12/06/2011 - Removed TSIG stuff as it makes no real difference as TSIG authenticates transfers not encrypt them (my mistake). As known master/slave ip addresses its not needed.
12/06/2011 - Comment about new Patch for Slaves.
As the .nz domain space is going to be signed soon in the next 6 months I have decided to try and implement DNSSEC on a number of name servers.
All this is documented as I went along and found problems with the "not so good/lacking" documentation on the powerdnssec website and basically me guessing until it works.
This is similar on how I have my own personal domain spam.co.nz setup so you can do nslookup/digs and whois on this domain and see what is happening.
As I've used PowerDNS (http://www.powerdns.com) for quite a while I was pretty familiar with it and they have written a DNSSEC version of it as well (http://powerdnssec.org/) which will be all implemented into V3 of PowerDNS.
For testing I set up 2 DNS Servers.. One as master and one as slave using mysql as the backend on both servers. This is pretty standard setup of powerdns with some featured enabled to enable DNSSEC. I expect someone reading this to have used powerdns before and has some idea on getting it compiled and running.
and setting up the database on both servers in the schema
plus the additional schema to include for the powerdnssec stuff
Additionally you must increase the size of the content field in the domains field with
alter table records change content varchar(512); (on master and slave to be safe) This is not documented anywhere but if you don't do it.. you will have issues on your slave data being cut off as the size on the content is too small to fit all the data in.
Now we have the databases and powerdnssec working we have to add some data into the database for our zone in the master.
This will add a zone called "domain.co.nz" with 2 name servers ns1.domain.co.nz and ns2.domain.co.nz with ip addresses 188.8.131.52/184.108.40.206 withwww.domain.co.nz pointing towards 220.127.116.11
insert into domains (name,type) values ('domain.co.nz','MASTER');
select * from domains; # find the id of the domain we just added in
insert into records (domain_id,name,content,type,ttl,prio) values ("1","domain.co.nz","ns1.domain.co.nz email@example.com 1111 28800 7200 604800 86400",'SOA',86400,NULL);
insert into records (domain_id,name,content,type,ttl,prio) values ("1","domain.co.nz","ns1.domain.co.nz","NS",86400,NULL);
insert into records (domain_id,name,content,type,ttl,prio) values ("1","domain.co.nz","ns2.domain.co.nz","NS",86400,NULL);
insert into records (domain_id,name,content,type,ttl,prio) values ("1","ns1.domain.co.nz","18.104.22.168","A",86400,NULL);
insert into records (domain_id,name,content,type,ttl,prio) values ("1","ns2.domain.co.nz","22.214.171.124","A",86400,NULL);
insert into records (domain_id,name,content,type,ttl,prio) values ("1","www.spam.co.nz","126.96.36.199","A",86400,NULL);
You should now be able to look up the domain on the 188.8.131.52 with dig/nslookup
Now to add something to the slave DNS mysql server so it will replicate. This will allow a zone transfer oush from 184.108.40.206 with ns2.domain.co.nz in its NS records to be accepted and replicated to the ns2.domain.co.nz
insert into supermasters (ip,nameserver,account) values ("220.127.116.11","ns2.domain.co.nz","");
Now lets update the serial number on ns1.domain.co.nz
update records set content = "ns1.domain.co.nz firstname.lastname@example.org 1000 28800 7200 604800 86400" where id = "1";
Wait a little and it should replicate to ns2.domain.co.nz and you should be able to to nslookup/dig of the domain on the secondary name server.
We have a working DNS server but no DNSSEC Stuff now.
So what we do on the master is:
pdnssec secure-zone domain.co.nzpdnssec set-nsec3 domain.co.nzpdnssec rectify-zone domain.co.nz
increase the serial number as above (increase the 1000 number), allow it to replicate and then on the slave DNS Server
pdnssec set-presigned domain.co.nz ## New PowerDNSSec Patch coming soon which needspdnssec set-nsec3 domain.co.nz ##These two lines will not be needed on slave.
