[01:04] <roasted> hi friends. I'm working on 18.04 and am seeing something weird. my local domain is "lan" but my server only responds if I ping hostname.local. The netplan config has lan appended in it though. Is there anywhere else to look in 18.04 to set the domain?
[01:05] <whislock> roasted: Need some clarification. What are you pinging from?
[01:06] <roasted> desktop and laptop on local network
[01:06] <roasted> I use pihole for dhcp/dns, though my server is static IP
[01:06] <roasted> everything else on network (dhcp admittedly) gets .lan appropriately
[01:06] <whislock> So you're pinging 'hostname.local' from the desktop/laptop, and it's responding, and you want it to respond on '.lan'?
[01:07] <roasted> exactly. or even just respond via "ping hostname" as my other servers do.
[01:07] <whislock> So, .local is mDNS/Avahi crap.
[01:07] <roasted> vault is my main server. vault hosts about 5 ubuntu server VMs on it. Those VMs all respond via "ping hostname" as well (though they are admittedly DHCP reservations and not static)
[01:08] <roasted> i.e. I can run ping nameserver, ping irc, ping web, etc, all fine, but I cannot ping vault unless I run ping vault.local
[01:09] <roasted> I feel like I'm missing something obvious (netplan is new to me) but according to the docs I feel I should have this right
[01:09] <sarnold> does your dns server know that you're using .lan in this fashion?
[01:09] <roasted> oh yes
[01:09] <roasted> in fact pihole defaults to using .lan as the domain
[01:10] <roasted> (pihole being dns + dhcp server)
[01:10] <nacc> what's in your /etc/resolv.conf ?
[01:10] <roasted> nameserver 127.0.0.53
[01:10] <roasted> search lan
[01:10] <nacc> does vault.lan resolve?
[01:11] <roasted> no
[01:11] <roasted> only vault.local
[01:13] <nacc> that's systemd-resolve, iirc, you can ask it what nameservers it knows
[01:13] <nacc> then you can query those nameservers for whether they can lookup vault.lan (which vault will be tried as if vault itself doens't lookup)
[01:14] <whislock> systemd-resolve --status
[01:14] <sarnold> you can also use systemd-resolve(1) to query the systemd thingy
[01:14] <roasted> if I run status I see 10.13.0.2 for DNS server and lan for domain
[01:14] <roasted> 10.13.0.2 = pihole IP
[01:14] <roasted> I can pastebin the whole thing if need be. Quite long. But those 2 lines are at the very bottom.
[01:15] <whislock> Gotta be honest, you REALLY shouldn't be using a TLD like this.
[01:15] <whislock> Even 'something.lan' is better.
[01:16] <roasted> not sure I understand. I'm just trying to resolve vault internally.
[01:16] <whislock> All of your internal hosts are <hostname>.lan
[01:16] <roasted> right
[01:16] <whislock> Top-level domains are intended to be namespaces, not used as a domain themselves.
[01:17] <whislock> You really should change that to <hostname>.<something>.lan
[01:17] <roasted> are you suggesting lan is a bad choice?
[01:17] <roasted> ah
[01:17] <sarnold> a dns pal of mine says the only sane option for internal hostnames is to use a domain you control
[01:17] <whislock> That IS the best answer, yes.
[01:17] <whislock> Buy a domain, use it.
[01:18] <whislock> But for many, that's not ideal, so I hedge with .lan. There's nothing stopping ICANN, etc. from making a .lan TLD publicly available, and screwing your world up.
[01:18] <whislock> Same thing happened with .local years ago.
[01:18] <roasted> I do have a domain... I didn't think that deep into it. I just wanted to be able to hit up smb://vault
[01:19] <whislock> You'll find that DNS issues like this rapidly go away when you start doing things to standards.
[01:19] <sarnold> whislock++
[01:19] <roasted> hm
[01:20] <roasted> I apologize if I'm not following, just trying to confirm: Am I correct in understanding that best case scenario is to use an actual domain I own, though a lesser (but better than I'm doing currently) option is just to forego the use of .lan and choose something a bit more... unique?
[01:21] <whislock> The first, yes. The second, no.
[01:21] <whislock> .lan is not a TLD that exists. Many modern DNS implementations do NOT reliably handle "single label domains" such as .lan.
[01:22] <whislock> Hosts are expected to belong to a domain that exists within the namespace of a top-level domain.
