1,764
edits
Changes
Jump to navigation
Jump to search
Line 53:
Line 53: − + − In order to make changes, you will also need the private keys for your domain. For security reasons, these+ Line 133:
Line 133: + Line 141:
Line 142: − + + + + + + − + − + + + + +
→CLI tools
git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
'''IMPORTANT:''' Do not checkout the repository as root. Your user on [[Machine/lightwave]] needs to be in group hostmaster.
'''NOTE:''' Your user on [[Machine/lightwave]] needs to be in group hostmaster. Do not clone the repo on lightwave, clone it to your local host.
To push changes, you will also need the DNSSEC private keys for your domain. For security reasons, these
are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/
are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/
directory alongside the public keys.
directory alongside the public keys.
* Validate zone data with dig:
* Validate zone data with dig:
dig +dnssec +multiline -t ns codewiz.org. @1.1.1.1 | grep ad
dig +dnssec +multiline -t ns codewiz.org. @1.1.1.1 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
* Validate zone data against domain DNSKEY:
* Validate zone data against domain DNSKEY:
* Validate zone data against a domain's DS key:
* Validate zone data against a domain's DS key:
unbound-host -y 'codewiz.org. DS 53631 13 2 C31F7790197F0DC5CE7726F731FA55A9189289540749A68A937BFD09 797D72E6' -v codewiz.org
unbound-host -f keys/dsset-sugarlabs.org. -v sugarlabs.org
sugarlabs.org has address 185.199.111.153 (secure)
sugarlabs.org has address 185.199.110.153 (secure)
sugarlabs.org has no IPv6 address (secure)
sugarlabs.org mail is handled by 10 mail0.codewiz.org. (secure)
sugarlabs.org mail is handled by 20 sunjammer.sugarlabs.org. (secure)
* Validate zone data against root DNSKEY:
* Validate zone data against the root DNSKEY:
unbound-host -D -y '. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=' -v codewiz.org
unbound-host -D -v wiki.sugarlabs.org
wiki.sugarlabs.org is an alias for sunjammer.sugarlabs.org. (secure)
sunjammer.sugarlabs.org has address 209.51.188.53 (secure)
sunjammer.sugarlabs.org has IPv6 address 2001:470:142:7::11 (secure)
sunjammer.sugarlabs.org has no mail handler record (secure)