From yarin at warpmail.net Sun Jan 2 00:30:03 2011 From: yarin at warpmail.net (Yarin) Date: Sat, 01 Jan 2011 23:30:03 -0600 Subject: compilation bug fix for bsds In-Reply-To: References: <1293474622.11827.1412413863@webmail.messagingengine.com><1293559990.6211.1412546375@webmail.messagingengine.com><1293663895.14493.1412719529@webmail.messagingengine.com><1293765877.25717.1412878831@webmail.messagingengine.com> Message-ID: <1293946203.30747.1413089193@webmail.messagingengine.com> Happy New Year, Not handling SIGPIPE is definitely a big deal, especially when that vulnerability lies in something that popular, (IMHO, SIGPIPE was a really bad design idea in the first place, but that's besides the point) but it looks like there's been a patch for that since 2003; so I would imagine that there aren't any djbdns versions with this problem in service any more. http://marc.info/?l=djbdns&m=104804013229536&w=2 Yarin ----- Original message ----- From: "Sam Trenholme" To: list at maradns.org Date: Fri, 31 Dec 2010 12:47:47 -0700 Subject: Re: compilation bug fix for bsds > But actually, I'm already using MaraDNS 2 and the Deadwood resolver you > bundled with it; I liked that you separated the server and resolver. Separating them removes a lot of annoying corner cases which have caused problems over the years. For example, how do we set the "RA" (recursion available) bit...I have applied countless patches over the years to come up with heuristics which try to give this bit the right value (or, at least, a value which doesn't cause problems with other DNS servers) With MaraDNS 2.0, "RA" is always "0", and, with Deadwood, "RA" is always "1". Simple, clean, and elegant. > early on I decided against djbdns, "personal rants" aside, after finding out > that it hasn't really been maintained in a while (besides the various > patches), and even in my limited experience, > unmaintained = asking for trouble. The argument djbdns advocates make against using an updated DNS server is that djbdns is perfect and doesn't need to be updated. Indeed, in spite of the three known security problems with djbdns, as recently as 2010 we can see people publically declaring djbdns "bug-free": http://tech.slashdot.org/comments.pl?sid=1589160&cid=31547474 It's probably time someone posted to Bugtraq (or file a CVE) that djbdns doesn't catch SIGPIPE, making it trivial for anyone who can connect to a djbdns server via TCP to crash and restart the server; this way it is well known that djbdns has security problems so people update their software instead of deluding themselves that they are secure when they are not. That said, there are maintained branches of djbdns. zinq is a djbdns fork with the major security holes patched, and some other updates (it is possible to compile zinq with "./configure; make", for example): http://freshmeat.net/projects/zinq http://sourceforge.net/projects/zinq/files/ > Unbound looks pretty cool though. Oh, I agree. Unbound is a really great DNS server. It has one "killer feature" which Deadwood does not have: DNSSEC. On the other hand, Deadwood is a 64k binary (on x86) which is a fraction of the size of Unbound; it's a far lighter DNS server. - Sam P.S. Happy new year 2011 everyone! From rick at linuxmafia.com Sun Jan 2 02:14:18 2011 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 1 Jan 2011 23:14:18 -0800 Subject: compilation bug fix for bsds Message-ID: <20110102071418.GJ30803@linuxmafia.com> Quoting Yarin (yarin at warpmail.net): > Not handling SIGPIPE is definitely a big deal, especially when that > vulnerability lies in something that popular, (IMHO, SIGPIPE was a > really bad design idea in the first place, but that's besides the > point) but it looks like there's been a patch for that since 2003; so > I would imagine that there aren't any djbdns versions with this > problem in service any more. Yarin -- Of the four maintained forks of djbdns, I've verified that Mark Johnson's zinq-djbdns and Prasad J. Pandit's Red Hat djbdns implement that patch. I see no sign that it's in the other two (though I've not checked closely). And, sadly, there are still many people running unmodified 1.05. From strenholme.usenet at gmail.com Sun Jan 2 11:04:19 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 2 Jan 2011 09:04:19 -0700 Subject: compilation bug fix for bsds In-Reply-To: <20110102071418.GJ30803@linuxmafia.com> References: <20110102071418.GJ30803@linuxmafia.com> Message-ID: >> Not handling SIGPIPE is definitely a big deal [..] >> but it looks like there's been a patch for that since 2003; so >> I would imagine that there aren't any djbdns versions with this >> problem in service any more. > there are still many people running unmodified 1.05. Exactly. Yes, people "in the know" have been running a patched djbdns since 2003 without the SIGPIPE bug. However, it is not widely known that this is a serious *security* bug in djbdns that needs to be fixed. Again, just last year one djbdns advocate claims djbdns is "bug-free": http://tech.slashdot.org/comments.pl?sid=1589160&cid=31547474 "[I have] given up on BIND years ago in favor of the vastly more efficient, user-friendly, and -- most importantly -- bug free djbdns" This poster doesn't know that they are running a DNS server with a trivial denial of service attack anyone who has permission to connect to via TCP can exploit. Indeed, a follow-up poster was (is) also ignorant of this serious bug in djbdns: http://tech.slashdot.org/comments.pl?sid=1589160&cid=31550996 "I know of exactly one DJBDNS bug: djbdns<=1.05 lets AXFRed subdomains overwrite domains" This is the problem when an author does not maintain their DNS server and does not take responsibility for its security bugs; people end up running unpatched servers for years and think they are secure when they are not. This is also why you can't trust anything people say on Slashdot; the place was pretty clued a decade ago back when people like John Carmack posted there but these days most posters are pretty ignorant and spout off misinformation, in this case dangerous misinformation. - Sam From yarin at warpmail.net Tue Jan 4 01:45:51 2011 From: yarin at warpmail.net (Yarin) Date: Tue, 04 Jan 2011 00:45:51 -0600 Subject: compilation bug fix for bsds In-Reply-To: References: <20110102071418.GJ30803@linuxmafia.com> Message-ID: <1294123551.20313.1413341829@webmail.messagingengine.com> > there are still many people running unmodified 1.05. Heh, well, in those cases, that sounds a lot like a poor sys admin, I imagine it's kind of obvious that using unmaintained software that hasn't been even updated in 10 years is a bad idea regardless. > Again, just last year one djbdns advocate claims djbdns is > "bug-free": > This is also why you can't trust anything people say on Slashdot I read the posts the first time. Maybe you should bring the Slashdot community up to speed on the matter :-) Yarin ----- Original message ----- From: "Sam Trenholme" To: list at maradns.org Date: Sun, 2 Jan 2011 09:04:19 -0700 Subject: Re: compilation bug fix for bsds >> Not handling SIGPIPE is definitely a big deal [..] >> but it looks like there's been a patch for that since 2003; so >> I would imagine that there aren't any djbdns versions with this >> problem in service any more. > there are still many people running unmodified 1.05. Exactly. Yes, people "in the know" have been running a patched djbdns since 2003 without the SIGPIPE bug. However, it is not widely known that this is a serious *security* bug in djbdns that needs to be fixed. Again, just last year one djbdns advocate claims djbdns is "bug-free": http://tech.slashdot.org/comments.pl?sid=1589160&cid=31547474 "[I have] given up on BIND years ago in favor of the vastly more efficient, user-friendly, and -- most importantly -- bug free djbdns" This poster doesn't know that they are running a DNS server with a trivial denial of service attack anyone who has permission to connect to via TCP can exploit. Indeed, a follow-up poster was (is) also ignorant of this serious bug in djbdns: http://tech.slashdot.org/comments.pl?sid=1589160&cid=31550996 "I know of exactly one DJBDNS bug: djbdns<=1.05 lets AXFRed subdomains overwrite domains" This is the problem when an author does not maintain their DNS server and does not take responsibility for its security bugs; people end up running unpatched servers for years and think they are secure when they are not. This is also why you can't trust anything people say on Slashdot; the place was pretty clued a decade ago back when people like John Carmack posted there but these days most posters are pretty ignorant and spout off misinformation, in this case dangerous misinformation. - Sam From strenholme.usenet at gmail.com Mon Jan 10 10:22:54 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 10 Jan 2011 08:22:54 -0700 Subject: compilation bug fix for bsds In-Reply-To: <1294123551.20313.1413341829@webmail.messagingengine.com> References: <20110102071418.GJ30803@linuxmafia.com> <1294123551.20313.1413341829@webmail.messagingengine.com> Message-ID: >> there are still many people running unmodified [djbdns] 1.05. > Heh, well, in those cases, that sounds a lot like a poor sys admin, > I imagine it's kind of obvious that using unmaintained software that > hasn't been even updated in 10 years is a bad idea regardless. It's obvious to you. It's obvious to me. However, we're not wearing the blinders that people under the influence of the djb reality distortion field wear. For years, their mantra was that djb somehow had some builtin magic pixie dust that made his software 100% secure and never need updating. They started to have to bend reality to continue to believe this lie. Backscatter spam is not a security problem is probably the first lie they had to tell themselves. Then they had to convince themselves that not catching SIGPIPE is not a security problem. Once djb himself admitted that the AXFR issue Dempsky found was a security issue, some people moved away from the reality distortion field, but others either haven't heard of this bug or feel it's djbdns' only bug. One of my pet peeves is people who tell themselves lie to believe some groupthink. I get annoyed at pirates who tell themselves "copyright infringement is morally OK in the 'new economy'"; I get annoyed at audiophiles who tell themselves "double-blind studies are not scientifically valid"; as I Christian, I find young-earth creationists very annoying. And I get annoyed at people who use self-delusions to justify using outdated and unmaintained (branches of) software. > Maybe you should bring the Slashdot community up to speed > on the matter :-) I've made a decision to no longer post to Slashdot. The place has become too much of a flamefest. But, instead, I have blogged about it: http://samiam.org/blog/ More to the point, I have started to integrate your patches in to MaraDNS. I have already added your duende patch to Deadwood: http://maradns.org/deadwood/snap/ If you could, take a look at it and let me know if it works for you. - Sam From yarin at warpmail.net Mon Jan 10 22:33:29 2011 From: yarin at warpmail.net (Yarin) Date: Mon, 10 Jan 2011 21:33:29 -0600 Subject: compilation bug fix for bsds In-Reply-To: References: <20110102071418.GJ30803@linuxmafia.com><1294123551.20313.1413341829@webmail.messagingengine.com> Message-ID: <1294716809.8284.1414540769@webmail.messagingengine.com> Haha, it