/srv/irclogs.ubuntu.com/2014/09/20/#ubuntu-server.txt

=== gunner_genii is now known as genii
=== Eu is now known as Guest95210
halvors1	Hi!	00:39
halvors1	I have a setup with BIND9 and DHCPD and i'm trying to update reverse dns records from dhcp.	00:39
halvors1	But i get the following error on the DNS server: client 192.168.0.118#48065/key rndc-key: updating zone '10.IN-ADDR.ARPA/IN': update failed: not authoritative for update zone (NOTAUTH)	00:39
halvors1	And on the dhcp server: Unable to add reverse map from 135.40.0.10.in-addr.arpa to halvors02.crew.infected.no.: not found	00:40
halvors1	I have no idea why this doesn't work.	00:40
sarnold	why is a client on 192.168.x.x updating a record for 10.x.x.x?	00:40
halvors1	192.168.0.118 is the DHCP server and 192.168.0.116 is the DNS server. They just have communication via another network.	00:43
halvors1	And 10.x.x.x because dhcp relay :)	00:43
sarnold	okay, so something expected :)	00:44
halvors1	But i don't fully understand the NOAUTH.	00:44
teward	your bind9 server isn't set as authoritative for that zone	00:44
halvors1	Does it mean my rndc-key is bad? I've checked and it is excactly the same configuration as the forward zone.	00:45
halvors1	teward: How do i set it authorative?	00:45
sarnold	halvors1: this guide makes me think you can make it authoritative by adding "recursion no;	00:46
sarnold	"	00:46
sarnold	https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04	00:46
halvors1	sarnold: I don't get the: client 192.168.0.118#48065/key rndc-key: updating zone '10.IN-ADDR.ARPA/IN': update failed: not authoritative for update zone (NOTAUTH)	00:50
halvors1	Anymore, but i still get the: Unable to add reverse map from 135.40.0.10.in-addr.arpa to halvors02.crew.infected.no.: not found	00:51
halvors1	error	00:51
halvors1	What confuses me the most is the not found message reported by the dhcp server.	00:52
sarnold	halvors1: ooh, this looks useful: http://community.spiceworks.com/topic/174078-isc-dhcp-and-bind-doing-ddns	00:52
sarnold	halvors1: looks like you need to add another zone nnn.nnn.nnn.nn.in-addr.arpa { } block to your dhcpd config	00:53
halvors1	I have that zone in dhcpd already.	00:55
sarnold	do you need to reload the server to know about it? (sorry, but I've gotta ask :)	00:56
halvors1	huh? Of course i reloaded both bind and isc-dhcp-server	00:56
halvors1	:)	00:56
halvors1	Here is a dump of my dhcpd.conf file: http://pastebin.com/G6RKKNNr	00:56
sarnold	halvors1: hmm, looks rndc-key is still in the paste	00:59
halvors1	yep :P	01:01
halvors1	But it's just a lan dns server ;)	01:02
halvors1	hmm.	01:02
sarnold	halvors1: sorry, I'm not spotting it :(	01:02
halvors1	Basiclly it seems like the issue is that somehow bind is complaining about that zone doesn't exist...	01:03
halvors1	But cannot figure out why...	01:03
sarnold	halvors1: but the error is coming from dhcpd, right?	01:03
halvors1	yes	01:03
sarnold	halvors1: you could ltrace the thing, you might get lucky..	01:03
halvors1	I've tried manually with nsupdate	01:03
halvors1	http://pastebin.com/7M70ybeh	01:03
halvors1	ltrace?	01:04
sarnold	ltrace is like strace, but shows (some, but not all) function calls	01:04
halvors1	Here is my zone from bind btw: http://pastebin.com/6YSyQwv0	01:05
halvors1	Seems ok, right?	01:05
sarnold	halvors1: is that leading "0." alright?	01:05
=== markthomas is now known as markthomas\|away
halvors1	Is it just zone "40.0.10.in-addr.arpa" { you mean?	01:06
halvors1	Keep in mind that this is bind configuration not dhcpd.	01:06
sarnold	halvors1: yea, I just don't know bind all so well :)	01:07
halvors1	hmm.	01:07
halvors1	The zero seems to be correct.	01:08
sarnold	okay	01:08
halvors1	sarnold: hmm. I'm gonna need to continue looking at this tomorrow :) Thanks for help so far ;)	01:17
sarnold	halvors1: good luck :) I'd be curious to hear what it is when you find it	01:17
Patrickdk	:)	01:17
