Alan McKinnon alan.mckinnon at gmail.com writes:
My first spot of advice would be to use unbound as your caching servers -
Yes, I'm going to play around with unbound first.
PowerDNS is a fine auth server. If it suits your needs I'd recommend you try
it first. I don't know about it's
ss"
pppd_ppp0="
defaultroute
child-timeout 60
"
Starting net.ppp0 could be a little cleaner:
# /etc/init.d/net.ppp0 restart
* /etc/init.d/net.ppp0 uses runscript, please convert to openrc-run.
* Caching service dependencies ... [ ok ]
* Stopping unbound ... [ ok
Alan McKinnon alan.mckinnon at gmail.com writes:
My first spot of advice would be to use unbound as your caching servers -
Did you experiment iwth ldns-utils
(Set of utilities to simplify various dns(sec) tasks) ???
James
Apparently, though unproven, at 16:18 on Friday 12 November 2010, James did
opine thusly:
Alan McKinnon alan.mckinnon at gmail.com writes:
My first spot of advice would be to use unbound as your caching servers -
Did you experiment iwth ldns-utils
(Set of utilities to simplify various dns
are using ISP DNS and it is slow, or hijacking domains like
search engines, and if you like your DNS to be a content filter, then
sure. :) Google DNS is similar thing.
Personally I just run unbound on my PC and don't want it to block any
look-ups anyway.
ync: line 25: ReadVar: command not found
> > > > /usr/bin/eix-sync: line 26: ReadVar: command not found
> > > > /usr/bin/eix-sync: line 27: ReadVar: command not found
> > > > /usr/bin/eix-sync: line 28: local_portage_configroot: unbound variable
> > &g
: ReadFunctions: command not found
> > > /usr/bin/eix-sync: line 24: ReadVar: command not found
> > > /usr/bin/eix-sync: line 25: ReadVar: command not found
> > > /usr/bin/eix-sync: line 26: ReadVar: command not found
> >
ions/Skype.app
( Allow incoming connections )
2 : /usr/local/bin/unbound
( Block incoming connections )
#
5 runs dnsmasq as DHCP server, NGINX, Postfix, Unbound and
more for a bunch of clients in a LAN. It is quite nifty as a local DNS
Resolver and DHCP server, because it is usually the fastest to boot
after the occasional power outage.
I would not use it as an Internet-facing production Mailserver,
unbound as your caching servers - it's
stupendously bloody fast. It's free as in beer and free as in freedom, and
also keeps up with cns which is neither (and costs an arm and a leg). Plus the
developer is very responsive to bugs and features. unbound does the basics and
does them well
sequence that a dependent service failed to
start because of the networking failure so it should be before this:
[kernel] [0.787433] serio: i8042 AUX port at 0x60,0x64 irq 12
[/etc/init.d/unbound] ERROR: cannot start unbound as net.enp0s20u2u1
would not start
[kernel] [0.792081
of the networking failure so it should be before this:
[kernel] [0.787433] serio: i8042 AUX port at 0x60,0x64 irq 12
[/etc/init.d/unbound] ERROR: cannot start unbound as net.enp0s20u2u1
would not start
[kernel] [0.792081] rtc_cmos 00:04: alarms up to one month, y3k,
242 bytes nvram, hpet
/mdadm
net-dns/unbound:
4507/usr/sbin/unbound
net-print/cups:
4767/usr/sbin/cupsd
sys-apps/dbus:
4369/usr/bin/dbus-daemon
net-misc/ntp:
4975/usr/sbin/ntpd
net-fs/samba:
5015/usr/sbin/smbd
5045/usr/sbin/smbd
5021/usr
scripts that
could be used to restart them:
sys-apps/smartmontools:
5082/usr/sbin/smartd
sys-auth/consolekit:
4384/usr/sbin/console-kit-daemon
app-text/dictd:
4834/usr/sbin/dictd
sys-fs/mdadm:
3742/sbin/mdadm
net-dns/unbound:
4507/usr
DNSSEC on gentoo?
Hardware suggestions on low power (5-10 watts) (embedded)
hardware with Gentoo are welcome.
net-dns/unbound (portage) [2]
bind9 (portage)
nsd (?)
opendnssec (sunrise overlay)
???