looks like you've updated duende since your latest official release, so when you added the patch, one of the patch's lines got stuffed in a new comment. I've confirmed that everything else is where it's suppose to be though. The below diff, applied on top of it, should put it where it goes. --- ./tools/duende.c 2011-01-10 20:59:17.709054060 -0600 +++ ./tools/duende.c 2011-01-10 21:00:15.504928526 -0600 @@ -146,7 +146,6 @@ /* The main process forks off the child. Right now, I will just have it fork off the MaraDNS process, hardwired as /usr/sbin/maradns, - int exec_argv_offset = 1; /* Also used to determine PID writing */ directing her standard output to /dev/null. The revision of this file will correctly handle Mara's output @@ -156,6 +155,7 @@ int exit_status; pid_t pid, log_pid; int stream1[2]; /* Used for piping */ + int exec_argv_offset = 1; /* Also used to determine PID writing */ if(argv[0] == NULL || argv[1] == NULL) { printf("Usage: duende (--pid=/path/to/file) [program] [arguments]\n"); exit(1); Just recently, MaraDNS freaked when I tried to use a dot in the local part of an SOA record. I then discovered that MaraDNS holds to the classic, using the first dot in the address instead of an at sign. Would you accept a patch that works with this to support dots in the local part? The address would be parsed the same way dig prints it, that is, with the local dots escaped, when lacking an at sign. ----- Original message ----- From: "Sam Trenholme" To: list at maradns.org Date: Mon, 10 Jan 2011 08:22:54 -0700 Subject: Re: compilation bug fix for bsds >> there are still many people running unmodified [djbdns] 1.05. > Heh, well, in those cases, that sounds a lot like a poor sys admin, > I imagine it's kind of obvious that using unmaintained software that > hasn't been even updated in 10 years is a bad idea regardless. It's obvious to you. It's obvious to me. However, we're not wearing the blinders that people under the influence of the djb reality distortion field wear. For years, their mantra was that djb somehow had some builtin magic pixie dust that made his software 100% secure and never need updating. They started to have to bend reality to continue to believe this lie. Backscatter spam is not a security problem is probably the first lie they had to tell themselves. Then they had to convince themselves that not catching SIGPIPE is not a security problem. Once djb himself admitted that the AXFR issue Dempsky found was a security issue, some people moved away from the reality distortion field, but others either haven't heard of this bug or feel it's djbdns' only bug. One of my pet peeves is people who tell themselves lie to believe some groupthink. I get annoyed at pirates who tell themselves "copyright infringement is morally OK in the 'new economy'"; I get annoyed at audiophiles who tell themselves "double-blind studies are not scientifically valid"; as I Christian, I find young-earth creationists very annoying. And I get annoyed at people who use self-delusions to justify using outdated and unmaintained (branches of) software. > Maybe you should bring the Slashdot community up to speed > on the matter :-) I've made a decision to no longer post to Slashdot. The place has become too much of a flamefest. But, instead, I have blogged about it: http://samiam.org/blog/ More to the point, I have started to integrate your patches in to MaraDNS. I have already added your duende patch to Deadwood: http://maradns.org/deadwood/snap/ If you could, take a look at it and let me know if it works for you. - Sam From strenholme.usenet at gmail.com Sat Jan 15 03:44:59 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 15 Jan 2011 01:44:59 -0700 Subject: compilation bug fix for bsds In-Reply-To: <1294716809.8284.1414540769@webmail.messagingengine.com> References: <20110102071418.GJ30803@linuxmafia.com> <1294123551.20313.1413341829@webmail.messagingengine.com> <1294716809.8284.1414540769@webmail.messagingengine.com> Message-ID: > Haha, it looks like you've updated duende since your latest official > release, so when you added the patch, one of the patch's lines got > stuffed in a new comment. I've confirmed that everything else is > where it's suppose to be though. The below diff, applied on top of it, > should put it where it goes. Thanks for catching that. I had a cold this last weekend which forced me to rest a lot and was spending too much time on Usenet [1] when I should have been looking closer to your patch. Then again, there is a reason I prefer "-u" diffs. I have fixed it: http://samiam.org/blog/20110115.html > Just recently, MaraDNS freaked when I tried to use a dot in the local > part of an SOA record. I then discovered that MaraDNS holds to the > classic, using the first dot in the address instead of an at sign. Would > you accept a patch that works with this to support dots in the local > part? The address would be parsed the same way dig prints it, that > is, with the local dots escaped, when lacking an at sign. You know, I have learned a lot with implementing that code. Like the wisdom for using an interpreter (or a meta-compiler like yacc/bison) for parsing text. Especially a fairly complex parser like the one used for csv2 zone file parsing. And, while I'm at it, the wisdom of making substantial changes to the parser (the optional use of '~' to separate DNS records in MaraDNS 1.3 so it is easier to convert BIND zone files in to CSV2 zone files) once it is written. Yes, '@' should do the right thing with a SOA email address in MaraDNS. If it doesn't, it's a bug. - Sam [1] Usenet was the protocol defining the internet until the web took over in the mid-1990s. Usenet was the place to share useful and cool things until the people sharing useful information moved on. I checked it out again this last week to relive a bit of nostalgia; Usenet, alas, is dead. From remco at webconquest.com Sat Jan 15 03:54:31 2011 From: remco at webconquest.com (Remco Rijnders) Date: Sat, 15 Jan 2011 09:54:31 +0100 Subject: compilation bug fix for bsds In-Reply-To: References: <20110102071418.GJ30803@linuxmafia.com> <1294123551.20313.1413341829@webmail.messagingengine.com> <1294716809.8284.1414540769@webmail.messagingengine.com> Message-ID: <33.D690@winter.webconquest.com> On Sat, Jan 15, 2011 at 01:44:59AM -0700, Sam Trenholme wrote: > > Haha, it looks like you've updated duende since your latest official > > release, so when you added the patch, one of the patch's lines got > > stuffed in a new comment. I've confirmed that everything else is > > where it's suppose to be though. The below diff, applied on top of it, > > should put it where it goes. > > Thanks for catching that. I had a cold this last weekend which forced > me to rest a lot and was spending too much time on Usenet [1] when I > should have been looking closer to your patch. > [1] Usenet was the protocol defining the internet until the web took > over in the mid-1990s. Usenet was the place to share useful and cool > things until the people sharing useful information moved on. I > checked it out again this last week to relive a bit of nostalgia; > Usenet, alas, is dead. Drifting quite off-topic here... but missing usenet myself, I wonder if anyone knows of something "nearly as good as" ? And please, no webforums or facebook. Remmy From strenholme.usenet at gmail.com Sat Jan 15 04:45:39 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 15 Jan 2011 02:45:39 -0700 Subject: Topic drift: The death of Usenet Message-ID: > Drifting quite off-topic here... but missing usenet myself, I wonder if > anyone knows of something "nearly as good as" ? And please, no > webforums or facebook. Well, to answer that question, I would have to know what it is you like about Usenet more than, say, PhpBB or Facebook. When I was saying goodbye to Usenet this week, I asked on rec.audio.pro about why it is they weren't using a web forum which covers the same topic. People liked the ability to read and post offline (one great strength which no web forum has today); people like the threading a good newsreader does; people like not having to see postings they have already read again; and blind people like the accessibility of Usenet. I think what most people want out of Usenet can be done with something like PhpBB with NNTP support. You connect to the server on port 119, it looks like a NNTP server. The server has a "text" hierarchy for people who don't want any HTML (it converts the postings to/from ASCII text), and a "html" or "ubb" hierarchy for people who want to read/post rich text/HTML/whatever via NNTP. There are advantages to this over Usenet: Post-moderation; the owner of the board can remove the spam, trolls, and flamers. (I would also require registration to access the NNTP server) A web interface that is more friendly and modern (and can be used from an average smartphone, unlike Usenet, which requires 80 columns) for most users. I don't think Usenet's way of propagating "articles" (postings) makes sense today; it's a solution to a problem that no longer exists. I think a web forum with a NNTP backend would satisfy the needs of those who want the flavor of Usenet again. These do exist, but I can't think of an open-source one. A final thought: I think Usenet would not have died if Usenet had embraced instead of shunned HTML during the dot-com expansion, and if a solution to runaway flamewars had been found (probably by implementing a form of after-the-fact moderation). - Sam From yarin at warpmail.net Sat Jan 15 13:47:02 2011 From: yarin at warpmail.net (Yarin) Date: Sat, 15 Jan 2011 12:47:02 -0600 Subject: compilation bug fix for bsds In-Reply-To: References: <20110102071418.GJ30803@linuxmafia.com><1294123551.20313.1413341829@webmail.messagingengine.com><1294716809.8284.1414540769@webmail.messagingengine.com> Message-ID: <1295117222.14814.1415473805@webmail.messagingengine.com> > Then again, there is a reason I prefer "-u" diffs. Yes, and so I see why. > Yes, '@' should do the right thing with a SOA email address Oh, '@' does do the right thing, it's just that the parser doesn't accept '.'s in the local part of the email address, because when it sees one, it thinks your trying to use it in place of the '@'. I've attached a proposed patch (released under the two-clause BSD license) that will fix this, by treating escaped dots differently. So, for example, the address "a.b.c at foo.bar.baz" can be expressed with "a\.b\.c.foo.bar.baz." This is the way the dig utility does it. Yarin ----- Original message ----- From: "Sam Trenholme" To: list at maradns.org Date: Sat, 15 Jan 2011 01:44:59 -0700 Subject: Re: compilation bug fix for bsds > Haha, it looks like you've updated duende since your latest official > release, so when you added the patch, one of the patch's lines got > stuffed in a new comment. I've confirmed that everything else is > where it's suppose to be though. The below diff, applied on top of it, > should put it where it goes. Thanks for catching that. I had a cold this last weekend which forced me to rest a lot and was spending too much time on Usenet [1] when I should have been looking closer to your patch. Then again, there is a reason I prefer "-u" diffs. I have fixed it: http://samiam.org/blog/20110115.html > Just recently, MaraDNS freaked when I tried to use a dot in the local > part of an SOA record. I then discovered that MaraDNS