[00:17] <Neo4> why know what is DNS server? I've read about BIND if I install it what I'll get?
[00:18] <genii> Headaches
[00:18] <sarnold> Neo4: there's three types of DNS servers: authoritative, recursive, and forwarding
[00:18] <sarnold> genii: lol +1
[00:18] <Neo4> what does do DNS server? it return IP  of servers
[00:19] <sarnold> Neo4: an authoritative server knows the IPs and names of specific services and so on
[00:19] <genii> Neo4: Basically, yes.
[00:19] <sarnold> Neo4: a recursive server knows how to start from the "root nameservers" and query each hierarchy of name servers to find an eventual answer to a question
[00:19] <Neo4> sarnold: ok
[00:19] <sarnold> Neo4: forwarding nameservers do not know how to query the roots, they just forward the question on "to the next nameserver", which *will* know how to answer the question
[00:19] <Neo4> in general what shall I get?
[00:20] <sarnold> Neo4: so which types of DNS server you need to run depend upon what services you want to offer
[00:20] <sarnold> Neo4: if you have clients on a LAN that want to look up hostnames like www.yandex.ru, then you would probably want to run a recursive or a forwarding server for your clients
[00:20] <Neo4> I will able put any domains to my DNS server? something like ns.my_fqdn
[00:21] <sarnold> Neo4: if you want to provide services to the world with your own names, you could run an authoritative server
[00:21] <Neo4> sarnold: I needn't any )
[00:21] <sarnold> yes
[00:21] <Neo4> just curious
[00:21] <sarnold> if you want to run your own name servers, you would register your name servers with your registrar ("glue records")
[00:22] <sarnold> Neo4: I strongly recommend powerdns instead of bind
[00:22] <sarnold> Neo4: other popular choices are knot and unbound
[00:22] <Neo4> sarnold: I want for test run one on digital ocean and overview all possibilities and settings )
[00:23] <sarnold> Neo4: if you set up a recursive server DO NOT MAKE IT PUBLIC
[00:23] <Neo4> on digital ocean popular BIND
[00:23] <sarnold> bind was the first and still very popular
[00:23] <sarnold> but they mix auth and recursive which has shown to be very dangerous
[00:24] <sarnold> i've read both bind and powerdns sources and I know which one I'd rather run :)
[00:24] <genii> unbound is fairly decent
[00:24] <sdeziel> I concur, unbound is an excellent recursor
[00:25] <sdeziel> I have yet to try powerdns but I think sarnold just convinced me ;)
[00:26] <Neo4> if I have my own DNS somewhere I can bind there domainname and ip address from digitalocean and not use a cname and other from digitalocean panel?
[00:26] <sarnold> powerdns folks also make a dns proxy, dnsdist -- during a recent round of dns DDOS attacks, folks with bind servers were able to servive by plopping dnsdist services in front
[00:26] <Neo4> it might be this functionality is DNS
[00:27] <Neo4> badly understand this notions
[00:27] <sarnold> Neo4: you need to get IPs and IP routing from somewhere..
[00:32]  * mason is a staunch BIND fan. Goes with the whole dinosaur thing. BIND and Sendmail forever!
[00:32] <sarnold> mason: let me guess, *real* sendmail, no m4 for you? :)
[00:32] <mason> No, I'm an M4 fan. In fact, I've had two customer issues come up recently where I got to spread the Sendmail love.
[00:33] <sarnold> hehe, that's greatdnl
[00:35] <mason> hah
[00:39] <nacc> rbasak: hrm, did you not see this? https://paste.ubuntu.com/26455183/
[00:39] <nacc> rbasak: makes the gpgv stuff ... unclear how to use. The manpage implies 2 is a fatal error
[00:43] <hashwagon> On 16.04 the man page for unattended-upgrade says /etc/cron.daily/apt initiates the upgrade process. Anyone know why /etc/cron.daily/apt isn't generating for me? Has anyone else seen this?
[00:53] <rbasak> nacc: I didn't see that in my testing. Perhaps you're using an older series than I di?
[00:53] <rbasak> nacc: if so it's still a valid problem though.
[00:54] <rbasak> Might be able to work around by providing the DSA public key too
[00:55] <sarnold> hashwagon: looks like it's a systemd timer thing now
[00:55] <sarnold> hashwagon: check out systemctl cat apt-daily-upgrade.service
[01:13] <genii> sarnold: What's wrong with real sendmail? It's simple and efficient!
