40 lines
1.1 KiB
Markdown
40 lines
1.1 KiB
Markdown
# test zone file
|
|
nsd-checkzone -p in.gnunux.info /etc/nsd/in.gnunux.info.zone.signed
|
|
nsd-checkzone -p 47.168.192.in-addr.arpa. /etc/nsd/47.168.192.in-addr.arpa.reverse.signed
|
|
|
|
# resolvectl
|
|
resolvectl log-level debug
|
|
pour les versions plus ancien, éditer : /var/lib/machines/lemonldap.in.gnunux.info/lib/systemd/system/systemd-resolved.service
|
|
Ajouter :
|
|
[Service]
|
|
Environment=SYSTEMD_LOG_LEVEL=debug
|
|
|
|
|
|
# verification avec delv
|
|
|
|
cat keys
|
|
|
|
```
|
|
trusted-keys {
|
|
in.gnunux.info. 257 3 13 "USFnZ0by5kztge0ATp0RGnLmiE6moqF97MkhkeeYRZHk38ZBma3Ww2yr C2wImxlu7cCPIcLzh6fJhZNESHqngQ==";
|
|
};
|
|
```
|
|
|
|
## Pas correctement signé
|
|
|
|
```
|
|
root@debian:~# delv @192.168.45.11 -a keys +root=in.gnunux.info ldap.in.gnunux.info. A
|
|
;; keys:1: option 'trusted-keys' is deprecated
|
|
;; validating ldap.in.gnunux.info/A: no valid signature found
|
|
;; RRSIG failed to verify resolving 'ldap.in.gnunux.info/A/IN': 192.168.45.11#53
|
|
;; resolution failed: RRSIG failed to verify
|
|
```
|
|
|
|
## Correctement signé
|
|
|
|
```
|
|
root@debian:~# delv @192.168.45.11 -a keys +root=in.gnunux.info lemonldap.in.gnunux.info. A
|
|
;; keys:1: option 'trusted-keys' is deprecated
|
|
; fully validated
|
|
```
|
|
|