holds to the > classic, using the first dot in the address instead of an at sign. Would > you accept a patch that works with this to support dots in the local > part? The address would be parsed the same way dig prints it, that > is, with the local dots escaped, when lacking an at sign. You know, I have learned a lot with implementing that code. Like the wisdom for using an interpreter (or a meta-compiler like yacc/bison) for parsing text. Especially a fairly complex parser like the one used for csv2 zone file parsing. And, while I'm at it, the wisdom of making substantial changes to the parser (the optional use of '~' to separate DNS records in MaraDNS 1.3 so it is easier to convert BIND zone files in to CSV2 zone files) once it is written. Yes, '@' should do the right thing with a SOA email address in MaraDNS. If it doesn't, it's a bug. - Sam [1] Usenet was the protocol defining the internet until the web took over in the mid-1990s. Usenet was the place to share useful and cool things until the people sharing useful information moved on. I checked it out again this last week to relive a bit of nostalgia; Usenet, alas, is dead. From yarin at warpmail.net Sat Jan 15 13:52:45 2011 From: yarin at warpmail.net (Yarin) Date: Sat, 15 Jan 2011 12:52:45 -0600 Subject: compilation bug fix for bsds In-Reply-To: <1295117222.14814.1415473805@webmail.messagingengine.com> References: <20110102071418.GJ30803@linuxmafia.com><1294123551.20313.1413341829@webmail.messagingengine.com><1294716809.8284.1414540769@webmail.messagingengine.com> <1295117222.14814.1415473805@webmail.messagingengine.com> Message-ID: <1295117565.16480.1415477025@webmail.messagingengine.com> Looks like the attachment got scrubbed again. Here's the patch again, hopefully what ever it is that's causing your lines to get wrapped ~70 chars long won't hurt it. --- ./parse/Csv2_rr_soa.c 2010-08-28 17:13:20.000000000 -0500 +++ ./parse/Csv2_rr_soa.c 2011-01-15 12:17:46.293201632 -0600 @@ -34,17 +34,18 @@ */ int csv2_b4_at(int32 in) { - /* [0-9a-zA-Z\-\_\+\%\!\^\=] */ + /* [0-9a-zA-Z\-\_\+\%\!\^\=\.] */ return (csv2_is_alphanum(in) || in == '+' || in == '%' || - in == '!' || in == '^' || in == '='); + in == '!' || in == '^' || in == '=' || in == '.'); } -/* Process an address in the form 'a at foo.bar.baz.' or 'a.foo.bar.baz.' */ +/* Process an address in the form 'a at foo.bar.baz.', 'a.foo.bar.baz.', or 'a\.b\.c at foo.bar.baz.' */ js_string *process_mbox(csv2_read *stream) { js_string *o; int32 look; int x; + unsigned int prescaped = 0; o = process_1stchar(stream,csv2_is_alphanum_ordot,"Z"); if(o == 0) { @@ -69,13 +70,18 @@ js_destroy(o); return 0; } - if(look == '@' || look == '.') { - if(csv2_append_utf8(o, look) < 0) { + if(look == '@' || (look == '.' && !prescaped)) { + if(prescaped) { + csv2_error(stream,"You can't escape an @ or use it in the local part in mbox"); + js_destroy(o); + return 0; + } + if(csv2_append_utf8(o, '@') < 0) { // use an '@' regardless, to support local part '.'s csv2_error(stream,"Error appending character"); js_destroy(o); return 0; } - if(look == '.') { + if(look == '.') { // note: this block is asking for trouble if js_append_dname() is well behaved look = csv2_read_unicode(stream); if(csv2_is_text(look)) { if(csv2_append_utf8(o, look) < 0) { @@ -93,12 +99,21 @@ } break; } - if(csv2_b4_at(look)) { + if(look == '\\') { + if(prescaped) { + csv2_error(stream,"Unexpected character before @ in mbox, backslashes are illegal"); + js_destroy(o); + return 0; + } + prescaped = 1; // the parser will forgive escaping of regular characters without complaining + } + else if(csv2_b4_at(look)) { if(csv2_append_utf8(o, look) < 0) { csv2_error(stream,"Error appending character"); js_destroy(o); return 0; } + prescaped = 0; } else { csv2_error(stream,"Unexpected character before @" ----- Original message ----- From: "Yarin" To: list at maradns.org Date: Sat, 15 Jan 2011 12:47:02 -0600 Subject: Re: compilation bug fix for bsds > Then again, there is a reason I prefer "-u" diffs. Yes, and so I see why. > Yes, '@' should do the right thing with a SOA email address Oh, '@' does do the right thing, it's just that the parser doesn't accept '.'s in the local part of the email address, because when it sees one, it thinks your trying to use it in place of the '@'. I've attached a proposed patch (released under the two-clause BSD license) that will fix this, by treating escaped dots differently. So, for example, the address "a.b.c at foo.bar.baz" can be expressed with "a\.b\.c.foo.bar.baz." This is the way the dig utility does it. Yarin ----- Original message ----- From: "Sam Trenholme" To: list at maradns.org Date: Sat, 15 Jan 2011 01:44:59 -0700 Subject: Re: compilation bug fix for bsds > Haha, it looks like you've updated duende since your latest official > release, so when you added the patch, one of the patch's lines got > stuffed in a new comment. I've confirmed that everything else is > where it's suppose to be though. The below diff, applied on top of it, > should put it where it goes. Thanks for catching that. I had a cold this last weekend which forced me to rest a lot and was spending too much time on Usenet [1] when I should have been looking closer to your patch. Then again, there is a reason I prefer "-u" diffs. I have fixed it: http://samiam.org/blog/20110115.html > Just recently, MaraDNS freaked when I tried to use a dot in the local > part of an SOA record. I then discovered that MaraDNS holds to the > classic, using the first dot in the address instead of an at sign. Would > you accept a patch that works with this to support dots in the local > part? The address would be parsed the same way dig prints it, that > is, with the local dots escaped, when lacking an at sign. You know, I have learned a lot with implementing that code. Like the wisdom for using an interpreter (or a meta-compiler like yacc/bison) for parsing text. Especially a fairly complex parser like the one used for csv2 zone file parsing. And, while I'm at it, the wisdom of making substantial changes to the parser (the optional use of '~' to separate DNS records in MaraDNS 1.3 so it is easier to convert BIND zone files in to CSV2 zone files) once it is written. Yes, '@' should do the right thing with a SOA email address in MaraDNS. If it doesn't, it's a bug. - Sam [1] Usenet was the protocol defining the internet until the web took over in the mid-1990s. Usenet was the place to share useful and cool things until the people sharing useful information moved on. I checked it out again this last week to relive a bit of nostalgia; Usenet, alas, is dead. From strenholme.usenet at gmail.com Sat Jan 15 17:17:32 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 15 Jan 2011 15:17:32 -0700 Subject: compilation bug fix for bsds In-Reply-To: <1295117565.16480.1415477025@webmail.messagingengine.com> References: <20110102071418.GJ30803@linuxmafia.com> <1294123551.20313.1413341829@webmail.messagingengine.com> <1294716809.8284.1414540769@webmail.messagingengine.com> <1295117222.14814.1415473805@webmail.messagingengine.com> <1295117565.16480.1415477025@webmail.messagingengine.com> Message-ID: > Looks like the attachment got scrubbed again. > Here's the patch again, hopefully what ever it is that's causing > your lines to get wrapped ~70 chars long won't hurt it. As an aside, as a special exception to my "no private email about MaraDNS", if there is an issue with submitting a patch to the list and it gets scrubbed, just send it to me via private email. Note that I will probably not directly reply to the email, but post to the list any comments. OK, I don't know when I will get a change to look at this patch. It's a good idea, yes, but right now I'm concentrating what little time I have for MaraDNS to polishing up Deadwood (removing the minor bugs which a new release is more likely to have than a mature codebase like MaraDNS); I will probably look at this patch in a week or so. Again, I really appreciate your MaraDNS contributions! - Sam > --- ./parse/Csv2_rr_soa.c ? ? ? 2010-08-28 17:13:20.000000000 -0500 > +++ ./parse/Csv2_rr_soa.c ? ? ? 2011-01-15 12:17:46.293201632 -0600 > @@ -34,17 +34,18 @@ > ?*/ > > ?int csv2_b4_at(int32 in) { > - ? ? ? ?/* [0-9a-zA-Z\-\_\+\%\!\^\=] */ > + ? ? ? ?/* [0-9a-zA-Z\-\_\+\%\!\^\=\.] */ > ? ? ? ? return (csv2_is_alphanum(in) || in == '+' || in == '%' || > - ? ? ? ? ? ? ? ? ? ? ? ?in == '!' || in == '^' || in == '='); > + ? ? ? ? ? ? ? ? ? ? ? ?in == '!' || in == '^' || in == '=' || in == '.'); > ?} > > -/* Process an address in the form 'a at foo.bar.baz.' or 'a.foo.bar.baz.' */ > +/* Process an address in the form 'a at foo.bar.baz.', 'a.foo.bar.baz.', or 'a\.b\.c at foo.bar.baz.' */ > > ?js_string *process_mbox(csv2_read *stream) { > ? ? ? ? js_string *o; > ? ? ? ? int32 look; > ? ? ? ? int x; > + ? ? ? ?unsigned int prescaped = 0; > > ? ? ? ? o = process_1stchar(stream,csv2_is_alphanum_ordot,"Z"); > ? ? ? ? if(o == 0) { > @@ -69,13 +70,18 @@ > ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); > ? ? ? ? ? ? ? ? ? ? ? ? return 0; > ? ? ? ? ? ? ? ? } > - ? ? ? ? ? ? ? ?if(look == '@' || look == '.') { > - ? ? ? ? ? ? ? ? ? ? ? ?if(csv2_append_utf8(o, look) < 0) { > + ? ? ? ? ? ? ? ?if(look == '@' || (look == '.' && !prescaped)) { > + ? ? ? ? ? ? ? ? ? ? ? ?if(prescaped) { > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?csv2_error(stream,"You can't escape an @ or use it in the local part in mbox"); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?js_destroy(o); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0; > + ? ? ? ? ? ? ? ? ? ? ? ?} > + ? ? ? ? ? ? ? ? ? ? ? ?if(csv2_append_utf8(o, '@') < 0) { // use an '@' regardless, to support local part '.'s > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Error appending character"); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? return 0; > ? ? ? ? ? ? ? ? ? ? ? ? } > - ? ? ? ? ? ? ? ? ? ? ? ?if(look == '.') { > + ? ? ? ? ? ? ? ? ? ? ? ?if(look == '.') { // note: this block is asking for trouble if js_append_dname() is well behaved > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? look = csv2_read_unicode(stream); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_is_text(look)) { > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_append_utf8(o, look) < 0) { > @@ -93,12 +99,21 @@ > ? ? ? ? ? ? ? ? ? ? ? ? } > ? ? ? ? ? ? ? ? ? ? ? ? break; > ? ? ? ? ? ? ? ? } > - ? ? ? ? ? ? ? ?if(csv2_b4_at(look)) { > + ? ? ? ? ? ? ? ?if(look == '\\') { > + ? ? ? ? ? ? ? ? ? ? ? ?if(prescaped) { > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?csv2_error(stream,"Unexpected character before @ in mbox, backslashes are illegal"); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?js_destroy(o); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0; > + ? ? ? ? ? ? ? ? ? ? ? ?} > + ? ? ? ? ? ? ? ? ? ? ? ?prescaped = 1; // the parser will forgive escaping of regular characters without complaining > + ? ? ? ? ? ? ? ?