[01:22] <whislock> If using an actual domain is not an option, then use a domain in a fake TLD like .lan. Do not use .lan directly.
.home.lan is an example.
[01:22] <roasted> I see
[01:23] <roasted> well, wouldn't take me more than a minute or two to try it
[01:24] <whislock> The huge caution on using fake domains is that nothing is preventing that fake TLD from becoming a REAL TLD at a later date, or being reserved by a future standard for some use.
[01:24] <roasted> understood
[01:24] <roasted> though I would assume I could somewhat help mitigate that by using something more unique at least (which is why I alluded to my earlier question)
[01:25] <whislock> Potentially, yes, but you'd still definitely want to use domain.tld, rather than just .tld.
[01:26] <roasted> such as, possibly, home.lan as a rough example?
[01:26] <whislock> The exact example I gave you previously, yes.
[01:26] <whislock> 21:22 <whislock> <host>.home.lan is an example.
[01:26] <roasted> I'm trying that now
[01:27] <roasted> systemd-resolve --status on vault and my local desktop both now say home.lan, but the same symptoms still exist. (cannot ping vault/vault.home.lan, but can ping vault.local)
[01:27] <roasted> unless there's a service I need to redo besides bouncing the NICs and sudo netplan apply on server
[01:28] <whislock> Your DNS server has to be aware of all of this.
[01:28] <roasted> I did change my dns server to reflect home.lan
[01:29] <whislock> Heh, I can't wait for the .dot TLD to go life.
[01:29] <whislock> Live, rather.
[01:30] <whislock> I'm going to try to buy dot.dot
[01:30] <sarnold> ellipsis.dot.dot
[01:31] <whislock> Watch people type it as .......
[01:33] <roasted> heh, everything updated to home.lan and works, except pesky vault
[01:34] <sarnold> you don't happen to have an /etc/hosts entry somewhere that's wrecking everything do you?
[01:34] <roasted> I didn't manually edit any hosts file
[01:35] <roasted> I can pastebin what I do have though
[01:35] <roasted> https://paste.ubuntu.com/p/kKmFJ5tnmc/
[01:35] <sarnold> 127.0.1.1vault
[01:35] <sarnold> oh that's *on* vault
[01:35] <roasted> yeah
[01:35] <sarnold> check on the system that'd doing the pinging
[01:36] <roasted> https://paste.ubuntu.com/p/DbrSCHCDrt/
[01:36] <sarnold> nice and boring :)
[01:38] <roasted> yep
[01:57] <roasted> heh
[01:57] <roasted> even setting everything to .local in an effort to appease the server fails
[01:58] <roasted> that's the last time I dive in to a new server version
[02:06] <roasted> acts the same whether I have my unifi USG running dns+dhcp or the pihole running dns+dhcp, so def seems related to ubuntu 18.04 itself.
[02:06] <SlowJimmy> maybe I'm just paranoid, but every time i set up my ubuntu to be a working server with samba and owncloud and so forth, it works excellent but afte a couple of days the server always become comepletly irresponsive to openshh and owncloud and so forth, is it possible that either physicall or through the network somebody took control of my server? what ways do i have to check if that is
[02:06] <SlowJimmy> the case?
[02:07] <SlowJimmy> so irresponisive as to not even show up on the network anymore...
[02:09] <whislock> SlowJimmy: The odds of that are incredibly slim.
[02:09] <whislock> Sounds like resource exhaustion, to me.
[02:09] <whislock> How much RAM is in the system?
[02:10] <roasted> I run nextcloud in a VM and it tends to eat some RAM over time
[02:11] <roasted> plus the DB will require something more than a wussy CPU
[02:12] <roasted> I heard good things about seafile. Spun that up the other day but the client wouldn't see the server. Need to revisit that someday.
[02:12] <SlowJimmy> whislock anywhere between 2 GB and 4 GB
[02:13] <SlowJimmy> roasted I see
[02:13] <whislock> SlowJimmy: And how much swap?
[02:13] <SlowJimmy> 8GB
[02:13] <sarnold> maybe you could throw performance copilot or sar or similar on it to gather up a bunch of stats
[02:14] <whislock> I suspect, honestly, that you're hitting a low-memory state, and it starts thrashing swap.
[02:14] <SlowJimmy> sarnold perform copilot, got it
[02:14] <sarnold> what's si/so look like from vmstat 1 ?
[02:14] <SlowJimmy> whislock so just need to get more ram?
