/srv/irclogs.ubuntu.com/2018/08/23/#ubuntu-server.txt

roastedhi friends. I'm working on 18.04 and am seeing something weird. my local domain is "lan" but my server only responds if I ping hostname.local. The netplan config has lan appended in it though. Is there anywhere else to look in 18.04 to set the domain?01:04
whislockroasted: Need some clarification. What are you pinging from?01:05
roasteddesktop and laptop on local network01:06
roastedI use pihole for dhcp/dns, though my server is static IP01:06
roastedeverything else on network (dhcp admittedly) gets .lan appropriately01:06
whislockSo you're pinging 'hostname.local' from the desktop/laptop, and it's responding, and you want it to respond on '.lan'?01:06
roastedexactly. or even just respond via "ping hostname" as my other servers do.01:07
whislockSo, .local is mDNS/Avahi crap.01:07
roastedvault is my main server. vault hosts about 5 ubuntu server VMs on it. Those VMs all respond via "ping hostname" as well (though they are admittedly DHCP reservations and not static)01:07
roastedi.e. I can run ping nameserver, ping irc, ping web, etc, all fine, but I cannot ping vault unless I run ping vault.local01:08
roastedI feel like I'm missing something obvious (netplan is new to me) but according to the docs I feel I should have this right01:09
sarnolddoes your dns server know that you're using .lan in this fashion?01:09
roastedoh yes01:09
roastedin fact pihole defaults to using .lan as the domain01:09
roasted(pihole being dns + dhcp server)01:10
naccwhat's in your /etc/resolv.conf ?01:10
roastednameserver 127.0.0.5301:10
roastedsearch lan01:10
naccdoes vault.lan resolve?01:10
roastedno01:11
roastedonly vault.local01:11
naccthat's systemd-resolve, iirc, you can ask it what nameservers it knows01:13
naccthen you can query those nameservers for whether they can lookup vault.lan (which vault will be tried as if vault itself doens't lookup)01:13
whislocksystemd-resolve --status01:14
sarnoldyou can also use systemd-resolve(1) to query the systemd thingy01:14
roastedif I run status I see 10.13.0.2 for DNS server and lan for domain01:14
roasted10.13.0.2 = pihole IP01:14
roastedI can pastebin the whole thing if need be. Quite long. But those 2 lines are at the very bottom.01:14
whislockGotta be honest, you REALLY shouldn't be using a TLD like this.01:15
whislockEven 'something.lan' is better.01:15
roastednot sure I understand. I'm just trying to resolve vault internally.01:16
whislockAll of your internal hosts are <hostname>.lan01:16
roastedright01:16
whislockTop-level domains are intended to be namespaces, not used as a domain themselves.01:16
whislockYou really should change that to <hostname>.<something>.lan01:17
roastedare you suggesting lan is a bad choice?01:17
roastedah01:17
sarnolda dns pal of mine says the only sane option for internal hostnames is to use a domain you control01:17
whislockThat IS the best answer, yes.01:17
whislockBuy a domain, use it.01:17
whislockBut for many, that's not ideal, so I hedge with .lan. There's nothing stopping ICANN, etc. from making a .lan TLD publicly available, and screwing your world up.01:18
whislockSame thing happened with .local years ago.01:18
roastedI do have a domain... I didn't think that deep into it. I just wanted to be able to hit up smb://vault01:18
whislockYou'll find that DNS issues like this rapidly go away when you start doing things to standards.01:19
sarnoldwhislock++01:19
roastedhm01:19
roastedI apologize if I'm not following, just trying to confirm: Am I correct in understanding that best case scenario is to use an actual domain I own, though a lesser (but better than I'm doing currently) option is just to forego the use of .lan and choose something a bit more... unique?01:20
whislockThe first, yes. The second, no.01:21
whislock.lan is not a TLD that exists. Many modern DNS implementations do NOT reliably handle "single label domains" such as .lan.01:21
whislockHosts are expected to belong to a domain that exists within the namespace of a top-level domain.01:22
