Doing cryptography is hard, luckily there are enough libraries out there that help you with it. OpenSSL is probably one of the best (known). Go has its own crypto library, which is written in pure Go.

Now with these aids crypto becomes doable for mere mortals, but all these libraries work with buffers which hold the data, the signature and sometimes the key also. Off-by-one errors in composing these buffers leads to a “Bogus signature” error (in DNSSEC). The problem here is that you don’t get any other clue on what went wrong. For me as a programmer an error such as “Shift buffer A one byte to the left and you’re OK”, would be much better. But due to the nature of crypto these kind of errors are not possible, nor desirable.

I’ve implemented axfr in my Go DNS library in nice and Go-like way (at least that’s what I like to think). Starting an axfr results in a channel which can then be used with the range keyword to loop over it, until the entire axfr is received.

Using it

First the normal begin of a Go program:

package main
import (
    "fmt"
    "dns"           // DNS package
)

Then we start the main function in which we define a new resolver and a channel for receiving the axfr messages. The channels will send dns.xfr messages which is defined as:

Lekker dat schuifelen over de ijzel

Fri Dec 31 09:33:13 +0000 2010

@WebAudience die was makkelijk! #nsa maar wel leuk

Fri Dec 31 09:37:28 +0000 2010

RT @jeroenbulten: Yes. De validating resolver doet het. http://twitpic.com/3ljnmz

Fri Dec 31 11:55:42 +0000 2010

So I can pack/unpack uint8/16/32, string, hex, etc. Looking at TSIG RFC: time_signed: uint48, 48! *GRRRR* #godns

Fri Dec 31 15:14:38 +0000 2010

Staan hier 2 jongetjes vuurwerk af te steken en het wordt meteen al mistiger. Beloofd wat voor vanavond.

And finally, after so many years miek.nl can be DNSSEC validated from the root down. Check it yourself.

[ post updated to reflect changes in the library ]

This library takes a new, innovative and enterprise ready approach sends and receives queries to and from the DNS.

The library was forked from the official DNS code in Go (in the net package). Since that time Go team has thrown out this code and started to use the system’s C library via a wrapper. I was however struck by the elegance of the code (esp. the pack and unpack functions), so I forked it and added new record types (AAAA, DS, RRSIG, etc.) and turned into a more general DNS API.

I’ve extended the DNS filesystem a bit and added the possibility to WRITE to it. This only works for zones which utilize dynamic updates.

You can now mount the world and write to it!

Also TSIG should be supported (but I have not tested it - as I’m lazy). For TSIG you need a file (named “dynupdate” here with the following):

# domain           tsig-key name       key
miek.nl            tsig-key            awwLOTrFPge+rRKF2+DEiw==

Code is still contained in a single Perl file.

This is the second time I’m writing this, but now its much better then the previous attempt.

The idea is as follows, using Fuse and Perl this is an actual filesystem which maps the DNS to files and directories.

You can now mount the world! :-)

The following holds true for this filesystem:

• Uppercase named directories are zone-cuts, or;
• Uppercase named directories are labels;
• Lowercase named files are rrtypes (like txt, soa, etc.);
• The content of the files is the RRset for the name (current directory) and the type (the current filename). So /NL/MIEK/soa is the soa record of miek.nl;
• TTL is encoded the {m,a}times (current time + TTL of the record).
• For each directory the fs ask for ns a aaaa txt soa dnskey rrsig and ds to see if they exist.

So /NL/MIEK/A is the name a.miek.nl and /NL/MIEK/A/a is the A record for a.miek.nl. /NL/MIEK/soa is the SOA record for miek.nl (as said above).

@sidn heh, at least it isn’t DNSSEC related

Tue Nov 30 14:12:25 +0000 2010

Replying to @bdekruijff

goede verhalen vertel je het beste in de kroeg! Wanneer?

Tue Nov 30 19:36:54 +0000 2010

@BartVroom @bdekruijff vrijdag it is. 8 uur? Haantje?

Tue Nov 30 20:17:40 +0000 2010

Where is the 10" Android \(3\.0?\) based tablet. Hurry #google. I want to spend money \(not to much though\)

Tue Nov 30 21:01:21 +0000 2010

Zo daar sta je dan in santiago de chili, eerste biertje achter kiezen, nu de stad in

Sat Oct 30 16:15:50 +0000 2010

RT @wmacgyver: Learning #golang book available in PDF format http://j.mp/b9AXss

Sat Oct 30 21:21:34 +0000 2010

This morning I’ve tagged version 0.2 of “Learning Go”. Among the larger changes is that “Interfaces” is now a separate chapter.

I have also removed/added/updated the text. Fixed mistakes in the text and code (and probably added new ones).

To get it:

• PDF download
• Gitweb repository
• Daily builds
• Latest daily build

Feedback is welcome.