[02:14] <SlowJimmy> is there a quick way to check who is connecting to your system?
[02:15] <SlowJimmy> how can i shut off the server to the internet aside from apt get update and upgrade and dist-upgrade?
[02:15] <whislock> Do you have ports forwarded to it from the outside?
[02:15] <SlowJimmy> no
[02:15] <whislock> Then no one's connecting to the system from the outside.
[02:15] <whislock> End of story.
[02:16] <SlowJimmy> or at least i didnt forward them, i think it is possible somebody compromized the sysstem and then enabled all kinds of ish
[02:16] <madLyfe> all of these samba articles/how-tos are different. i understand there are different use cases for them.
[02:16] <SlowJimmy> whislock that is incredibly reassuring
[02:16] <SlowJimmy> you have no idea i was being paranoid, this is very good to know
[02:17] <whislock> SlowJimmy: Go look in whatever router provides internet access, see if ports have been forwarded.
[02:17] <whislock> These sorts of concerns are what I deal with for a living.
[02:18] <whislock> The odds of this being due to a compromise are within epsilon of zero.
[02:19] <SlowJimmy> whislock i am worried about people having physical access, as i live in an area with a lot of how do i put this... questionable character, the type who hold no jobs but drive cars and are well dressed...
[02:19] <sarnold> check ss output
[02:19] <SlowJimmy> thank you whislock you really made me sleep better at night
[02:19] <SlowJimmy> sarnold ty
[02:21] <SlowJimmy> whislock i am reading two books on server basics in gnu/linux and networking, but do you know a book that can help me with understanding security?
[02:23] <whislock> https://www.udacity.com/course/intro-to-information-security--ud459
[02:23] <whislock> Free course on it from Georgia Tech.
[02:23] <whislock> https://www.us-cert.gov/security-publications/introduction-information-security
[02:24] <whislock> https://www.nist.gov/publications/introduction-information-security
[02:24] <whislock> https://www.cybrary.it/course/intro-to-infosec/
[02:24] <whislock> And that should get you started on basics.
[02:25] <SlowJimmy> excellent thank you friend!
[02:25] <SlowJimmy> i may be paranoid so it is really difficult to know when i am going overboard and worrying for no reason  or attribution bias or other cognitive biases
[02:26] <SlowJimmy> it is really putting my mind at east to know that without portforwarding everything is ok
[02:26] <whislock> Security is a function of risk. Risk is a function of threats, vulnerabilities, and assets.
[02:27] <whislock> The short explanation is that in all likelihood, you are not worth the effort to any threat.
[02:27] <SlowJimmy> so if you are unlucky it may mean there is no real feasable way to be secure...
[02:27] <whislock> There's no such thing as complete or total security.
[02:27] <sarnold> .. and yet, forgetting the basics make you a risk to every threat :)
[02:27] <SlowJimmy> whislock that is assuming reasonable asesment form who every may or may not be on the other side
[02:27] <whislock> There's only an appropriate level of security based on the assets you're trying to protect, and how much you're willing to expend in terms of time, money, etc., to protect those assets.
[02:28] <SlowJimmy> ok i think with the basics you gave me i those links i will be able to sleep well at night
[02:29] <whislock> My home network is not likely to be a target for anyone. I've employed a level of protection that means that someone has to work quite hard to get in, and without the assurance of a suitable return on that investment, I'm basically not worth it.
[02:29] <whislock> My employer, of course, is a much more lucrative target, and so we spent a great deal more time and resources on protecting those assets.
[02:42] <JanC> whislock: for some types of threats, such as extortion schemes where they encrypt your data, every target is big enough (actually, too big targets might be undesirable, as they will have backups & are more likely to go after the villains)
[02:52] <whislock> JanC: Conversely, the countermeasures for those are simple. Don't run code from untrusted sources, have backups.
[04:27] <JanC> the whole point of phishing is making the target think it's a trusted source...
[04:53] <madLyfe> anyone bored and want to help me with samba?
[05:08] <cpaelzer> good morning
[05:08] <cpaelzer> madLyfe: I'm afraid your request sounds too much like "work you actually don't want" - why don't you ask right away?
[05:09] <cpaelzer> you might get no answer either, but IMHO it increases the chance to get one
[05:10] <madLyfe> just tired and head is kind of spinning
[05:10] <cpaelzer> :-/
[05:11] <madLyfe> so i set up a zfs mirror and im trying to share that mirror on the network with samba.
