rss.png profile for ebal on Stack Exchange, a network of free, community-driven Q&A sites
Jun
04
2017
DNS Certification Authority Authorization

CAA

Reading RFC 6844 you will find the definition of “DNS Certification Authority Authorization (CAA) Resource Record”.

You can read everything here: RFC 6844

So, what is CAA anyhow?

Certificate Authority

In a nutshell you are declaring which your Certificate Authority is for your domain.

It’s another way to verify that the certificate your site is announcing is in fact signed by the issuer that the certificate is showing.

So let’s see what my certificate is showing:

balaskas_letsencrypt.jpg

DNS

Now, let’s find out what my DNS is telling us:

# dig caa balaskas.gr 

;; ANSWER SECTION:
balaskas.gr.        5938    IN  CAA 1 issue "letsencrypt.org"

Testing

You can also use the Qualys ssl server test:

https://www.ssllabs.com/ssltest/

balaskas_qualys.jpg

Tag(s): dns, CAA, letsencrypt
Nov
15
2015
dns opennic dnscrypt

A few days ago, I gave a presentation on fosscomm 2015 about DNS, OpenNic Project and DNScrypt

So without further ado, here it is: dns_opennic_dnscrypt.pdf

Oct
29
2013
DNS intro workshops

Στο HSGR έχουμε ξεκινήσει μια σειρά “μαθημάτων/συζητήσεων” γύρω από το DNS. Αυτά γίνονται κάθε Παρασκευή στις 18.00. Το 3ο κατά σειρά θα γίνει αυτή την παρασκευή 01.11.2013 κι εδώ θα βρείτε την σελίδα του event:

DNS intro workshop 103

Tag(s): hackerspace, dns
Oct
03
2012
vim wrapper for dns zone files

This blog post is based on Sotiris Tsimbonis’s work.

You should always checkzone the dns zone file you have just edited.

But you can also automate this, with a vim wrapper.

small changes @ Thu, 04 Oct 2012 14:03:15 +0300


#!/bin/sh
# ebal, Thu, 04 Oct 2012 14:03:15 +0300

/usr/sbin/named-checkconf 
RES=$?

if [ ${RES} -gt 0 ]; then
    echo ""
    echo "Fix the above errors before editing your zone file"
    echo ""
    exit ${RES}
fi

ZONE=$1
PREFIX="/var/named/"
CHECKSUM=`/usr/bin/sha1sum ${PREFIX}/${ZONE}`

/usr/bin/vim ${PREFIX}/${ZONE}

echo ""
echo "Checking ${ZONE} for errors..."
echo ""

/usr/sbin/named-checkzone -i local ${ZONE} ${PREFIX}/${ZONE}
RES=$?

if [ ${RES} -gt 0 ]; then
         echo ""
        echo "You need to fix the errors and try again."
        echo ""
        exit ${RES}
fi

SHA1SUM=`/usr/bin/sha1sum ${PREFIX}/${ZONE}`
if [[ "$CHECKSUM" != "$SHA1SUM" ]]; then
    echo "reloading zone ..."
    /usr/sbin/rndc reload  ${ZONE} 
fi

Tag(s): vim, wrapper, dns