Changes

107 bytes added ,  02:31, 31 July 2022
no edit summary
Line 25: Line 25:  
!  '''ns1.sugarlabs.org'''
 
!  '''ns1.sugarlabs.org'''
 
|  lightwave
 
|  lightwave
MIT Media Lab, Cambridge, USA
+
Sonic, Santa Rosa CA, USA
18.85.44.64
+
192.184.220.216
2002:1255:2c40::1 BROKEN
+
2001:5a8:601:f::216/64
 
|-
 
|-
 
|  ns2.sugarlabs.net
 
|  ns2.sugarlabs.net
Line 89: Line 89:  
For other domains hosted on Sugar Labs infrastructure (such as eg. somosazucar.org) use:
 
For other domains hosted on Sugar Labs infrastructure (such as eg. somosazucar.org) use:
   −
  ./update-zone somosazucar.org
+
  ./update-zone turtleartday.org
    
This will check the zone before pushing.
 
This will check the zone before pushing.
Line 102: Line 102:     
=== How to create keys for a new domain ===
 
=== How to create keys for a new domain ===
 +
 +
We standardized on algorithm 13 (ECDSAP256SHA256) because it's what RFC 8624 recommends and what Cloudflare uses:
 +
 
  cd keys
 
  cd keys
  dnssec-keygen -a RSASHA1 -b 1024 -n ZONE codewiz.org
+
  dnssec-keygen -K keys -3 -a ECDSAP256SHA256 -n ZONE codewiz.org
  dnssec-keygen -a RSASHA1 -b 2048 -n ZONE -f KSK codewiz.org
+
  dnssec-keygen -K keys -3 -a ECDSAP256SHA256 -n ZONE -f KSK codewiz.org
    
=== How to manually sign a zone ===
 
=== How to manually sign a zone ===
Line 118: Line 121:  
The data to copy is written by dnssec-signzone to the file keys/dsset-DOMAIN and looks like this:
 
The data to copy is written by dnssec-signzone to the file keys/dsset-DOMAIN and looks like this:
   −
  codewiz.org.            IN DS 7082 8 2 422B9AD0529099938BAB245BD189BBCF485A9194FC35BA3BB04894E9 C914554A
   
   codewiz.org.            IN DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6
 
   codewiz.org.            IN DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6
   Line 133: Line 135:     
* Validate zone data against domain DNSKEY:
 
* Validate zone data against domain DNSKEY:
  unbound-host -y 'codewiz.org. IN DNSKEY 256 3 5 AwEAAa3dS5/3fkGXuqXft2dN/UPUivGqiYzZF+jWcow8LTAnlsoYaJFB VMAlJWbC6FFI7AMjoJYpmoeDMgHd4BtVqZO2ikx5zc48CtOUHUdXs7nw fMSQoVOnplpTKH2AgyRfDqYhtosP0euyJQNZI+NiYneZb1o1Ys7PE87Y 7FamjXwV' -v codewiz.org
+
  $ unbound-host -y 'codewiz.org. DNSKEY 256 3 13 IbIcUsP+G7cnSmi12BpuiMjM9LnqvDaRS+qiquGKXxH/qAuOGlODFA4E 18O1OErfu0CkFjg6JEynOG6cSR40yg==' -v codewiz.org
 +
codewiz.org has address 209.51.188.53 (secure)
 +
codewiz.org has IPv6 address 2001:470:142:7::11 (secure)
 +
codewiz.org mail is handled by 10 neo.develer.net. (secure)
   −
* Validate zone data against domain DS key:
+
* Validate zone data against a domain's DS key:
  unbound-host -y 'codewiz.org. IN DS 58126 5 2 96BF1964F3EA9885F5DE83DA14419F55F579A42BC18759C1B79BDE64 7587CFA8' -v codewiz.org  
+
  unbound-host -y 'codewiz.org. DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6' -v codewiz.org
    
* Validate zone data against root DNSKEY:
 
* Validate zone data against root DNSKEY:
  unbound-host -y '. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=' -v codewiz.org
+
  unbound-host -D -y '. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=' -v codewiz.org