[05:11] <cpaelzer> sounds normal so far
[05:11] <madLyfe> at this point im just trying to get it to show up before i do any of the user stuffs
[05:11] <madLyfe> but i cant figure out what im doing wrong
[05:12] <cpaelzer> "show up" as in windows neighbor device discovery?
[05:12] <madLyfe> ya like show my share under networks
[05:13] <madLyfe> but im not even sure i have it setup correctly so i dont know if its windows or the config
[05:13] <cpaelzer> on the server doing samba: does this show anything "smbclient -L localhost"
[05:13] <cpaelzer> if you have set special user for samba use -U <username>
[05:14] <cpaelzer> you can also list from remote, but lets start one by one
[05:14] <madLyfe> Command 'smbclient' not found, but can be installed with:
[05:15] <cpaelzer> if you don't mind install it
[05:16] <madLyfe> https://paste.ubuntu.com/p/KVXKqXQfs2/
[05:17] <cpaelzer> madLyfe: is "Share" the one you set up?
[05:17] <madLyfe> ya
[05:17] <cpaelzer> ok, so the server is serving something
[05:17] <cpaelzer> if you have a remote Linux machine you can do the same with localhost replaced by the ip of the server
[05:18] <madLyfe> im on windows right now and its a dual boot
[05:19] <cpaelzer> ok
[05:19] <cpaelzer> there my experience is not high after a decade without :-)
[05:19] <cpaelzer> on a Linux system you'd check the shared (as above)
[05:19] <cpaelzer> and then maybe mount with
[05:19] <cpaelzer> mkdir -p /mnt/test; sudo mount.cifs '//127.0.0.1/Share' '/mnt/test' -o user=kinghat,vers=3.0
[05:19] <cpaelzer> or similar depending on your needs
[05:19] <cpaelzer> I wonder if maybe "just" the announcement isn't working
[05:20] <cpaelzer> and the resource would be there
[05:20] <cpaelzer> can you connect it from windows
[05:20] <cpaelzer> with like explorer->connect network share
[05:20] <cpaelzer> enter //IP/Share I think
[05:21] <madLyfe> https://paste.ubuntu.com/p/3xqKzdX97R/
[05:22] <cpaelzer> sorry - I'm not an expert in smb configs to find something obvious in there
[05:25] <madLyfe> its no biggie
[05:25] <cpaelzer> madLyfe: can you map the network drive from windows?
[05:25] <cpaelzer> ignoring the auto device scan for now
[05:25] <cpaelzer> umm
[05:25] <cpaelzer> madLyfe: browseable = yes
[05:26] <cpaelzer> well, default would be yes :-/
[05:26] <cpaelzer> I thought that might be missing
[05:27] <cpaelzer> there can be issues like this on very old Ubuntu vs very new Windows https://www.tenforums.com/network-sharing/31136-samba-shares-dont-show-up-windows-10-network.html
[05:30] <madLyfe> i have that set under my share already it just didnt show up in that report for some reason. i had it spelled 'browsable = yes' and just tried 'browseable = yes' and get the same result.
[05:35] <cpaelzer> madLyfe: it doesn't show up because it is the default
[05:38] <madLyfe> odd https://usercontent.irccloud-cdn.com/file/9zcsbflk/image.png
[05:40] <cpaelzer> madLyfe: the net surely has the experience you need on the windows side of this, but I'm out unfortunately
[05:40] <madLyfe> have a good one
[06:46] <spectre123123> Hi all,
[06:46] <spectre123123> did someone set a raid 1 with just two disks ? One of the two disks has got the operating system
[07:53] <spectre123123> Did anyone try the raid 1 on ubuntu server?
[08:17] <paulbarker> I've copied a network bridge configuration from one server to another. It's working on the source server but isn't working on the new destination server. Both are running Ubuntu 18.04.
