BitFolk Users

users@mailman.bitfolk.com

1117 discussions

OpenTech 2013

by Andy Bennett

Hi, Is anyone planning to go to OpenTech in London this Saturday? Regards, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF

11 years, 7 months

IPv6

by Keith Williams

I have just spent the last few days investigating tunneling ipv6 from my vps to my wheezy box at home and so giving my home mini-network ipv6 access. On the way I have learnt a lot about routing etc. It is now working nicely, but what has amazed me is how small the ipv6 take up seems to be. Once I had established that I could ping6 fairly local addresses, I tried pinging further afield and when some of those failed, I tried dig aaaa on them and found that there were no aaaa records. We are talking big names here - amazon.co.uk etc. Interestingly, my isp doesn't provide ipv6 connectivity to customers, but I can ping6 them! Keith -- Keith Williams Keith's Place www.keiths-place.co.uk Tailor Made English www.tmenglish.org West Norfolk RSPCA www.westnorfolkrspca.org.uk

11 years, 7 months

ssh problem

by Steven Walker

I am in Spain at the moment and am unable to log into my Bitfolk vm. I could log in with no problem from England so can a friend in Florida and it works from Brazil. The people I am staying with could log in from an internet cafe so I think the problem is the ISP who is ya.com part of Orange. This is what happens (using a Mac) zaphod$ ssh -vvv -p 2222 swalk(a)swalk.eu OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to swalk.eu [85.119.82.47] port 2222. debug1: Connection established. debug1: identity file /Users/zaphod/.ssh/identity type -1 debug1: identity file /Users/zaphod/.ssh/id_rsa type -1 debug1: identity file /Users/zaphod/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host Can anyone advise me on what the problem is, why an ISP might do whatever it does to stop the connection or suggest some sort of work around. Steve PS I know I should be using SSH with authentication key instead of password but I have been a bit lazy getting around to it.

11 years, 7 months

Ubuntu 13.04 LTS (Raring Ringtail) available for install

by Andy Smith

Hi, Ubuntu 13.04 LTS was released today. https://wiki.ubuntu.com/RaringRingtail/ReleaseNotes For those eager to try it out, I've created an entry within the self-installer that allows you to do a clean install of it. https://tools.bitfolk.com/wiki/Using_the_self-serve_net_installer I tested that it boots and can be SSHed into over IPv4 and v6, but that is as far as my testing went. I haven't tried an upgrade from 10.04.x; if anyone does give that a go then creating a wiki page with any gotchas would be appreciated. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

11 years, 7 months

Clustered Filesystems

by Alex Harrington (Staff)

Hi all I'm looking at high availability webserver setups at the moment and wondered if anyone was running a clustering filesystem across multiple Bitfolk VPSes? I've been doing some reading on GlusterFS and it would seem to do what I need it to. I'm going to have a play with it on a couple of local VMs first while I understand how to make it work in my setup, but just wondered if anyone else is doing similar or has any words of wisdom? Thanks Alex

11 years, 7 months

Re: [bitfolk] users Digest, Vol 54, Issue 2

by Steven Walker

> Looks alright to me so I am surprised that you cannot connect. Does > the "ssh -v 85.119.82.47" output look the same still? > > Cheers, > Andy Yes: $ ssh -v 85.119.82.47 OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to 85.119.82.47 [85.119.82.47] port 22. debug1: connect to address 85.119.82.47 port 22: Connection refused ssh: connect to host 85.119.82.47 port 22: Connection refused and $ ssh -v -p2222 85.119.82.47 OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to 85.119.82.47 [85.119.82.47] port 2222. debug1: Connection established. debug1: identity file /Users/zaphod/.ssh/identity type -1 debug1: identity file /Users/zaphod/.ssh/id_rsa type -1 debug1: identity file /Users/zaphod/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host This started some weeks ago when I gave a friend in Spain and account. He never succeeded in logging from home via Windows and Putty and I assumed that he was doing something wrong. When I arrived to stay I had the same result on my Mac. I was hoping to get something concrete to approach the ISP with. It is hard enough to talk with any help line but dealing with such a specialist question in Spanish will be challenging at best. I think that it is clear it is not a problem with either my setup or Bitfolk and it is best to drop the topic. If we find any successful solution I will post it here just in case anyone might be interested. Thanks for the help. Steve