[01:15] <sarnold> genii: "simple"? :) this is the first I've ever heard that word used with sendmail :)
[01:15] <mason> Monolithic, single binary, single process. Few moving parts.
[01:15] <mason> That it's self-aware is incidental.
[01:17] <sarnold> hehe
[01:49] <rbasak> sendmail.cf contains enough moving parts to make up for that.
[04:16] <MJCD> hey y'all, I want to set up bind or dnsmasq or some such thing
[04:16] <MJCD> and I want it to act as a dns cache
[04:17] <MJCD> which just looks up non-cached or out of TTL type thing
[04:20] <mason> MJCD: I like unbound for that sort of role.
[04:23] <nacc> rbasak: i was checking xenial-updates as a random test on bionic
[04:24] <nacc> rbasak: is the DSA public key available via a different keyring?
[04:24] <MJCD> mason, oooh
[04:24] <MJCD> let me google that
[04:25] <MJCD> ohhhh
[04:25] <MJCD> this looks great
[04:25] <MJCD> and its recursive
[04:29] <MJCD> yeah mason this is exactly perfect
[04:29] <MJCD> I can set upto 4 forward-addr
[04:30] <MJCD> which by default is already google dns
[04:30] <MJCD> brilliant
[04:30] <mason> MJCD: Good, glad you like it!
[04:30] <MJCD> thanks so much
[04:30] <MJCD> see y'all soon
[04:30] <mason> o/
[04:32] <nacc> rbasak: oh i see what i was doing wrong, i need to pass all the keyrings
[06:09] <gibking> hi guys
[06:09] <gibking>  i'm struggling with dhclient/ipv6 and wonder if i hit a bug or not
[06:10] <gibking> DHCP Client System: trusty server, 4.4.0-111-generic, isc-dhcp-client  4.2.4-7ubuntu12.10
[06:10] <gibking> host gets ip6 addr normally: "ip a s" inet6 2003:.../128 scope global valid_lft forever preferred_lft forever
[06:10] <gibking> but after some time (probably has something to do with lease-time?) the ip becommed depreffered
[06:10] <gibking> preferred_lft is set to zero and in syslog i can see: dhclient: PRC: Address 2003:... depreferred
[06:10] <gibking> but this  does also happen on 16.04 server
[06:11] <gibking> this is why i am not sure if its a bug or "working as designed"
[06:11] <gibking> does anybody know whats happening there?
[06:12] <gibking> RAs are beeing sent from the firewall and routes are refreshed normally.
[06:22] <Shmam> Hi, I'm trying to get crontab to work. I have the following: `@reboot and inside of run, there is a bash script with `#!/bin/bash and then it cds into a dir and starts a nodejs script. But it doesnt work for some reason. If I try to do `/home/sam/Documents/repo/run` as a regular user, it works fine.
[06:46] <cpaelzer> thanks nacc for the importer reset, AFAIK the missing versions were much older but I'll report next time I see something
[07:21] <lordievader> Good morning
[07:39] <cpaelzer> good morning
[08:12] <lordievader> Hey cpaelzer
[08:12] <lordievader> How are you doing?
[08:22] <cpaelzer> hi lordievader, doing good for now
[08:22] <cpaelzer> as soon as all I work on is built I'll face the wall of errors that I expect :-)
[08:53] <disposable2> i have a LXD profile that had limits.memory.swap set to false. I've changed that to true. do i need to restart my containers for that setting to have any effect?
[09:03] <cpaelzer> you can check if it directly applied via lxc config get <container> limits.memory.swap
[09:04] <cpaelzer> I pinged a few friends who should know the answer about the restart
[09:04] <cpaelzer> hopefully one shows up in a bit
[09:04] <cpaelzer> disposable2: ^^
[09:05] <disposable2> cpaelzer: thank you. i had tried the lxc config get before i asked but it doesn't return anything
[09:05] <disposable2> only an empty line
[09:05] <cpaelzer> for me as well, as soon as I set something it obviously retruns what  I set
[09:07] <cpaelzer> I wonder what it tweaks in cgroups - is it only per continaer swappiness?
