/srv/irclogs.ubuntu.com/2021/01/14/#ubuntu-server.txt

lordievaderGood morning08:12
jinkShould I install haveged?  I read it as possible solution to long post-boot wait times on a headless system.11:33
lotuspsychjejink: i always install preload & haveged on my ubuntu installs, on desktop11:35
jinkCool, thanks.11:36
jinkLet's try if this works, brb. :P11:40
jinkIt still boots, so that's good. :P11:46
jinkSeems to be faster, too.11:47
jinkBy about 70 seconds.11:47
tewardjink: I recommend including haveged all the time14:51
tewardbecause it helps to generate *more* entropy for when it needs random generation and such14:51
xibalbai'm trying to get bind9 to bind to my ipv6 address on ens160, i have 'listen-on-v6 { any;} ;' in my bind9 config. It loads and binds to localhost on ipv4, but i dont find it ever binding to my ipv6 addresses. the boxes works over ipv6, wondering if there is something obvious i'm missing on ubuntu 20.04? this should be super straight forward; done it a bunch of times going back to freebsd 4.1019:14
xibalbaipv6 is configured by slacc, i wonder if thats an issue19:15
TJ-xibalba: have you checked the log? bind usually requires the interface to have an address in the prefix you're allocating. See "journalctl -u isc-dhcp-server -n 50"19:16
xibalbano errors in the logs, i only see it binding to my ipv4 addr. "listening on IPv4 interface lo, 127.0.0.1#53" no mention of ipv619:18
xibalbai'm going to try and bind nginx to ipv6 and see if that works, maybe my issue is elsewhere19:19
xibalbaok, nginx binds to my ipv6 address just fine19:22
TJ-xibalba: then I suspect your /etc/dhcp/dhcp6d.conf isn't being read19:30
xibalbai'm not using any dhcp here19:32
xibalbanetstat should show something bound to ipv6 on udp, correct?19:32
TJ-haha sorry, got my wrong head on!19:32
xibalbano problem at all19:33
xibalbayou know maybe netstat just isn't showing the socket bound to udp619:33
xibalbatcpdump shows the traffic came in19:33
TJ-xibalba: how about "sudo ss -nlutp sport = 53"19:34
xibalbai still only 127.0.0.119:35
xibalbagoing to see if bind responds to me in just a moment, had to update my bind acl19:35
TJ-xibalba: ok, which file have you declared the listen-on-v6 in?19:35
xibalba- /etc/bind/named.conf.options19:36
TJ-xibalba: and, is that file being included when bind reads the configs?19:36
xibalbacorrect, i will triple validate one moment19:36
xibalbaconfirmed, the files paths are correct19:37
xibalbai see the packet come in, but no response as expected --  2600:1f16:195:d3bb:c25:a00b:245f:f41f → 2600:ABCD:a::20 DNS 90 Standard query 0xd38c A google.com19:38
sdezielxibalba: if you restart bind9 now, does it start listening on those v6 sockets?19:39
TJ-xibalba: I'm looking on mine which does IPv6, let's see if I can spot any clues19:39
xibalbasdeziel, negative it does not bind to the v6 sockets. i'll try again and verify w/the ss command TJ- pointed out19:39
TJ-'ss' shows: udp         UNCONN        0             0                               [::]:53                           [::]:*            users:(("named",pid=1328,fd=512))19:39
xibalbayeh mine only says, 127.0.0.53%lo:53 , how strange19:40
xibalbaopps syntax error in my config, one moment19:40
sdezielxibalba: that's usually systemd-resolved stub listener19:41
xibalbanetstat -anp | grep named19:41
xibalba -- shows named as the process ID name udp        0      0 127.0.0.1:53            0.0.0.0:*                           2558/named19:41
TJ-xibalba: in the journalctl output, immediately before the listening on IPv4... I see "listening on IPv6 interfaces, port 53"19:42
xibalbai do not19:42
TJ-enable debug output and launch from command-line to tell what it is doing maybe?19:43
xibalbagood idea19:43
sdezielxibalba: I'd run 'ps aux| grep named' to check if it's not running as 'named -4' or something19:43
xibalbaahhhhh19:43