[08:18] <paulbarker> The networkd config is here: https://pastebin.com/HwmXC1w9
[08:18] <paulbarker> On the source server running `networkctl status -a` shows br0 as `State: routable (configured)`
[08:19] <paulbarker> On the new server, same config, `networkctl status -a` shows br0 as `State: no-carrier (configuring)`
[08:19] <paulbarker> This is preventing LXD from launching, last entry in syslog is `systemd[1]: Starting Wait for Network to be Configured...`
[08:26] <paulbarker> stgraber: Is there any chance of getting https://github.com/lxc/lxd/pull/4741 backported to the LXD package in Ubuntu 18.04? I'm only trying to setup a bridge manually due to that issue
[08:40] <kiokoman> paulbarker: what about /etc/systemd/network/uplink.network ? which interface belongs to br0 ? maybe they have different name from old server to new server
[08:41] <paulbarker> No interface belongs to br0, it's for use with containers
[08:44] <paulbarker> Also, cyphermox, could we get a new release of netplan.io for Ubuntu 18.04? Looking at https://github.com/CanonicalLtd/netplan/commits/bionic, the fix I need is the most recent commit but that's after the latest release of 0.36.3
[08:48] <paulbarker> Ok, I have a workaround for now but for some reason it's different between the two servers
[08:52] <paulbarker> Both machines have the same version of the systemd package installed, but on the new server I now need to add `LinkLocalAddressing=no` to br0.network in order for the bridge to come up
[08:57] <kiokoman> check also -> ConfigureWithoutCarrier=true
[08:57] <paulbarker> That's also there. I tried both `true` and `yes` as values
[09:00] <kiokoman> anyway i have the same problem on my server 18.04 -> no-carrier (configuring)
[09:00] <paulbarker> Have restarted systemd-netwokd a couple of times and confirmed it only works with `LinkLocalAddressing=no` in the network config
[09:00] <kiokoman> same for me
[09:01] <paulbarker> Though that could lead to issues later if anything I'm running in the containers tries to use link-local addressing for some reason
[09:02] <paulbarker> What baffles me is that the same config on a server setup a couple of months ago works without disabling link-local addressing
[09:04] <mwhudson> same systemd versions on both?
[09:04] <kiokoman> LinkLocalAddressing=no -> turn off IPv6
[09:04] <mwhudson> there was a bug in this area recently (but only in cosmic i think)
[09:06] <paulbarker> systemd is version `237-3ubuntu10.3` on both
[09:14] <paulbarker> The best solution for me would be to release a new lxd package for Ubuntu 18.04 with my original bug fixed so I don't have to try creating all this by hand
[09:18] <paulbarker> Looks like the fix is in LXD 3.0.2 but Ubuntu 18.04 currently has version 3.0.1
[13:03] <sdeziel> any idea as to why the real changelog is in linux-modules-$(uname -r) and not in linux-image-$(uname -r) ?
[13:03] <sdeziel> $ ll /usr/share/doc/linux-{image,modules}-4.15.0-32-generic/changelog.Debian.gz
[13:03] <sdeziel> -rw-r--r-- 1 root root   509 Aug 10 13:35 /usr/share/doc/linux-image-4.15.0-32-generic/changelog.Debian.gz
[13:03] <sdeziel> -rw-r--r-- 1 root root 27851 Aug 10 13:22 /usr/share/doc/linux-modules-4.15.0-32-generic/changelog.Debian.gz
[13:06]  * ahasenack doesn't know
[13:17] <sdeziel> feel counter intuitive to me
[13:17] <sdeziel> and it is not the case with Xenial
[14:17] <cyphermox> sdeziel: careful, linux-image-*-generic is now built by linux-signed; so changelog would be smaller anyway
[14:19] <sdeziel> cyphermox: hmm, not sure what that implies.
[14:19] <sdeziel> $ ll /usr/share/doc/linux-*4.15.0-32*/changelog*
[14:19] <sdeziel> -rw-r--r-- 1 root root   509 Aug 10 13:35 /usr/share/doc/linux-image-4.15.0-32-generic/changelog.Debian.gz
[14:19] <sdeziel> -rw-r--r-- 1 root root 27851 Aug 10 13:22 /usr/share/doc/linux-modules-4.15.0-32-generic/changelog.Debian.gz
[14:19] <sdeziel> -rw-r--r-- 1 root root 27855 Aug 10 13:22 /usr/share/doc/linux-modules-extra-4.15.0-32-generic/changelog.Debian.gz
[14:19] <sdeziel> linux-image-unsigned-4.15.0-32-generic has no changelog which seems to be consistent with what you said
[14:20] <sdeziel> but still, I'd expect the changelog for a given kernel to be shipped with the -image package, not the -modules
[14:22] <cyphermox> like I said, linux-image-* is built by a different source pacakge than the others, that explains the small changelog -- the real changelog is available in linux-image-unsigned-* anyway
[14:22] <cyphermox> "real"
[14:22] <sdeziel> linux-image-unsigned-4.15.0-32-generic has no changelog
[14:23] <sdeziel> or I'm looking at the wrong spot somehow
[14:24] <cyphermox> certainly seems there for a different version:
[14:24] <cyphermox> -rw-r--r-- root/root     40761 2018-08-15 12:50 ./usr/share/doc/linux-image-unsigned-4.15.0-33-generic/changelog.Debian.gz
[14:25] <cyphermox> sdeziel: the shuffle of signed/unsigned is recent, best would be to ask for details in #ubuntu-kernel if there's anything
[14:25] <sdeziel> that's from -proposed I guess. Maybe they fixed a packaging issue as I don't have anything in -30 either
[14:25] <sdeziel> cyphermox: alright, thanks!