Increase the serial number again and allow it do do a transfer..
Now.. we have a working DNSSEC Nameserver.. lets test.
pdnssec export-zone-dnskey domain.co.nz 1 | grep DNSKEY > trusted-keys
dig +dnssec +sigchase +trusted-key=./trusted-keys -t A www.domain.co.nz @18.104.22.168
dig +dnssec +sigchase +trusted-key=./trusted-keys -t A www.domain.co.nz @22.214.171.124
The output should right down the end of both dig queries.
; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS
Any changes on the master now should replicate on to the slave automaticlly (make sure you increase the serial each time)
Sending to the .nz DNC.
We need the DS keys to send to the DNC so we do something like this..
pdnssec export-zone-dnskey domain.co.nz 1 | grep "IN DS"
domain.co.nz IN DS 22621 8 1 af6e9e8cb218dfab299d53732c323adbb7377893
domain.co.nz IN DS 22621 8 2 63ab915d16fe9b6c9af09ea6f6095af91a2ecd0f096c6ffd437504d04c7e7363
As I work at a registrar I will shpw you what needs to be sent in XML . Lets add some DS Keys from above in the correct format...
Need to show XML here...
Lets check what the whois now shows..
You should have some new entries added now from how it looked before..
ds_rdata_01: 22621 8 1 af6e9e8cb218dfab299d53732c323adbb7377893
ds_rdata_02: 22621 8 2 63ab915d16fe9b6c9af09ea6f6095af91a2ecd0f096c6ffd437504d04c7e7363
Note: the NZSRS accepts the DS records but will not publish them into the .nz DNS until later this year
Rolling Keys. (this may be wrong but it seems to work fine).. Still waiting on more information
ZSK Roll over (note this is slightly wrong.. need to update)
pdnssec show-zone domain.co.nz (find oldkey-id)
pdnssec add-zone-key domain.co.nz zsk 1024
pdnssec deactivate-zone-key domain.co.nz
pdnssec remove-zone-key domain.co.nz
KSK Roll Over (note: this is slightly wrong.. need to update)
pdnssec show-zone domain.co.nz (to find oldkey-id)
pdnssec add-zone-key domain.co.nz ksk 2048
Send new DS's to upstream (but don't delete the old one)
Wait until the upstream has new DS's in their DNS.
Remove old DS's from upstream
pdnssec deactivate-zone-key domain.co.nz
pdnssec remove-zone-key domain.co.nz
Remember this is all very VERY simplified and I am probably missing lots. There are many other things you have to do and think about if you want to use this in production. You still have more to do like how to send the information to the .NZ Domain Name system which will be explained in the next few days..
Rolling Keys over.. size of keys.. security of data.. who has access to the data. importing existing keys.. turning off DNSSEC on a zone..
I'll update this over time but if you have any questions please let me know.. If someone wants to say .. you are doing this completely wrong.. please do..
See me @ Google+
The first thing to remember is without anyone going to your website, you will make no money at all and website traffic is the most important thing in the world. The more people who go to your website, the more money you will make.
Sources of Adverts?
There are many sources of Advertising and types of advertising on the internet. The one that most people go to is Google Adsense. They are the biggest and work well and pay well and thats why you see them everywhere on the Internet.
Most sources of adverts will pay a CPC (Cost per Click) these days with a little CPM (Cost per 1000 impressions)
But there are many others out there. Some need you to be big, some will accept anyone. Some pay well, and some pay hardly anything.
www.firstrate.co.nz - One of the larger NZ advertising companies but you have to be biggish to use them.
www.clixgalore.co.nz - Overseas Company who accepts anyone
www.tradedoubler.com - Not used much at all but didn't pay well
www.smowtion.com - Used by the SMS Spammers to advertise their services and has a VERY low payout for adverts.
www.revsense.com.au - Trying them for a while
+ many others.
I've used myself I've used alot of advertising systems to name and most just fail in the income you get from them.
There are also Affiliate Websites who will pay for you advertising them and you make a profit on anything they sell via your referer. I've never had luck with these types of website (I've tried and made nothing from them even with thousands of impressions).
