During a seminar at the University of Trier I gave a DNSSEC talk (in German). If you would like to have the slides, you can download them here or from SlideShare.

Relevant RFCs

Here is a list of relevant RFCs for DNSSEC:

Spreading DNSSEC

To not only talk about it, but also to promote the distribution of DNSSEC, I have activated DNSSEC for my domains, including this one. Try the following command to check for valid DNSSEC records:

% dig +dnssec -t ANY



Window buttons at Ubuntu Lucid – Round 2

Terrifying. With every Ubuntu installation I have been able to convince my window buttons to take the position on the right side of the screen via my instructions from here. Now, after an upgrade from Ubuntu 12.04 to Ubuntu 12.10, they were left again. Stupid thing: The old manual doesn’t work anymore!

For all frustrated users, here’s the command to straighten them out:

gsettings set org.gnome.desktop.wm.preferences button-layout ‘:minimize,maximize,close’


phpDNSAdmin – Modular DNS Administration Tool

Those who work a lot with DNS know that bind zone files are quite cumbersome to manage for larger zones. Since I work a lot with DNS servers both professionally and privately, I have been looking for ways to solve this problem. A finding in this search was PowerDNS, a database based solution for DNS servers that also supports DNSSEC. At the same time, however, there was no reasonable UI tool to meet my requirements. There are many alternatives to Bind (besides PowerDNS, e. g. MyDNS etc.), but apparently you have to decide together with the DNS servers which GUI features you want to have. Many user interfaces, for example, do not support all resource record types provided by the server. So I came up with the idea to start a new web-based GUI project: phpDNSAdmin.  The goal here is to provide a frontend that provides all possible RR types and functions regardless of the DNS daemon used. New RRTypes, DNS-Dameons, authentication methods etc. can be easily added by a module structure. The tool was written in PHP, as frontend framework ExtJS is used.

You can find phpDNSAdmin at GitHub.


Window buttons at Ubuntu Lucid

As far as new Ubuntu versions are concerned, I am a very brave person. Therefore, a few days ago I updated my netbook to the Alpha6 of the new Ubuntu Lucid. The first impression was very positive after the reboot was completed, but the only negative aspect that came into play was probably the only one, but it was very annoying: The artwork team decided to display the buttons for minimizing, maximizing and closing on the left side of the windows by default. For someone who has always been used to finding these buttons on the right since he started using his PC, this is an unpleasant experience. Again and again, the mouse moves up to the right – to click into the void.

So I started looking for ways to move these buttons to the right again. Here is the solution how it works:

In the gconf-editor tool, there is a key with the name button_layout in the category /apps/metacity/general. The value of this is set to maximize, minimize, close:. By adjusting this value you can influence the position of the variant I am using: minimize, maximize, close, but everybody can decide for himself. Click on each window again, then all the new settings should have been applied.


I had this problem once again, but the instructions don’t work anymore. For a new tutorial see here.



The SwitchDB – a web based network management tool

My first project at the university, or rather the project for which I was originally hired, was the SwitchDB.


The university’s network consists of over 200 switches, together with over 6,000 Ethernet ports. Each of these ports must be configured according to location and usage. Since there are different departments, each of which should have different authorizations. E. g. the representative of the IT department should only be able to configure the switches located there, but only with the VLANs belonging to the IT department – and not those of e. g. mathematics. There were also roles that should only enable/disable ports without changing any other settings, and also roles that should have global (or limited) read-only access. In short: The rights model was very extensive and complex and no known solution had the necessary functions at the start of the project to map this appropriately.

The idea: Developing the SwitchDB

Therefore the development of the SwitchDB was decided: A web-based tool written in PHP for managing the entire university network. A MySQL database served as data storage, the connection to the switches was implemented via SNMPv2 protocol.

