Re: Questions on how to setup Reverse DNS in bind 9

2016-07-17 Thread John W. Blue 
Ken,

You typically will not be delegated reverse DNS.  Honestly, I would contact 
godaddy support directly and see if they can adjust it for you.  As in, not on 
your server directly but either tell you how to do it in a control panel on 
your side of the fence or they just do it from their side.

Best regards,

John

Sent from Nine

From: Spork Schivago 
Sent: Jul 17, 2016 9:24 PM
To: bind-users@lists.isc.org
Subject: Questions on how to setup Reverse DNS in bind 9

Hello,

I'm new to operating a website and I'm leasing a virtual private server (VPS) 
from GoDaddy.   I'm paying for cPanel / WHM as well.   It's running CentOS 6.8 
Final.  I'd like to setup reverse DNS but I'm having trouble.   I'm not 100% 
sure how to do it.   I have my hostname, 
franklin.jetbbs.com   and there's two IP addresses 
assigned to that hostname, 104.238.117.105 and 132.148.11.44.   I was trying to 
setup a round robin kinda thing but I don't think I set it up correctly.

Anyway, I have ns1.jetbbs.com which has the IP of 
104.238.117.105   and then I have ns2.jetbbs.com that 
has the IP address of 132.148.11.44.   I wanted to know if someone could look 
over what I have so far and let me know if it's correct and how I should 
proceed.

So, in the /var/named directory, I create a file called: 
0.117.238.104.in-addr.arpa

The contents of 0.117.238.104.in-addr.arpa are as follows:
$TTL 1D
@   IN SOA  ns1.jetbbs.com. 
spork.jetbbs.com. (
2016071705  ; serial
1D  ; refresh
1H  ; retry
1W  ; expire
3H ); minimum

0.117.238.104.in-addr.arpa.IN  NS  
ns1.jetbbs.com.
0.11.148.132.in-addr.arpa. IN  NS  
ns2.jetbbs.com.

104 IN  PTR franklin.jetbbs.com.
44  IN  PTR franklin.jetbbs.com.


Does that look correct?   If not, how should I change it?   If so, what's the 
next step?   Thank you for your help!

Sincerely,
Ken
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Questions on how to setup Reverse DNS in bind 9

2016-07-17 Thread Spork Schivago 
Hello,

I'm new to operating a website and I'm leasing a virtual private server
(VPS) from GoDaddy.   I'm paying for cPanel / WHM as well.   It's running
CentOS 6.8 Final.  I'd like to setup reverse DNS but I'm having trouble.
I'm not 100% sure how to do it.   I have my hostname, franklin.jetbbs.com
and there's two IP addresses assigned to that hostname, 104.238.117.105
and 132.148.11.44.   I was trying to setup a round robin kinda thing but I
don't think I set it up correctly.

Anyway, I have ns1.jetbbs.com which has the IP of 104.238.117.105   and
then I have ns2.jetbbs.com that has the IP address of 132.148.11.44.   I
wanted to know if someone could look over what I have so far and let me
know if it's correct and how I should proceed.

So, in the /var/named directory, I create a file
called: 0.117.238.104.in-addr.arpa

The contents of 0.117.238.104.in-addr.arpa are as follows:
$TTL 1D
@   IN SOA  ns1.jetbbs.com. spork.jetbbs.com. (
2016071705  ; serial
1D  ; refresh
1H  ; retry
1W  ; expire
3H ); minimum

0.117.238.104.in-addr.arpa.IN  NS  ns1.jetbbs.com.
0.11.148.132.in-addr.arpa. IN  NS  ns2.jetbbs.com.

104 IN  PTR franklin.jetbbs.com.
44  IN  PTR franklin.jetbbs.com.


Does that look correct?   If not, how should I change it?   If so, what's
the next step?   Thank you for your help!

Sincerely,
Ken
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SOA record not signed with new key at key-rollover

2016-07-17 Thread Nis Wechselberg 
Hi,

you are right, I got confused there.
Am I getting it right that the rest of the zone is not (re)signed
because the current signature is still valid for some time?

So if I were to set sig-validity-interval to a shorter value, this would
help with the issue?
Sadly it seems to be a value in days, so it is not that easy to test.
I will try setting the interval to 1 day with 23 hours preview signing.

Thanks.

Am 17.07.2016 um 06:06 schrieb Mark Andrews:
> In message <5788c969.6070...@enbewe.de>, Nis Wechselberg writes:
>> Hi,
>>
>> I am curently testing a dnssec setup with the new dnssec-keymgr tool. I
>> created a test zone with very fast key rollover setings and very short
>> TTLs. (Configs below)
>>
>> The automated creation of keys seems to work fine but bind behaves other
>> than I would have expected.
>>
>> - Initial deployment looks fine with the current ZSK published and in use.
>> (http://dnsviz.net/d/testmichhartundwild.de/V4ep6A/dnssec/)
> 
> ZSK = 36141
>  
>> - At prepublication time the next key is published but not yet used (as
>> expected.
>> (http://dnsviz.net/d/testmichhartundwild.de/V4fV_A/dnssec/)
> 
> New ZSK is 10173
> 
>> - After rollover time the new key is used to sign the zone EXCEPT the
>> SOA record. This one is still signed by the old key.
>> (http://dnsviz.net/d/testmichhartundwild.de/V4fyNQ/dnssec/)
> 
> No.  The new ZSK signs the SOA record.  The old signatures still exist
> on the other records as the only RRset that changes is the SOA.
>  
>> - When post-publication of the old key expires it is removed and the new
>> key is used for all records.
>> (http://dnsviz.net/d/testmichhartundwild.de/V4gSGg/dnssec/)
>>
>>
>> I am confused becaus of the special treatment of the SOA record. I would
>> expect a complete switch to the new key. At the moment, cached responses
>> of the SOA record could not be verified in the timeframe between
>> deletion of the old key and the next TTL.
>>
>> Am I missing something?
>>
>> Regards,
>> Nis
>>
>> 
>>
>>
>> dnssec-keymgr policy:
>>
>> zone testmichhartundwild.de {
>>   algorithm RSASHA256;
>>   directory "/etc/bind/zones/keys";
>>   coverage 2d;
>>   keyttl 600;
>>   roll-period zsk 8h;
>>   post-publish zsk 2h;
>>   pre-publish zsk 2h;
>> };
>>
>>
>> bind zone config:
>>
>> zone "testmichhartundwild.de" IN {
>>   type master;
>>
>>   file "de/testmichhartundwild.de/zone.db";
>>
>>   // Allow zone transfers to trusted servers
>>   allow-transfer {
>> myServers;
>> localhost;
>>   };
>>
>>   // Allow updates with shared key
>>   update-policy {
>> grant morpheus-trinity. zonesub any;
>>   };
>>   serial-update-method unixtime;
>>
>>   // Activate dnssec for this domain
>>   key-directory "keys";
>>   auto-dnssec maintain;
>> };
>>
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>  from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users