Re: IPv6 autoconf
Hey, glad you got it working :) On Sat, Jul 29, 2017 at 3:29 AM, Thomas Smithwrote: > On July 28, 2017 at 3:37:18 PM, Hamza Sheikh (fehr...@codeghar.com) wrote: > > I went through the process of creating an OpenBSD-based gateway for my > home network (IPv4 and IPv6). Learned a lot and documented my setup in > a blog post[0]. Maybe it can help troubleshoot your IPv6 setup. Pay > special attention to these sections: (a) cnmac0; (b) dhcp6c; (c) The > "Wrong" Config. > > [0] http://codeghar.com/blog/openbsd-network-gateway-on-edgerouter-lite.html > > > I had been trying wide-dhcpv6—even with no firewall rules enabled, it erred > out—“no route to host” and some other info. I expected that this had to do > with `rtsol` or `inet6 autoconf` not working properly in hostname.em0—but > according to your blog post, it was likely a misconfiguration on my part. > > After Mr Archer’s post, instead of giving dhcpcd a shot I tried > isc-dhcp-client—firewall off, it immediately pulled down an ip6 address > from Cox. After making some adjustments to the firewall, it could pull down > one with it enabled as well. Still have a few things to work out now, but > this is a great start! > > Thanks for the input guys! > > One question… > > What would be necessary to bake this functionality into OpenBSD base? IPv6 > is pretty ubiquitous nowadays—most ISPs support it, most cloud providers > support it—it seems common enough that much of this functionality should > just work. > > I know that “common enough” isn’t a good reason to implement features or > functionality, it just seems like a core capability that should be present. > > When I was researching how to set this up, I found many different ways to > do so—some of the information was clearly dated, others not so much. It > would be great to have just configure this via hostname.em0 (or whichever > interface) and have it work. > > I’m fairly new to OpenBSD but if there’s something I can do to help with > this, I’m happy to do so if it's within my skillset.
Re: IPv6 autoconf
On July 28, 2017 at 3:37:18 PM, Hamza Sheikh (fehr...@codeghar.com) wrote: I went through the process of creating an OpenBSD-based gateway for my home network (IPv4 and IPv6). Learned a lot and documented my setup in a blog post[0]. Maybe it can help troubleshoot your IPv6 setup. Pay special attention to these sections: (a) cnmac0; (b) dhcp6c; (c) The "Wrong" Config. [0] http://codeghar.com/blog/openbsd-network-gateway-on-edgerouter-lite.html I had been trying wide-dhcpv6—even with no firewall rules enabled, it erred out—“no route to host” and some other info. I expected that this had to do with `rtsol` or `inet6 autoconf` not working properly in hostname.em0—but according to your blog post, it was likely a misconfiguration on my part. After Mr Archer’s post, instead of giving dhcpcd a shot I tried isc-dhcp-client—firewall off, it immediately pulled down an ip6 address from Cox. After making some adjustments to the firewall, it could pull down one with it enabled as well. Still have a few things to work out now, but this is a great start! Thanks for the input guys! One question… What would be necessary to bake this functionality into OpenBSD base? IPv6 is pretty ubiquitous nowadays—most ISPs support it, most cloud providers support it—it seems common enough that much of this functionality should just work. I know that “common enough” isn’t a good reason to implement features or functionality, it just seems like a core capability that should be present. When I was researching how to set this up, I found many different ways to do so—some of the information was clearly dated, others not so much. It would be great to have just configure this via hostname.em0 (or whichever interface) and have it work. I’m fairly new to OpenBSD but if there’s something I can do to help with this, I’m happy to do so if it's within my skillset.
Re: IPv6 autoconf
o Sent from my Samsung Galaxy smartphone. Original message From: Sterling ArcherDate: 2017-07-28 7:05 PM (GMT-05:00) To: Hamza Sheikh Cc: Thomas Smith , OpenBSD Misc Subject: Re: IPv6 autoconf I switched from wide-dhcp to dhcpcd after reading recommendations on this mailing list, and I don't regret it. Setup is just as easy, and the code is more actively maintained. On Sat, Jul 29, 2017 at 12:37 AM, Hamza Sheikh wrote: > I went through the process of creating an OpenBSD-based gateway for my > home network (IPv4 and IPv6). Learned a lot and documented my setup in > a blog post[0]. Maybe it can help troubleshoot your IPv6 setup. Pay > special attention to these sections: (a) cnmac0; (b) dhcp6c; (c) The > "Wrong" Config. > > [0] http://codeghar.com/blog/openbsd-network-gateway-on-edgerouter-lite.html >
Re: Split zone DNS?
