Polite notice

Just to let you know that this web site uses CSS to enhance the look and user experience, it looks like your web browser can not understand CSS or you have turned it off.

The effect is that things may not look as intended. Thanks for viewing though!

Archive for May 2008

SERVFAIL

Wed, May 28, 2008 at 7:25 pm Posted in Technical 0 Comments

The environment at work is a mix of Windows and Unix.  The standard build for the laptops is Windows XP, with a few Macs.  Oh and the the odd Linux install ;-)   Of course with a network of a certain size then DHCP becomes the only option for allocating addresses to devices other than servers, printers and the like (which must be on a static address).

But that doesn’t mean that it’s all well and jolly, especially when you have windows admin who run the central services including DHCP.

In my case I couldn’t work out why only certain hostnames could be resolved after I picked up an address via DHCP on my linux machine.  Some addresses were getting a SERVFAIL repsponse from the internal DNS servers.  Did I have a proper IP address – check, dns servers – check, dns search domain – check.  All in order.  Time to compare with a windows machine which could resolve all hostnames.

What’s that I spy?  Three more dns search domains! Eh?  Where did they come from?  I added these ‘extra’ search domains into /etc/resolve.conf and all those hostnames that didn’t resolve before suddenly popped into life.  Next step to check with the admins and see if DHCP server was behaving correctly.

No reported problem there.  Next question – how is the dhcp server configured for dns search domains.  “Only the one is given through the DHCP request, the rest are given through group policy.”  That explains a lot.  Linux machines don’t pick up dns search domains given out via a windows group policy.

Just as I left this evening I had a quick chat with one of the more senior and knowledgeable staff who is  a Mac user, and no surprise there but he has the same problem but didn’t realise it.  As a result of this this quick conversation it sounds like there may be a change to the DHCP server in the near future. :-)

Renewing a Self Signed Certificate

Thu, May 22, 2008 at 8:18 pm Posted in Technical, Web Site Coding 0 Comments

My self signed certificate ran out yesterday so I needed to generate a new certificate.  I still have the key from my original certificate (obviously), but for some reason I couldn’t find the certificate request file from last time.  On top of that I couldn’t remember the exact commands to generate the new key.

With some help from Xeno Cafe web site these are the steps I took:

  1. openssl req -new -key tuxx.tuxx.org.uk.key -out tuxx.tuxx.org.uk.csr
  2. openssl x509 -req -days 730 -in tuxx.tuxx.org.uk.csr -signkey tuxx.tuxx.org.uk.key -set_serial 08 -out tuxx.tuxx.org.uk.crt

In step 1 I enter the details and the certificate request file is generated (this is the one you send off when you want a signed certificate).  In step 2 the actual certificate is created.  I opted to make it valid for 2 years hence the 730. Once that’s done it’s just a case of putting the key file and certificate file on top of the old files and restarting apache.

The first time I generated the cetificate Firefox gave serial key error on the certificate.  After a quick google I came up with suggestion to set the serial on the certificate.  I didn’t even know you could do that!

The second time I created the certificate also setting the serial and the restarted apache.  This time it worked.

Tuxx.org.uk is proudly powered by WordPress, Gallery, Debian & Zen