xrcd2 網路小頑童: 10月 2023

2023年10月28日星期六

FortiGate Automation webhook 加 Line Notify API Webhook 實驗

延續做實驗

接續 Line Notify API Webhook 實驗

https://xrcd2.blogspot.com/2023/09/line-notify-api-webhook.html

再加入 FortiGate Automation webhook 做進階實驗

簡要架構

FTG--> Automation webhook ->LineNotifyAPI-webhook-Server-->Alert---> LineNotify

(以下實驗架構)

實務上的用法較正確的做法如下所示

FTG-> Automation webhook -> https://notify-api.line.me/api/notify --> Alert---> LineNotify

(一般用法)

申請 Token URL 如下

https://notify-bot.line.me/zh_TW/

CURL 測試方式

curl -X POST -H 'Authorization: Bearer [access_token]' -F 'message=TestMessage' https://notify-api.line.me/api/notify

實驗截圖開始

正常的用法可能長這樣直打 https://notify-api.line.me/api/notify

Debug

正常發出訊息

傳送訊息加入 %%log%%

看來有將 log 訊息加上,但可能死在 json 或 curl 不支援 %%log%% ,可能是保留字吧.

有空再研究啦!

Demo

以上畫面的截取為 FTG7 如使用 FTG 6 的畫面如下所示

我是在家中的 IP 分享器底下的 VM 去做實驗的

如果直打 https://notify-api.line.me/api/notify 問題會死在

auto_curl_perform()-107: Curl perform error:35 - SSL connect error.

__action_webhook_status()-150: Failed to perform curl for url:https://notify-api.line.me/api/notify.

__run_action()-298: Error when running service for stitch:AdminLoginAlert action:SendAlert2Line.

但很怪的是 VM 上網對外是全開的.

且用 CURL 去測也是正常的.. GG

FortiOS 的底層的 curl 可能很不一般吧..(很神奇的那一種) ..~^_^~.

WAN IP unknown

最後手段

https://github.com/ncarlier/webhookd

終於成功啦!

2023年10月15日星期日

CentOS 7.9 Install BIND 9.16 Extended Support Version Packages

yum install scl-utils scl-utils-build iso-codes-devel.noarch iso-codes.noarch

vi /etc/yum.repos.d/isc-bind-esv-epel-7.repo

[copr:copr.fedorainfracloud.org:isc:bind-esv]

name=Copr repo for bind-esv owned by isc

baseurl=https://download.copr.fedorainfracloud.org/results/isc/bind-esv/epel-7-$basearch/

type=rpm-md

skip_if_unavailable=True

gpgcheck=1

gpgkey=https://download.copr.fedorainfracloud.org/results/isc/bind-esv/pubkey.gpg

repo_gpgcheck=0

enabled=1

enabled_metadata=1

https://copr.fedorainfracloud.org/coprs/isc/bind-esv

Description

BIND 9.16 Extended Support Version Packages

This Copr contains the core BIND 9 DNS server and all the required dependencies for the popular DNSTAP

logging feature. These packages are provided by the BIND developer, not the operating system, and is

intended to provide an up-to-date version of BIND. It is not suitable for use if you are relying on

operating system-specific features, such as, for example FreeIPA.

Installation Instructions

To use this Copr repository, please first enable it by following the Quick Enable instructions on the right of your screen.

Once the repository is enabled, run yum install isc-bind (RHEL/CentOS 7) or dnf install isc-bind (RHEL/CentOS 8, Fedora).

This will install the BIND 9 Software Collection.

NOTE: The above commands are the only supported way of installing the BIND 9 Software Collection.

The BIND 9 Software Collection consists of several packages, the most important of which are:

isc-bind-bind, which contains the named binary, the rndc tool, DNSSEC utilities, and related configuration/system files,

isc-bind-bind-utils, which contains other BIND 9 utilities, most importantly dig and nsupdate.