Hi, Thanks for the feedback everyone! I'll be looking at unbound and seeing if I need nsd or not. Have a great weekend! Cheers, Steve On 28/07/2017 7:58 AM, Steve Williams wrote: Hi, I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD versions over 10 years) fine tune my home network. I would like to run a local resolver on my internal network that will resolve all my hosts on my local network to IP addresses on my local network(s) rather than resolving to their public IP addresses. I believe it's called a "split zone" DNS, where my domain is resolved locally, but everyone else is resolved using normal resolution processes. I set this up at one of my previous jobs using BIND, but that was 7 years ago. I've never gone to the trouble of doing it at home, but I would like to exercise my brain a bit as well as having my home network set up "better". What is the best tool to accomplish this these days? Is NSD the "modern" tool to be using on OpenBSD? Are there any hooks for dhcpd to update records? I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way to go, but I thought I'd check the wisdom here to see if there is a better approach. Thanks, Steve Williams
Re: permission denied local nfs mount
Nicolas Schmidtwrites: > Did you try setting an explicit netmask? I didn't; the exports(5) man page says it's optional: If the mask is not specified, it will default to the mask for that network class (A, B or C; see inet_addr(3)). I tried just now with -mask=255.255.255.0 and got the same "permission denied." Allan
Re: permission denied local nfs mount
Did you try setting an explicit netmask? > Am 29.07.2017 um 01:36 schrieb Allan Streib: > > 6.1 amd64 release > > My goal is to serve files from a directory in my home dir via httpd. As > I understand it the way to do this is a local NFS mount in the httpd > chroot. > > Basically following the FAQ for NFS I set up this: > > $ cat /etc/exports > /home/astreib/work/new-site.org -ro -network=127.0.0.1 > > $ showmount -e > Exports list on localhost: > /home/astreib/work/new-site.org127.0.0.1 > > $ doas mount -t nfs 127.0.0.1:/home/astreib/work/new-site.org > /var/www/htdocs/new-site > mount_nfs: can't access /home/astreib/work/new-site.org: Permission denied > > Everyhing works if I remove the "-network=" from /etc/exports, i.e.: > > /home/astreib/work/new-site.org -ro 127.0.0.1 > > I don't really understand why? > > Allan
permission denied local nfs mount
6.1 amd64 release My goal is to serve files from a directory in my home dir via httpd. As I understand it the way to do this is a local NFS mount in the httpd chroot. Basically following the FAQ for NFS I set up this: $ cat /etc/exports /home/astreib/work/new-site.org -ro -network=127.0.0.1 $ showmount -e Exports list on localhost: /home/astreib/work/new-site.org127.0.0.1 $ doas mount -t nfs 127.0.0.1:/home/astreib/work/new-site.org /var/www/htdocs/new-site mount_nfs: can't access /home/astreib/work/new-site.org: Permission denied Everyhing works if I remove the "-network=" from /etc/exports, i.e.: /home/astreib/work/new-site.org -ro 127.0.0.1 I don't really understand why? Allan
Re: IPv6 autoconf
I switched from wide-dhcp to dhcpcd after reading recommendations on this mailing list, and I don't regret it. Setup is just as easy, and the code is more actively maintained. On Sat, Jul 29, 2017 at 12:37 AM, Hamza Sheikhwrote: > I went through the process of creating an OpenBSD-based gateway for my > home network (IPv4 and IPv6). Learned a lot and documented my setup in > a blog post[0]. Maybe it can help troubleshoot your IPv6 setup. Pay > special attention to these sections: (a) cnmac0; (b) dhcp6c; (c) The > "Wrong" Config. > > [0] http://codeghar.com/blog/openbsd-network-gateway-on-edgerouter-lite.html >
Re: IPv6 autoconf
I went through the process of creating an OpenBSD-based gateway for my home network (IPv4 and IPv6). Learned a lot and documented my setup in a blog post[0]. Maybe it can help troubleshoot your IPv6 setup. Pay special attention to these sections: (a) cnmac0; (b) dhcp6c; (c) The "Wrong" Config. [0] http://codeghar.com/blog/openbsd-network-gateway-on-edgerouter-lite.html
Re: Getting Dell RAID status via SNMP
