Re: unbound and ntp issuse

[Slawa Olhovchenkov]

On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote:

> Slawa Olhovchenkov  writes:
> 
> > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote:
> >
> >> Slawa Olhovchenkov  writes:
> >> 
> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:
> >> >
> >> >> I doubt that will happen as you are asking to pollute every release
> >> >> installation for an edge condition when  there is numerous work arounds
> >> >> that would be acceptable to most.   eg two lines in rc.conf will fix the
> >> >> issue.
> >> >
> >> > This manual editing will be required by every install on RPi, for
> >> > example.
> >> 
> >> No, it won't. Most people will just give the system a valid DNS
> >> configuration, and the clock will not be an issue.
> >
> > What invalid in my DNS configuration?
> 
> You said that you configured 127.0.0.1 as your DNS server. You didn't
> say how (or rather where) you did that, but if you had used the address
> of a working upstream recursive server, I suspect there wouldn't have
> been any problem.

Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause
unbound acts as recursive resolver. This is conventional setup.
("No forwarders found in resolv.conf, unbound will recurse."
-- from /usr/sbin/local-unbound-setup)

Using upstream recursive server with local unbound will cause same
problem, IMHO, because unbound will be enfocing DNSSEC by the same
way and rejecting all answers from upstream.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: unbound and ntp issuse

[Lowell Gilbert]

Slawa Olhovchenkov  writes:

> On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote:
>
>> Slawa Olhovchenkov  writes:
>> 
>> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:
>> >
>> >> I doubt that will happen as you are asking to pollute every release
>> >> installation for an edge condition when  there is numerous work arounds
>> >> that would be acceptable to most.   eg two lines in rc.conf will fix the
>> >> issue.
>> >
>> > This manual editing will be required by every install on RPi, for
>> > example.
>> 
>> No, it won't. Most people will just give the system a valid DNS
>> configuration, and the clock will not be an issue.
>
> What invalid in my DNS configuration?

You said that you configured 127.0.0.1 as your DNS server. You didn't
say how (or rather where) you did that, but if you had used the address
of a working upstream recursive server, I suspect there wouldn't have
been any problem.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Nasty state after running out of swap

[Mikhail T.]

On 08.06.2016 18:24, Mark Johnston wrote:
>> Is it yet to recover from the "out of swap" situation? I'm sure, a 
>> > reboot will fix everything, but I expected FreeBSD to be better than 
>> > that... Running 10.3-stable from April 18 here. Thanks!
> There was a memory leak in CAM at that point. It's fixed in r299531, but
> the vmstat output is needed to verify that this is the problem you're
> hitting.

Sorry, the system was completely dead by the time I got home to it (no
console, ssh-connections hanging after the first handshake)... I reset
it and built a new world/kernel, which seem to be working Ok now. Thanks!

-mi

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: unbound and ntp issuse

[Slawa Olhovchenkov]

On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote:

> Slawa Olhovchenkov  writes:
> 
> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:
> >
> >> I doubt that will happen as you are asking to pollute every release
> >> installation for an edge condition when  there is numerous work arounds
> >> that would be acceptable to most.   eg two lines in rc.conf will fix the
> >> issue.
> >
> > This manual editing will be required by every install on RPi, for
> > example.
> 
> No, it won't. Most people will just give the system a valid DNS
> configuration, and the clock will not be an issue.

What invalid in my DNS configuration?
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: unbound and ntp issuse

[Lowell Gilbert]

Slawa Olhovchenkov  writes:

> On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:
>
>> I doubt that will happen as you are asking to pollute every release
>> installation for an edge condition when  there is numerous work arounds
>> that would be acceptable to most.   eg two lines in rc.conf will fix the
>> issue.
>
> This manual editing will be required by every install on RPi, for
> example.

No, it won't. Most people will just give the system a valid DNS
configuration, and the clock will not be an issue.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: unbound and ntp issuse

[Slawa Olhovchenkov]

On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:

> I doubt that will happen as you are asking to pollute every release
> installation for an edge condition when  there is numerous work arounds
> that would be acceptable to most.   eg two lines in rc.conf will fix the
> issue.

This manual editing will be required by every install on RPi, for
example.

Also, this issuse hard to dignostics by average user.

> On 9 June 2016 at 09:04, Slawa Olhovchenkov  wrote:
> 
> > On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote:
> >
> > > googles will be pretty static, but i would just use them as a one off, ie
> > > with ntpdate
> >
> > i am talk about freebsd system/project.
> >
> > >
> > > On 8 June 2016 at 10:48, Slawa Olhovchenkov  wrote:
> > >
> > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote:
> > > >
> > > > > Slawa Olhovchenkov  writes:
> > > > > > IMHO, ntp.conf need to include some numeric IP of public ntp
> > servers.
> > > > >
> > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
> > > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
> > > >
> > > > What you suggestion?
> > > >
> > > > ___
> > > > freebsd-stable@freebsd.org mailing list
> > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > > > To unsubscribe, send any mail to "
> > freebsd-stable-unsubscr...@freebsd.org"
> > > >
> >
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: unbound and ntp issuse

[krad]

I doubt that will happen as you are asking to pollute every release
installation for an edge condition when  there is numerous work arounds
that would be acceptable to most.   eg two lines in rc.conf will fix the
issue.