+ another 150+ based in NZ I've found in NZ. and there are 10000's overseas one.
You could go go directly to companies to ask them to advertise on your website so sometimes its just easier to go to the advert brokers.
So how do you run the adverts?
Simply you just place the adverts on your website and hope someone clicks on them. As I said before the more people that go to yuor website the more income you will make. Percentage wise only say 1% of people will click on the adverts and you may make 5c per click (These numbers are not real). Placement is important but we'll get to that a little later. On your website you will have saved some space to place the adverts and you usually insert the code given by the advert company in those places and the adverts will show.
Placement of Adverts
Where you put adverts on your website is quite important. A person will not scroll down to the bottom of your webpage normally and click on the advert down the bottom. They will normally click adverts up the top of website or adverts which are on the left above middle.
A good explaination of placement is: https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=17954
Promotion of your website
One of the first things I said was that traffic is the most important thing in making money from your advertisements. But how do you get people going to your website.
If People are searching for something they will look most likely at Google first and if you are not there, they won't find your website to go to. And how to get on Google? Nationally you will get on Google slowly but better is to go to Google Webmasters (http://www.google.com/webmasters). This website will allow you to see if your website is in google and its stats etc.
SEO? (Search Engine Optimisation)
You will find 100000+ companies who will help with your promotion (SEO) of your website on the internet and most of them are related to getting higher on Google. I cannot recommend any as I have never used them and done it all by myself.
What to Stay away from?
"Pay us $199 to get on 10000 search engines. As 95% of your traffic will come from google. the other search engines won't make much of a difference at all as no one uses them)
"Putting on your website. "Click on my ads". This is against all Advertising T&C's I've seen and will quickly get your Adsense and other accounts closed .
Autosurfing Websites. They get people to yuor website but the people won't look at your content or click on your adverts at all.
Guarenteed being on the 1st page on google with your selected keywords
Put a link on your website and I'll put a link on mysite. Normally these are complete scams
Seach (on google) for SEO scams and you can find all about them.
I personally run a number of small websites.. ALL with advertising or advertising related.
A number of them are below.. Most don'' need any input after they are set up at all.
http://www.unlockit.co.nz - Website Adverts and mobile Adverts for the iPhone
http://www.bcast.co.nz - Video CMS with Adverts and Adverts on the Videos
http://www.traceics.co.nz - Webstats for Websites
http://www.bannerexchange.co.nz - A Start of a simple Banner Exchange
http://www.nakednewsflash.co.nz - I did say that getting people to your website is the most important thing ???
http://www.nzdsl.co.nz - This used to be ranked ~#50 for NZ visitors for a short while in NZ a number of years ago
http://www.gaming.net.nz - Set up a Game CMS and then just leave it and people will come.
http://www.kiwiv.co.nz - Another Video CMS which just runs itself with adverts all over it.
http://www.nzvideos.co.nz - Yet Another Video CMS which just runs itself with adverts
http://www.videofun.co.nz - Yet ANOTHER video CMS which just runs itself with adverts
+ I have lots of others. I still have a day time job Working at an ISP.
Don't expect to be a millionaire on day 2.. Adverts are passive income. Set them up see how they word and change things around to see what makes you the most income from them.
It takes time to work out advertising. You must have something on your website that people want to go to it first before you even think about adverts. 100 people per day going to your website is not going to make any money. 10000+ you might start to see some kind of good income but remember adverts are no the reason people go to your website. You must have some proper content to attract people to go to your website in the first place.
I found it very hard (impossible) to find any of this hardware in New Zealand so I had to buy it from overseas. Motherboard and Case from www.mini-box.com.au and other equipment from various places on ebay. It takes a while for some parts via ebay but there sometimes isn't any other way (when you can't get them locally)
I am running Linux/xbmc at the moment and in the future looking into running mythtv on it when the crystalHD (BCM70012) drivers are available for it. I could also to run it under windows as the crystalHD drivers with this as well.
