From nicholas at periapt.co.uk Wed Jun 1 20:43:34 2011 From: nicholas at periapt.co.uk (Nicholas Bamber) Date: Thu, 02 Jun 2011 01:43:34 +0100 Subject: [MaraDNS list] logo In-Reply-To: <4DE02330.2050500@datafaber.net> References: <4DE00FE6.5060708@shlrm.org> <4DE01CBE.4020101@datafaber.net> <4DE01FDA.2030002@shlrm.org> <4DE02107.4070000@shlrm.org> <4DE02330.2050500@datafaber.net> Message-ID: <4DE6DCB6.8070706@periapt.co.uk> I notice MaraDNS does not have a logo and I would quite like there to be one. I took some liberties with a screenshot of the website and came up with the attached. If Sam likes it (or a modified version) I would be happy quite happy to hand release it under the same terms as MaraDNS. From remco at webconquest.com Thu Jun 2 00:43:51 2011 From: remco at webconquest.com (Remco Rijnders) Date: Thu, 2 Jun 2011 06:43:51 +0200 Subject: [MaraDNS list] logo In-Reply-To: <4DE6DCB6.8070706@periapt.co.uk> References: <4DE00FE6.5060708@shlrm.org> <4DE01CBE.4020101@datafaber.net> <4DE01FDA.2030002@shlrm.org> <4DE02107.4070000@shlrm.org> <4DE02330.2050500@datafaber.net> <4DE6DCB6.8070706@periapt.co.uk> Message-ID: <9E.WL/@r78.nl> On Thu, Jun 02, 2011 at 01:43:34AM +0100, Nicholas Bamber wrote: >I notice MaraDNS does not have a logo and I would quite like there to be >one. I took some liberties with a screenshot of the website and came up >with the attached. If Sam likes it (or a modified version) I would be >happy quite happy to hand release it under the same terms as MaraDNS. Hi Nicholas, Thank you for that. Unfortunately the mailing list software stripped the attachment off. I suggest you send the file directly to Sam so he can consider it. Thanks and regards, Remco From nicholas at periapt.co.uk Thu Jun 2 03:45:54 2011 From: nicholas at periapt.co.uk (Nicholas Bamber) Date: Thu, 02 Jun 2011 08:45:54 +0100 Subject: [MaraDNS list] logo In-Reply-To: <9E.WL/@r78.nl> References: <4DE00FE6.5060708@shlrm.org> <4DE01CBE.4020101@datafaber.net> <4DE01FDA.2030002@shlrm.org> <4DE02107.4070000@shlrm.org> <4DE02330.2050500@datafaber.net> <4DE6DCB6.8070706@periapt.co.uk> <9E.WL/@r78.nl> Message-ID: <4DE73FB2.4030707@periapt.co.uk> Sam, I attach my suggested logo. It took me about twenty minutes so it is not what I would call professional but I would like if possible something I can use. I can also put it up for viewing somewhere. On 02/06/11 05:43, Remco Rijnders wrote: > On Thu, Jun 02, 2011 at 01:43:34AM +0100, Nicholas Bamber wrote: >> I notice MaraDNS does not have a logo and I would quite like there to be >> one. I took some liberties with a screenshot of the website and came up >> with the attached. If Sam likes it (or a modified version) I would be >> happy quite happy to hand release it under the same terms as MaraDNS. > > Hi Nicholas, > > Thank you for that. Unfortunately the mailing list software stripped the > attachment off. I suggest you send the file directly to Sam so he can > consider it. > > Thanks and regards, > > Remco -- Nicholas Bamber | http://www.periapt.co.uk/ PGP key 3BFFE73C from pgp.mit.edu From dkowis at shlrm.org Thu Jun 2 15:12:53 2011 From: dkowis at shlrm.org (David Kowis) Date: Thu, 02 Jun 2011 14:12:53 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood Message-ID: <4DE7E0B5.2090808@shlrm.org> Hi, I posted before my configuration that had issues with the rfc_1918 line. I also had to enable the MX lookup stuff, because I run my own mail server. Sometimes, however, I get errors resolving things: root at monitor:~# dig @10.10.220.231 secure.newegg.com ;; Warning: ID mismatch: expected ID 19551, got 45781 ; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached This is a Fedora 14 box, and I'm just doing a simple dig. Doing the same request a few moments later, I get a proper result. This seems to happen randomly, I'm unable to place what specifically causes it. Actually, I think I can get it to happen the first time I turn the server on