Patrickdk	the last time I used bind and dynamic updates like like 10years ago	01:18
Patrickdk	the zero is not correct :)	01:18
Patrickdk	the 0 would be a dns record (ptr) within the zone	01:19
Patrickdk	not the whole zone	01:19
halvors1	hmm.	01:19
halvors1	Are you sure?	01:19
Patrickdk	well, I haven't used bind since like 2005	01:19
Patrickdk	but I have been serving up zone entries since 1998	01:20
sarnold	this looks like no zero .. http://www.zytrax.com/books/dns/ch3/	01:20
Patrickdk	http://www.philchen.com/2007/04/04/configuring-reverse-dns	01:20
sarnold	Patrickdk: hrm, that includes the 0 :)	01:21
Patrickdk	no it doesn't	01:21
sarnold	zone "0.168.192.in-addr.arpa" IN {	01:21
sarnold	oh	01:21
Patrickdk	3 places	01:21
sarnold	sigh	01:21
Patrickdk	not 4 :)	01:21
sarnold	me fail reading	01:21
sarnold	that's unpossible!	01:21
Patrickdk	:)	01:21
Patrickdk	wait till you start learning about sub/24 ptr forwarding :)	01:21
Patrickdk	like when an isp needs to give you reverse for a smaller than /24 block :)	01:22
Patrickdk	or for that matter, anything not on a Class A/B/C boundry	01:22
halvors1	:)	01:22
halvors1	It is /24 subnets i'm gonna provide reverse dns for :)	01:23
Patrickdk	no, the end person, doesn't matter :)	01:23
Patrickdk	it can be too large, without sideeffects	01:23
Patrickdk	it's when you have to correctly forward that info, it gets interesting	01:23
Patrickdk	enough they wrote rfc's for it :)	01:24
halvors1	Ah, excellent.	01:25
halvors1	Now got it actually working over here :D	01:25
halvors1	Thank you very much all of you :)	01:26
halvors1	The problem was the 0.	01:26
sarnold	Patrickdk: nice :)	01:26
halvors1	My zone in bind now looks like: http://pastebin.com/yrvB0sRW	01:26
halvors1	agh, have to remember that for future installations :)	01:27
Patrickdk	hmm, I wonder if I can ban more ips now :)	01:28
Patrickdk	http://www.inmotionhosting.com/support/news/general/wp-login-brute-force-attack	01:29
Patrickdk	been having that issue	01:29
Patrickdk	not enough to really even be noticable	01:29
Patrickdk	but well, bruteforcing shouldn't be allowed	01:29
halvors1	YEah :)	01:30
sarnold	Patrickdk: heh, crazy, they don't include firewalling :/	01:33
Patrickdk	wouldn't that block the ability for people to use wordpress then? :)	01:33
Patrickdk	heh, makes me really happy though that I'm on debian/ubuntu	01:33
Patrickdk	apparmor is so much useable than selinux to lock down this crap	01:34
sarnold	Patrickdk: dropping packets from login-bruteforcers is unlikely to upset too many legitimate users :)	01:35
Patrickdk	sarnold, tell that to my users :)	01:35
Patrickdk	I had it dropping packets after 10 logins per minute	01:35
sarnold	Patrickdk: oh they try to log in as admin a few hundred times without the right passwords? :) hehe	01:35
Patrickdk	I dunno why users where hitting up the login page so often :)	01:35
sarnold	haha	01:35
Patrickdk	the other part that annoys me :)	01:36
Patrickdk	is the wordpress ajax script	01:36
Patrickdk	NORMAL users hit that up like 3 times a second	01:36
Patrickdk	that totally triggers all my anti-dos protection	01:36
sarnold	wow..	01:36
Patrickdk	where anti-dos is set for, same url, same ip, loads same thing, >100 times in 5min	01:37
Patrickdk	sounds reasonable? :)	01:37
sarnold	yup :)	01:39
=== maxb_ is now known as maxb
=== daker_ is now known as daker
=== the_ktosiek is now known as ktosiek
=== Lcawte\|Away is now known as Lcawte
punkgeek	how to install ssl on ubuntu?	13:11
=== a1berto_ is now known as a1berto
punkgeek	ListenAddress 192.168.1.2, 192.168.1.3 is it true in sshd_config ?	16:40
=== markthomas\|away is now known as markthomas
=== markthomas is now known as markthomas\|away
=== markthomas\|away is now known as markthomas
=== Ursinha is now known as Ursinha-afk
funman___	hi folks	18:07
funman___	who used those?	18:07
funman___	http://www.soyoustart.com/us/essential-servers/	18:07
