Re: softdepflush bad block error has led to negative blocks in free inode and handle_workitem_freeblocks: block count
Στις Tuesday 15 July 2008 19:58:12 ο/η Achilleas Mantzios έγραψε: Hi, The problem started when i installed a kodicom 4400 card and started to run zoneminder. Prior to that no problems with my machine, which now runs FreeBSD panix.internal.net 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #3: Mon Jul 14 16:35:37 EEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 This hardware change happened in Sunday Jul 13. The next day (Jul 14) morning periodic daily cron job at 03:01 gave: /var/log/messages.1.bz2:Jul 14 03:01:04 panix kernel: pid 48 (softdepflush), uid 0 inumber 2662656 on /usr: bad block /var/log/messages.1.bz2:Jul 14 03:01:04 panix kernel: pid 48 (softdepflush), uid 0 inumber 2662656 on /usr: bad block /var/log/messages.1.bz2:Jul 14 03:01:04 panix kernel: pid 48 (softdepflush), uid 0 inumber 2662656 on /usr: bad block /var/log/messages.1.bz2:Jul 14 03:01:04 panix kernel: pid 48 (softdepflush), uid 0 inumber 2662656 on /usr: bad block ... (15 times) The funny think is that df -h showed a huge negative capacity. Yesterday (Mon Jul 14) i had a crash when i tried to run (by hand) pkg_info . Today (Mon Jul 15) the morning periodic daily cron job resulted in a crash as well in when running find. I speculated that it was one of those cases that bad memory, or overheated memory could cause such problems and i removed the most suspicious sim. After that i didnt get any crashes when trying to run pkg_info or periodic daily,weekly,monthly, but i get the following whenever i run periodic weekly: panix kernel: free inode /usr/2662656 had -3549356 blocks (negative) and after a while panix kernel: handle_workitem_freeblocks: block count I suspect that even if i have a healthy system as far as memory is concerned (i hope), the problem with the 2662656 inode is still there. Any thoughts are very welcome. I cleared the inode 2662656 with fsdb and clri and rerun fsck, and this seems to have eliminated the problem. -- Achilleas Mantzios ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Fresh 7.0 Install: Fatal Trap 12 panic when put under load
Could be memory, but I'd also suggest looking at temperatures. I've had overheating systems produce lots of such errors. Temperature is fine - it never get's that hot here in the UK ;-) Seriously, I put my hand in the box, touched a few heat sync's, it is not running hot enough to cause a problem. The BIOS reports that all is well with the temperature inside the box of just over 30 degrees C. John ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HP Pavilion dv2000 laptop wont boot off install cd
From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Kevin K Sent: Tuesday, July 15, 2008 11:41 PM To: 'FreeBSD Stable' Subject: HP Pavilion dv2000 laptop wont boot off install cd Laptop details : HP Pavilion dv2000 (dv2422ca) Specifications (taken from http://h10025.www1.hp.com/ewfrf/wc/document?cc=audocname=c01070158dlc =enl c=enjumpid=reg_R1002_AUEN ) : Product Name: dv2422ca Product Number: GM039UA#ABC / GM039UA#ABL Microprocessor: 1.8 GHz AMD Turion T 64 X2 Dual-Core Mobile Technology TL-56 Microprocessor Cache: 512KB+512KB L2 Cache Memory: 2048 MB DDR2 System Memory (2 Dimm) I tried to boot from 7.0-release-AMD64, 7.0-release-i386 and 6.2-release-i386 install disks (about to try 6.3-release-amd64). I could not successfully boot up the computer using the install disks mentioned. Sometimes there would be a memory dump (scrolling infinitely), sometimes I would get the following message(s) : elf_32_lookup_symbol : corrupt symbol table loading required module 'pci' ACPI autoload failed - no such file or directory \ int=0006 err=efl=00010002eip=0003 eax=00449130 ebx=ecx=004f010fedx=0003fa40 esi= edi=ebp=esp=000928b0 cs=0008 ds=0010 es=0010 fs=0010 gs=0010 ss=0010 cs:eip= f0 53 ff 00 f0 c3 e2 00-f0 53 ff 00 f0 53 ff 00 f0 54 ff 00 f0 8a a8 00-f0 53 ff 00 f0 a5 fe 00 ss:esp= 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 BTX halted There is no significant BIOS option in this laptop that I can think of to at least begin to trouble shoot this issue. Laptop works fine for other operating systems as far as I can tell. Initial documentation suggests that this laptop should work, however, I'd like to get some more insight from freebsd-stable before continuing. If any additional information is required, please let me know. Cheers, Kevin K. It should be noted that I just tried 6.3-release-amd64 and it doesn't work as well. It should also be important to note that sometimes it 'dumps' before getting to the boot options screen in the freebsd startup. If I do get to that screen, I have tried disable ACPI, to no effect. ~k ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HP Pavilion dv2000 laptop wont boot off install cd
On Wed, Jul 16, 2008 at 05:03:49AM -0400, Kevin K wrote: It should be noted that I just tried 6.3-release-amd64 and it doesn't work as well. It should also be important to note that sometimes it 'dumps' before getting to the boot options screen in the freebsd startup. If I do get to that screen, I have tried disable ACPI, to no effect. It sounds to me like you might be running into the problem others have reported with boot2/loader. The continual scrolling of data is probably a register dump from forth. John, do you have any tips/ideas? -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multi-machine mirroring choices