On Mon, Jul 24, 2017 at 12:10 AM, FUKAUMI Naokiwrote: > Hi, > > From: Jibby Jeremiah > Subject: Re: Getting Dell RAID status via SNMP > Date: Wed, 19 Jul 2017 15:03:21 -0400 > > > Darn. Well if you need more testers let me know. > > It seems your RAID card doesn't have cache, > > > mfii0 at pci3 dev 0 function 0 "Symbios Logic MegaRAID SAS3008" rev 0x02: > > msi > > mfii0: "PERC H330 Adapter", firmware 25.5.0.0019 > > then, I guess the "issue" will not happen. > > Here is new/WIP patch to support bio(4) for mfii(4). it doesn't fix the > "issue" yet, but it includes hot swap support from my patch for mfi(4) > http://marc.info/?l=openbsd-tech=149872410222552=2 > > Could you try attached patch? > Hi, Thanks for the patch, but it fails to build (also, I had to use 'patch -l' to get it to apply at all, due to ^M line endings, etc.): /usr/src/sys/dev/pci/mfii.c: In function 'mfii_makegood': /usr/src/sys/dev/pci/mfii.c:3068: error: 'MR_DCMD_CFG_FOREIGN_SCAN' undeclared (first use in this function) /usr/src/sys/dev/pci/mfii.c:3068: error: (Each undeclared identifier is reported only once /usr/src/sys/dev/pci/mfii.c:3068: error: for each function it appears in.) /usr/src/sys/dev/pci/mfii.c:3073: error: 'MR_DCMD_CFG_FOREIGN_CLEAR' undeclared (first use in this function) /usr/src/sys/dev/pci/mfii.c: In function 'mfii_makespare': /usr/src/sys/dev/pci/mfii.c:3125: error: 'MR_DCMD_CFG_MAKE_SPARE' undeclared (first use in this function) *** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:947 'mfii.o') I got around that by copying those definitions from the FreeBSD mfi driver (patch is also attached, in case gmail decides to munge inline tabs): Add MR_DCMD_CFG definitions for *_SPARE and FOREIGN_* (taken from FreeBSD sys/dev/mfi/mfireg.h). --- sys/dev/ic/mfireg.h.bak Fri Jul 28 12:43:41 2017 +++ sys/dev/ic/mfireg.h Fri Jul 28 12:47:19 2017 @@ -139,6 +139,13 @@ #define MR_DCMD_CONF_GET 0x0401 #define MR_DCMD_CFG_ADD 0x0402 #define MR_DCMD_CFG_CLEAR 0x0403 +#define MR_DCMD_CFG_MAKE_SPARE 0x0404 +#define MR_DCMD_CFG_REMOVE_SPARE 0x0405 +#define MR_DCMD_CFG_FOREIGN_SCAN 0x04060100 +#define MR_DCMD_CFG_FOREIGN_DISPLAY 0x04060200 +#define MR_DCMD_CFG_FOREIGN_PREVIEW 0x04060300 +#define MR_DCMD_CFG_FOREIGN_IMPORT 0x04060400 +#define MR_DCMD_CFG_FOREIGN_CLEAR 0x04060500 #define MR_DCMD_BBU_GET_STATUS 0x0501 #define MR_DCMD_BBU_GET_CAPACITY_INFO 0x0502 #define MR_DCMD_BBU_GET_DESIGN_INFO 0x0503 I'll leave it to the experts to determine whether the numbers for MR_DCMD_CFG_MAKE_SPARE, etc. are in fact correct. I have the same PERC H330 HBA, and temporarily have a rather unique disk configuration in this server -- it has two disks, initially set up as RAID-1. For testing UEFI support, I broke the mirror, and configured the second disk as a passthrough disk, so as to have one disk with MBR and one with GPT. (Unfortunately, OpenBSD still doesn't boot in EFI mode on this server, only BIOS mode [1]. FreeBSD and Linux do work fine with EFI.) Right now it shows a degraded RAID-1 volume plus the passthrough disk. Obviously I plan to make a normal healthy RAID-1 before going live with it. After building a new kernel with the patch, I now have a new 'mfii0' entry in hw.sensors: hw.sensors.cpu0.temp0=26.00 degC hw.sensors.mfii0.drive0=degraded (sd0), WARNING hw.sensors.pchtemp0.temp0=26.50 degC hw.sensors.sdtemp0.temp0=25.62 degC hw.sensors.sdtemp1.temp0=26.25 degC (sdtemp was already working previously) Also bioctl works too, at least for reading status (haven't tried modifying the array): === bioctl sd0 output BEFORE sd0: , serial 007bbdf6cecf3d461e5c56708741 AFTER (bioctl -v) Volume Status Size Device mfii0 0 Degraded 499558383616 sd0 RAID1 WT 0 Failed 0 0:0.0 noencl <> 'unknown serial' 1 Online 500107862016 0:1.0 noencl 'unknown serial' Not sure about the 'unknown serial', but otherwise looks correct. Nice work! Sorry I don't have a card with cache (e.g. H730) to test on, but I haven't hit any problems with my H330 yet. -Andrew [1] https://marc.info/?l=openbsd-misc=146343624320665=2 With more recent kernels, the numbers on the "entry point" line are different, but the UEFI boot problem otherwise remains the same -- video corruption, followed by a reboot 10-15 seconds later. I just discovered that serial console support has recently been added to the UEFI bootloader, so I hopefully I'll be able to see boot messages from after the video goes wonky, and submit a more useful bug report. dmesg: OpenBSD 6.1 (GENERIC.MP) #1: Fri Jul 28 12:51:53 CDT 2017 andrew@obsd-r230:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8395776000
Re: OpenBSD 6.1 installation, on dedicated server, using qemu not working.