funman___	??	18:21
Patrickdk	only you	18:22
funman___	??////??/	18:22
funman___	oki	18:22
funman___	Patrickdk: which one do u use?	18:22
Patrickdk	my own?	18:23
funman___	how?	18:23
funman___	its cost alot to colo	18:23
Patrickdk	place order, receive server, install software, buy datacenter, install into datacenter	18:23
funman___	eeee	18:24
funman___	buy datacentre?	18:24
funman___	u mean colo space?	18:24
Patrickdk	sure :)	18:24
Patrickdk	well, if your small	18:24
funman___	but I just want 1 server :P	18:24
funman___	hehe	18:24
Patrickdk	it's cheaper to own the datacenter	18:24
funman___	how come?	18:24
funman___	it cost millions	18:24
Patrickdk	and how much would it cost to rent a datacenter?	18:24
Patrickdk	atleast 4x that price	18:24
Patrickdk	why does everyone want to get bigger?	18:25
Patrickdk	cause you can save more money, when your larger	18:25
Patrickdk	till you become management heavy	18:25
funman___	I want to rent 1 to 2 boxes	18:25
Patrickdk	:)	18:25
funman___	surely cheaper to rent?	18:25
funman___	datashag got some cheap enough	18:26
Patrickdk	those are a strange collection of desktop machines	18:26
Patrickdk	that is why those are cheap	18:26
Patrickdk	it's just a normal desktop	18:27
Patrickdk	most of them don't even have ecc	18:27
Patrickdk	but it all depends on your requirements	18:27
funman___	i want it cheap	18:28
funman___	and big	18:28
funman___	::)	18:28
Patrickdk	what is big?	18:29
funman___	32 MB ram	18:29
=== Guest95210 is now known as knoxy
funman___	so you start also offers anti ddos	18:33
funman___	:D	18:33
funman___	for free	18:33
Patrickdk	there is no such thing as anti-ddos	18:33
funman___	they claim they offer it	18:34
Patrickdk	what they claim, and what it's called, are going be two totally different things	18:34
funman___	means site will stay online	18:34
funman___	how come?	18:34
Patrickdk	how can it stay online?	18:34
funman___	they absord extra BD	18:34
Patrickdk	extra bandwidth?	18:35
Patrickdk	what about your cpu? what about your server?	18:35
Patrickdk	and what about all those ligit clients attempting to access you?	18:35
Patrickdk	absorbing bandwidth costs != site is still usable	18:35
Patrickdk	just means you won't get a huge bill	18:35
Patrickdk	not that things will work	18:35
funman___	what about All OVH servers will benefit from automatic anti-DDoS mitigation by default in the event of an attack (reactive mitigation).	18:36
funman___	Anti-DDoS PRO Subscribing to professional use for your server enables access to permanent mitigation (the permanent settings) and configuration of the Firewall Network.	18:36
funman___	but how do they perma mitigate it?	18:36
Patrickdk	dunno :)	18:37
Patrickdk	how do they know a ddos from just normal usage?	18:37
Patrickdk	the first time your site goes vial, it will be considered a ddos	18:37
Patrickdk	at the moment you DONT want it to go down	18:37
funman___	I think thei offer tilera	18:38
funman___	instant scale of cpus cores	18:38
funman___	http://www.tilera.com/	18:38
funman___	i dont know how they do it but it works	18:40
funman___	my mate host site that is often ddosed with them	18:40
funman___	fine	18:40
funman___	herzner simply nulls IP	18:40
Patrickdk	see, I do it the other way	18:43
Patrickdk	I just have enough servers to not be ddos	18:43
Patrickdk	and will block on a needed bases to stop abuse	18:43
Patrickdk	but I don't want stuff to be blocked incase of a spike	18:44
funman___	well say u got 1 box	18:44
funman___	then its tricky	18:44
funman___	:D	18:44
funman___	do u also offer hosting?	18:44
funman___	:D	18:44
Patrickdk	not for a private server	18:45
funman___	for what then?	18:46
=== apb_ is now known as apb1963
=== Ursinha-afk is now known as Ursinha
blackdev1l	hello after i uninstalled nginx from my server i can't use the port 80, i stopped the service and rebooted, what am i missing?	20:50
funman___	hmm	20:50
funman___	apt-get purge	20:50
