Adding a DKIM record to your DNS

Adding a DKIM record to your DNS is quite simple. Add two txt records like

_domainkey.domain.com          IN TXT o=!;r=postmaster@domain.com
selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key>

Which means:

  • o=~ the server signs some mail
  • o=- all mail is signed, but unsigned mail should be accepted
  • o=! all mail is signed, do not accept unsigned mail
  • t=y I’m still testing
  • v=DKIM1 we use DKIM version 1
  • k=rsa it is a RSA key
  • r=<x@xx> report problems to this email address
  • p=<public key> this is my public key

IPv6 Tunnel with Cisco

Cisco does support PPPoE with IPv6, so if your provider does support IPv6, you can do a native connection. If not, you can establish a Tunnel to SIXXS or another IPv6 provider.

ipv6 unicast-routing
interface tunnel0
  description IPv6 uplink to SixXS
  no ip address
  ipv6 enable
  ipv6 nd suppress-ra (<12.4)
  ipv6 nd ra suppress (>=12.4)
  ipv6 address [Your IPv6 Endpoint]/[Prefix Length]
  ipv6 mtu 1280 (or other MTU value)
  tunnel source [Your IPv4 Endpoint]
  tunnel destination [PoP IPv4 Endpoint]
  tunnel mode ipv6ip
!
ipv6 route 2000::/3 [PoP IPv6 Endpoint]

Fortigate Session Timeout

This article describes how to change the session TTL for a specific port. In this example it is telnet.

config system session-ttl
 set default 1800
 config port
 edit 23
  set protocol 6
  set timeout 3600
  set start-port 23
  set end-port 23
 next
end

The session timeout is in seconds.

Protocol 6 is TCP.

Protocol 17 is UDP.

If you leave the protocol on 0, it is valid for all protocols.

Alternatively you can change the TTL per policy. Again, this is only possible on the command line.

config firewall policy
  edit 1
    set session-ttl 1800
  next
end

It is also possible to change the TTL per Policy or per application on the CLI.

IPv6 Address renumbering

IPv6 uses provider aggregated IP addresses. In the documentation you can read, how easy it is to do address renumbering.

You can specify a general prefix on a device. If you need to change the address, you have to change the global prefix only, and all addresses got the new prefix on this device.

On cisco devices it is:

ipv6 general-prefix PROD 2001:DB8:1234::/48
!
interface Vlan1
 description Management Network
 ipv6 address PROD ::1:0:0:0:2E1/64
 ipv6 enable
!
interface Vlan2
 description Management Network
 ipv6 address PROD ::2:0:0:0:FF/64
 ipv6 enable
!

Now you change the address of the generel-prefix PROD and all your IP addresses on this device are changed.

Using chmod

chmod is the tool to change the permission on UNIX based systems.

For the options consult wikipedia.

Why is it worth to mention it here? If you change the permissions recusively ofer a directory tree, usually you do not have the right permissions for directories and for regular files.

You can avoid that by using find, as shown in the example:

find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod 644

Type “d” applies the change to directories, whereas type “f” applies it to files. find “.” means to all files starting in the current directory.