Quick reference for the named daemon:

The configuration file can be found at:

/etc/opt/isc/isc-bind/named.conf (RHEL/CentOS 7)

/etc/opt/isc/scls/isc-bind/named.conf (RHEL/CentOS 8, Fedora)

Command line options for the daemon can be specified in:

/etc/opt/isc/isc-bind/sysconfig/named (RHEL/CentOS 7)

/etc/opt/isc/scls/isc-bind/sysconfig/named (RHEL/CentOS 8, Fedora)

To start the daemon, run systemctl start isc-bind-named.

If you want the daemon to start at boot time, run systemctl enable isc-bind-named.

Note that due to the nature of Software Collections, no BIND 9 daemon or utility installed by these packages is available in

$PATH by default. To be able to use them, do the following:

to enable the Software Collection for the current shell, run scl enable isc-bind bash

to enable the Software Collection inside a shell script, add the following line to it: source scl_source enable isc-bind

The latter line can also put in one of your shell initialization files (like ~/.bash_profile) to automatically enable the

Software Collection upon every login (caveats apply). For more ways of enabling a Software Collection (that might better fit your needs),

please consult the Software Collection documentation.

Providing BIND 9 as a Software Collection allows the latest supported versions released by ISC to be installed along stock OS packages

(which are usually based on older releases) on the same machine. If for some reason you prefer to use classic packages that do not

comprise a Software Collection, the source RPMs published in this Copr can be conveniently rebuilt using --without scl.

Note, however, that the resulting packages cannot be installed on a machine which also has stock OS packages installed.

For more BIND 9 documentation, including instructions on installing from source, please take a look at the ISC Knowledge Base.

To report a bug, please fill out the bug report form in ISC GitLab.

2023年10月13日星期五

DKIM DNS Record Test LAB

[root@AlmaLinux92 log]# dig TXT test.tw @192.168.100.200

; <<>> DiG 9.16.23-RH <<>> TXT test.tw @192.168.100.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62113

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: d0864ba0ace624b4010000006529c783cefa39d8595c18c5 (good)

;; QUESTION SECTION:

;test.tw. IN TXT

;; ANSWER SECTION:

test.tw. 86400 IN TXT "v=spf1 mx ip4:60.123.123.123/27 ip4:211.123.123.213 ip4:211.123.123.215 ip4:211.123.123.211 ~all"

test.tw. 86400 IN TXT "v=DKIM1; k=rsa; p=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

test.tw. 86400 IN TXT "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"

test.tw. 86400 IN TXT "YYYYYYYYYYYYYYYYYYYYYYYYYYY"

;; Query time: 0 msec

;; SERVER: 192.168.100.200#53(192.168.100.200)

;; WHEN: Sat Oct 14 06:41:07 CST 2023

;; MSG SIZE rcvd: 522

[root@AlmaLinux92 log]#

[root@AlmaLinux92 log]# named -v

BIND 9.16.23-RH (Extended Support Version) <id:fde3b1f>

[root@AlmaLinux92 log]#

============================================================

[root@AlmaLinux92 log]# cat /etc/named.conf

// named.conf

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {

listen-on port 53 { any; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

secroots-file "/var/named/data/named.secroots";

recursing-file "/var/named/data/named.recursing";

allow-query { localhost; 0.0.0.0/0; };

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

dnssec-validation no;

managed-keys-directory "/var/named/dynamic";

geoip-directory "/usr/share/GeoIP";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */

include "/etc/crypto-policies/back-ends/bind.config";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

zone "test.tw" IN {

type master;

file "test.tw.zone";

allow-query {any;};

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

[root@AlmaLinux92 log]# cat /var/named/test.tw.zone

$TTL 86400

@ IN SOA dns.test.tw. root.test.tw. (

2023101401 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

86400 ; Negative Cache TTL

);

@ IN NS dns.test.tw.

