DOCSLIB.ORG

Reference Manual Version 2.4.2 Contents

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Reference Manual Version 2.4.2 Contents Reference manual version 2.4.2 Contents 1 Introduction 7 1.1 Domain Name System................................... 8 1.1.1 Zones ........................................ 8 1.1.2 Authoritative name servers ............................ 9 2 Resource Requirements 11 2.1 Hardware .......................................... 11 2.1.1 CPU......................................... 11 2.1.2 Memory....................................... 11 2.2 Supported Operating Systems............................... 11 3 Installation 13 3.1 Server ............................................ 13 3.2 Client ............................................ 13 3.3 Libraries........................................... 14 3.4 From Sources........................................ 14 3.4.1 Configure Options ................................. 14 3.4.2 Server installation ................................. 16 3.5 From Packages ....................................... 17 3.5.1 RHEL/CentOS/Fedora .............................. 17 3.5.2 Debian........................................ 18 3.5.3 Ubuntu ....................................... 18 3.5.4 Arch Linux ..................................... 19 3.5.5 Gentoo ....................................... 20 3.5.6 FreeBSD....................................... 20 3.5.7 OpenBSD...................................... 20 3.5.8 Solaris........................................ 20 3.5.9 macOS ....................................... 21 4 Server Configuration 22 4.1 An authoritative name server............................... 24 4.1.1 Primary name server................................ 24 4.1.2 Secondary name server............................... 24 4.2 Signals............................................ 25 5 Server Technical 26 5.1 Zone file reader....................................... 26 5.1.1 Known types .................................... 27 6 Client 28 6.1 YADIFA........................................... 28 6.1.1 Control commands................................. 30 7 Key Roll 41 7.1 Introduction......................................... 41 7.2 Configuration........................................ 42 7.3 Generate time format ................................... 44 7.3.1 Command line ................................... 45 7.3.2 Primary name server side setup.......................... 45 7.3.3 yakeyrolld first sequence.............................. 46 7.3.4 yakeyrolld runtime usage ............................. 46 7.3.5 Extend the time covered by the steps ...................... 47 8 Domain Name System Security Extensions (DNSSEC) 50 8.1 Introduction......................................... 50 8.2 DNSSEC overview ..................................... 50 8.3 Types of key pairs ..................................... 52 8.4 Algorithms ......................................... 52 9 DNSSEC Policies 53 9.1 Introduction......................................... 53 9.2 What is needed for DNSSEC?............................... 53 9.2.1 Keys for signing .................................. 53 9.2.2 Signed zone..................................... 55 9.2.3 Delegated zone................................... 56 9.3 What is needed for yadifa? ................................ 56 9.3.1 Zone......................................... 57 9.3.2 DNSSEC-Policy .................................. 57 9.3.3 Denial........................................ 58 9.3.4 Key Suite...................................... 60 9.3.5 Key Template.................................... 61 9.3.6 Key-roll....................................... 62 10 DNS Name Server Identifier (NSID) 65 10.1 Introduction......................................... 65 10.2 NSID payload........................................ 65 11 DNS Response Rate Limiting (RRL) 67 11.1 Introduction......................................... 67 11.2 What is it? ......................................... 67 11.3 The problem ........................................ 67 11.4 A solution.......................................... 68 12 Resource Record Signature[51](RRSIG) Update Allowed 69 12.1 Introduction......................................... 69 12.2 The problem ........................................ 69 12.3 A solution.......................................... 69 13 Multi Primary Name Server 71 13.1 Introduction......................................... 71 13.1.1 Design........................................ 71 13.2 What is needed? ...................................... 78 13.2.1 Zone......................................... 78 14 Configuration Reference 79 14.1 Layout............................................ 79 14.2 Types ............................................ 81 14.3 Sections........................................... 