On 15/07/2008, at 3:54 PM, Jeremy Chadwick wrote: We moved all of our production systems off of using dump/restore solely because of these aspects. We didn't move to ZFS though; we went with rsync, which is great, except for the fact that it modifies file atimes (hope you use Maildir and not classic mbox/mail spools...). We do something similar, except that we use unison rather than rsync. This tool is a two way rsync, it deals with collisions and replicating files in both directions at once. Very nice. Look for it in the ports tree. This has some advantages for us since we distribute load across several machines and have a cluster of machines which all replicate to each other. The data is such that collisions are almost never a concern. Ari Maniatis -- ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multi-machine mirroring choices
We have deployed an IMAP server running on Cyrus on FreeBSD 6.2, with a 500GB UFS2 partition mirrored with geom_mirror and geom_gate across a dedicated 1gbps link. It has proven to be very stable and reliable after appropriate tweaking. The uptime of the mirror is usually 1-3 months, sometimes it seems to break randomly, possibly because our timeout is too low. In any case, it doesn't take too long to rebuild at about 60mb/s. (I recently tested the same solution with FreeBSD-7 and found it now goes at a full 100mb/s.) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HP Pavilion dv2000 laptop wont boot off install cd
Kevin K [EMAIL PROTECTED] wrote: I tried to boot from 7.0-release-AMD64, 7.0-release-i386 and 6.2-release-i386 install disks (about to try 6.3-release-amd64). I could not successfully boot up the computer using the install disks mentioned. Sometimes there would be a memory dump (scrolling infinitely), sometimes I would get the following message(s) : Please try one of the more recent 7-stable snapshots from June or July. They're located on the FTP sites in /pub/FreeBSD/snapshots. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd With Perl you can manipulate text, interact with programs, talk over networks, drive Web pages, perform arbitrary precision arithmetic, and write programs that look like Snoopy swearing. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HP Pavilion dv2000 laptop wont boot off install cd
Please try one of the more recent 7-stable snapshots from June or July. They're located on the FTP sites in /pub/FreeBSD/snapshots. Best regards Oliver This was actually just recommended to me by Gavin Atkinson earlier today. I am downloading 7.0-STABLE-200806-amd64-disc1.iso right now and will try that today. I'll post the results of that here. Thanks all for your help. ~k ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HP Pavilion dv2000 laptop wont boot off install cd
Please try one of the more recent 7-stable snapshots from June or July. They're located on the FTP sites in /pub/FreeBSD/snapshots. Best regards Oliver This was actually just recommended to me by Gavin Atkinson earlier today. I am downloading 7.0-STABLE-200806-amd64-disc1.iso right now and will try that today. Okay I just tried the above snapshot and there are still problems -- I'm not getting the BTX error message nor the infinite scrolling hex dump, but it sits at loading /boot/default/loader.conf for about 5-10 seconds then does a straight reboot without any discernable error message. After doing some more digging, I found one suggestion from someone who experienced a similar problem with an HP Pavilion ze2000 w/ amd64 turion processor : Installation hangs at boot until you disable the apic and serial ports as follows in the boot loader command line: set hint.apic.0.disabled=1 set hint.sio.0.disabled=1 set hint.sio.1.disabled=1 I'm going to try this and see if that helps. I don't really need the serial ports on this laptop anyways, so maybe it will work. If anyone has any other suggestions, it would be greatly appreciated. Many thanks, Kevin K. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Fresh 7.0 Install: Fatal Trap 12 panic when put under load
John, a question, how is swap set up on your system? I was swapping to a file (a memory disk device /dev/md0). I was doing this because for some reason lost in ancient history, this machine was not set up with a real swap partition. Hence, no crash dump. Swap is a partition on the 1st disk. Last night I repartitioned a second disk, set up a real swap partition and now I'm currently waiting for this to happen again so I can get a crash dump. I will try creating a swap partition on my second drive to see if that improves things ... I am able to cause a panic on demand but a crash dump is rarely written (presumably because the system believes the device is not accessible?). I must have crashed it 10-20 times now with various corruptions of the panic screen - once it had blue text with trap 12 trap 12 all over the screen, I liked that one ;-). I did manage to complete a make index while the background FSCK was running, once it had finished, performing the same task caused a panic locking the machine up again with no crash dump. John ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fresh 7.0 Install: Fatal Trap 12 panic when put under load