On 9 June 2016 at 09:04, Slawa Olhovchenkov  wrote:

> On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote:
>
> > googles will be pretty static, but i would just use them as a one off, ie
> > with ntpdate
>
> i am talk about freebsd system/project.
>
> >
> > On 8 June 2016 at 10:48, Slawa Olhovchenkov  wrote:
> >
> > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote:
> > >
> > > > Slawa Olhovchenkov  writes:
> > > > > IMHO, ntp.conf need to include some numeric IP of public ntp
> servers.
> > > >
> > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
> > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
> > >
> > > What you suggestion?
> > >
> > > ___
> > > freebsd-stable@freebsd.org mailing list
> > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > > To unsubscribe, send any mail to "
> freebsd-stable-unsubscr...@freebsd.org"
> > >
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: ipfw fwd to closed port

[Slawa Olhovchenkov]

On Thu, Jun 09, 2016 at 09:08:33AM -0400, Kristof Provost wrote:

> 
> 
> On 9 Jun 2016, at 9:06, Slawa Olhovchenkov wrote:
> 
> > On Thu, Jun 09, 2016 at 03:00:17PM +0200, Kristof Provost wrote:
> >
> >> On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov  wrote:
> >>> Forwarding by ipfw to closed local port generating RST packet with
> >>> incorrect checksun. Is this know ussuse? Need open PR?
> >>
> >> Where did you capture the packet? If you've captured the packet on the
> >> machine that generated it tcpdump may indeed claim that the checksum is
> >> wrong, because it's computed by the hardware (so after tcpdump captured
> >> it).
> >
> > On the tun0 (destination of RST packet routed to tun0).
> > tun0: flags=8051 metric 0 mtu 1500
> > options=8
> > inet 192.168.4.1 --> 192.168.4.1 netmask 0xff00
> > inet6 fe80::240:63ff:fedc:ac9e%tun0 prefixlen 64 scopeid 0x9
> > nd6 options=21
> > Opened by PID 1345
> >
> > tun0 don't computed checksum.
> 
> I’m not sure I understand what you’re trying to say.
> 
> In any case: either capture the packet outside the machine, or confirm
> that the checksum is wrong by watching the relevant netstat counters.

I am have machine with tun0 (see above) and ipfw rules:

04010  23880  2132855 fwd 127.0.0.1,3129 tcp from 192.168.0.0/16 to not me 
dst-port 80,3128,8080,8100-8105 recv tun0

# netstat -rn
192.168.4.0/24 192.168.4.1UGStun0
192.168.4.1link#9 UH tun0

tun0 handled by coova-chilli.

Initator from network 192.168.4.0/24 (ex: 192.168.4.4) send packet to outside, 
8.8.8.8 for example.
fwd on tun0 forwarded tin 127.0.0.1,3129. No listener on 127.0.0.1:3129, RST 
generated from 8.8.8.8:80
to 192.168.4.4:2345. This packet routed to tun0 an received by chilli.

Checksums must be correct at this point, on tun0 interface for correct handling 
in chilli.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: ipfw fwd to closed port

[Kristof Provost]

On 9 Jun 2016, at 9:06, Slawa Olhovchenkov wrote:

> On Thu, Jun 09, 2016 at 03:00:17PM +0200, Kristof Provost wrote:
>
>> On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov  wrote:
>>> Forwarding by ipfw to closed local port generating RST packet with
>>> incorrect checksun. Is this know ussuse? Need open PR?
>>
>> Where did you capture the packet? If you've captured the packet on the
>> machine that generated it tcpdump may indeed claim that the checksum is
>> wrong, because it's computed by the hardware (so after tcpdump captured
>> it).
>
> On the tun0 (destination of RST packet routed to tun0).
> tun0: flags=8051 metric 0 mtu 1500
> options=8
> inet 192.168.4.1 --> 192.168.4.1 netmask 0xff00
> inet6 fe80::240:63ff:fedc:ac9e%tun0 prefixlen 64 scopeid 0x9
> nd6 options=21
> Opened by PID 1345
>
> tun0 don't computed checksum.

I’m not sure I understand what you’re trying to say.

In any case: either capture the packet outside the machine, or confirm
that the checksum is wrong by watching the relevant netstat counters.

Regards,
Kristof
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: ipfw fwd to closed port

[Slawa Olhovchenkov]

On Thu, Jun 09, 2016 at 03:00:17PM +0200, Kristof Provost wrote:

> On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov  wrote:
> > Forwarding by ipfw to closed local port generating RST packet with
> > incorrect checksun. Is this know ussuse? Need open PR?
> 
> Where did you capture the packet? If you've captured the packet on the
> machine that generated it tcpdump may indeed claim that the checksum is
> wrong, because it's computed by the hardware (so after tcpdump captured
> it).