82 14.3.1 <main> section .................................. 82 14.3.2 <zone> sections .................................. 87 14.3.3 <key> sections................................... 90 14.3.4 <acl> section.................................... 91 14.3.5 <channels> section ................................ 92 14.3.6 <loggers> section ................................. 95 14.3.7 <nsid> section................................... 98 14.3.8 <rrl> section.................................... 99 14.3.9 <dnssec-policy> section..............................100 14.3.10 <key-suite> section ................................101 14.3.11 <key-roll> section.................................101 14.3.12 <key-template> section ..............................102 14.3.13 <denial> section..................................103 15 Zones 105 15.1 Macros............................................105 15.1.1 @ ..........................................106 15.1.2 $INCLUDE.....................................106 15.1.3 $ORIGIN......................................107 15.1.4 $TTL ........................................108 15.2 Classes............................................108 15.3 Resource record types ...................................109 16 Journal 112 17 Statistics 114 18 Configuration Examples 117 18.1 Introduction.........................................117 18.2 YADIFA as a primary name server............................118 18.2.1 The One That is Really Easy...........................118 18.2.2 The One With Activation of Logging.......................119 18.2.3 The One With NSID................................121 18.2.4 The One With RRL ................................122 18.2.5 The One With DNSSEC Policy ‘diary’ style...................124 18.2.6 The One With DNSSEC Policy ‘relative’ style . 126 18.2.7 The One With RRSIG Update Allowed .....................128 18.2.8 The One With the Controller...........................130 18.3 YADIFA as a secondary name server...........................132 18.3.1 The One With One Primary ...........................132 18.3.2 The One With Several Primaries.........................133 18.3.3 The One With Activation of Logging.......................134 18.3.4 The One With NSID................................136 18.3.5 The One With RRL ................................137 19 Troubleshooting 139 19.1 Submitting a bug report..................................139 19.2 Stacktrace..........................................142 19.2.1 Using a core dump.................................143 19.2.2 Running yadifad in the debugger.........................144 19.3 Building yadifad with even more debugging information . 145 Bibliography 146 Index 150 List of Figures 1.1 DNS hierarchy........................................ 9 18.1 Primary name server (simple configuration) .......................118 18.2 Primary name server with logging.............................119 18.3 Primary name server with NSID..............................121 18.4 Primary name server with RRL ..............................122 18.5 Primary name server (DNSSEC policy ‘diary’ style)...................124 18.6 Primary name server (DNSSEC policy ‘relative’ style)..................126 18.7 Primary name server (RRSIG Update Allowed) .....................128 18.8 Primary name server with controller............................130 18.9 Secondary name server (one primary)...........................132 18.10 Secondary name server (several primaries) ........................133 18.11 Secondary name server with logging............................134 18.12 Secondary name server with NSID.............................136 18.13 Secondary name server with RRL.............................137 1 Introduction “Yet Another DNS Implementation For All” (YADIFA) is a name server implementation developed by EURid vzw/absl (EURid), the registry for the .eu top-level domain name. EURid devel- oped YADIFA to increase the robustness of the .eu name server infrastructure by adding a stable alternative to the other name server implementations in use. In a nutshell, YADIFA: is an authoritative name server, in both a primary and secondary Domain Name System[44] (DNS) server configuration is Request for Comments (RFC) compliant is portable across multiple Operating Systems including GNU Operating System (GNU/Linux), Berkeley Software Distribution (BSD) and Apple’s Operating System (macOS) is written from scratch in C. It is a clean implementation, which uses the Open Secure Socket Layer (OpenSSL) or Libre Secure Socket Layer (LibreSSL) library. supports EDNS0 [57](EDNS0 ) supports Domain Name System Security Extensions[50](DNSSEC) with NSEC[51](NSEC) and NSEC3 [11](NSEC3 ) has full and incremental zone transfer handling (DNS Zone Transfer Protocol[20](AXFR) and Incremental Zone Transfer[45](IXFR)). DNSSEC signing service The YADIFA software package consists of: yadifad a daemon which
