oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

a good fuckin update

Browse source
This commit is contained in:
nihilist 2024-08-12 23:22:38 +02:00
parent 7b3f8ea7ed
commit 1f6ed2fa82
80 changed files with 534 additions and 534 deletions
Download patch file Download diff file Expand all files Collapse all files

128
servers/dns/index.html
View file

@ -46,7 +46,7 @@
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
@ -817,69 +817,69 @@ options {
<p>Then generate the DNS keys for your domain:</p>
<pre><code class="nim">
root@mail-gw:~# cd /var/cache/bind
root@mail-gw:/var/cache/bind# dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE nihilism.network
root@mail-gw:/var/cache/bind# dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE nowhere.moe
Generating key pair...................+++++ ..................................................................................................................+++++
Knihilism.network.+007+54398
root@mail-gw:/var/cache/bind# dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE nihilism.network
Knowhere.moe.+007+54398
root@mail-gw:/var/cache/bind# dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE nowhere.moe
Generating key pair........................................................................++++ .....................++++
Knihilism.network.+007+44145
Knowhere.moe.+007+44145
</code></pre>
<p>then create the zone file:</p>
<pre><code class="nim">
root@mail-gw:/var/cache/bind# for key in `ls Knihilism.network*.key`; do echo "\$INCLUDE $key">> nihilism.network.zone; done
root@mail-gw:/var/cache/bind# cat nihilism.network.zone
$INCLUDE Knihilism.network.+007+44145.key
$INCLUDE Knihilism.network.+007+54398.key
root@mail-gw:/var/cache/bind# for key in `ls Knowhere.moe*.key`; do echo "\$INCLUDE $key">> nowhere.moe.zone; done
root@mail-gw:/var/cache/bind# cat nowhere.moe.zone
$INCLUDE Knowhere.moe.+007+44145.key
$INCLUDE Knowhere.moe.+007+54398.key
</code></pre>
<p>Then sign the zone with the dnssec-signzone command:</p>
<pre><code class="nim">
root@mail-gw:/var/cache/bind# for key in `ls Knihilism.network*.key`; do echo "\$INCLUDE $key">> nihilism.network.zone; done
root@mail-gw:/var/cache/bind# cat nihilism.network.zone
$INCLUDE Knihilism.network.+007+44145.key
$INCLUDE Knihilism.network.+007+54398.key
root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t nihilism.network.zone
<!--root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t nihilism.network.zone-->
root@mail-gw:/var/cache/bind# for key in `ls Knowhere.moe*.key`; do echo "\$INCLUDE $key">> nowhere.moe.zone; done
root@mail-gw:/var/cache/bind# cat nowhere.moe.zone
$INCLUDE Knowhere.moe.+007+44145.key
$INCLUDE Knowhere.moe.+007+54398.key
root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t nowhere.moe.zone
<!--root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t nowhere.moe.zone-->
dnssec-signzone: warning: Knihilism.network.+007+44145.key:5: no TTL specified; zone rejected
dnssec-signzone: fatal: failed loading zone from 'nihilism.network.zone': no ttl
dnssec-signzone: warning: Knowhere.moe.+007+44145.key:5: no TTL specified; zone rejected
dnssec-signzone: fatal: failed loading zone from 'nowhere.moe.zone': no ttl
</code></pre>
<p>if you get the no ttl error like me, regen the keys with the TTL thanks to the -L flag:</p>
<pre><code class="nim">
root@mail-gw:/var/cache/bind# dnssec-keygen -L 3600 -a NSEC3RSASHA1 -b 2048 -n ZONE nihilism.network
root@mail-gw:/var/cache/bind# dnssec-keygen -L 3600 -a NSEC3RSASHA1 -b 2048 -n ZONE nowhere.moe
Generating key pair.........................................+++++ .......+++++
Knihilism.network.+007+35034
Knowhere.moe.+007+35034
root@mail-gw:/var/cache/bind# dnssec-keygen -L 3600 -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE nihilism.network
root@mail-gw:/var/cache/bind# dnssec-keygen -L 3600 -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE nowhere.moe
Generating key pair......++++ ..................................................................................................................................................................++++
Knihilism.network.+007+23388
Knowhere.moe.+007+23388
root@mail-gw:/var/cache/bind# for key in `ls Knihilism.network*.key`; do echo "\$INCLUDE $key">> nihilism.network.zone; done
root@mail-gw:/var/cache/bind# for key in `ls Knowhere.moe*.key`; do echo "\$INCLUDE $key">> nowhere.moe.zone; done
root@mail-gw:/var/cache/bind# cat nihilism.network.zone
root@mail-gw:/var/cache/bind# cat nowhere.moe.zone
$INCLUDE Knihilism.network.+007+23388.key
$INCLUDE Knihilism.network.+007+35034.key
$INCLUDE Knowhere.moe.+007+23388.key
$INCLUDE Knowhere.moe.+007+35034.key
root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t db.nihilism.network
dnssec-signzone: warning: db.nihilism.network:17: TTL set to prior TTL (3600)
root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t db.nowhere.moe
dnssec-signzone: warning: db.nowhere.moe:17: TTL set to prior TTL (3600)
dnssec-signzone: fatal: No signing keys specified or found.
