Posted by Stefan Schmidt
Mon, 14 Apr 2008 12:57:00 GMT
Alright i’m abusing my blog as a bookmarking tool again…
Last week a collegue of mine hit a problem in his java code trying to resolve mailexchange handler (MX) hostnames. He tried to get both A and AAAA records at the same time with the java dns library (JNDI) and found that sometimes he would only get a SOA reply back and that the library was doing ANY queries to accomplish the task with just one DNS query.
This is error! ;-)
Bert Hubert pointed me to this thread
on the issue whether a recursive nameserver should recursve for any records upon an ANY query or just answer them from its cache if it has something for the qname.
As Edward Lewis put it:
I’ll nominate section 5.3.3. of rfc 1034:
5.3.3. Algorithm
The top level algorithm has four steps:
1. See if the answer is in local information, and if so return
it to the client.
…
T_ANY is at best a debugging tool. It has been used in the past to
get mail records I think, but really, T_ANY is just for debugging and
others trying to abuse the service.
Posted in server, dns | Tags ANY | no comments | no trackbacks
Posted by Stefan Schmidt
Tue, 21 Aug 2007 10:10:00 GMT
Ok so, my RSS feeds were br0ken.
After some typo database migration issues - up and down, back and forth - i thought i had won the war and my blog seemed to be running smooth again, but i missed out one essential battle it seems…
Ok now this is where things get odd:
While running typo version 4.1.1 via fastcgi on lighttpd all my RSS feeds seemed to work but none of the feedreaders got updated with anything new. Strange right?
I finally did not only look at the content but also on the headers that the server was giving out and noticed that even so the content was all well formatted and up to date the server was giving it out with a 404 response code thus causing all fetchers out there to do an early stop, they just ignored the rest understandably.
Ok now guess what the funniest part is…
The same thing did not happen when i started the mongrel server via ‘script/server’.
This is why you are watching lighty mod_proxy in action here, forwarding all blog queries to the mongrel server.
Web2.0 is simply a nightmare to debug and i don’t have the time for it at the moment, any takers? No? Well, go figure where this will end. ;-)
Posted in rails, typo, server, blogs | no comments | no trackbacks
Posted by Stefan Schmidt
Tue, 06 Feb 2007 12:08:00 GMT
How do i put an debian package that is already installed on hold so that it doesn’t get up/downgraded?
A common admin problem that i just had with the package psi which over here is a aliened version of psi 0.11 from a external mandrake package is that you want to prevent packages from beeing touched i.e. upgraded or downgraded or removed as a dependancy.
You want to set these packages ‘on hold’ and here is how:
echo “{package name} hold” | dpkg –set-selections
Easy once you know how, isn’t it? ;)
To free the package once again just use ‘install’ instead of ‘hold’.
Posted in linux, server | Tags debian | no comments | no trackbacks
Posted by Stefan Schmidt
Sun, 04 Feb 2007 19:07:00 GMT
Ok time to make this blog more popular by talking about the things every debian admin needs to know but nobody cares to write down except in the almighty Debian Reference.
You have installed a package and are wondering where the damn configuration files for that stuff can be found?
just do a less /var/lib/dpkg/info/{package name}.list and have a look for something in /etc that isn’t a cron.d entry.
You wonder what package this file belongs to?
dpkg -S /full/path/to/file
You wonder why your “apt-get updates” are taking to long even so you have a 100mbit/s full-duplex link to the internet?
echo Acquire::PDiffs \”false\”\; >> /etc/apt/apt.conf
This causes the incremental update ‘feature’ to be disabled which is quite disk i/o intensive and simply takes for ages - more bandwith is used for the update (note: thats just the update here not upgrade or dist-upgrade) as a result but for most server admins it is just a laughable amount and worth the extra bits in order to spare the time waiting for update to finish.
You cannot work on the systems console because your firewall log is buzzing with activity and cripples your terminal output?
echo “kernel.printk = 4 4 1 7” >> /etc/sysctl.conf
sysctl -p
You want to prevent a service to be started on system boot?
update-rc.d -f {package name} remove
This will remove the appropiate symlinks from /etc/rc*.d
You cannot find the commandline options/flags that a service gets started with in /etc/init.d/{service}?
Well have you had a look in /etc/default/{service}?