John Sullivan wrote: John, a question, how is swap set up on your system? I was swapping to a file (a memory disk device /dev/md0). I was doing this because for some reason lost in ancient history, this machine was not set up with a real swap partition. Hence, no crash dump. Swap is a partition on the 1st disk. Last night I repartitioned a second disk, set up a real swap partition and now I'm currently waiting for this to happen again so I can get a crash dump. I will try creating a swap partition on my second drive to see if that improves things ... I am able to cause a panic on demand but a crash dump is rarely written (presumably because the system believes the device is not accessible?). I must have crashed it 10-20 times now with various corruptions of the panic screen - once it had blue text with trap 12 trap 12 all over the screen, I liked that one ;-). I did manage to complete a make index while the background FSCK was running, once it had finished, performing the same task caused a panic locking the machine up again with no crash dump. OK, the first thing to do is disable bg fsck, then force a full fsck of all filesystems. bg fsck does a poor job of fixing arbitrary filesystem corruption (it's not designed to do so, in fact), and you can get into a situation where corrupted filesystems cause further panics. Removing KDB_UNATTENDED from your kernel will allow you to interact with the debugger and obtain backtraces etc, which is useful when dumps are not being saved. Kris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fresh 7.0 Install: Fatal Trap 12 panic when put under load
On Wed, Jul 16, 2008 at 10:38 AM, John Sullivan [EMAIL PROTECTED] wrote: Could be memory, but I'd also suggest looking at temperatures. I've had overheating systems produce lots of such errors. Temperature is fine - it never get's that hot here in the UK ;-) Seriously, I put my hand in the box, touched a few heat sync's, it is not running hot enough to cause a problem. The BIOS reports that all is well with the temperature inside the box of just over 30 degrees C. John This looks like the same panic I reported yesterday but I'm running 6.3 patch 2. I have seen these crashes on my box since 6.3 pre-release, randomly, but under load. My box is based on a SuperMicro motherboard running Intel Xeon processors. The only commonality is that we're both using Sata drives. John, a question, how is swap set up on your system? I was swapping to a file (a memory disk device /dev/md0). I was doing this because for some reason lost in ancient history, this machine was not set up with a real swap partition. Hence, no crash dump. Last night I repartitioned a second disk, set up a real swap partition and now I'm currently waiting for this to happen again so I can get a crash dump. Michael Grant ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fresh 7.0 Install: Fatal Trap 12 panic when put under load
Michael Grant wrote: On Wed, Jul 16, 2008 at 10:38 AM, John Sullivan [EMAIL PROTECTED] wrote: Could be memory, but I'd also suggest looking at temperatures. I've had overheating systems produce lots of such errors. Temperature is fine - it never get's that hot here in the UK ;-) Seriously, I put my hand in the box, touched a few heat sync's, it is not running hot enough to cause a problem. The BIOS reports that all is well with the temperature inside the box of just over 30 degrees C. John This looks like the same panic I reported yesterday but I'm running 6.3 patch 2. Unless you have information you haven't yet shared, no it doesn't :) Fatal trap 12 is an effect, not a cause. We still need your backtrace to make progress understanding the cause of your panic. Kris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: igb doesn't compile in STABLE?
At Tue, 15 Jul 2008 10:35:57 -0700, Jack Vogel wrote: OK, will put on my todo list :) Thanks. A kernel built that way (i.e. with igb and em) does actually work, which is good, but if you're going to split them up we should get this right before 7.1. Best, George ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Unattended install w/ serial console?
Hello,
I've managed to get sysinstall to do a completely unattended
install via DHCP/PXE and reboot the system into a state
where it will be possible to login via SSH.
So far, so good. Unfortunately This works for VGA consoles only.
If the server in question has got a serial console, I get
this prompt:
/stand/sysinstall running as init on serial console
These are the predefined terminal types available to
sysinstall when running stand-alone. Please choose the
closest match for your particular terminal.
1 .. Standard ANSI terminal.
2 .. VT100 or compatible terminal.
3 .. FreeBSD system console (color).
4 .. FreeBSD system console (monochrome).
5 .. xterm terminal emulator.
Your choice: (1-5)
After entering (e.g.) 2, the complete install runs just fine
without any more operator assistance.
The code responsible for this seems to be in
/usr/src/usr.sbin/sysinstall/termcap.c, line 92 ff.:
if (!OnVTY || (stat 0)) {
if (!term) {
char *term, *termcap;
prompt_term(term, termcap);
with prompt_term() being the function that displays the
above menue.
Term is set at the beginning of set_termcap(), line 80:
term = getenv(TERM);
OK, here's the question: how do I set environment variables
in install.cfg or some other file in my mfsroot?
