From matthijs at nlnetlabs.nl Mon Sep 3 05:35:13 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Mon, 03 Sep 2012 07:35:13 +0200 Subject: [Opendnssec-develop] RE: Team meetings - teleconf solution In-Reply-To: References: Message-ID: <50444191.1010203@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/31/2012 01:09 PM, Sara Dickinson wrote: > Hi All, > > So it turns out that the Webex trial meetings are very limited in > terms of the PSTN access and they only allow access from a local > number in the country the account is set up in. Even on the full > account adding PSTN access from other countries ramps up the price. > So I wanted to clarify the general requirement for this: > > If you want to be able to join the team meetings via telephone > dial-in (i.e. you don't want to or can't use a PC based client for > some reason) then can you please reply to this email to let me > know. It has happened a couple of times that I have fallen back to telephone dial-in. > > Thanks > > Sara._______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQREGRAAoJEA8yVCPsQCW5ZUcIALGwITefo3DvNGAbY5RGwhaD wo6FOGu08YjYbeFnUDoKEYNrhDMpnbTKiMkw9hA252wPCssoXjBaRKi7CDV4GzUh nBHVS5zAM7q+jxoi/t5QUtwJtsoDaZ3uAzadyJPfgy3bMIPvqyJ3Wm4jOSCccz1S fx0nGApfadMC8Y2fkpJZMoTwa6focdpRPVuNvg2CaTsYnjfqguF5ppVwjxFzENv8 zgrPEGmndmFFJF7Tu/ra9sc5PT7I8dH+uxzjbKVylT3QYW9hsjCOhhX2J+c996Tf F9I3lTCFC0tTEuXFAuoaZoPp6CpmiDNDqLp90k7hjsu1Riz5F4T2Op8lWuOJ1ZI= =N982 -----END PGP SIGNATURE----- From jakob at kirei.se Mon Sep 3 05:42:38 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Mon, 3 Sep 2012 07:42:38 +0200 Subject: [Opendnssec-develop] RE: Team meetings - teleconf solution In-Reply-To: <50444191.1010203@nlnetlabs.nl> References: <50444191.1010203@nlnetlabs.nl> Message-ID: On 3 sep 2012, at 07:35, Matthijs Mekking wrote: > It has happened a couple of times that I have fallen back to telephone > dial-in. Why? 'cause you did not have Internet, or 'cause the VoIP-dialin was not working or bad quality? jakob From matthijs at nlnetlabs.nl Mon Sep 3 06:27:00 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Mon, 03 Sep 2012 08:27:00 +0200 Subject: [Opendnssec-develop] RE: Team meetings - teleconf solution In-Reply-To: References: <50444191.1010203@nlnetlabs.nl> Message-ID: <50444DB4.9070502@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/03/2012 07:42 AM, Jakob Schlyter wrote: > On 3 sep 2012, at 07:35, Matthijs Mekking > wrote: > >> It has happened a couple of times that I have fallen back to >> telephone dial-in. > > Why? 'cause you did not have Internet, or 'cause the VoIP-dialin > was not working or bad quality? > > jakob > > Various reasons. Indeed no access at the specific moment or not working have both occurred. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQRE20AAoJEA8yVCPsQCW5HOEH/2dsAyljNgC5/xDzPSvZyzut GYElKfCXcX4gKFlgYH6F/km5ejXvMdBE8e+wuWKSbXOUyI+BOKabKx46r+RzvKFi AHJUCpv4u06vmUT1/7Cjzy8wQeYinpFlMYgrk4lSkg8NBfAGWrwNIm58uLykcf/z mMtiaBQdGpJTRp2lYOxvzweV1mxFVQEYitOfefQttCOhvC3PfCw6M9I3JV59j7yV vQzPPBTfcaK9GpfHQkzSZs55e028vT7DKmMaHejmA27JhVlXPnSDJk5hlIOWhysE wUDTkeWZybOwniDEwetzsJqroByQMNRttSJhQrog4nDVlqYbcn7m1V04OpCI+jk= =keF1 -----END PGP SIGNATURE----- From yuri at nlnetlabs.nl Mon Sep 3 08:23:45 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Mon, 03 Sep 2012 10:23:45 +0200 Subject: [Opendnssec-develop] RE: Team meetings - teleconf solution In-Reply-To: References: Message-ID: <50446911.2040609@nlnetlabs.nl> > If you want to be able to join the team meetings via telephone > dial-in (i.e. you don't want to or can't use a PC based client for > some reason) then can you please reply to this email to let me know. The browser based webex did not run properly for me. Anything with a native (linux) client will do. //yuri From sara at sinodun.com Mon Sep 3 12:28:39 2012 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 3 Sep 2012 13:28:39 +0100 Subject: [Opendnssec-develop] RE: Team meetings - teleconf solution In-Reply-To: <50444DB4.9070502@nlnetlabs.nl> References: <50444191.1010203@nlnetlabs.nl> <50444DB4.9070502@nlnetlabs.nl> Message-ID: <6F191619-2533-4E6D-BFB8-31B49A553CCA@sinodun.com> Hi All, Thanks for the replies on the dial-in issue. Jakob and I tried out Cisco webex this morning and weren't very impressed. When we finally go the audio working it was poor quality and was virtually unusable when we added video and we both had connection problems. Apparently it is also geared around 1 presenter and many observers rather than conferencing and it is somewhat expensive. So we have looked again at alternatives... We tried out Google+ Hangouts and were very impressed: + Lightweight meeting set up + Audio and video quality were excellent. (Need to see if this scales with more people....) + Can have up to 9 people in the hangout + Free if everyone joins via a Google+ account + Can screen share + Can dial-out from the meeting to landlines as a fall back at very cheap rate (if we add this option) + Can record the meeting on You Tube (if we add this option) It isn't quite as functionally rich as Webex/Connect but it looks like a really good option for what we need. If anyone has used this and has feedback that would be great to hear. So I would like to suggest anyone interested could try this out for a few minutes at the end of the meeting tomorrow? I will use my sara at opendnssec.org Google+ account. Anyone with a @opendnssec.org Google account can upgrade it to Google+ easily, or use a different Google+ account if you prefer. I will start a Hangout and then post the URL on the meeting page. Just click on this, login to Google, add me to your circle and then join the meeting. Sara. On 3 Sep 2012, at 07:27, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/03/2012 07:42 AM, Jakob Schlyter wrote: >> On 3 sep 2012, at 07:35, Matthijs Mekking >> wrote: >> >>> It has happened a couple of times that I have fallen back to >>> telephone dial-in. >> >> Why? 