Your apt-get is totally fucked up, it wouldn’t apt-get update without error anymore?
cd /var/lib/apt/lists
rm -v *
apt-get update
You installed debian from a bootcd with debootstrap, chrooted there and did a dist-upgrade but now you cannot umount that partition?
lsof -n | grep {name of target partition}
and kill all PIDs that pop up as a result of this for the dist-upgrade probably did start some services during the process that now have open filehandles on the target partition.
You want to build a custom kernel but you have no clue what device drivers you need for that machine?
cat /proc/cpuinfo
lspci (-vvv | less - optional)
lsusb
This should give you some hints on your systems hardware. Reading the kernel hints about the device drivers and probably knowing your way around in the kernel config is the other part.
Why does the output of the mount command show duplicate entries? or Why doesn’t it list the partition that i know is mounted?
Well you probably tried to do your own boot-from-cd distri and ended up with a script overwriting /etc/mtab. Just try cat /proc/mounts > /etc/mtab && mount.
Posted in linux, server | Tags debian | no comments | no trackbacks
Posted by Stefan Schmidt
Thu, 11 Jan 2007 11:23:00 GMT
Well i guess its safe to say: Roughly every 10-18 Minutes.
Yes this is what happens after a nationwide DSL provider errr ‘resets’. *cough* ;-)
Posted in server, dns | Tags isp, stats | no comments | no trackbacks
Posted by Stefan Schmidt
Tue, 05 Sep 2006 12:27:00 GMT
In his paper Hot or Not: Revealing Hidden Services by their Clock Skew Steven J. Murdoch shows how internet anonymity services like tor can be tricked remotely into revealing the path a users data takes on their network.
This is his blog entry on the topic.
Time to go berzerk with ip timestamping - go let your tor node mimic as OpenVMS. ;-)
Posted in hardware, server, blogs | no comments | no trackbacks
Posted by Stefan Schmidt
Mon, 17 Jul 2006 07:51:00 GMT
This is what i wanted to send to the nanog-ML lately but i used the wrong From address and now they’re (hopefully) over with the topic, so i decided to put it here:
On Wed, Jul 12, 2006 at 08:30:32AM +0100, Simon Waters wrote:
> > I'm at a loss to explain why people are
> > trying so hard to condemn something like this.
> Experience?
Let me give you an reallife example of what can happen, which i just
experienced on my Linux workstation:
I put the opendns.com resolvers as first nameservers in my resolv.conf
yesterday to get some opendns webbrowsing experience. It worked, it was
a bit slower than my regular browsing due to the delay europe<->us and
their webserver redirecting invalid addresses to search results, but it
worked.
Off course i forgot to remove their nameservers again yesterday evening.
I am running a local MTA on my workstation that does some additional
spam-filtering through SpamAsassin.
I logged in, strolled through my mailfolders and wondered where all
those mails were that i am used to get every day.
Well, guess what - SpamAsassing also checks for several DNS RBLs by default.
I looked in my spamfolder and found funny things like:
X-Warning: 194.97.50.132 is listed at blackholes.mail-abuse.org
X-Warning: merit.edu is listed at abuse.rfc-ignorant.org
...
1.0 X_WARNING_NJABL_DYNABLOCK listed at dynablock.njabl.org
1.0 X_WARNING_SPAMCOP_BL listed at bl.spamcop.net
...
Example:
dig a 90.7.97.194.dynablock.njabl.org @208.67.222.222
...
;; ANSWER SECTION:
90.7.97.194.dynablock.njabl.org. 1 IN A 208.67.219.40
...
So according to opendns even my workstation is situated in situated in a
dialup block.
Why is that? Well in 'the real world' this query returns NXDOMAIN but
opendns tries to be smart and help you finding out about the site you
wanted to visit by redirecting your browser to their search engines
results for your 'typo'. To do that they return this IN A record to
their webserver so all RBLDNS queries will be true when you use opendns'
recursors.
As a result all incoming mails were regarded as spam and thrown in the
spamfolder - luckily for me it wasn't a busy night.