TERM=vt100
in install.cfg did not make it to sysinstall, would have been too
simple, I guess ;-)
Thanks a lot,
Patrick
--
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
[EMAIL PROTECTED] http://www.punkt.de
Gf: Jürgen Egeling AG Mannheim 108285
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Konqueror and the Cookiejar
On Tue, Jul 15, 2008 at 2:57 PM, Paul Horechuk [EMAIL PROTECTED] wrote: Since upgrading to 7.0 Stable, I've noticed an occasional problem with konqueror. I've been recompiling my ports for the past few weeks and have noticed that some sites are complaining about cookies not being enabled. Further investigation has revealed that if I start konqueror from the terminal prompt, I can get an error message: khtml (dom) Can't communicate with the cookiejar! A workaround I've discovered is to run kded first. Konqueror works with cookies after that. I have also noticed this with KDE 3.5.8 and 3.5.9. The problem isn't that kded is not being run, the real problem is that something is causing kded to core dump. Search your system for *.core files. The only solution I found was to restart kded, and then cookies worked. Scot ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
named.conf: query-source address
Hi! I fully understand and second efforts on educating people how to configure BIND to be stong to attacks and keep them from using query-source address with port option but how about binding named to particular IP address when host has many of them? Using query-source address without port is the only solution (not speaking of jails here) and safe one? Wouldn't all that hustle about query-source misinform users about utility of it? Eugene Grosbein ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fresh 7.0 Install: Fatal Trap 12 panic when put under load
From: John Sullivan [EMAIL PROTECTED] Date: Wed, 16 Jul 2008 09:38:26 +0100 Could be memory, but I'd also suggest looking at temperatures. I've had overheating systems produce lots of such errors. Temperature is fine - it never get's that hot here in the UK ;-) Seriously, I put my hand in the box, touched a few heat sync's, it is not running hot enough to cause a problem. The BIOS reports that all is well with the temperature inside the box of just over 30 degrees C. It's not the heat sink temperature that I am concerned with. It is the temperature of the CPU and (if it's not AMD) the north bridge. I have encountered several cases of improper heat sink installation which resulted in poor transfer from the chip to the heat sink. Cleaning and properly applying heat transfer grease made a huge difference. You say that BIOS is reporting a 30C temperature. If this is the CPU temperature when the CPU is busy, I don't believe it. I have a system where the BIOS (via ACPI) reports the temperature as 35C, regardless of how long the system has been under power or what it is doing. I'm not at all sure that the problem is thermal, but I don't think you should dismiss the possibility too quickly. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpoh1jzjnO0A.pgp Description: PGP signature
Re: named.conf: query-source address
Eugene Grosbein wrote: I fully understand and second efforts on educating people how to configure BIND to be stong to attacks and keep them from using query-source address with port option but how about binding named to particular IP address when host has many of them? Using query-source address without port is the only solution (not speaking of jails here) and safe one? Wouldn't all that hustle about query-source misinform users about utility of it? To make named bind to a particular IP, you want the 'listen-on' options -- this is the IP that clients will access for service. By the nature of things, you'll have to use port 53 for this. The 'query-source' options don't have to be specified: the system will just choose some appropriate address according to the state of the routing table. 'query-source' to set the source /IP/ is really only useful in some specific server configurations with several alias addresses any of which could be used. That's pretty rare really. Most of the uses of query-source have been to set the source /port/ -- this was a standard part of the documentation: fix the source port in order to help the DNS traffic transit firewalls. However the recent security advisory has forced the complete abandonment of that idea. It's not even particularly truthful that you need to fix the source port because of firewalling: nowadays most firewalls are stateful, which eliminates that requirement. query-source is only ever used by recursive or stub resolvers -- instances of named that will go out and make queries on the net on your behalf. Authoritative servers really don't need it. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Fresh 7.0 Install: Fatal Trap 12 panic when put under load
OK, the first thing to do is disable bg fsck, then force a full fsck of all filesystems. bg fsck does a poor job of fixing arbitrary filesystem corruption (it's not designed to do so, in fact), and you can get into a situation where corrupted filesystems cause further panics. Done, nothing really found wrong size in superblock which it corrected. Removing KDB_UNATTENDED from your kernel will allow you to interact with the debugger and obtain backtraces etc, which is useful when dumps are not being saved. Easier said than done, this cause a few panics - no dumps though ...g!! Still the same result ... the system seems to panic twice then hang. I will keep trying unless you have some other ideas?? Thanks for your support John This message was sent using IMP, the Internet Messaging Program. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup server reachable via IPv6...
On Thu, 2008-07-03 at 17:14 -0400, Ken Smith wrote: If any of you have been wishing there was an IPv6-capable cvsup server you could use (with csup as the client obviously since cvsup doesn't do IPv6...) give cvsup18.freebsd.org a try. With the help of a few other folks I got nudged into giving inetd/netcat a try as a means to feed IPv6 connections to the cvsupd server process. If you try it and have problems let me know. cvsup18 is my little server (handles between 200 and 300 connects a day) but if this seems to work OK I can give it a try on my big server (handles between 3000 and 4000 connects a day...). also i checked the speed of cvsup18.freebsd.org by csup(1) a few minutes ago ;; now i want to say that's good! bh -- But aside from that let me swear by the souls of my grandchildren that I will never break the peace we have made. -- Vito Corleone, Chapter 20, page 292 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
On Thu, Jul 17, 2008 at 12:20:42AM +0800, Eugene Grosbein wrote:
I fully understand and second efforts on educating people
how to configure BIND to be stong to attacks and keep them from using
query-source address with port option but how about
binding named to particular IP address when host has many of them?
We do such on our authoritative nameservers. The options we use:
listen-on { 127.0.0.1; 72.20.106.4; };
query-source address 72.20.106.4;
transfer-source 72.20.106.4;
notify-source 72.20.106.4;
interface-interval 0;
use-alt-transfer-source no;
--
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to get more logging from GEOM?
On Jul 11, 2008, at 4:48 AM, Ronald Klop wrote: You can try going into the kernel debugger to see where it is hanging. Debugging via a serial cable is also very easy. I don't know the details, but there is a lot of info in the Freebsd handbook. Put this in google 'freebsd handbook kernel debug'. Thanks for the reply. I'm familiar with these options, but as the system is currently running GENERIC and trying to compile a kernel would guarantee to cause the problem to occur... I could probably keep hacking at it until I finally get everything compiled, but... Ugh. I guess this option doesn't appeal very much. Are there any other options available? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to get more logging from GEOM?
