fred-users Srpen 2016

fred-users@lists.nic.cz

8 participants
9 discussions

Setting up a CA and signing certificates with it

by Mario Guerra

I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA): a) create a CA authority (ca.key and ca.crt) b) make a certificate request (server.csr) c) sign the certificate request (server.crt and server.key) with the new CA authority d) change the server key so it does not ask for a passphrase. Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this: ssl_cert = %(dir)s/server.crt ssl_key = %(dir)s/server.key Now, if I try to run fred-client this is the result: ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700) Certificate not signed by verified certificate authority What should I do for fred-client to identify these certificates as valid?. Thanks in advance. Note: the new fred-client is perfectly compatible with FRED 2.2. -- Mario Guerra <mguerra(a)nic.cr>

1 rok, 6 měsíců

EPP Testbed

by Thiago Farina

Hi, I'm using https://github.com/metaregistrar/php-epp-client as the EPP client. For being able to use it I need to feel some parameters in settings.ini: interface=eppConnection hostname=ssl://epp.demo.fred.nic.cz port=xxxxxx userid=xxxxxxxx password=xxxxxxxxx Which port, userid and password should I use to connect to Fred? Is it possible to use certificates from https://letsencrypt.org/? Thanks, -- Thiago Farina

8 let, 3 měsíce

*****SPAM***** HELP modifying TTL in genzone-client generated zones

by Dr Paulos Nyirenda

Spam detection software, running on the system "mail.nic.cz", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Help, We need to modify some SOA paramenters in zones that are generated by genzone-client like reduce the TTL since we are now generating the zone more frequently by cron job. fred-admin which we use to create zones does not seem to have a feature to midify a zone like this [...] Content analysis details: (5.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available. [41.77.11.211 listed in bb.barracudacentral.org] -0.2 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 1.5 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4839] 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods 1.0 HK_NAME_DR No description available. 0.8 KAM_ASCII_DIVIDERS Spam that uses ascii formatting tricks

8 let, 3 měsíce

database migration questions

by Piotr Przybył

Hello cz.nic Team I have a few questions related to database migration of FRED if you don't mind. ==== When trying to download the latest sources from https://fred.nic.cz/page/2904/download/#source I've realised, that they're not available. E.g. the latest migration scripts are available in fred-db*deb, but the tarball is not a corresponding one. Could you please try to release latest sources in tarballs? ==== I've noticed, that upgrade to 2.19.0 creates a table object_state_backup. However, beside DDL from 2.18.0-2.19.0.sql I don't see this table being used anywhere else. Can it be deleted? ==== Could you briefly describe what's the purpose of tables: contact_address contact_address_history As far I can tell after analysing the sources, these tables are populated by a functionality called from MojeID ( =your special NIC registrar to keep domain contacts defined at central level, not each registrar's level). ==== What are the following tables for? Or: How the checks of contacts are working? Is is something related to checking if a contact's address fields are valid? contact_check contact_check_history contact_check_message_map contact_check_object_state_request_map contact_check_poll_message_map contact_test_result contact_test_result_history contact_testsuite_map enum_contact_check_status enum_contact_check_status_localization enum_contact_test enum_contact_test_localization enum_contact_test_status enum_contact_test_status_localization enum_contact_testsuite enum_contact_testsuite_localization ==== There's a table notification_queue. I can't find any usage of it (maybe because not all tarballs are up to date). What is it for? Do you replicate this table using Slony? (Because it has neither primary nor unique key.) Best regards Piotr

8 let, 3 měsíce

fred-transproc DEB missing

by Piotr Przybył

Hello Jaromír When trying to install fred metapackage there's an error displayed that fred-transproc package is missing. AFAICT that's the only dependency change introduced by fred 0.0.5~xenial+1. Best regards Piotr