whislockIf using an actual domain is not an option, then use a domain in a fake TLD like .lan. Do not use .lan directly.01:22
whislock<host>.home.lan is an example.01:22
roastedI see01:22
roastedwell, wouldn't take me more than a minute or two to try it01:23
whislockThe huge caution on using fake domains is that nothing is preventing that fake TLD from becoming a REAL TLD at a later date, or being reserved by a future standard for some use.01:24
roastedunderstood01:24
roastedthough I would assume I could somewhat help mitigate that by using something more unique at least (which is why I alluded to my earlier question)01:24
whislockPotentially, yes, but you'd still definitely want to use domain.tld, rather than just .tld.01:25
roastedsuch as, possibly, home.lan as a rough example?01:26
whislockThe exact example I gave you previously, yes.01:26
whislock21:22 <whislock> <host>.home.lan is an example.01:26
roastedI'm trying that now01:26
roastedsystemd-resolve --status on vault and my local desktop both now say home.lan, but the same symptoms still exist. (cannot ping vault/vault.home.lan, but can ping vault.local)01:27
roastedunless there's a service I need to redo besides bouncing the NICs and sudo netplan apply on server01:27
whislockYour DNS server has to be aware of all of this.01:28
roastedI did change my dns server to reflect home.lan01:28
whislockHeh, I can't wait for the .dot TLD to go life.01:29
whislockLive, rather.01:29
whislockI'm going to try to buy dot.dot01:30
sarnoldellipsis.dot.dot01:30
whislockWatch people type it as .......01:31
roastedheh, everything updated to home.lan and works, except pesky vault01:33
sarnoldyou don't happen to have an /etc/hosts entry somewhere that's wrecking everything do you?01:34
roastedI didn't manually edit any hosts file01:34
roastedI can pastebin what I do have though01:35
roastedhttps://paste.ubuntu.com/p/kKmFJ5tnmc/01:35
sarnold127.0.1.1vault01:35
sarnoldoh that's *on* vault01:35
roastedyeah01:35
sarnoldcheck on the system that'd doing the pinging01:35
roastedhttps://paste.ubuntu.com/p/DbrSCHCDrt/01:36
sarnoldnice and boring :)01:36
roastedyep01:38
roastedheh01:57
roastedeven setting everything to .local in an effort to appease the server fails01:57
roastedthat's the last time I dive in to a new server version01:58
roastedacts the same whether I have my unifi USG running dns+dhcp or the pihole running dns+dhcp, so def seems related to ubuntu 18.04 itself.02:06
SlowJimmymaybe I'm just paranoid, but every time i set up my ubuntu to be a working server with samba and owncloud and so forth, it works excellent but afte a couple of days the server always become comepletly irresponsive to openshh and owncloud and so forth, is it possible that either physicall or through the network somebody took control of my server? what ways do i have to check if that is02:06
SlowJimmythe case?02:06
SlowJimmyso irresponisive as to not even show up on the network anymore...02:07
whislockSlowJimmy: The odds of that are incredibly slim.02:09
whislockSounds like resource exhaustion, to me.02:09
whislockHow much RAM is in the system?02:09
roastedI run nextcloud in a VM and it tends to eat some RAM over time02:10
roastedplus the DB will require something more than a wussy CPU02:11
roastedI heard good things about seafile. Spun that up the other day but the client wouldn't see the server. Need to revisit that someday.02:12
SlowJimmywhislock anywhere between 2 GB and 4 GB02:12
SlowJimmyroasted I see02:13
whislockSlowJimmy: And how much swap?02:13
SlowJimmy8GB02:13
sarnoldmaybe you could throw performance copilot or sar or similar on it to gather up a bunch of stats02:13
whislockI suspect, honestly, that you're hitting a low-memory state, and it starts thrashing swap.02:14
SlowJimmysarnold perform copilot, got it02:14
sarnoldwhat's si/so look like from vmstat 1 ?02:14
SlowJimmywhislock so just need to get more ram?02:14
SlowJimmyis there a quick way to check who is connecting to your system?02:14
SlowJimmyhow can i shut off the server to the internet aside from apt get update and upgrade and dist-upgrade?02:15