@ IN A 192.168.100.200

dns.test.tw. IN A 192.168.100.200

test.tw. IN TXT "v=DKIM1; k=rsa; p=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

test.tw. IN TXT "v=spf1 mx ip4:60.123.123.123/27 ip4:211.123.123.213 ip4:211.123.123.215 ip4:211.123.123.211 ~all"

test.tw. IN TXT "YYYYYYYYYYYYYYYYYYYYYYYYYYY"

test.tw. IN TXT "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"

[root@AlmaLinux92 log]# cat /etc/sysconfig/named

# BIND named process options

# ~~~~~~~~~~~~~~~~~~~~~~~~~~

# OPTIONS="whatever" -- These additional options will be passed to named

# at startup. Don't add -t here, enable proper

# -chroot.service unit file.

# NAMEDCONF=/etc/named/alternate.conf

# -- Don't use -c to change configuration file.

# Extend systemd named.service instead or use this

# variable.

# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone

# utility for every zone to ensure all zones are

# valid before named starts. If you set this option

# to 'yes' then service file doesn't perform those

# checks.

OPTIONS="-4"

[root@AlmaLinux92 log]#

====================================

C:\Users\xrcd2>nslookup

預設伺服器: dns.hinet.net

Address: 168.95.1.1

> server 192.168.100.200

預設伺服器: [192.168.100.200]

Address: 192.168.100.200

> set type=txt

> test.tw

伺服器: [192.168.100.200]

Address: 192.168.100.200

test.tw text =

"v=DKIM1; k=rsa; p=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

test.tw text =

"YYYYYYYYYYYYYYYYYYYYYYYYYYY"

test.tw text =

"v=spf1 mx ip4:60.123.123.123/27 ip4:211.123.123.213 ip4:211.123.123.215 ip4:211.123.123.211 ~all"

test.tw text =

"ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"

===============================

[root@AlmaLinux92 log]# dig TXT msa.hinet.net @127.0.0.1

; <<>> DiG 9.16.23-RH <<>> TXT msa.hinet.net @127.0.0.1

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1278

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: 1f3935b5ab413596010000006529c90ef407026e93083ccd (good)

;; QUESTION SECTION:

;msa.hinet.net. IN TXT

;; ANSWER SECTION:

msa.hinet.net. 86400 IN TXT "v=spf1 redirect=spf.ms.hinet.net"

msa.hinet.net. 86400 IN TXT "v=DKIM1; k=rsa; p=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

;; Query time: 347 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Sat Oct 14 06:47:42 CST 2023

;; MSG SIZE rcvd: 362

[root@AlmaLinux92 log]#

========================

[root@AlmaLinux92 log]# netstat -anulp | more

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

udp 0 0 192.168.100.200:53 0.0.0.0:* 10700/named

udp 0 0 127.0.0.1:53 0.0.0.0:* 10700/named

udp 0 0 127.0.0.1:323 0.0.0.0:* 905/chronyd

udp6 0 0 ::1:323 :::* 905/chronyd

[root@AlmaLinux92 log]# systemctl status named

● named.service - Berkeley Internet Name Domain (DNS)

Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)

Active: active (running) since Sat 2023-10-14 06:52:59 CST; 26s ago

Process: 10696 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

Process: 10699 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)

Main PID: 10700 (named)

Tasks: 14 (limit: 48696)

Memory: 40.6M

CPU: 42ms

CGroup: /system.slice/named.service

└─10700 /usr/sbin/named -u named -c /etc/named.conf -4

Oct 14 06:52:59 AlmaLinux92 named[10700]: zone localhost/IN: loaded serial 0

Oct 14 06:52:59 AlmaLinux92 named[10700]: zone test.tw/IN: loaded serial 2023101401

Oct 14 06:52:59 AlmaLinux92 named[10700]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0

Oct 14 06:52:59 AlmaLinux92 named[10700]: zone localhost.localdomain/IN: loaded serial 0

Oct 14 06:52:59 AlmaLinux92 named[10700]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0

Oct 14 06:52:59 AlmaLinux92 named[10700]: all zones loaded

Oct 14 06:52:59 AlmaLinux92 named[10700]: running

Oct 14 06:52:59 AlmaLinux92 systemd[1]: Started Berkeley Internet Name Domain (DNS).

Oct 14 06:52:59 AlmaLinux92 named[10700]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)

Oct 14 06:52:59 AlmaLinux92 named[10700]: resolver priming query complete

[root@AlmaLinux92 log]#

===============

openkdim install & setting dns zone

[root@AlmaLinux92 log]# yum install epel-release.noarch

Last metadata expiration check: 1:18:55 ago on Sat 14 Oct 2023 05:51:30 AM CST.

