Project

General

Profile

Enhancement #287

Enhancement #286: The 42 Project

42 DNS

Added by Marc Dequènes over 7 years ago. Updated about 4 years ago.

Status:
Rejected
Priority:
Low
Category:
Service :: DNS
Start date:
2012-02-03
Due date:
% Done:

50%

Estimated time:
Patch Available:
No
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
No
Help Needed:
No

Description

Two things:
  • create a minimalist 42 zone, with a www entry towards www-hosting
  • add the 42 TLD resolver configuration to every server (meaning sometimes using a remote DC NS or install bind9)

Related issues

Blocks DuckCorp Website - Enhancement #288: 42 websiteRejected2012-02-042012-02-04

Actions
Blocks DuckCorp Infrastructure - Enhancement #292: DNSSEC authoritative nameservers and validating resolvers should be separatedBlocked2012-02-13

Actions

History

#1

Updated by Marc Dequènes over 7 years ago

  • Priority changed from Normal to Low
#2

Updated by Marc Dequènes over 7 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 50

The zone has been created.

Th resolver configuration is done but does not work due to DNSSEC validation. As the root zone is signed, and the insecurity proof failed, results are rejected. See the second note in http://www.isc.org/files/arm96.html#id2550987. The dnssec-must-be-secure statement is useless for this purpose, as it only cares about adding a constraint on the zone being signed independently of validation using the parent zone. I don't have any solution yet.

#3

Updated by Marc Dequènes over 7 years ago

For the record, the error message can be found on Orfeo in /var/log/named/dnssec.log:

04-Feb-2012 01:20:19.473   validating @0x7f531cf4b720: nic.42 SOA: got insecure response; parent indicates it should be secure

#4

Updated by Marc Dequènes over 7 years ago

Unbound can exclude a branch from the DNSSEC validation, which could be configured after #292 is solved.

#5

Updated by Marc Dequènes about 4 years ago

  • Status changed from In Progress to Rejected

The 42 TLS is dead.

DNS configuration purged.

Also available in: Atom PDF