* - grimoire - dark wiki & knowledge base
(HTM) git clone https://git.drkhsh.at/grimoire.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit a5e0f64e584a7067e9904fee0d3e4c5b742c1850
(DIR) parent 6a2839bd2e8490bbb724f1836a113a0f93885d26
(HTM) Author: drkhsh <me@drkhsh.at>
Date: Fri, 7 Nov 2025 16:33:25 +0100
*
Diffstat:
M src/database/lexicon.ndtl | 81 +++++++++++++++++++++++--------
1 file changed, 62 insertions(+), 19 deletions(-)
---
(DIR) diff --git a/src/database/lexicon.ndtl b/src/database/lexicon.ndtl
@@ -4,7 +4,8 @@ HOME
HOST : home
BREF : grimoire
BODY
- The grimoire — where thoughts are transmuted, patterns are bound, and fragments of chaos are combined into order...
+ The Grimoire — where thoughts are transmuted, patterns are bound, and fragments of chaos are combined into order.
+ Each line inscribed here is a binding spell, each symbol a gate between reason and recursion. To read is to compile; to compile is to summon.
```
{^text dagger}
@@ -1475,26 +1476,36 @@ DNSSEC
BODY
## NSD & ldnscript on {OpenBSD}
- ldnscript mirror on:
- https://git.corp.skynet.airforce/mirror/ldnscripts
+ ldnscript mirror on: https://git.corp.skynet.airforce/mirror/ldnscripts
Limitations:
- - This script doesn’t know out-of-the-box how to deal with multi-layers zones. They are still possible in theory. You just have to copy the DS file’s content in the source of the parent zone.
- - I do not have yet a validity date for keys (signatures have though).
+ * This script doesn’t know out-of-the-box how to deal with multi-layers zones. They are still possible in theory. You just have to copy the DS file’s content in the source of the parent zone.
+ * I do not have yet a validity date for keys (signatures have though).
- > [!WARNING] KSK != ZSK
+ > WARNING: KSK != ZSK
> Upload the KSK to the domain registrar, as the ZSK gets rotated and is signed by the KSK!
- Install dependencies:
-
- ```sh
- doas pkg_add ldns-utils git
+ ```
+ ____
+ /_ | Install dependencies
+ | |
+ | |
+ |___|
```
- Install ldnscript:
+ `doas pkg_add ldns-utils git`
+
+ ```
+ ________
+ \_____ \ Install ldnscript
+ / ____/
+ / \
+ \_______ \
+ \/
+ ```
- ```sh
+ ```
$ cd /usr/local/src/
$ doas mkdir ldnscripts
$ doas chown $USER ldnscripts
@@ -1503,7 +1514,16 @@ DNSSEC
$ doas make install
```
- Configuration in `/etc/ns/ldnscript.conf`:
+ ```
+ ________
+ \_____ \ Configuration
+ _(__ <
+ / \
+ /______ /
+ \/
+ ```
+
+ in `/etc/ns/ldnscript.conf`:
```
# repository where to find unsigned zone file, generic and zone conf
@@ -1539,7 +1559,7 @@ DNSSEC
Place zonefiles in standard Bind format in `/etc/ns` wihtout extension.
- > [!WARNING] Attention with $ORIGIN
+ > WARNING: Attention with $ORIGIN
> If you use an _$ORIGIN_, you must set it at the top of the file, like in the example, otherwise it gets buggy.
Each zone can have its own special configuration overrides through a conf file of the same form and options as the generic one. The filename will be _zone.conf_.
@@ -1554,7 +1574,7 @@ DNSSEC
KSK_BITS=2048
```
- **⚠ You have here a rather important setting: signatures’ validity (VALIDITY option), which must be higher than your choice of signatures interval (cf the _signing_ command later).**
+ **You have here a rather important setting: signatures’ validity (VALIDITY option), which must be higher than your choice of signatures interval (cf the _signing_ command later).**
You need to configure NSD. All zonefiles will be written in /var/nsd/signed/$ZONE.
@@ -1567,6 +1587,15 @@ DNSSEC
zonefile: "signed/zone.tld"
```
+ ```
+ _____
+ / | | Initialize
+ / | |_
+ / ^ /
+ \____ |
+ |__|
+ ```
+
Init creates the structure for a zone and signs it.
```
@@ -1580,10 +1609,17 @@ DNSSEC
8 0 5,10,15,20,25 * * /usr/local/sbin/ldnscript signing all
```
- > [!NOTE] Validity periods
+ > NOTE: Validity periods
> The VALIDITY option must be higher than the frequence you run the signing script.
- Check:
+ ```
+ .________
+ | ____/ Check!
+ |____ \
+ / \
+ /______ /
+ \/
+ ```
```
ldnscript check 22decembre.eu
@@ -1591,7 +1627,14 @@ DNSSEC
Dito `status`
- Rollover:
+ ```
+ ________
+ / _____/ Rollover
+ / __ \
+ \ |__\ \
+ \_____ /
+ \/
+ ```
```
ldnscript rollover example.com
@@ -1604,7 +1647,7 @@ DNSSEC
/usr/local/sbin/ldnscript rollover all
```
- > [!WARNING] serial increments
+ > WARNING: serial increments
> do not increment the serials in /etc/ns, ldnscript takes care of that
> manually incrementing breaks stuff