fred-users Leden 2023

fred-users@lists.nic.cz

6 participants
6 discussions

Setting up a CA and signing certificates with it

by Mario Guerra

I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA): a) create a CA authority (ca.key and ca.crt) b) make a certificate request (server.csr) c) sign the certificate request (server.crt and server.key) with the new CA authority d) change the server key so it does not ask for a passphrase. Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this: ssl_cert = %(dir)s/server.crt ssl_key = %(dir)s/server.key Now, if I try to run fred-client this is the result: ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700) Certificate not signed by verified certificate authority What should I do for fred-client to identify these certificates as valid?. Thanks in advance. Note: the new fred-client is perfectly compatible with FRED 2.2. -- Mario Guerra <mguerra(a)nic.cr>

10 měsíců, 1 týden

Problems with fred-admin command

by Denzell Yonah

Hi, I managed to install the FRED Registry management system on Ubuntu 20.04. However, I am having trouble running the fred-admin command. For instance when I read the below command: root@fred-ubuntu:/etc/fred# fred-admin --registrar_add --handle=sys_reg --reg_name="System registrar" --country=MW --no_vat --system I get this error: Error: the option '--messenger.archive_rendered' is required but missing and when I try to use the option '--messenger.archive_rendered', like here below: root@fred-ubuntu:/etc/fred# fred-admin --registrar_add --handle=sys_reg --reg_name="System registrar" --country=MW --no_vat --system --messenger.archive_rendered I get this error: Error: found unknown configuration with option_group_index 22 : --messenger.archive_rendered Any suggestion as to how I could proceed? Your assistance is greatly appreciated. -- Regards, Denzell Yonah Internet Technician Malawi SDNP Tel: 882 089 166 <tel:882 089 166> | Cell: 888 844 657 <tel:888 824 787> domains(a)registrar.mw <mailto:domains@registrar.mw> http://www.nic.mw | http://www.registrar.mw <http://www.nic.mw | http://www.registrar.mw> P.O. Box 31762, Malawi SDNP, Chichiri, Blantyre

1 rok, 2 měsíce

CORBA failure

by patrick

Dear Team, I have performed restoration test and I have got below error; Traceback (most recent call last): File "/usr/bin/genzone_client", line 11, in <module> load_entry_point('fred-pyfred==2.15.1', 'console_scripts', 'genzone_client')() File "/usr/lib/python2.7/dist-packages/pyfred/commands/genzone_client.py", line 215, in run_genzone_client ns=nameservice, context=corba_context).getZoneNameList() File "/usr/lib/python2.7/dist-packages/pyfred/zone.py", line 191, in getObject raise ZoneException("CORBA failure, original exception is: %s" % e) pyfred.zone.ZoneException: CORBA failure, original exception is: CosNaming.NamingContext.NotFound(why=missing_node, rest_of_name=[CosNaming.NameComponent(id='ZoneGenerator', kind='Object')]) I request your guidance on sorting this issue. Thank you, Patrick

1 rok, 3 měsíce

Problems with installation of FRED, including unmet dependencies

by ZISPA DNS Admin

Hi We manage the .co.zw 2LD registry for Zimbabwe and are interested in migrating to use the FRED registry management system. We first installed Ubuntu 16.04 LTS (Xenial Xerus) from scratch, with basic utilities + sshd server package only, and then followed the instructions for installation of FRED binaries at: https://fred.nic.cz/documentation/html/AdminManual/Installation/BinsUbuntu.… The first problem we found was with this command: # sudo apt-key adv --keyserver hkp://keys.gnupg.net:80 --recv-keys 0x1C0200016A9AC5C6 The above keyserver has closed down so the site could not be found. We then used keyserver.ubuntu.com instead, ie: # sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x1C0200016A9AC5C6 That was successful, with response: gpg: key 6A9AC5C6: public key "CZ.NIC Release Automatic Signing Key <archive-sign-key(a)nic.cz>" imported We then continued with the instructions until the following command: # sudo apt-get update The response was: GPG error: http://archive.nic.cz/ubuntu xenial Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E6DD3CAC7844804C W: The repository 'http://archive.nic.cz/ubuntu xenial Release' is not signed. We therefore requested the missing key (not in original notes): # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E6DD3CAC7844804C That was successful, with response: gpg: requesting key 7844804C from hkp server keyserver.ubuntu.com gpg: key C11F5931: public key "CZ.NIC Release Automatic Signing Key <archive-sign-key(a)nic.cz>" imported We continued with the instructions until we came to installing the FRED package itself: # sudo apt-get --assume-yes install fred The response was: The following packages have unmet dependencies: fred : Depends: fred-pyfred but it is not going to be installed Depends: fred-rsifd but it is not going to be installed Depends: nagios-pyfred-genzone-plugin but it is not going to be installed Depends: pyfred-filemanager but it is not going to be installed Depends: pyfred-genzone but it is not going to be installed Depends: python-pyfred but it is not going to be installed E: Unable to correct problems, you have held broken packages. We then tried with aptitude instead, ie: # sudo aptitude install fred The failed response was: The following packages have unmet dependencies: python-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be installed. bind9-host : Depends: libbind9-140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: libdns162 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: libisc160 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: libisccfg140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: liblwres141 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. dnsutils : Depends: libbind9-140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: libdns162 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: libisc160 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: libisccfg140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. Depends: liblwres141 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but 1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed. fred-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be installed. However aptitude could not fix the problem. We removed the bind9-host and dnsutils packages, then ran "sudo apt-get update" and "sudo apt-get upgrade", then reinstalled them and tried the aptitude install again. This time it just reported: The following packages have unmet dependencies: python-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be installed. fred-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be installed. The following actions will resolve these dependencies: Keep the following packages at their current version: 1) fred [Not Installed] 2) fred-pyfred [Not Installed] 3) fred-rsifd [Not Installed] 4) nagios-pyfred-genzone-plugin [Not Installed] 5) pyfred-filemanager [Not Installed] 6) pyfred-genzone [Not Installed] 7) python-pyfred [Not Installed] Leave the following dependencies unresolved: 8) pyfred-filemanager recommends fred-pyfred 9) pyfred-genzone recommends fred-pyfred Accept this solution? [Y/n/q/?] No packages will be installed, upgraded, or removed. 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B of archives. After unpacking 0 B will be used. Do you have any suggestions as to how to proceed from here? Regards Jim Holland System Administrator Mango, operating on behalf of ZISPA Managers of Zimbabwe's .co.zw domain name registry Web: www.zispa.org.zw

