Looking for dnssec-triggerd alpha testers!
Carl Byington
carl at byington.org
Sun Sep 18 02:07:19 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 2011-09-17 at 14:00 -0400, Paul Wouters wrote:
> You can find source and package pre-releases at:
> ftp://ftp.xelerance.com/dnssec-trigger/
At least for Fedora 15:
BuildRequires: glib-devel, gtk2-devel, ldns-devel
and in %install
mkdir -p %{buildroot}%{_localstatedir}/run/dnssec-triggerd
After killing off dnsmasq and starting unbound and dnssec-trigger,
Sep 17 18:19:02 laptop setroubleshoot: SELinux is preventing
/usr/sbin/unbound from name_bind access on the tcp_socket port 8953. For
complete SELinux messages. run sealert -l 924dfa70-fe9e-4cc0-add0-
364b8ae90ef6
grep unbound /var/log/audit/audit.log | audit2allow -M unboundpatch
semodule -i unboundpatch.pp
cat /etc/resolv.conf
# Generated by dnssec-trigger 0.3
nameserver 127.0.0.1
It took over dns via unbound, even though the dhcp assigned dns servers
allow dnssec queries.
dnssec-trigger-control-setup
setup in directory /etc
dnssec_trigger_server.key exists
dnssec_trigger_control.key exists
create dnssec_trigger_server.pem (self signed certificate)
create dnssec_trigger_control.pem (signed client certificate)
Signature ok
subject=/CN=dnssec-trigger-control
Getting CA Private Key
Setup success. Certificates created.
dnssec-trigger-control-setup -i
setup in directory /etc
unbound-checkconf: no errors in /etc/unbound/unbound.conf
checking if unbound-control needs to be enabled
checking if root trust anchor needs to be enabled
fetching or updating root trust anchor: unbound-anchor
[1316311135] libunbound[17598:0] error: ldns error while converting
string to RR: Syntax error, could not parse the RR's rdata
[1316311135] libunbound[17598:0] error: failed to load trust anchor from
/etc/unbound/root.key at line 2, skipping
[1316311135] libunbound[17598:0] error: ldns error while converting
string to RR: Syntax error, could not parse the RR's TTL
[1316311135] libunbound[17598:0] error: failed to load trust anchor from
/etc/unbound/root.key at line 4, skipping
[1316311135] libunbound[17598:0] error: failed to read
/etc/unbound/root.key
[1316311135] libunbound[17598:0] error: error reading auto-trust-anchor-
file: /etc/unbound/root.key
[1316311135] libunbound[17598:0] error: validator: error in trustanchors
config
[1316311135] libunbound[17598:0] error: validator: could not apply
configuration settings.
[1316311135] libunbound[17598:0] error: module init for module validator
failed
add to /etc/unbound/unbound.conf: auto-trust-anchor-file:
"/etc/unbound/root.key"
check for search path in resolv.conf and edit /etc/dnssec-trigger.conf
check for domain in resolv.conf and edit /etc/dnssec-trigger.conf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFOdVItL6j7milTFsERAjHqAKCDFvKuwgKiYvRtvJBUVRpunvAxmQCbBVJP
lsJmLAFHfCBnFPrR4/exxME=
=KN8D
-----END PGP SIGNATURE-----
More information about the devel
mailing list