Load more

Recommended publications
  • Reference Manual Version 2.3.9 Contents
    Reference manual version 2.3.9 Contents 1 Introduction 9 1.1 Domain Name System................................... 10 1.1.1 Zones ........................................ 10 1.1.2 Authoritative name servers ............................ 11 2 Resource Requirements 13 2.1 Hardware .......................................... 13 2.1.1 CPU......................................... 13 2.1.2 Memory....................................... 13 2.2 Supported Operating Systems............................... 13 3 Installation 15 3.1 Server ............................................ 15 3.2 Client ............................................ 15 3.3 Libraries........................................... 15 3.4 From Sources........................................ 16 3.4.1 Configure Options ................................. 16 3.4.2 Server installation ................................. 18 002 3.5 From Packages ....................................... 19 3.5.1 RHEL/CentOS/Fedora .............................. 19 3.5.2 Debian........................................ 20 3.5.3 Ubuntu ....................................... 21 3.5.4 Arch Linux ..................................... 22 3.5.5 Gentoo ....................................... 23 3.5.6 FreeBSD....................................... 23 3.5.7 OpenBSD...................................... 23 3.5.8 Solaris........................................ 23 3.5.9 Mac OS X...................................... 24 4 Server Configuration 25 4.1 An authoritative name server............................... 27 4.1.1 Primary name
    [Show full text]
  • SINGAPORE – Tech Day UNIDENTIFIED
    SINGAPORE – Tech Day EN SINGAPORE – Tech Day Monday, March 24th 2014 – 10:30 to 17:00 ICANN – Singapore, Singapore UNIDENTIFIED: …are you seeing? Okay. This is Singapore 49, room Olivia, date March 24, 2014, time 10:30 Start ccNSO tech day. [OPEN MIC] EBERHARD LISSE: All right then. Good morning. Can everybody in the back sit down so I don’t have to call you by name? Okay. Welcome to the 23rd Tech Day. We are not calling it ccNSO Tech Day anymore. We are, as you all know, are trying to widen the audience, so current events apparently have overtaken us, and we scheduled a second meeting about the NTIA invitation for proposals, but to our meeting, but let’s see whether this improves in the afternoon. This time we have got quite a packed agenda. I actually had to ask Christina to get us some more time because we were so fully booked that I didn’t want to cut the lunch time off. So we had to start half an hour early, and as usual, I must shout at everybody who is here for the other one, so I’m not here being late on things like this. In the beginning, we do three things about measurements. The ATLAS project will be demonstrated by Jaap. Edward Cocker from the University of Auckland, I think, in New Zealand, has got Note: The following is the output resulting from transcribing an audio file into a word/text document. Although the transcription is largely accurate, in some cases may be incomplete or inaccurate due to inaudible passages and grammatical corrections.
    [Show full text]
  • Reference Manual Version 2.1.0 Contents
    Reference manual version 2.1.0 Contents 1 Introduction 7 1.1 Domain Name System...................................8 1.1.1 Zones........................................8 1.1.2 Authoritative name servers............................9 2 Resource Requirements 11 2.1 Hardware.......................................... 11 2.1.1 CPU......................................... 11 2.1.2 Memory....................................... 11 2.2 Supported Operating Systems............................... 11 3 Installation 13 3.1 Server............................................ 13 3.2 Client............................................ 13 3.3 Libraries........................................... 13 3.4 From Sources........................................ 14 3.4.1 Configure Options................................. 14 3.4.2 Server installation................................. 16 002 3.5 From Packages....................................... 17 3.5.1 RHEL/CentOS/Fedora.............................. 17 3.5.2 Debian........................................ 18 3.5.3 Ubuntu....................................... 18 3.5.4 Arch Linux..................................... 19 3.5.5 Gentoo....................................... 20 3.5.6 FreeBSD....................................... 20 3.5.7 OpenBSD...................................... 20 3.5.8 Solaris........................................ 21 3.5.9 Mac OS X...................................... 21 4 Server Configuration 22 4.1 An authoritative name server............................... 23 4.1.1 Primary name server...............................