8 let, 3 měsíce

FRED EPP Client

by michael

Hi, I am developing a PHP fred client and am able to get a domain details as follows: <?xml version="1.0" encoding="UTF-8"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><response><result code="1000"><msg>Command completed successfully</msg></result><resData><domain:infData xmlns:domain="http://www.nic.cz/xml/epp/domain-1.4" xsi:schemaLocation="http://www.nic.cz/xml/epp/domain-1.4 domain-1.4.1.xsd"><domain:name>XXXX</domain:name><domain:roid>D0000073101-CZ</domain:roid><domain:status s="ok">Objekt is without restrictions</domain:status><domain:registrant>CHEKI-MW-REG</domain:registrant><domain:admin>CHEKI-MW-BILLING</domain:admin><domain:admin>CHEKI-MW-ADMIN</domain:admin><domain:nsset>CHEKI-MW-NS</domain:nsset><domain:clID>mw_system_reg</domain:clID><domain:crID>mw_system_reg</domain:crID><domain:crDate>2015-01-05T17:00:58+02:00</domain:crDate><domain:exDate>2015-12-05</domain:exDate></domain:infData></resData><trID><clTRID>15c8abbebf7a746a773714973ff4e9f3</clTRID><svTRID>ReqID-0001851046</svTRID></trID></response></epp> What's the xml command for extracting nameservers from the nsset? Thank you. Regards, Mike.

8 let, 3 měsíce

fixing FRED autostart @Ubuntu 16.04

by Piotr Przybył

Hello everyone I have some remarks about starting FRED components automatically after boot in Ubuntu 16.04 LTS xenial. If anyone has some input, please share. First, I suspect that upstart job definitions are obsolete and should removed. I mean the files: /etc/init/fred-adifd.conf /etc/init/fred-logd.conf /etc/init/fred-msgd.conf /etc/init/fred-pifd.conf /etc/init/fred-rifd.conf Next, right after installation the services of FRED were not enabled, hence: # cd /lib/systemd/system # systemctl enable fred* This is not enough, since fred-pyfred failed because it was started too early (before omniorb name server), therefore I modified unit definition of fred-pyfred in /lib/systemd/system/fred-pyfred.service so now it looks like this: [Unit] Description=fred-pyfred After=omniorb4-nameserver.service #ConditionPathExists=!/etc/ssh/sshd_not_to_be_run Requires=omniorb4-nameserver.service [Service] User=fred WorkingDirectory=/ StandardOutput=null StandardError=null ExecStart=/usr/sbin/fred-pyfred -d KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target and generates the following result: # systemd-analyze critical-chain fred-pyfred.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. fred-pyfred.service @6.814s └─omniorb4-nameserver.service @6.774s +23ms └─network-online.target @6.764s └─NetworkManager-wait-online.service @927ms +5.837s └─NetworkManager.service @665ms +185ms └─dbus.service @639ms └─basic.target @639ms └─sockets.target @639ms └─snapd.socket @637ms +1ms └─sysinit.target @634ms └─swap.target @634ms └─dev-disk-by\x2duuid-d8b40e4d\x2d4e62\x2d4436\x2db09b\x2d8cfc2a2d8a1d.swap @629ms +3ms └─dev-disk-by\x2duuid-d8b40e4d\x2d4e62\x2d4436\x2db09b\x2d8cfc2a2d8a1d.device @623ms (of course your delays will vary). To check if FRED services are running, one may use # systemctl status fred* Maybe this page could get an update? https://fred.nic.cz/page/2906/installation-ubuntu/ Best regards Piotr Przybył

8 let, 4 měsíce

Accessing Fred remotely besides localhost

by Stanford Mings

I did the default install, but I can't access it remotely. I can access http://localhost:18456 via lynx. Where do edit to allow remote access ? Stanford T. Mings Jr. ~Technologist ~ stanford(a)tech.vi ~ http://www.tech.vi ~ 340-344-8207 VI Technical Services, LLC ~ 9160 Estate Thomas ~ Suite 195 ~ St. Thomas, VI, 00802

8 let, 4 měsíce

fixing SQL migration scripts

by Piotr Przybył

Hello cz.nic Team When testing SQL upgrade script I got the following error: 2.21.5-2.21.6.sql Failed (check /tmp/aaa) psql:2.21.5-2.21.6.sql:1295: ERROR: null value in column "zone_id" violates not-null constraint I took a look and it seems that the script is prepared for your registry only (unless there's someone else also running .cz ;-)) Could you please tell me if the following patch is correct? It seems to do the job IMHO. Best regards Piotr

8 let, 4 měsíce

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

fred-users Srpen 2016