whislockDo you have ports forwarded to it from the outside?02:15
SlowJimmyno02:15
whislockThen no one's connecting to the system from the outside.02:15
whislockEnd of story.02:15
SlowJimmyor at least i didnt forward them, i think it is possible somebody compromized the sysstem and then enabled all kinds of ish02:16
madLyfeall of these samba articles/how-tos are different. i understand there are different use cases for them.02:16
SlowJimmywhislock that is incredibly reassuring02:16
SlowJimmyyou have no idea i was being paranoid, this is very good to know02:16
whislockSlowJimmy: Go look in whatever router provides internet access, see if ports have been forwarded.02:17
whislockThese sorts of concerns are what I deal with for a living.02:17
whislockThe odds of this being due to a compromise are within epsilon of zero.02:18
SlowJimmywhislock i am worried about people having physical access, as i live in an area with a lot of how do i put this... questionable character, the type who hold no jobs but drive cars and are well dressed...02:19
sarnoldcheck ss output02:19
SlowJimmythank you whislock you really made me sleep better at night02:19
SlowJimmysarnold ty02:19
SlowJimmywhislock i am reading two books on server basics in gnu/linux and networking, but do you know a book that can help me with understanding security?02:21
whislockhttps://www.udacity.com/course/intro-to-information-security--ud45902:23
whislockFree course on it from Georgia Tech.02:23
whislockhttps://www.us-cert.gov/security-publications/introduction-information-security02:23
whislockhttps://www.nist.gov/publications/introduction-information-security02:24
whislockhttps://www.cybrary.it/course/intro-to-infosec/02:24
whislockAnd that should get you started on basics.02:24
SlowJimmyexcellent thank you friend!02:25
SlowJimmyi may be paranoid so it is really difficult to know when i am going overboard and worrying for no reason  or attribution bias or other cognitive biases02:25
SlowJimmyit is really putting my mind at east to know that without portforwarding everything is ok02:26
whislockSecurity is a function of risk. Risk is a function of threats, vulnerabilities, and assets.02:26
whislockThe short explanation is that in all likelihood, you are not worth the effort to any threat.02:27
SlowJimmyso if you are unlucky it may mean there is no real feasable way to be secure...02:27
whislockThere's no such thing as complete or total security.02:27
sarnold.. and yet, forgetting the basics make you a risk to every threat :)02:27
SlowJimmywhislock that is assuming reasonable asesment form who every may or may not be on the other side02:27
whislockThere's only an appropriate level of security based on the assets you're trying to protect, and how much you're willing to expend in terms of time, money, etc., to protect those assets.02:27
SlowJimmyok i think with the basics you gave me i those links i will be able to sleep well at night02:28
whislockMy home network is not likely to be a target for anyone. I've employed a level of protection that means that someone has to work quite hard to get in, and without the assurance of a suitable return on that investment, I'm basically not worth it.02:29
=== v12aml_ is now known as v12aml
=== stgraber_ is now known as stgraber
whislockMy employer, of course, is a much more lucrative target, and so we spent a great deal more time and resources on protecting those assets.02:29
JanCwhislock: for some types of threats, such as extortion schemes where they encrypt your data, every target is big enough (actually, too big targets might be undesirable, as they will have backups & are more likely to go after the villains)02:42
whislockJanC: Conversely, the countermeasures for those are simple. Don't run code from untrusted sources, have backups.02:52
JanCthe whole point of phishing is making the target think it's a trusted source...04:27
madLyfeanyone bored and want to help me with samba?04:53
cpaelzergood morning05:08
cpaelzermadLyfe: I'm afraid your request sounds too much like "work you actually don't want" - why don't you ask right away?05:08