'cause you did not have Internet, or 'cause the VoIP-dialin >> was not working or bad quality? >> >> jakob >> >> > > Various reasons. Indeed no access at the specific moment or not > working have both occurred. From matthijs at nlnetlabs.nl Tue Sep 4 12:10:53 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 04 Sep 2012 14:10:53 +0200 Subject: [Opendnssec-develop] From zone fetcher to DNS adapters Message-ID: <5045EFCD.7040802@nlnetlabs.nl> Hi, I had an issue assigned to me to document the migration from 1.3 to 1.4 with respect to moving from the zone fetcher to the DNS adapters. https://issues.opendnssec.org/browse/OPENDNSSEC-307 Here it is: https://wiki.opendnssec.org/display/DOCSTRUNK/Migrating+zone+fetcher+to+DNS+adapters Please take a look. Best regards, Matthijs From sara at sinodun.com Tue Sep 4 14:39:27 2012 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 4 Sep 2012 15:39:27 +0100 Subject: [Opendnssec-develop] Re: Team meeting 2012-09-04 @ 14:00 CEST - Minutes In-Reply-To: <7F04F18F-C19C-418C-99DB-842B6D0495CB@sinodun.com> References: <4661A8A5-8236-4FFF-A75E-EBDE4D3B0555@sinodun.com> <7F04F18F-C19C-418C-99DB-842B6D0495CB@sinodun.com> Message-ID: All, The minutes are available at: http://wiki.opendnssec.org/display/OpenDNSSEC/2012-09-04+Minutes Corrections, comments, etc. please. Sara. On 31 Aug 2012, at 16:18, Sara Dickinson wrote: > Hi All, > > We have a scheduled team meeting next week: > > Date: Tuesday 4th September 2012 > Time: 14:00-15:00 CEST, 13:00-14:00 BST > > The agenda and outstanding actions can be found here: > > http://wiki.opendnssec.org/display/OpenDNSSEC/2012-09-04+Agenda > > > Sara. > > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From sara at sinodun.com Tue Sep 4 15:22:08 2012 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 4 Sep 2012 16:22:08 +0100 Subject: [Opendnssec-develop] From zone fetcher to DNS adapters In-Reply-To: <5045EFCD.7040802@nlnetlabs.nl> References: <5045EFCD.7040802@nlnetlabs.nl> Message-ID: <34E883E1-68DB-480E-B963-F70035B6A02C@sinodun.com> On 4 Sep 2012, at 13:10, Matthijs Mekking wrote: > Hi, > > I had an issue assigned to me to document the migration from 1.3 to 1.4 with respect to moving from the zone fetcher to the DNS adapters. > > https://issues.opendnssec.org/browse/OPENDNSSEC-307 > > Here it is: > > https://wiki.opendnssec.org/display/DOCSTRUNK/Migrating+zone+fetcher+to+DNS+adapters This looks really good. I corrected a couple of minor typos, thats all. I have created a page for what is new in 1.4 and linked it from that: http://wiki.opendnssec.org/display/DOCSTRUNK/New+in+OpenDNSSEC+1.4 Sara. > > Please take a look. > > Best regards, > Matthijs > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From sara at sinodun.com Tue Sep 4 15:43:37 2012 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 4 Sep 2012 16:43:37 +0100 Subject: [Opendnssec-develop] RE: Documentation on use of SQLite Message-ID: Hi All, Following the discussion in the meeting today about promoting the use of MySQL over SQLite I have updated the Database section on the installation page: http://wiki.opendnssec.org/display/DOCSTRUNK/Installation And made minor updates on the Dependancies page: http://wiki.opendnssec.org/display/DOCSTRUNK/Dependencies and the conf.xml page: https://wiki.opendnssec.org/display/DOCSTRUNK/conf.xml I'm tempted to add a note to the NEWS file to the effect: * MySQL is now the recommended database for production environments Comments? Sara. From jerry at opendnssec.org Wed Sep 5 11:44:47 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 5 Sep 2012 13:44:47 +0200 Subject: [Opendnssec-develop] Jenkins disabled to track down multi-threaded enforcer problems in FreeBSD/NetBSD Message-ID: There are some weird things going on, signer trying to use keys that does not exists etc. More info later... -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Wed Sep 5 14:44:58 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 5 Sep 2012 16:44:58 +0200 Subject: [Opendnssec-develop] Zone file to test OpenDNSSEC 1.4.0 with Message-ID: <3E32F403-DA98-43E2-A92E-1BD22D441D54@opendnssec.org> Hi all, So I got Auditor to run on files produced by 1.4.0 with a few modifications. Now I need a zone file to manually test OpenDNSSEC 1.4.0 with, a valid zone file with all kinds of kinky RR's. Can anyone produce one? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From Roland.vanRijswijk at surfnet.nl Wed Sep 5 14:53:59 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij) Date: Wed, 5 Sep 2012 16:53:59 +0200 Subject: [Opendnssec-develop] Zone file to test OpenDNSSEC 1.4.0 with In-Reply-To: <3E32F403-DA98-43E2-A92E-1BD22D441D54@opendnssec.org> References: <3E32F403-DA98-43E2-A92E-1BD22D441D54@opendnssec.org> Message-ID: Hi Jerry, On 5 sep. 2012, at 16:44, Jerry Lundstr?m wrote: > So I got Auditor to run on files produced by 1.4.0 with a few modifications. > > Now I need a zone file to manually test OpenDNSSEC 1.4.0 with, a valid zone file with all kinds of kinky RR's. > > Can anyone produce one? I've previously handed over surfnet.nl to Matthijs for testing the signer, I'd be happy to supply it to you (has lots of kinky RRs ;-) ). Cheers, Roland -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surfnet.nl/en/ -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Wed Sep 5 14:55:50 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 5 Sep 2012 16:55:50 +0200 Subject: [Opendnssec-develop] Zone file to test OpenDNSSEC 1.4.0 with In-Reply-To: <5047669F.8080305@nlnetlabs.nl> References: <3E32F403-DA98-43E2-A92E-1BD22D441D54@opendnssec.org> <5047669F.8080305@nlnetlabs.nl> Message-ID: <25E426A4-067E-4BEA-90FE-F7B5F1E75A9C@opendnssec.org> On Sep 5, 2012, at 16:50 , Matthijs Mekking wrote: > Are the zonefiles in svn+ssh://keihatsu.kirei.se/svn/dnssec/trunk/testing/zonedatatest not sufficient? Yes, they will do. Didn't know about them, Thanks! -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sara at sinodun.com Wed Sep 5 15:10:02 2012 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 5 Sep 2012 16:10:02 +0100 Subject: [Opendnssec-develop] Zone file to test OpenDNSSEC 1.4.0 with In-Reply-To: References: <3E32F403-DA98-43E2-A92E-1BD22D441D54@opendnssec.org> Message-ID: <330040F6-8562-43DC-8480-F149FB85F59C@sinodun.com> On 5 Sep 2012, at 15:53, Roland van Rijswijk - Deij wrote: > Hi Jerry, > > On 5 sep. 2012, at 16:44, Jerry Lundstr?m wrote: > >> So I got Auditor to run on files produced by 1.4.0 with a few modifications. Excellent news! Well done. > On 5 Sep 2012, at 15:55, Jerry Lundstr?m wrote: > On Sep 5, 2012, at 16:50 , Matthijs Mekking wrote: >> Are the zonefiles in svn+ssh://keihatsu.kirei.se/svn/dnssec/trunk/testing/zonedatatest not sufficient? > > > Yes, they will do. Didn't know about them, Thanks! Plus there are the ones the auditor used in its regression tests: http://fisheye.opendnssec.org/changelog/opendnssec/branches/OpenDNSSEC-1.3/auditor/test