funman___	also u missing apache	20:50
funman___	or some webserver	20:50
funman___	to serve http on port 80	20:50
funman___	:D	20:50
funman___	or run ls	20:51
funman___	ls	20:51
funman___	or lsof -l	20:51
funman___	something like that	20:51
funman___	to see ports	20:51
blackdev1l	funman___, i'm using a node.js app, if i change port it works .	20:51
blackdev1l	something is blocking the port 80	20:51
blackdev1l	and other than nginx i can't thing other things	20:52
funman___	run some command to list all ips and ports	20:52
funman___	then u know for sure	20:52
blackdev1l	i did, nothing is runnign on 80	20:52
Patrickdk	heh? that seems hard to figure out	20:53
Patrickdk	why not just use, netstat -antp	20:53
funman___	netstat -lnptu	20:53
funman___	:D	20:53
blackdev1l	https://gist.github.com/blackdev1l/1ce488497280fca4d0da funman___ Patrickdk	20:56
blackdev1l	:(	20:56
Patrickdk	you are running it as root right?	20:56
blackdev1l	y	20:56
* Patrickdk has no idea what a single letter means, you can talk right?		20:57
funman___	w	20:57
blackdev1l	....it's not like you can't think what y mean while you type it on terminal uh?	20:57
funman___	w u s?	20:57
funman___	:D	20:58
blackdev1l	yes btw	20:58
Patrickdk	y? sounds like why? but could be short for yes? but then I don't even know what your thinking so who knows	20:59
Patrickdk	and I shouldn't have to FORCE myself to deciver your encryption	20:59
Patrickdk	that is taking free support, too far	21:00
blackdev1l	or maybe you can be just a little less pedantic and expect more a yes to a "yes/no" question	21:00
blackdev1l	but, whatever, thank you for the support	21:00
Patrickdk	I expect answers, not letters	21:00
Patrickdk	this is not a scantron test	21:00
blackdev1l	someone has an idea about my prior question ?	21:01
funman___	netstat -lnptu pastebin	21:03
blackdev1l	i did funman___	21:05
blackdev1l	https://gist.github.com/blackdev1l/1ce488497280fca4d0da funman___	21:05
blackdev1l	i know that something is blocking the 80 port because if i change to default one it just works	21:05
funman___	ok try reboot	21:06
funman___	:D	21:06
funman___	that can fix it	21:06
blackdev1l	i already did :( i'm so lost with this problem	21:07
Patrickdk	heh, there are only 3 possible things it could be :)	21:07
Patrickdk	and reboot is never an answer	21:07
funman___	it is	21:08
funman___	hehe	21:08
Patrickdk	if reboot is the answer, then it was a program running, and that program failed to restart	21:09
Patrickdk	so really, you ahve two more issues, ontop of your issue :)	21:09
funman___	blackdev1l: rebot and see	21:10
funman___	:D	21:10
blackdev1l	doesn't works	21:11
funman___	oki	21:15
funman___	top	21:15
funman___	and kill all proccesses u dont know	21:15
funman___	what they for	21:15
funman___	:D	21:15
blackdev1l	ahah	21:15
blackdev1l	i think i'll give up and use apache	21:16
blackdev1l	and do some proxypassReverse	21:16
Patrickdk	funman, won't help	21:19
Patrickdk	that isn't the problem, already confirmed using netstat	21:19
Patrickdk	using apache, likely will work around the issue	21:19
blackdev1l	yeah	21:19
blackdev1l	:\ kinda bad though	21:19
Patrickdk	bad?	21:20
Patrickdk	that you don't know what to fix?	21:20
Patrickdk	guess so	21:20
SP33D	little question	23:03
zeroNones	hey guys Im trying to copy files from my local computer to a remote server but I need to copy them to a root owned directory via my user. Is there a way to request sudo on transfer?	23:31
zeroNones	I have scp www_example_com.csr ubuntu@165.000.000.200:"/etc/nginx/ssl"	23:32
pmatulis	zeroNones: is this a one-off thing?	23:52
pmatulis	zeroNones: if so, you can scp to a directory the ubuntu user can write to, ssh to the server, and use sudo to copy that file under /etc/nginx/ssl. if not, the make the /etc/nginx/ssl directory writeable by user 'ubuntu', or his group	23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!