Of course a lot of work still needs to be done:

• (Finally) fix all the exercises;
• Test/Retest if all the Go code works with the latest compiler;
• Finish the last chapters (chapter 6,7 and 8);
• …

It is already possible to use filters in Git. But embedding the current file name in the expanded string is somewhat harder.

You can do this by some edit wrapper which inserts the file name “at the right time”, but I think it is much more cleaner to do this in the git-filter script.

For Puppet I want system administrators to see from which directory in the Git repository the file came from, like so:

If you know LaTeX, you know that precise float placement (I want this figure to positioned right here) is almost impossible. But what nobody told you is that there exists a float package (only since 2001 - maybe even earlier). With this package you get a new placement modifier: [H], which means: “Put this damn figure right here!”.

LateX users everywhere cheer.

Specifics are described in the pdf in the package. Using it on Ubuntu/Debian

I’m preparing a 0.2 version of the Go book I’m writing. There are lots of small tweaks in the text and in the layout. I still need to extend the number exercises (and enhance the answers a bit), but it is slowly coming together.

There is a new chapter on how to write programs that communicate with the outside world (via files, sockets, etc.).

Some infrastructure work includes an automatic code checker — sadly written in Perl.

Well, the upgrade was easy enough, some weird LDAP database corruption that was fixed easily by running db4.7_recover in /var/lib/ldap.

There is something fishy going on in /etc/nsswitch and using ‘files’ instead of compat. Got lots of segfaults:

[90474.491264] zsh[5668]: segfault at bfcf07ef ip 001be398 sp
bfce4efc error 6 in libnss_files-2.12.1.so[1bc000+a000]

Not enough for a bug report (yet), I still need to examine this further.

Hoppa: pxe + puppet + git werkt perfect, servertjes komen op en wordt autom. geconfigureerd

Thu Sep 30 10:53:30 +0000 2010

Nice idea and looks like a promising configuration tool: http://augeas.net/index.html

Thu Sep 30 12:14:45 +0000 2010

Helemaal in mijn sas met mijn nwe samsung galaxy

Thu Sep 30 20:15:15 +0000 2010

Replying to @bdekruijff

2 proggies, wat flashen en klaar. Ik ga snel ook de foon van @snavaes flashen

Tue Aug 31 05:32:11 +0000 2010

Mental note to self: nieuw toetsebord regelen. Die HP’s zijn ondingen

Tue Aug 31 09:25:36 +0000 2010

Ja, dat krijg je er nou van... http://tinyurl.com/36b59c8

Tue Aug 31 11:49:24 +0000 2010

Heb de flash kriebels: zo maar eens een nightly build op een hero flashen \(of 'm bricken\)

Congrats to SIDN

% dig +dnssec +multiline DNSKEY nl 

;; ANSWER SECTION:
nl.			6547 IN	DNSKEY 256 3 8 (
			    AwEAAbXfJH0LevocrgMOI62Y0+oD02AxPrsXja59z11c
			    cqgW527Ghac2f1aj32a4c1Wc+H6UhTy+daf6LkVytw0l
			    lMmzDDVn/YHcfh7B+9DdbVjdBHvY6q+YTnZbsU3wGwod
			    PMneYJZl8d47eFYmraKKl/endifNukan0z4GkaKYHuI1
			    ) ; key id = 37408
nl.			6547 IN	DNSKEY 257 3 8 (
			    AwEAAekt0eDh+EmOVQMh1av++d5F6eS3B85YkFW9OBQN
			    8X9EA1rG8vl9TRHFBUfpu/vIaUJeuXV9tm/PO+qhNyIL
			    WxI26W1t1/EKr1WhbaNsLXPMhjtuelPqpxuQL/onXvhB
			    83uPcF88pjnKmu73pcdhInLfYkf4JfARztj4e+xaddoL
			    5eJ0Fj3KMVd303NAsH0tmRPBi3EGMAOtM4Ic84Rn8ZkH
			    bwmVUQ3n4qRYaLpgvmpX82RUpEkgPxhrrJGENp1QYGPv
			    0oWPWkcJcSUGsEBgjLSal5IzTJmOEFm7nzbvyrfq/KJX
			    PZZRfJgPpFPwqNfY+GlTfb39kDEcB34z2LCNM2U=
			    ) ; key id = 38420
nl.			6547 IN	RRSIG DNSKEY 8 1 7200 20100902004149 (
			    20100819064254 38420 nl.
			    0/C52WJ2OjQZOrP8y7relQWGVS5gmJLnwnrbic7dGNeJ
			    PVjI7W2gXgt8vVTg36bQ6gVpX7GG2zwvNA/cYTGYnfvF
			    n+0HpA8oZLqeVh1rbQR3oU+iym5F4vX1pka7pbJk358x
			    O9B9KsMFXH9exCoHHXzu/SU3D/TPZ60imrNgvJp6iOci
			    kPeomSQhwKmyyKBUheaOocdV/XIMtzFwOnKYV6bu9wCq
			    PXtOj4Qhp8Ty7mGMnOSpgAzwWcksvqmSZeNpC/tLT/57
			    TxefWNNGlbdY7+fxvA0T+AQVn0xctsS1y194SAv92kZW
			    azVQ9+ZYxQLVZqwSl1/ZBo8spxT1aiwMnw== )

Write a number cruncher that works as follows:

• Pick six (6) random numbers from this list:

  1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 25, 50, 75, 100
  

  Numbers may be picked multiple times.