Sara. From jerry at opendnssec.org Wed Sep 5 15:16:54 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 5 Sep 2012 17:16:54 +0200 Subject: [Opendnssec-develop] Zone file to test OpenDNSSEC 1.4.0 with In-Reply-To: <330040F6-8562-43DC-8480-F149FB85F59C@sinodun.com> References: <3E32F403-DA98-43E2-A92E-1BD22D441D54@opendnssec.org> <330040F6-8562-43DC-8480-F149FB85F59C@sinodun.com> Message-ID: <2154351084123216615@unknownmsgid> The ones auditor used is only for auditor, they are not good to pass to the signer to sign. /Jerry On 5 sep 2012, at 17:10, Sara Dickinson wrote: > > On 5 Sep 2012, at 15:53, Roland van Rijswijk - Deij wrote: > >> Hi Jerry, >> >> On 5 sep. 2012, at 16:44, Jerry Lundstr?m wrote: >> >>> So I got Auditor to run on files produced by 1.4.0 with a few modifications. > > Excellent news! Well done. > >> On 5 Sep 2012, at 15:55, Jerry Lundstr?m wrote: > >> On Sep 5, 2012, at 16:50 , Matthijs Mekking wrote: >>> Are the zonefiles in svn+ssh://keihatsu.kirei.se/svn/dnssec/trunk/testing/zonedatatest not sufficient? >> >> >> Yes, they will do. Didn't know about them, Thanks! > > Plus there are the ones the auditor used in its regression tests: > > http://fisheye.opendnssec.org/changelog/opendnssec/branches/OpenDNSSEC-1.3/auditor/test > > Sara. > > > > > > From jerry at opendnssec.org Thu Sep 6 06:13:37 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 6 Sep 2012 08:13:37 +0200 Subject: [Opendnssec-develop] Re: Jenkins disabled to track down multi-threaded enforcer problems in FreeBSD/NetBSD In-Reply-To: References: Message-ID: I will disable Jenkins again today to try and solve the even weirder problems with NetBSD and OpenBSD. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jerry at opendnssec.org Thu Sep 6 07:50:19 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 6 Sep 2012 09:50:19 +0200 Subject: [Opendnssec-develop] Changes in Jenkins build/test schedule Message-ID: Hi, I have spread out the builds some so they don't trigger at the same time and not as often. So it might take at least an hour before it will start to build after you check in now or you can trigger it yourself in the Jenkins GUI. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jerry at opendnssec.org Thu Sep 6 09:39:47 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 6 Sep 2012 11:39:47 +0200 Subject: [Opendnssec-develop] 1.4.0 beta 1 soon to be tagged! Message-ID: So, Running trunk in Jenkins now from scratch (clean workspace, rebuild all etc). Unless anyone shouts loud or any problems pops up, I will tag 1.4.0b1 at 14.00 CEST. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jerry at opendnssec.org Thu Sep 6 12:35:23 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 6 Sep 2012 14:35:23 +0200 Subject: [Opendnssec-develop] Re: 1.4.0 beta 1 soon to be tagged! In-Reply-To: References: Message-ID: On Thu, Sep 6, 2012 at 11:39 AM, Jerry Lundstr?m wrote: > Unless anyone shouts loud or any problems pops up, I will tag 1.4.0b1 > at 14.00 CEST. Tagging is on hold until 16.00 CEST'ish. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From yuri at nlnetlabs.nl Thu Sep 6 14:44:28 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 06 Sep 2012 16:44:28 +0200 Subject: [Opendnssec-develop] RE: Developer workshop Sept 2012 In-Reply-To: <7ABB7759-CEC6-4C5F-8A23-FC27F78688BE@sinodun.com> References: <7ABB7759-CEC6-4C5F-8A23-FC27F78688BE@sinodun.com> Message-ID: <5048B6CC.8090108@nlnetlabs.nl> > Sara Jerry Yuri Matthijs Jakob Patrik (Sion) Assuming this list represent the definitive participants, does any of you have special requirements w.r.t. the intake of nutrients? Last Amsterdam workshop I forgot to ask. Sofar: - Sara requires chocolate chip cookies (Although I'm not sure if this is a strict diet or that she needs to be counted in for lunch as well) //yuri From jerry at opendnssec.org Thu Sep 6 15:28:26 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 6 Sep 2012 17:28:26 +0200 Subject: [Opendnssec-develop] Re: 1.4.0 beta 1 soon to be tagged! In-Reply-To: References: Message-ID: On Thu, Sep 6, 2012 at 2:35 PM, Jerry Lundstr?m wrote: > Tagging is on hold until 16.00 CEST'ish. 1.4.0b1 tagged and tarballed. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From matthijs at nlnetlabs.nl Thu Sep 6 17:04:30 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 06 Sep 2012 19:04:30 +0200 Subject: [Opendnssec-develop] Zone expiry and regular queries Message-ID: <5048D79E.40701@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Please shed a light on this issue and its comments: https://issues.opendnssec.org/browse/OPENDNSSEC-326 Should OpenDNSSEC block regular queries too if a zone is expired? - - Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQSNeaAAoJEA8yVCPsQCW5VjUH/3CgfNdKQQeoA119Q5aektaA 1XSYIOCSBL2swKLAfhsdDJFuRdC+b4sck2DzMAqB4VylOhLZwpqZUl011yis/C3p T1vmYh8hUtgJI+Mi1HV+kna8THSBNhlLAD+nOBYSaEabjxl+FsUCeCr2ilGA0UBu qafuq5nV5tJiQzr9RCzYKDk8Ybr/8GjAwBmWKdwm/7AOUIhgsZZDwCd4DLEroTyR oFyGrB+e1SUncm0QAdnHlWyQ2cBN2rKdSLTjHrN+sMlHuJI++6bte3/9eBVJRnlJ xDsrwXm/uR20L5bu6jYjFbpONu3+Q/l+UGPd3Eg6YBoUJ0Vosz/TrZkwEznFdic= =ZSHB -----END PGP SIGNATURE----- From Roland.vanRijswijk at surfnet.nl Fri Sep 7 08:06:15 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij) Date: Fri, 7 Sep 2012 10:06:15 +0200 Subject: [Opendnssec-develop] FYI: licences for JIRA + Confluence + plugins have been renewed Message-ID: Hi all, FYI: you may have experienced some glitches in JIRA (plugins missing) and Confluence last week. As it turns out, we have to renew our OSS licence every year. Luckily, this doesn't require interaction with Atlassian. I've renewed all licences for a year and will schedule a renewal date in my calendar so this doesn't happen again next year ;-) Cheers, Roland -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surfnet.nl/en/ -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From matthijs at nlnetlabs.nl Thu Sep 13 07:39:52 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 13 Sep 2012 09:39:52 +0200 Subject: [Opendnssec-develop] Fwd: Re: [Opendnssec-user] opendnssec: NSEC3PARAM TTL In-Reply-To: <20120913073637.GA2170@strange> References: <20120913073637.GA2170@strange> Message-ID: <50518DC8.1040001@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What does the team think? I have not a strong opinion about it, but think Miek has a point. Matthijs "In the end it all comes down to the