cpaelzeryou might get no answer either, but IMHO it increases the chance to get one05:09
madLyfejust tired and head is kind of spinning05:10
cpaelzer:-/05:10
madLyfeso i set up a zfs mirror and im trying to share that mirror on the network with samba.05:11
cpaelzersounds normal so far05:11
madLyfeat this point im just trying to get it to show up before i do any of the user stuffs05:11
madLyfebut i cant figure out what im doing wrong05:11
cpaelzer"show up" as in windows neighbor device discovery?05:12
madLyfeya like show my share under networks05:12
madLyfebut im not even sure i have it setup correctly so i dont know if its windows or the config05:13
cpaelzeron the server doing samba: does this show anything "smbclient -L localhost"05:13
cpaelzerif you have set special user for samba use -U <username>05:13
cpaelzeryou can also list from remote, but lets start one by one05:14
madLyfeCommand 'smbclient' not found, but can be installed with:05:14
cpaelzerif you don't mind install it05:15
madLyfehttps://paste.ubuntu.com/p/KVXKqXQfs2/05:16
cpaelzermadLyfe: is "Share" the one you set up?05:17
madLyfeya05:17
cpaelzerok, so the server is serving something05:17
cpaelzerif you have a remote Linux machine you can do the same with localhost replaced by the ip of the server05:17
madLyfeim on windows right now and its a dual boot05:18
cpaelzerok05:19
cpaelzerthere my experience is not high after a decade without :-)05:19
cpaelzeron a Linux system you'd check the shared (as above)05:19
cpaelzerand then maybe mount with05:19
cpaelzermkdir -p /mnt/test; sudo mount.cifs '//127.0.0.1/Share' '/mnt/test' -o user=kinghat,vers=3.005:19
cpaelzeror similar depending on your needs05:19
cpaelzerI wonder if maybe "just" the announcement isn't working05:19
cpaelzerand the resource would be there05:20
cpaelzercan you connect it from windows05:20
cpaelzerwith like explorer->connect network share05:20
cpaelzerenter //IP/Share I think05:20
madLyfehttps://paste.ubuntu.com/p/3xqKzdX97R/05:21
cpaelzersorry - I'm not an expert in smb configs to find something obvious in there05:22
madLyfeits no biggie05:25
cpaelzermadLyfe: can you map the network drive from windows?05:25
cpaelzerignoring the auto device scan for now05:25
cpaelzerumm05:25
cpaelzermadLyfe: browseable = yes05:25
cpaelzerwell, default would be yes :-/05:26
cpaelzerI thought that might be missing05:26
cpaelzerthere can be issues like this on very old Ubuntu vs very new Windows https://www.tenforums.com/network-sharing/31136-samba-shares-dont-show-up-windows-10-network.html05:27
=== smb is now known as smb-afk
madLyfei have that set under my share already it just didnt show up in that report for some reason. i had it spelled 'browsable = yes' and just tried 'browseable = yes' and get the same result.05:30
cpaelzermadLyfe: it doesn't show up because it is the default05:35
madLyfeodd https://usercontent.irccloud-cdn.com/file/9zcsbflk/image.png05:38
cpaelzermadLyfe: the net surely has the experience you need on the windows side of this, but I'm out unfortunately05:40
madLyfehave a good one05:40
=== smb-afk is now known as smb
spectre123123Hi all,06:46
spectre123123did someone set a raid 1 with just two disks ? One of the two disks has got the operating system06:46
spectre123123Did anyone try the raid 1 on ubuntu server?07:53
paulbarkerI've copied a network bridge configuration from one server to another. It's working on the source server but isn't working on the new destination server. Both are running Ubuntu 18.04.08:17
paulbarkerThe networkd config is here: https://pastebin.com/HwmXC1w908:18
paulbarkerOn the source server running `networkctl status -a` shows br0 as `State: routable (configured)`08:18
paulbarkerOn the new server, same config, `networkctl status -a` shows br0 as `State: no-carrier (configuring)`08:19
paulbarkerThis is preventing LXD from launching, last entry in syslog is `systemd[1]: Starting Wait for Network to be Configured...`08:19
paulbarkerstgraber: Is there any chance of getting https://github.com/lxc/lxd/pull/4741 backported to the LXD package in Ubuntu 18.04? I'm only trying to setup a bridge manually due to that issue08:26
