DNSSEC Validation in Bind

I haven't done anything with DNSSEC for a while, not since I messed around with signing my domain in 2008. That was a success, by the way, but I changed around my nameservers and it's not signed any more.

Today's project was to see if I could enable DNSSEC validation on my server. The goal being to ignore any zones which are supposed to be signed, but don't contain correct data.

NAD 27 vs NAD 83/WGS 84

Satellite. Image credit: Wikimedia.Somewhere a while back I read that the difference between NAD 27 and NAD 83 was on the order of a few feet at most and thus I had ignored it. Turns out I was very misinformed. NOAA has a site where you can calculate the difference between NAD 27 and NAD 83 which I tried today and my coordinate varied by more than 50 meters. That's pretty significant. So, lesson learned.


Catalyst and Rsync

Catalyst and Rsync don't seem to get along well. That is to say, the built-in development server doesn't notice when rsync changes source files. The upshot is Catalyst won't automatically reload the application on change, and that's just plain annoying.

The solution is to use the --inplace option to rsync. This alters how rsync propagates changes and plays nice with Catalyst.


Git Assume Unchanged

Git is far and away the best revision control system I've ever used. As evidence, I submit this little gem of a command:

repo$ git update-index --assume-unchanged file1 file2 ...

This is a useful command to use when you want to change a file locally and prevent it from being committed back to the repository. Once you're done and want to re-enable commits of those files, simply re-run the command and use --no-assume-unchanged.


eCryptfs Failure After Ubuntu Upgrade

I had my laptop halfway upgraded from Ubuntu 11.10 and 12.04 for a while. There was some reason for that which escapes me now, so I decided to complete the upgrade. So far only one issue has cropped up with an ecryptfs volume that I had created. It failed to mount with an error

Error attempting to evaluate mount options: [-22] Invalid argument

Based on a Redhat bug report I found, it looks like I need to SUID root /sbin/mount.ecryptfs.


IPv6 Anycast

IPv6 has a neat feature called Duplicate Address Detection (DAD). When you add an IPv6 address to an interface, it checks to be sure that nobody else is already using that address. That's a Good Thing®. But if you're using IPv6 addresses for anycast and two (or more) devices are on the same subnet it can cause problems. The solution is to not put your anycasted addresses on the shared interface (e.g. eth0); rather, put them on the loopback interface.



Subscribe to zmonkey.org RSS Subscribe to zmonkey.org - All comments