[09:07] <cpaelzer> if so that would eb easy to check
[09:08] <cpaelzer> disposable2: yes that is it
[09:08] <cpaelzer> what is your /sys/fs/cgroup/memory/lxc/<container>/memory.swappiness
[09:09] <cpaelzer> switching this off/on seems to swicth that between 0 and 50
[09:09] <cpaelzer> so once you edited your profile from false to true, check if the value changed from 0 to 50
[09:09] <cpaelzer> disposable2: ^^
[09:10] <disposable2> cpaelzer: well, now that i've set it manually for all my containers, it says 50 for all the containers
[09:10] <cpaelzer> which is the value for "true"
[09:11] <disposable2> cpaelzer: yet, the ram is almost completely full and no swapping is happening. the host machine has vm.swappiness=60. hmmmmmm
[09:11] <cpaelzer> that is the global default value
[09:11] <cpaelzer> disposable2: and it will still swap only what it considers rather inactive
[09:11] <cpaelzer> if you e.g. have cold page cache that will be dropped first
[09:12] <cpaelzer> disposable2: if this is not your prod machine you can check if/when it would swap by using a mem eater keeping his memory hot and slowly increasing its size
[09:13] <disposable2> cpaelzer: thank you for taking the time
[09:13] <cpaelzer> stress-ng --vm-keep --vm 1 --vm-bytes can do that for you
[09:14] <cpaelzer> I had my share of fun with swap in the past and experience sharing is part of the open source spriti right :-)
[11:23] <soahccc> What would be the most sensible way to permanently change CPU scale governor? I found multiple ways: udev rule, sysfsutils (can't I use sysctl?) or just dump it into rc.local?
[11:30] <ahasenack> xnox: hi, about my ping yesterday about ocfs2-tools on s390x
[11:32] <ahasenack> xnox: I have an ocfs2-tools ftbfs upload stuck in excuses because the s390x tests fail. You filed https://github.com/markfasheh/ocfs2-tools/issues/22
[11:35] <ahasenack> I mean, my upload fixes the ftbfs :)
[11:35] <soahccc> I fixed my problem, turns out it was supposed to be on "ondemand" but system only has performance/powersave and it choose powersave as fallback
[11:43] <soahccc> But on the topic of that: who defines these scaling governors? system or cpu?
[11:46] <ahasenack> soahccc: have you tried cpufrequtils? (Sorry, didn't get the whole context)
[11:46] <ahasenack> and/or cpufreqd
[11:47] <soahccc> ahasenack: yea it's cpufrequtils (included in the image from the hoster) but they have ondemand in there but the new CPUs in our new servers don't have that
[11:48] <ahasenack> and cpufreqd? Can't you chose a governor there and it will set it every time it starts, i.e., at every reboot?
[11:49] <ahasenack> that being said, my artful system has this:
[11:49] <ahasenack>  /lib/systemd/system/ondemand.service:ExecStart=/lib/systemd/set-cpufreq
[11:49] <soahccc> there is no cpufreqd but I edited (and found it) in /etc/default/cpufrequtils
[11:50] <ahasenack> which runs /lib/systemd/set-cpufreq
[11:50] <soahccc> curiously there is a service "ondemand" which I guess should set governor to ondemand, no idea if I need that service for anything now
[11:50] <ahasenack> do you have that systemd file above?
[11:50] <ahasenack> maybe debug it, because it looks like it tries to do the right thing
[11:51] <ahasenack> FIRSTCPU=`cut -f1 -d- /sys/devices/system/cpu/online`
[11:51] <ahasenack> AVAILABLE="/sys/devices/system/cpu/cpu$FIRSTCPU/cpufreq/scaling_available_governors"
[11:51] <ahasenack> check what you get for $AVAILABLE
[11:51] <ahasenack> I have:
[11:51] <ahasenack> $ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
[11:51] <ahasenack> performance powersave
[11:51] <ahasenack> in a laptop, of course
[11:52] <soahccc> I don't have both of these files
[11:52] <ahasenack> not even the /sys/devices/system/cpu/..... one?
[11:52] <soahccc> and sys reports only two governors
[11:53] <ahasenack> is this xenial or what?
[11:53] <soahccc> performance and powersave (same as cpufreq-info says), xenial yes
[11:53] <soahccc> https://gist.github.com/2called-chaos/03263073f6d3ab83a9b9f72ee4a244f1
[11:53] <ahasenack> in xenial you have /etc/init.d/ondemand?
[11:54] <soahccc> yes, that's there
[11:54] <ahasenack> it's similar code
[11:54] <ahasenack> that is what is setting your governor
[11:55] <ahasenack> you need it to be set to performance?