[14:26] <cyphermox> in -updates as of 25 minutes ago ;)
[14:32] <sdeziel> thanks for the info
[14:49] <mason> Anyone seeing subtle disk corruption using live migration in virt-manager and non-shared-storage/qcow2? Because I sure am.
[15:32] <madLyfe> sdeziel: do you samba share with windows at all?
[15:34] <sdeziel> madLyfe: barely, I have only 1 Windows client left @home
[15:35] <sdeziel> madLyfe: but I have another deployment with a mix of macOS and Windows clients
[15:36] <sdeziel> madLyfe: why?
[15:36] <madLyfe> so i think i got samba somewhat working last night but i cant see my samba share in win 10 'networking' but i can manually add the share by mapping network drive or adding network location. though even if i do that it still doesnt show up under the networking window.
[15:36] <madLyfe> also i cant add it by name i have to add it by ip only. and in cmd if i type 'net view' i get a 'system error 53 has occurred.  the network path was not found.'
[15:37] <madLyfe> i read probably the top 20 google articles on error 53 and it doesnt seem to be a consensus on the issue or how to fix it. none of the solutions i tried worked.
[15:38] <madLyfe> article/support threads*
[15:38] <sdeziel> madLyfe: for the name vs IP part, you can either setup DNS properly or add the host alias under %windir%/system32/etc/hosts (not sure about the path)
[15:38] <madLyfe> setup dns properly?
[15:39] <whislock> Is the Samba server in a different subnet than the client?
[15:39] <sdeziel> madLyfe: to access the server using a name, you need to have the name in the DNS
[15:40] <madLyfe> whislock: i dont think so?
[15:40] <madLyfe> sdeziel: doesnt the router handle that?
[15:41] <whislock> Depends on the router and how it's configured. That's almost never an automatic function.
[15:41] <sdeziel> madLyfe: it depends ;) On basic home setup it does, usually
[15:41] <sdeziel> madLyfe: you may want to test the simple way using the host alias as a first step
[15:41] <whislock> Careful. DNS in this case is two things. One is a forwarding resolver, which all home routers handle. The second, and what we're talking about here, is actually being an authoritative nameserver for its own zone.
[15:42] <whislock> Most home routers do not do this automatically, and some, not at all.
[15:48] <madLyfe> well if i have to add stuffs to host just to see the hostname for lookup, rather than ip, i dont really care. i just wanted to make sure my system was functioning properly.
[15:50] <whislock> Samba can be sensitive to HOW you request the system. The name vs. IP question can affect functionality.
[15:51] <madLyfe> this is what the asuswrt firmware dev and another guy said about it: https://paste.ubuntu.com/p/R8VvT5KD5F/
[15:51] <madLyfe> thought getting the name is better because IP can change(even though i have it set to static)
[15:54] <madLyfe> here is 'net view \\hostip' results: https://paste.ubuntu.com/p/rmqTBcBKgc/
[15:55] <whislock> I'm going to be incredibly blunt here, so fair warning: You should be using DNS for pretty much any service.
[15:55] <whislock> It's a trivial thing to set up, as long as you're setting it up properly. Using IP addresses for services, even in a home scenario, is just bad planning.
[15:56] <madLyfe> im all ears lel
[15:57] <whislock> I was originally going to be much more harsh, but there it is.
[16:00] <sdeziel> whislock: do you recommend home users to purchase an official domain name?
[16:02] <whislock> Generally, yes. $10 a year isn't a big hurdle.
[16:03] <sdeziel> true
[16:03] <sdeziel> I can't quickly find the official alternative (like .homenet or something)
[16:03] <whislock> There isn't one.
[16:04] <whislock> For several reasons.