On Tuesday, 25 July 2017 21:30:08 CEST Mxher wrote: > I'm renting a dedicated server from a web host that unfortunately does > not propose OpenBSD installation. > > So I'm installing OpenBSD using qemu from my host rescue mode (which use > FreeBSD). > > > Usually it works like a charm but this time, on this server/hardware, it > does not work: OpenBSD does not seem to start at all. > Indeed when I boot with qemu I do not see any logs of the "normal" boot > of the server (I only see qemu's boots in the logs). Maybe I misunderstand what you are trying to do, but: There is sgabios for redirecting vga text output to serial console in qemu. Maybe that could help somehow? Or try using VNC console in qemu. Are you seeing the openbsd bootloader prompt? Are you then setting the console correctly in the openbsd bootloader?
Re: Some questions about vmm and xorg
On Thu, Jul 27, 2017 at 12:14:58PM -0400, Josh Grosse wrote: > On 2017-07-27 11:30, G wrote: > > Hello. > > > > Some questions about vmm > > Does vmm (on openbsd current) support running xorg? > > I'll restate this question, because the X11 Windows System uses a > client/server model, > and X.Org software includes both clients and servers. > >* X11 Clients are the graphical applications. >* X11 Servers are the X display devices. > > So, "What part of the X11 Windows System is available for vmm(4) guests" is > a better question, > and one that I can answer. > > X client applications works fine from within a vmm(4) guest, as they do from > any server that > does not have a graphics display. The typical communication path between > the application > and a workstation display (the X Server) is with ssh(1) X11 Forwarding. See > sshd_config(5), > ssh_config(5), and ssh(1) man pages for details. > > If a user wanted to operate a window manager for the vmm() guest and its > various X clients, > Xephyr(1) or Xnest(1) are both available. > Yes, this sums it up best. Thanks Josh. -ml
Re: WARNING: SPL NOT LOWERED ON SYSCALL 247 4 EXIT
Missing ddb output login: WARNING: SPL NOT LOWERED ON SYSCALL 247 4 EXIT cac955c0 7 Stopped at Xsyscall+0x1d5: movl$0,%gs:0x4e0 ddb{1}> trace Xsyscall(10,39c19950,8bdd17c2b1f,0,0,7f7ea290) at Xsyscall+0x1d5 (null)(4838907c6d12efb3,0,0,39c19950,7,14) at 0x8badb32c2e1 (null)(8bdacaff560,e00,8bcef368000,,8bd10d5df00,4838907c6d12efb3) at 0x 8badb319ff1 (null)(8bcef368000,8bdacaff560,0,7f7ec898,8bdacf0a400,4838907c6d12efb3) at 0 x8badb31428b (null)(8bdacf0a400,7f7ec898,0,0,0,4838907c6d12efb3) at 0x8badb30d332 (null)(7f7ec9a8,20,7f7ea890,7f7ec8a8,de,8bdacaff560) at 0x8badb30ca 0c (null)(8bdacb08008,8bdc38f6048,8bdbed7d800,0,8bdacb02680,4838907c6d12efb3) at 0 x8badb3199df (null)(8bdacaffaf8,0,8badb32b0d0,8badb5542e0,8bdacaffed0,a3470c94a0c437c8) at 0 x8bdc36f00c5 (null)(1,8bd24511a00,8bdacaffaf8,1,8badb5542e0,8badb30bd20) at 0x8badb32b470 (null)(0,8bdacaffaf8,7f7ece68,8badb443ce8,8bdacaff560,3fffecdc0) at 0x8badb 32a649 (null)(8bd23e12000,1,0,7f7ece60,7f7ece68,7f7f) at 0x8badb30b390 (null)(0,0,0,8badb3016d0,8badb301724,7f7ece50) at 0x8badb301724 end trace frame: 0x0, count: -12 ddb{1}> ps PID TID PPIDUID S FLAGS WAIT COMMAND * 6690 113501 57458101 70x100010iked 33909 217600 57458101 30x100090 kqreadiked 98657 464368 57458101 30x100090 kqreadiked 57458 23862 1 0 30x100080 kqreadiked 80374 433789 1 0 30x100083 ttyin getty 41088 461912 1 0 30x100083 ttyin getty 12954 103774 1 0 30x100083 ttyin getty 66593 116200 1 0 30x100083 ttyin getty 30307 450950 1 0 30x100083 ttyin getty 56065 390750 1 0 30x100083 ttyin ksh 58110 