Googling and research has led me to reading
quite a lot of interesting, but fragmented
thoughts
'voice_cmu_us_awb_arctic_hts)
to
;; If you want a voice different from the system installed default
;; uncomment the following line and change the name to the voice you
;; want
(set! voice_default 'voice_cmu_us_awb_arctic_hts)
leads to an error message:
SIOD ERROR: unbound variable
on the bandwagon.
Anyone know if they are as wonderful as they sound?
If you are using ISP DNS and it is slow, or hijacking domains like
search engines, and if you like your DNS to be a content filter, then
sure. :) Google DNS is similar thing.
Personally I just run unbound on my PC
with a simple (for now) setup using dhcp and
unbound. However, the sit0 is IPV4 to IPV6. Check for CONFIG_IPV6 in your
kernel ... it will probably go away when you don't have that, or ipv6 USE
flags where you don't use them.
--
Happy Penguin Computers ')
126 Fenco Drive
On Mon, Jun 16, 2014 at 07:57:31PM +, James wrote:
Any guidance of those?
When I have a choice, I go with nsd for authoritive and with unbound for
recursive dns servers. Bind is also a popular alternative.
Anyone and Everyone is encouraged to chime in on dns server
Try to seperate your
On 17/06/2014 16:48, Eray Aslan wrote:
On Mon, Jun 16, 2014 at 07:57:31PM +, James wrote:
Any guidance of those?
When I have a choice, I go with nsd for authoritive and with unbound for
recursive dns servers. Bind is also a popular alternative.
Anyone and Everyone is encouraged
going completely apeshit about unbound,
thinking named is about to go away forever. That's what this looks like.
--
Alan McKinnon
alan.mckin...@gmail.com
26: ReadVar: command not found
/usr/bin/eix-sync: line 27: ReadVar: command not found
/usr/bin/eix-sync: line 28: local_portage_configroot: unbound variable
[1]4865 exit 1 eix-sync
...end of the show?
How can I fix this?
Cheers
Meino
ot;alsa bluetooth caps iconv mysql ssl vorbis
-blocks -calendar -cluster -codec2 -curl (-dahdi) -debug -deprecated
-doc -freetds -gtalk -http -ilbc -ldap -lua -newt -odbc -oss
-pjproject -portaudio -postgres -radius (-selinux) -snmp -span -speex
-srtp -static -statsd -syslog -systemd -unb
in the boot sequence that a dependent service failed to
start because of the networking failure so it should be before this:
[kernel] [0.787433] serio: i8042 AUX port at 0x60,0x64 irq 12
[/etc/init.d/unbound] ERROR: cannot start unbound as net.enp0s20u2u1
would not start
[kernel] [0.792081
of the networking failure so it should be before this:
[kernel] [0.787433] serio: i8042 AUX port at 0x60,0x64 irq 12
[/etc/init.d/unbound] ERROR: cannot start unbound as net.enp0s20u2u1
would not start
[kernel] [0.792081] rtc_cmos 00:04: alarms up to one month, y3k,
242 bytes nvram, hpet
sync: line 25: ReadVar: command not found
> > /usr/bin/eix-sync: line 26: ReadVar: command not found
> > /usr/bin/eix-sync: line 27: ReadVar: command not found
> > /usr/bin/eix-sync: line 28: local_portage_configroot: unbound variable
> > [1]4865 exit 1 eix-sync
> >
> >
/messages/everything/current shows the
first time in the boot sequence that a dependent service failed to
start because of the networking failure so it should be before this:
[kernel] [0.787433] serio: i8042 AUX port at 0x60,0x64 irq 12
[/etc/init.d/unbound] ERROR: cannot start unbound
in deny_hosts.conf are
being stopped at the firewall I'm still seeing them fail to authenticate
to my FTP and ssh servers? Also, I've always heard that you shouldn't
have any ports open on your machine unless you have some server bound to
that port because hackers can get in through unbound open
machines, then it sounds like your firewall is
misconfigured and isn't blocking the IPs.
Also, I've always heard that you shouldn't
have any ports open on your machine unless you have some server bound to
that port because hackers can get in through unbound open ports. Is
this true?
