post icon [news] [activity] Projects Activities
[2021-10-17 12:52 +0200] WIP Bip> Revision 1df88454 (bip): Add a man page for the bipgenconfig script
[2021-10-17 12:47 +0200] WIP Bip> Revision 814ef729 (bip): Add man pages in Documentation key of systemd unit
[2021-10-17 12:19 +0200] WIP Bip> Revision 462c1036 (bip): Fix spelling errors found by Lintian
[2021-10-16 17:33 +0200] WIP DuckCorp Infrastructure> Revision 7b3b3413 (duckcorp-infra): Add redmine container to keep it on Buster
[2021-10-16 17:32 +0200] WIP DuckCorp Infrastructure> Revision c67c4f04 (duckcorp-infra): dc-accounts: sssd now detects needed AAA services
[2021-10-16 17:32 +0200] WIP DuckCorp Infrastructure> Revision cc0ffc3d (duckcorp-infra): dc-base: install nftables
[2021-10-16 17:32 +0200] WIP DuckCorp Infrastructure> Revision 65833132 (duckcorp-infra): dc-base: ping python3-certbot-dns-rfc2136 to DC's workaround package
[2021-10-16 17:32 +0200] WIP DuckCorp Infrastructure> Revision 9caadf1b (duckcorp-infra): TEMPORARY: update APT suite to switch to bullseye
[2021-10-16 17:32 +0200] WIP DuckCorp Infrastructure> Revision 51b2f073 (duckcorp-infra): update submodules
[2021-10-16 17:32 +0200] WIP DuckCorp Infrastructure> Revision 713caa63 (duckcorp-infra): logcheck: should not need obsolete syslog-summary
Word from the Admin Team
[archives] « Teru-teru-bozu, teru bozu, Do make tomorrow a sunny day, Like the sky in a dream sometime… »
  • song by Kyoson Asahara and Shinpei Nakayama (


We hope you’re safe and doing well.

Improved Mailing-Lists

We upgraded our mailing-lists to Mailman 3. It’s not just about the shiny UI, the underlying mail routing daemon is better in many way.

We plan to add LDAP authentication but integration requires extra work since it’s not available out of the box.

New System for Users’ DNS Primary Zones (aka DNS4Tenants)

Banya, our GPG Mail Command gateway, is soon going to retire. This was inspired by Debian tools and made to be very secure, but unfortunately sending a properly GPG-signed/encrypted mail with most MUAs is still not that trivial, making zone updates more painful that it should be. The script doing the mail handling and DNS update was also far too brittle and maintenance over time proved problematic.

We’re replacing the current system with something easier to use without compromising security: tenants can now edit their zones in a git repository of their choice and under 5 minutes a script should pick the changes, check the zone validity, send errors to the user, and publish the result if all is fine. It might not sounds like it but the new script is by far simpler and smaller. The git repository will be fetched using HTTPS and can be hosted anywhere (including DC). If you wish to keep your zone hidden then it needs to be accessible using the script’s SSH key; most forges allow that. At DC this is also possible but we’re working on a better solution.

DC and MP zones are now managed using the new system and available in our openinfra repo. We’ll contact users to handle the migration.

Web Key Directory Service

If you have an email in @dc.o or @mp.o you can now make your GPG key available using this protocol if you use them in one of your UIDs. It is an alternate way of fetching keys: the owner of the domain certifies it is a valid email address and the key association. It is supported by more and more MUAs, and after all the security problems discovered in Key Servers’ implementations, it should both improve security and usability.

This comes with an automated way to setup and update the association, so you start using it right away.

We can also provide this service for hosted domains.

And some documentation:

Misc news

  • Matrix:
    • the server is working well; we still have made no decision about IRC mapping.
    • Documentation is now available:
  • IRC: thanks to Mikachu’s suggestion we now have a DNSBL configured and it seems to be working well against the recent SPAM; it is also used for antispam (weighted)
  • DNSSEC: work has been done both upstream and on our side to fix various problems. Full automation is not yet complete but making progress.
  • Backup: Pilou added an extra disk for the backup on Nicecity. We have a basic backup but the target system is still WIP

Hugs. \_o<


  • Not f'd — you won't find me on Facebook

Special Support

  • FSF Member Logo
  • DUC Logo


  • Hivane
  • Nerim