kiokomanpaulbarker: what about /etc/systemd/network/uplink.network ? which interface belongs to br0 ? maybe they have different name from old server to new server08:40
paulbarkerNo interface belongs to br0, it's for use with containers08:41
paulbarkerAlso, cyphermox, could we get a new release of netplan.io for Ubuntu 18.04? Looking at https://github.com/CanonicalLtd/netplan/commits/bionic, the fix I need is the most recent commit but that's after the latest release of 0.36.308:44
paulbarkerOk, I have a workaround for now but for some reason it's different between the two servers08:48
paulbarkerBoth machines have the same version of the systemd package installed, but on the new server I now need to add `LinkLocalAddressing=no` to br0.network in order for the bridge to come up08:52
kiokomancheck also -> ConfigureWithoutCarrier=true08:57
paulbarkerThat's also there. I tried both `true` and `yes` as values08:57
kiokomananyway i have the same problem on my server 18.04 -> no-carrier (configuring)09:00
paulbarkerHave restarted systemd-netwokd a couple of times and confirmed it only works with `LinkLocalAddressing=no` in the network config09:00
kiokomansame for me09:00
paulbarkerThough that could lead to issues later if anything I'm running in the containers tries to use link-local addressing for some reason09:01
paulbarkerWhat baffles me is that the same config on a server setup a couple of months ago works without disabling link-local addressing09:02
mwhudsonsame systemd versions on both?09:04
kiokomanLinkLocalAddressing=no -> turn off IPv609:04
mwhudsonthere was a bug in this area recently (but only in cosmic i think)09:04
paulbarkersystemd is version `237-3ubuntu10.3` on both09:06
paulbarkerThe best solution for me would be to release a new lxd package for Ubuntu 18.04 with my original bug fixed so I don't have to try creating all this by hand09:14
paulbarkerLooks like the fix is in LXD 3.0.2 but Ubuntu 18.04 currently has version 3.0.109:18
=== pesari_ is now known as pesari
=== yeats_ is now known as yeats
=== Pici` is now known as Pici
sdezielany idea as to why the real changelog is in linux-modules-$(uname -r) and not in linux-image-$(uname -r) ?13:03
sdeziel$ ll /usr/share/doc/linux-{image,modules}-4.15.0-32-generic/changelog.Debian.gz13:03
sdeziel-rw-r--r-- 1 root root   509 Aug 10 13:35 /usr/share/doc/linux-image-4.15.0-32-generic/changelog.Debian.gz13:03
sdeziel-rw-r--r-- 1 root root 27851 Aug 10 13:22 /usr/share/doc/linux-modules-4.15.0-32-generic/changelog.Debian.gz13:03
* ahasenack doesn't know13:06
sdezielfeel counter intuitive to me13:17
sdezieland it is not the case with Xenial13:17
=== BlackDex_ is now known as BlackDex
=== Forty-3_ is now known as Forty-3
cyphermoxsdeziel: careful, linux-image-*-generic is now built by linux-signed; so changelog would be smaller anyway14:17
sdezielcyphermox: hmm, not sure what that implies.14:19
sdeziel$ ll /usr/share/doc/linux-*4.15.0-32*/changelog*14:19
sdeziel-rw-r--r-- 1 root root   509 Aug 10 13:35 /usr/share/doc/linux-image-4.15.0-32-generic/changelog.Debian.gz14:19
sdeziel-rw-r--r-- 1 root root 27851 Aug 10 13:22 /usr/share/doc/linux-modules-4.15.0-32-generic/changelog.Debian.gz14:19
sdeziel-rw-r--r-- 1 root root 27855 Aug 10 13:22 /usr/share/doc/linux-modules-extra-4.15.0-32-generic/changelog.Debian.gz14:19
sdeziellinux-image-unsigned-4.15.0-32-generic has no changelog which seems to be consistent with what you said14:19
sdezielbut still, I'd expect the changelog for a given kernel to be shipped with the -image package, not the -modules14:20
cyphermoxlike I said, linux-image-* is built by a different source pacakge than the others, that explains the small changelog -- the real changelog is available in linux-image-unsigned-* anyway14:22
cyphermox"real"14:22
sdeziellinux-image-unsigned-4.15.0-32-generic has no changelog14:22
sdezielor I'm looking at the wrong spot somehow14:23
cyphermoxcertainly seems there for a different version:14:24