} > + ? ? ? ? ? ? ? ?else if(csv2_b4_at(look)) { > ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_append_utf8(o, look) < 0) { > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Error appending character"); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? return 0; > ? ? ? ? ? ? ? ? ? ? ? ? } > + ? ? ? ? ? ? ? ? ? ? ? ?prescaped = 0; > ? ? ? ? ? ? ? ? } > ? ? ? ? ? ? ? ? else { > ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Unexpected character before @" > > > > ----- Original message ----- > From: "Yarin" > To: list at maradns.org > Date: Sat, 15 Jan 2011 12:47:02 -0600 > Subject: Re: compilation bug fix for bsds > >> Then again, there is a reason I prefer "-u" diffs. > > Yes, and so I see why. > >> Yes, '@' should do the right thing with a SOA email address > > Oh, '@' does do the right thing, it's just that the parser doesn't accept '.'s in the local part of the email address, because when it sees one, it thinks your trying to use it in place of the '@'. > I've attached a proposed patch (released under the two-clause BSD license) that will fix this, by treating escaped dots differently. So, for example, the address "a.b.c at foo.bar.baz" can be expressed with "a\.b\.c.foo.bar.baz." This is the way the dig utility does it. > > Yarin > > ----- Original message ----- > From: "Sam Trenholme" > To: list at maradns.org > Date: Sat, 15 Jan 2011 01:44:59 -0700 > Subject: Re: compilation bug fix for bsds > >> Haha, it looks like you've updated duende since your latest official >> release, so when you added the patch, one of the patch's lines got >> stuffed in a new comment. I've confirmed that everything else is >> where it's suppose to be though. The below diff, applied on top of it, >> should put it where it goes. > > Thanks for catching that. ?I had a cold this last weekend which forced > me to rest a lot and was spending too much time on Usenet [1] when I > should have been looking closer to your patch. ?Then again, there is a > reason I prefer "-u" diffs. > > I have fixed it: > > http://samiam.org/blog/20110115.html > >> Just recently, MaraDNS freaked when I tried to use a dot in the local >> part of an SOA record. I then discovered that MaraDNS holds to the >> classic, using the first dot in the address instead of an at sign. Would >> you accept a patch that works with this to support dots in the local >> part? The address would be parsed the same way dig prints it, that >> is, with the local dots escaped, when lacking an at sign. > > You know, I have learned a lot with implementing that code. ?Like the > wisdom for using an interpreter (or a meta-compiler like yacc/bison) > for parsing text. ?Especially a fairly complex parser like the one > used for csv2 zone file parsing. ?And, while I'm at it, the wisdom of > making substantial changes to the parser (the optional use of '~' to > separate DNS records in MaraDNS 1.3 so it is easier to convert BIND > zone files in to CSV2 zone files) once it is written. > > Yes, '@' should do the right thing with a SOA email address in > MaraDNS. ?If it doesn't, it's a bug. > > - Sam > > [1] Usenet was the protocol defining the internet until the web took > over in the mid-1990s. ?Usenet was the place to share useful and cool > things until the people sharing useful information moved on. ?I > checked it out again this last week to relive a bit of nostalgia; > Usenet, alas, is dead. > > > From remco at webconquest.com Sun Jan 16 00:39:20 2011 From: remco at webconquest.com (Remco Rijnders) Date: Sun, 16 Jan 2011 06:39:20 +0100 Subject: Topic drift: The death of Usenet In-Reply-To: References: Message-ID: <46.C284@winter.webconquest.com> On Sat, Jan 15, 2011 at 02:45:39AM -0700, Sam Trenholme wrote: > > Drifting quite off-topic here... but missing usenet myself, I wonder if > > anyone knows of something "nearly as good as" ? And please, no > > webforums or facebook. > > Well, to answer that question, I would have to know what it is you > like about Usenet more than, say, PhpBB or Facebook. When I was > saying goodbye to Usenet this week, I asked on rec.audio.pro about why > it is they weren't using a web forum which covers the same topic. > > People liked the ability to read and post offline (one great strength > which no web forum has today); people like the threading a good > newsreader does; people like not having to see postings they have > already read again; and blind people like the accessibility of Usenet. The things I don't like about these easily outnumber the things which I do like. For example, with usenet you have (had) discussions on all possible topics on one server. With forums, you have to find each individual server and create an useraccount if you want to post or sometimes even to read. Also, I could do without reading on things I'm interested in without Google or whatever advertising agency propping up ads that I did not ask for. You have to remember to visit all the forums you're interested in instead of having all discussions "show up" in one place which you can read at your own leisure and offline if so desired. Forums which have RSS-feeds in place might be able to elaviate some of this, but it still seems suboptimal to me. Every forum has its own controls, look and threading model (?) to get used to. I like to control myself how posts should be threaded and would like to be able to do my own filtering and scoring, etc. > I think what most people want out of Usenet can be done with something > like PhpBB with NNTP support. You connect to the server on port 119, > it looks like a NNTP server. The server has a "text" hierarchy for > people who don't want any HTML (it converts the postings to/from ASCII > text), and a "html" or "ubb" hierarchy for people who want to > read/post rich text/HTML/whatever via NNTP. Something which can turn a forum into a NNTP feed or a mailinglist would be most useful to me. Ideally it would also do this in one place. FudForum [1] is open source forum software which also allows mailinglist and nntp interfaces. It looks useful, but I guess it only works for those who actively install fudforum as their board of choice. If you want to follow discussions on a PhpBB forum you'd still be out of luck. > There are advantages to this over Usenet: Post-moderation; the owner > of the board can remove the spam, trolls, and flamers. (I would also > require registration to access the NNTP server) A web interface that > is more friendly and modern (and can be used from an average > smartphone, unlike Usenet, which requires 80 columns) for most users. There have been initiatives to (mode)rate articles on usenet such as NoCeM control messages, or GroupLens [2] ratings. All of these seem to have died a silent death though, while both of them seem like workable solutions to me had they gained enough support and momentum. > I don't think Usenet's way of propagating "articles" (postings) makes > sense today; it's a solution to a problem that no longer exists. I > think a web forum with a NNTP backend would satisfy the needs of those > who want the flavor of Usenet again. These do exist, but I can't > think of an open-source one. > > A final thought: I think Usenet would not have died if Usenet had > embraced instead of shunned HTML during the dot-com expansion, and if > a solution to runaway flamewars had been found (probably by > implementing a form of after-the-fact moderation). I agree that the propogation of articles is not really needed anymore. And had HTML be allowed, it would have played much nicer with modern browsers and clients. Those who want to read "text only" can then easily filter on their end (or even ask the NNTP server to show them the text only version if available?). There where valid arguments against HTML at first, but they do seem a bit silly in these days when usenet is mostly used to distribute massive amounts of binaries. Perhaps what would make me happy is to have a proxy NNTP-server which knows about my accounts on the various forums and regulary pulls in feeds from those boards and allows me to read and reply from my newsclient. Remco [1] http://fudforum.org [2] See for an article on this http://www.grouplens.org/papers/pdf/usenix97.pdf From strenholme.usenet at gmail.com Sun Jan 16 04:21:04 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 16 Jan 2011 02:21:04 -0700 Subject: Topic drift: The death of Usenet In-Reply-To: <46.C284@winter.webconquest.com> References: <46.C284@winter.webconquest.com> Message-ID: > The things I don't like about these easily outnumber the things which I do > like. For example, with usenet you have (had) discussions on all possible > topics on one server. With forums, you have to find each individual server > and create an useraccount if you want to post or sometimes even to read. I prefer the one zillion different forums approach myself, because it helps minimize the issues with cliques Usenet had. If I don't like the clique in on Linux support forum, for example, I can go to 20 other forums without the same clique. If, in 1995, I didn't like the clique in comp.os.linux.misc, there was no alternative. If forums had a NNTP interface, this would be a non-issue. Just fire up leafnode, grab the articles via NNTP from 20 different web forums, and they are now all in one place: Your hard disk. (Leafnode may have to add group name remapping support for the 10 different NNTP-supported forums that call their Linux support forum "text.linux"; this would even have been useful a few years back when "Usenet II" existed, allowing people to map this to "usenet2.net.whatever") > Also, I could do without reading on things I'm interested in without > Google or whatever advertising agency propping up ads that I did not ask > for. You know, I think the commercialization of the internet is a good thing and a bad thing. It's a good thing because a lot of quality content we would not otherwise have is now here. It is a bad thing because it makes it harder for find quality non-commercial resources. For example, I was recently looking around for a good open-source Sudoku generator. Google was useless; it kept giving me different links to the same handful of shareware Suduku generators. Finally, after some digging from my archives, I found a couple of excellent GPL Sudoku generators: http://www.lemo.dk/sudoku/ http://puzzle.gr.jp/ > Every forum has its own controls, look and threading model (?) to get used > to. I like to control myself how posts should be threaded and would like > to be able to do my own filtering and scoring, etc. This is what a lot of other people have been saying that they miss about Usenet. This is an issue that can be solved by giving a web forum a decent NNTP interface. > FudForum [1] is open source forum software which also allows mailinglist > and nntp interfaces. My issue with FudForum and the other open-source solutions is this: They solve a problem which is no longer relevant. They allow a given web forum to be a convenient front-end to Usenet. What I want is different. I don't care about Usenet any more; it's dead. My goal is not to make a web front end so people can more easily read the useless flame wars in comp.os.linux.advocacy. But I care about NNTP; I want to have offline reading, TRN's really cool threading support, text-only compatibility (this is especially useful for blind people), and the other goodies. My focus is different: Let's have a NNTP front end that allows us to access the web forum from TRN or whatever. (More info about FUDforum and Usenet: http://cvs.prohost.org/index.php/Newsgroup_Manager) > There have been initiatives to (mode)rate articles on usenet such as > NoCeM control messages, or GroupLens [2] ratings. All of these seem to > have died a silent death though, while both of them seem like workable > solutions to me had they gained enough support and momentum. I think the issue here is the same one that Usenet had with HTML messages: People did not want Usenet to change at all. They got what they wanted: A stagnant messaging system whose doom began when Matt's wwwboard showed up, really started to lose users with Slashcode and Scoop (kuro5hin.org), and was downright hemorrhaging users once Vbulletin and phpbb were on the scene. People don't post to rec.games.computer.doom.editing any more (it hasn't had a single post in the last month); they now post to http://www.doomworld.com/vb/doom-editing/. It's very telling that a group for a game whose peak in popularity coincided with Usenet's peak [1] is now deserted. > And had HTML been allowed, it would have played much nicer with modern > browsers and clients. Those who want to read "text only" can then easily > filter on their end (or even ask the NNTP server to show them the text > only version if available?) The plan is my head is to have something that fairly easily converts from text-only to HTML, and from HTML to text only. *word* becomes bold, _word_ becomes italics, and anything that needs ASCII art (or code samples) can be done with a tag like [pre]...