2016年2月29日 星期一

Deploy Public Key TXT in BIND Server


Deploy DomainKeys/DKIM Public Key in DNS Server

Deploy Public Key TXT in BIND Server
If your domain is hosted by Bind DNS server, you can add DKIM public key record like this: locate your domain's zone file and open it with your preferred editor, then add the following content:
 ; DKIM policy record
 _domainkey.yourdomain.com.            IN     TXT    "o=~;"
 ; DKIM public key record
 s1024._domainkey.yourdomain.com.      IN     TXT    "k=rsa;p=MIGfMA0GCS....ofIz0IW7QwIDAQAB"

Deploy Public Key by DKIM Manager
If your domain is hosted by Windows DNS Server in local LAN. After you added a domain in DKIM Plugin Manager, you can select the domain and click "Deploy Key", input your DNS server address and choose the DNS zone, the public key will be deployed to DNS server automatically.
Windows DNS Tool

Deploy Public Key Manually
If your domain is not hosted by Windows DNS server in local LAN, or it is failed by "Deploy Key" in DKIM manager, you can select the domain and click "Export Public Key". A dialog box will pop up and display a Public Key and a TXT record for deployment in your DNS server.
export dkim public key
TXT Record
The full name of your public key record.
Public Key
The value in the record.
Test Mode
"t=y;" in public key record means Test mode, you can remove "t=y;" from your public key record after your DKIM/DomainKeys test is finished.
Domain Policy Record (Optional)
Domain Policy Record is always deployed to _domainkey.yourdomain. In policy record value, o = Outbound Signing policy ("-" means that this domain signs all email; "~" is the default value and means that this domain may sign some email with DomainKeys). If you do not set policy record, the o=~; is used by default.

Deploy Public Key TXT record in Windows DNS Server
windows dns
Step 1: Select and open a domain (e.g. emailarchitect.net) which you want to add a public key record to. Right-click the record list and select "Other New Records..." from the menu.
Step 2: Select the Text (TXT) record type and click the "Create Record..." button.
Step 3: Copy the value (t=y; k=rsa; p=...) from Public Key field and paste it to the "Text" text box and input "s1024._domainkey" (depends on the information in the dialog box, the syntax is [selector]._domainkey) in Record Name. Click the OK button.

(Windows 2000 DNS Server*)
windows 2000 dns
If you're using Windows 2000 DNS server, you should create "_domainkey" domain under "your domain" at the beginning, and then create "s1024" TXT record under "_domainkey" sub-domain. The reason is that creating "s1024._domainkey" TXT record directly is not permitted in Windows 2000 DNS server.

Add Policy record in Windows DNS Server (Optional*)
dkim policy record
Step 1: Select and open a domain (e.g. emailarchitect.net) which you want to add a public key record to. Right-click the record list and select "Other New Records..." from the menu.
Step 2: Select the Text (TXT) record type and click the "Create Record..." button.
Step 3: Copy the value (t=y; o=~;) from Policy field and paste it to the "Text" text box and input "_domainkey" in Record Name. Click the OK button.
*This record is optional, you don't have to add it. If you do not set policy record, the o=~; is used by default.

Deploy Public Key TXT in Network Solutions DNS server
public key in networksolutions
If your domain is hosted by www.networksolutions.com, you can deploy your public key like this:
Step 1: Select your domain
Step 2: Select the "Edit TXT Record.
Step 3: Copy the value (t=y; k=rsa; p=...) from Public Key field and paste it to the "Text" text box and input "s1024._domainkey" (depends on the information in the dialog box, the syntax is [selector]._domainkey) in Host. Click the "Continue" button.
Step 4 (optional*): Copy the value (t=y; o=~;) from Policy field and paste it to the "Text" text box and input "_domainkey" in Host. Click the OK button.

Deploy Public Key TXT in other DNS server
If your domain is hosted by other ISP, as most ISP provide DNS Web administration like "network solutions" do, you can refer to "Deploy Public Key TXT in Network Solutions DNS server" section and deploy your public key in your ISP DNS Web administrative tool.
If you are not DNS server administrator, or your domain is hosted by other DNS server, please send the information in dialog box->DNS Public Deployment to your domain DNS server administrator for assistant.

Test Public Key Deployment
After the Public Key in DNS server is deployed, you can click "Test Public Key" in EA DomainKeys/DKIM Manager to verify the public key. It will tell if your public key is deployed correctly. After your public key is ok, you can go to "Test DomainKeys/DKIM signature".
public key test
You can also use nslookup command to test your public key as follows:
Windows Start menu->input:
press enter

set type=txt
press enter

input ([selector]._domainkey.yourdomain):
If your key is deployed successfully, it should return something like above screenshot.

2048 Public Key Deployment
Because single DNS TXT record is limited to 255 characters, public key length of 2048 certificate exceeds the limit. So you need to separate public key to two parts in DNS server.
In Windows DNS Server, you should use line-break to separate the long public key
k=rsa; p=k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8YgepDS0lUI3H9dMaQt2Mm...
In BIND Server, you should deploy key as follows:
s1024._domainkey.yourdomain.com. IN TXT ("k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv..."

s1024._domainkey.yourdomain.com. IN TXT "k=rsa; p=MIIBIjANBgkqhkiG9w..." "2LjDmbvj6V82iSnW3lAg3Sr212o4..."

See Also

2016年2月14日 星期日

Cisco Router log timestamp entries are different from the system clock when the NTP is configure


Router log timestamp entries are different from the system clock when the NTP is configure


Mon, 10/19/2015 - 02:44
 7 years ago

Core Issue:

Timestamps are useful for viewing when certain events happen on a router. Timestanps are also helpful for troubleshooting, because they allow the network administrator to compare simultaneous events on network routers and analyze whether one occurrence caused, or was a result of, another.
If a router is configured to get the time from a Network Time Protocol (NTP) server, the times in the router's log entries may be different from the time on the system clock if the [localtime] option is not in the service timestamps log command. In the example below, the router gets its time from an NTP server and theservice timestamps log datetime command is issued. Theshow clock command displays a time of 14:12:26, yet when a configuration change is made immediately after the show clock command, the log message shows a time of 21:12:28, as shown in this example:

clock timezone PST -8
clock summer-time PDT recurring
service timestamps debug datetime
service timestamps log datetime
logging buffered 16000 debugging
ntp clock-period 17179272
ntp server

router#show clock
14:12:26.312 PDT Thu Apr 27 2000
router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Apr 27 21:12:28: %SYS-5-CONFIG_I: Configured from console by vty0


Add the [localtime] option to the service timestamps log command. For example, if the current configuration is service timestamps log datetime, issue this global configuration command:
router(config)#service timestamps log datetime localtime
router(config)#^Z (ctrl z to exit)
router#write mem

The times should now be synchronized between the system clock and the log message timestamps.