1 rok, 3 měsíce

Re: Request for information on use of FRED for registry management

by Dr Paulos Nyirenda

On 23 Jan 2023 at 21:35, ZISPA DNS Admin wrote: > Hi Paulos > > I don't know if you will remember me from the early days of the > Internet. I took over from Rob Borland in managing the Mango email > service here in Zimbabwe. Then in 2004 I became the system > administrator of ZISPA which is responsible for the .co.zw domain name > registry. I have managed it ever since. Thanks for the introduction. I do remember Rob very well in the fidonet days and I have heard of you but I cannot put a face to your name, all the same good to hear from you. It is good to hear the apparently good story of your running .co.zw that you tell here below. We at Malawi .mw used to do what you are doing manually with the registry over six years ago before we fully automated to FRED, It was a growing mamoth task to do like this manually. You just have to automate better. Here below are my suggestions. I have seen your posts on FRED installation on Ubunthu. At .mw we did not choose Ubuntu, we started with fedora and now use CentOs as our FRED platform, we find it much more stable and we have gained considerable experience on this. I expect that if you move to CentOs 8 then you will find installing FRED much smoother and I can help better. I got considerable assistance from Jaromir of .cz as copied above, its possible that you can do the same if you send him mail personally rather that through the mailing list. In many cases in the past, I have received assistance from the fred-users mailing list BUT I am not sure why you have not received any assistnce either from .cz ccTLD or from FRED developers on the mailing list. I would also recommend you to attend an ICANN meeting where you can interact more interactively with other FRED users and FRED developers so as to get on the spot answers to your issues. ICANN76 is the next one in March 2023. You can then check to see who at .cz or on fred-users list will be there and arrange a meeting. I am also copying this to Jan Horak who runs one of our registrars on .mw, you may also find it useful to get in touch with him regarding FRED and registrars. We find FRED to be very good at .mw but it is a large well organised platform and where you are now is very much at the beginning, there will be many more issues for you to deal with as you make it operational. Using the mailing list alone may not work in full. If you can get past the installation phase such as on Centos8 then the documentation now available on FRED might get you through the rest. Let me know if this helps. Regards, Paulos ===================================== Dr Paulos B Nyirenda NIC.MW & .mw ccTLD: http://www.nic.mw SDNP: http://www.sdnp.org.mw Tel: +265-(0)-882 089 166 Cell: +265-(0)-888-824787 WhatsApp: +265-(0)-887386433 > The .co.zw registry has over 40 000 domains. On average there are > around 100 domain updates per day, seven days a week. At the moment > registrars submit applications for new domains by template. However > modifications, transfers and deletions can also be processed in bulk > by submitting files with the lists of domains concerned. > > Templates and bulk applications are handled by scripts that I have > written. They update the .co.zw zone file and send notifies to the > secondaries. With these scripts I can process and reply to an > application within 20 seconds if it is straightforward. So at the > moment the system (which I operate on my own) is quite capable of > handling well over a hundred updates on a busy day. However obviously > this is not going to be viable in the long term and so I am very keen > to migrate the system to an automated one such as FRED, with the > registrars connecting by EPP instead of sending templates to me by > email. > > Unfortunately I have failed in my attempts to install FRED for test > purposes, due to incompatible dependency issues, in spite of following > the very detailed instructions at > https://fred.nic.cz/documentation/html/AdminManual/Installation/BinsUb > untu.html > > I have registered for the "fred-users" mailing list and submitted the > details of the problem I have experienced with the installation, but > have not had any response. I will send you a copy separately. > > I understand that you are using FRED for the .mw registry. I wonder if > you would therefore be able to give me some advice on the steps you > took to install the software yourself, or simply point out the error > in the steps that I have taken so far. Your help would be most > appreciated. > > I was interested to read that you obtained your PhD from UNSW, so > would like to greet you as a fellow UNSW graduate, although in my case > it was a mere bachelor degree - BE (Mech Eng) Hons 1. > > Currently > > Regards > > Jim Holland > System Administrator > Mango, operating on behalf of ZISPA > Managers of Zimbabwe's .co.zw domain name registry > Web: www.zispa.org.zw -- This email has been checked for viruses by AVG antivirus software. www.avg.com

1 rok, 3 měsíce

KEYSET UPDATE

by patrick

Hello Team, Is it possible for a registrars to remove keyset if registrant decides to unsign domain name, if it is supposed to be done on db how is it done? Thank you, Patrick

1 rok, 3 měsíce

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

fred-users Leden 2023