[/pre] (this would be the *only* tag it will support). Bulleted lists can be done with '* ' at the beginning of a line (where the next line with text at the beginning of the line ends the list. Links are automatically converted in to hotlinks. - Sam [1] For the pedants: I'm not talking about binary newsgroups. I'm talking about text-based Usenet. From cooleyr at gmail.com Sun Jan 16 22:18:34 2011 From: cooleyr at gmail.com (cooleyr at gmail.com) Date: Sun, 16 Jan 2011 19:18:34 -0800 Subject: Topic drift: The death of Usenet In-Reply-To: <46.C284@winter.webconquest.com> References: <46.C284@winter.webconquest.com> Message-ID: I don't see what is "sub optimal" about RSS. It seems to provide most of what you want... Consistent interface, offline reading, a lot of control over the display, and lacking the mass of ads found on the web. Many let you search for the topics you want within the app as well, so there's much less need to scour the web for them. Finding a good RSS reader has drastically decreased the amount of time I spend using a browser every day, for checking the news and original content from various sources, as well as following discussions, so it's not just a theoretical suggestion. You're still out of luck as far as replying to topics without creating several disparate accounts, and you'll need to open up a web browser for that, but what can I say? Life isn't perfect... You can move from the distant past into the future without losing much, and gaining modern befits while you're at it, or you can keep trying to hang on until there's nothing left for you. It is a bit of work finding a good RSS reader, and may cost a few dollars, but it's a one time deal, and you just can't keep the old Model-T going forever. From yarin at warpmail.net Mon Jan 17 00:39:58 2011 From: yarin at warpmail.net (Yarin) Date: Sun, 16 Jan 2011 23:39:58 -0600 Subject: compilation bug fix for bsds In-Reply-To: References: <20110102071418.GJ30803@linuxmafia.com><1294123551.20313.1413341829@webmail.messagingengine.com><1294716809.8284.1414540769@webmail.messagingengine.com><1295117222.14814.1415473805@webmail.messagingengine.com><1295117565.16480.1415477025@webmail.messagingengine.com> Message-ID: <1295242798.25168.1415651975@webmail.messagingengine.com> Sure. And for when you get to it, here's a doc patch --- ./doc/en/source/csv2.ej 2010-07-31 02:17:06.000000000 -0500 +++ ./doc/en/source/csv2.ej 2011-01-16 23:30:12.152222367 -0600 @@ -171,6 +171,16 @@ x.org. SOA x.org. email at x.org. 1 7200 3600 604800 1800 ~ +If you use a dot ('.') in the local part of the email address, you must +escape it. Keep in mind that the RFC forbids local part dots that aren't +directly preceded and proceeded by a non-dot character, and that MaraDNS +will not verify your following this rule. +An example record making use of a local part dot: + +
+x.org. SOA x.org. john\.doe at x.org. 1 7200 3600 604800 1800 ~
+
+ The serial numeric field may be replaced by the string '/serial'; this string tells the CSV2 zone parser to synthesize a serial number for the zone based on the timestamp for the zone file. This allows one to Yarin ----- Original message ----- From: "Sam Trenholme" To: list at maradns.org Date: Sat, 15 Jan 2011 15:17:32 -0700 Subject: Re: compilation bug fix for bsds > Looks like the attachment got scrubbed again. > Here's the patch again, hopefully what ever it is that's causing > your lines to get wrapped ~70 chars long won't hurt it. As an aside, as a special exception to my "no private email about MaraDNS", if there is an issue with submitting a patch to the list and it gets scrubbed, just send it to me via private email. Note that I will probably not directly reply to the email, but post to the list any comments. OK, I don't know when I will get a change to look at this patch. It's a good idea, yes, but right now I'm concentrating what little time I have for MaraDNS to polishing up Deadwood (removing the minor bugs which a new release is more likely to have than a mature codebase like MaraDNS); I will probably look at this patch in a week or so. Again, I really appreciate your MaraDNS contributions! - Sam > --- ./parse/Csv2_rr_soa.c ? ? ? 2010-08-28 17:13:20.000000000 -0500 > +++ ./parse/Csv2_rr_soa.c ? ? ? 2011-01-15 12:17:46.293201632 -0600 > @@ -34,17 +34,18 @@ > ?*/ > > ?int csv2_b4_at(int32 in) { > - ? ? ? ?/* [0-9a-zA-Z\-\_\+\%\!\^\=] */ > + ? ? ? ?/* [0-9a-zA-Z\-\_\+\%\!\^\=\.] */ > ? ? ? ? return (csv2_is_alphanum(in) || in == '+' || in == '%' || > - ? ? ? ? ? ? ? ? ? ? ? ?in == '!' || in == '^' || in == '='); > + ? ? ? ? ? ? ? ? ? ? ? ?in == '!' || in == '^' || in == '=' || in == '.'); > ?} > > -/* Process an address in the form 'a at foo.bar.baz.' or 'a.foo.bar.baz.' */ > +/* Process an address in the form 'a at foo.bar.baz.', 'a.foo.bar.baz.', or 'a\.b\.c at foo.bar.baz.' */ > > ?js_string *process_mbox(csv2_read *stream) { > ? ? ? ? js_string *o; > ? ? ? ? int32 look; > ? ? ? ? int x; > + ? ? ? ?unsigned int prescaped = 0; > > ? ? ? ? o = process_1stchar(stream,csv2_is_alphanum_ordot,"Z"); > ? ? ? ? if(o == 0) { > @@ -69,13 +70,18 @@ > ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); > ? ? ? ? ? ? ? ? ? ? ? ? return 0; > ? ? ? ? ? ? ? ? } > - ? ? ? ? ? ? ? ?if(look == '@' || look == '.') { > - ? ? ? ? ? ? ? ? ? ? ? ?if(csv2_append_utf8(o, look) < 0) { > + ? ? ? ? ? ? ? ?if(look == '@' || (look == '.' && !prescaped)) { > + ? ? ? ? ? ? ? ? ? ? ? ?if(prescaped) { > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?csv2_error(stream,"You can't escape an @ or use it in the local part in mbox"); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?js_destroy(o); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0; > + ? ? ? ? ? ? ? ? ? ? ? ?} > + ? ? ? ? ? ? ? ? ? ? ? ?if(csv2_append_utf8(o, '@') < 0) { // use an '@' regardless, to support local part '.'s > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Error appending character"); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? return 0; > ? ? ? ? ? ? ? ? ? ? ? ? } > - ? ? ? ? ? ? ? ? ? ? ? ?if(look == '.') { > + ? ? ? ? ? ? ? ? ? ? ? ?if(look == '.') { // note: this block is asking for trouble if js_append_dname() is well behaved > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? look = csv2_read_unicode(stream); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_is_text(look)) { > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_append_utf8(o, look) < 0) { > @@ -93,12 +99,21 @@ > ? ? ? ? ? ? ? ? ? ? ? ? } > ? ? ? ? ? ? ? ? ? ? ? ? break; > ? ? ? ? ? ? ? ? } > - ? ? ? ? ? ? ? ?if(csv2_b4_at(look)) { > + ? ? ? ? ? ? ? ?if(look == '\\') { > + ? ? ? ? ? ? ? ? ? ? ? ?if(prescaped) { > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?csv2_error(stream,"Unexpected character before @ in mbox, backslashes are illegal"); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?js_destroy(o); > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0; > + ? ? ? ? ? ? ? ? ? ? ? ?} > + ? ? ? ? ? ? ? ? ? ? ? ?prescaped = 1; // the parser will forgive escaping of regular characters without complaining > + ? ? ? ? ? ? ? ?} > + ? ? ? ? ? ? ? ?else if(csv2_b4_at(look)) { > ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_append_utf8(o, look) < 0) { > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Error appending character"); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? return 0; > ? ? ? ? ? ? ? ? ? ? ? ? } > + ? ? ? ? ? ? ? ? ? ? ? ?prescaped = 0; > ? ? ? ? ? ? ? ? } > ? ? ? ? ? ? ? ? else { > ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Unexpected character before @" > > > > ----- Original message ----- > From: "Yarin" > To: list at maradns.org > Date: Sat, 15 Jan 2011 12:47:02 -0600 > Subject: Re: compilation bug fix for bsds > >> Then again, there is a reason I prefer "-u" diffs. > > Yes, and so I see why. > >> Yes, '@' should do the right thing with a SOA email address > > Oh, '@' does do the right thing, it's just that the parser doesn't accept '.'s in the local part of the email address, because when it sees one, it thinks your trying to use it in place of the '@'. > I've attached a proposed patch (released under the two-clause BSD license) that will fix this, by treating escaped dots differently. So, for example, the address "a.b.c at foo.bar.baz" can be expressed with "a\.b\.c.foo.bar.baz." This is the way the dig utility does it. > > Yarin > > ----- Original message ----- > From: "Sam Trenholme" > To: list at maradns.org > Date: Sat, 15 Jan 2011 01:44:59 -0700 > Subject: Re: compilation bug fix for bsds > >> Haha, it looks like you've updated duende since your latest official >> release, so when you added the patch, one of the patch's lines got >> stuffed in a new comment. I've confirmed that everything else is >> where it's suppose to be though. The below diff, applied on top of it, >> should put it where it goes. > > Thanks for catching that. ?I had a cold this last weekend which forced > me to rest a lot and was spending too much time on Usenet [1] when I > should have been looking closer to your patch. ?Then again, there is a > reason I prefer "-u" diffs. > > I have fixed it: > > http://samiam.org/blog/20110115.html > >> Just recently, MaraDNS freaked when I tried to use a dot in the local >> part of an SOA record. I then discovered that MaraDNS holds to the >> classic, using the first dot in the address instead of an at sign. Would >> you accept a patch that works with this to support dots in the local >> part? The address would be parsed the same way dig prints it, that >> is, with the local dots escaped, when lacking an at sign. > > You know, I have learned a lot with implementing that code. ?Like the > wisdom for using an interpreter (or a meta-compiler like yacc/bison) > for parsing text. ?Especially a fairly complex parser like the one > used for csv2 zone file parsing. ?And, while I'm at it, the wisdom of > making substantial changes to the parser (the optional use of '~' to > separate DNS records in MaraDNS 1.3 so it is easier to convert BIND > zone files in to CSV2 zone files) once it is written. > > Yes, '@' should do the right thing with a SOA email address in > MaraDNS. ?If it doesn't, it's a bug. > > - Sam > > [1] Usenet was the protocol defining the internet