DNS

Intro this is a little script which reads the Name Servers for a given Domain, and then asks the NameServer for the SOA of this Domain. Script cat << 'EOF' > soachecker.sh #!/usr/bin/env bash # Little SOA & Serial Checker, v0.1, @stoege tmpfile=$(mktemp) # Check Args echo if [ $# -eq 0 ]; then d="stoege.net" echo -e "No argument provided. use \033[1m'${d}'\033[0m" elif [ $# -eq 1 ]; then d="$1" echo -e "Domain \033[1m'${d}'\033[0m provided" else echo -e "\033[1mmore than one arguments provided.

Certificate Management with ‘acme.sh’ I like to manage my certificates on my own. If you work with Wildcard Certs, acme.sh is a nice and flexible ACME Client, purely written in Shell. It’s probably the easiest & smartest shell script to automatically issue & renew the free certificates. Basic Handling Get Version acme.sh --version run it # acme.sh --version https://github.com/acmesh-official/acme.sh v3.0.6 Upgrade Self are we up2date ? acme.sh --upgrade run it

Web A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Sounds promising, right ? Let’s give try ;) https://github.com/joohoi/acme-dns Setup fireup a new OpenBSD VM let’s do it in London. ip: 100.10.20.30 patch, update, add go doas su - syspatch pkg_add -Vu pkg_add go clone repo and build acme-dns cd /root git clone https://github.com/joohoi/acme-dns cd acme-dns export GOPATH=/tmp/acme-dns go build cp acme-dns /usr/local/sbin/ Create Selfsign Cert the RESTful API need’s a Cert.

Talk from @mwl at BSDCAN 2022 https://www.youtube.com/watch?v=1n62VZj-CKI OARC Reply Size Tester dig +short rs.dns-oarc.net TXT Host1 - good :) # dig +short rs.dns-oarc.net TXT rst.x4090.rs.dns-oarc.net. rst.x4058.x4090.rs.dns-oarc.net. rst.x4064.x4058.x4090.rs.dns-oarc.net. "45.15.80.80 DNS reply size limit is at least 4090" "45.15.80.80 sent EDNS buffer size 4096" Host2 - bad :( # dig +short rs.dns-oarc.net TXT rst.x1196.rs.dns-oarc.net. rst.x1206.x1196.rs.dns-oarc.net. rst.x1204.x1206.x1196.rs.dns-oarc.net. "74.63.25.240 DNS reply size limit is at least 1206" "74.63.25.240 sent EDNS buffer size 1232" Any Comments ?

IPv6 is fun, if you know how to handle it ! As a “sponsor LIR”, i got my own AS and a small /44 IP Space. So, as we all do “forward” DNS with our Domains, i’d like to have Reverse DNS as well. And as i don’t have a legacy IP Range, i like todo it with my v6 Space. Special thanks to Christian for his remote Hands/Tips. Appreciate it!

Run PowerDNS on OpenBSD I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me … Install Package doas pkg_add powerdns-- Create Folder, DB and set Permission doas mkdir /var/db/pdns doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql doas chown -R _powerdns:wheel /var/db/pdns/ Update Config File /etc/pdns/pdns.conf # DB gsqlite3-database=/var/db/pdns/pdns.sql launch=gsqlite3 setuid=_powerdns # Tuning & Protection max-queue-length=5000 overload-queue-length=2500 # Webserver webserver=yes webserver-address=ip-of-your-nameserver webserver-allow-from=127.