querying for secure.newegg.com: root at monitor:~# dig @10.10.220.231 secure.newegg.com ; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59764 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;secure.newegg.com. IN A ;; Query time: 2605 msec ;; SERVER: 10.10.220.231#53(10.10.220.231) ;; WHEN: Thu Jun 2 14:07:20 2011 ;; MSG SIZE rcvd: 35 Right after a restart of the service, I get this. I was able to query out www.google.com right before doing this, running it a second time, I got another SERVFAIL. the third time: root at monitor:~# dig @10.10.220.231 secure.newegg.com ; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63495 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;secure.newegg.com. IN A ;; ANSWER SECTION: secure.newegg.com. 1800 IN A 216.52.208.188 ;; Query time: 53 msec ;; SERVER: 10.10.220.231#53(10.10.220.231) ;; WHEN: Thu Jun 2 14:08:21 2011 ;; MSG SIZE rcvd: 51 Something's not right, but I'm uncertain what verbosity level will barf enough data out in the logs to reveal it. At level 10, all I have in my syslog: Jun 2 14:09:58 zephon Deadwood: Deadwood version 3.0.02 Jun 2 14:09:58 zephon Deadwood: Deadwood: A DNS UDP non-recursive cache (IPv6 supported) Jun 2 14:09:58 zephon Deadwood: Verbose_level set to 10 Jun 2 14:09:58 zephon Deadwood: We bound to 1 addresses Jun 2 14:09:58 zephon Deadwood: add_constant is set to 0x24dc4f48 I'm uncertain as to why deadwood can sometimes resolve secure.newegg.com (and other sites, but I've been testing with secure.newegg.com) and other times fail with SERVFAIL or respond with an invalid ID. Thanks, David From strenholme.usenet at gmail.com Thu Jun 2 16:11:50 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 2 Jun 2011 15:11:50 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: <4DE7E0B5.2090808@shlrm.org> References: <4DE7E0B5.2090808@shlrm.org> Message-ID: Works for me: $ dig @127.0.0.1 secure.newegg.com ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> @127.0.0.1 secure.newegg.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28637 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;secure.newegg.com. IN A ;; Query time: 2669 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 2 15:05:21 2011 ;; MSG SIZE rcvd: 35 $ dig @127.0.0.1 secure.newegg.com ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> @127.0.0.1 secure.newegg.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22366 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;secure.newegg.com. IN A ;; ANSWER SECTION: secure.newegg.com. 1800 IN A 216.52.208.188 ;; Query time: 163 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 2 15:05:36 2011 ;; MSG SIZE rcvd: 51 2011/6/2 David Kowis : > Hi, > > I posted before my configuration that had issues with the rfc_1918 line. > > I also had to enable the MX lookup stuff, because I run my own mail server. > > Sometimes, however, I get errors resolving things: > > root at monitor:~# dig @10.10.220.231 secure.newegg.com > ;; Warning: ID mismatch: expected ID 19551, got 45781 > > ; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com > ; (1 server found) > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > > This is a Fedora 14 box, and I'm just doing a simple dig. Doing the same > request a few moments later, I get a proper result. This seems to happen > randomly, I'm unable to place what specifically causes it. Actually, I > think I can get it to happen the first time I turn the server on > querying for secure.newegg.com: > > root at monitor:~# dig @10.10.220.231 secure.newegg.com > > ; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59764 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;secure.newegg.com. ? ? ? ? ? ? IN ? ? ?A > > ;; Query time: 2605 msec > ;; SERVER: 10.10.220.231#53(10.10.220.231) > ;; WHEN: Thu Jun ?2 14:07:20 2011 > ;; MSG SIZE ?rcvd: 35 > > > Right after a restart of the service, I get this. I was able to query > out www.google.com right before doing this, running it a second time, I > got another SERVFAIL. > > the third time: > root at monitor:~# dig @10.10.220.231 secure.newegg.com > > ; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63495 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;secure.newegg.com. ? ? ? ? ? ? IN ? ? ?A > > ;; ANSWER SECTION: > secure.newegg.com. ? ? ?1800 ? ?IN ? ? ?A ? ? ? 