until the web took > over in the mid-1990s. ?Usenet was the place to share useful and cool > things until the people sharing useful information moved on. ?I > checked it out again this last week to relive a bit of nostalgia; > Usenet, alas, is dead. > > > From remco at webconquest.com Mon Jan 17 01:01:06 2011 From: remco at webconquest.com (Remco Rijnders) Date: Mon, 17 Jan 2011 07:01:06 +0100 Subject: compilation bug fix for bsds In-Reply-To: <1295242798.25168.1415651975@webmail.messagingengine.com> References: <1295242798.25168.1415651975@webmail.messagingengine.com> Message-ID: <56.F0AC@winter.webconquest.com> On Sun, Jan 16, 2011 at 11:39:58PM -0600, Yarin wrote: > Sure. And for when you get to it, here's a doc patch > > +If you use a dot ('.') in the local part of the email address, you must > +escape it. Keep in mind that the RFC forbids local part dots that aren't > +directly preceded and proceeded by a non-dot character, and that MaraDNS > +will not verify your following this rule. Minor correction: "MaraDNS will not verify your following of this rule." or "MaraDNS will not verify you're following this rule.". Regards, Remmy From strenholme.usenet at gmail.com Mon Jan 17 01:04:44 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 16 Jan 2011 23:04:44 -0700 Subject: compilation bug fix for bsds In-Reply-To: <1295242798.25168.1415651975@webmail.messagingengine.com> References: <20110102071418.GJ30803@linuxmafia.com> <1294123551.20313.1413341829@webmail.messagingengine.com> <1294716809.8284.1414540769@webmail.messagingengine.com> <1295117222.14814.1415473805@webmail.messagingengine.com> <1295117565.16480.1415477025@webmail.messagingengine.com> <1295242798.25168.1415651975@webmail.messagingengine.com> Message-ID: OK, this looks really good. As an aside, I have just updated Deadwood to fix a bug it had resolving www.urbandictionary.com, which I have uploaded here: http://maradns.org/deadwood/snap/ This coming weekend, I will start tacking the bugs in MaraDNS: * There is an issue with ANY records too big to fit in 512 bytes * "Make install" in MaraDNS doesn't install Deadwood Once I take care of the above issues, then I can start looking at your issues and patches. - Sam 2011/1/16 Yarin : > Sure. And for when you get to it, here's a doc patch > > > --- ./doc/en/source/csv2.ej ? ? 2010-07-31 02:17:06.000000000 -0500 > +++ ./doc/en/source/csv2.ej ? ? 2011-01-16 23:30:12.152222367 -0600 > @@ -171,6 +171,16 @@ > ?x.org. SOA x.org. email at x.org. 1 7200 3600 604800 1800 ~ > ? > > +If you use a dot ('.') in the local part of the email address, you must > +escape it. Keep in mind that the RFC forbids local part dots that aren't > +directly preceded and proceeded by a non-dot character, and that MaraDNS > +will not verify your following this rule. > +An example record making use of a local part dot: > + > +
> +x.org. SOA x.org. john\.doe at x.org. 1 7200 3600 604800 1800 ~
> +
> + > ?The serial numeric field may be replaced by the string '/serial'; this > ?string tells the CSV2 zone parser to synthesize a serial number for the > ?zone based on the timestamp for the zone file. ?This allows one to > > > Yarin > > ----- Original message ----- > From: "Sam Trenholme" > To: list at maradns.org > Date: Sat, 15 Jan 2011 15:17:32 -0700 > Subject: Re: compilation bug fix for bsds > >> Looks like the attachment got scrubbed again. >> Here's the patch again, hopefully what ever it is that's causing >> your lines to get wrapped ~70 chars long won't hurt it. > > As an aside, as a special exception to my "no private email about > MaraDNS", if there is an issue with submitting a patch to the list and > it gets scrubbed, just send it to me via private email. ?Note that I > will probably not directly reply to the email, but post to the list > any comments. > > OK, I don't know when I will get a change to look at this patch. ?It's > a good idea, yes, but right now I'm concentrating what little time I > have for MaraDNS to polishing up Deadwood (removing the minor bugs > which a new release is more likely to have than a mature codebase like > MaraDNS); I will probably look at this patch in a week or so. > > Again, I really appreciate your MaraDNS contributions! > > - Sam > >> --- ./parse/Csv2_rr_soa.c ? ? ? 2010-08-28 17:13:20.000000000 -0500 >> +++ ./parse/Csv2_rr_soa.c ? ? ? 2011-01-15 12:17:46.293201632 -0600 >> @@ -34,17 +34,18 @@ >> ?*/ >> >> ?int csv2_b4_at(int32 in) { >> - ? ? ? ?/* [0-9a-zA-Z\-\_\+\%\!\^\=] */ >> + ? ? ? ?/* [0-9a-zA-Z\-\_\+\%\!\^\=\.] */ >> ? ? ? ? return (csv2_is_alphanum(in) || in == '+' || in == '%' || >> - ? ? ? ? ? ? ? ? ? ? ? ?in == '!' || in == '^' || in == '='); >> + ? ? ? ? ? ? ? ? ? ? ? ?in == '!' || in == '^' || in == '=' || in == '.'); >> ?} >> >> -/* Process an address in the form 'a at foo.bar.baz.' or 'a.foo.bar.baz.' */ >> +/* Process an address in the form 'a at foo.bar.baz.', 'a.foo.bar.baz.', or 'a\.b\.c at foo.bar.baz.' */ >> >> ?js_string *process_mbox(csv2_read *stream) { >> ? ? ? ? js_string *o; >> ? ? ? ? int32 look; >> ? ? ? ? int x; >> + ? ? ? ?unsigned int prescaped = 0; >> >> ? ? ? ? o = process_1stchar(stream,csv2_is_alphanum_ordot,"Z"); >> ? ? ? ? if(o == 0) { >> @@ -69,13 +70,18 @@ >> ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); >> ? ? ? ? ? ? ? ? ? ? ? ? return 0; >> ? ? ? ? ? ? ? ? } >> - ? ? ? ? ? ? ? ?if(look == '@' || look == '.') { >> - ? ? ? ? ? ? ? ? ? ? ? ?if(csv2_append_utf8(o, look) < 0) { >> + ? ? ? ? ? ? ? ?if(look == '@' || (look == '.' && !prescaped)) { >> + ? ? ? ? ? ? ? ? ? ? ? ?if(prescaped) { >> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?csv2_error(stream,"You can't escape an @ or use it in the local part in mbox"); >> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?js_destroy(o); >> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0; >> + ? ? ? ? ? ? ? ? ? ? ? ?} >> + ? ? ? ? ? ? ? ? ? ? ? ?if(csv2_append_utf8(o, '@') < 0) { // use an '@' regardless, to support local part '.'s >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Error appending character"); >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? return 0; >> ? ? ? ? ? ? ? ? ? ? ? ? } >> - ? ? ? ? ? ? ? ? ? ? ? ?if(look == '.') { >> + ? ? ? ? ? ? ? ? ? ? ? ?if(look == '.') { // note: this block is asking for trouble if js_append_dname() is well behaved >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? look = csv2_read_unicode(stream); >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_is_text(look)) { >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_append_utf8(o, look) < 0) { >> @@ -93,12 +99,21 @@ >> ? ? ? ? ? ? ? ? ? ? ? ? } >> ? ? ? ? ? ? ? ? ? ? ? ? break; >> ? ? ? ? ? ? ? ? } >> - ? ? ? ? ? ? ? ?if(csv2_b4_at(look)) { >> + ? ? ? ? ? ? ? ?if(look == '\\') { >> + ? ? ? ? ? ? ? ? ? ? ? ?if(prescaped) { >> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?csv2_error(stream,"Unexpected character before @ in mbox, backslashes are illegal"); >> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?js_destroy(o); >> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0; >> + ? ? ? ? ? ? ? ? ? ? ? ?} >> + ? ? ? ? ? ? ? ? ? ? ? ?prescaped = 1; // the parser will forgive escaping of regular characters without complaining >> + ? ? ? ? ? ? ? ?} >> + ? ? ? ? ? ? ? ?else if(csv2_b4_at(look)) { >> ? ? ? ? ? ? ? ? ? ? ? ? if(csv2_append_utf8(o, look) < 0) { >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Error appending character"); >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? js_destroy(o); >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? return 0; >> ? ? ? ? ? ? ? ? ? ? ? ? } >> + ? ? ? ? ? ? ? ? ? ? ? ?prescaped = 0; >> ? ? ? ? ? ? ? ? } >> ? ? ? ? ? ? ? ? else { >> ? ? ? ? ? ? ? ? ? ? ? ? csv2_error(stream,"Unexpected character before @" >> >> >> >> ----- Original message ----- >> From: "Yarin" >> To: list at maradns.org >> Date: Sat, 15 Jan 2011 12:47:02 -0600 >> Subject: Re: compilation bug fix for bsds >> >>> Then again, there is a reason I prefer "-u" diffs. >> >> Yes, and so I see why. >> >>> Yes, '@' should do the right thing with a SOA email address >> >> Oh, '@' does do the right thing, it's just that the parser doesn't accept '.'s in the local part of the email address, because when it sees one, it thinks your trying to use it in place of the '@'. >> I've attached a proposed patch (released under the two-clause BSD license) that will fix this, by treating escaped dots differently. So, for example, the address "a.b.c at foo.bar.baz" can be expressed with "a\.b\.c.foo.bar.baz." This is the way the dig utility does it. >> >> Yarin >> >> ----- Original message ----- >> From: "Sam Trenholme" >> To: list at maradns.org >> Date: Sat, 15 Jan 2011 01:44:59 -0700 >> Subject: Re: compilation bug fix for bsds >> >>> Haha, it looks like you've updated duende since your latest official >>> release, so when you added the patch, one of the patch's lines got >>> stuffed in a new comment. I've confirmed that everything else is >>> where it's suppose to be though. The below diff, applied on top of it, >>> should put it where it goes. >> >> Thanks for catching that. ?I had a cold this last weekend which forced >> me to rest a lot and was spending too much time on Usenet [1] when I >> should have been looking closer to your patch. ?Then again, there is a >> reason I prefer "-u" diffs. >> >> I have fixed it: >> >> http://samiam.org/blog/20110115.html >> >>> Just recently, MaraDNS freaked when I tried to use a dot in the local >>> part of an SOA record. I then discovered that MaraDNS holds to the >>> classic, using the first dot in the address instead of an at sign. Would >>> you accept a patch that works with this to support dots in the local >>> part? The address would be parsed the same way dig prints it, that >>> is, with the local dots escaped, when lacking an at sign. >> >> You know, I have learned a lot with implementing that code. ?Like the >> wisdom for using an interpreter (or a meta-compiler like yacc/bison) >> for parsing text. ?Especially a fairly complex parser like the one >> used for csv2 zone file parsing. ?And, while I'm at it, the wisdom of >> making substantial changes to the parser (the optional use of '~' to >> separate DNS records in MaraDNS 1.3 so it is easier to convert BIND >> zone files in to CSV2 zone files) once it is written. >> >> Yes, '@' should do the right thing with a SOA email address in >> MaraDNS. ?If it doesn't, it's a bug. >> >> - Sam >> >> [1] Usenet was the protocol defining the internet until the web took >> over in the mid-1990s. ?Usenet was the place to share useful and cool >> things until the people sharing useful information moved on. ?I >> checked it out again this last week to relive a bit of nostalgia; >> Usenet, alas, is dead. >> >> >> > > From strenholme.usenet at gmail.com Mon Jan 17 01:29:59 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 16 Jan 2011 23:29:59 -0700 Subject: Topic drift: The death of Usenet In-Reply-To: References: <46.C284@winter.webconquest.com> Message-ID: > Life isn't perfect... ?You can move from the distant past into the future > without losing much, and gaining modern befits while you're at it, or you can > keep trying to hang on until there's nothing left for you. I agree that Usenet is the "distant past"...and, as I blogged before, Usenet was far from perfect: >>>In truth, Usenet really wasn't that great. There was no moderation, so no way to keep flame wars or spam under control. It was a place with a lot of arrogance and elitism; a place where experienced users took a sadistic delight in flaming newbies (this was even worse in IRC, the 1990s version of MSN and instant messaging); a place where finding an answer to a technical question was a hit-and-miss affair. A place without graphics or multimedia; the interface was nothing more than ugly fixed-width text on an 80-column screen.