Line 53: |
Line 53: |
| git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns | | git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns |
| | | |
− | '''IMPORTANT:''' Do not checkout the repository as root. Your user on [[Machine/lightwave]] needs to be in group hostmaster. | + | '''NOTE:''' Your user on [[Machine/lightwave]] needs to be in group hostmaster. Do not clone the repo on lightwave, clone it to your local host. |
| | | |
− | In order to make changes, you will also need the private keys for your domain. For security reasons, these
| + | To push changes, you will also need the DNSSEC private keys for your domain. For security reasons, these |
| are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/ | | are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/ |
| directory alongside the public keys. | | directory alongside the public keys. |
Line 133: |
Line 133: |
| * Validate zone data with dig: | | * Validate zone data with dig: |
| dig +dnssec +multiline -t ns codewiz.org. @1.1.1.1 | grep ad | | dig +dnssec +multiline -t ns codewiz.org. @1.1.1.1 | grep ad |
| + | ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 |
| | | |
| * Validate zone data against domain DNSKEY: | | * Validate zone data against domain DNSKEY: |
Line 141: |
Line 142: |
| | | |
| * Validate zone data against a domain's DS key: | | * Validate zone data against a domain's DS key: |
− | unbound-host -y 'codewiz.org. DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6' -v codewiz.org | + | unbound-host -f keys/dsset-sugarlabs.org. -v sugarlabs.org |
| + | sugarlabs.org has address 185.199.111.153 (secure) |
| + | sugarlabs.org has address 185.199.110.153 (secure) |
| + | sugarlabs.org has no IPv6 address (secure) |
| + | sugarlabs.org mail is handled by 10 mail0.codewiz.org. (secure) |
| + | sugarlabs.org mail is handled by 20 sunjammer.sugarlabs.org. (secure) |
| | | |
− | * Validate zone data against root DNSKEY: | + | * Validate zone data against the root DNSKEY: |
− | unbound-host -D -y '. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=' -v codewiz.org | + | unbound-host -D -v wiki.sugarlabs.org |
| + | wiki.sugarlabs.org is an alias for sunjammer.sugarlabs.org. (secure) |
| + | sunjammer.sugarlabs.org has address 209.51.188.53 (secure) |
| + | sunjammer.sugarlabs.org has IPv6 address 2001:470:142:7::11 (secure) |
| + | sunjammer.sugarlabs.org has no mail handler record (secure) |