cyphermox-rw-r--r-- root/root     40761 2018-08-15 12:50 ./usr/share/doc/linux-image-unsigned-4.15.0-33-generic/changelog.Debian.gz14:24
cyphermoxsdeziel: the shuffle of signed/unsigned is recent, best would be to ask for details in #ubuntu-kernel if there's anything14:25
sdezielthat's from -proposed I guess. Maybe they fixed a packaging issue as I don't have anything in -30 either14:25
sdezielcyphermox: alright, thanks!14:25
cyphermoxin -updates as of 25 minutes ago ;)14:26
sdezielthanks for the info14:32
masonAnyone seeing subtle disk corruption using live migration in virt-manager and non-shared-storage/qcow2? Because I sure am.14:49
madLyfesdeziel: do you samba share with windows at all?15:32
sdezielmadLyfe: barely, I have only 1 Windows client left @home15:34
sdezielmadLyfe: but I have another deployment with a mix of macOS and Windows clients15:35
sdezielmadLyfe: why?15:36
madLyfeso i think i got samba somewhat working last night but i cant see my samba share in win 10 'networking' but i can manually add the share by mapping network drive or adding network location. though even if i do that it still doesnt show up under the networking window.15:36
madLyfealso i cant add it by name i have to add it by ip only. and in cmd if i type 'net view' i get a 'system error 53 has occurred.  the network path was not found.'15:36
madLyfei read probably the top 20 google articles on error 53 and it doesnt seem to be a consensus on the issue or how to fix it. none of the solutions i tried worked.15:37
madLyfearticle/support threads*15:38
sdezielmadLyfe: for the name vs IP part, you can either setup DNS properly or add the host alias under %windir%/system32/etc/hosts (not sure about the path)15:38
madLyfesetup dns properly?15:38
whislockIs the Samba server in a different subnet than the client?15:39
sdezielmadLyfe: to access the server using a name, you need to have the name in the DNS15:39
madLyfewhislock: i dont think so?15:40
madLyfesdeziel: doesnt the router handle that?15:40
whislockDepends on the router and how it's configured. That's almost never an automatic function.15:41
sdezielmadLyfe: it depends ;) On basic home setup it does, usually15:41
sdezielmadLyfe: you may want to test the simple way using the host alias as a first step15:41
whislockCareful. DNS in this case is two things. One is a forwarding resolver, which all home routers handle. The second, and what we're talking about here, is actually being an authoritative nameserver for its own zone.15:41
whislockMost home routers do not do this automatically, and some, not at all.15:42
madLyfewell if i have to add stuffs to host just to see the hostname for lookup, rather than ip, i dont really care. i just wanted to make sure my system was functioning properly.15:48
whislockSamba can be sensitive to HOW you request the system. The name vs. IP question can affect functionality.15:50
madLyfethis is what the asuswrt firmware dev and another guy said about it: https://paste.ubuntu.com/p/R8VvT5KD5F/15:51
madLyfethought getting the name is better because IP can change(even though i have it set to static)15:51
madLyfehere is 'net view \\hostip' results: https://paste.ubuntu.com/p/rmqTBcBKgc/15:54
whislockI'm going to be incredibly blunt here, so fair warning: You should be using DNS for pretty much any service.15:55
whislockIt's a trivial thing to set up, as long as you're setting it up properly. Using IP addresses for services, even in a home scenario, is just bad planning.15:55
madLyfeim all ears lel15:56
whislockI was originally going to be much more harsh, but there it is.15:57
sdezielwhislock: do you recommend home users to purchase an official domain name?16:00
whislockGenerally, yes. $10 a year isn't a big hurdle.16:02
sdezieltrue16:03
sdezielI can't quickly find the official alternative (like .homenet or something)16:03
whislockThere isn't one.16:03
whislockFor several reasons.16:04
whislockThe first being that using a TLD as a domain will cause problems with many implementations. Things don't handle 'single label domains' gracefully.16:04