On Jul 11, 2008, at 8:58 AM, Roland Smith wrote: After about 2 weeks of watching it carefully I've learned almost nothing. It's not a disk failure (AFAIK) it's not cpu overheat (now running healthd without complaints) it's not based on any given network traffic... however it does appear to accompany heavy cpu/ disk activity. It usually dies when indexing my websites at night (but not always) and it sometimes dies when compiling programs. Just heavy disk isn't enough to do the job, as backups proceed without problems. Heavy cpu by itself isn't enough to do it either. But if I start compiling things and keep going a while, it will eventually hang. Is there anything else I should be looking at? Power supply or motherboard would be my first guess. If the system went offline, I agree. But it's clearly a kernel deadlock, since the system remains pingable, answers TCP connections, etc etcc but doesn't respond. No TCP negotiation, no response on the console, etc. It's higher level activity which isn't working... -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to get more logging from GEOM?
On Fri, Jul 11, 2008 at 12:59:33AM -0700, Jo Rhett wrote: Every time it is rebuilding ad0. Every single boot in the last two weeks. On Jul 11, 2008, at 9:49 AM, Clifton Royston wrote: That just means that it halted without a proper shutdown. If it crashes, the mirror isn't stopped properly, so it's marked dirty, so it must rebuild it. It is the precise analogy of finding all the file systems dirty on boot and fscking them, following a crash. Thanks for the clarification. Dang, I hoped I was on to something. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
On Wed, 16 Jul 2008, Jeremy Chadwick wrote:
On Thu, Jul 17, 2008 at 12:20:42AM +0800, Eugene Grosbein wrote:
I fully understand and second efforts on educating people
how to configure BIND to be stong to attacks and keep them from using
query-source address with port option but how about
binding named to particular IP address when host has many of them?
We do such on our authoritative nameservers. The options we use:
Same here...
listen-on { 127.0.0.1; 72.20.106.4; };
query-source address 72.20.106.4;
transfer-source 72.20.106.4;
notify-source 72.20.106.4;
But just that portion. It works, and it passes the test with a std. dev
of 19K or so on the port randomness.
Charles
interface-interval 0;
use-alt-transfer-source no;
--
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
On Wed, Jul 16, 2008 at 02:23:28PM -0700, Doug Barton wrote:
Jeremy Chadwick wrote:
On Thu, Jul 17, 2008 at 12:20:42AM +0800, Eugene Grosbein wrote:
I fully understand and second efforts on educating people
how to configure BIND to be stong to attacks and keep them from using
query-source address with port option but how about
binding named to particular IP address when host has many of them?
We do such on our authoritative nameservers. The options we use:
listen-on { 127.0.0.1; 72.20.106.4; };
query-source address 72.20.106.4;
transfer-source 72.20.106.4;
notify-source 72.20.106.4;
interface-interval 0;
use-alt-transfer-source no;
Have you found those -source options to be necessary in practice? In
general named should be smart enough not to try reaching the outside
world on the loopback address.
It's not loopback I'm worried about.
The config parms we use are necessary. Removing them will break DNS for
us breaks horribly (AXFRs failing due to ACLs on master servers,
recursive queries being made from the wrong src, NOTIFYs being sent from
the wrong src).
BIND will usually pick the first non-aliased IP to perform things from,
unless queries or other things come across a different network route, in
which case it'll respond with whatever IP it deems appropriate (based on
the routing table, I presume). Showing our ifconfig will probably speak
for itself:
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING
inet 72.20.106.2 netmask 0xff80 broadcast 72.20.106.127
inet 72.20.106.3 netmask 0x broadcast 72.20.106.3
inet 72.20.106.4 netmask 0x broadcast 72.20.106.4
inet 72.20.106.5 netmask 0x broadcast 72.20.106.5
inet 72.20.106.7 netmask 0x broadcast 72.20.106.7
inet 72.20.106.8 netmask 0x broadcast 72.20.106.8
inet 72.20.106.40 netmask 0x broadcast 72.20.106.40
inet 72.20.106.41 netmask 0x broadcast 72.20.106.41
ether 00:30:48:81:fc:8a
media: Ethernet autoselect (100baseTX full-duplex)
status: active
The interface-interval 0 option can be safely removed, but I do not see
the point in having BIND continually look for new IPs on an interface
when we want it only using a specific IP (that will never get removed
or changed on the fly).
use-alt-transfer-source no is an absolute must. BIND tries to be
cute/smart about cycling through all IPs to attempt an AXFR, which is
behaviour that (IMHO) should be question in the first place. The
comment I have in our named.conf explaining why we use it:
# Do not attempt to use an alternative IP address for zone
# transfers. This keeps named from trying to use the main
# IP address of the box if an xfer via transfer-source fails.
Also, I'm guessing that you have more than one public IP address
configured on that box? Otherwise none of those options should be
necessary.
Correct -- and that's what Eugene was asking about. :-)
--
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
Jeremy Chadwick wrote:
On Thu, Jul 17, 2008 at 12:20:42AM +0800, Eugene Grosbein wrote:
I fully understand and second efforts on educating people
how to configure BIND to be stong to attacks and keep them from using
query-source address with port option but how about
binding named to particular IP address when host has many of them?
