1
Distribuce / Re:Dostatek entropie?
« kdy: 05. 12. 2022, 22:18:32 »
Neco takoveho sem predpokladal. Ale kdyz entropy_avail ted nemohu pouzit, jak jinak mam zjistit jestli system ma dostatek entropie?
Tato sekce Vám umožňuje zobrazit všechny příspěvky tohoto uživatele. Prosím uvědomte si, že můžete vidět příspěvky pouze z oblastí Vám přístupných.
cat /proc/sys/kernel/random/entropy_avail
dig @localhost mydomain.tld SOA
; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> @localhost mydomain.tld SOA
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42907
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 31796cbe2095d84624c3c1b3636828500d40288c02ff132d (good)
;; QUESTION SECTION:
;mydomain.tld. IN SOA
;; ANSWER SECTION:
mydomain.tld. 36000 IN SOA myhost.mydomain.tld. root.mydomain.tld. 2022061645 14400 3600 604800 86400
; BIND data file for mydomain.tld
$TTL 3600
@ IN SOA myhost.mydomain.tld. root.mydomain.tld. (
2022110401
14400
3600
604800
86400 )
IN A <IP>
zone "mydomain.tld" {
type master;
file "db.mydomain.tld";
inline-signing yes;
auto-dnssec maintain;
key-directory "/etc/bind/keys";
allow-transfer { slavedns; };
};
dig @localhost mydomain.tld A
; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> @localhost mydomain.tld A
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48015
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5a746739be6907a52cda1be5636815bb2026567bf32814c9 (good)
;; QUESTION SECTION:
;mydomain.tld. IN A
;; ANSWER SECTION:
mydomain.tld. 36000 IN A <WrongIP>
;; AUTHORITY SECTION:
<jmenne servery, tady vsechno v poradku>
;; ADDITIONAL SECTION:
<prevod fqdn na IP pro jmenne servery, taky vsechno v poradku>
@ IN A <SPRAVNA_IP>
rndc reload
server reload successful
dig @localhost mojedomena.tld A
;; QUESTION SECTION:
;mojedomena.tld. IN A
;; ANSWER SECTION:
mojedomena.tld. 36000 IN A <JINA_IP>
Update-Manager::Always-Include-Phased-Updates;
APT::Get::Always-Include-Phased-Updates;
rndc reload
rndc signing -list example.com
rndc signing -nsec3param 1 0 10 abcdef12 example.com
named-compilezone -f raw -j -o - example.com /var/cache/bind/db.example.com.signed
+ Found 1 DS records for example.com in the com zone
+ DS=35525/SHA-256 has algorithm ECDSAP256SHA256
+ Found 1 RRSIGs over DS RRset
+ RRSIG=37269 and DNSKEY=37269 verifies the DS RRset
! Unknown host ns1.example.com
! Unknown host ns2.example.com
! Unknown host ns3.example.com
- Failed to get DNSKEY RR set for zone example.com
- No response from example.com nameservers