The amazing thing about it is the amount of power it actually takes to run. With no moving parts in it I have it running on a 12V 1.5A power brick and it runs fine. I am still waiting on the Z-U130 Card and have a 2.5" 80G HDD in it at the moment and the 1.5A power is still fine for running it.
When I get it all going I will give some stats from video playing. I still have some issues (like the latest SVN xbmc runs at 100% CPU for some reason) but I think its a bug in the new Xorg Intel driver which I have reported and hopefully getting fixed soon.
The motherboard doesn't by default come with digital Audio on the back out so I have added a SPDIF socket a the back of the case via the jumpers on the motherboard for it.
- D945GSEJT Fanless, UltraFlat mini-ITX motherboard + Atom 270 @ 1 x 1.6Ghz
- Intel Atom 270 @ 1x 1.60GHz
- 3 rear USB, 4 on-board
- VGA, DVI and LVDSl
- 1 x SODIMM (DDR2), up to 2Gb
- 1 x 1x 10/100/1000 Mbit LAN
- Realtek High Definition Audio
- 1SATA, 1 PATA
- Power: 12V on-board
- Standard I/O shield included
- RoHS compliant
M350 Enclosure. Fanless Small Case designed for Ultra-ATX Motherboards. It is one of the smallest cases around and will also allow me to fit a PCI card in with this motherboard as well. Most other MicroATX motherboards such as the Aton Ion Boards will also fit well well in these. (but without the ability for a PCI Card in the same box)
4G Z-U130 eUSB Card.
This will be used for the boot drive and all media will be played via the network via uPNP or alike. Its only 4G in size but is a good size to fix linux or even
windows for a frontend machine.
BCM 70012 Video Accelerator Card.
This Card takes in VC1/H264/MPEG2 and spits out raw video so your CPU doesn't have to decode the data and reduces the CPU needed to play the video . With this card and the motherboard it should be fine displaying 1080i videos via the Atom 270 Chip. This same card can go into an Intel Mac Mini running MacOSX and also allow them to offload to this card the video processing.
26/3/10 - Got the working BCM 970012 Card today and placed it in Motherboard. All good. Installed CrystalHD drivers and recompiled XBMC to use the Card. Played my DVB-T Tests.. Fail.. Seems XBMC and crystalhd won't play these properly as of yet but its being worked on. I tried another couple of h264 files including the 1080p BigBuckBunny movie and it plays fine.
I'm still having trouble getting a number of BT adapters working under Linux. 2 different ones from ebay @ $3.95 each including postage don't seem to work correctly.. One advertised as working under linux and one which said it doens't work under linux, but they where exactly the same hardware (and MAC Address) so be aware as it seems alot of cheap ones have the same mac adddress! no problems unless you want to talk to another one :-). Anyway if anyone has suggestions for a working BT adapter that works under linux let me know. Ordered a USB IR receiever/remote from ebay for $9.95 to use instead at the moment.
Ordered a PCIe to MiniPCIe Adapter and will get another BCM970012 Card Later so I can do more development on my desktop machine for the rystalhd stuff as the BCM970015 Cards arn't available as of yet. (BCM970015 are PCIe versions of the PCIe 970012)
23/3/10 - Upgraded Power Supply to a 12V 3.3A Power Supply. 1.5A was a little small to run the box after I placed a USB flash drive into the box so it would reboot whenever it tried to use lots of power.. the 3.3A (40W) Power Supply seems to have fixed this completelty.
13/3/10 - Received the Z-U130 yesterday and placed it in. Reinstalled Linux on the Box and found with SSD a few "changes" had to be made as SSD drives are fast read and slow write.
This reduces the amount of swap the machine does but my machine never uses swap anyway...
add elevator=noop in the kernel line so it does no recaching of data from the SSD
add noatime so it doesn't need to update (write) the access time everytime you read a file>
I don't know which one did the biggest change but before these changes the filesystem would have mini freezes whilst accessing data.
12/3/10 - Just a few stats. With the Z-U130 drive and hdparm speed.