518795 1 0 30x100098 poll cron 16087 148757 10438623 30x90 selectzabbix_agentd 68780 499447 10438623 30x90 selectzabbix_agentd 46506 252538 10438623 30x90 netconzabbix_agentd 46996 341834 10438623 30x90 nanosleep zabbix_agentd 10438 368812 1623 30x90 wait zabbix_agentd 31606 309210 32726 73 20x100090syslogd 32726 475499 1 0 30x100082 netio syslogd 23137 451822 16538 95 30x100092 kqreadsmtpd 31341 310118 16538103 30x100092 kqreadsmtpd 27554 52977 16538 95 30x100092 kqreadsmtpd 66593 116200 1 0 30x100083 ttyin getty 30307 450950 1 0 30x100083 ttyin getty 56065 390750 1 0 30x100083 ttyin ksh 58110 518795 1 0 30x100098 poll cron 16087 148757 10438623 30x90 selectzabbix_agentd 68780 499447 10438623 30x90 selectzabbix_agentd 46506 252538 10438623 30x90 netconzabbix_agentd 46996 341834 10438623 30x90 nanosleep zabbix_agentd 10438 368812 1623 30x90 wait zabbix_agentd 31606 309210 32726 73 20x100090syslogd 32726 475499 1 0 30x100082 netio syslogd 23137 451822 16538 95 30x100092 kqreadsmtpd 31341 310118 16538103 30x100092 kqreadsmtpd 27554 52977 16538 95 30x100092 kqreadsmtpd 61151 42742 16538 95 30x100092 kqreadsmtpd 76837 514289 16538 95 30x100092 kqreadsmtpd 56326 422664 16538 95 30x100092 kqreadsmtpd 16538 451980 1 0 30x100080 kqreadsmtpd 59776 96117 1 0 30x80 selectsshd 29235 301319 1 0 30x80 selectsshd 23862 252384 1 0 30x80 selectsshd 41181 72471 54129 83 30x100092 poll ntpd 54129 184540 57820 83 30x100092 poll ntpd 57820 171617 1 0 30x100080 poll ntpd 96702 170303 1 99 30x100090 poll sndiod 95618 262535 1110 30x100090 poll sndiod 89364 141746 18299 74 30x100090 bpf pflogd 18299 473190 1 0 30x80 netio pflogd 66234 425338 14436115 30x100092 kqreadslaacd 1704 241666 14436115 30x100092 kqreadslaacd 14436 390336 1 0 30x80 kqreadslaacd 36268 413023 1 0 30x80 mfsidlmount_mfs 71953 316048 0 0 3 0x14200 pgzerozerothread 29281 385683 0 0 3 0x14200 aiodoned aiodoned 36988 92261 0 0 3 0x14200 syncerupdate 10232 81380 0 0
Re: IPv6 autoconf
On Thu, Jul 27, 2017 at 05:41:48PM -0700, Thomas Smith wrote: > Hi, > > My ISP (Cox) supports IPv6 and I have this working on a MikroTik > router--it pulls an address and prefix, creates a default route, > creates an address pool for internal clients, etc. > > I've been working to configure a similar setup in OpenBSD 6.1 but I've > been unable to even get the outside interface to pull an IPv6 address > from Cox (IPv4 is working properly). > > I???ve tried both `inet6 autoconf` and `rtsol` in > /etc/hostname.em0--both have worked in other IPv6 environments I???ve > run OpenBSD in, but neither are working in this context. > > Can anyone advise on this please? Make sure that you're allowing the correct ICMP packets through pf. I've banged my head on that part of IPv6 too many times. Here's what I've found I have had to add in /etc/pf.conf: icmp6_types = "{ echoreq, routersol, routeradv, neighbrsol, \ neighbradv, redir }" # allow multicast ICMP so IPv6 works right pass in quick on egress inet6 proto ipv6-icmp from any to \ { ( egress ), ff02::1/16 } icmp6-type $icmp6_types There's a bunch of neighbor-finding chatter that occurs on IPv6, so my typical iron-fisted traffic blocking was causing IPv6 to not work at all. Also, I know that when I used to have Comcast I had to specifically request a /60 and tell Comcast that I wanted to be a router instead of a client. I believe DHCPD accomplished this, although someone with a less foggy memory should double-check that. -- To find a friend one must close one eye; to keep him -- two. -- Norman Douglas
Re: Split zone DNS?