[16:04] <whislock> The first being that using a TLD as a domain will cause problems with many implementations. Things don't handle 'single label domains' gracefully.
[16:04] <whislock> If you're going to use a fake TLD, select a second-level domain to use with it. '.home.lan' instead of just '.lan', for example.
[16:05] <whislock> Ideally, though, you'll purchase a domain name and use that both internally and externally.
[16:08] <sdeziel> https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx has good info
[16:08] <blackflow> $10/yr my donkey. The domain cartel is running a racket
[16:09] <blackflow> going cheapo-o are only tlds nobody really wants or are frequently blanket flagged for spam
[16:10] <whislock> Like .com?
[16:10] <whislock> $10.98/year?
[16:10] <whislock> or .net? Same price?
[16:10] <blackflow> + a few bucks for (a must have) whois privacy.
[16:10] <blackflow> though, with GDPR at least here in EU we've gotten that for free now.
[16:10] <whislock> It's +$0.00 for me.
[16:10] <whislock> So, with ICANN fees, it might hit $12/year.
[16:11] <whislock> $11.something.
[16:11] <blackflow> .com is 16€ at gandi.net where I'm purchasing
[16:11] <whislock> Gandi's one of the most expensive registrars on the internet.
[16:12] <whislock> Generally around 50% more expensive than anyone else.
[16:12] <blackflow> but that's the price I'm willing to pay for quality service, after changing seveal registrars for being criminally atrocious.
[16:12] <whislock> That's your choice/opinion, but that doesn't affect the accuracy of my previous statement.
[16:13] <blackflow> I was merely reflecting on the gTLD racket. meanwhile .xyz were really cheap-o, I got some for $.88 first year
[16:13] <blackflow> but you don't want those for public sites, especially not mail. so I guess they're good for home networks.
[16:14] <blackflow> (in that I generally agree purchasing a domain is better than "hijacking" a tld for local use)
[16:14] <whislock> Spam filtering is starting to move to an IP reputation model rather than blacklisting TLDs.
[16:14] <blackflow> it's both, there are various blacklists, IP based, domain based, URL based, ...
[16:15] <blackflow> IP reputation in the age of floating IP cloud services is not good.
[16:15] <whislock> URL based for spam filtering, where emails don't have URLs. Riiight.
[16:15] <whislock> Again: Spam filtering is starting to move to an IP reputation model rather than blacklisting TLDs.
[16:16] <whislock> Anyway, lunchtime.
[16:16] <blackflow> I guess you never ran a spam filter.
[16:16] <blackflow> URIBLs are for mail content obviously.
[16:17] <whislock> Only for the US DOD. You know, small stuff.
[16:17] <madLyfe> the router channel is saying that i should set the server up as DHCP with reservations.
[16:18] <blackflow> I've been running commercial MTAs for 10 years now. we have large URIBLs that we build on our own with spamtraps. there's also Spamhaus if you're willing to trust their a bit... fanatical... commitment.
[16:19] <whislock> The "small stuff" part was sarcastic as hell. My response was to highlight the folly of assuming people lack knowledge or experience simply because they disagree with you.
[16:19] <sdeziel> madLyfe: that is unneeded if you already put a static IP on the server
[16:19] <whislock> Basically, check your ego.
[16:19] <blackflow> whislock: well you didn't know what URIBLs were, so I guessed you never ran one.
[16:19] <blackflow> whislock: yeah, _I_ have to check _my_ ego.   "I was originally going to be much more harsh, but there it is."  -- told to someone who used IP instead of a domain... lol.
[16:22] <madLyfe> sdeziel/whislock is this correct? https://paste.ubuntu.com/p/mz7qYsjF7H/
[16:23] <sdeziel> madLyfe: they are probably right, I suspect the DHCP daemon is also the DNS resolver (dnsmasq probably)
[16:26] <sdeziel> madLyfe: this means a client asking for an IP will also "register" it's hostname to the DNS portion of it. This should let you reach the host in question by referring to it as its shortname
[16:26] <sdeziel> madLyfe: I'm not 100% sure on the above as it's been a while since I used such setup
[16:26] <madLyfe> https://paste.ubuntu.com/p/K7ww9pswkn/
[16:28] <sdeziel> madLyfe: OK, that seems to confirm what I said
[16:28] <sdeziel> madLyfe: you should trust them more than me if they are in the channel of your router's manufacturer ;)
[16:29] <madLyfe> well i was just hoping there was a standard best practice of going about it
[16:31] <sdeziel> madLyfe: dnsmasq is pretty common on home/SOHO routers so what they said makes sense generally
[16:40] <JanC> great article: http://danluu.com/anon-benchmark/
[17:36] <madLyfe> is this the best way to change the hostname that persists? 'hostnamectl set-hostname'
[17:36] <madLyfe> hostnamectl set-hostname 'new-hostname'
[17:51] <madLyfe> hmm that didnt make it past a reboot
[17:59] <madLyfe> so i renamed the hostname in hostname file, but the hosts file doesnt like the example given here: https://websiteforstudents.com/how-to-change-rename-ubuntu-16-04-lts-server-name/
[18:06] <sarnold> what error message do you get, and from what tool?