    [Show full text]
  • Vulnerability Summary for the Week of September 18, 2017
    Vulnerability Summary for the Week of September 18, 2017 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 High Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017-10813 CG-WLR300NM Firmware version MISC(link is 1.90 and earlier allows an attacker to external) corega -- execute arbitrary OS commands via 2017-09- JVN(link is wlr_300_nm_firmware unspecified vectors. 15 7.7 external) Buffer overflow in CG-WLR300NM CVE-2017-10814 Firmware version 1.90 and earlier MISC(link is allows an attacker to execute external) corega -- arbitrary code via unspecified 2017-09- JVN(link is wlr_300_nm_firmware vectors. 15 7.7 external) Untrusted search path vulnerability in "i-filter 6.0 install program" file CVE-2017-10858 version 1.0.8.1 and earlier allows an MISC(link is attacker to gain privileges via a external) Trojan horse DLL in an unspecified 2017-09- JVN(link is daj -- i-filter_installer directory. 15 9.3 external) Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of CVE-2017-10859 code signing is before 23 Aug 2017 MISC(link is (JST) allows an attacker to gain external) privileges via a Trojan horse DLL in 2017-09- JVN(link is daj -- i-filter_installer an unspecified directory.
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2017-OCT-12 FSL version 7.5.966 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 145976 - SuSE SLES 11 SP4 SUSE-SU-2017:2694-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2017-1000112, CVE-2017-1000251, CVE-2017-10661, CVE-2017-12762, CVE-2017-14051, CVE-2017- 14140, CVE-2017-14340, CVE-2017-8831 Description The scan detected that the host is missing the following update: SUSE-SU-2017:2694-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-October/003284.html SuSE SLES 11 SP4 x86_64 kernel-rt_trace-base-3.0.101.rt130-69.8.1 kernel-rt_trace-devel-3.0.101.rt130-69.8.1 kernel-rt-devel-3.0.101.rt130-69.8.1 kernel-rt-base-3.0.101.rt130-69.8.1 kernel-rt-3.0.101.rt130-69.8.1 kernel-source-rt-3.0.101.rt130-69.8.1 kernel-rt_trace-3.0.101.rt130-69.8.1 kernel-syms-rt-3.0.101.rt130-69.8.1 163473 - Oracle Enterprise Linux ELSA-2017-2801 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-1000253, CVE-2017-7895 Description The scan detected that the host is missing the following update: ELSA-2017-2801 Observation Updates often remediate critical security problems that should be quickly addressed.
    [Show full text]
  • Sudo Solaris Download
    Sudo solaris download Solaris 9, · , beefdbbbf6b3db2dd9eded4d4aadac1. Install sudo on Solaris 10 and pkgadd -d -U /opt/csw/bin/pkgutil -y -i sudo /usr/sbin/pkgchk -L CSWsudo # list files Get Started Download packages. How to install and configure sudo in solaris 10 (SPARC and x86/x64) the platform as “Oracle Solaris on SPARC” or “Oracle Solaris on x86” and download the. SUDO packages has to be downloaded and installed manually in Solaris 10 as it is NOT available on the Solaris 10 OS installation media. aget | Aget is a multithreaded HTTP download accelerator .. ifstatus – | Ifstatus is designed to detect Solaris 8 hme and qfe interfaces that have been .. sudo p2 | Sudo (superuser do) allows a system administrator to give certain. Friends I need to install SUDO on solaris sparc server. For that I tried to download the package from But I cant. Now. To configure sudo on Oracle Solaris 11, edit the /etc/sudoers configuration file. Download the file with sudo packages for Oracle Solaris 10 x86 and SPARC. Package List SPARC/Solaris 10 aget – Aget is a multithreaded HTTP download accelerator aide – AIDE (Advanced Intrusion Detection Environment) is a free. HOW TO CONFIGURE SUDO IN SOLARIS. DOWNLOAD THE REQUIRED PACKAGES. Go to the Sun Freeware website to download the following packages for. After typing the command sudo followed by the command that you want All other libraries you need can be downloaded from Unix Packages. Solaris 7 and 8 information covers 32bit, 64bit and x Bulk installation Statistical information about downloads. sudop4, SPARC. Hi, I'm looking for the sites where i can download sudo to be installed on Solaris 9 (sparc).
    [Show full text]