HOW TO: a new way for managing the DNS zone files
- From: Andrea Veri <av gnome org>
- To: GNOME Infrastructure <gnome-infrastructure gnome org>
- Subject: HOW TO: a new way for managing the DNS zone files
- Date: Mon, 11 Nov 2013 17:39:47 +0100
Hi Sysadmins,
we recently introduced DNSSEC on
gnome.org's tree (we'll be slowly moving all the other important domains like
guadec.org to it) and we've just updated the guidelines to properly manage the DNS zone file.
I made a wiki page for this which is available at [1], please follow all the instructions carefully and eventually ask if unsure about something.
As a side note I did start introducing the SSHFP DNS field to properly check if a specific host SSH fingerprint is the one you should be connecting to and not the wrong one in case of a MITM attack.
An example:
;; ANSWER SECTION:
git.gnome.org.
900
IN
SSHFP
1 1 7CCC918309F2724D444E7FBE3E19901AF6F56BA9
The above is what it's stored on our DNS server, checking if my known_hosts file has the right value can be done this way:
ssh -oVerifyHostKeyDNS=yes -v
git.gnome.org (or {master, webapps2}.
gnome.org)
The result should be something like:
debug1: Server host key: RSA 00:39:fd:1a:a4:2c:6b:28:b8:2e:95:31:c2:90:72:03
debug1: matching host key fingerprint found in DNS
There are also a few news about
emergency gnome org and the Pagerduty setup we just finalized on Nagios / Request Tracker. Patrick will mail the list later today with more details about that given he personally set it up.
Have an awesome day!
Cheers,
Andrea
Debian Developer,
Fedora / EPEL packager,
GNOME Sysadmin,
GNOME Foundation Membership & Elections Committee Chairman
Homepage:
http://www.gnome.org/~av
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