We do such on our authoritative nameservers. The options we use:
listen-on { 127.0.0.1; 72.20.106.4; };
query-source address 72.20.106.4;
transfer-source 72.20.106.4;
notify-source 72.20.106.4;
interface-interval 0;
use-alt-transfer-source no;
Have you found those -source options to be necessary in practice? In
general named should be smart enough not to try reaching the outside
world on the loopback address.
Also, I'm guessing that you have more than one public IP address
configured on that box? Otherwise none of those options should be
necessary.
Doug
--
This .signature sanitized for your protection
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to get more logging from GEOM?
On Wed, Jul 16, 2008 at 02:41:28PM -0700, Jo Rhett wrote: On Jul 11, 2008, at 8:58 AM, Roland Smith wrote: After about 2 weeks of watching it carefully I've learned almost nothing. It's not a disk failure (AFAIK) it's not cpu overheat (now running healthd without complaints) it's not based on any given network traffic... however it does appear to accompany heavy cpu/ disk activity. It usually dies when indexing my websites at night (but not always) and it sometimes dies when compiling programs. Just heavy disk isn't enough to do the job, as backups proceed without problems. Heavy cpu by itself isn't enough to do it either. But if I start compiling things and keep going a while, it will eventually hang. Is there anything else I should be looking at? Power supply or motherboard would be my first guess. If the system went offline, I agree. But it's clearly a kernel deadlock, since the system remains pingable, answers TCP connections, etc etcc but doesn't respond. Ah. Well, you did said the system 'dies', not 'becomes unresponsive'. No TCP negotiation, no response on the console, etc. It's higher level activity which isn't working... Try compiling a kernel with debugging options e.g. WITNESS(4), MUTEX_DEBUG, LOCK_PROFILING, DIAGNOSTIC and INVARIANTS. See /usr/src/sys/conf/NOTES This will create a lot of messages in the dmesg output. If you can hook the system up to another machine via serial console, you might be able to debug the kernel. Read the kernel debugging chapter in the Developers' Handbook. Another tip is to create a cron job that makes log entries every couple of minutes with logger. This might help you pinpoint the exact time of the mishap, to correlate it to other system activity. Be _really_ sure that it isn't hardware though. Otherwise you'll be led on a merry goose chase looking for software errors that aren't there. If you can restore a backup of this machine's software to a similar one, do so and see if the hangs persist. If they don't, it's hardware. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpOV7PD8PdJ6.pgp Description: PGP signature
Re: Failure building apache22 and mysql51
2008/7/14 Sorin Pânca [EMAIL PROTECTED]: I'm sorry for my late response, I was on vacation. I think this was the case (although I thought we have only amd64 machines). Is there a way to recover from this situation by ssh access only? Thank you! Sorin. Chris Rees wrote: Date: Mon, 23 Jun 2008 18:43:04 +0300 From: Sorin P?nca [EMAIL PROTECTED] Hello people! I recently upgraded a amd64 machine from FreeBSD-6.2-RELEASE-p11 to FreeBSD-7.0-RELEASE-p2 using the tutorial found at http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.html All went well with the base system. I don't want to patronise, but are you sure you were running FreeBSD/amd64-6.2 before? Looks kinda like you've tried to upgrade from 6.2/i386 to 7.0/amd64. In case you have, you can't do that. Check you haven't disabled and processor-specific extensions in your BIOS, like SSE, that would also create problems if you have optimised your ports. Chris I thought devel/linuxthreads was using some old library so I tried to rebuild it: # cd ../../devel/linuxthreads make install clean # portupgrade -f wouldn't do anything === linuxthreads-2.2.3_23 is only for i386, while you are running amd64. *** Error code 1 Stop in /usr/ports/devel/linuxthreads. Any ideas what to do next? Thank you! Sorin. If I understand you correctly, you want to revert to FreeBSD/i386; in which case I'd advise that you are *extremely* careful, and make sure that everything important is recompiled in i386; FreeBSD/amd64 can run binaries from FreeBSD/i386, but not vice-versa. I *think* that you should be ok running a source update (csup sources, make buildworld installworld kernel) with arch as i386, then reboot, pkg_delete -f portupgrade\*, pkg_add -r portupgrade, portupgrade -faP etc Don't take my word for it, it is beyond my expertise, I've deliberately made it obtuse; get someone with more knowledge to elucidate :P Or, you could stick with /amd64. -- R $h ! $- ! $+ $@ $2 @ $1 .UUCP. (sendmail.cf) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Failure building apache22 and mysql51
