Hello,
The other day I saw one of BitFolk's IP addresses in a log file and
wondered which host that was, so I did a reverse lookup and got:
2001-ba8-1f1-f284-0-0-0-2.autov6rev.bitfolk.space
which was useless to me.
It's quick to look this up and fix it of course, but I wondered how many
other such addresses I had forgotten to take care of the reverse DNS
for.
In order to answer that question, automatically and in bulk, I wrote
this tool:
https://github.com/grifferz/ptrcheck-rs
The answer, for bitfolk.com, was 1 A record and 4 AAAA records.
I ran it against every customer domain on BitFolk's secondary service
and found that 20.1% of customers domains contain host records with no
PTR.
When I added:
--badre 'autov6rev'
to catch unset BitFolk IPv6 reverse DNS, that percentage went up to
26.5% of customer zones. This is not a shaming. 😀 All but one of my own
zones had at least one broken/missing PTR.
I will make a few more improvements and then turn it into a Nagios check
plugin available on request.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
It seems that since about 0500Z today the Debian mirror CDN at
deb.debian.org has been rejecting requests from our apt-cacher with a
message like:
E: Failed to fetch http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian/dists/bullse… 421 Misdirected Request [IP: 2001:ba8:1f1:f079::2 80]
I am looking into this. I don't know what is wrong yet. If you are
urently needing to uodate or install new packages just disable use of
BitFolk;s apt0cacher by removing "apt-cacher.lon.bitfolk.com/debian/"
from every line of your sources.list file(s).
I suspect some unfortunate interaction between Debian CDN (Fastly?) and
apt-cacher, as other mirrors are still working fine through our
apt-cacher.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Something that I have noticed on my bitfolk box but not other Debian machines.
I am running Debian 12.7
When I go "sudo -s" it shows a new login on a different pts.
I logged in via ssh at 16.14 and then went: sudo -s
If I run "w" I now appear to be logged in twice (1.52 is the current time):
addw pts/0 2001:4d48:ad51:2 16:14 40.00s 0.02s 0.01s sudo -s
addw pts/1 2001:4d48:ad51:2 01:52 3.00s 0.00s 0.01s sudo -s
So I am now on a different tty and the old one shows idle time.
I get similar results if I run "who".
ps shows interesting results:
# ps -f
UID PID PPID C STIME TTY TIME CMD
root 28669 28644 0 01:52 pts/1 00:00:00 sudo -s
root 28670 28669 0 01:52 pts/1 00:00:00 /bin/bash
root 28979 28670 0 01:59 pts/1 00:00:00 ps -f
# ps -fp28644
UID PID PPID C STIME TTY TIME CMD
root 28644 1819 0 01:51 pts/0 00:00:00 sudo -s
What is happening ?
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html
#include <std_disclaimer.h>
I thought that I would do this address change while it is fresh.
I do not want to remove the old address until I have updated other config (eg
DNS [forward & back], whois) and had that propagate - so both must work for a
while.
I set the new address thus:
ip address add 2a0a:1100:1012::114 dev enX0
Why :114 - the IPv4 address is 85.119.82.114 so having the last component the
same helps my head in understanding that they both belong to the same machine.
That works and I can ssh into it.
I am running Debian so I added this into /etc/network/interfaces, I will remove
the old iface enX0 when this is all done.
iface enX0 inet6 static
address 2a0a:1100:1012::114
netmask 48
gateway 2001:ba8:1f1:f0e3::1
# These commands disable IPv6 autoconfiguration because we are statically
# configuring it above.
pre-up echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra || true
pre-up echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra || true
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra || true
pre-up echo 0 > /proc/sys/net/ipv6/conf/default/autoconf || true
pre-up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf || true
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf || true
I copied the old one and changed: address & netmask [ 64 -> 48]
The stansa that concerns me is 'gateway' - above is a copy of the old one, what
should I set this to ?
Regards
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html
#include <std_disclaimer.h>
Hi,
I suppose it's relevant to anyone who might be target of harassment, but
for the three of you¹ currently running Tor relays at BitFolk please be
aware of:
https://delroth.net/posts/spoofed-mass-scan-abuse/
There isn't actually anything you can do about it other than reply to
abuse reports accordingly.
Thanks,
Andy
¹ curl -s 'https://onionoo.torproject.org/details?search=running:true' | \
jq '.relays[] | select(.or_addresses[] | startswith("85.119.8"))'
--
https://bitfolk.com/ -- No-nonsense VPS hosting
"I am the permanent milk monitor of all hobbies!" — Simon Quinlank
Hi,
I've updated this article on the wiki for the new /48s and just general
relevance as it was first authored almost 14 years ago:
https://tools.bitfolk.com/wiki/IPv6
It could do with some info about firewalling with nft. Also I do not
know how to set preferred_lft using nmcli or even if you can.
Of course if you spot any other errors or omissions just edit it.
I also went through and tried to modernise the VPN article:
https://tools.bitfolk.com/wiki/IPv6
I haven't used tinc in about 20 years though so I've no idea if any of
that is still correct. I also think it's probably better done with
WireGuard these days, so please show us how. 😀
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
The new /48s have now been assigned to all existing customers and you
can see what yours is at
https://panel.bitfolk.com/dns/
Assigning addresses and routes within these assignments should just work
for you, but I need to write some documentation for existing customers
(on the wiki) and then I will post something to announce@.
If you have any problems feel free to ask questions but if it's
something I will cover in the instructions then you may have to wait for
that.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
If you do not use or care about IPv6 with regard to your BitFolk VM(s)
you can stop reading this now.
As of this month we have started assigning IPv6 /48 netblocks to new
customers out of BitFolk's own allocation rather than continue giving
out /64s from our colo provider's allocation. Yesterday evening we also
assigned /48s to all existing customer VMs.
New installs (including those done yourself) will get set up with your
/48 from the start but existing VMs do need a few changes to make use of
this new address apace. If you know what you are doing you can just look
at:
https://panel.bitfolk.com/dns/
to find your /48 assignment and start configuring addresses and routes
from within that. They should work.
If that doesn't work or if you need more guidance here is an article
aimed at existing customers:
https://tools.bitfolk.com/wiki/New_/48_assignments,_October_2024
If you still have any questions not covered by the Troubleshooting or
Frequently Asked Questions sections then please do ask, by reply email
or support ticket or on Telegram or IRC.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
It was good to chat to some customers at OggCamp last weekend in
Manchester.
I will also be attending BarCamp London next month on Saturday 23
November. Do say hello if you are there too!
https://thirteen.barcamplondon.org/
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