Dependencies resolved.

=================================================================================================================================================================================================================================================

Package Architecture Version Repository Size

Installing:

epel-release noarch 9-5.el9 extras 18 k

Transaction Summary

Install 1 Package

Total download size: 18 k

Installed size: 25 k

Is this ok [y/N]: y

Downloading Packages:

epel-release-9-5.el9.noarch.rpm 43 kB/s | 18 kB 00:00

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total 13 kB/s | 18 kB 00:01

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing : 1/1

Installing : epel-release-9-5.el9.noarch 1/1

Running scriptlet: epel-release-9-5.el9.noarch 1/1

Many EPEL packages require the CodeReady Builder (CRB) repository.

It is recommended that you run /usr/bin/crb enable to enable the CRB repository.

Verifying : epel-release-9-5.el9.noarch 1/1

Installed:

epel-release-9-5.el9.noarch

Complete!

[root@AlmaLinux92 log]#

[root@AlmaLinux92 log]# dnf config-manager --set-enabled crb

[root@AlmaLinux92 log]# dnf install opendkim-tools opendkim

AlmaLinux 9 - CRB 2.0 MB/s | 2.9 MB 00:01

Last metadata expiration check: 0:00:01 ago on Sat 14 Oct 2023 07:14:38 AM CST.

Dependencies resolved.

Package Architecture Version Repository Size

Installing:

opendkim x86_64 2.11.0-0.34.el9 epel 224 k

opendkim-tools x86_64 2.11.0-0.34.el9 epel 55 k

Installing dependencies:

libbsd x86_64 0.11.7-2.el9 epel 111 k

libmd x86_64 1.1.0-1.el9 epel 46 k

libmemcached-awesome x86_64 1.1.0-12.el9 crb 110 k

libopendkim x86_64 2.11.0-0.34.el9 epel 70 k

opendbx x86_64 1.4.6-31.el9 epel 52 k

sendmail-milter x86_64 8.16.1-10.el9 crb 40 k

Transaction Summary

Install 8 Packages

Total download size: 708 k

Installed size: 1.8 M

Is this ok [y/N]: y

Downloading Packages:

(1/8): sendmail-milter-8.16.1-10.el9.x86_64.rpm 272 kB/s | 40 kB 00:00

(2/8): libbsd-0.11.7-2.el9.x86_64.rpm 432 kB/s | 111 kB 00:00

(3/8): libmemcached-awesome-1.1.0-12.el9.x86_64.rpm 408 kB/s | 110 kB 00:00

(4/8): libopendkim-2.11.0-0.34.el9.x86_64.rpm 1.1 MB/s | 70 kB 00:00

(5/8): libmd-1.1.0-1.el9.x86_64.rpm 262 kB/s | 46 kB 00:00

(6/8): opendkim-tools-2.11.0-0.34.el9.x86_64.rpm 745 kB/s | 55 kB 00:00

(7/8): opendkim-2.11.0-0.34.el9.x86_64.rpm 1.7 MB/s | 224 kB 00:00

(8/8): opendbx-1.4.6-31.el9.x86_64.rpm 251 kB/s | 52 kB 00:00

Total 410 kB/s | 708 kB 00:01

Extra Packages for Enterprise Linux 9 - x86_64 1.6 MB/s | 1.6 kB 00:00

Importing GPG key 0x3228467C:

Userid : "Fedora (epel9) <epel@fedoraproject.org>"