216.52.208.188 > > ;; Query time: 53 msec > ;; SERVER: 10.10.220.231#53(10.10.220.231) > ;; WHEN: Thu Jun ?2 14:08:21 2011 > ;; MSG SIZE ?rcvd: 51 > > > Something's not right, but I'm uncertain what verbosity level will barf > enough data out in the logs to reveal it. > > > At level 10, all I have in my syslog: > Jun ?2 14:09:58 zephon Deadwood: Deadwood version 3.0.02 > Jun ?2 14:09:58 zephon Deadwood: Deadwood: A DNS UDP non-recursive cache > (IPv6 supported) > Jun ?2 14:09:58 zephon Deadwood: Verbose_level set to 10 > Jun ?2 14:09:58 zephon Deadwood: We bound to 1 addresses > Jun ?2 14:09:58 zephon Deadwood: add_constant is set to 0x24dc4f48 > > > I'm uncertain as to why deadwood can sometimes resolve secure.newegg.com > (and other sites, but I've been testing with secure.newegg.com) and > other times fail with SERVFAIL or respond with an invalid ID. > > Thanks, > David > > From dkowis at shlrm.org Thu Jun 2 16:16:19 2011 From: dkowis at shlrm.org (David Kowis) Date: Thu, 02 Jun 2011 15:16:19 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: References: <4DE7E0B5.2090808@shlrm.org> Message-ID: <4DE7EF93.3010301@shlrm.org> On 06/02/2011 03:11 PM, Sam Trenholme wrote: > Works for me: Yeah, I'm not sure why it doesn't work. I swapped out deadwood for unbound, and unbound performed significantly better. I wonder if it has to do with my root servers list... Thanks for checking. David From strenholme.usenet at gmail.com Thu Jun 2 16:26:47 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 2 Jun 2011 15:26:47 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: <4DE7EF93.3010301@shlrm.org> References: <4DE7E0B5.2090808@shlrm.org> <4DE7EF93.3010301@shlrm.org> Message-ID: Unbound's advantage is that their developers are being paid to work on Unbound. This is why Unbound has all kinds of cool things MaraDNS/Deadwood doesn't have: EDNS, DNSSEC, etc. On the other hand, Unbound is a lot bigger than Deadwood; for some embedded environments this is important. The best tool for the best job and all that. Deadwood uses the following root servers. I have started Deadwood three times with an empty cache; all three times I have gotten a SERVFAIL, followed by the correct answer. What root servers are you using? Can you consistently reproduce this? And, oh, which version of Deadwood are you using? 2011/6/2 David Kowis : > On 06/02/2011 03:11 PM, Sam Trenholme wrote: >> Works for me: > > Yeah, I'm not sure why it doesn't work. I swapped out deadwood for > unbound, and unbound performed significantly better. I wonder if it has > to do with my root servers list... > > Thanks for checking. > David > > From strenholme.usenet at gmail.com Thu Jun 2 16:28:08 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 2 Jun 2011 15:28:08 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: References: <4DE7E0B5.2090808@shlrm.org> <4DE7EF93.3010301@shlrm.org> Message-ID: > Deadwood uses the following root servers. 198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90, 192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, 192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, 202.12.27.33 From dkowis at shlrm.org Thu Jun 2 16:56:04 2011 From: dkowis at shlrm.org (David Kowis) Date: Thu, 02 Jun 2011 15:56:04 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: References: <4DE7E0B5.2090808@shlrm.org> <4DE7EF93.3010301@shlrm.org> Message-ID: <4DE7F8E4.6030704@shlrm.org> On 06/02/2011 03:26 PM, Sam Trenholme wrote: > Unbound's advantage is that their developers are being paid to work on > Unbound. This is why Unbound