Stefan
Posted in server, dns | no comments | no trackbacks
Posted by Stefan Schmidt
Mon, 05 Jun 2006 05:49:00 GMT
what i got to do instead of ‘make’ to get a bootable kernel. ;)
Allocated 8 Megs of memory at 0x40000000 for kernel
Loaded kernel version 2.6.16
ERROR: Last Trap: Illegal Instruction
[Exception handlers interrupted, please file a bug]
[type 'resume' to attempt a normal recovery]
Posted in hardware, linux, server | no comments | no trackbacks
Posted by Stefan Schmidt
Mon, 05 Jun 2006 05:06:00 GMT
real 6m46.007s
user 142m46.139s
sys 6m11.895s
root@flame-grilled:/usr/src/linux-2.6.17-rc5-mm3# time make -j 32
nearly
CC init/version.o
LD init/built-in.o
LD .tmp_vmlinux1
init/built-in.o: In function `start_kernel': undefined reference to `early_init_irq_lock_type'
make: *** [.tmp_vmlinux1] Error 1
Posted in hardware, linux, server | no comments | no trackbacks
Posted by Stefan Schmidt
Mon, 05 Jun 2006 05:04:00 GMT
top - 06:58:30 up 2 days, 13:30, 5 users, load average: 63.20, 49.24, 42.55
Tasks: 388 total, 69 running, 308 sleeping, 3 stopped, 8 zombie
Cpu(s): 76.0% us, 4.7% sy, 0.5% ni, 18.8% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 16620320k total, 1369544k used, 15250776k free, 157208k buffers
Swap: 3052328k total, 208k used, 3052120k free, 725176k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
20129 root 25 0 17048 14m 4000 R 96 0.1 0:03.64 cc1
20211 root 24 0 16952 13m 4016 R 94 0.1 0:02.99 cc1
19504 root 25 0 21360 18m 4048 R 92 0.1 0:09.95 cc1
20007 root 25 0 12920 10m 4008 R 91 0.1 0:05.39 cc1
20233 root 25 0 14752 11m 3872 R 87 0.1 0:02.75 cc1
19313 root 25 0 25368 21m 4040 R 86 0.1 0:10.65 cc1
20116 root 25 0 0 0 0 R 82 0.0 0:03.28 cc1
19275 root 25 0 25440 21m 4056 R 81 0.1 0:11.78 cc1
20263 root 25 0 12528 10m 4008 R 73 0.1 0:02.33 cc1
20254 root 25 0 14936 9.9m 2304 R 73 0.1 0:02.32 cc1
20200 root 21 0 14744 9.8m 2304 R 66 0.1 0:02.11 cc1
20169 root 25 0 14768 10m 2480 R 66 0.1 0:02.21 cc1
20035 root 25 0 16792 13m 3896 R 63 0.1 0:03.32 cc1
20339 root 25 0 12656 10m 3976 R 63 0.1 0:01.99 cc1
20300 root 25 0 12544 9.8m 4008 R 61 0.1 0:01.94 cc1
20240 root 25 0 12568 9296 2304 R 58 0.1 0:01.84 cc1
20352 root 20 0 12528 10m 3984 R 57 0.1 0:01.82 cc1
20377 root 25 0 12472 7488 2304 R 50 0.0 0:01.59 cc1
20387 root 19 0 12560 8368 2304 R 46 0.1 0:01.47 cc1
20372 root 25 0 10416 7008 2304 R 46 0.0 0:01.45 cc1
19280 root 25 0 25408 21m 4056 R 43 0.1 0:12.74 cc1
20397 root 21 0 12336 7320 2304 R 35 0.0 0:01.10 cc1
20446 root 22 0 10280 5496 2296 R 20 0.0 0:00.65 cc1
20145 root 25 0 10360 6656 2304 R 18 0.0 0:00.99 cc1
20469 root 25 0 7920 3960 2296 R 9 0.0 0:00.27 cc1
20294 root 25 0 8096 3912 2256 R 7 0.0 0:00.21 cc1
4784 schmidt 16 0 3304 1696 1152 R 5 0.0 52:18.41 top
20482 root 22 0 7920 3616 2296 R 5 0.0 0:00.17 cc1
20486 root 19 0 8064 3712 2248 R 5 0.0 0:00.15 cc1
20431 root 20 0 2360 1304 912 S 4 0.0 0:00.14 make
20490 root 22 0 7968 3088 1920 R 3 0.0 0:00.11 cc1
19885 root 18 0 2624 1496 920 S 3 0.0 0:00.30 make
20329 root 18 0 2368 1312 912 S 3 0.0 0:00.10 make
19276 root 18 0 4608 3032 1080 S 2 0.0 0:00.10 as
20419 root 19 0 2232 1176 920 S 2 0.0 0:00.06 make
18678 root 18 0 2488 1408 920 S 2 0.0 0:00.24 make
19314 root 24 0 4608 2944 1080 S 2 0.0 0:00.06 as
Posted in hardware, linux, server | no comments | no trackbacks