question: What does Bind do?" - -------- Original Message -------- Subject: Re: [Opendnssec-user] opendnssec: NSEC3PARAM TTL Date: Thu, 13 Sep 2012 09:36:37 +0200 From: Miek Gieben To: [ Quoting Matthijs Mekking at 08:48 on September 13 in "Re: [Opendnssec-user] opendnssec: N"... ] > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Hi, > > Funny. The TTL for NSEC3PARAM was 0 in very early version of > OpenDNSSEC. However, it does not matter what the TTL is: according > to RFC 5155 the record is not used by validators or resolvers. > > The standard also does not dictate any values for the NSEC3PARAM > TTL, so we decided to follow the normal TTL rules. But it would be nice to follow BIND's lead, because a) one can use the RRSIG(NSEC3PARAM) from BIND in a zone created by opendnssec and vice versa (this may come in handy in an extreme failure case) b) the outside world can not see your signer setup, by looking the TTL of the NSEC3PARAM As the change is minimal, I would say: just apply Paul's patch. grtz Miek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQUY3HAAoJEA8yVCPsQCW5P4QH/RUw5JtdWmlMA5tApy2Jw2X4 0euyyyGmFHtSDM4+xpkxEeC0nQfJYIYBBThkEvNG+2fEG+zg+dOHTbjCcf+86F1O lJTrfEKrC4qC211iweeLIt/SaR5fXeROMCjiOtVuIguMbr1biJMRi67UUQgbbSaY TYGUp03cDfpAg0S58dx3Y9HeNyiQr718bScPsWIS3qwWt+bxK/D6FYENpUmgoAXU Fn/wiRY+3tLbIivbGffK9oPnkDeyI/oW3kq/BIAccvPXLSDiKwO8g52mcd8PZuTP F7CwCR+ipAovrs6jQAly6DxrfuDfZ7Eaq8tmqBjYmbKJm0Y997LIeBykSyUN3Rc= =+OeZ -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Attached Message Part URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Attached Message Part.sig Type: application/octet-stream Size: 287 bytes Desc: not available URL: From jakob at kirei.se Thu Sep 13 07:51:09 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 13 Sep 2012 09:51:09 +0200 Subject: [Opendnssec-develop] [Opendnssec-user] opendnssec: NSEC3PARAM TTL In-Reply-To: <50518DC8.1040001@nlnetlabs.nl> References: <20120913073637.GA2170@strange> <50518DC8.1040001@nlnetlabs.nl> Message-ID: On 13 sep 2012, at 09:39, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > What does the team think? I have not a strong opinion about it, but > think Miek has a point. I think TTL=0 makes sense, https://issues.opendnssec.org/browse/OPENDNSSEC-330 jakob From sara at sinodun.com Thu Sep 13 08:52:29 2012 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 13 Sep 2012 09:52:29 +0100 Subject: [Opendnssec-develop] [Opendnssec-user] opendnssec: NSEC3PARAM TTL In-Reply-To: References: <20120913073637.GA2170@strange> <50518DC8.1040001@nlnetlabs.nl> Message-ID: <84B6536B-8A54-4ADD-9563-0545D50266EF@sinodun.com> On 13 Sep 2012, at 08:51, Jakob Schlyter wrote: > On 13 sep 2012, at 09:39, Matthijs Mekking wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> What does the team think? I have not a strong opinion about it, but >> think Miek has a point. > > I think TTL=0 makes sense, https://issues.opendnssec.org/browse/OPENDNSSEC-330 Doesn't sound like this makes a great deal of difference either way.... so I think I would say since there isn't a good reason NOT to use TTL=0 then lets do what BIND does. Sara. > > jakob > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From sara at sinodun.com Thu Sep 13 15:55:42 2012 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 13 Sep 2012 16:55:42 +0100 Subject: [Opendnssec-develop] RE: Google+ Hangout Message-ID: <09360B14-100A-4198-89B7-0A28FD7ADB26@sinodun.com> Hi All, I was thinking that we could trying using Google+ Hangout for the team meeting next Tuesday. Is there anyone who would like to attend this meeting who doesn't have a Google+ account they could use? Thanks Sara. From jerry at opendnssec.org Mon Sep 17 08:33:25 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 17 Sep 2012 10:33:25 +0200 Subject: [Opendnssec-develop] Access to test environment Message-ID: <547CCE56-FB60-46EE-A2E5-C8761622A16A@opendnssec.org> Hi all, So I've been thinking about how to solve the access to the test environment. I've looked at Crowd (that we use for JIRA, Confluence, FishEye etc) but it can't really be accessed in a simple way, like LDAP or PAM. So, to make it easy we will use a authorized_keys file that we will keep in SVN and it will be updated on each machine via cron. All you have to do is to add the public part of an ssh key you make for this (please make a unique for this, don't use already existing keys) and wait a few minutes and you have access to all the machines. Now the access everyone will get is readonly@ and it will be able to read all the logs from the tests and system messages. You won't be getting access to the jenkins user because I don't want the risk off people leaving changes or turning off tests locally. But fear not, it will be possible to test tests locally with the readonly user later on. I will be setting this up today and removing other accounts that has been made before for testing purposes. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sara at sinodun.com Mon Sep 17 09:44:06 2012 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 17 Sep 2012 10:44:06 +0100 Subject: [Opendnssec-develop] RE: Team meeting Tuesday 18th Sept @ 14.00 CEST Message-ID: <12C9457D-9291-4A39-98B4-56CE702122D9@sinodun.com> Hi All, We have a scheduled team meeting: Date: Tuesday 18 September 2012 Time: 14:00-15:00 CEST, 13:00-14:00 BST NOTE: There is a reduced agenda for this meeting ahead of the developers workshop. The agenda and outstanding actions can be found here: http://wiki.opendnssec.org/display/OpenDNSSEC/2012-09-18+Agenda The plan is to use a Google+ Hangout for this meeting - I will post the URL on webpage 15 minutes before the meeting starts. Or if you 'friend' me in advance (sara at opendnssec.org) I can invite you directly! Sara. From sara at sinodun.com Mon Sep 17 09:57:01 2012 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 17 Sep 2012 10:57:01 +0100 Subject: [Opendnssec-develop] RE: Developer workshop Message-ID: <60D49655-7E8B-447E-91C3-7B6D0BBACD36@sinodun.com> Hi All, A slightly updated agenda is available for review/comments here: http://wiki.opendnssec.org/display/OpenDNSSEC/Developer+workshop+Sept+2012 Sara. From jerry at opendnssec.org Tue Sep 18 07:50:04 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 18 Sep 2012 09:50:04 +0200 Subject: [Opendnssec-develop] JIRA Support project removal Message-ID: <2158952683887720105@unknownmsgid> Hi All, Original the