[所感] KSK ロール オーバー

 General, Internet  [所感] KSK ロール オーバー はコメントを受け付けていません。
8月 062017
 

なんとなくやってみたけどな
KSKロールオーバー抜きに
たぶんこれアカンやつ

ipv4(pmtu1454)+edns0

for s in {a..m} ;do echo ";; ${s}.root-servers.net" ; dig -4 +norec +edns=0 +noall +stats . rrsig @${s}.root-servers.net ;done
;; a.root-servers.net
;; connection timed out; no servers could be reached
;; b.root-servers.net
;; Query time: 117 msec
;; SERVER: 192.228.79.201#53(192.228.79.201)
;; WHEN: Sun Aug 06 00:37:19 JST 2017
;; MSG SIZE rcvd: 1955

;; c.root-servers.net
;; connection timed out; no servers could be reached
;; d.root-servers.net
;; connection timed out; no servers could be reached
;; e.root-servers.net
;; connection timed out; no servers could be reached
;; f.root-servers.net
;; Query time: 7 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Sun Aug 06 00:38:05 JST 2017
;; MSG SIZE rcvd: 28

;; g.root-servers.net
;; Query time: 17 msec
;; SERVER: 192.112.36.4#53(192.112.36.4)
;; WHEN: Sun Aug 06 00:38:06 JST 2017
;; MSG SIZE rcvd: 1955

;; h.root-servers.net
;; connection timed out; no servers could be reached
;; i.root-servers.net
;; connection timed out; no servers could be reached
;; j.root-servers.net
;; connection timed out; no servers could be reached
;; k.root-servers.net
;; Query time: 8 msec
;; SERVER: 193.0.14.129#53(193.0.14.129)
;; WHEN: Sun Aug 06 00:38:52 JST 2017
;; MSG SIZE rcvd: 1200

;; l.root-servers.net
;; connection timed out; no servers could be reached
;; m.root-servers.net
;; connection timed out; no servers could be reached

ipv6(pmtu1500)+edns0

for s in {a..m} ;do echo ";; ${s}.root-servers.net" ; dig -6 +norec +edns=0 +noall +stats . rrsig @${s}.root-servers.net ;done
;; a.root-servers.net
;; Query time: 115 msec
;; SERVER: 2001:503:ba3e::2:30#53(2001:503:ba3e::2:30)
;; WHEN: Sun Aug 06 00:40:16 JST 2017
;; MSG SIZE rcvd: 1955

;; b.root-servers.net
;; Query time: 116 msec
;; SERVER: 2001:500:200::b#53(2001:500:200::b)
;; WHEN: Sun Aug 06 00:40:17 JST 2017
;; MSG SIZE rcvd: 1955

;; c.root-servers.net
;; Query time: 141 msec
;; SERVER: 2001:500:2::c#53(2001:500:2::c)
;; WHEN: Sun Aug 06 00:40:18 JST 2017
;; MSG SIZE rcvd: 1955

;; d.root-servers.net
;; Query time: 12 msec
;; SERVER: 2001:500:2d::d#53(2001:500:2d::d)
;; WHEN: Sun Aug 06 00:40:18 JST 2017
;; MSG SIZE rcvd: 1447

;; e.root-servers.net
;; Query time: 107 msec
;; SERVER: 2001:500:a8::e#53(2001:500:a8::e)
;; WHEN: Sun Aug 06 00:40:18 JST 2017
;; MSG SIZE rcvd: 1172

;; f.root-servers.net
;; Query time: 22 msec
;; SERVER: 2001:500:2f::f#53(2001:500:2f::f)
;; WHEN: Sun Aug 06 00:40:19 JST 2017
;; MSG SIZE rcvd: 1983

;; g.root-servers.net
;; Query time: 160 msec
;; SERVER: 2001:500:12::d0d#53(2001:500:12::d0d)
;; WHEN: Sun Aug 06 00:40:19 JST 2017
;; MSG SIZE rcvd: 1955

;; h.root-servers.net
;; Query time: 177 msec
;; SERVER: 2001:500:1::53#53(2001:500:1::53)
;; WHEN: Sun Aug 06 00:40:20 JST 2017
;; MSG SIZE rcvd: 1172

;; i.root-servers.net
;; Query time: 12 msec
;; SERVER: 2001:7fe::53#53(2001:7fe::53)
;; WHEN: Sun Aug 06 00:40:20 JST 2017
;; MSG SIZE rcvd: 1955

;; j.root-servers.net
;; Query time: 205 msec
;; SERVER: 2001:503:c27::2:30#53(2001:503:c27::2:30)
;; WHEN: Sun Aug 06 00:40:21 JST 2017
;; MSG SIZE rcvd: 1955

;; k.root-servers.net
;; Query time: 9 msec
;; SERVER: 2001:7fd::1#53(2001:7fd::1)
;; WHEN: Sun Aug 06 00:40:21 JST 2017
;; MSG SIZE rcvd: 1172

;; l.root-servers.net
;; Query time: 118 msec
;; SERVER: 2001:500:9f::42#53(2001:500:9f::42)
;; WHEN: Sun Aug 06 00:40:22 JST 2017
;; MSG SIZE rcvd: 1172

;; m.root-servers.net
;; Query time: 9 msec
;; SERVER: 2001:dc3::35#53(2001:dc3::35)
;; WHEN: Sun Aug 06 00:40:22 JST 2017
;; MSG SIZE rcvd: 1955

こんなzoneキライだ。

 General  こんなzoneキライだ。 はコメントを受け付けていません。
4月 112016
 

キライなzone例

dns.jp.