On Wed, Jul 16, 2008 at 11:20:13PM +0100, Chris Rees wrote: 2008/7/14 Sorin Pânca [EMAIL PROTECTED]: I'm sorry for my late response, I was on vacation. I think this was the case (although I thought we have only amd64 machines). Is there a way to recover from this situation by ssh access only? Thank you! Sorin. Chris Rees wrote: Date: Mon, 23 Jun 2008 18:43:04 +0300 From: Sorin P?nca [EMAIL PROTECTED] Hello people! I recently upgraded a amd64 machine from FreeBSD-6.2-RELEASE-p11 to FreeBSD-7.0-RELEASE-p2 using the tutorial found at http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.html All went well with the base system. I don't want to patronise, but are you sure you were running FreeBSD/amd64-6.2 before? Looks kinda like you've tried to upgrade from 6.2/i386 to 7.0/amd64. In case you have, you can't do that. Check you haven't disabled and processor-specific extensions in your BIOS, like SSE, that would also create problems if you have optimised your ports. Chris I thought devel/linuxthreads was using some old library so I tried to rebuild it: # cd ../../devel/linuxthreads make install clean # portupgrade -f wouldn't do anything === linuxthreads-2.2.3_23 is only for i386, while you are running amd64. *** Error code 1 Stop in /usr/ports/devel/linuxthreads. Any ideas what to do next? Thank you! Sorin. If I understand you correctly, you want to revert to FreeBSD/i386; in which case I'd advise that you are *extremely* careful, and make sure that everything important is recompiled in i386; FreeBSD/amd64 can run binaries from FreeBSD/i386, but not vice-versa. I *think* that you should be ok running a source update (csup sources, make buildworld installworld kernel) with arch as i386, then reboot, pkg_delete -f portupgrade\*, pkg_add -r portupgrade, portupgrade -faP etc Installworld is supposed to be done after a reboot, in this case (cross-build) you'll have a 32-bit kernel stuck with a 64-bit userland. That won't work. If you do the installworld before the reboot with a cross-buils, it will be the other way around. I'm not sure if the installworld will even complete; every system binary that is replaced will be of the wrong architecture. Don't take my word for it, it is beyond my expertise, I've deliberately made it obtuse; get someone with more knowledge to elucidate :P If you have a spare partition, you could install the new kernel and userland there, and then switch partitions. If that's not an option, make backups of your data and re-install with the i386 version. It's quicker and probably less painfull. :) For changing architectures you'll also have to remove all ports/packages and re-compile/install them for the new architecture. But you should do that anyway when going from 6.x to 7. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpjysPQNzeuU.pgp Description: PGP signature
Switching from 32 to 64 bit with freebsd-update?
I have a 64-bit system that had the 32-bit version of 6.3 installed on it. Is it possible to use freebsd-update (or another somewhat painless method) to switch the system to 64-bit? We're running into the 4GB memory limit. --Wade ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HP Pavilion dv2000 laptop wont boot off install cd
Please try one of the more recent 7-stable snapshots from June or July. They're located on the FTP sites in /pub/FreeBSD/snapshots. Best regards Oliver Adding : set hint.apic.0.disabled=1 set hint.sio.0.disabled=1 set hint.sio.1.disabled=1 Did not help, I still got a hard reboot on the latest 7.0-release amd64 snapshot. Any further suggestions are welcome. Thank you, Kevin K. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Switching from 32 to 64 bit with freebsd-update?
I have a 64-bit system that had the 32-bit version of 6.3 installed on it. Is it possible to use freebsd-update (or another somewhat painless method) to switch the system to 64-bit? We're running into the 4GB memory limit. --Wade I believe this is possible but you will come into a lot of trouble with statically linked libraries -- a much more reliable and secure would be to build a clean amd64 on a separate system and re-compile the needed software and move the files from i386 over after it has been tested. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
We do such on our authoritative nameservers. The options we use:
listen-on { 127.0.0.1; 72.20.106.4; };
query-source address 72.20.106.4;
transfer-source 72.20.106.4;
notify-source 72.20.106.4;
interface-interval 0;
use-alt-transfer-source no;
That's perfectly fine.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Switching from 32 to 64 bit with freebsd-update?
Kevin K wrote: I have a 64-bit system that had the 32-bit version of 6.3 installed on it. Is it possible to use freebsd-update (or another somewhat painless method) to switch the system to 64-bit? We're running into the 4GB memory limit. --Wade FreeBSD-update is used for updates to binary files for the current installed version of FreeBSD. Using sysinstall and do a binary upgrade should do the trick or doing the below. Just make sure you make a backup of everything b4 you start. I believe this is possible but you will come into a lot of trouble with statically linked libraries -- a much more reliable and secure would be to build a clean amd64 on a separate system and re-compile the needed software and move the files from i386 over after it has been tested. You should be able to do the above on the system in question provided you follow the handbook to the letter. After the installing of the new world and kernel, make sure you do a full recompile of all ports to be sure. HTH Cheers cya Andrew ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to get more logging from GEOM?
On Wed, Jul 16, 2008 at 5:40 PM, Jo Rhett [EMAIL PROTECTED] wrote: On Jul 11, 2008, at 4:48 AM, Ronald Klop wrote: You can try going into the kernel debugger to see where it is hanging. Debugging via a serial cable is also very easy. I don't know the details, but there is a lot of info in the Freebsd handbook. Put this in google 'freebsd handbook kernel debug'. Thanks for the reply. I'm familiar with these options, but as the system is currently running GENERIC and trying to compile a kernel would guarantee to cause the problem to occur... I could probably keep hacking at it until I finally get everything compiled, but... Ugh. I guess this option doesn't appeal very much. Are there any other options available? You don't need to compile the kernel on the same machine that you use it on -- you can copy the compiled kernel into /boot/kernel.new -Ben Kaduk ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
On Wed, Jul 16, 2008 at 06:34:38PM +0100, Matthew Seaman wrote: The 'query-source' options don't have to be specified: the system will just choose some appropriate address according to the state of the routing table. 'query-source' to set the source /IP/ is really only useful in some specific server configurations with several alias addresses any of which could be used. That's pretty rare really. Isn't this common to have multiple aliases at an interface? Sometimes only one of them should be used for all DNS traffic. query-source is only ever used by recursive or stub resolvers -- instances of named that will go out and make queries on the net on your behalf. Authoritative servers really don't need it. Sometimes one needs to bind named to distinct IP address for all data it sends to the net on its own, not as answers to queries only. There is nothing wrong in using 'query-source' without 'port' option, I mean. Eugene Grosbein ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
On Jul 16, 2008, at 8:51 PM, Eugene Grosbein wrote: On Wed, Jul 16, 2008 at 06:34:38PM +0100, Matthew Seaman wrote: The 'query-source' options don't have to be specified: the system will just choose some appropriate address according to the state of the routing table. 'query-source' to set the source /IP/ is really only useful in some specific server configurations with several alias addresses any of which could be used. That's pretty rare really. Isn't this common to have multiple aliases at an interface? Sometimes only one of them should be used for all DNS traffic. About the only common reason to set up multiple aliases on an interface is when you're doing something like hosting multiple SSL webservers on a single box which actually need to have distinct IPs as a consequence. Other than that, using public IPs for aliases is usually wasteful of IP address space. YMMV... Regards, -- -Chuck ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
On Wed, Jul 16, 2008 at 09:06:33PM -0700, Chuck Swiger wrote: On Jul 16, 2008, at 8:51 PM, Eugene Grosbein wrote: On Wed, Jul 16, 2008 at 06:34:38PM +0100, Matthew Seaman wrote: The 'query-source' options don't have to be specified: the system will just choose some appropriate address according to the state of the routing table. 'query-source' to set the source /IP/ is really only useful in some specific server configurations with several alias addresses any of which could be used. That's pretty rare really. Isn't this common to have multiple aliases at an interface? Sometimes only one of them should be used for all DNS traffic. About the only common reason to set up multiple aliases on an interface is when you're doing something like hosting multiple SSL webservers on a single box which actually need to have distinct IPs as a consequence. Other than that, using public IPs for aliases is usually wasteful of IP address space. YMMV... This is off-topic, but the reason we use public IPs for web hosting (read: standard HTTP) is so we can rate-limit the network I/O using pf and ALTQ. We tried for many years to use bandwidth-limiting modules such as mod_bw and mod_cband, but the modules are incredibly buggy. (Our most recent experience was with mod_cband, which will literally deadlock the entire webserver during heavy multipart downloads. The Debian folks found the same problem, and it was ultimately removed from their package repo.) -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
Jeremy Chadwick wrote: The config parms we use are necessary. That's all you had to say. :) I see a lot of people attempt to over-engineer stuff with named that leads to complications later. If you are doing things for a good reason, keep doing them. Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named.conf: query-source address
--On July 16, 2008 9:06:33 PM -0700 Chuck Swiger [EMAIL PROTECTED] wrote: On Jul 16, 2008, at 8:51 PM, Eugene Grosbein wrote: On Wed, Jul 16, 2008 at 06:34:38PM +0100, Matthew Seaman wrote: The 'query-source' options don't have to be specified: the system will just choose some appropriate address according to the state of the routing table. 'query-source' to set the source /IP/ is really only useful in some specific server configurations with several alias addresses any of which could be used. That's pretty rare really. Isn't this common to have multiple aliases at an interface? Sometimes only one of them should be used for all DNS traffic. About the only common reason to set up multiple aliases on an interface is when you're doing something like hosting multiple SSL webservers on a single box which actually need to have distinct IPs as a consequence. Other than that, using public IPs for aliases is usually wasteful of IP address space. YMMV... I would have thought that the most common reason for setting up multiple aliases on an interface was for hosting multiple domains on a single server. At least that's why I do it. Paul Schmehl If it isn't already obvious, my opinions are my own and not those of my employer.
Re: named.conf: query-source address
On Wed, 16 Jul 2008, Chuck Swiger wrote: On Jul 16, 2008, at 8:51 PM, Eugene Grosbein wrote: On Wed, Jul 16, 2008 at 06:34:38PM +0100, Matthew Seaman wrote: The 'query-source' options don't have to be specified: the system will just choose some appropriate address according to the state of the routing table. 'query-source' to set the source /IP/ is really only useful in some specific server configurations with several alias addresses any of which could be used. That's pretty rare really. Isn't this common to have multiple aliases at an interface? Sometimes only one of them should be used for all DNS traffic. About the only common reason to set up multiple aliases on an interface is when you're doing something like hosting multiple SSL webservers on a single box which actually need to have distinct IPs as a consequence. Other than that, using public IPs for aliases is usually wasteful of IP address space. I think another common reason is portability of services. When I setup a box, it gets an IP that sticks with that piece of hardware. Each distinct service that I pile onto it then gets it's own IP. This has at least two major advantages that I've found: -If the box dies, it's easy to move any of the services to another box without waiting for DNS changes to propogate. -If one of the services outgrows the box, it's a simple matter to move that service elsewhere, again without playing with DNS. I also will sometimes move services away for a major upgrade of the box. All of this becomes simple when you just bring an alias down on one box and up on another. Next step, putting each service in a jail and moving the jail when needed. YMMV... On the internets, it always does. :) Charles Regards, -- -Chuck ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
