[08:12] <lordievader> Good morning
[11:33] <jink> Should I install haveged?  I read it as possible solution to long post-boot wait times on a headless system.
[11:35] <lotuspsychje> jink: i always install preload & haveged on my ubuntu installs, on desktop
[11:36] <jink> Cool, thanks.
[11:40] <jink> Let's try if this works, brb. :P
[11:46] <jink> It still boots, so that's good. :P
[11:47] <jink> Seems to be faster, too.
[11:47] <jink> By about 70 seconds.
[14:51] <teward> jink: I recommend including haveged all the time
[14:51] <teward> because it helps to generate *more* entropy for when it needs random generation and such
[19:14] <xibalba> i'm trying to get bind9 to bind to my ipv6 address on ens160, i have 'listen-on-v6 { any;} ;' in my bind9 config. It loads and binds to localhost on ipv4, but i dont find it ever binding to my ipv6 addresses. the boxes works over ipv6, wondering if there is something obvious i'm missing on ubuntu 20.04? this should be super straight forward; done it a bunch of times going back to freebsd 4.10
[19:15] <xibalba> ipv6 is configured by slacc, i wonder if thats an issue
[19:16] <TJ-> xibalba: have you checked the log? bind usually requires the interface to have an address in the prefix you're allocating. See "journalctl -u isc-dhcp-server -n 50"
[19:18] <xibalba> no errors in the logs, i only see it binding to my ipv4 addr. "listening on IPv4 interface lo, 127.0.0.1#53" no mention of ipv6
[19:19] <xibalba> i'm going to try and bind nginx to ipv6 and see if that works, maybe my issue is elsewhere
[19:22] <xibalba> ok, nginx binds to my ipv6 address just fine
[19:30] <TJ-> xibalba: then I suspect your /etc/dhcp/dhcp6d.conf isn't being read
[19:32] <xibalba> i'm not using any dhcp here
[19:32] <xibalba> netstat should show something bound to ipv6 on udp, correct?
[19:32] <TJ-> haha sorry, got my wrong head on!
[19:33] <xibalba> no problem at all
[19:33] <xibalba> you know maybe netstat just isn't showing the socket bound to udp6
[19:33] <xibalba> tcpdump shows the traffic came in
[19:34] <TJ-> xibalba: how about "sudo ss -nlutp sport = 53"
[19:35] <xibalba> i still only 127.0.0.1
[19:35] <xibalba> going to see if bind responds to me in just a moment, had to update my bind acl
[19:35] <TJ-> xibalba: ok, which file have you declared the listen-on-v6 in?
[19:36] <xibalba> - /etc/bind/named.conf.options
[19:36] <TJ-> xibalba: and, is that file being included when bind reads the configs?
[19:36] <xibalba> correct, i will triple validate one moment
[19:37] <xibalba> confirmed, the files paths are correct
[19:38] <xibalba> i see the packet come in, but no response as expected --  2600:1f16:195:d3bb:c25:a00b:245f:f41f → 2600:ABCD:a::20 DNS 90 Standard query 0xd38c A google.com
[19:39] <sdeziel> xibalba: if you restart bind9 now, does it start listening on those v6 sockets?
[19:39] <TJ-> xibalba: I'm looking on mine which does IPv6, let's see if I can spot any clues
[19:39] <xibalba> sdeziel, negative it does not bind to the v6 sockets. i'll try again and verify w/the ss command TJ- pointed out
[19:39] <TJ-> 'ss' shows: udp         UNCONN        0             0                               [::]:53                           [::]:*            users:(("named",pid=1328,fd=512))
[19:40] <xibalba> yeh mine only says, 127.0.0.53%lo:53 , how strange
[19:40] <xibalba> opps syntax error in my config, one moment
[19:41] <sdeziel> xibalba: that's usually systemd-resolved stub listener
[19:41] <xibalba> netstat -anp | grep named
[19:41] <xibalba>  -- shows named as the process ID name udp        0      0 127.0.0.1:53            0.0.0.0:*                           2558/named
[19:42] <TJ-> xibalba: in the journalctl output, immediately before the listening on IPv4... I see "listening on IPv6 interfaces, port 53"
[19:42] <xibalba> i do not
[19:43] <TJ-> enable debug output and launch from command-line to tell what it is doing maybe?
[19:43] <xibalba> good idea
[19:43] <sdeziel> xibalba: I'd run 'ps aux| grep named' to check if it's not running as 'named -4' or something
[19:43] <xibalba> ahhhhh
[19:43] <xibalba> ahhhhhhh
[19:43] <xibalba> sdeziel, !