has all kinds of cool things > MaraDNS/Deadwood doesn't have: EDNS, DNSSEC, etc. On the other hand, > Unbound is a lot bigger than Deadwood; for some embedded environments > this is important. The best tool for the best job and all that. I didn't mean anything by it, just that I swapped it out and my behavior was different. > > Deadwood uses the following root servers. I have started Deadwood > three times with an empty cache; all three times I have gotten a > SERVFAIL, followed by the correct answer. > > What root servers are you using? Can you consistently reproduce this? > And, oh, which version of Deadwood are you using? The ID mismatch I'm having trouble reproducing, the SERVFAIL I can consistently reproduce, as you have stated. Only noticing it when I was trying to figure out why it was taking so long for my browser to resolve secure.newegg.com when I was buying things, and why sometimes it would randomly fail to resolve. Root Server List I extracted from named.root and formatted correctly for dwood3rc. I wouldn't have put one in at all, except I cannot specify a root server for internal resolution without specifying the root server list for "." # server list from named.root, including ipv6 addresses root_servers["."] = "198.41.0.4," root_servers["."] += "2001:503:BA3E::2:30," root_servers["."] += "192.228.79.201," root_servers["."] += "192.33.4.12," root_servers["."] += "128.8.10.90," root_servers["."] += "192.203.230.10," root_servers["."] += "192.5.5.241," root_servers["."] += "2001:500:2F::F," root_servers["."] += "192.112.36.4," root_servers["."] += "128.63.2.53," root_servers["."] += "2001:500:1::803F:235," root_servers["."] += "192.36.148.17," root_servers["."] += "2001:7FE::53," root_servers["."] += "192.58.128.30," root_servers["."] += "2001:503:C27::2:30," root_servers["."] += "193.0.14.129," root_servers["."] += "2001:7FD::1," root_servers["."] += "199.7.83.42," root_servers["."] += "2001:500:3::42," root_servers["."] += "202.12.27.33," root_servers["."] += "2001:DC3::35" root at zephon:/etc# Deadwood --version Deadwood version 3.0.02 David From strenholme.usenet at gmail.com Fri Jun 3 09:33:35 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 3 Jun 2011 08:33:35 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: <4DE7F8E4.6030704@shlrm.org> References: <4DE7E0B5.2090808@shlrm.org> <4DE7EF93.3010301@shlrm.org> <4DE7F8E4.6030704@shlrm.org> Message-ID: > The ID mismatch I'm having trouble reproducing, the SERVFAIL I can > consistently reproduce, as you have stated. OK, let's start with the secure.newegg.com SERVFAIL issue. What's going on here? Let me take a look. When I do that query and get the server fail, here is what Deadwood tells us when verbose_level is set to 500: Got DNS query for \006secure\006newegg\003com\000\000\001 Looking in cache for query \006secure\006newegg\003com\000\000\001 Nothing found for \006secure\006newegg\003com\000\000\001 Making connection to IP 128.63.2.53 Processing NS refer for \006secure\006newegg\003com\000\000\001 Making connection to IP 192.33.14.30 Processing NS refer for \006secure\006newegg\003com\000\000\001 Making connection to IP 204.74.108.1 Processing NS refer for \006secure\006newegg\003com\000\000\001 Making connection to IP 204.14.213.149 Connection for query \006secure\006newegg\003com\000\000\001 did not respond; trying again Making connection to IP 216.52.208.149 Got DNS query for \006secure\006newegg\003com\000\000\001 Looking in cache for query \006secure\006newegg\003com\000\000\001 Nothing found for \006secure\006newegg\003com\000\000\001 Connection for query \006secure\006newegg\003com\000\000\001 did not respond; trying again Making connection to IP 204.14.213.149 Got DNS query for \006secure\006newegg\003com\000\000\001 Looking in cache for query \006secure\006newegg\003com\000\000\001 Nothing found for \006secure\006newegg\003com\000\000\001 Sending SERVER FAIL for query \006secure\006newegg\003com\000\000\001 Sending SERVER FAIL for query \006secure\006newegg\003com\000\000\001 Sending SERVER FAIL for query \006secure\006newegg\003com\000\000\001 We do the dig again, which works. Here is what Deadwood logs: Got DNS query for \006secure\006newegg\003com\000\000\001 Looking in cache for query \006secure\006newegg\003com\000\000\001 Nothing found for \006secure\006newegg\003com\000\000\001 Making connection to IP 204.14.213.149 Caching direct answer at \006secure\006newegg\003com\000\000\001 Looking in cache for query \006secure\006newegg\003com\000\000\001 Fetching \006secure\006newegg\003com\000\000\001 from cache So, what we're seeing is that we're making a connection but, for as-yet unknown reasons, Deadwood doesn't always like the answer it's getting upstream. There doesn't seem to be anything unusual with Newegg's DNS servers: $ askmara Asecure.newegg.com. 204.14.213.149 # Querying the server with the IP 204.14.213.149 # Question: Asecure.newegg.com. secure.newegg.com. +1800 a 216.52.208.188 # NS replies: # AR replies: $ askmara Asecure.newegg.com. 216.52.208.149 # Querying the server with the IP 216.52.208.149 # Question: Asecure.newegg.com. secure.newegg.com. +1800 a 216.52.208.188 # NS replies: # AR replies: So, now that I've done a cursory examination of what's going on, the next step is for me to start debugging Deadwood's code and see why it doesn't like Newegg's DNS server. I will do this one week today: June 10, 2011, since that's the next day I have set aside for MaraDNS/Deadwood bug-fixing. - Sam From dkowis at shlrm.org Fri Jun 3 13:12:28 2011 From: dkowis at shlrm.org (David Kowis) Date: Fri, 03 Jun 2011 12:12:28 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: References: <4DE7E0B5.2090808@shlrm.org> <4DE7EF93.3010301@shlrm.org> <4DE7F8E4.6030704@shlrm.org> Message-ID: <4DE915FC.2030303@shlrm.org> On 06/03/2011 08:33 AM, Sam Trenholme wrote: >> The ID mismatch I'm having trouble reproducing, the SERVFAIL I can >> consistently reproduce, as you have stated. > > So, now that I've done a cursory examination of what's going on, the > next step is for me to start debugging Deadwood's code and see why it > doesn't like Newegg's DNS server. I will do this one week today: June > 10, 2011, since that's the next day I have set aside for > MaraDNS/Deadwood bug-fixing. Thanks a lot :) I appreciate your hard work. David From nicholas at periapt.co.uk Mon Jun 6 16:11:08 2011 From: nicholas at periapt.co.uk (Nicholas Bamber) Date: Mon, 06 Jun 2011 21:11:08 +0100 Subject: [MaraDNS list] MaraDNS in Debian Message-ID: <4DED345C.6000407@periapt.co.uk> I currently the Debian maintainer of MaraDNS and I am working on clearing down the bug list, and getting it uptodate with Sam's work. I expect it all to take at least three months, as I have other duties. I am sure that will confirm Sam's feeling that Debian is generally slow, but once I get it to that point it ought to be fairly easy. 1.4.06-2 has just gone into Debian sid. I have tried to write up some of my experiences around this release here: http://www.periapt.co.uk/arcana/maradns-in-debian . If there are any Debian/Ubuntu/Mint etc users of MaraDNS here I would appreciate your feedback, either on this list or via the bug reports. -- Nicholas Bamber | http://www.periapt.co.uk/ PGP key 3BFFE73C from pgp.mit.edu From strenholme.usenet at gmail.com Mon Jun 6 17:17:37 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 6 Jun 2011 16:17:37 -0500 Subject: [MaraDNS list] MaraDNS in Debian In-Reply-To: <4DED345C.6000407@periapt.co.uk> References: <4DED345C.6000407@periapt.co.uk> Message-ID: I enjoyed reading the arcana, and the explanation of why things are messy in Debian. The issue with Duende not logging the PID actually has been resolved by Yarin; the version of Duende included with Deadwood 3.0.02 (and 3.0.03 when it comes out) does log the PID. Since there is demand for this in the MaraDNS code base, I