I've never
On Thursday 22 February 2007, Michael Sullivan wrote:
Also, I've always heard that you shouldn't
have any ports open on your machine unless you have some server bound
to that port because hackers can get in through unbound open ports.
Is this true? If so, how does it work?
That sounds
a pig to run in real life. For an auth server, powerdns
is very good. For a cache, unbound.
What you have here is common. Bind can't find, or can't deal with, it's PID
file. Or it's just being stubborn.
Check your config that the PID file is in the right place, usable and that it
has the correct
On 16. 11. 2010 20:47, Alan McKinnon wrote:
Do you absolutely *have* to run bind? Aside from it being a 100% RFC-compliant
reference server, it's a pig to run in real life. For an auth server, powerdns
is very good. For a cache, unbound.
Well, not *absolutely*, but I'm an old dog used to work
. :) Google DNS is similar thing.
Personally I just run unbound on my PC and don't want it to block any
look-ups anyway.
Or, in my case, all ISPs in my country are required to use a DNS server
called Nawala that performs web censorship. And, as one would expect,
that totally breaks DNSSEC
low ttl of 30s). Also, it isn't able to save cached
entries to file so that it can be restored on next boot. Any option?
You can use almost any cache you want...
... except bind
We use unbound. Does the job, does it well, developer very responsive.
But do not fiddle with TTLs, that breaks stuff
minimum ttl (doesn't make sense, but some sites like twitter have
ridiculously low ttl of 30s). Also, it isn't able to save cached
entries to file so that it can be restored on next boot. Any option?
You can use almost any cache you want...
... except bind
We use unbound. Does the job, does
]: sending commands to master dhcpcd process.
There's also a new display in Gkrellm 'sit0', which is new to me.
Everything is working, but can anyone explain the change ?
I spoke too soon (grimace)!
My LAN has a Linux router with a simple (for now) setup
using dhcp and unbound. However, the sit0
ely?
>>
>> auth or cache?
>>
>> First of all, bind is a pain to use. Reason: it's actually a reference
>> implementation that as usual got forced into production use. It's slower
>> than it could be because it deals with every possible corner case per RFC.
>&
Reason: it's actually a reference
> implementation that as usual got forced into production use. It's slower
> than it could be because it deals with every possible corner case per RFC.
>
> As an auth server (few queries) it's OK
> As a cache (many queries), there are better servers
eals with every possible corner case per RFC.
As an auth server (few queries) it's OK
As a cache (many queries), there are better servers out there. I prefer
unbound.
> Also, what is the (nominal) minimum amount of RAM needed to keep all routes
> in ram in these name servers?
I don't unde
lementation that as usual got forced into production use. It's slower
> >> than it could be because it deals with every possible corner case per
> >> RFC.
> >>
> >> As an auth server (few queries) it's OK
> >> As a cache (many queries), there are bette
/usr/bin/eix-sync: line 22: ReadFunctions: command not found
> /usr/bin/eix-sync: line 24: ReadVar: command not found
> /usr/bin/eix-sync: line 25: ReadVar: command not found
> /usr/bin/eix-sync: line 26: ReadVar: command not found
> /usr/bin/eix-sync: line 27: ReadVar: command not found
&
. Is that enough ram for a DNS server?
For running the Nameservers, yes. Compiling Gentoo packages will likely
put your SD-Card under stress, but that's just how it goes. My Model B
Rev 2 of 2015 runs dnsmasq as DHCP server, NGINX, Postfix, Unbound and
more for a bunch of clients in a LAN
CPU0: Intel(R) Pentium(R) 4 CPU 2.80GHz stepping 09
Brought up 1 CPUs
Have you added any extra patches to the kernel recently?
nope
--
The sounds of the nouns are mostly unbound.
In town a noun might wear a gown,
or further down, might dress a clown.
A noun that's sound would never clown
:
Also, I've always heard that you shouldn't
have any ports open on your machine unless you have some server bound
to that port because hackers can get in through unbound open ports.
Is this true? If so, how does it work?
That sounds like something out of Hollywod, perhaps that atrocious movie
?
Hardware suggestions on low power (5-10 watts) (embedded)
hardware with Gentoo are welcome.
net-dns/unbound (portage) [2]
bind9 (portage)
nsd (?)
opendnssec (sunrise overlay)
???