<<< >?It is a bit of work finding a good RSS reader, and ?may cost > a few dollars, but it's a one time deal, and you just can't keep the old > Model-T going forever. I don't think either Remmy or myself are arguing that Usenet is in any way thriving. I hope we're not the kind of dorks I have seen on online board who say "Usenet isn't dead because comp.lang.python still has a lot of traffic. ?USENET 4EVER DOOD!", or, in classic Usenet fashion, "How can someone be so clueless as to think Usenet is dying. What an idiot." Where I'm going is this: Is there a way to get people who are still comfortable using the old Usenet software to be integrated in a web forum? Leafnode can solve the problem of having to remember a dozen usernames and passwords. There are things NNTP has that RSS doesn't have: Offline reading, and the ability to use "references" headers to have a fully threaded discussion. NNTP is a solution to the problem of "we want a forum anyone can post to and participate in" and the obsolete problem of "we can only connect to a couple of computers but want to get and receive data from many more computers". RSS is a solution to the problem of "We want to quickly scan a lot of news headlines to fetch interesting articles" I think a good RSS reader can have most of the good things NNTP has: By remembering usernames and passwords, it can make all of the data handy. It would not be too hard for a RSS reader to pre-fetch articles, giving it the ability for someone to catch up while on a train or airplane or otherwise temporarily offline. RSS, on the other hand, has a very different relationship between the content creator than NNTP/Usenet had. Usenet was for an era when the Internet was purely non-commercial, and where the users had to provide all of the content. RSS is for an era when all of the big newspapers are online, as well as countless bloggers; it is for reading, not creating, content. Things *are* much better today. I don't have to trudge through yet another pointless Usenet flame war (or risk being flamed myself) to figure out how to configure my wireless card in Linux. I have just downloaded and am trying out FeedDemon. It looks pretty good, but I don't like how it uses MSIE's "Trident" engine to render content, so I've already set it up to open links in Firefox. - Sam P.S. RSS-to-NNTP can also work nicely. From strenholme.usenet at gmail.com Mon Jan 17 09:59:52 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 17 Jan 2011 07:59:52 -0700 Subject: Fwd: compilation bug fix for bsds Message-ID: [This message was rejected by the list's filtering software, so I'm sending it to the list by hand. I hope to have a chance to compile Deadwood for Windows this coming weekend] From:?wayne at tiscali To:?list at maradns.org Date:?Mon, 17 Jan 2011 07:43:17 +0000 Subject:?Re: compilation bug fix for bsds hi sam, would like a win32 build of deadwood to play with when you have a chance. p.s. - i think my firewall by default blocks any dns records over 512 bytes, assuming they are an exploit... Best Regards, On 17 Jan 2011 06:04, Sam Trenholme wrote: OK, this looks really good. As an aside, I have just updated Deadwood to fix a bug it had resolving www.urbandictionary.com, which I have uploaded here: http://maradns.org/deadwood/snap/ This coming weekend, I will start tacking the bugs in MaraDNS: * There is an issue with ANY records too big to fit in 512 bytes * "Make install" in MaraDNS doesn't install Deadwood Once I take care of the above issues, then I can start looking at your issues and patches. - Sam From cooleyr at gmail.com Mon Jan 17 18:30:10 2011 From: cooleyr at gmail.com (RC) Date: Mon, 17 Jan 2011 15:30:10 -0800 Subject: Topic drift: The death of Usenet In-Reply-To: References: <46.C284@winter.webconquest.com> Message-ID: <20110117153010.7609a420.cooleyr@gmail.com> On Sun, 16 Jan 2011 23:29:59 -0700 Sam Trenholme wrote: > There are things NNTP has that RSS doesn't have: Offline reading, and > the ability to use "references" headers to have a fully threaded > discussion. RSS most certainly has offline reading. That's it's main purpose. If the feed you're subscribed to doesn't include the full comment/article, you should contact the webmaster and ask. Commonly, you can just change the options in the RSS feed URL yourself. eg. example.com/rss?feed=full or example.com/rss/full. If you look up the forum software being used, it's typically a quick read in the docs to find the RSS options you can choose from. RSS's lack of threading is unfortunate. Though I suppose some RSS reader could hack up something (that looks close) from the subject line, time/date, and maybe even parsing quoted text... From strenholme.usenet at gmail.com Sun Jan 23 02:33:54 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 23 Jan 2011 00:33:54 -0700 Subject: compilation bug fix for bsds Message-ID: > would like a win32 build of deadwood to play with when you have a chance. Done. http://maradns.org/deadwood/snap/ This was compiled with full debugging symbols ('-g'), so it's a little bigger (and slower) than the Deadwood releases. - Sam From strenholme.usenet at gmail.com Mon Jan 24 10:26:33 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 24 Jan 2011 08:26:33 -0700 Subject: Wayne tried to send another message to the list Message-ID: Until Wayne configures his mailer to not send HTML email to the list, I am going to remove the HTML from his list and send them by hand. I will reply to his email at the bottom. --------------------------------------- From:?wayne at tiscali To:?list at maradns.org Date:?Mon, 24 Jan 2011 10:30:56 +0000 Subject:?Re: compilation bug fix for bsds thanx, sam, seems to be working fine, didn't notice any slowdowns tho debug code can do that. namebench results: (using 8.8.4.4 & 208.67.220.220 in deadwood's upstream_servers config) Avg (ms) Diff Min Max TO NX 32.61 167.1% 5.4 2374.8 0 0 isohunt.com appears incorrect: 208.95.173.130 www.thesouthasian.org appears incorrect: p8p.geo.mf0.yahoodns.net wikileaks.org appears incorrect: 64.64.12.170 www.lapsiporno.info appears incorrect: 188.117.16.13 youporn.com appears incorrect: 173.192.60.243, 173.192.60.244, 173.192.60.245, 173.192.60.242 motherless.com appears incorrect: 38.114.210.196 www.stormfront.org appears incorrect: 174.121.229.156 dns.query.BadResponse (4 requests) using 'firefox' as query source, not sure where the *porn* ones came from in that list as i do not knowingly link to them kind.will let you know if i come across any errors... Best Regards, On 23 Jan 2011 07:33, Sam Trenholme wrote: would like a win32 build of deadwood to play with when you have a chance. Done. http://maradns.org/deadwood/snap/ This was compiled with full debugging symbols ('-g'), so it's a little bigger (and slower) than the Deadwood releases. - Sam ------------------------------------------- Of all of the domains Wayne listed, I got the same replies using Deadwood and Google's name server at 8.8.8.8. I looked at the first few domains he got in that report by looking them up by hand starting at the roots and did not see anything unusual about the domains. My theory is that Wayne's list of correct answers are just out of date; I know wikileaks.org moved fairly recently. I am including a comparison of Deadwood and Google's answers at the end of this email. - Sam (Stormfront?? How did that get on this list?) # Querying the server with the IP 127.0.0.1 # Question: Aisohunt.com. isohunt.com. +60 a 208.95.172.130 # NS replies: # AR replies: # Querying the server with the IP 8.8.8.8 # Question: Aisohunt.com. isohunt.com. +26 a 208.95.172.130 # NS replies: # AR replies: # Querying the server with the IP 127.0.0.1 # Question: Awww.thesouthasian.org. www.thesouthasian.org. +3147 cname p8p.geo.mf0.yahoodns.net. #p8p.geo.mf0.yahoodns.net. +3147 a 67.195.145.142 #p8p.geo.mf0.yahoodns.net. +3147 a 67.195.145.141 # NS replies: # AR replies: # Querying the server with the IP 8.8.8.8 # Question: Awww.thesouthasian.org. www.thesouthasian.org. +38 cname p8p.geo.mf0.yahoodns.net. #p8p.geo.mf0.yahoodns.net. +285 a 67.195.145.141 #p8p.geo.mf0.yahoodns.net. +285 a 67.195.145.142 # NS replies: # AR replies: # Querying the server with the IP 127.0.0.1 # Question: Awikileaks.org. wikileaks.org. +14039 a 64.64.12.170 # NS replies: # AR replies: # Querying the server with the IP 8.8.8.8 # Question: Awikileaks.org. wikileaks.org. +8262 a 64.64.12.170 # NS replies: # AR replies: # Querying the server with the IP 127.0.0.1 # Question: Awww.lapsiporno.info. www.lapsiporno.info. +10800 a 188.117.16.13 # NS replies: # AR replies: # Querying the server with the IP 8.8.8.8 # Question: Awww.lapsiporno.info. www.lapsiporno.info. +93 a 188.117.16.13 # NS replies: # AR replies: # Querying the server with the IP 127.0.0.1 # Question: Ayouporn.com. youporn.com. +900 a 173.192.60.243 youporn.com. +900 a 173.192.60.244 youporn.com. +900 a 173.192.60.245 youporn.com. +900 a 173.192.60.242 # NS replies: # AR replies: # Querying the server with the IP 8.8.8.8 # Question: Ayouporn.com. youporn.com. +598 a 173.192.60.245 youporn.com. +598 a 173.192.60.242 youporn.com. +598 a 173.192.60.243 youporn.com. +598 a 173.192.60.244 # NS replies: # AR replies: # Querying the server with the IP 127.0.0.1 # Question: Amotherless.com. motherless.com. +86400 a 38.114.210.196 # NS replies: # AR replies: # Querying the server with the IP 8.8.8.8 # Question: Amotherless.com. motherless.com. +29741 a 38.114.210.196 # NS replies: # AR replies: # Querying the server with the IP 127.0.0.1 # Question: Awww.stormfront.org. www.stormfront.org. +7200 a 174.121.229.156 # NS replies: # AR replies: # Querying the server with the IP 8.8.8.8 # Question: Awww.stormfront.org. www.stormfront.org. +6755 a 174.121.229.156 # NS replies: # AR replies: From shaanlumley at gmail.com Thu Jan 27 16:10:59 2011 From: shaanlumley at gmail.com (Shaan) Date: Thu, 27 Jan 2011 23:10:59 +0200 Subject: Nameserver issues Message-ID: Hi there I'm sorry if I sound like a noob with this, but I have honestly and genuinely tried to figure this out myself with no luck. At the moment, I have example.com registered at Namecheap, with the host records pointing my VPS. The A record for the domain is pointing to the main IP of the VPS. I've then also registered ns1.example.com and ns2.example.comto the main and secondary IP's of the VPS. On the VPS I've installed MaraDNS and got it running, with the most basic settings: csv2 = {} bind_address = "#.#.#.50, #.#.