will backport Yarin's Duende patch to the MaraDNS 2.0 non-Deadwood branch sometime in July; if this is something that is useful, Yarin's patch will also eventually percolate down in the 1.4 branch of MaraDNS (probably by the end of the year). It's akin to Webkit's lack of support for WOFF fonts. Yes, the code has been written, yes Chrome is using the code with WOFF font support, but Safari is still using the older code which only supports SVG and TTF fonts. One issue with Duende is that it can't tell whether MaraDNS/Deadwood happily started or not; the way to resolve this is to give MaraDNS and Deadwood a "Daemon successfully started" message which Duende will look for before detaching the process and exiting. People are free to submit patches to change this, or one can discuss money with me privately. - Sam (I've been spending the last few days updating the design of samiam.org; the arcana of HTML and CSS and the scripts that make said HTML and CSS is easier than the arcana of C. The hard part is that the HTML/CSS is interpreted differently by multiple versions of five different browsers. "@font-face", for example, breaks really badly when printing pages in Webkit-based browsers [Safari, Chrome, etc.]) 2011/6/6 Nicholas Bamber : > I currently the Debian maintainer of MaraDNS and I am working on > clearing down the bug list, and getting it uptodate with Sam's work. I > expect it all to take at least three months, as I have other duties. I > am sure that will confirm Sam's feeling that Debian is generally slow, > but once I get it to that point it ought to be fairly easy. > > 1.4.06-2 has just gone into Debian sid. I have tried to write up some of > my experiences around this release here: > http://www.periapt.co.uk/arcana/maradns-in-debian . > > If there are any Debian/Ubuntu/Mint etc users of MaraDNS here I would > appreciate your feedback, either on this list or via the bug reports. > > -- > Nicholas Bamber | http://www.periapt.co.uk/ > PGP key 3BFFE73C from pgp.mit.edu > From thesecondbite at lavabit.com Wed Jun 8 04:34:48 2011 From: thesecondbite at lavabit.com (TheSecondBite) Date: Wed, 08 Jun 2011 11:34:48 +0300 Subject: [MaraDNS list] v=spf1 mx ~all Message-ID: <4DEF3428.4080505@lavabit.com> Hello. How can I use 'v=spf1 mx ~all' in a TXT record? It throws me an error about ~ but I need it. From strenholme.usenet at gmail.com Thu Jun 9 01:48:40 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 9 Jun 2011 00:48:40 -0500 Subject: [MaraDNS list] v=spf1 mx ~all In-Reply-To: <4DEF3428.4080505@lavabit.com> References: <4DEF3428.4080505@lavabit.com> Message-ID: > How can I use 'v=spf1 mx ~all' in a TXT record? http://www.maradns.org/tutorial/man.csv2_txt.html - Sam From jparrish at layerxtech.com Thu Jun 9 04:44:14 2011 From: jparrish at layerxtech.com (Joey Parrish) Date: Thu, 9 Jun 2011 10:44:14 +0200 Subject: [MaraDNS list] v=spf1 mx ~all In-Reply-To: References: <4DEF3428.4080505@lavabit.com> Message-ID: On Thu, Jun 9, 2011 at 07:48, Sam Trenholme wrote: > > How can I use 'v=spf1 mx ~all' in a TXT record? > > http://www.maradns.org/tutorial/man.csv2_txt.html Specifically, these two parts seem relevant: It is also possible, to place almost any printable ASCII characters between quotes. The '~' (tilde) character is not allowed unless csv2_tilde_handling has a value of 0; the '|' (pipe), '#' (hash) and non-printable ASCII control characters are not allowed in TXT data if the ~ is used to separate records. And: To render the '~' character, use the escape sequence \x7e (outside of quotes). For example: h1.example.com. TXT 'http://ocf.berkeley.edu/'\x7e'set' ~ --Joey From thesecondbite at lavabit.com Thu Jun 9 09:21:52 2011 From: thesecondbite at lavabit.com (TheSecondBite) Date: Thu, 09 Jun 2011 16:21:52 +0300 Subject: [MaraDNS list] v=spf1 mx ~all In-Reply-To: References: <4DEF3428.4080505@lavabit.com> Message-ID: <4DF0C8F0.2040503@lavabit.com> OK thank you dude. That