$ dig +norec dns.jp. soa @nsb.dns.jp.

; <<>> DiG 9.10.3-P4 <<>> +norec dns.jp. soa @nsb.dns.jp.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57230
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 12

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.jp.                                IN      SOA

;; ANSWER SECTION:
dns.jp.                 86400   IN      SOA     z.dns.jp. root.dns.jp. 2015011801 3600 900 1814400 86400

;; AUTHORITY SECTION:
dns.jp.                 86400   IN      NS      nsd.dns.jp.
dns.jp.                 86400   IN      NS      nsa.dns.jp.
dns.jp.                 86400   IN      NS      nse.dns.jp.
dns.jp.                 86400   IN      NS      nsf.dns.jp.
dns.jp.                 86400   IN      NS      nsg.dns.jp.
dns.jp.                 86400   IN      NS      nsb.dns.jp.

;; ADDITIONAL SECTION:
nsa.dns.jp.             86400   IN      A       203.119.1.4
nsa.dns.jp.             86400   IN      AAAA    2001:dc4::4
nsb.dns.jp.             86400   IN      A       202.12.30.134
nsb.dns.jp.             86400   IN      AAAA    2001:dc2::2
nsd.dns.jp.             86400   IN      A       210.138.175.245
nsd.dns.jp.             86400   IN      AAAA    2001:240::54
nse.dns.jp.             86400   IN      A       192.50.43.153
nse.dns.jp.             86400   IN      AAAA    2001:200:c000::99
nsf.dns.jp.             86400   IN      A       150.100.6.12
nsf.dns.jp.             86400   IN      AAAA    2001:2f8:0:100::163
nsg.dns.jp.             86400   IN      A       203.119.40.4

;; Query time: 8 msec
;; SERVER: 2001:dc2::2#53(2001:dc2::2)
;; WHEN: Mon Apr 11 12:43:27 JST 2016
;; MSG SIZE  rcvd: 422

$
$ dig +norec dns.jp. soa @z.dns.jp.

; <<>> DiG 9.10.3-P4 <<>> +norec dns.jp. soa @z.dns.jp.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9582
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.jp.                                IN      SOA

;; AUTHORITY SECTION:
dns.jp.                 86400   IN      NS      nse.dns.jp.
dns.jp.                 86400   IN      NS      nsa.dns.jp.
dns.jp.                 86400   IN      NS      nsg.dns.jp.
dns.jp.                 86400   IN      NS      nsb.dns.jp.
dns.jp.                 86400   IN      NS      nsf.dns.jp.
dns.jp.                 86400   IN      NS      nsd.dns.jp.

;; ADDITIONAL SECTION:
nsa.dns.jp.             86400   IN      A       203.119.1.4
nsa.dns.jp.             86400   IN      AAAA    2001:dc4::4
nsb.dns.jp.             86400   IN      A       202.12.30.134
nsb.dns.jp.             86400   IN      AAAA    2001:dc2::2
nsd.dns.jp.             86400   IN      A       210.138.175.245
nsd.dns.jp.             86400   IN      AAAA    2001:240::54
nse.dns.jp.             86400   IN      A       192.50.43.153
nse.dns.jp.             86400   IN      AAAA    2001:200:c000::99
nsf.dns.jp.             86400   IN      A       150.100.6.12
nsf.dns.jp.             86400   IN      AAAA    2001:2f8:0:100::163
nsg.dns.jp.             86400   IN      A       203.119.40.4

;; Query time: 8 msec
;; SERVER: 203.119.1.10#53(203.119.1.10)
;; WHEN: Mon Apr 11 12:44:26 JST 2016
;; MSG SIZE  rcvd: 379

$

なんかね。

[nginx] ssl_ciphers

 General  [nginx] ssl_ciphers はコメントを受け付けていません。
11月 052015
 

すこしだけ手抜きを減らして?書いてみた。

※openssl1系

・ngninx.conf

ssl_ciphers 
TLSv1.2+kEECDH+AESGCM:
TLSv1.2+kEDH+aRSA+AESGCM:
TLSv1.2+kEECDH+AES:
TLSv1.2+kEDH+aRSA+AES:
TLSv1+kEECDH+aRSA+AES:
TLSv1+kEDH+aRSA+AES:
TLSv1+kEDH+aRSA+CAMELLIA:
TLSv1+RSA+3DES;

・ciphers

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

【艦これ】まったりんぐ

 General, Kantai collection  【艦これ】まったりんぐ はコメントを受け付けていません。
8月 282013
 

今日はまったりレベル上げ。

とかいいつつ2-1~4をグ~ルグル
eliteとかflagshipとかとか…イタイ

とりあえず長門、陸奥、赤城、飛鷹を改に…
扶桑、山城、隼鷹はその後かな…
ん?ええ…
あと1隻正規空母が欲しいな…

【今日の第1艦隊】
【艦これ】今日の第1艦隊

【艦これ】扶桑さん からの? 陸奥さん

 General, Kantai collection  【艦これ】扶桑さん からの? 陸奥さん はコメントを受け付けていません。
8月 272013
 

はいはいもうね戦艦ガチれしぴですよはい。

・x1建造クエ
燃400/弾 30/鉄600/ボ30(04:20:00) 扶桑

・x3建造クエ
燃 30/弾 30/鉄 30/ボ31(00:20:00) 駆逐
燃400/弾100/鉄600/ボ30(01:00:00) 重巡
燃400/弾 30/鉄600/ボ30(05:00:00) 陸奥

ラッキィ~

【艦これ】陸奥