Timing cached reads: 1084 MB in 2.00 seconds = 542.18 MB/sec
Timing buffered disk reads: 66 MB in 3.03 seconds = 21.75 MB/sec
Since I started writing iPhone webapps I found some well interesting bugs and things you can do on the iPhone. Yes I tried doing some stuff which no one else would even think about for my www.unlockit.co.nz website but they where definately bugs.
The only one they have fixed so far is RFC2397 support for mobileconfig files. I reported in January and got notified it was fixed AFTER V3 Final was releasd. They said for me to install V3 GM (I'm not a "paid" developer")
So why is this an important bug to fix? Well it means I can now write (and I have) an offline version of my unlockit.co.nz website so people can run it offlne when they have no internet access.
After Apple have fix this one I came across another one..
If I set
RFC2397 formatted mobileconfig files don't work but if I set
they do work.. sigh..
Now.. apple yesterday released the Mobile Enterprise Appplication for V3 iPhones.. it included a few more things which you could set up,, but still didn't explain 100% (well at all) the type-mask option for APN's in their own files (not included on purpose?)
Apple have included the option of adding "webclips" (putting an icon on your iPhone which links to a webpage). Yes that sounds boring yes until you figure out its a easier way to install Webapps on the iPhone instead having the user to make a bookmark.
So I tried and yes webapp which the link is an RFC 2397 formatted link.. and .. you have an offline webapp :-)
Yay.. but found ANOTHER bug..
Links (webclips) as they call them which are set
Don't go full screen!!! ARGH.
But if you make them via a "bookmark" they do..
Found ANOTHER iPhone V3.0 Bug today... Subscribed Calendars don't like @ in usernames for Authentication. Reported
Found ANOTHER iPhone V3.0 Bug today. If you link to an Appstore App in an iframe they will NOT open in iPhone Safari !!!! if you link to them the same way but not in an iframe they will open ok. Have reported to Apple
Update : Zinwell have released in the last 2 weeks the source code for the GPL Parts of the Zinwell 620HD and Zinwell 640PVR. They can be download @ http://www.zinwell.com.tw/support_download.php
Note: this does not match the firmware on the NZ Units as far as I can tell so they fail... and they still don't include an offer to supply this software with the unit which is against the GPL as well.
Companies these days have to realise that if they want to use software they have to follow the rules. Most people would not pirate software as its copyrighted so why not follow the rules when using a product which includes a simple Licence to use it.
A certain type of licence is called a GPL (General Public Licence) and alot of software is produced under this licence including the Linux Kernel. But some companies don't follow this Licence and break this GPL. IMHO this should be treated just like any other copyright infrigement..
Copy of GPLv2 Licence - gpl-2.0.txt
The GPL basically says if you are using the software then you must (apart from other things)
- include the GPL Licence with the product
- offer the source code for the software
And this is the problem.. Zinwell/DSE/Others don't...
Product: ZMT-620HD - DVB-T Set Top Box
Information: Sold in New Zealand non-branded via many retailers and branded via Dick Smiths (http://www.dse.co.nz)
Problem: Includes GPLv2 Software but doesn't include GPLv2 Licence or offers the source code. This means they are breaking the GPLv2 Licence thus breaking copyright.
The Zinwell 620HD includes the following GPL Software
Linux Kernel - Linux version 2.6.12-4.0-brcmstb build version 2612-4.0 (email@example.com) (gcc version 3.4.6) #30 Thu Jun 14 15:08:03 CST 2007
Busybox - BusyBox v1.2.1 (2007.04.18-10:43+0000) multi-call binary
See output from boot: boot.txt
Supplied Manual (DSE Branded)
Supplied Manual (Non Branded Zinwell Version)
Zinwell (firstname.lastname@example.org,email@example.com,firstname.lastname@example.org) - No reply
Dick Smith Electronics (email@example.com) - Replied saying they are contacting zinwell..
