[Dnssec-trigger] Compilation fails on Ubuntu (--with-gui)

W.C.A. Wijngaards wouter at NLnetLabs.nl
Tue Sep 20 08:36:37 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Stephane,

On 09/20/2011 10:06 AM, Stephane Bortzmeyer wrote:
> On Tue, Sep 20, 2011 at 09:19:17AM +0200,
>  W.C.A. Wijngaards <wouter at NLnetLabs.nl> wrote 
>  a message of 68 lines which said:
> 
>>> dnssec-trigger-panel shows nothing in the tray (or elsewhere).
>>
>> This is probably because of Unity.  I am working on better multiple-GUI
>> support.  For Unity that means libappindicator.  For XFCE its plugin
>> framework.  For native windows its NotifyIcon API.  And GNOME3 shell has
>> no status icons at all.  Cocoa has a status-menu icon.  It seems to be
>> different for every platform...
> 
> I don't even know what I use (and I suspect that many Unix users are
> in the same case, completely lost by the lack of stability of GUI
> interfaces). I installed an Ubuntu beta (because the laptop does not
> work with stable versions) and I got something which, I believe, is
> Gnome Shell.

Yes

>> $ dnssec-trigger-control status
> 
> So it works:

:-)

> %  dnssec-trigger-control status
> at 2011-09-20 10:01:09
> cache 192.134.4.163: error no RRSIGs in reply
> cache 192.134.4.162: OK 
> state: cache secure
> 
> [The error is 192.134.4.163 is indeed a problem on our side, confirmed
> with dig.]
> 
> And tcpdump shows that 192.134.4.162 is used, even if unbound.conf is
> not modified. [Any way to dump the live configuration of Unbound, by
> the way?]

Yes you can print the live configuration of unbound:
$ unbound-control forward

> 10:04:14.508842 IP 10.1.86.54.51381 > 192.134.4.162.53: 54670+% [1au] DS? 208.in-addr.arpa. (45)
> 
>> The popup dialog probably also still works, test it with:
>> $ dnssec-trigger-control unsafe
> 
> Works OK.

Good, so the basic GTK for the windows works on Ubuntu Unity GUI.

> I'm going to test on more hotspots now.

If they turn out insecure can you try:
* reprobe after signon  (you do not have the menu item; try
dnssec-trigger-control submit <ips of the caches that you see in status>
* can you https to nlnetlabs.nl (selfsigned)?  (can DANE work?)
* can you dig dnssec over tcp80 or tcp443?
dig @213.154.224.42 -p 80 +vc +dnssec . DNSKEY
dig @213.154.224.42 -p 443 +vc +dnssec . DNSKEY
dig @213.154.224.42 -p 80 +vc +dnssec se. DS
dig @213.154.224.42 -p 443 +vc +dnssec se. DS

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOeFCUAAoJEJ9vHC1+BF+N5REQAJpL4/iwzGGtrPzrFHwG9O/k
zdMVSWzC8fimndB8ounNrI9GSF4m5MdtCWK3lgVs/qzhU1tUp46O7wVPzGpWrKCh
SdAMQCPx7opUTaEeytT1qqMN7M28Ih4eDqpfqSxRG5LpnII8/YuYmsN1CNCWW2Dq
1XPcBBnXbcoO3mHiSpCdCvtVkW85VWF8Nn3xmaPb+2lWEtzSRQefyXTC1S+xBNKq
BzH9lStwkSLVcNjTnor36BDPdnmIxJgVYfFbBLIZgKTBs00F/rOa0B2QpzakrSbX
mqQUs2OXwRudQHf9vExR3x01WO9mMESSpPkv2kKKumltsYlt5CfnJkzZJN0wkIVF
K1OZjbf1QOlyT1pLrF4D+QW7YIaOCXSjNH0Z2oKYQbOwQ/cQSyOAK8Tgbaya/DO6
J7GRWSqkzbgLljtlFeYMunMN8qX1F4YVqhrP7TsyXsdLipWGLuMTwFsD0F7mTxQT
zg/NUW7cvSiNLB0XtfWRYanfAppELBF7mu8DyisxNxSFrzxTk3+cfA+ae86iWhhp
l2wD8HzvZHFeOsoJUtyouw/wKbXMN7PImOmqg2SNFo5Q6jvO6ScoFdVb6dbiUlZN
8Saxau6JRGdHjAU6ylYTM+q4158ZbTFi8h61QIwtskwcusG2M0y/koXhI24CRC5R
dF/wH1jOLbQHrK4NCeZb
=dyw2
-----END PGP SIGNATURE-----

More information about the dnssec-trigger mailing list