Category Archives: How-to

DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND

DNSSECDNSSEC — the security extensions to the trusty Domain Name System (DNS) upon which almost all Internet transactions rely — is often considered hard to set up. My own setup has been very dated, using complicated scripts which needed to run after every change to the zone file. There was time to change this. Modern versions of the BIND make this rather easy, as I found out. Continue reading DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND

pselect() Pitfalls

pselectWhen dealing with multiple network connections or timeouts, the select() Unix system call is still the workhorse for many applications. Its well-known and frequently used interface beats the learning curve on the more scalable poll(), epoll(), or /dev/poll interfaces, especially if only a few file descriptors have to be monitored. select()‘s younger sibling, pselect(), adds improved signal handling while retaining interface simplicity. However, when not being extra careful, applications changing to pselect() can ignore network messages for many minutes, as we had to learn the hard way on a medium-to-well loaded large-scale mail server. Continue reading pselect() Pitfalls

Automatic svn file addition/removal

subversion plus minusYou have files under version control, which are updated through a different mechanism (software update, another VCS such as git, …) or are using svn to archive automatically generated files? Then you are likely to constantly manually determine the appropriate svn add and svn rm commands. This can be automated… Continue reading Automatic svn file addition/removal

Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain

FRiTZ!BoxYour FRiTZ!Box maintains a useful list of names of machines in your local network in its pseudo-domain fritz.box, based on DHCP requests and web interface. This information is useful, but adding the pseudo-domain “fritz.box” to your own DNS hierarchy is no longer straightforward in the days of DNSSEC. Here is how to include it into your own ISC BIND9 DNS server. Continue reading Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain

Disable client certificate requests for Cyrus IMAP

Cyrus LogoCyrus IMAPd always asks for a client certificate. This can be unnerving for users running Thunderbird as their mail client which have a user certificate installed and are thus always asked whether they want to send it. (There is no way to tell Thunderbird not to send a client certificate, you can only select which one.) Continue reading Disable client certificate requests for Cyrus IMAP