Fingerprint: FF8A D134 4597 106E CE81 3B91 8A38 72BF 3228 467C

From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9

Is this ok [y/N]: y

Key imported successfully

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing : 1/1

Installing : opendbx-1.4.6-31.el9.x86_64 1/8

Installing : libmemcached-awesome-1.1.0-12.el9.x86_64 2/8

Installing : libmd-1.1.0-1.el9.x86_64 3/8

Installing : libbsd-0.11.7-2.el9.x86_64 4/8

Installing : libopendkim-2.11.0-0.34.el9.x86_64 5/8

Installing : sendmail-milter-8.16.1-10.el9.x86_64 6/8

Running scriptlet: opendkim-2.11.0-0.34.el9.x86_64 7/8

Installing : opendkim-2.11.0-0.34.el9.x86_64 7/8

Running scriptlet: opendkim-2.11.0-0.34.el9.x86_64 7/8

Installing : opendkim-tools-2.11.0-0.34.el9.x86_64 8/8

Running scriptlet: opendkim-tools-2.11.0-0.34.el9.x86_64 8/8

Verifying : libmemcached-awesome-1.1.0-12.el9.x86_64 1/8

Verifying : sendmail-milter-8.16.1-10.el9.x86_64 2/8

Verifying : libbsd-0.11.7-2.el9.x86_64 3/8

Verifying : libmd-1.1.0-1.el9.x86_64 4/8

Verifying : libopendkim-2.11.0-0.34.el9.x86_64 5/8

Verifying : opendbx-1.4.6-31.el9.x86_64 6/8

Verifying : opendkim-2.11.0-0.34.el9.x86_64 7/8

Verifying : opendkim-tools-2.11.0-0.34.el9.x86_64 8/8

Installed:

libbsd-0.11.7-2.el9.x86_64 libmd-1.1.0-1.el9.x86_64 libmemcached-awesome-1.1.0-12.el9.x86_64 libopendkim-2.11.0-0.34.el9.x86_64 opendbx-1.4.6-31.el9.x86_64 opendkim-2.11.0-0.34.el9.x86_64 opendkim-tools-2.11.0-0.34.el9.x86_64

sendmail-milter-8.16.1-10.el9.x86_64

Complete!

[root@AlmaLinux92 log]#

[root@AlmaLinux92 test.tw]# pwd

/etc/opendkim/keys/test.tw

[root@AlmaLinux92 test.tw]# ll

total 0

[root@AlmaLinux92 test.tw]# opendkim-genkey -b 2048 -r -s default -d test.tw -D /etc/opendkim/keys/test.tw/

[root@AlmaLinux92 test.tw]# ll

total 8

-rw------- 1 root root 1704 Oct 14 07:27 default.private

-rw------- 1 root root 502 Oct 14 07:27 default.txt

[root@AlmaLinux92 test.tw]# chown opendkim.opendkim -R /etc/opendkim/keys/test.tw

[root@AlmaLinux92 test.tw]# ll

total 8

-rw------- 1 opendkim opendkim 1704 Oct 14 07:27 default.private

-rw------- 1 opendkim opendkim 502 Oct 14 07:27 default.txt

[root@AlmaLinux92 test.tw]# cat default.txt

default._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "

"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaJDpwzwD8Xn/iKQPN4jD8V97/pQsCkUdnmJOf5gqQ4to1ehmM+3+P7EH7Id9XaL7dtyeOpxe63waunulPBNQ3TtEMuDbI3nCiscNEHxDICzmpqm99fpi/vzsMZ0MvN11/VdITgQ8qmUd6uzTfpEHNTgNzfBRuNc89Upw7MZuSL82AT+Pks3xuyIgBWXaouQQHXlw5P6hF0TLQ"

"pfi3uAQEeI8g42rWV/cbCzXzrQ2MwOSEnVkuhQopNU5cdqYtuXkCRdebT2LoK2uFAYaEk6O58CSfKnEPB5q4Q8MVitL/qHq4IuJpGL1Lz7UGHEe5Krn+AVQnw58J7/OH/k8CrE1wIDAQAB" ) ; ----- DKIM key default for test.tw

[root@AlmaLinux92 test.tw]#

[root@AlmaLinux92 test.tw]# vi /var/named/test.tw.zone

test.tw. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaJDpwzwD8Xn/iKQPN4jD8V97/pQsCkUdnmJOf5gqQ4to1ehmM+3+P7EH7Id9XaL7dtyeOpxe63waunulPBNQ3TtEMuDbI3nCiscNEHxDICzmpqm9" "9fpi/vzsMZ0MvN11/VdITgQ8qmUd6uzTfpEHNTgNzfBRuNc89Upw7MZuSL82AT+Pks3xuyIgBWXaouQQHXlw5P6hF0TLQ" "pfi3uAQEeI8g42rWV/cbCzXzrQ2MwOSEnVkuhQopNU5cdqYtuXkCRdebT2LoK2uFAYaEk6O58CSfKnEPB5q4Q8MVitL/qHq4IuJpGL1Lz7UGHEe5Krn+AVQnw58J7/OH/k8CrE1wIDAQAB"

