date:20100413

Re: How to make one ZONE (subdomain) non-public?

2010-04-13 Thread Sten Carlsen

Hi

I get an answer, not a full answer but this:
~
dig michelle1.private.tamay-dogan.net

; <<>> DiG 9.4.3-P3 <<>> michelle1.private.tamay-dogan.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49950
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;michelle1.private.tamay-dogan.net. IN  A

;; ANSWER SECTION:
michelle1.private.tamay-dogan.net. 10800 IN CNAME tamay-dogan.homelinux.net.

;; AUTHORITY SECTION:
homelinux.net.  1759IN  SOA ns1.dyndns.org. 
hostmaster.dyndns.org.
2092191769 10800 1800 604800 1800

;; Query time: 1317 msec
;; SERVER: 172.17.24.36#53(172.17.24.36)
;; WHEN: Tue Apr 13 17:39:04 2010
;; MSG SIZE  rcvd: 148
~
This may or may not be what you want to give out.

Just for your info.



> Hello Matus UHLAR - fantomas,
>
> Am 2010-04-12 11:21:07, hacktest Du folgendes herunter:
>> On 12.04.10 10:24, Michelle Konzack wrote:
>> > Hello Matus UHLAR - fantomas,
>> >
>> > Am 2010-04-12 09:52:03, hacktest Du folgendes herunter:
>> > > allow-access in zone statement.
>>
>> sorry, I've meant allow-query.
>
> :-D
>
> I have already seen in the logfiles, that several peoples had  tried  to
> access the DNS and it was denied...
>
> [ '/var/log/named.log' ]
> Apr 12 11:01:04 dns named[4501]: 12-Apr-2010 11:01:04.433 security: info:
> client 74.125.76.78#33964: query 'michelle1.private.tamay-dogan.net/A/IN'
> denied
> Apr 12 11:01:04 dns named[4501]: 12-Apr-2010 11:01:04.482 security: info:
> client 74.125.76.78#3: query 'michelle1.private.tamay-dogan.net/A/IN'
> denied
> Apr 12 11:48:51 dns named[4501]: 12-Apr-2010 11:48:51.055 security: info:
> client 77.88.42.250#5335: query 'samba3.private.tamay-dogan.net/A/IN'
> denied
> Apr 12 12:00:05 dns named[4501]: 12-Apr-2010 12:00:05.432 security: info:
> client 220.181.12.2#45710: query 'michelle1.private.tamay-dogan.net/A/IN'
> denied
> Apr 12 12:00:05 dns named[4501]: 12-Apr-2010 12:00:05.707 security: info:
> client 220.181.12.2#39523: query 'michelle1.private.tamay-dogan.net/A/IN'
> denied
> Apr 12 12:01:26 dns named[4501]: 12-Apr-2010 12:01:26.201 security: info:
> client 217.147.177.250#22248: query 'private.tamay-dogan.net/A/IN' denied
> 
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
> Systemadministrator
>
> --
> # Debian GNU/Linux Consultant ##
>Development of Intranet and Embedded Systems with Debian GNU/Linux
>
> itsyst...@tdnet France   itsyst...@tdnet UG (haftungsbeschränkt)
> Gesch. Michelle Konzack  Gesch. Michelle Konzack
>
> Apt. 917 (homeoffice)
> 50, rue de Soultz   Kinzigstraße 17
> 67100 Strasbourg/France 77694 Kehl/Germany
> Tel: +33-6-61925193 mobil   Tel: +49-177-9351947 mobil
> Tel: +33-9-52705884 fix
>
>   
>  
>
> Jabber linux4miche...@jabber.ccc.de
> ICQ#328449886
>
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Question about message "your system is lacking dev/random (or equivalent)"

2010-04-13 Thread Khuu, Linh MicroTech

I just turned on the dnssec-validation today, and I saw lots of messages:

13-Apr-2010 15:17:17.122 dnssec: debug 3:   validating @202be918: 
3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): You 
must use the keyboard to create entropy, since your system is lacking
 /dev/random (or equivalent)

13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638: usps.gov 
DNSKEY: verify rdataset (keyid=10539): You must use the keyboard to create 
entropy, since your system is lacking
 /dev/random (or equivalent)

13-Apr-2010 15:26:37.385 dnssec: debug 3:   validating @202c0e28: usps.gov SOA: 
verify rdataset (keyid=43133): You must use the keyboard to create entropy, 
since your system is lacking
 /dev/random (or equivalent)

Is this a problem with dnssec on my DNS server?

Linh Khuu
Network Security Specialist
MicroTech ESS Contract
Office: 410-966-0798
Pager: 410-232-2350
Email: linh.k...@ssa.gov
 



PGP.sig
Description: PGP signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about message "your system is lacking dev/random (or equivalent)"

2010-04-13 Thread Warren Kumari



On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote:

I just turned on the dnssec-validation today, and I saw lots of  
messages:


13-Apr-2010 15:17:17.122 dnssec: debug 3:   validating @202be918:  
3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset  
(keyid=47948): You must use the keyboard to create entropy, since  
your system is lacking

/dev/random (or equivalent)

13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638:  
usps.gov DNSKEY: verify rdataset (keyid=10539): You must use the  
keyboard to create entropy, since your system is lacking

/dev/random (or equivalent)

13-Apr-2010 15:26:37.385 dnssec: debug 3:   validating @202c0e28:  
usps.gov SOA: verify rdataset (keyid=43133): You must use the  
keyboard to create entropy, since your system is lacking

/dev/random (or equivalent)

Is this a problem with dnssec on my DNS server?


