Centroid.EU Blog

(this blog is mostly encrypted - adults only)

Random Hackepedia

March 5th, 2010

The RH for this week is Sed.

0 comments

Today I woke up to proteus.solarscale.de not pinging anymore. The downtime was around 3.5 hours as the provider that I use did some repairs on the main server that proteus is a vm guest on. In that time I updated the DNS table for solarscale and added uranus.centroid.eu as a mailserver. It would have worked getting _some_ mail because the TTL on the zone is 86400 and I mainly just get mailing lists. Unfortunately it turns out that the OpenSMTPD that I use doesn't recognize aliases (bug) and returned mail with a 530 message. No mail was really lost as the remote mailservers attempt to deliver again but it was annoying. I sent gilles@ an email explaining the error message that I got, perhaps he can get a fix in before the OpenBSD 4.7 release.

PS: oh yeah proteus had an uptime of 410 days before this mishap.

0 comments

Wildcarddns does global load balancing

March 2nd, 2010

Well I finally got around to wildcarddnsd again and trashed all stuff I wrote for it. That was yesterday. I was able to hack up some new stuff that uses a sort of firewall ruleset to determine where a nameserver comes from and then serve based on that information to which server the request should go. I got it running in beta (centroid.eu) watch closely.

The following is a ping from proteus (germany) to centroid.eu, the IP it gives is proteus itself (also germany).

pjp@proteus:~/blog> ping -c 1 centroid.eu
PING centroid.eu (62.75.160.180) 56(84) bytes of data.
64 bytes from proteus.solarscale.de (62.75.160.180): icmp_seq=1 ttl=64 time=0.06
3 ms

--- centroid.eu ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.063/0.063/0.063/0.000 ms

The next is a ping from dione (panama) to centroid.eu. The IP it gives is dione itself, similar to the above ping:

goldflipper% ping -c 1 centroid.eu
PING centroid.eu (200.46.208.61): 56 data bytes
64 bytes from 200.46.208.61: icmp_seq=0 ttl=64 time=0.027 ms

--- centroid.eu ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.027/0.027/0.027/0.000 ms

Now there has been a few ethical debates whether DNS should "lie" or not and I think in favour of loadbalancing it should lie and tell an IP that's closest to the client. This is still in beta and I'm watching it closely and then I'll merge it into HEAD.

PS: I've balanced it in such a way that IP's comeing from RIPE and APNIC go to the server in Germany, and ARIN and LACNIC go to the server in Panama. I haven't dealt with the other regions yet, they may get defaulted to LACNIC.

0 comments

The Hunter and his dog

February 27th, 2010

Yesterday I was able to see the starsky again. I took these pictures of Sirius and Orion through the trees.

0 comments

Random Hackepedia

February 27th, 2010

The RH for this week is Integer.

0 comments

Modification to webserver

February 27th, 2010

Privacy just got a lot better when you visit this website. According to an article in the german magazine "C't magazin f�r Computer technik" (2010 Edition 5, page 154), the storage of IP data is illegal. Specifically the correlation between IP and access time. So what I've done is patch my webserver (lighttpd) accordingly to throw out the last last 2 octets from the dotted quad. I can now roughly see which region you're from in my logs but not who exactly you were, I'm not interested in that anyhow but if someone wants my logs it won't give them much.

Here is the patch:

--- mod_accesslog.c..orig       2010-02-27 17:31:49.000000000 +0100
+++ mod_accesslog.c     2010-02-27 17:38:01.000000000 +0100
@@ -742,8 +742,12 @@
                        case FORMAT_REMOTE_HOST:
 
                                /* handle inet_ntop cache */
+                               {
+                                       sock_addr myaddr = con->dst_addr;
+                                       myaddr.ipv4.sin_addr.s_addr &= 0x0000fff
f;
 
-                               buffer_append_string(b, inet_ntop_cache_get_ip(s
rv, &(con->dst_addr)));
+                                       buffer_append_string(b, inet_ntop_cache_
get_ip(srv, &myaddr));
+                               }
 
                                break;
                        case FORMAT_REMOTE_IDENT:

A typical log looks like this then:

66.230.0.0 solarscale.de - [27/Feb/2010:17:46:46 +0100] "HEAD /public/rfc2516nc.
mp3 HTTP/1.1" 200 0 "http://www.deezer.com" "Mozilla/4.0 (compatible; MSIE 6.0; 
Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

The other VPS I have in Panama I'm not going to do this patch because I'm unsure of what the legalities there are there. This should only affect the centroid.eu domain though and if you wish to read only from the german server use solarscale.de. Cheers!

0 comments

Random Hackepedia

February 19th, 2010

The RH for this week is Gingerale.

0 comments

The Internet Meltdown

February 18th, 2010

Yesterday I watched a Google Tech Talk on IPv6 and specifically what transition technologies exist today. The speaker basically thinks we'll have a meltdown near the end of 2011 but seemed very calm about it. I yahoo'ed for it and found this article as well. Over here I've got IPv6 connectivity but I'm wishing that my VPS would have it as well and I've asked about it repeatedly. Maybe by next year, I'm hoping, as being available in both IPv4 and IPv6 land is a must after we run out of addresses.

0 comments

OpenSMTPD bug (DoS) fixed

February 17th, 2010

Yesterday I found this bug with Mouring on IRC. Basically if you have a very long string for an email address the smtpd will quit with a truncation error in lowercase(). Gilles Chehade put in this fix, revision 1.99 of lka.c, this morning (it should be noted it's Gilles fix, we only identified the bug and wrote to him). Everyone should update to this version or their smtpd will cease working when the DoS comes around that came around to Mouring.

0 comments