Converting a regular BIND ZONE to DNSSEC

Recently I wanted to sign a regular zone in BIND9.7. Google wasn’t very helpful so I thought I’d write up a little bit about it here.

My /etc/named.conf looks like this:

I want to keep my dnssec zones in a separate directory.

Now I sign the zone.

Finally I want to change the named.conf to the myzone.com.signed.

Make sure that all the files are owned by user “named” and reload bind

XeLaTeX fun

After reading this post I wanted to dabble with TeX again. I haven’t used it since university days so I thought it was time to polish off the rust. I am on a Debian box, so these are the steps I took to get XeLateX to work.

After about 20 minutes I had everything set up and was ready to follow the tutorial.
My sample.tex file looks like this:

Now to make sure everything works…

Success!
Next time I’ll create something a little more substantive.

aria2 download tool

I ran into an interesting downloading application, Aria2. I was reminded of a GetRight utility I ran into years ago. The thing I really liked about GetRight at the time was the ability to download linux ISOs from multiple mirrors and merge the results into one coherent file. It really sped up downloading new Slackware releases :-) This to me is the most compelling feature of Aria2 and it works thus:

The main page has plenty of examples with many different transfer protocols. Too bad the parallel download features seem to have disappeared with the invention of bit torrent.

IpTables

Task

Write a iptables script that blocks everything except ping (icmp) and ssh (port 22), http (80) and https (443).

Solution

-m says load a module state which allows access to the connection tracking state of the packets
–state precedes a comma separated list of the connection states to match. In this case it’s NEW.
NEW the packet has started a new connection or a connection that has not seen packets going in both directions
-m tcp load the tcp module (just like we loaded the state module) this module allows us extra functionality with tcp
-p tcp specifies protocol, in my case TCP
–dport 22 feature provided by the -m tcp module, in this case I want the rule to be applicable to port 22 (ssh).
-j ACCEPT means the results of this chain is to accept the packets. (-j specifies the target of the rule if the packet matches the rule. If I said -j DROP we would block all traffic to port 22).