On 28 July 2017, Steve Williamswrote: > Hi, > > I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD > versions over 10 years) fine tune my home network. > > I would like to run a local resolver on my internal network that will > resolve all my hosts on my local network to IP addresses on my local > network(s) rather than resolving to their public IP addresses. > > I believe it's called a "split zone" DNS, where my domain is resolved > locally, but everyone else is resolved using normal resolution processes. > > I set this up at one of my previous jobs using BIND, but that was 7 years > ago. I've never gone to the trouble of doing it at home, but I would like > to exercise my brain a bit as well as having my home network set up > "better". > > What is the best tool to accomplish this these days? Is NSD the "modern" > tool to be using on OpenBSD? > > Are there any hooks for dhcpd to update records? > > I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way to > go, but I thought I'd check the wisdom here to see if there is a better > approach. unbound(8) probably does exactly what you want. It's mainly a recursive resoler, but it can also answer authoritatively for "local" zones, or simply override addresses for given hosts (think anti-spam). Unless you also want to answer queries for your domain comming from the Internet, you don't need a separate authoritative server. Regards, Liviu Daia
Re: Split zone DNS?
Hi, In large scenarios, they might have an advantage in having the same domain inside and outside, which is when accessing services behind NAT addresses, you can serve the private address internally. In that way, you do not need to go to firewall and back to the private network to translate that NAT. Regards On 28 July 2017 at 15:23, Claerwrote: > On Fri, Jul 28 2017 at 58:07, Steve Williams wrote: > > Hi, > Hello, > > > I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD > > versions over 10 years) fine tune my home network. > > > > I would like to run a local resolver on my internal network that will > > resolve all my hosts on my local network to IP addresses on my local > > network(s) rather than resolving to their public IP addresses. > > > > I believe it's called a "split zone" DNS, where my domain is resolved > > locally, but everyone else is resolved using normal resolution processes. > > > > I set this up at one of my previous jobs using BIND, but that was 7 years > > ago. I've never gone to the trouble of doing it at home, but I would > like > > to exercise my brain a bit as well as having my home network set up > > "better". > > > > What is the best tool to accomplish this these days? Is NSD the "modern" > > tool to be using on OpenBSD? > I went for nsd for external domain informations and Unbound for local > cache and local resolutions override. > > bind was a DNS resolver and a forwarder at the same time. If you want > both options, you need to setup NSD and Unbound. > > Unbound alone can do the trick for few records, but I found it easier to > have a dedicated resolver in case I wanted to sync zones with a slave. > > > Are there any hooks for dhcpd to update records? > Dunno, I use static MAC - IP mapping. > > > I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way > to > > go, but I thought I'd check the wisdom here to see if there is a better > > approach. > As said, just pay attention that nsd is a resolver only. > > > Thanks, > > Steve Williams > > Nowadays, I try to avoid using the same domain for internal and > external. From my ops point of view, having a domain.local and a > domain.ext is easier to maintain. > > > Regards, > > Claer > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Split zone DNS?
On Fri, Jul 28 2017 at 58:07, Steve Williams wrote: > Hi, Hello, > I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD > versions over 10 years) fine tune my home network. > > I would like to run a local resolver on my internal network that will > resolve all my hosts on my local network to IP addresses on my local > network(s) rather than resolving to their public IP addresses. > > I believe it's called a "split zone" DNS, where my domain is resolved > locally, but everyone else is resolved using normal resolution processes. > > I set this up at one of my previous jobs using BIND, but that was 7 years > ago. I've never gone to the trouble of doing it at home, but I would like > to exercise my brain a bit as well as having my home network set up > "better". > > What is the best tool to accomplish this these days? Is NSD the "modern" > tool to be using on OpenBSD? I went for nsd for external domain informations and Unbound for local cache and local resolutions override. bind was a DNS resolver and a forwarder at the same time. If you want both options, you need to setup NSD and Unbound. Unbound alone can do the trick for few records, but I found it easier to have a dedicated resolver in case I wanted to sync zones with a slave. > Are there any hooks for dhcpd to update records? Dunno, I use static MAC - IP mapping. > I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way to > go, but I thought I'd check the wisdom here to see if there is a better > approach. As said, just pay attention that nsd is a resolver only. > Thanks, > Steve Williams Nowadays, I try to avoid using the same domain for internal and external. From my ops point of view, having a domain.local and a domain.ext is easier to maintain. Regards, Claer
