BitFolk Users April 2013

users@mailman.bitfolk.com

7 participants
8 discussions

by Paul Stimpson

Hi everyone, Please can you recommend a domain registrar that won't treat me like poo and that won't force me to use their name servers so I can host my own DNS? Reasonable pricing and someone that doesn't throw up needless obstacles to leaving would be a plus. Thanks, Paul. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.

9 years, 10 months

Can't ping pear.php.net

by David Paul

Anyone been having difficulties using pear, curl, etc. to other domains lately? I've started getting the following when trying to use PEAR: # pear list-all Connection to `pear.php.net:80' failed: Connection timed out if I try to send a cURL request to the majority of domains I get the same issue (though curl www.google.co.uk is fine)

9 years, 12 months

Ubuntu 13.04 LTS (Raring Ringtail) available for install

by Andy Smith

Hi, Ubuntu 13.04 LTS was released today. https://wiki.ubuntu.com/RaringRingtail/ReleaseNotes For those eager to try it out, I've created an entry within the self-installer that allows you to do a clean install of it. https://tools.bitfolk.com/wiki/Using_the_self-serve_net_installer I tested that it boots and can be SSHed into over IPv4 and v6, but that is as far as my testing went. I haven't tried an upgrade from 10.04.x; if anyone does give that a go then creating a wiki page with any gotchas would be appreciated. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

10 years

Plan for enabling DNSSEC on BitFolk's resolvers

by Andy Smith

Hi, TL;DR ----- DNSSEC validation will be enabled on BitFolk's resolvers on Monday 29th April. The Plan -------- After consultation¹, we've come up with a plan for enabling DNSSEC validation on BitFolk's resolvers: 0. As of Wednesday 27th a test resolver has been available on 85.119.80.243, with validation enabled. You can either query through it directly, e.g.: dig -t a www.dnssec-failed.org @85.119.80.243 dig -t test.dnssec-or-not.net @85.119.80.243 or replace all IPs in your /etc/resolv.conf to send all your DNS queries through it. 1. Sometime on Saturday 30th March (tomorrow) we'll enable Unbound's "permissive mode" which performs validation and logs errors but always passes answers back to clients anyway: http://unbound.net/documentation/howto_turnoff_dnssec.html Note that this can give the impression that DNSSEC is in use, but it is strictly for testing and you are achieving no security benefit while this setting is in effect. 2. Around Saturday 6th April we'll review the logs to see what sort of impact real validation will have. We will not be examining each and every failure and we will not be providing per-customer details; it is your responsibility to make use of the test resolver if you wish to test your own queries. 3. Provided the results of stage 2 are not too shocking, validation will be switched on sometime on Monday 29th April, deliberately a working day so that those of you using your VPSes for business purposes will hopefully be around to spot any issues in the unlikely event of anything breaking. Frequently Asked Questions -------------------------- - What is DNSSEC? DNSSEC is a means by which DNS domain owners can digitally sign records in their zones, so that DNS resolvers can check that the answers they are receiving have not been tampered with at any stage. Aside from routine mangling of DNS responses done by local resolvers not under your control (think: the built-in DNS resolver in the access point of your hotel, or an ISP resolver that for some reason is set to monetise particular kinds of queries), there are other threats such as the hijacking for DNS for popular or critical sites. Additionally, digital signing of zone content is needed before you can trust other secure data that might be stored in the DNS such as cryptographic public keys, e.g. SSH host keys and DANE data. RFC 3833 - Threat Analysis of the Domain Name System (DNS): http://tools.ietf.org/html/rfc3833 If a DNS zone is DNSSEC-signed but the signatures fail validation, the query will typically fail with a SERVFAIL response instead of the expected answer. - Do I need to do anything? No; validation is configured in the resolver, and BitFolk runs the resolvers that are listed by default in your /etc/resolv.conf. More and more resolvers will start enabling DNSSEC so you may like to test it out for yourself ahead of time though. - I'm running a DNS server on my VPS for my domain. Do I need to change anything? No; this is about the DNS resolvers you use which are defined in your /etc/resolv.conf, not any DNS server you might be running to serve authoritative DNS data. Whether or not you enable DNSSEC signing for your domain is a separate (and more complicated) issue. - Does this mean bitfolk.com will be DNSSEC-signed? No; having resolvers that validate DNSSEC signatures is a necessary first step before we can consider DNSSEC-signing bitfolk.com and bitfolk.co.uk. - Am I secure as soon as this is enabled? Only if the domains you query have enabled DNSSEC. And only for the things that DNSSEC actually protects you against. If you have any further questions about any of this, please do reply here or contact us off-list at support(a)bitfolk.com. Cheers, Andy ¹ Thread on users list starts here: http://lists.bitfolk.com/lurker/message/20130326.230706.21113786.en.html -- http://bitfolk.com/ -- No-nonsense VPS hosting > The optimum programming team size is 1. Has Jurassic Park taught us nothing? — pfilandr _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

10 years

Re: [bitfolk] Ubuntu 13.04 LTS (Raring Ringtail) available for install

by Andrew Quarton

I've just upgraded a nginx/mysql/php-fpm Bitfolk VPS to 13.04. No issues to report.

10 years, 1 month

Alerts re: b.authns.bitfolk.com

by Andy Smith

Hi, Those with secondary DNS service with BitFolk will have received a number of alerts regarding b.authns.bitfolk.com over the last couple of hours. The ISP concerned seems to be having some networking issues that's affecting their IPv4 but not IPv6. I've reported the problems to them and disabled alerting for that host until they fix it. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

10 years, 1 month

Reverse Mapping Checking Failed In auth.log

by Samuel Bächler

Hi, A post by Andy Bennett made me read an article by Marcus Ranum. This made me analyse log files on my vps and I came accross two lines like below Apr 2 00:59:34 hermann sshd[20368]: reverse mapping checking getaddrinfo for isjhr-nxt.eduhr.ro [193.231.42.110] failed - POSSIBLE BREAK-IN ATTEMPT! Apr 2 00:59:34 hermann sshd[20368]: Invalid user oracle from 193.231.42.110 Is my understanding of these log entries correct? The first line says that someone ssh-ed me from a domain isjhr-nxt.eduhr.ro but this domain does not map to 193.231.42.110. The second line says that this person (programm) tried semething like "ssh oracle(a)my.vps". Moreover, I do not have to worry about such entries. Cheers, Sam PS: I changed my real hostname to hermann cause I found that name funny when I watched Inglorious Bastards. -- Samuel Bächler Obere Bläsistrasse 1 8049 Zürich Web: boeser.ch Tel: +41(0)43 817 46 28 Mob: +41(0)79 478 49 42

10 years, 1 month

RapidSSL wildcard certificates - recommend a vendor

by Andy Smith

Hello, I need to renew a RapidSSL wildcard SSL certificate and I feel like shopping around. Who on this list sells them or knows people who do? Must provide VAT receipt, or else be so cheap that the inc VAT total is still cheaper. People from a certain other mailing list will probably recommend MDH, so I've already sent a query in that direction. Just thought I'd see if anyone here is reselling. Thanks! Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting > I'd be interested to hear any (even two word) reviews of their sofas… Provides seating. — Andy Davidson

10 years, 1 month

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

BitFolk Users April 2013