• Pick one (1) random number (i) in the range:

  1 . . . 1000
  

• Tell how, by combining the first 6 numbers or or subset with the operators +,-,* and /, you can make i;

I’ve tagged an 0.1 version of the book I’m writing: “Learning Go”. It currently has 7 chapters. The first five are finished. Chapter 6 and 7 still need work. The exercises can also use some (more) love. The current chapter list of “Learning Go” is:

1. Introduction
2. Basics
3. Functions
4. Packages
5. Beyond the basics
6. Concurrency
7. Communication

To get it:

• PDF download
• Gitweb repository

If you have comments, text or exercises feel free to drop an email.

There are no formatting rules when writing Go code, but there is an official style. If you pipe your code through gofmt, its output is the official style. So while writing you need to occasionally execute: %!~/bin/gofmt (which I’ve wrapped in a command, so I only need to type :Fmt).

But the trouble is that executing this code resets the cursor to the first line and you then have to jump back to whatever line number you were on.

The last couple of days I’ve been working on (better) DNS support in Go. I think it would be very nice to get something like ldns in Go, but then in less lines of code.

I’ve just published the first code on godns @github. This is heavily based on the DNS implementation currently in Go, in the net-package. Current additions consist of:

• AAAA support;
• Parsing rdata to hex or base64;
• Groundwork for DNSSEC types (DS, DNSKEY, RRSIG);
• Groundwork for EDNS0.

More info (well not a lot at the moment) can be found here.

I have done programming in (or at least looked at) the following computer languages during my live. Of course the world is not a perfect place, but some languages out there are just plain awful.

• BASIC - with line numbers! At the time (I was 11) didn’t know there was something else out there. Fun and easy language, although I never programmed in it ever again.

• Pascal - After BASIC, there is no going back to Pascal. Only briefly looked at it in my youth and discarded it in favor for BASIC…

Te hard gewerkt vandaag, pas nu lwn.net lezen...

Thu Jul 29 19:24:11 +0000 2010

Warm welkom voetballers Noord Korea: http://tinyurl.com/2cz7l4c Warm lood wrs

Wed Jun 30 10:08:59 +0000 2010

Replying to @danielaukes

je moet gewoon veel drinken, dan komt het wel goed

Wed Jun 30 12:24:21 +0000 2010

En toen was het officieel: per 1 sept treed ik in dienst bij SIDN. Jeuh!

Wed Jun 30 14:28:47 +0000 2010

\(even algemeen\) dank. Ja, ik ga met DNSSEC pielen, maar ook nog \(veel\) andere zaken. DNSSEC is toch al bijna af :P

I’m still “writing a Go Book” which boils down to playing with , Go and Vim.

Building the whole document might be a bit tricky, because of all the packages you may need.

Assuming you already installed TexLive on your system, you will further need to apt-get install:

• texlive-xetex
• ttf-droid
• latex-cjk-common
• latex-cjk-japanese-wadalab
• latex-cjk-xcjk
• latex-xft-fonts
• latex-fonts-recommended
• ttf-sazanami-gothic
• inkscape (for .svg to .pdf conversion)

Which should make it build. If not, please let me know.

I did a small upgrade to the newest version of Chromium and all of the sudden the fonts in the browser area were all blurry and fuzzy…

After some searching it turned out that WebKit (which Chromium uses for the rendering) uses the settings from font-config instead of the whatever you click inside your DE’s configuration tools.

% fc-match -v Arial | egrep 'family|hint'
family: "Arial"(s)
familylang: "en"(s)
hintstyle: 1(i)(w)			<- '1' means slight hinting
hinting: FcTrue(w)
autohint: FcFalse(s)

And to remedy the situation:

After reading the Android Book from O’Reilly I saw some nice use of bullets alongside source code which allowed for extra explanation to be given after the code. I thought only one thing: I want to use that too, but then in . After fiddling around for an evening it finally looked like this:

There are two ways you can do this. The easy way is to write a few macros which create numbered bullets in the code and then use these numbers manually after the code to add your explanation. There are however problems with this approach; You need to manually keep the numbers in sync and thus it distracts you from focussing on the text.