Did you build BIND yourself? When BIND starts does it log anything  
like: "--with-randomdev="?
What operating system, etc? You haven't really provided very much  
useful information in your question...


DNSSEC needs entropy for signing -- it believes that your system does  
not provide a useful source of entropy (do you have a /dev/random?)  
and so it want you to add some. This is not a BIND problem, it is an  
OS (or more likely configuration issue).


W






Linh Khuu
Network Security Specialist
MicroTech ESS Contract
Office: 410-966-0798
Pager: 410-232-2350
Email: linh.k...@ssa.gov


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


--
If the bad guys have copies of your MD5 passwords, then you have way  
bigger problems than the bad guys having copies of your MD5 passwords.

-- Richard A Steenbergen


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Question about message "your system is lacking dev/random (or equivalent)"

2010-04-13 Thread Jack Tavares

Perhaps you have configured it to run in a chroot jail and have not
fully outfitted the chroot with /dev/random

this is old, but looks to be accurate, at least when talking about the
/dev/random file on linux. You didn't even specify what OS you are running on:

http://tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html


-Original Message-
From: bind-users-bounces+j.tavares=f5@lists.isc.org 
[mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Warren 
Kumari
Sent: Tuesday, April 13, 2010 12:43 PM
To: Khuu, Linh MicroTech
Cc: 'bind-users@lists.isc.org'
Subject: Re: Question about message "your system is lacking dev/random (or 
equivalent)"


On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote:

> I just turned on the dnssec-validation today, and I saw lots of  
> messages:
>
> 13-Apr-2010 15:17:17.122 dnssec: debug 3:   validating @202be918:  
> 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset  
> (keyid=47948): You must use the keyboard to create entropy, since  
> your system is lacking
> /dev/random (or equivalent)
>
> 13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638:  
> usps.gov DNSKEY: verify rdataset (keyid=10539): You must use the  
> keyboard to create entropy, since your system is lacking
> /dev/random (or equivalent)
>
> 13-Apr-2010 15:26:37.385 dnssec: debug 3:   validating @202c0e28:  
> usps.gov SOA: verify rdataset (keyid=43133): You must use the  
> keyboard to create entropy, since your system is lacking
> /dev/random (or equivalent)
>
> Is this a problem with dnssec on my DNS server?

Did you build BIND yourself? When BIND starts does it log anything  
like: "--with-randomdev="?
What operating system, etc? You haven't really provided very much  
useful information in your question...

DNSSEC needs entropy for signing -- it believes that your system does  
not provide a useful source of entropy (do you have a /dev/random?)  
and so it want you to add some. This is not a BIND problem, it is an  
OS (or more likely configuration issue).

W




>
> Linh Khuu
> Network Security Specialist
> MicroTech ESS Contract
> Office: 410-966-0798
> Pager: 410-232-2350
> Email: linh.k...@ssa.gov
>
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

--
If the bad guys have copies of your MD5 passwords, then you have way  
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

rdns for /20

2010-04-13 Thread Jason Davis

Hello,
 Is their an easy way to rdns a /20. I can only find examples for a /24

Thanks,
Jason
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rdns for /20

2010-04-13 Thread Doug Barton

On 4/13/2010 6:42 PM, Jason Davis wrote:
> Hello,
>  Is their an easy way to rdns a /20. I can only find examples for a /24

You need to create individual zones for each /24.

-- 

... and that's just a little bit of history repeating.
-- Propellerheads

Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about message "your system is lacking dev/random (or equivalent)"

2010-04-13 Thread Joseph S D Yao

On Tue, Apr 13, 2010 at 03:28:51PM -0400, Khuu, Linh   MicroTech wrote:
> I just turned on the dnssec-validation today, and I saw lots of messages:
> 
> 13-Apr-2010 15:17:17.122 dnssec: debug 3:   validating @202be918: 
> 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): 
> You must use the keyboard to create entropy, since your system is lacking
>  /dev/random (or equivalent)
...


Pseudo-random numbers (PRNs) are used a lot in generating crypto keys,
such as those used in DNSSEC.  I don't know exactly what needs them here
- it may also be generating random stuff to be encrypted.  The OpenSSL
package creates keys using PRNs seeded with "entropy".  Under BSD and
Linux systems, this comes from /dev/random and/or /dev/urandom.  On
older versions of Solaris, e.g., these pseudo-devices don't exist, and
you need something like the Entropy Gathering Daemon
 to create enough entropy for PRNs to be
generated.  The device name for the EGD must be compiled into the
software; otherwise, every time it needs entropy, it will ask you to
pound randomly on the keyboard until it thinks it has enough entropy.

http://en.wikipedia.org/wiki/Entropy_%28computing%29

I hope that this helps!


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to make one ZONE (subdomain) non-public?

Question about message "your system is lacking dev/random (or equivalent)"

Re: Question about message "your system is lacking dev/random (or equivalent)"

RE: Question about message "your system is lacking dev/random (or equivalent)"

rdns for /20

Re: rdns for /20

Re: Question about message "your system is lacking dev/random (or equivalent)"

7 matches

Site Navigation

Mail list logo

Footer information