How it works

Changes are transmitted directly to switches via SNMP, so that the success or possible errors in the configuration can be directly controlled. Extensive cronjobs scan the entire network at regular intervals in order to map the current state of the database. Later, time-based changes (for scheduled business events, for example) were implemented. The Neighbour Discovery Protocol also enabled newly connected switches to be automatically detected and integrated. A service for receiving SNMP traps even made it possible to react directly to events that have just occurred (e. g.”end device plugged in”,”switch rebooted”, etc.). The implemented rights management was able to control valid values for each property to be set per role as well as accesses that were exact down to the port.


Huawei UMTS USB Stick with OpenWRT

Because of the increasing proliferation of mobile data services and the increased affordability due to falling prices and affordable flat-rate offers, I have dealt a little with the possibilities of this type of Internet access. My goal was to find out if UMTS (or GPRS) can be used as a replacement for a cable DSL connection.

Since the normal home user works with WiFi at home, I wanted to create a solution where a mobile data connection such as GPRS or UMTS can be shared by several clients via WiFi. Since most of the UMTS/GPRS receivers that can be used for this purpose are available as USB versions (the other few are PC Cards), a router with USB connection had to be purchased. Fortunately, I had a Asus WL500g Premium in my hands. A well known customizable firmware for self-build or self-download is OpenWRT, so I was looking for ways to get such a USB data stick with OpenWRT running on this WL500g. As a stick I used the K3520 from Vodafone, which is nothing more than a beautifully packed Huawei E620 (as far as I know).

A very nice manual that worked (almost) without any problems can be found at Using other Huawei UMTS/GPRS modems is no problem, you only have to find out the appropriate USB-ProductID (e. g. using a normal Linux, plug in the stick and run lsusb). Almost every commercially available device subsidized by the major mobile operators such as o2, T-Mobile, E-Plus and Vodafone is a renamed and repackaged Huawei card.

The only problem is caused by this strange dual-mode of the USB devices: The Huawei sticks log in (depending on your mood?) either as a mass storage device or as a USB modem. In the OpenWRT sources there is a small tool which can tell the device that the modem mode should be selected – but hardcoded to the product ID 0×1001, which I think applies to the E220, but not to the E620 (0×1003). Interestingly, the code for parameter use is already there, but is commented out….

To eliminate this flaw, I created the package myself again, this time with support for parameters. If you want, you can download the package, copy it to your router via SCP or wget and install the package with opkg install (please uninstall the old package first). Here are the commands for removing the old package (if installed), installing the new package, and an example of how to use the program:

opkg remove huaweiaktbbo  # remove old package
wget  # download patched package
opkg install huaweiaktbbo_1_mipsel.ipk  # install new package
huaweiAktBbo 0x12d1 0×1001  # use program (use your specific USB ID)

After these actions it was no longer a problem to access the internet with the help of the above linked instructions. Even with GPRS, the speed for surfing is still acceptable, but fast is different. I haven’t been able to test UMTS yet, but I will be using it soon. I measured latencies between 1000 and 2500ms, bandwidth ranged between 20 and 35 KB/s.


In rural areas or for chronic chatters, this solution is very practical, as the data throughput is higher than first expected, but by far not as exhilarating as with “real” DSL. For chatting, blogging and further web browsing this solution is acceptable, most pages are visible after 5 seconds. If you have the possibility of a cable DSL connection, you should prefer this in any case. If you want to administrate via SSH server, for example, you are on a lost position because of the very high latency times. Multi-user operation also works without any problems, with simultaneous data transmissions it takes a little longer. Please note: The providers differentiate between single and multi-user tariffs. This is not easy to determine whether one or more devices are going online over the same connection, but it works. I don’t know to what extent this is used by providers.


SMS Gateway with Siemens TC35i

To support the computer monitoring at the University of Trier, a Nagios system was set up, which tests the function of important systems at regular intervals and notifies the administrators of problems if necessary. However, there was initially only email notification, so that the problem report was sometimes seen very late, which in exceptional cases may cause further problems. That’s why we wanted to implement a faster notification, in this case via an SMS Gateway. Read more “SMS Gateway with Siemens TC35i”