#systemctl restart named

[root@AlmaLinux92 test.tw]# dig TXT test.tw @192.168.100.200

; <<>> DiG 9.16.23-RH <<>> TXT test.tw @192.168.100.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38844

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: f74f11fd6e9c9d33010000006529d973b9f9e24db038b1ba (good)

;; QUESTION SECTION:

;test.tw. IN TXT

;; ANSWER SECTION:

.................

test.tw. 86400 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaJDpwzwD8Xn/iKQPN4jD8V97/pQsCkUdnmJOf5gqQ4to1ehmM+3+P7EH7Id9XaL7dtyeOpxe63waunulPBNQ3TtEMuDbI3nCiscNEHxDICzmpqm9" "9fpi/vzsMZ0MvN11/VdITgQ8qmUd6uzTfpEHNTgNzfBRuNc89Upw7MZuSL82AT+Pks3xuyIgBWXaouQQHXlw5P6hF0TLQ" "pfi3uAQEeI8g42rWV/cbCzXzrQ2MwOSEnVkuhQopNU5cdqYtuXkCRdebT2LoK2uFAYaEk6O58CSfKnEPB5q4Q8MVitL/qHq4IuJpGL1Lz7UGHEe5Krn+AVQnw58J7/OH/k8CrE1wIDAQAB"

.................

;; Query time: 0 msec

;; SERVER: 192.168.100.200#53(192.168.100.200)

;; WHEN: Sat Oct 14 07:57:39 CST 2023

;; MSG SIZE rcvd: 700

[root@AlmaLinux92 test.tw]#

[root@AlmaLinux92 test.tw]# dig TXT test.tw @192.168.100.200

; <<>> DiG 9.16.23-RH <<>> TXT test.tw @192.168.100.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38844

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: f74f11fd6e9c9d33010000006529d973b9f9e24db038b1ba (good)

;; QUESTION SECTION:

;test.tw. IN TXT

;; ANSWER SECTION:

.................

;; Query time: 0 msec

;; SERVER: 192.168.100.200#53(192.168.100.200)

;; WHEN: Sat Oct 14 07:57:39 CST 2023

;; MSG SIZE rcvd: 700

[root@AlmaLinux92 test.tw]#

=================

> set type=txt

> test.tw

伺服器: [192.168.100.200]

Address: 192.168.100.200

............

test.tw text =

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaJDpwzwD8Xn/iKQPN4jD8V97/pQsCkUdnmJOf5gqQ4to1ehmM+3+P7EH7Id9XaL7dtyeOpxe63waunulPBNQ3TtEMuDbI3nCiscNEHxDICzmpqm9"

"9fpi/vzsMZ0MvN11/VdITgQ8qmUd6uzTfpEHNTgNzfBRuNc89Upw7MZuSL82AT+Pks3xuyIgBWXaouQQHXlw5P6hF0TLQ"

"pfi3uAQEeI8g42rWV/cbCzXzrQ2MwOSEnVkuhQopNU5cdqYtuXkCRdebT2LoK2uFAYaEk6O58CSfKnEPB5q4Q8MVitL/qHq4IuJpGL1Lz7UGHEe5Krn+AVQnw58J7/OH/k8CrE1wIDAQAB"

.................

訂閱：文章 (Atom)

2023年10月28日 星期六

FortiGate Automation webhook 加 Line Notify API Webhook 實驗

2023年10月15日 星期日

CentOS 7.9 Install BIND 9.16 Extended Support Version Packages

2023年10月13日 星期五

DKIM DNS Record Test LAB

2023年10月28日星期六

2023年10月15日星期日

2023年10月13日星期五