support project and process was put in place because the OpenDNSSEC company was/is going to sell support but later on we noticed that the Atlassian open source license does not allow us to use JIRA for that. Therefor I wish to remove the support project from JIRA to simplify the processes. Any objections? /Jerry From Roland.vanRijswijk at surfnet.nl Tue Sep 18 07:55:08 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij) Date: Tue, 18 Sep 2012 09:55:08 +0200 Subject: [Opendnssec-develop] JIRA Support project removal In-Reply-To: <2158952683887720105@unknownmsgid> References: <2158952683887720105@unknownmsgid> Message-ID: <2BBBEC3C-BDF2-42BD-A71E-DE0AB1B85784@surfnet.nl> Hi Jerry, On 18 sep. 2012, at 09:50, Jerry Lundstr?m wrote: > Original the support project and process was put in place because the > OpenDNSSEC company was/is going to sell support but later on we > noticed that the Atlassian open source license does not allow us to > use JIRA for that. > > Therefor I wish to remove the support project from JIRA to simplify > the processes. > > Any objections? Yes, because that's not necessary, we have an OK from Atlassian to use the existing licence (as Patrik is aware, I hope) Cheers, Roland -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surfnet.nl/en/ -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Tue Sep 18 08:08:02 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 18 Sep 2012 10:08:02 +0200 Subject: [Opendnssec-develop] JIRA Support project removal In-Reply-To: <2BBBEC3C-BDF2-42BD-A71E-DE0AB1B85784@surfnet.nl> References: <2158952683887720105@unknownmsgid> <2BBBEC3C-BDF2-42BD-A71E-DE0AB1B85784@surfnet.nl> Message-ID: On Sep 18, 2012, at 09:55 , Roland van Rijswijk - Deij wrote: > Yes, because that's not necessary, we have an OK from Atlassian to use the existing licence (as Patrik is aware, I hope) Ha well look at that! I was going by the info that we wasn't allowed to, must be remembering wrong. I go back to sleep now :) -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Tue Sep 18 08:31:43 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 18 Sep 2012 10:31:43 +0200 Subject: [Opendnssec-develop] Jenkins/VMs Message-ID: <696EB421-F1D1-49B5-99D0-C775A7339C96@opendnssec.org> Hi, Updating VMs today so all Jenkins jobs are disabled until its done. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sara at sinodun.com Tue Sep 18 09:31:12 2012 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 18 Sep 2012 10:31:12 +0100 Subject: [Opendnssec-develop] JIRA Support project removal In-Reply-To: References: <2158952683887720105@unknownmsgid> <2BBBEC3C-BDF2-42BD-A71E-DE0AB1B85784@surfnet.nl> Message-ID: <71451116-07F5-4BC0-A826-D62AE1A61501@sinodun.com> Hi, I think this may be something we need to discuss at the developer workshop. Sounds like it would be confusing for users to have one project for support issues for both the open source project and the company. It seems to me it would be cleaner to have separate projects. And right now the SUPPORT project is the only one that users can enter issues into right? There is an item in the Project Process meeting agenda on how we use JIRA so maybe we can talk about it then? Sara. On 18 Sep 2012, at 09:08, Jerry Lundstr?m wrote: > On Sep 18, 2012, at 09:55 , Roland van Rijswijk - Deij wrote: >> Yes, because that's not necessary, we have an OK from Atlassian to use the existing licence (as Patrik is aware, I hope) > > > Ha well look at that! > > I was going by the info that we wasn't allowed to, must be remembering wrong. > > I go back to sleep now :) > > -- > Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From matthijs at nlnetlabs.nl Tue Sep 18 10:49:04 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 18 Sep 2012 12:49:04 +0200 Subject: [Opendnssec-develop] JIRA Support project removal In-Reply-To: <71451116-07F5-4BC0-A826-D62AE1A61501@sinodun.com> References: <2158952683887720105@unknownmsgid> <2BBBEC3C-BDF2-42BD-A71E-DE0AB1B85784@surfnet.nl> <71451116-07F5-4BC0-A826-D62AE1A61501@sinodun.com> Message-ID: <505851A0.1060900@nlnetlabs.nl> On 09/18/2012 11:31 AM, Sara Dickinson wrote: > Hi, > > I think this may be something we need to discuss at the developer workshop. Sounds like it would be confusing for users to have one project for support issues for both the open source project and the company. It seems to me it would be cleaner to have separate projects. And right now the SUPPORT project is the only one that users can enter issues into right? If the difference between the SUPPORT and OpenDNSSEC projects is that one is for the company and one is for the open source project, maybe we should open access to the OpenDNSSEC project for users. > > There is an item in the Project Process meeting agenda on how we use JIRA so maybe we can talk about it then? > > Sara. > > On 18 Sep 2012, at 09:08, Jerry Lundstr?m wrote: > >> On Sep 18, 2012, at 09:55 , Roland van Rijswijk - Deij wrote: >>> Yes, because that's not necessary, we have an OK from Atlassian to use the existing licence (as Patrik is aware, I hope) >> >> >> Ha well look at that! >> >> I was going by the info that we wasn't allowed to, must be remembering wrong. >> >> I go back to sleep now :) >> >> -- >> Jerry Lundstr?m - OpenDNSSEC Developer >> http://www.opendnssec.org/ >> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature URL: From sara at sinodun.com Tue Sep 18 14:52:56 2012 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 18 Sep 2012 15:52:56 +0100 Subject: [Opendnssec-develop] RE: Team meeting Tuesday 18th Sept @ 14.00 CEST - Minutes References: <12C9457D-9291-4A39-98B4-56CE702122D9@sinodun.com> Message-ID: <83C1752C-4031-4324-8F18-B47BBC563E63@sinodun.com> All, Minutes from the meeting today are available for review: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-09-18+Minutes Sara. Begin forwarded message: > From: Sara Dickinson > Date: 17 September 2012 10:44:06 GMT+01:00 > To: "opendnssec-develop at lists.opendnssec.org Dev" > Subject: [Opendnssec-develop] RE: Team meeting Tuesday 18th Sept @ 14.00 CEST > > Hi All, > > We have a scheduled team meeting: > > Date: Tuesday 18 September 2012 > Time: 14:00-15:00 CEST, 13:00-14:00 BST > > NOTE: There is a reduced agenda for this meeting ahead of the developers workshop. > The agenda and outstanding actions can be found here: > > http://wiki.opendnssec.org/display/OpenDNSSEC/2012-09-18+Agenda > > The plan is to use a Google+ Hangout for this meeting - I will post the URL on webpage 15 minutes before the meeting starts. Or if you 'friend' me in advance (sara at opendnssec.org) I can invite you directly! > > Sara. > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From jerry at opendnssec.org Tue Sep 18 15:00:32 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 18 Sep 2012 17:00:32 +0200 Subject: [Opendnssec-develop] Re: Jenkins/VMs In-Reply-To: <696EB421-F1D1-49B5-99D0-C775A7339C96@opendnssec.org> References: <696EB421-F1D1-49B5-99D0-C775A7339C96@opendnssec.org> Message-ID: On Sep 18, 2012, at 10:31 , Jerry Lundstr?m wrote: > Updating VMs today so all Jenkins jobs are disabled until its done. All but NetBSD and OpenBSD is updated, will continue tomorrow. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Tue Sep 18 15:05:35 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 18 Sep 2012 17:05:35 +0200 Subject: [Opendnssec-develop] Re: Access to test environment In-Reply-To: <547CCE56-FB60-46EE-A2E5-C8761622A16A@opendnssec.org> References: <547CCE56-FB60-46EE-A2E5-C8761622A16A@opendnssec.org> Message-ID: <9F770731-0FEC-4CA6-83A7-C3584BE701E5@opendnssec.org> Add you public ssh key to trunk/testing/test-environment-access/authorized_keys, check in and wait about 5 minutes and you can ssh to any test environment as the user readonly. Don't know if all hosts work by DNS so, IP's start with 145.97.20 and then take the number in the name (ods part) and add one, like this: ssh readonly at 145.97.20.4 # goes to ubuntu12-amd64-ods03 >ods03< ods >03< + 1 = 4 This will all work by DNS and be documented later on? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Wed Sep 19 11:14:53 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 19 Sep 2012 13:14:53 +0200 Subject: [Opendnssec-develop] Re: [Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r6688 - trunk/OpenDNSSEC/libhsm/src/lib In-Reply-To: <20120919104604.D321B57D62@keihatsu.kirei.se> References: <20120919104604.D321B57D62@keihatsu.kirei.se> Message-ID: On Sep 19, 2012, at 12:46 , rickard at opendnssec.org wrote: > > + /* From man page for semctl */ > + union semun { > + int val; /* Value for SETVAL */ > + struct semid_ds *buf; /* Buffer for IPC_STAT, IPC_SET */ > + unsigned short *array; /* Array for GETALL, SETALL */ > + struct seminfo *__buf; /* Buffer for IPC_INFO > + (Linux-specific) */ > + }; > + union semun arg; I don't thinks this is good practice to define this type by ourselves. semun exists on some platforms and some even have semun_t, we should check for it in configure and if its not defined we can define it ourselves without the Linux specific items. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From rickard at opendnssec.org Wed Sep 19 12:13:33 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 19 Sep 2012 14:13:33 +0200 Subject: [Opendnssec-develop] Re: [Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r6688 - trunk/OpenDNSSEC/libhsm/src/lib In-Reply-To: References: <20120919104604.D321B57D62@keihatsu.kirei.se> Message-ID: > I don't thinks this is good practice to define this type by ourselves. > > semun exists on some platforms and some even have semun_t, we should check for it in configure and if its not defined we can define it ourselves without the Linux specific items. Fixed in r6693 // Rickard From jerry at opendnssec.org Wed Sep 19 13:05:23 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 19 Sep 2012 15:05:23 +0200 Subject: [Opendnssec-develop] Re: Jenkins/VMs In-Reply-To: References: <696EB421-F1D1-49B5-99D0-C775A7339C96@opendnssec.org> Message-ID: <5001599446979388081@unknownmsgid> Most things are done, just a few small tweaks left but I had to rush to the vetrinarian. Gonna fix it and start Jenkins later tonight. /Jerry On 18 sep 2012, at 17:00, "Jerry Lundstr?m" wrote: > On Sep 18, 2012, at 10:31 , Jerry Lundstr?m wrote: >> Updating VMs today so all Jenkins jobs are disabled until its done. > > > All but NetBSD and OpenBSD is updated, will continue tomorrow. > > -- > Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > > From jerry at opendnssec.org Wed Sep 19 15:46:25 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 19 Sep 2012 17:46:25 +0200 Subject: [Opendnssec-develop] Re: Jenkins/VMs In-Reply-To: <5001599446979388081@unknownmsgid> References: <696EB421-F1D1-49B5-99D0-C775A7339C96@opendnssec.org> <5001599446979388081@unknownmsgid> Message-ID: And all platforms updated and Jenkins back online. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jerry at opendnssec.org Thu Sep 20 12:48:39 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 20 Sep 2012 14:48:39 +0200 Subject: [Opendnssec-develop] Dinner plans tonight before developer meeting Message-ID: <1166289087154785929@unknownmsgid> Hi, Anyone else going to Amsterdam today and might want to get together for dinner? I will arrive at the Savoy hotel next to the RIPE65 hotel around 20:00-20:30. /Jerry From jakob at kirei.se Wed Sep 26 15:37:35 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 26 Sep 2012 17:37:35 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database Message-ID: To resolve the issue whether the file or database is authoritative, I propose that we (starting with 2.0) introduce a separate zone list generated by the enforcer and consumed by the signer engine. This would spit the user-to-opendnssec and enforcer-to-signer interface in to two different interfaces and make it clearer what needs to be replicated (for HA), editable by the user and generated by the system itself. The administrator could still import/export the existing zonelist or modify the enforcer database using the command line tools. At some point later, we can replace the enforcer->signer interface with something more elaborate (socket, shared memory, ...) and remove the temporary files. See attached graphics for a view of this. Configuration of this new file would be /var/opendnssec/signconf/zonelist.xml (or perhaps a different basename to less the user confusion of having multiple files called zone list.xml). What say you? jakob (soon of the the airport) -------------- next part -------------- A non-text attachment was scrubbed... Name: PastedGraphic-1.pdf Type: application/pdf Size: 81136 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3650 bytes Desc: not available URL: From Roland.vanRijswijk at surfnet.nl Wed Sep 26 17:21:40 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij) Date: Wed, 26 Sep 2012 19:21:40 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: References: Message-ID: Hi Jakob, On 26 sep. 2012, at 17:37, Jakob Schlyter wrote: > To resolve the issue whether the file or database is authoritative, I propose that we (starting with 2.0) introduce a separate zone list generated by the enforcer and consumed by the signer engine. This would spit the user-to-opendnssec and enforcer-to-signer interface in to two different interfaces and make it clearer what needs to be replicated (for HA), editable by the user and generated by the system itself. > > The administrator could still import/export the existing zonelist or modify the enforcer database using the command line tools. At some point later, we can replace the enforcer->signer interface with something more elaborate (socket, shared memory, ...) and remove the temporary files. See attached graphics for a view of this. > > Configuration of this new file would be /var/opendnssec/signconf/zonelist.xml (or perhaps a different basename to less the user confusion of having multiple files called zone list.xml). > > What say you? Excellent idea says I ;-) +1 Cheers, Roland -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surfnet.nl/en/ -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jakob at kirei.se Wed Sep 26 17:25:53 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 26 Sep 2012 19:25:53 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: References:

Message-ID: This would also make it easier to put the enforcer on one machine, and the signer one (or more) other ones. You could even load balance by splitting the zones between different machines. Or let all of the machines sign everything for redundancy. jakob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3650 bytes Desc: not available URL: From jerry at opendnssec.org Thu Sep 27 06:23:12 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 27 Sep 2012 08:23:12 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: References: Message-ID: <620D9AF6-4E0A-4BF0-AA30-CE413C87FEE7@opendnssec.org> On Sep 26, 2012, at 17:37 , Jakob Schlyter wrote: > Configuration of this new file would be /var/opendnssec/signconf/zonelist.xml (or perhaps a different basename to less the user confusion of having multiple files called zone list.xml). New name: /var/opendnssec/signconf/signzones.xml -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jakob at kirei.se Thu Sep 27 06:51:44 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 27 Sep 2012 08:51:44 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: <620D9AF6-4E0A-4BF0-AA30-CE413C87FEE7@opendnssec.org> References: <620D9AF6-4E0A-4BF0-AA30-CE413C87FEE7@opendnssec.org> Message-ID: <4B34C3CC-0532-4F8F-9A36-3C2C6F6EBF04@kirei.se> On 27 sep 2012, at 08:23, Jerry Lundstr?m wrote: > On Sep 26, 2012, at 17:37 , Jakob Schlyter wrote: >> Configuration of this new file would be /var/opendnssec/signconf/zonelist.xml (or perhaps a different basename to less the user confusion of having multiple files called zone list.xml). > > > New name: > > /var/opendnssec/signconf/signzones.xml +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3650 bytes Desc: not available URL: From sara at sinodun.com Thu Sep 27 10:19:59 2012 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 27 Sep 2012 12:19:59 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: <4B34C3CC-0532-4F8F-9A36-3C2C6F6EBF04@kirei.se> References: <620D9AF6-4E0A-4BF0-AA30-CE413C87FEE7@opendnssec.org> <4B34C3CC-0532-4F8F-9A36-3C2C6F6EBF04@kirei.se> Message-ID: With a little more thought I realised that this doesn't completely de-couple the file dependancies (i.e. aiming for a situation where the signer then only needs the /var/opendnssec dir) since the signer also requires the addns.xml file from the /etc/opendnssec directory.... Sara. On 27 Sep 2012, at 08:51, Jakob Schlyter wrote: > On 27 sep 2012, at 08:23, Jerry Lundstr?m wrote: > >> On Sep 26, 2012, at 17:37 , Jakob Schlyter wrote: >>> Configuration of this new file would be /var/opendnssec/signconf/zonelist.xml (or perhaps a different basename to less the user confusion of having multiple files called zone list.xml). >> >> >> New name: >> >> /var/opendnssec/signconf/signzones.xml > > +1 > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From jerry at opendnssec.org Thu Sep 27 10:36:06 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 27 Sep 2012 12:36:06 +0200 Subject: [Opendnssec-develop] dns refresh test fails after OSes upgrade Message-ID: <5322FF4B-2371-481B-B5C3-2A1075F5CAA4@opendnssec.org> Hi, After I upgraded all the OSes the dns refresh tests fails on almost all platforms. Log says: ods-signerd: [xfrd] zone ods received error code NOTIMPL from 127.0.0.1 Any ideas? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From matthijs at nlnetlabs.nl Thu Sep 27 11:42:06 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 27 Sep 2012 13:42:06 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: References: Message-ID: <50643B8E.9090208@nlnetlabs.nl> On 09/26/2012 05:37 PM, Jakob Schlyter wrote: > To resolve the issue whether the file or database is authoritative, I propose that we (starting with 2.0) introduce a separate zone list generated by the enforcer and consumed by the signer engine. This would spit the user-to-opendnssec and enforcer-to-signer interface in to two different interfaces and make it clearer what needs to be replicated (for HA), editable by the user and generated by the system itself. > > The administrator could still import/export the existing zonelist or modify the enforcer database using the command line tools. At some point later, we can replace the enforcer->signer interface with something more elaborate (socket, shared memory, ...) and remove the temporary files. See attached graphics for a view of this. > > Configuration of this new file would be /var/opendnssec/signconf/zonelist.xml (or perhaps a different basename to less the user confusion of having multiple files called zone list.xml). > > What say you? > > jakob (soon of the the airport) I made that suggestion last friday to have a zonelist.xml generated by the enforcer into the signconf dir during the developers meeting, so yeah: +1. We can reuse the zonelist.xml syntax, or we can think of a better, more scalable way to read the zones. Best regards, Matthijs > > > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature URL: From jerry at opendnssec.org Thu Sep 27 11:57:01 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 27 Sep 2012 13:57:01 +0200 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: References: <620D9AF6-4E0A-4BF0-AA30-CE413C87FEE7@opendnssec.org> <4B34C3CC-0532-4F8F-9A36-3C2C6F6EBF04@kirei.se> Message-ID: <1B62FCD2-B284-4B3A-B4D9-07E9610E581D@opendnssec.org> On Sep 27, 2012, at 12:19 , Sara Dickinson wrote: > With a little more thought I realised that this doesn't completely de-couple the file dependancies (i.e. aiming for a situation where the signer then only needs the /var/opendnssec dir) since the signer also requires the addns.xml file from the /etc/opendnssec directory.... I don't think that is an issue since addns.xml is only read by the signer and its a user generated configure file so it should be in /etc. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From matthijs at nlnetlabs.nl Thu Sep 27 12:06:55 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 27 Sep 2012 14:06:55 +0200 Subject: [Opendnssec-develop] dns refresh test fails after OSes upgrade In-Reply-To: <5322FF4B-2371-481B-B5C3-2A1075F5CAA4@opendnssec.org> References: <5322FF4B-2371-481B-B5C3-2A1075F5CAA4@opendnssec.org> Message-ID: <5064415F.5020804@nlnetlabs.nl> On 09/27/2012 12:36 PM, Jerry Lundstr?m wrote: > Hi, > > After I upgraded all the OSes the dns refresh tests fails on almost all platforms. > > Log says: ods-signerd: [xfrd] zone ods received error code NOTIMPL from 127.0.0.1 That's expected. > > Any ideas? Stupid commit from me r6710. Fixed in r6713. Seems that jenkins is getting happy again too. > > -- > Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature URL: From sara at sinodun.com Sat Sep 29 13:25:50 2012 From: sara at sinodun.com (Sara Dickinson) Date: Sat, 29 Sep 2012 14:25:50 +0100 Subject: [Opendnssec-develop] Authoritiative: file vs database In-Reply-To: <1B62FCD2-B284-4B3A-B4D9-07E9610E581D@opendnssec.org> References: <620D9AF6-4E0A-4BF0-AA30-CE413C87FEE7@opendnssec.org> <4B34C3CC-0532-4F8F-9A36-3C2C6F6EBF04@kirei.se> <1B62FCD2-B284-4B3A-B4D9-07E9610E581D@opendnssec.org> Message-ID: <38DF2B40-2636-44CF-9F29-4F2BD58FDDD5@sinodun.com> On 27 Sep 2012, at 12:57, Jerry Lundstr?m wrote: > On Sep 27, 2012, at 12:19 , Sara Dickinson wrote: > >> With a little more thought I realised that this doesn't completely de-couple the file dependancies (i.e. aiming for a situation where the signer then only needs the /var/opendnssec dir) since the signer also requires the addns.xml file from the /etc/opendnssec directory.... > > > I don't think that is an issue since addns.xml is only read by the signer and its a user generated configure file so it should be in /etc. Sorry - should have been clearer. This solution does solve the current issue with conflicts between the signer and enforcer use of a single zone list file. However Jakob and I had a conversation about this from an architectural point of view in terms of the interface between the enforcer and signer, and possibly replacing the/var/opendnssec/*. xml files with something else in future. Also, we initially thought this solution could simplify the HA set of of a secondary signer since the user would only have to copy the /var/opendnssec dir across but this is not the case. Yuri - this is directly related to https://issues.opendnssec.org/browse/OPENDNSSEC-197 and different to what we agreed in the developer workshop so lets recap when you get round to implementing this issue. Sara. > > -- > Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sara at sinodun.com Sat Sep 29 14:23:33 2012 From: sara at sinodun.com (Sara Dickinson) Date: Sat, 29 Sep 2012 15:23:33 +0100 Subject: [Opendnssec-develop] RE: Team meeting Monday 1st October @ 14:00 CEST Message-ID: Hi All, As agreed in the developer workshop we have a scheduled team meeting on Monday: Date: Monday 1st October 2012 Time: 15:00-14:00 CEST, 14:00-15:00 BST The agenda and outstanding actions can be found here: http://wiki.opendnssec.org/display/OpenDNSSEC/2012-10-01+Meeting+agenda (This will be a Google+ Hangout again.) Regards Sara. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sara at sinodun.com Sat Sep 29 14:38:17 2012 From: sara at sinodun.com (Sara Dickinson) Date: Sat, 29 Sep 2012 15:38:17 +0100 Subject: [Opendnssec-develop] RE: High level plan for the next few months... Message-ID: <4AF19ED2-3A5C-4137-BB71-ECE77C837AAA@sinodun.com> Hi All, I thought I would just try to summarise the high level planning discussions that came from RIPE in an email: October: 1.4 - Continue with the testing effort and aim to ship a release candidate asap. 2.0 - Yuri to try to make progress on the larger remaining developments (e.g. logging, backups). Rick to hopefully start work on a backward compatibility review. November: Hopefully not much left to do for the 1.4 release. Yuri is away, but work can start on the regression tests on 1.4 and port them to 2.0 (Sara & Matthijs?). Also try to set up some initial performance benchmarking for 1.4 and 2.0. (Jerry?) December: Continue with development and (regression) testing of 2.0. But also focus strongly on knowledge sharing (e.g. download Yuri's brain, share out remaining developments, have some online workshops). January: Due to vacations the only possibility for face-to-face with the whole team would be the week before Xmas - which doesn't seem like a good idea ;-) So perhaps have a face-to-face in January (possibly in Oxford) focussed on 2.0. Hope I have captured things correctly - comments and thoughts welcomed. Sara. From sara at sinodun.com Sun Sep 30 09:26:42 2012 From: sara at sinodun.com (Sara (Sinodun)) Date: Sun, 30 Sep 2012 10:26:42 +0100 Subject: [Opendnssec-develop] RE: Team meeting Monday 1st October @ 14:00 CEST In-Reply-To: References: Message-ID: On 29 Sep 2012, at 15:23, Sara Dickinson wrote: > Hi All, > > As agreed in the developer workshop we have a scheduled team meeting on Monday: > > Date: Monday 1st October 2012 > Time: 15:00-14:00 CEST, 14:00-15:00 BST Erm, that should be: Time: 14:00-15:00 CEST, 13:00-14:00 BST :-) > > The agenda and outstanding actions can be found here: > > http://wiki.opendnssec.org/display/OpenDNSSEC/2012-10-01+Meeting+agenda > > (This will be a Google+ Hangout again.) > > Regards > > Sara. > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -------------- next part -------------- An HTML attachment was scrubbed... URL: