSK codewiz.org


=== How to manually sign a zone ===
=== How to manually sign a zone ===
Line 118: Line 121:
The data to copy is written by dnssec-signzone to the file keys/dsset-DOMAIN and looks like this:
The data to copy is written by dnssec-signzone to the file keys/dsset-DOMAIN and looks like this:


  codewiz.org.            IN DS 7082 8 2 422B9AD0529099938BAB245BD189BBCF485A9194FC35BA3BB04894E9 C914554A
   codewiz.org.            IN DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6
   codewiz.org.            IN DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6


Line 133: Line 135:


* Validate zone data against domain DNSKEY:
* Validate zone data against domain DNSKEY:
  unbound-host -y 'codewiz.org. IN DNSKEY 256 3 5 AwEAAa3dS5/3fkGXuqXft2dN/UPUivGqiYzZF+jWcow8LTAnlsoYaJFB VMAlJWbC6FFI7AMjoJYpmoeDMgHd4BtVqZO2ikx5zc48CtOUHUdXs7nw fMSQoVOnplpTKH2AgyRfDqYhtosP0euyJQNZI+NiYneZb1o1Ys7PE87Y 7FamjXwV' -v codewiz.org
  $ unbound-host -y 'codewiz.org. DNSKEY 256 3 13 IbIcUsP+G7cnSmi12BpuiMjM9LnqvDaRS+qiquGKXxH/qAuOGlODFA4E 18O1OErfu0CkFjg6JEynOG6cSR40yg==' -v codewiz.org
codewiz.org has address 209.51.188.53 (secure)
codewiz.org has IPv6 address 2001:470:142:7::11 (secure)
codewiz.org mail is handled by 10 neo.develer.net. (secure)


* Validate zone data against domain DS key:
* Validate zone data against a domain's DS key:
  unbound-host -y 'codewiz.org. IN DS 58126 5 2 96BF1964F3EA9885F5DE83DA14419F55F579A42BC18759C1B79BDE64 7587CFA8' -v codewiz.org  
  unbound-host -y 'codewiz.org. DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6' -v codewiz.org


* Validate zone data against root DNSKEY:
* Validate zone data against root DNSKEY:
  unbound-host -y '. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=' -v codewiz.org
  unbound-host -D -y '. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=' -v codewiz.org
Retrieved from "https://wiki.sugarlabs.org/go/Service/Nameservers"