On the tun0 (destination of RST packet routed to tun0).
tun0: flags=8051 metric 0 mtu 1500
options=8
inet 192.168.4.1 --> 192.168.4.1 netmask 0xff00 
inet6 fe80::240:63ff:fedc:ac9e%tun0 prefixlen 64 scopeid 0x9 
nd6 options=21
Opened by PID 1345

tun0 don't computed checksum.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: ipfw fwd to closed port

[Kristof Provost]

On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov  wrote:
> Forwarding by ipfw to closed local port generating RST packet with
> incorrect checksun. Is this know ussuse? Need open PR?

Where did you capture the packet? If you've captured the packet on the
machine that generated it tcpdump may indeed claim that the checksum is
wrong, because it's computed by the hardware (so after tcpdump captured
it).

Regards,
Kristof
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: 10.3-STABLE - PF - possible regression in pf.conf set timeout interval

[Oliver Peter]

On Wed, May 11, 2016 at 09:44:32PM +0200, Damien Fleuriot wrote:
> On 11 May 2016 at 21:41, Luiz Otavio O Souza  wrote:
> 
> > On Mon, May 9, 2016 at 12:15 PM, Kristof Provost wrote:
> > >
> > >> On 09 May 2016, at 16:58, Damien Fleuriot wrote:
> > >>
> > >> Since the upgrade, pf rules won't load anymore at boot time, nor even
> > >> manually with pfctl -f /etc/pf.conf :
> > >> # pfctl -f /etc/pf.conf
> > >> /etc/pf.conf:24: syntax error
> > >> pfctl: Syntax error in config file: pf rules not loaded
> > >>
> > >> The problematic line is :
> > >> set timeout interval 10
> > >>
> > > I think that was broken by the commit which added ALTQ support for CoDel.
> > >
> > > It made ?interval? a keyword, and it looks like that breaks things for
> > you.
> > >
> > > I?ve cced   loos so he can take a look.
> >
> > Damien,
> >
> > I was AFK in the past couple days, I'll look at this tonight.
> >
> > Luiz
> >
> 
> 
> Cheers Luiz,
> 
> Do tell if I may be of help, got a building box at work I can use just for
> that ;)

Hi,

Is there any news on this?
We hit the problem today while applying our pf.conf from a 10.2 machine to
a 10.3-STABLE.  Took a while to find out what actually happened to pf.conf
until a colleage found this thread.
Perhaps we should open a bug report for this?

Cheers
~ollie


-- 
Oliver PETER   oli...@gfuzz.de   0x456D688F
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Goodbye from our Newsletter

[Оргкомитет]

  
  Goodbye from our Newsletter, sorry to see you go.

  You have been unsubscribed from our newsletters.

  This is the last email you will receive from us. Our newsletter system,
phpList,
  will refuse to send you any further messages, without manual intervention
by our administrator.

  If there is an error in this information, you can re-subscribe:
  please go to http://mailvm.ru/lists/?p=subscribe and follow the steps.

  Thank you
  
  

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Исключительно хорошо отдохнуть трудовым коллективам

[Оргкомитет]

/Л//ьготные путевки для трудовых
коллективов, профсоюзных и общественных
организаций, а также всех желающих в
частные отели Сочи и Адлера! /

/СУПЕРАКЦИЯ!!!/

/До 20 июня скидки на все наши отели:/

*на июнь - 20%, на сентябрь - 30%, на октябрь -
40%*

Вся информация здесь




--

 This message was sent to freebsd-stable@freebsd.org by pet...@mailvm.ru

 To forward this message, please do not use the forward button of your
email application, because this message was made specifically for you only.
Instead use the forward page

in our newsletter system.

 To change your details and to choose which lists to be subscribed to,
visit your personal preferences page

or you can opt-out completely

from all future mailings.

Изменить параметры рассылки, в том числе
отписаться от рассылок, Вы можете на
своей персональной странице настроек

или Вы можете просто отписаться

от этой рассылки.

 


-- powered by phpList, www.phplist.com --


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: unbound and ntp issuse

[Slawa Olhovchenkov]

On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote:

> googles will be pretty static, but i would just use them as a one off, ie
> with ntpdate

i am talk about freebsd system/project.

> 
> On 8 June 2016 at 10:48, Slawa Olhovchenkov  wrote:
> 
> > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote:
> >
> > > Slawa Olhovchenkov  writes:
> > > > IMHO, ntp.conf need to include some numeric IP of public ntp servers.
> > >
> > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
> > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
> >
> > What you suggestion?
> >
> > ___
> > freebsd-stable@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
> >
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: unbound and ntp issuse

[krad]

googles will be pretty static, but i would just use them as a one off, ie
with ntpdate


On 8 June 2016 at 10:48, Slawa Olhovchenkov  wrote:

> On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote:
>
> > Slawa Olhovchenkov  writes:
> > > IMHO, ntp.conf need to include some numeric IP of public ntp servers.
> >
> > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
> > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
>
> What you suggestion?
>
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"