Re: reordering libs failed - cannot find -lcompiler_rt
missed dmesg OpenBSD 6.1-current (GENERIC.MP) #0: Fri Jul 28 10:10:38 CEST 2017 m...@aquila.paccotec.de:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4236161024 (4039MB) avail mem = 4101410816 (3911MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec170 (79 entries) bios0: vendor American Megatrends Inc. version "3.0" date 04/24/2015 bios0: Supermicro X10SLM-F acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT SSDT SSDT MCFG PRAD HPET SSDT SSDT SPMI EINJ ERST HEST BERT acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP05(S4) GLAN(S4) EHC1(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU G1840 @ 2.80GHz, 2800.42 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG ,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2800424720 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) CPU G1840 @ 2.80GHz, 2800.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG ,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PEG0) acpiprt2 at acpi0: bus 2 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 3 (RP01) acpiprt5 at acpi0: bus 5 (RP02) acpiprt6 at acpi0: bus -1 (RP03) acpiprt7 at acpi0: bus 6 (RP05) acpiec0 at acpi0: not present acpicpu0 at acpi0: C2(350@117 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C2(350@117 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: FN00, resource for FAN0 acpipwrres4 at acpi0: FN01, resource for FAN1 acpipwrres5 at acpi0: FN02, resource for FAN2 acpipwrres6 at acpi0: FN03, resource for FAN3 acpipwrres7 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 105 degC acpitz1 at acpi0: critical temperature is 105 degC "INT3F0D" at acpi0 not configured "IPI0001" at acpi0 not configured acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD1F ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 2800 MHz: speeds: 2800, 2700, 2500, 2400, 2300, 2100, 2000, 1900, 1700, 1600, 1500, 1300, 1200, 1100, 900, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x06 ppb0 at pci0 dev 1 function 0 "Intel Core 4G PCIE" rev 0x06: msi pci1 at ppb0 bus 1 em0 at pci1 dev 0 function 0 "Intel I350" rev 0x01: msi, address a0:36:9f:78:11:ac em1 at pci1 dev 0 function 1 "Intel I350" rev 0x01: msi, address a0:36:9f:78:11:ad ppb1 at pci0 dev 1 function 1 "Intel Core 4G PCIE" rev 0x06: msi pci2 at ppb1 bus 2 em2 at pci2 dev 0 function 0 "Intel I350" rev 0x01: msi, address a0:36:9f:d2:cf:10 em3 at pci2 dev 0 function 1 "Intel I350" rev 0x01: msi, address a0:36:9f:d2:cf:11 xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x05: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 "Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured "Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 1 not configured em4 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x05: msi, address 0c:c4:7a:74:63:47 ehci0 at pci0 dev 26 function 0 "Intel 8 Series USB" rev 0x05: apic 8 int 16 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb2 at pci0 dev 28 function 0 "Intel 8 Series PCIE" rev 0xd5: msi pci3 at ppb2 bus 3 ppb3 at pci3 dev 0 function 0 "ASPEED Technology AST1150 PCI" rev 0x03 pci4 at ppb3 bus 4 vga1 at pci4 dev 0
reordering libs failed - cannot find -lcompiler_rt
Hi, after updating a two month old amd64 to -current today (base61, bsd.mp, bsd.rd only), i get the following warning while reordering libraries on boot. - starting network reordering libraries:/usr/bin/ld: cannot find -lcompiler_rt cc: error: linker command failed with exit code 1 (use -v to see invocation) install: libc.so.89.6: No such file or directory failed. starting early daemons: pflogdpflogd[15990]: [priv]: msg PRIV_OPEN_LOG received . - Also, right after starting "iked" the systems jumps into ddb: login: WARNING: SPL NOT LOWERED ON SYSCALL 247 4 EXIT 832a3900 7 Stopped at Xsyscall+0x1d5: movl$0,%gs:0x4e0 ddb{1}> _ I'll try to get trace and ps and report back. -- Mark Patruck ( mark at wrapped.cx ) GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51 http://www.wrapped.cx
Re: Need help securing SMTP (thunderbird says it's not encrypted)
On 27.07.17 15:56, Paul Covello wrote: I have an OpenBSD 6.1 box set up with OpenSMTPD and Dovecot on Vultr (a VPS provider). This machine is intended for use as my primary mail server. I have a Let’s Encrypt certificate installed and declared in the smtpd.conf file like so: I can send and receive mail ok using Apple Mail on my mac. Thunderbird is another story… I am warned when I set up the account that SMTP is NOT encrypted. This has driven me batty all week. My Google-Foo fails me and reading through my Dovecot book and smtpd man pages have not enlightened me as to why this is not using TLS. When I telnet to the machine on port 587 and issue the EHLO command, STARTTLS does appear in the response. Also, OpenSMTPD shows when I type the help command. issuing a Mail command comes back with the response that STARTTLS must be done first. Can someone clue me in on what I might be missing? in thunderbird set Connection security to STARTTLS Thanks in advance for your help! — Paul.