whislockIf you're going to use a fake TLD, select a second-level domain to use with it. '.home.lan' instead of just '.lan', for example.16:04
whislockIdeally, though, you'll purchase a domain name and use that both internally and externally.16:05
sdezielhttps://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx has good info16:08
blackflow$10/yr my donkey. The domain cartel is running a racket16:08
blackflowgoing cheapo-o are only tlds nobody really wants or are frequently blanket flagged for spam16:09
whislockLike .com?16:10
whislock$10.98/year?16:10
whislockor .net? Same price?16:10
blackflow+ a few bucks for (a must have) whois privacy.16:10
blackflowthough, with GDPR at least here in EU we've gotten that for free now.16:10
whislockIt's +$0.00 for me.16:10
whislockSo, with ICANN fees, it might hit $12/year.16:10
whislock$11.something.16:11
blackflow.com is 16€ at gandi.net where I'm purchasing16:11
whislockGandi's one of the most expensive registrars on the internet.16:11
whislockGenerally around 50% more expensive than anyone else.16:12
blackflowbut that's the price I'm willing to pay for quality service, after changing seveal registrars for being criminally atrocious.16:12
whislockThat's your choice/opinion, but that doesn't affect the accuracy of my previous statement.16:12
blackflowI was merely reflecting on the gTLD racket. meanwhile .xyz were really cheap-o, I got some for $.88 first year16:13
blackflowbut you don't want those for public sites, especially not mail. so I guess they're good for home networks.16:13
blackflow(in that I generally agree purchasing a domain is better than "hijacking" a tld for local use)16:14
whislockSpam filtering is starting to move to an IP reputation model rather than blacklisting TLDs.16:14
blackflowit's both, there are various blacklists, IP based, domain based, URL based, ...16:14
blackflowIP reputation in the age of floating IP cloud services is not good.16:15
whislockURL based for spam filtering, where emails don't have URLs. Riiight.16:15
whislockAgain: Spam filtering is starting to move to an IP reputation model rather than blacklisting TLDs.16:15
whislockAnyway, lunchtime.16:16
blackflowI guess you never ran a spam filter.16:16
blackflowURIBLs are for mail content obviously.16:16
whislockOnly for the US DOD. You know, small stuff.16:17
madLyfethe router channel is saying that i should set the server up as DHCP with reservations.16:17
blackflowI've been running commercial MTAs for 10 years now. we have large URIBLs that we build on our own with spamtraps. there's also Spamhaus if you're willing to trust their a bit... fanatical... commitment.16:18
whislockThe "small stuff" part was sarcastic as hell. My response was to highlight the folly of assuming people lack knowledge or experience simply because they disagree with you.16:19
sdezielmadLyfe: that is unneeded if you already put a static IP on the server16:19
whislockBasically, check your ego.16:19
blackflowwhislock: well you didn't know what URIBLs were, so I guessed you never ran one.16:19
blackflowwhislock: yeah, _I_ have to check _my_ ego.   "I was originally going to be much more harsh, but there it is."  -- told to someone who used IP instead of a domain... lol.16:19
madLyfesdeziel/whislock is this correct? https://paste.ubuntu.com/p/mz7qYsjF7H/16:22
sdezielmadLyfe: they are probably right, I suspect the DHCP daemon is also the DNS resolver (dnsmasq probably)16:23
sdezielmadLyfe: this means a client asking for an IP will also "register" it's hostname to the DNS portion of it. This should let you reach the host in question by referring to it as its shortname16:26
sdezielmadLyfe: I'm not 100% sure on the above as it's been a while since I used such setup16:26
madLyfehttps://paste.ubuntu.com/p/K7ww9pswkn/16:26
sdezielmadLyfe: OK, that seems to confirm what I said16:28
sdezielmadLyfe: you should trust them more than me if they are in the channel of your router's manufacturer ;)16:28
madLyfewell i was just hoping there was a standard best practice of going about it16:29
sdezielmadLyfe: dnsmasq is pretty common on home/SOHO routers so what they said makes sense generally16:31