#.51" chroot_dir = "/etc/maradns" no_fingerprint = 0 What I'm trying to achieve is, is to have Namecheap handle the DNS for .com's, .net's. etc but MaraDNS handle DNS for .co.za's. So what I'd like to be able to do is use the VPS to host the nameservers ns1.example.com and ns2.example.com for the .co.za's. The .co.za's need 2 nameservers to be registered, and do not work with Namecheaps FreeDNS at all! Is it even possible to do this with MaraDNS, and if so how could I get it working? Thankyou in advance :) Shaan From remco at webconquest.com Fri Jan 28 01:35:37 2011 From: remco at webconquest.com (Remco Rijnders) Date: Fri, 28 Jan 2011 07:35:37 +0100 Subject: Nameserver issues In-Reply-To: References: Message-ID: <116.CDA9@winter.webconquest.com> On Thu, Jan 27, 2011 at 11:10:59PM +0200, Shaan wrote: >At the moment, I have example.com registered at Namecheap, with the host >records pointing my VPS. The A record for the domain is pointing to the main >IP of the VPS. I've then also registered ns1.example.com and >ns2.example.comto the main and secondary IP's of the VPS. > >On the VPS I've installed MaraDNS and got it running, with the most basic >settings: >csv2 = {} >bind_address = "#.#.#.50, #.#.#.51" >chroot_dir = "/etc/maradns" >no_fingerprint = 0 > >What I'm trying to achieve is, is to have Namecheap handle the DNS for >.com's, .net's. etc but MaraDNS handle DNS for .co.za's. So what I'd like to >be able to do is use the VPS to host the nameservers ns1.example.com and >ns2.example.com for the .co.za's. > >The .co.za's need 2 nameservers to be registered, and do not work with >Namecheaps FreeDNS at all! > >Is it even possible to do this with MaraDNS, and if so how could I get it >working? > >Thankyou in advance :) Hi Shaan, Yes, maradns can do this for you. In fact, MaraDNS can serve any kind of DNS record for any kind of hostname, whether that's a real registered domain name or just something you made up (though, the latter obviously never would resolve for outside parties). Once you manage to have ns1.example.com and ns2 as the nameservers for your domain, your DNS servers should be queried for any example.co.za records. Please note that some registrars have quite specific rules on what can and can't be set as a nameserver for your domain. Possible speedbumps they might introduce is checking the intended nameservers to see if they indeed have the zone in question, check serial numbers, check that you don't register an IPv6 only nameserver, etc. etc. I'm not sure if anything like this exists for .za registrations. See the documentation on www.maradns.org how to create the zone file for example.co.za . Using tools such as dig or nslookup you can check the records on your server to see if they work as intended before changing the nameservers over to yours. If you continue to experience issues, please write again and include specifics on any errors you might get, software versions used, etc. Sincerely, Remco From baryluk at smp.if.uj.edu.pl Fri Jan 28 07:32:00 2011 From: baryluk at smp.if.uj.edu.pl (Witold Baryluk) Date: Fri, 28 Jan 2011 13:32:00 +0100 Subject: Remote crash in maradns 1.4.03 and 05 Message-ID: <20110128123159.GA18561@smp.if.uj.edu.pl> Hi, i disocvered security problem in maradns 1.4.x, which can lead to denial of service. problem is when compressing back answer to the very long AAAA (but still valid) queries. Problems appear when too much labels overflow labels dictionary in compression routing, leading to memmory coruption and eventually crash in this or next queries. Bug comes from the some code errors, especially messed up and hardcoded indexing/limits/size/malloc/bounds :/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834 Thanks. -- Witold Baryluk From strenholme.usenet at gmail.com Fri Jan 28 10:30:38 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 28 Jan 2011 08:30:38 -0700 Subject: Remote crash in maradns 1.4.03 and 05 In-Reply-To: <20110128123159.GA18561@smp.if.uj.edu.pl> References: <20110128123159.GA18561@smp.if.uj.edu.pl> Message-ID: Real quickly: Deadwood uses a completely different rewritten DNS compression/decompression routine which doesn't have this bug; the code in question was written in 2002 (and was in turn a complete rewrite of the compression code that caused CVE-2002-2097; I've done the DNS compression code three times). I will look at this bug over the weekend. - Sam 2011/1/28 Witold Baryluk : > Hi, > > i disocvered security problem in maradns 1.4.x, which can lead > to denial of service. > > problem is when compressing back answer to the very long AAAA (but still valid) queries. > Problems appear when too much labels overflow labels dictionary in compression > routing, leading to memmory coruption and eventually crash in this or next queries. > > Bug comes from the some code errors, especially messed up > and hardcoded indexing/limits/size/malloc/bounds :/ > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834 > > Thanks. > > -- > Witold Baryluk > From nino80 at gmail.com Fri Jan 28 17:04:30 2011 From: nino80 at gmail.com (n j) Date: Fri, 28 Jan 2011 23:04:30 +0100 Subject: Remote crash in maradns 1.4.03 and 05 In-Reply-To: References: <20110128123159.GA18561@smp.if.uj.edu.pl> Message-ID: > i disocvered security problem in maradns 1.4.x, which can lead Do I understand correctly that this only affects the resolving part of MaraDNS, not the authoritative part? Thanks, -- Nino From strenholme.usenet at gmail.com Sun Jan 30 00:21:08 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 29 Jan 2011 22:21:08 -0700 Subject: MaraDNS 1.4.06 and 1.3.07.11 released Message-ID: In 2002, when I rewrote the compression code for MaraDNS for the first time, I made a mistake in allocating an array of integers, allocating it in bytes instead of sizeof(int) units. The resulted in a buffer being too small, allowing it to be overwritten. The impact of this programming error is that MaraDNS can be crashed by sending MaraDNS a single "packet of death". Since the data placed in the overwritten array can not be remotely controlled (it is a list of increasing integers), there is no way to increase privileges exploiting this bug. The attached patch resolves this issue by allocating in sizeof(int) units instead of byte-sized units for an integer array. In addition, it uses a smaller array because a DNS name can only have, at most, 128 labels. I would like to thank Mr. Witold Baryluk for pointing out this issue, taking the time to backtrace the bug, and for bringing it to my attention by posting to the MaraDNS mailing list. However, I need to let him know that making this public by filing a public Debian bug without first trying to contact me is not the appropriate way to handle a security problem with MaraDNS. The appropriate way to do so is via private email. My email address is here: http://samiam.org/mailme.php (maradns at gmail.com was an account created so I could make entries in an older MaraDNS blog, and is not presently actively looked at) As it turns out, I only occasionally look at the Debian bug database and people with issues with MaraDNS would be better off joining the MaraDNS mailing list instead of filing a Debian bug (unless the issue is Debian-specific). In response to this bug, I have released MaraDNS 1.4.06 and 1.3.07.11. These releases are available here: http://maradns.org/download.html Since sourceforge.net has recently suffered a security breach, their file uploading feature is currently undergoing maintenance and new files currently can not be uploaded there. I have not made a new release of MaraDNS 2.0 yet. Yarin has contributed a number of patches, and I would like to integrate his patches before making a new MaraDNS 2.0 release; MaraDNS 2.0 users can use the supplied patch. As an aside, I have become a better programmer since making this mistake back in 2002. Deadwood, which is a complete rewrite of MaraDNS' recursive code, does not have this issue in its compression/decompression code. Instead of using different data types in structures, Deadwood, by and large, uses special overflow-resistant strings to store most data. Also, I would like to take the time to make a public service announcement for djbdns users: DjbDNS 1.05 does have known security issues, and needs to be patched. More details are here: http://samiam.org/blog/20110103.html (I am making this announcement because I have seen people, as recently as last year, claiming djbdns-1.05 is perfectly secure on public forums) - Sam --- maradns-1.4.05/dns/Compress.c 2010-07-31 01:17:08.000000000 -0600 +++ maradns-1.4.06/dns/Compress.c 2011-01-28 18:28:46.000000000 -0700 @@ -22,7 +22,7 @@ #include "functions_dns.h" /* Maximum allowed number of dlabel points */ -#define MAX_DLABEL_POINTS 512 +#define MAX_DLABEL_POINTS 160 /* Maximum allowed length of compressed string; this is 4096 for TCP * packets */ @@ -87,7 +87,8 @@ js_dealloc(new); return 0; } - if((new->dlabel_points = js_alloc(MAX_DLABEL_POINTS + 3,1)) == 0) { + if((new->dlabel_points = js_alloc(MAX_DLABEL_POINTS + 3,sizeof(int))) + == 0) { js_destroy(new->compressed); js_dealloc(new); return 0; From strenholme.usenet at gmail.com Sun Jan 30 00:24:59 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 29 Jan 2011 22:24:59 -0700 Subject: Remote crash in maradns 1.4.03 and 05 In-Reply-To: References: <20110128123159.GA18561@smp.if.uj.edu.pl> Message-ID: > Do I understand correctly that this only affects the resolving part of > MaraDNS, not the authoritative part? It affects people using the "maradns" daemon to resolve authoritative and recursive records. Users of the "deadwood" recursive-only daemon are not affected. I have released MaraDNS 1.4.06, both as source code and as a Windows binary, here: http://maradns.org/download.html Please update at your soonest convenience. -Sam From strenholme.usenet at gmail.com Sun Jan 30 02:13:06 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 30 Jan 2011 00:13:06 -0700 Subject: MaraDNS CVE-2011-0520 vulnerability can not allow remote code execution Message-ID: The following three websites claim that the vulnerability CVE-2011-0520 allows remote code execution: http://www.securityfocus.com/bid/45966/info http://xforce.iss.net/xforce/xfdb/64885 http://secunia.com/advisories/43027 This is not true. The data placed on the overflowed buffer are not controlled by a potential attacker; they are merely a series of increasing integers which will not contain executable code. Also, I have patched this bug and have released both MaraDNS 1.4.06 and MaraDNS 1.3.07.11 with this patch. - Sam From nino80 at gmail.com Sun Jan 30 09:45:05 2011 From: nino80 at gmail.com (n j) Date: Sun, 30 Jan 2011 15:45:05 +0100 Subject: Remote crash in maradns 1.4.03 and 05 In-Reply-To: References: <20110128123159.GA18561@smp.if.uj.edu.pl> Message-ID: Sam, > Please update at your soonest convenience. Thanks for prompt response and quick fix for this security issue. Kudos, -- Nino From yarin at warpmail.net Mon Jan 31 14:06:09 2011 From: yarin at warpmail.net (Yarin) Date: Mon, 31 Jan 2011 13:06:09 -0600 Subject: Going backwards? In-Reply-To: References: <20110128123159.GA18561@smp.if.uj.edu.pl> Message-ID: <1296500769.12317.1418202705@webmail.messagingengine.com> Forgive me for my ignorance if I'm making a stupid mistake, but, what happened to the version numbers? Just recently MaraDNS 1.4.06 came out as a recommended update, and has been posted as the current stable release on the official download page, but just last month, version 2.0.01 was the current stable release. Why did we go, backwards? I also noticed that the previous version 2 was authoritive only bundled with Deadwood, as of course that's the whole idea behind version 2. But the new version 1.4 again has recursive support (by default even), but is still bundled with Deadwood. What's happening here? Yarin