root@mail-gw:/var/cache/bind# cat nihilism.network.zone >> db.nihilism.network
root@mail-gw:/var/cache/bind# cat nowhere.moe.zone >> db.nowhere.moe
<!--root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t db.nihilism.network-->
root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t db.nihilism.network
<!--root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t db.nowhere.moe-->
root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t db.nowhere.moe
dnssec-signzone: warning: db.nihilism.network:17: TTL set to prior TTL (3600)
dnssec-signzone: warning: db.nowhere.moe:17: TTL set to prior TTL (3600)
Verifying the zone using the following algorithms:
- NSEC3RSASHA1
Zone fully signed:
Algorithm: NSEC3RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 stand-by, 0 revoked
db.nihilism.network.signed
db.nowhere.moe.signed
Signatures generated: 51
Signatures retained: 0
Signatures dropped: 0
@ -890,14 +890,14 @@ Signatures per second: 750.000
Runtime in seconds: 0.076
</code></pre>
<p>If it gives you further errors, debug it here https://dnsviz.net/d/nihilism.network/dnssec/:</p>
<p>If it gives you further errors, debug it here https://dnsviz.net/d/nowhere.moe/dnssec/:</p>
<p>Then we continue:</p>
<pre><code class="nim">
root@mail-gw:/var/cache/bind# vim /etc/bind/named.conf.local
root@mail-gw:/var/cache/bind# cat /etc/bind/named.conf.local
zone "nihilism.network" {
zone "nowhere.moe" {
type master;
file "db.nihilism.network.signed";
file "db.nowhere.moe.signed";
allow-update { none; };
};
@ -919,29 +919,29 @@ root@mail-gw:/var/cache/bind# systemctl status bind9
Sep 30 19:58:12 mail-gw named[42611]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 30 19:58:12 mail-gw named[42611]: zone localhost/IN: loaded serial 2
Sep 30 19:58:12 mail-gw named[42611]: zone nihilism.network/IN: sig-re-signing-interval less than 3 * refresh.
Sep 30 19:58:12 mail-gw named[42611]: zone nihilism.network/IN: loaded serial 18 (DNSSEC signed)
Sep 30 19:58:12 mail-gw named[42611]: zone nowhere.moe/IN: sig-re-signing-interval less than 3 * refresh.
Sep 30 19:58:12 mail-gw named[42611]: zone nowhere.moe/IN: loaded serial 18 (DNSSEC signed)
Sep 30 19:58:12 mail-gw named[42611]: all zones loaded
Sep 30 19:58:12 mail-gw named[42611]: running
Sep 30 19:58:12 mail-gw named[42611]: zone nihilism.network/IN: sending notifies (serial 18)
Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nihilism.network): transfer of 'nihilism.network/IN': IXFR version not in journal, falling back to AXFR
Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nihilism.network): transfer of 'nihilism.network/IN': AXFR-style IXFR started (serial 18)
Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nihilism.network): transfer of 'nihilism.network/IN': AXFR-style IXFR ended: 2 messages, 104 records, 19335 bytes, 0.001 secs (19335000 bytes/sec) (serial 18)
Sep 30 19:58:12 mail-gw named[42611]: zone nowhere.moe/IN: sending notifies (serial 18)
Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nowhere.moe): transfer of 'nowhere.moe/IN': IXFR version not in journal, falling back to AXFR
Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nowhere.moe): transfer of 'nowhere.moe/IN': AXFR-style IXFR started (serial 18)
Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nowhere.moe): transfer of 'nowhere.moe/IN': AXFR-style IXFR ended: 2 messages, 104 records, 19335 bytes, 0.001 secs (19335000 bytes/sec) (serial 18)
</code></pre>
<!--<p>https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server-2 next is a DS record to add to the registrar ???</p>-->
<p>So from now on when you want to edit your zone, you will need to first edit the db file and then run the dnssign command: </p>
<pre><code class="nim">
root@mail-gw:/var/cache/bind# vim db.nihilism.network
root@mail-gw:/var/cache/bind# vim db.nowhere.moe
root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t db.nihilism.network
<!--root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t db.nihilism.network-->
dnssec-signzone: warning: db.nihilism.network:17: TTL set to prior TTL (3600)
root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t db.nowhere.moe
<!--root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t db.nowhere.moe-->
dnssec-signzone: warning: db.nowhere.moe:17: TTL set to prior TTL (3600)
Verifying the zone using the following algorithms:
- NSEC3RSASHA1
Zone fully signed:
Algorithm: NSEC3RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 stand-by, 0 revoked
db.nihilism.network.signed
db.nowhere.moe.signed
Signatures generated: 53
Signatures retained: 0
Signatures dropped: 0
@ -969,9 +969,9 @@ root@mail-gw:/var/cache/bind# systemctl status bind9
<p>Now when we test the dnssec to our bindserver we see the following:</p>
<pre><code class="nim">
[ 10.0.0.10/16 ] [ nowhere ] [~]
→ dig @23.137.250.140 stream.nihilism.network. A +dnssec +multiline
→ dig @23.137.250.140 stream.nowhere.moe. A +dnssec +multiline
; <<>> DiG 9.18.4-2-Debian <<>> @23.137.250.140 stream.nihilism.network. A +dnssec +multiline
; <<>> DiG 9.18.4-2-Debian <<>> @23.137.250.140 stream.nowhere.moe. A +dnssec +multiline
; (1 server found)
;; global options: +cmd
;; Got answer:
@ -982,12 +982,12 @@ root@mail-gw:/var/cache/bind# systemctl status bind9
; EDNS: version: 0, flags: do; udp: 1232
; COOKIE: bb834e65ec1896a601000000633c65914ff2b9c6c7b43b1d (good)
;; QUESTION SECTION:
;stream.nihilism.network. IN A
;stream.nowhere.moe. IN A
;; ANSWER SECTION:
stream.nihilism.network. 604800 IN CNAME web-gw.nihilism.network.