xibalbaahhhhhhh19:43
xibalbasdeziel, !19:43
xibalba-  /usr/sbin/named -f -4 -u bind19:43
sdezielcool19:43
xibalbawinner winner chicken dinner19:43
xibalbathank you19:44
sdezielyw19:44
xibalbanow where to change that ... heading to google!19:44
sdezielxibalba: /etc/default/named19:44
xibalbathank you both!19:44
=== _KaszpiR__ is now known as _KaszpiR_
TJ-I did look at the default/bind9 but mine had nothing but -u bind so assumed it was default19:47
tewardv6 binding is default in Ubuntu's bind9 install TJ- - `listen-on-v6` in /etc/bind/named.default.options handles that19:53
tewardbut it can easily be disabled by saying "none" instead of "any" in that config option19:53
TJ-teward: that's what I assumed, so apparently xibalba  had a custom config19:54
tewardunless you're on an *ancient* version of BIND19:54
tewardTJ-: in which case they can simply add `listen-on-v6 { none; };` to their `options { ... }` block in their config19:54
tewardand achieve the same goal19:54
tewardjust for future ;)19:54
tewardthough xibalba is around still so they can read :P19:55
TJ-that's simple compared to getting to grips with bird :)19:55
tewardi should point out that i'm 80% fluent in BIND's default config setup on Ubuntu - I use it as the recursive DNS system for my network xD19:55
tewardand the only DNS server that is allowed to be used on my network xD19:55
xibalbahey sorry stepped away to get lunch19:58
xibalbayeh i'm using bind9 for local recursion from my networks, and auth servers running up in aws for PTR records19:59
xibalbai dont recall putting in -4 into /etc/defaults/named, this was from a VM I built ~8 months ago though20:00
TJ-the joys of non version controlled configs :)20:04
tewardxibalba: sounds like you're missing options in your config then20:13
tewardor certain items in the options block20:13
xibalbamy entire network is ipv6 only . i'm trying to do "apt update" on this box and it keeps failing, it can't resolve us.archive.ubuntu.com from the dns server.22:13
xibalbatshark from the dns server looks like it's asking for AAAA but gets back A22:14
xibalba → 2001:500:2::c DNS 136 Standard query 0xe1f5 AAAA ns2.canonical.com OPT22:14
mybalzitchwhat about just archive.ubuntu.com22:14
xibalbaDNS 755 Standard query response 0x3427 AAAA ns2.canonical.com NS ns1.canonical.com NS ns2.canonical.22:15
xibalbacom NS ns3.canonical.com NSEC3 RRSIG NSEC3 RRSIG A 91.189.94.173 A 91.189.95.3 A 91.189.91.139 OPT is what i see responded backin tshark22:15
xibalbai'll try mybalzitch22:15
xibalbano dice, something must be wrong w/my bind config22:16
mybalzitch;; ANSWER SECTION:22:17
mybalzitchus.archive.ubuntu.com.  43      IN      AAAA    2001:67c:1562::1822:17
mybalzitchworks for me22:17
mybalzitchso yeah check your bind22:17
sarnoldqueries for AAAA against my local recursors and both 9.9.9.9 and 8.8.8.8 all gave back ipv6 addresses for me22:19
sarnoldis your recursor turning AAAA queries into ANY queries perhaps?22:20
xibalbai'm not certain, i'll look into that.22:25
xibalbai just have a basic config for the moment22:25
xibalbahttps://paste.ubuntu.com/p/g2FfgSHpRz/22:25
xibalbahmm can get the AAAA back for google.com22:33
xibalbafor ns2.canonical.com have a quad A ?22:34
sarnoldI don't see one when resolving via quad922:53
xibalbai only get an A when checking ns1.canonical.com22:56
xibalbaso my ipv6 only box can't seem to connect22:56
mybalzitch9.9.9.9 gives me an AAAA reply23:17
xibalbado you get a quad A for ns1.canonical.com23:19
mybalzitchyup23:19
xibalba host -t AAAA ns1.canonical.com 8.8.8.823:39
xibalba says ns1.canonical.com has no AAAA record23:39
mybalzitchright23:40
mybalzitchoh, sorry ns123:40
mybalzitchI thought you meant us.archive, which you were trying before23:40
mybalzitch@ ns123:40
mybalzitchyeah I get no AAAA reply for ns1 either23:41

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!