Thank you for your query. Please be advised that Dick Smith Electronics
do not have the source code for the FreeView receivers and this is the
responsibility of the manufacturer. The manufacturer in this case is
Zinwell so please contact them with your request. We will forward on
your request to Zinwell as well, for them to respond.
All I have been given the website www.zinwellaustralia.com.au where
there is a 'Contact Us' link at the top right.
No-one has been able to supply any email addresses to me to be able to
You could always try the standard
'LastNameFirstInitial@CompanyName.com.au format and see if that produces
Sorry that we can't help you better with your queries, but we appear to
be limited in the information that we can obtain.
BusyBox (firstname.lastname@example.org) - Got a reply saying they are interested in taking it further. Waiting on more info..
GPL Violations Mailing List (email@example.com) - On going discussion on mail list.
Freeview New Zealand - No Reply
Next Electronics (Distributor within NZ) - No Reply
firstname.lastname@example.org (Listed as owner/tech of zinwellaustralia.com.au) - No Reply
email@example.com (Email on the broken contact form of www.zinwellaustralia.com.au go to this email address) - No Reply
firstname.lastname@example.org - Replied and says cannot help apart from forwarding it to River @ Zinwell
email@example.com - No Reply
firstname.lastname@example.org (River Chiang) - No Reply
Also have contacted the below about GPLv2 Inforcement/Information/Status:
NZOSS (The New Zealand Open Source Society) - Have replied..
Copyright Council of New Zealand - Replied saying they cannot help??
Ministry of Economic Development (They look after/enforce copyright law in NZ) - No reply
Things to do...(maybe)
Seems that the Greens have a strong open source policy (http://www.greens.org.nz/campaigns/it/)
"In addition, the Green Party advocates the use of Open Source software where practical, as a means
of making technology available to as many New Zealanders as possible while encouraging indigenous
solutions to local problems."
Nandor Tanczos is a great believer of Open Source Software (http://www.nandor.net.nz/virtual/source.php)
Contact the Media
So if you want to help email me at email@example.com or leave a message for me here.
07/09/2009 Update: Heard from Busybox saying they are interested in taking it further... (yayaya)
02/07/2008 Update: I have been in contact with some of the parties involved and they are bringing it up to higher levels.
04/07/2008 Update: DSE have contacted me again and all they can give me is a website contact form which does not work
04/07/2008 Update: Listed More Contacts I have found to get in touch with someone who can comment/help
11/07/2008 Update: Emailed Zinwell Again (to all the email addresses I have for them)
23/07/2009 Update: Emailed firstname.lastname@example.org and Kevin Colley (email address removed on request)
13/07/2009 Update: Reply from Neil Smith saying can't help apart from Forward to River Chiang @ Zinwell
There has been a little talk of IPv6 around the internet in the last week about if/when etc it will take off, and it is a chicken and egg problem. No content so why enable it, and why enable it when there is no content.
A website decided to do something about it, by offering a large amount of Porn via IPv6.
I have done the same and you can get Internet Porn for free if you have an IPv6 connection.
You can see it by going to http://www.ipv6porn.co.nz. If you don't have a IPv6 connection it will link to information via IPv4 for you to get it/enable it etc.
The Original Idea is taken from http://www.ipv6experiment.com which will have content via IPv6, but only later in the year.
You haven't promoted it.. Ah you say. ok.. lets just buy 100,000 email addresses and email them to visit your website.. BIIIZZT WRONG..apart from being wrong it is illegal in alot of countries and its against the T&C of most ISPs and will get you kicked off whatever ISP you are on.
This is the problem I had a year ago. I had a website, but no one went to it. So what are some suggestions to get more people to your site and make $$ from it. So here are a few suggestions.
- How do people know you exist?
- Why would people go to your website?
- Why would people continue to go to your website?
- So you have the people.. start making $$ of them
All these questions + more will be answered as time goes on.
If you have not been there before visit http://www.nzdsl.co.nz.
It is New Zealand's Largest Broadband Information Site including
speedtests, Forum and more
Thousands of New Zealanders visit this site per day..