[18:06] <nacc> right, the 'hosts' file is just a file, it can't like or dislike anything.
[18:08] <madLyfe> have to edit the cloud.cfg as well
[18:09] <madLyfe> https://linuxconfig.org/how-to-change-hostname-on-ubuntu-18-04-bionic-beaver-linux
[18:09] <madLyfe> it talks about the hosts file too at the end but my hosts file second line doesnt look like theirs. also, i did a reboot and my hostname change seems to have stuck.
[18:10] <nacc> madLyfe: do you understand what the hosts file is for?
[18:10] <nacc> madLyfe: it's not really directly related to your actual  hostname
[18:10] <nacc> beyond convention, afaik
[18:11] <nacc> madLyfe: what does your hosts file look like? it *always* is better to give actual contents, than to describe them (as you are describing them very vaguely)
[18:11] <madLyfe> this is what the second line of mine looks like: https://usercontent.irccloud-cdn.com/file/92YDVYE8/image.png
[18:12] <madLyfe> sorry i should have put that in a paste
[18:12] <nacc> you are using ipv6?
[18:12] <nacc> i don't think that's the default 18.04 contents, but i'm not sure
[18:13] <madLyfe> not that i know of. i just used the defaults for everything.
[18:25] <coreycb> tobias-urdin: jamespage: i uploaded a new heat-dashboard package (1.3.0-0ubuntu4) and a new horizon package (14.0.0~rc1-0ubuntu2) which mostly fix up horizon. I'm getting a "Error: Unable to retrieve limits information." message once logged in which i think is related to needing quota_details extension enabled.
[18:26] <madLyfe> nacc: is this bad?
[19:16] <tobias-urdin> coreycb: cool, i'll check tomorrow if the CI has improved
[20:11] <ahasenack> kstenerud: did you see my ping in https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250
[20:11] <ahasenack> ?
[20:26] <nacc> madLyfe: is which bad?
[20:29] <madLyfe> the ipv6 stuffs? should it not be that way? I don't think I'm using ipv6
[20:33] <nacc> madLyfe: it doesn't necessarily hurt
[20:49] <kstenerud> ahasenack: is there a way to get alerts for these?
[20:53] <ahasenack> kstenerud: yes, just subscribe to the bug, or to the package
[20:53] <ahasenack> all done in that same view, look at the right hand side of the page
[21:45] <nacc> kstenerud: you can also subscribe to entire srcpkgs, e.g. -- may become useful
[21:52] <kstenerud> hmm
[21:53] <kstenerud> ahasenack: I think the bind9 problem is a lot depeer than first thought. The fix didn't work (or at least not with the crash I'm seeing). I've tracked the issue down to pk11.c line 370.
[21:54] <kstenerud> something's causing the init to fail, and so it aborts
[21:55] <kstenerud> Oh, there's a bunch of failed config loads reported in syslog. OK so it's not configured properly?
[22:32] <caliculk> Hey everyone, I was looking to see if anyone had any information on if zfsacl module is being withheld in the samba package, as according to the samba docs, it should be included in 4.7.6 but it doesn't appear to be the case when trying to use it as a vfs option.
[22:34] <caliculk> For reference, I am referring to this: https://ubuntuforums.org/showthread.php?t=2399285
[23:25] <Boyette> hi
[23:30] <Boyette> im stupid
[23:30] <Boyette> and have a problem with my vps
[23:30] <Boyette> who can help me
[23:34] <sarnold> if you were smart you'd tell the problem you've got, too :)
[23:35] <Boyette> yes thats why im stupid
[23:35] <Boyette> i try to configure a vpn on my vps
[23:36] <Boyette> but it looks like there is no networkconfiguration at all to attach to however at the same time there is