worked. I didn't put ' ' outise of the escape sequence. On 06/09/2011 11:44 AM, Joey Parrish wrote: > On Thu, Jun 9, 2011 at 07:48, Sam Trenholme wrote: >>> How can I use 'v=spf1 mx ~all' in a TXT record? >> http://www.maradns.org/tutorial/man.csv2_txt.html > Specifically, these two parts seem relevant: > > It is also possible, to place almost any printable ASCII characters between > quotes. The '~' (tilde) character is not allowed unless csv2_tilde_handling > has a value of 0; the '|' (pipe), '#' (hash) and non-printable ASCII control > characters are not allowed in TXT data if the ~ is used to separate records. > > And: > > To render the '~' character, use the escape sequence \x7e (outside of quotes). > For example: > > h1.example.com. TXT 'http://ocf.berkeley.edu/'\x7e'set' ~ > > --Joey From strenholme.usenet at gmail.com Thu Jun 9 11:47:11 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 9 Jun 2011 10:47:11 -0500 Subject: [MaraDNS list] v=spf1 mx ~all In-Reply-To: <4DF0C8F0.2040503@lavabit.com> References: <4DEF3428.4080505@lavabit.com> <4DF0C8F0.2040503@lavabit.com> Message-ID: One of the reasons why a Google search does not immediately come up with this answer is because the csv2 man pages have a lot of discussion about how tildes separate records, so clicking on search and typing in, say, "tilde in TXT records" has the answer as the third (not first, like it should be) result. Then again, it is the first result for a Google search for "Escaping tilde site:maradns.org" (or the equivalent of typing in "escaping tilde" in MaraDNS.org's search box). Then again, the error message says the following: The ~ character is not allowed in TXT records Please use the '\x7e' escape sequence instead. And a MaraDNS.org search for "'\x7e' escape sequence" has as the first result the exact area of the csv2_txt man page with the answer. But, then again, cutting and pasting this entire error message and searching for it on MaraDNS.org doesn't give the answer. As an aside, one annoyance with Google is that they don't allow symbols in searches, so you have to know the name of the desired ASCII characters to get good results. For example, to find out what $| does in Perl, you need to search for "dollar pipe Perl", not "$| Perl". If I have time tomorrow, I will update the error messages to give a very brief example and to tell people to read the csv2_txt man page for details. How does this sound for the error message: The ~ character is not allowed in TXT records Please use the '\x7e' escape sequence instead. For example: foo.% TXT 'Hello '\x7e' there' See csv2_txt man page for details. - Sam 2011/6/9 TheSecondBite : > OK thank you dude. That worked. > > I didn't put ' ' outise of the escape sequence. > > On 06/09/2011 11:44 AM, Joey Parrish wrote: >> >> On Thu, Jun 9, 2011 at 07:48, Sam Trenholme >> ?wrote: >>>> >>>> How can I use 'v=spf1 mx ~all' in a TXT record? >>> >>> http://www.maradns.org/tutorial/man.csv2_txt.html >> >> Specifically, these two parts seem relevant: >> >> ? It is also possible, to place almost any printable ASCII characters >> between >> ? quotes. The '~' (tilde) character is not allowed unless >> csv2_tilde_handling >> ? has a value of 0; the '|' (pipe), '#' (hash) and non-printable ASCII >> control >> ? characters are not allowed in TXT data if the ~ is used to separate >> records. >> >> And: >> >> ? To render the '~' character, use the escape sequence \x7e (outside of >> quotes). >> ? For example: >> >> ? h1.example.com. TXT 'http://ocf.berkeley.edu/'\x7e'set' ~ >> >> --Joey > > > From strenholme.usenet at gmail.com Fri Jun 10 15:01:49 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 10 Jun 2011 14:01:49 -0500 Subject: [MaraDNS list] MaraDNS updates for June 10, 2011 Message-ID: In today's snapshot of MaraDNS: * Certain TXT record parsing errors now tell the user which man page to read. * --pid support for Duende (courtesy Yarin) backported to MaraDNS 