Dns

Happy New Year!

Recently, I learned about a thing called ‘Catalog Zones’. A relatively new thing in DNS that helps simplify your DNS architecture. A Catalog Zones contains one or more ‘real’ zones. And it can be useful for configuring slave / secondary DNS servers.

(I would rather not get into the naming thing; I just want people to understand what I am writing.)

Before catalog zones, you had to provision each new zone to your slave DNS servers. Updates are no problem, most of the time. Just issue a NOTIFY and your slaves will AXFR the zone from the master. But configuring new zones onto slaves used to be a pain (unless you were using the superslave feature).

Recently, a colleague told me about the existance of SSHFP DNS records. A way to verify that you’re actually connecting to the host you’re expecting to connect to.

Here’s how you can set it up for yourself:

1: Run this command

➜  ~ ssh-keygen -r $hostname

2: ??? \ 3: Profit!

In all seriousness: you’re now going to see the records you need to add that are specific to the server you ran the command on. It looks something like this: