Re: Question about enabling a few services.
by Craig White
On Sat, 2008-12-13 at 18:28 -0500, Steven W. Orr wrote:
> The following are disabled on my system and my stoopid question of the day
> is whether they should be enabled or not. (Obviously I'm not sure what to
> tell you to make much of a comment, but I'm hoping that maybe some of them
> are just plain innocuous and should be enabled for everyone.)
>
> * dnsmasq (Will this speed me up?)
----
no
----
> * multipathd (No idea)
----
no - for multipath (fibre channel storage)
----
> * netconsole (I'm guessing no because there is not remote syslogd
> accessing my box)
----
never looked at it but no, I wouldn't enable
----
> * Should I be enabling both network and NetworkManager or should I only
> have one or the other. Currenty they're both on. Two NICS, one dhcp to my
> cable modem and the other with a hard address to another 'puter.
----
should be ok though I would probably just use 'network' - I hate to
recommend to you to fix something that isn't broken. 'network' could
handle the dhcp connection to the cable modem but you would have to
tinker...just to shut off network manager.
----
> * pcscd (I don't have a PC/SC lite and Musclecard frameworks that I know
> of)
----
no
----
> * psacct (Is this good to have?)
----
don't know - I don't use it
----
> * smolt (Same thing. Is this A Good Thing?)
----
I think that reports information back to Fedora - your call
----
> * squid (Would this somehow speed up my browser?)
----
might be more trouble than it's worth but it does cache stuff
----
> I come from the old school that says to disable everything you don't need,
> but I'm not sure what these things do.
----
I think that the general idea is to leave stuff alone unless it starts
to make sense to use/configure it.
Craig
15 years, 4 months
Question about enabling a few services.
by Steven W. Orr
The following are disabled on my system and my stoopid question of the day
is whether they should be enabled or not. (Obviously I'm not sure what to
tell you to make much of a comment, but I'm hoping that maybe some of them
are just plain innocuous and should be enabled for everyone.)
* dnsmasq (Will this speed me up?)
* multipathd (No idea)
* netconsole (I'm guessing no because there is not remote syslogd
accessing my box)
* Should I be enabling both network and NetworkManager or should I only
have one or the other. Currenty they're both on. Two NICS, one dhcp to my
cable modem and the other with a hard address to another 'puter.
* pcscd (I don't have a PC/SC lite and Musclecard frameworks that I know
of)
* psacct (Is this good to have?)
* smolt (Same thing. Is this A Good Thing?)
* squid (Would this somehow speed up my browser?)
I come from the old school that says to disable everything you don't need,
but I'm not sure what these things do.
TIA
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
15 years, 4 months
Re: cups failed last week, now amanda
by Gene Heskett
On Wednesday 10 December 2008, Dave Feustel wrote:
>On Wed, Dec 10, 2008 at 08:54:41AM -0500, Gene Heskett wrote:
>> And the cups update to fix a denial of service that yumex did last night,
>> now is a denial of service, my logs are drowning in:
>
>Can you add a rule to your firewall that drops all IP6 traffic?
I do not run a firewall between the boxes on my local net, which is behind a
dd-wrt install on an x86 box, the best kept secret firewall ever. So there
is not a fireall involved in the paths around here in any direction but the
internet, and certainly not between the server and client pieces of amanda
all running on the same machine.
The point being that I have not configured anything here to use the ipv6
addressing conventions. Not samba, not cups, and not amanda, so where is it
coming from and how to I turn it off.
Or, alternatively, since I use hosts files first, dnsmasq second (which I'm
not sure I understand yet) and all failed dns requests are delivered to the
box running dd-wrt, which in urn fwds them to the verizon servers it gets
assigned by PPPoE, how do I go about setting up valid, private addresses that
are the same as a 192.168.*.* address is for ipv4?
Hmm, dnsmasq is unk, lemme stop it. And start nscd in its place since it has
always worked. Nope, same error timeout, the amanda client cannot talk to
the amanda server, on the same machine.
Now I've made another discovery. I cannot disable the ipv6 address as shown in
an ifconfig report in ifcfg-eth0. I can edit it and change IPV6INIT from no
to yes and back to no, with a restart after every edit, and still an ipv6
address is being configured in both lo and eth0.
Is this:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.XX.XX coyote.coyote.den coyote
etc etc for the rest of my local network
A valid hosts file format for localhost? I had found the machines FQDN
included in the 127.0.0.1 aliases a few days ago, and since that is separate
from the address assigned to that machine.domain.name, I took it out. A
leftover from the FU8 install I assume, and one I'd consider to be more
breakage, according to the file, set by network manager, which I don't use.
Am I wrong, and I need to redefine the FQDN as an alias in the 127.0.0.1 line?
If thats the case, this is IMO, a security hole. What were they thinking?
Amanda has always considered that a no-no and refuses to do some things
because of it when it finds a dle defined as localhost instead of the FQDN or
a valid alias to that FQDN. It is one of the foundation stones designed to
prevent data theft by recovery on a machine that may not be the machine the
backup represents. Localhost can of course be any machine.
Plenty of unanswered questions above. Whats the best fix?
Thanks.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The best cure for insomnia is to get a lot of sleep.
-- W. C. Fields
15 years, 4 months
Re: Yum errors on rpmfusion in F10: Please help (SOLVED!)
by Dean S. Messing
This message, from Max Kanat-Alexander in a parallel thread, is the
fix to my and many other people's similar problem:
> On Tue, 02 Dec 2008 17:14:24 -0500 Jim <mickeyboa(a)sbcglobal.net> wrote:
> > [Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
> > Error: Cannot retrieve repository metadata (repomd.xml) for
> > repository: rpmfusion-free-updates. Please verify its path and try
> > again
>
> If you frequently get this but not always, you are experiencing
> this:
>
> http://www.fedorafaq.org/f10/#dns-slow
>
> -Max
This problem turns out to be a "slow response" DNS problem. The FAQ
contains a clear solution which worked immediately for me.
The FAQ entry also contains a pointer to _this bug_:
https://bugzilla.redhat.com/show_bug.cgi?id=459756
which has more than 70 comments, many of which are complaining about
why this bug has so far not been fixed. For many, this bug is
rendering F10 useless. Indeed Chris Terpak (comment 71 in the bug
report) says it very well:
I pulled my hair out trying to find this. IMHO, this bug is not a
'medium' priority - it makes F10 useless. I disagree that users should
have to go and try and find downstream software that uses glibc when
it is glibc that changed (and I read every entry in this
thread). F6,7,8,9 were all fine on the exact same hardware.
This should be critical priority not medium. Forcing a user to install
BIND or DNSMASQ as a work around is utter nonsense.
I couldn't agree more.
Dean
15 years, 4 months
Re: Help with DNS hell
by Janez Košmrlj
Jim wrote:
> Janez Košmrlj wrote:
>> Jim wrote:
>>> Max Kanat-Alexander wrote:
>>>>
>>>> The simplest workaround is these instructions:
>>>>
>>>> http://www.fedorafaq.org/f10/#dns-slow
>>>>
>>>> They are working perfectly well for me.
>>>>
>>>> -Max
>>>>
>>> Max is right, And I second that.
>>>
>>> Jim
>>>
>> Hi,
>> I tried the workaround mentioned on fedorafaq.org on my sisters
>> laptop but dns queries still don't work. I also tried the firefox
>> ipv6 setting and it also doesn't work.
>> I run fedora 10 with all the latest patches.
>>
>> Everything worked perfectly last week when I installed fedora10.
>>
>> Janez
>>
> Did you check in Services if you dnsmasq is running. And restart your
> computer
>
Dnsmasq is running
I restarted the computer
and in /etc/resolv.conf the first line is 127.0.0.1 so it should be
configured correctly.
is there some special option in dnsmasq.conf that I should check
15 years, 4 months
Re: Help with DNS hell
by Jim
Janez Košmrlj wrote:
> Jim wrote:
>> Max Kanat-Alexander wrote:
>>> On Thu, 4 Dec 2008 12:32:47 -0200 "Andre Costa" <blueser(a)gmail.com>
>>> wrote:
>>>
>>>> I'm having a *real* hard time trying to use F10 due to DNS problems [
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=459756]
>>>>
>>>
>>> The simplest workaround is these instructions:
>>>
>>> http://www.fedorafaq.org/f10/#dns-slow
>>>
>>> They are working perfectly well for me.
>>>
>>> -Max
>>>
>> Max is right, And I second that.
>>
>> Jim
>>
> Hi,
> I tried the workaround mentioned on fedorafaq.org on my sisters laptop
> but dns queries still don't work. I also tried the firefox ipv6
> setting and it also doesn't work.
> I run fedora 10 with all the latest patches.
>
> Everything worked perfectly last week when I installed fedora10.
>
> Janez
>
Did you check in Services if you dnsmasq is running. And restart your
computer
15 years, 4 months
Re: Help with DNS hell
by Mike Chambers
On Thu, 2008-12-04 at 12:32 -0200, Andre Costa wrote:
> Hi,
>
> I'm having a *real* hard time trying to use F10 due to DNS problems
> [https://bugzilla.redhat.com/show_bug.cgi?id=459756] (not to mention
> NetworkManager being unable to manage static IPs and s-c-n screwing
> network mask configuration[*]). As if that was enough, I can't seem to
> be able to configure a local DNS cache using dnsmasq, for some unknown
> reason (I've tried lots of workarounds trying to get me out of this
> DNS hell, so it's probably partially -- or totally -- my fault).
I have NM with static IP working just fine. Using the GUI may or may
not be causing the problems (as in, not writting to correct files or not
getting it correct or whatever), but you can try to get around it or
using a little simpler way to help? Try running
"system-config-network-tui" and that should write the correct info. Then
edit /etc/sysconfig/network-scripts/ifcfg-eth0 (or whatever your using)
and make sure your IP, netmask, gateway, etc stuff is correct. You also
need your DNS info in there as well so NM can pick it up. If using NM,
it overwrites resolv.conf when it starts/stops, so no use editing
resolv.conf manually.
Here is a sample of mine with minimal stuff that works if it helps..
[mike@scrappy ~]$ more /etc/sysconfig/network-scripts/ifcfg-eth0
# nVidia Corporation MCP61 Ethernet
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
DNS1=192.168.1.2
GATEWAY=192.168.1.1
HWADDR=00:1b:fc:5e:53:18
IPADDR=192.168.1.3
NETMASK=255.255.255.0
ONBOOT=yes
SEARCH="miketc.net"
--
Mike Chambers
Fedora Project - Ambassador, Bug Zapper, Tester, User, etc..
mikec302(a)fedoraproject.org
15 years, 4 months
Re: Help with DNS hell
by Andre Costa
Hi Tom,
On Thu, Dec 4, 2008 at 13:12, Tom Horsley <tom.horsley(a)att.net> wrote:
> On Thu, 4 Dec 2008 12:32:47 -0200
> Andre Costa wrote:
>
> > Anyone knows what could cause this specific behavior? Any help will be
> much
> > appreciated. Let me know if you need additional info.
>
> The absolute simplest way to get things running again is to install
> "bind" from the installation media (if it isn't already there), don't
> configure it at all, but just go ahead and start the "named" service
> it will install. This will get you a local DNS server that talks
> directly to the root DNS servers, bypassing your ISP's DNS servers
> completely. Then point your /etc/resolv.conf file to "nameserver 127.0.0.1
> "
> and you should be working well enough to get to sites where you can learn
> how to config bind as a caching server instead, like these:
>
> http://www.redhatmagazine.com/2006/11/16/how-to-set-up-a-home-dns-server/
> http://www.redhat.com/magazine/026dec06/features/dns/
>
> You moght also need to add the line
>
> OPTIONS="-4"
>
> to the /etc/sysconfig/named file to tell it only do IPv4 names.
>
Thks for the info, I didn't know that the default setup was already suited
for caching purposes. Still, no luck here =( I did all you said above, and
when do eg. 'dig www.mozilla.com' it sents out lots of queries to the root
servers (I guess) but receives no response, and then named replies with
"server failure". I really don't get what's going on.
What's really strange is why queries relayed by a local nameserver (dnsmasq
or named) don't get any result, while "plain" queries do.
Something else that's weird: 'hosts' on /etc/nsswitch.conf was set like
hosts: files mdns4_minimal [NOTFOUND=return] dns
Is this right?!
I changed it to:
hosts: files dns
But things didn't get any better...
Still stuck. Damn it =/ Thks anyway for your help. Any additional ideas?
Regards,
Andre
15 years, 4 months
Re: Help with DNS hell
by Todd Zullinger
Tom Horsley wrote:
> The absolute simplest way to get things running again is to install
> "bind" from the installation media (if it isn't already there),
> don't configure it at all, but just go ahead and start the "named"
> service it will install. This will get you a local DNS server that
> talks directly to the root DNS servers, bypassing your ISP's DNS
> servers completely. Then point your /etc/resolv.conf file to
> "nameserver 127.0.0.1" and you should be working well enough to get
> to sites where you can learn how to config bind as a caching server
> instead, like these:
The default bind install should behave as a caching only server. Does
it not do so? (I haven't tested it, I have a proper nameserver
already setup on my local network.)
Another option is the dnsmasq package. It should be simpler and
smaller (resource wise) than bind.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I'm not concerned about all hell breaking loose, but that a PART of
hell will break loose... it'll be much harder to detect.
-- George Carlin
15 years, 4 months
Help with DNS hell
by Andre Costa
Hi,
I'm having a *real* hard time trying to use F10 due to DNS problems [
https://bugzilla.redhat.com/show_bug.cgi?id=459756] (not to mention
NetworkManager being unable to manage static IPs and s-c-n screwing network
mask configuration[*]). As if that was enough, I can't seem to be able to
configure a local DNS cache using dnsmasq, for some unknown reason (I've
tried lots of workarounds trying to get me out of this DNS hell, so it's
probably partially -- or totally -- my fault).
[*] there are so many network configuration problems with F10 that it almost
seems it's been designed for offline use... ;-)
So, I'll sum it all up here, hoping someone can help me.
I disabled ipv6 by putting
alias ipv6 off
alias net-pf-10 off
on my modprobe.conf
I installed 'named' so that I could have a IPv4-only local DNS cache, but
its configuration is not as easy as dnsmasq's, so I installed this one (I've
been using dnsmasq since F8, no problems whatsoever). I then removed bind
(only bind-libs and bind-utils remain).
Since dnmasq doesn't have an option like '-4' for named, I rebuilt it from
SRPM passing COPTS=-DNO_IPV6 so that I could turn off IPv6 support.
Apparently, it worked:
Dec 4 09:53:12 localhost dnsmasq[5677]: compile time options: no-IPv6
GNU-getopt no-ISC-leasefile DBus no-I18N TFTP
I also enabled port 53 on s-c-f (is this really necessary considering
requests will come from localhost only?)
What happens now is: if I change /etc/resolv.conf to only point to
127.0.0.1(dnsmasq), I get no name resolution at all. Monitoring with
wireshark shows
me queries get to dnsmasq and it correctly forwards them to external DNS
servers. However, replies apparently never come back. *But*, if I remove
127.0.0.1 from /etc/resolv.conf and put external DNS IPs, queries go out and
replies come in as expected.
Anyone knows what could cause this specific behavior? Any help will be much
appreciated. Let me know if you need additional info.
Regards,
Andre
15 years, 4 months