stream.nihilism.network. 604800 IN RRSIG CNAME 7 3 604800 (
20221103152726 20221004152726 35034 nihilism.network.
stream.nowhere.moe. 604800 IN CNAME web-gw.nowhere.moe.
stream.nowhere.moe. 604800 IN RRSIG CNAME 7 3 604800 (
20221103152726 20221004152726 35034 nowhere.moe.
qIu/a2pi8e52tLqNBmCbeFHGK3TkQLquJNcziCoCYlQY
qOOFiXisOz7sg05uWxvX04kKofQyuUb9X/+e20r28WUe
gAhS1LJWE9BfBHfq/iQBXX4yWLTTYMqyjDyW56RUX7Z9
@ -996,9 +996,9 @@ stream.nihilism.network. 604800 IN RRSIG CNAME 7 3 604800 (
B/uKxmX+J3gcBzeGp1wwGd07UdlxaLyniQ41DSYmdTdD
jECbxVQRvMnC1MhD8nYsmhm/YroKXeQpMX7ugJD1ZomY
A7/ofGO6asXTGY2V3JxiITop0nKlfSlLbA== )
web-gw.nihilism.network. 604800 IN A 23.137.250.141
web-gw.nihilism.network. 604800 IN RRSIG A 7 3 604800 (
20221103152726 20221004152726 35034 nihilism.network.
web-gw.nowhere.moe. 604800 IN A 23.137.250.141
web-gw.nowhere.moe. 604800 IN RRSIG A 7 3 604800 (
20221103152726 20221004152726 35034 nowhere.moe.
hlE0hXZiU9/LnSKghK3OKMxIbrrimFqF0HfHJubzQ50U
f9g3m9bZJeANu4iJHCmPR1TVJUp0qYxUTRb815kWGKIq
DHUNErDN+WhZoTBMT8jzdX8kntKFnd8+N/d/gjQ91Oxp
@ -1021,10 +1021,10 @@ root@mail-gw:/var/cache/bind# cat restartdns.sh
#!/bin/bash
# check the zone for errors:
named-checkzone nihilism.network db.nihilism.network
named-checkzone nowhere.moe db.nowhere.moe
# sign it:
dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t db.nihilism.network
dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o nowhere.moe -t db.nowhere.moe
#restart bind9
systemctl restart bind9
@ -1036,7 +1036,7 @@ systemctl status bind9
<p>updated restartdns.sh script: (thanks to Notorious from notlean.net)</p>
<pre><code class="nim">
1) updated algorythms to avoid errors <b>https://dnsviz.net/d/nihilism.network/dnssec/ </b>
1) updated algorythms to avoid errors <b>https://dnsviz.net/d/nowhere.moe/dnssec/ </b>
dnssec-keygen -L 3600 -a ECDSAP256SHA256 -b 2048 -n ZONE notlean.net
dnssec-keygen -L 3600 -f KSK -a ECDSAP256SHA256 -b 2048 -n ZONE notlean.net
@ -1096,9 +1096,9 @@ echo "Execution end"
<!--<p>However when we test it on another dns server it is supposed to propagate we see the following error:</p>
<pre><code class="nim">
[ 10.0.0.10/16 ] [ nowhere ] [~]
→ dig @1.1.1.1 stream.nihilism.network. A +dnssec +multiline
→ dig @1.1.1.1 stream.nowhere.moe. A +dnssec +multiline
; <<>> DiG 9.18.4-2-Debian <<>> @1.1.1.1 stream.nihilism.network. A +dnssec +multiline
; <<>> DiG 9.18.4-2-Debian <<>> @1.1.1.1 stream.nowhere.moe. A +dnssec +multiline
; (1 server found)
;; global options: +cmd
;; Got answer:
@ -1107,9 +1107,9 @@ echo "Execution end"
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for nihilism.network.)
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for nowhere.moe.)
;; QUESTION SECTION:
;stream.nihilism.network. IN A
;stream.nowhere.moe. IN A
;; Query time: 243 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
@ -1141,14 +1141,14 @@ echo "Execution end"
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.nowhere.moe">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>