[11:55] <soahccc> ahasenack: I assume it uses /etc/default/cpufreqinfo no? Because it was set to ondemand there and I guess it defaulted to powersave?
[11:55] <ahasenack> it does not
[11:56] <ahasenack> look at the script, it does not read /etc/default/cpufreqinfo
[11:56] <ahasenack>  /etc/default/cpufreqinfo must come from another package
[11:56] <soahccc> ahasenack: yeah and it has a comment in the file that it's from the hoster's installimage
[11:57] <soahccc> I haven't restarted the machine yet (I set it to performance manually) but here's where I changed it to performance: https://gist.github.com/2called-chaos/457ee50f08df3a1b25059bedb80ba234
[11:57] <ahasenack> I don't see a way in that /etc/init.d/ondemand script for it to set the governor to performance
[11:57] <ahasenack> it's either interactive, ondemand, or powersave. If your system supports neither, it exits without touching the governor
[11:58] <soahccc> I restarted ondemand service and it didn't change back
[11:58] <ahasenack> which package profides that file? dpkg -S /etc/default/cpufrequtils
[11:58] <ahasenack> provides*
[11:58] <ahasenack> and then check if the package has an initscript or something like that, with dpkg -L <name>
[11:59] <soahccc> no path found matching pattern /etc/default/cpufrequtils
[11:59] <soahccc> but I guess it's from cpufrequtils (same name)
[11:59] <ahasenack> makes sense
[11:59] <soahccc> i   cpufrequtils                                                  - utilities to deal with the cpufreq Linux kernel feature
[11:59] <ahasenack> look for an initscript in it
[11:59] <ahasenack> and then check if it reads /etc/default/cpufreqinfo
[11:59] <ahasenack> or just do grep /etc/default/cpufreqinfo /etc/init.d/*
[12:00] <ahasenack> could also be an upstart job. Then do grep /etc/default/cpufreqinfo /etc/init/*
[12:00] <ahasenack> and /lib/systemd/system/* for systemd
[12:00] <soahccc> yeah there is and it does :) mystery solved (no idea why ondemand is there though)
[12:00] <ahasenack> then that initscript should set it
[12:01] <ahasenack> the only other possible problem is if it comes before the ondemand initscript, as the ondemand one could override the changes
[12:03] <soahccc> I think the ondemand service is broken, the script reads AVAILABLE and DOWN_FACTOR variables, the latter doesn't exist
[12:04] <soahccc> But do I even need that service if there is apparently a different service doing the same thing?
[12:05] <ahasenack> it's part of the initscripts package, so you can't just remove it
[12:05] <ahasenack> you can disable it
[12:05] <ahasenack> if your cpufrequtils one comes after, though, there is no harm in keeping both
[12:22] <soahccc> ahasenack: haha these fools, they misspelled "govenor" variable, their script wouldn't do shit even if I had ondemand
[12:22] <ahasenack> which script? From ubuntu, or from your provider?
[12:22] <soahccc> from the provider :D
[12:22] <ahasenack> heh
[12:23] <ahasenack> well, mistakes happen
[12:23] <ahasenack> I'm glad you found out :)
[12:24] <soahccc> took us 2 weeks actually. we ordered new servers and our page got slower. we were like "okay, microcode update, PTI and slightly worse single core performance"... yesterday I imported 500 million records and the page was faster and we were like ._.
[12:41] <ahasenack> rbasak: hi, could you please (re)import gvfs into git? It's stale: bionic has 1.34.1-1ubuntu4, ubuntu/devel is at 1.32.1-0ubuntu1, and there is no bionic branch
[12:46] <rbasak> ahasenack: running
[12:46] <rbasak> We concluded that the importer had been stuck a while.
[12:47] <ahasenack> rbasak: when it breaks like that, it's really stuck, or crashed?
[12:47] <rbasak> I think Nish restarted it yesterday, but that's why it's behind on so many packages.