[19:43] <xibalba> -  /usr/sbin/named -f -4 -u bind
[19:43] <sdeziel> cool
[19:43] <xibalba> winner winner chicken dinner
[19:44] <xibalba> thank you
[19:44] <sdeziel> yw
[19:44] <xibalba> now where to change that ... heading to google!
[19:44] <sdeziel> xibalba: /etc/default/named
[19:44] <xibalba> thank you both!
=== _KaszpiR__ is now known as _KaszpiR_
[19:47] <TJ-> I did look at the default/bind9 but mine had nothing but -u bind so assumed it was default
[19:53] <teward> v6 binding is default in Ubuntu's bind9 install TJ- - `listen-on-v6` in /etc/bind/named.default.options handles that
[19:53] <teward> but it can easily be disabled by saying "none" instead of "any" in that config option
[19:54] <TJ-> teward: that's what I assumed, so apparently xibalba  had a custom config
[19:54] <teward> unless you're on an *ancient* version of BIND
[19:54] <teward> TJ-: in which case they can simply add `listen-on-v6 { none; };` to their `options { ... }` block in their config
[19:54] <teward> and achieve the same goal
[19:54] <teward> just for future ;)
[19:55] <teward> though xibalba is around still so they can read :P
[19:55] <TJ-> that's simple compared to getting to grips with bird :)
[19:55] <teward> i should point out that i'm 80% fluent in BIND's default config setup on Ubuntu - I use it as the recursive DNS system for my network xD
[19:55] <teward> and the only DNS server that is allowed to be used on my network xD
[19:58] <xibalba> hey sorry stepped away to get lunch
[19:59] <xibalba> yeh i'm using bind9 for local recursion from my networks, and auth servers running up in aws for PTR records
[20:00] <xibalba> i dont recall putting in -4 into /etc/defaults/named, this was from a VM I built ~8 months ago though
[20:04] <TJ-> the joys of non version controlled configs :)
[20:13] <teward> xibalba: sounds like you're missing options in your config then
[20:13] <teward> or certain items in the options block
[22:13] <xibalba> my entire network is ipv6 only . i'm trying to do "apt update" on this box and it keeps failing, it can't resolve us.archive.ubuntu.com from the dns server.
[22:14] <xibalba> tshark from the dns server looks like it's asking for AAAA but gets back A
[22:14] <xibalba>  → 2001:500:2::c DNS 136 Standard query 0xe1f5 AAAA ns2.canonical.com OPT
[22:14] <mybalzitch> what about just archive.ubuntu.com
[22:15] <xibalba> DNS 755 Standard query response 0x3427 AAAA ns2.canonical.com NS ns1.canonical.com NS ns2.canonical.
[22:15] <xibalba> com NS ns3.canonical.com NSEC3 RRSIG NSEC3 RRSIG A 91.189.94.173 A 91.189.95.3 A 91.189.91.139 OPT is what i see responded backin tshark
[22:15] <xibalba> i'll try mybalzitch
[22:16] <xibalba> no dice, something must be wrong w/my bind config
[22:17] <mybalzitch> ;; ANSWER SECTION:
[22:17] <mybalzitch> us.archive.ubuntu.com.  43      IN      AAAA    2001:67c:1562::18
[22:17] <mybalzitch> works for me
[22:17] <mybalzitch> so yeah check your bind
[22:19] <sarnold> queries for AAAA against my local recursors and both 9.9.9.9 and 8.8.8.8 all gave back ipv6 addresses for me
[22:20] <sarnold> is your recursor turning AAAA queries into ANY queries perhaps?
[22:25] <xibalba> i'm not certain, i'll look into that.
[22:25] <xibalba> i just have a basic config for the moment
[22:25] <xibalba> https://paste.ubuntu.com/p/g2FfgSHpRz/
[22:33] <xibalba> hmm can get the AAAA back for google.com
[22:34] <xibalba> for ns2.canonical.com have a quad A ?
[22:53] <sarnold> I don't see one when resolving via quad9
[22:56] <xibalba> i only get an A when checking ns1.canonical.com
[22:56] <xibalba> so my ipv6 only box can't seem to connect
[23:17] <mybalzitch> 9.9.9.9 gives me an AAAA reply
[23:19] <xibalba> do you get a quad A for ns1.canonical.com
[23:19] <mybalzitch> yup
[23:39] <xibalba>  host -t AAAA ns1.canonical.com 8.8.8.8
[23:39] <xibalba>  says ns1.canonical.com has no AAAA record
[23:40] <mybalzitch> right
[23:40] <mybalzitch> oh, sorry ns1
[23:40] <mybalzitch> I thought you meant us.archive, which you were trying before
[23:40] <mybalzitch> @ ns1
[23:41] <mybalzitch> yeah I get no AAAA reply for ns1 either