Googling and research has led me to reading
quite a lot of interesting, but fragmented
thoughts
se. It's slower
>>> than it could be because it deals with every possible corner case per RFC.
>>>
>>> As an auth server (few queries) it's OK
>>> As a cache (many queries), there are better servers out there. I prefer
>>> unbound.
>>
>> As it
t-anchors.xml'
!!! Couldn't download 'root-anchors-20100715.xml'. Aborting.
>>> Downloading 'http://192.168.2.4/gentoom//distfiles/Kjqmt7v-20100715.csr'
>>> Downloading 'http://192.168.2.4/gentoom/distfiles/Kjqmt7v-20100715.csr'
>>> Downlo
your /etc/resolv.conf show?
$ cat /etc/resolv.conf
nameserver 127.0.0.1
(because I run net-dns/unbound on my local machine). For the other
computers/devices they use the DNS server which runs on the router,
192.168.0.1
My ISP does offer DNS servers at actual IPv6 addresses, though I'm
?
You can use almost any cache you want...
... except bind
We use unbound. Does the job, does it well, developer very
responsive.
But do not fiddle with TTLs, that breaks stuff in spectacular ways.
Essentially, with the TTL the auth server is saying We guarantee
that you can treat
>> First of all, bind is a pain to use. Reason: it's actually a reference
>>>> implementation that as usual got forced into production use. It's slower
>>>> than it could be because it deals with every possible corner case per
>>>> RFC.
>>>>
>&
rvers will only run the minimum
> >>>>> packages to operate securely?
> >>>>
> >>>> auth or cache?
> >>>>
> >>>> First of all, bind is a pain to use. Reason: it's actually a reference
> >>>>
ion use. It's slower
> than it could be because it deals with every possible corner case per RFC.
> As an auth server (few queries) it's OK
Bind is an old acquaintance of mine:: been a few years, hence the post.
I may test/migrate to something else, later.
> As a cache (many queries), there are
id=464236
or, by the current packages:
automake-1.14.1.tar.xz, gnurl-170218.tar, gnurl-git-170218.tar,
gnutls-3.5.9.tar.xz, Kjqmt7v-20100715.csr, libmicrohttpd-0.9.52.tar.gz,
Python-3.5.2.tar.xz, python-gentoo-patches-3.5.2-0.tar.xz,
root-anchors-20100715.xml, unbound-1.6.0.tar.gz
I have overcome th
RFC.
>> As an auth server (few queries) it's OK
>
> Bind is an old acquaintance of mine:: been a few years, hence the post.
> I may test/migrate to something else, later.
OK. For a few domains there's no benefit to using something other than
what you already know.
>
>> A
leaving their
entire network open to bad guys)
What does your /etc/resolv.conf show?
$ cat /etc/resolv.conf
nameserver 127.0.0.1
(because I run net-dns/unbound on my local machine). For the other
computers/devices they use the DNS server which runs on the router,
192.168.0.1
My ISP does offer DNS
/test-
thread-termination.o /tmp/portage/dev-lang/v8-3.16.14.9-
r1/work/v8-3.16.14.9/out/x64.release/obj.target/cctest/test/cctest/test-
threads.o /tmp/portage/dev-lang/v8-3.16.14.9-
r1/work/v8-3.16.14.9/out/x64.release/obj.target/cctest/test/cctest/test-
unbound-queue.o /tmp/portage/dev-lang/v8
/cctest/test-thread-termination.o
/tmp/portage/dev-lang/v8-3.16.14.9-r1/work/v8-3.16.14.9/out/x64.release/obj.target/cctest/test/cctest/test-threads.o
/tmp/portage/dev-lang/v8-3.16.14.9-r1/work/v8-3.16.14.9/out/x64.release/obj.target/cctest/test/cctest/test-unbound-queue.o
/tmp/portage/dev-lang/v8
because hackers can get in through unbound open ports. Is
this true?
I've never heard of this. All ports that you don't want accessible from the
internet should be completely blocked by your firewall if you have it
correctly configured.
If so, how does it work? What do they connect
58 matches
Mail list logo