JanCgreat article: http://danluu.com/anon-benchmark/16:40
madLyfeis this the best way to change the hostname that persists? 'hostnamectl set-hostname'17:36
madLyfehostnamectl set-hostname 'new-hostname'17:36
madLyfehmm that didnt make it past a reboot17:51
madLyfeso i renamed the hostname in hostname file, but the hosts file doesnt like the example given here: https://websiteforstudents.com/how-to-change-rename-ubuntu-16-04-lts-server-name/17:59
sarnoldwhat error message do you get, and from what tool?18:06
naccright, the 'hosts' file is just a file, it can't like or dislike anything.18:06
madLyfehave to edit the cloud.cfg as well18:08
madLyfehttps://linuxconfig.org/how-to-change-hostname-on-ubuntu-18-04-bionic-beaver-linux18:09
madLyfeit talks about the hosts file too at the end but my hosts file second line doesnt look like theirs. also, i did a reboot and my hostname change seems to have stuck.18:09
naccmadLyfe: do you understand what the hosts file is for?18:10
naccmadLyfe: it's not really directly related to your actual  hostname18:10
naccbeyond convention, afaik18:10
naccmadLyfe: what does your hosts file look like? it *always* is better to give actual contents, than to describe them (as you are describing them very vaguely)18:11
madLyfethis is what the second line of mine looks like: https://usercontent.irccloud-cdn.com/file/92YDVYE8/image.png18:11
madLyfesorry i should have put that in a paste18:12
naccyou are using ipv6?18:12
nacci don't think that's the default 18.04 contents, but i'm not sure18:12
madLyfenot that i know of. i just used the defaults for everything.18:13
coreycbtobias-urdin: jamespage: i uploaded a new heat-dashboard package (1.3.0-0ubuntu4) and a new horizon package (14.0.0~rc1-0ubuntu2) which mostly fix up horizon. I'm getting a "Error: Unable to retrieve limits information." message once logged in which i think is related to needing quota_details extension enabled.18:25
madLyfenacc: is this bad?18:26
tobias-urdincoreycb: cool, i'll check tomorrow if the CI has improved19:16
ahasenackkstenerud: did you see my ping in https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/178625020:11
ubottuLaunchpad bug 1786250 in strongswan (Ubuntu) "strongswan (charon) is rejected by apparmor to read /proc/<PID>/fd" [Undecided,In progress]20:11
ahasenack?20:11
naccmadLyfe: is which bad?20:26
madLyfethe ipv6 stuffs? should it not be that way? I don't think I'm using ipv620:29
naccmadLyfe: it doesn't necessarily hurt20:33
kstenerudahasenack: is there a way to get alerts for these?20:49
ahasenackkstenerud: yes, just subscribe to the bug, or to the package20:53
ahasenackall done in that same view, look at the right hand side of the page20:53
=== miguel_ is now known as Guest47799
=== oddismX is now known as Phren
nacckstenerud: you can also subscribe to entire srcpkgs, e.g. -- may become useful21:45
kstenerudhmm21:52
kstenerudahasenack: I think the bind9 problem is a lot depeer than first thought. The fix didn't work (or at least not with the crash I'm seeing). I've tracked the issue down to pk11.c line 370.21:53
kstenerudsomething's causing the init to fail, and so it aborts21:54
kstenerudOh, there's a bunch of failed config loads reported in syslog. OK so it's not configured properly?21:55
caliculkHey everyone, I was looking to see if anyone had any information on if zfsacl module is being withheld in the samba package, as according to the samba docs, it should be included in 4.7.6 but it doesn't appear to be the case when trying to use it as a vfs option.22:32
caliculkFor reference, I am referring to this: https://ubuntuforums.org/showthread.php?t=239928522:34
Boyettehi23:25
Boyetteim stupid23:30
Boyetteand have a problem with my vps23:30
Boyettewho can help me23:30
sarnoldif you were smart you'd tell the problem you've got, too :)23:34
Boyetteyes thats why im stupid23:35
Boyettei try to configure a vpn on my vps23:35
Boyettebut it looks like there is no networkconfiguration at all to attach to however at the same time there is23:36

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!