[yadifa-users] YADIFA release 2.1.0

Gery Van Emelen gery at vanemelen.net
Sat Jun 13 12:03:55 CEST 2015


Hi,


For using yadifa cmdline client you need to do 2 things:


1. Setup yadifad:

Using a TSIG key in the control ACL is done as with other ACLs:
First, you can define the key with an arbitrary name like any other TSIG key:

<key>
    name my-controller-key
    algorithm hmac-md5
    secret PutHereAValidHMACMD5TSIGKey==
</key>

Then, in the <main> section, you need to tell that control is allowed for that key:

<main>
    ...
    allow-control key my-controller-key
    ...
</main>


2. Setup yadifa:

You have .yadifa.rc file in your home directory. 

You need to use the same key with the same name as in the one used in yadifad configuration file

<key>
    name my-controller-key
    algorithm hmac-md5
    secret PutHereAValidHMACMD5TSIGKey==
</key>

The, in the <yadifa> section, you need to tell which key you will be using

<yadifa>
    server        “192.0.2.1 port 53"
    tsig-key-name my-controller-key
</yadifa>



Gery


> On 12 Jun 2015, at 13:26, Jürgen Geinitz <geinitz at denic.de> wrote:
> 
> Hello Gery, hello list,
> 
> pse I need some help, I'm stuck with the yadifa cmdline client.
> 
> It seems to me that yadifa insists on a tsig (accourding to the source); 
> but what is the name of the sig? 
> yadifa? ctrl-key? I don't find it in the documentation.
> 
> 2nd: how do I hand it over on the cmdline?
> 
> # /local/dnsadm/usr/local/yadifa/bin/yadifa -s 172.16.180.80 -c 
> "/local/dnsadm/usr/local/yadifa/etc/yadifa.conf"  -t sync
> cmdline: parsing error: command-line:3 : 'config_file 
> "/local/dnsadm/usr/local/yadifa/etc/yadifa.conf"': CONFIG_UNKNOWN_SETTING
> cmdline_parse failed: CONFIG_UNKNOWN_SETTING
> #
> 
> Sorry but I'm complete stuck.
> 
> Kind regards
> Juergen
> 
> yadifa-announce-bounces at mailinglists.yadifa.eu schrieb am 30.04.2015 
> 09:16:49:
> 
>> Von: Gery Van Emelen <Gery.VanEmelen at EURid.eu>
>> An: <yadifa-announce at mailinglists.yadifa.eu>
>> Datum: 30.04.2015 09:19
>> Betreff: [yadifa-announce] YADIFA release 2.1.0
>> Gesendet von: yadifa-announce-bounces at mailinglists.yadifa.eu
>> 
>> Introduction
>> 
>> YADIFA 2.1.0
> 
>> Download:
>> The latest version of YADIFA can be found on the web site for YADIFA 
> http://www.yadifa.eu/download.
>> YM21.pdf (YADIFA Reference Manual) will be available in the coming days.
>> New:
>> New journal file format:
>> This new format addresses a few issues like having maximum journal file 
> and a relatively constant random access time even for verybig sizes.
>> The internal messaging queue has been changed to address huge amount of 
> zones.
>> New CHaos queries supported:
>> hostname
>> id.server
>> added three aliases for convenience:
>> user  for uid
>> group for gid
>> max-tcp-connections for max-tcp-queries
>> 
>> Features:
>> Supported platforms : Linux, FreeBSD, OpenBSD, OSX and Solaris
>> Authoritative name server
>> Load zone files
>> Resource Record types:
>> SOA, A, AAAA, NS, CNAME, PTR, HINFO, TXT, MX
>> NAPTR, SRV, SSHFP, TLSA, WKS, DNSKEY, DS, RRSIG, NSEC, NSEC3, NSEC3PARAM
>> Directives and special constructs
>> TTL, ORIGIN, *(wildcard) and @
>> Zone transfer
>> Master & Slave
>> AXFR / IXFR
>> Notify
>> TSIG
>> dynamic update
>> DNSSEC
>> DSASHA1 (algorithm 3)
>> DSASHA1 NSEC3 (algorithm 6)
>> RSASHA1 (algorithm 5)
>> RSASHA1 NSEC3 (algorithm 7)
>> RSASHA256 NSEC3 (algorithm 8)
>> RSASHA512 NSEC3 (algorithm 10)
>> Automatic resigning
>> NSID
>> DNS Response Rate Limiting
>> yadifa client for accessing yadifad servers
>> 
>> Known issues:
>> building successfully with LTO may require to append both AR=gcc-ar and 
> RANLIB=gcc-ranlib to the ./configure command
>> —enable-message does not work on OpenBSD 32-bit
>> removing the last key of a signed zone is permitted by YADIFA, but 
> triggers some chicken-egg issue with signatures.
>> 
>>>> R & D team EURid[Anhang "signature.asc" gelöscht von Jürgen 
> Geinitz/Denic] _______________________________________________
>> yadifa-announce mailing list
>> yadifa-announce at mailinglists.yadifa.eu
>> http://www.yadifa.eu/mailman/listinfo/yadifa-announce
> 
> -- 
> -------------------------
> Juergen Geinitz
> 
> DENIC eG
> Kaiserstr. 75-77
> D-60239 Frankfurt am Main
> Fon +49 69 27235 179
> Fax +49 69 27235 235
> geinitz at denic.de
> www.denic.de
> 
> PGP-KeyID: 0xC42163B4 , Fingerprint: 6CC9 A263 12ED B9Be 69B5 9487 F80E 
> 7392 C421 63B4
> 
> Sitz: Frankfurt am Main
> Eingetragen unter Nr. 770 im Genossenschaftsregister beim Amtsgericht 
> Frankfurt am Main
> Vorstand: Helga Krüger, Andreas Musielak, Carsten Schiefner, Dr. Jörg 
> Schweiger 
> Vorsitzender des Aufsichtsrats: Thomas Keller
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.yadifa.eu/archives/yadifa-users/attachments/20150613/d5a74792/attachment.html 


More information about the yadifa-users mailing list