Split zone DNS?
Hi, I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD versions over 10 years) fine tune my home network. I would like to run a local resolver on my internal network that will resolve all my hosts on my local network to IP addresses on my local network(s) rather than resolving to their public IP addresses. I believe it's called a "split zone" DNS, where my domain is resolved locally, but everyone else is resolved using normal resolution processes. I set this up at one of my previous jobs using BIND, but that was 7 years ago. I've never gone to the trouble of doing it at home, but I would like to exercise my brain a bit as well as having my home network set up "better". What is the best tool to accomplish this these days? Is NSD the "modern" tool to be using on OpenBSD? Are there any hooks for dhcpd to update records? I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way to go, but I thought I'd check the wisdom here to see if there is a better approach. Thanks, Steve Williams
Re: vmd on Proliant DL360p Gen8: panic
Hi, I was using i386 just because the CPU is Intel and I supposed i386 was the best option. Following your advice I reinstalled using amd64 and now I can start a virtual machine without errors! # vmctl status ID PID VCPUS MAXMEM CURMEM TTYOWNER NAME 1 22679 12.0G328M ttyp1 root host-vm # sysctl hw hw.machine=amd64 hw.model=Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz hw.ncpu=32 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=sd0:108f8ec8aca76ac8 hw.diskcount=1 hw.sensors.cpu0.temp0=31.00 degC hw.sensors.acpitz0.temp0=8.30 degC (zone temperature) hw.sensors.ciss0.drive0=online (sd0), OK hw.cpuspeed=2594 hw.setperf=100 hw.vendor=HP hw.product=ProLiant DL360p Gen8 hw.serialno=CZJ448063M hw.uuid=36353430-3831-435a-4a34-34383036334d hw.physmem=17127092224 hw.usermem=17126952960 hw.ncpufound=32 hw.allowpowerdown=1 hw.perfpolicy=manual The rest of the problems remain. I tried to tweak PCI parameters from BIOS but there are not very much to change there. I have same timeouts on pciide0:0:0 device so cd0 device is not available. I guess it should be detected on atapiscsi0, but atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets pciide0:0:0: device timeout, c_bcount=0, c_skip=0, status=0x58, ireason=0x1 [...repeated...] atapiscsi0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 Also same memory conflicts on pci15-bus32 32:4:0: mem address conflict 0xfbff/0x4000 32:4:1: mem address conflict 0xfbfe/0x4000 32:4:2: mem address conflict 0xfbfd/0x4000 32:4:3: mem address conflict 0xfbfc/0x4000 32:4:4: mem address conflict 0xfbfb/0x4000 32:4:5: mem address conflict 0xfbfa/0x4000 32:4:6: mem address conflict 0xfbf9/0x4000 32:4:7: mem address conflict 0xfbf8/0x4000 32:5:4: mem address conflict 0xfbf7/0x1000 According to pcidump these mem conflicts correspond to this not-configured devices: # pcidump Domain /dev/pci0: [...] 32:4:0: Intel E5 v2 I/OAT 32:4:1: Intel E5 v2 I/OAT 32:4:2: Intel E5 v2 I/OAT 32:4:3: Intel E5 v2 I/OAT 32:4:4: Intel E5 v2 I/OAT 32:4:5: Intel E5 v2 I/OAT 32:4:6: Intel E5 v2 I/OAT 32:4:7: Intel E5 v2 I/OAT 32:5:0: Intel E5 v2 Address Map 32:5:2: Intel E5 v2 IIO RAS 32:5:4: Intel E5 v2 I/O APIC The good news is that at least dmesg now shows complete: OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr 1 13:45:56 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17127092224 (16333MB) avail mem = 16603348992 (15834MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xbfbdb000 (180 entries) bios0: vendor HP version "P71" date 08/02/2014 bios0: HP ProLiant DL360p Gen8 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST DMAR PCCT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PCI0(S5) IPT1(S5) IPT2(S5) IPT3(S5) IPT4(S5) IPT5(S5) IPT6(S5) IPT7(S5) IPT8(S5) PCI1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xc000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz, 2594.16 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2594161500 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz, 2593.75 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz, 2593.75 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU
A survey of BSD kernel vulnerabilities (DEF CON) [pdf]
Hello, just a FYI: - https://news.ycombinator.com/item?id=14870124 https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf PDF Creation Date: 2017. 07. 16., 13:58:56 The maintainers of various BSDs should talk more among each other •Several bugs in one were fixed in the other •OpenBSD expired proc pointer in midiioctl() fixed in NetBSD -