2.0's Duende. It can be downloaded here: http://www.maradns.org/download/2.0/snap/ Deadwood has been sending recursive DNS queries upstream with the RA bit set. Occassionally, this results in the upstream DNS server ignoring Deadwood's request. Fixed. It can be downloaded here: http://www.maradns.org/deadwood/snap/ The next day I plan to work on MaraDNS/Deadwood is two weeks from today: June 24, 2011. - Sam From strenholme.usenet at gmail.com Fri Jun 10 15:07:29 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 10 Jun 2011 14:07:29 -0500 Subject: [MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood In-Reply-To: <4DE915FC.2030303@shlrm.org> References: <4DE7E0B5.2090808@shlrm.org> <4DE7EF93.3010301@shlrm.org> <4DE7F8E4.6030704@shlrm.org> <4DE915FC.2030303@shlrm.org> Message-ID: >> ?I will do this one week today: June >> 10, 2011, since that's the next day I have set aside for >> MaraDNS/Deadwood bug-fixing. > > Thanks a lot :) I appreciate your hard work. Done. The issue was that Deadwood was sending out queries with the RA bit set, which newegg's DNS servers didn't like. Fixed: http://set.tj/+kfj8 From strenholme.usenet at gmail.com Fri Jun 10 15:08:36 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 10 Jun 2011 14:08:36 -0500 Subject: [MaraDNS list] v=spf1 mx ~all In-Reply-To: <4DF0C8F0.2040503@lavabit.com> References: <4DEF3428.4080505@lavabit.com> <4DF0C8F0.2040503@lavabit.com> Message-ID: > OK thank you dude. That worked. > > I didn't put ' ' outise of the escape sequence. I have updated the error message to point out that enlightenment can be found with "man csv2_txt" http://set.tj/+kfj8 From strenholme.usenet at gmail.com Fri Jun 24 19:07:50 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 24 Jun 2011 18:07:50 -0500 Subject: [MaraDNS list] Deadwood update Message-ID: I have spent all afternoon going through Deadwood's SQA tests to update them to work with Scientific Linux 6 as well as MaraDNS 2.0. Once I updated the tests, I discovered a bug in how ip_blacklist is handled (since Scientific Linux 6's dig is more verbose about unusual DNS packets). I will fix this bug before releasing Deadwood 3.0.03. It can be downloaded here: http://www.maradns.org/deadwood/snap/ In addition to fixing the bug in Deadwood, I need to backport an update to ej2html from Deadwood to MaraDNS, so this script will work with the newer version of Perl included with Scientific Linux 6. The next day I plan to work on MaraDNS/Deadwood is two weeks from today: July 8, 2011. - Sam From Bradley at NorthTech.US Fri Jun 24 22:43:12 2011 From: Bradley at NorthTech.US (Bradley D. Thornton) Date: Fri, 24 Jun 2011 19:43:12 -0700 Subject: [MaraDNS list] Deadwood update In-Reply-To: References: Message-ID: <4E054B40.1030100@NorthTech.US> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 06/24/2011 04:07 PM, Sam Trenholme wrote: > I discovered a bug in how ip_blacklist is > handled (since Scientific Linux 6's dig is more verbose about unusual > DNS packets). Hi Sam, where's the upstream for the dig (and perhaps the other bundled DNS tools) that's included w/Scientific Linux? Do you have an URL for the upstream developer's version of this this non-standard version that you can provide? I'd like to check it out. Kindest regards, - -- Bradley D. Thornton Manager Network Services NorthTech Computer TEL: +1.760.666.2703 (US) TEL: +44.203.318.2755 (UK) http://NorthTech.US -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Find this cert at x-hkp://pool.sks-keyservers.net iQEcBAEBAwAGBQJOBUs/AAoJEE1wgkIhr9j3FhgIALTI0vPmY/sjVs3m3Qx9RxeT SdReO4U8Gu0B3tg8juwYfcYksuGH1p3wpvpjGhZprlLp4P7OaDDVA5+QmlFclUAb N/0Rksb/5LoaFRqKsdkkDfAkAUzYf52iSugQ2ioyHazVQhgojFJ8tzGCWcdNWxKa ENtWipE6dYMepPtgYy2riimw0kwHOQDDyAnfG/CiI+j+sAT6WnTnIBl8qixC7BSQ V08Uwau3ZSH3KqEMMjgcuKkMsWq8/W1jM9DGkrrD+/SRYF5p+EJ+D1PGlOC26CTF IzAuegXW1Bh3GV0vCJbL+WTVfzmFalWyzdDg7JsyaffwB3uA3fTy8nmUZ9jBtiM= =KnCP -----END PGP SIGNATURE-----