[12:47] <ahasenack> a crashing importer is easier to handle than a stuck one
[12:47] <rbasak> It hangs on talking to Launchpad
[12:47] <ahasenack> mh
[12:47] <rbasak> I think Nish also filed a bug to investigate where we need to fix the timeouts
[12:47] <ahasenack> yes
[12:47] <rbasak> I think it's within launchpadlib somewhere
[12:47] <ahasenack> https://bugs.launchpad.net/usd-importer/+bug/1745211
[12:48] <ahasenack> cpaelzer just pointed me at it
[12:48] <cpaelzer> at least our answers are in sync
[13:02] <eoli3n> any help on this would be very appreciated -> https://unix.stackexchange.com/questions/419104/what-is-partuuid-from-blkid-when-using-msdos-partition-table/419116#419116
[13:02] <eoli3n> please look at my comment of the answer
[13:03] <eoli3n> i'm trying to kickstart install without breaking existing win7 install
[13:03] <eoli3n> i'm not a end user, i need it as deploy tool
[13:03] <eoli3n> without any manual intervention
[13:05] <boxrick> I have had a few minor situations where 'atftp' package dies. Normally I would just use systemd and make sure the mode is restarted, or in the past used something like monit / runit to make sure the service stays up. So in the case of atftp it has an init.d script which is absorbed by systemd and ran. I would normally replace this, but is there a way of extending the option. So I can add a parameter like restart
[13:05] <boxrick> always ?
[13:05] <boxrick> Like a systemd extends for example
[14:04] <Odd_Bloke> boxrick: Is https://askubuntu.com/questions/659267/how-do-i-override-or-configure-systemd-services what you're looking for?
[15:40] <coreycb> jamespage: i got started on b3 deps for queens. here's the list of what remains: https://paste.ubuntu.com/26459041/ . i still have a few i'm wrapping up that aren't in that list.
[16:09] <ahasenack> Nivex: hi, autofs uploaded to bionic :)
[16:09] <Nivex> rock on!
[16:10] <Nivex> You want another easy one? :)
[16:12] <ahasenack> sure
[16:12] <Nivex> https://bugs.launchpad.net/ubuntu/+source/partman-iscsi/+bug/1641656
[18:41] <nacc> rbasak: sorry, i've been afk on nhouse stuff; did you want to sync today still?
[18:49] <rbasak> nacc: I'm tied up this evening now, sorry (not you - the team meeting running over and then hit my EOD)
[18:50] <nacc> rbasak: totally fine; i did get one test written that ensures we are using the right URL for the Release -> Sources lookup
[18:50] <nacc> rbasak: i'll see if the scripts are dtrt, and i'll put up a MP for you to look at and we can discuss further tests from there
[22:45] <sdeziel> is there a way to ask systemd to sanity check a given unit?
[22:46] <nacc> sdeziel: systemd-analyze verify <FILE> ?
[22:46] <nacc> sdeziel: per https://github.com/systemd/systemd/issues/3677
[22:47] <nacc> sdeziel: not sure how far you want the sanity checked :)
[22:47] <sdeziel> nacc: I'm looking for a tool that will sanity check a unit and any override snippets it may have
[22:47] <nacc> sdeziel: the above will only check the syntax, afaik
[22:49] <sdeziel> nacc: indeed and it doesn't check the $foo.service.d directories either
[22:49] <sdeziel> thanks anyway, I'll keep digging the various man pages
[22:49] <sarnold> ship it all to another system and try?
[22:50] <sdeziel> sarnold: I'm cooking a puppet module to let one drop some override snippets then trigger a service restart. The sanity check is to avoid the foot gun ;)
[22:51] <sarnold> puppet step number one .. spin up a new server somewhere ..
[22:51] <sarnold> hehe
[22:52] <sdeziel> https://memegenerator.net/instance/55819969/chuck-norris-meme-testing-is-for-wimps-real-men-test-in-production
[22:53] <sarnold> :)
[22:54] <Nivex> http://i1.wp.com/agilescout.com/wp-content/uploads/2012/05/i-dont-test-my-code.jpg
[22:56] <sdeziel> wow, someone loved it enough to create this https://www.idontalwaystestmycode.com/
[23:04] <patdk-lap> I didn't know there was another way to test code
[23:06] <sdeziel> "systemctl daemon-reload" will catch any typo in the unit but it's then too late and the bad file will be deployed
[23:19] <ahasenack> nacc: I submitted https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888463 to debian
[23:20] <ahasenack> tomorrow I might check what's really going on: why debhelper didn't catch that
[23:23] <nacc> ahasenack: what fille specifies ot upstream (e.g. requirements.txt) that ply should be used?
[23:26] <nacc> ahasenack: it should be generated by python3:depends, aiui
[23:27] <ahasenack> yeah, but it's not working. Not in ubuntu, nor in debian sid
[23:27] <ahasenack> something with bind's build system probably