bind9 ispconfig dnssec inline signing ubuntu 12.04

hi

here some nice howto:

install ispconfig as shown on howtoforge:
http://www.howtoforg … -dovecot-ispconfig-3

install bind9.9 from ubuntu ppa because bind9.8 does not support inline-signing.
add to your sources list:

deb http://ppa.launchpad.net/malcscott/bind9.9/ubuntu precise main 
deb-src http://ppa.launchpad.net/malcscott/bind9.9/ubuntu precise main
aptitude install bind9

create directory for your zone keys and create em:

[code]mkdir /var/cache/bind/keys/
cd /var/cache/bind/keys/
dnssec-keygen -r /dev/urandom -f KSK domain.tld
dnssec-keygen -r /dev/urandom domain.tld
chown bind:bind *

(this should be patched too in ispconfig) hadn’t got the time for it

patch the ispconfig template as following:
/usr/local/ispconfig/server/conf/bind_named.conf.local.master

--- a/usr/local/ispconfig/server/conf/bind_named.conf.local.master
+++ b/usr/local/ispconfig/server/conf/bind_named.conf.local.master
@@ -4,6 +4,8 @@
 zone "<tmpl_var name='zone'>" {
         type master;
 <tmpl_var name='options'>        file "<tmpl_var name='zonefile_path'>";
+       auto-dnssec maintain;
+       inline-signing yes;
 };
 </tmpl_if>
 </tmpl_loop>

add to your named.conf.options following line:

key-directory "/var/cache/bind/keys/";
service bind9 restart

you must push your DS-RR to your registrar
in my case nic.at
how to extract it out of your public key:

cd /var/cache/bind/keys/
dnssec-dsfromkey -1 Kdomain.tld.KSK#

here some nice links:
https://kb.isc.org/a … -9.9.0-Examples.html
http://fanf.livejournal.com/112476.html
http://wiki.debian.org/DNSSEC
http://dnscheck.iis.se/

have fun!

high cpu load due to leap second

hi

since july 1st 00:00 2012 I’ve seen high cpu load due to some java app. In my case it was the adaptec storage agent.

strace -p

showed me some problem with the realtime clock

futex(0xFUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME,ETIMEDOUT (Connection timed out)
Clock: inserting leap second 23:59:60 UTC

dmesg showed me this output

you don’t have to restart any serivce
just run the following:

/etc/init.d/ntp stop
date `date +"%m%d%H%M%C%y.%S"`
/etc/init.d/ntp start

so due to an leap second all machines running adaptec storage_agent got high cpu load :-(

this guy reportet the bug too:
http://blog.wpkg.org … une-1-july-2012-fix/

update:
seen this bug with mysql and bind9 too

simple sogo backup in perl with mysql

Hi

Need to export(backup) your sogo users contacts calendar etc?

Here some simple approach to get this done.

#!/usr/bin/perl
use warnings;
use DBI;

my $db ="databasename";
my $user = "username";
my $pass = "mypassword";
my $host = "localhost";
my $query = "SELECT mail FROM sogo_users";
my $bkppath = "/path/to/backup";
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);

my $dbh = DBI->connect("DBI:mysql:$db", "$user", "$pass")
	or die "Could not connect to database: " . DBI->errstr;

my $sth = $dbh->prepare("$query")
	or die "Couldn't prepare statement: " . $dbh->errstr;

$sth->execute()
	or die "Couldn't execute statement: " . $sth->errstr;

while ($data = $sth->fetchrow_array()) {
	my $mail = $data;
	my $bkp = `/usr/sbin/sogo-tool backup $bkppath $mail > /dev/null`;
	sleep 2;
	my $mv = `/bin/mv $bkppath/$mail $bkppath/$mail.$wday`;
	}

$sth->finish;
$dbh->disconnect;

Have fun!