dataset/seed/nsd/DEBUG.md

49 lines
1.3 KiB
Markdown
Raw Permalink Normal View History

2022-03-08 19:42:28 +01:00
# test zone file
nsd-checkzone -p in.gnunux.info /etc/nsd/in.gnunux.info.zone.signed
nsd-checkzone -p 47.168.192.in-addr.arpa. /etc/nsd/47.168.192.in-addr.arpa.reverse.signed
# resolvectl
resolvectl log-level debug
pour les versions plus ancien, éditer : /var/lib/machines/lemonldap.in.gnunux.info/lib/systemd/system/systemd-resolved.service
Ajouter :
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
# verification avec delv
cat keys
```
trusted-keys {
in.gnunux.info. 257 3 13 "USFnZ0by5kztge0ATp0RGnLmiE6moqF97MkhkeeYRZHk38ZBma3Ww2yr C2wImxlu7cCPIcLzh6fJhZNESHqngQ==";
};
```
## Pas correctement signé
```
root@debian:~# delv @192.168.45.11 -a keys +root=in.gnunux.info ldap.in.gnunux.info. A
;; keys:1: option 'trusted-keys' is deprecated
;; validating ldap.in.gnunux.info/A: no valid signature found
;; RRSIG failed to verify resolving 'ldap.in.gnunux.info/A/IN': 192.168.45.11#53
;; resolution failed: RRSIG failed to verify
```
## Correctement signé
```
root@debian:~# delv @192.168.45.11 -a keys +root=in.gnunux.info lemonldap.in.gnunux.info. A
;; keys:1: option 'trusted-keys' is deprecated
; fully validated
```
2023-07-31 15:30:32 +02:00
# increase loglevel
echo """server:
debug-mode: yes
verbosity: 10
""" > /etc/nsd/conf.d/debug.conf
systemctl restart nsd
journalctl -fu nsd