11 years, 7 months

ssh problem

by Steven Walker

> Date: Tue, 7 May 2013 20:33:36 +0000 > From: Andy Smith <andy(a)bitfolk.com> > What does "tcptraceroute 85.119.82.47 2222" look like? On the Mac it is traceroute and it looks like this traceroute 85.119.82.47 2222 traceroute to 85.119.82.47 (85.119.82.47), 64 hops max, 2222 byte packets 1 192.168.2.1 (192.168.2.1) 9.578 ms 1.762 ms 1.963 ms 2 84.78.9.126 (84.78.9.126) 40.588 ms 41.543 ms 45.456 ms 3 10.255.174.209 (10.255.174.209) 38.297 ms 38.617 ms 38.566 ms 4 10.255.174.33 (10.255.174.33) 41.854 ms 37.821 ms 36.853 ms 5 10.255.172.49 (10.255.172.49) 39.199 ms 38.932 ms 40.123 ms 6 10.255.40.10 (10.255.40.10) 36.765 ms 36.845 ms 36.554 ms 7 62.36.203.157 (62.36.203.157) 55.750 ms 56.870 ms 58.987 ms 8 62.36.204.185 (62.36.204.185) 57.058 ms 57.807 ms 57.442 ms 9 81.52.186.197 (81.52.186.197) 59.114 ms 62.327 ms 63.072 ms 10 gigabitethernet4-2-1.madcr3.Madrid.opentransit.net (193.251.128.174) 58.554 ms 58.585 ms 57.062 ms 11 level3-4.GW.opentransit.net (193.251.254.14) 56.605 ms 57.650 ms 61.437 ms 12 4.69.158.165 (4.69.158.165) 59.837 ms 4.69.158.169 (4.69.158.169) 64.200 ms 57.763 ms 13 4.69.158.193 (4.69.158.193) 84.045 ms 4.69.158.201 (4.69.158.201) 79.156 ms 4.69.158.193 (4.69.158.193) 79.661 ms 14 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 87.670 ms ae-48-48.ebr1.London1.Level3.net (4.69.143.113) 80.605 ms ae-47-47.ebr1.London1.Level3.net (4.69.143.109) 87.810 ms 15 ae-58-113.csw1.London1.Level3.net (4.69.153.122) 79.427 ms 79.153 ms 82.978 ms 16 ae-15-51.car5.London1.Level3.net (4.69.139.70) 80.034 ms 83.230 ms 84.275 ms 17 * * * 18 kwak.bitfolk.com (85.119.80.6) 121.584 ms 81.296 ms 81.811 ms 19 swalk.eu (85.119.82.47) 90.571 ms 93.089 ms 89.064 ms > > Does port 22 work? Now I am back where I am staying and cannot access the server to change the port number to test it. Steve

11 years, 7 months

ssh problem

by Steven Walker

> What does "tcptraceroute 85.119.82.47 2222" look like? Here's what > it looks like from Zen DSL: > > $ sudo tcptraceroute 85.119.82.47 2222 > Selected device eth0, address 192.168.0.8, port 42248 for outgoing packets > Tracing the path to 85.119.82.47 on TCP port 2222, 30 hops max > 1 192.168.0.7 0.539 ms 0.456 ms 0.459 ms > 2 192.168.1.1 1.271 ms 1.118 ms 1.151 ms > 3 losubs.subs.dsl1.th-lon.zen.net.uk (62.3.84.17) 20.372 ms 20.937 ms 21.221 ms > 4 ge-2-1-0-127.cr2.th-lon.zen.net.uk (62.3.84.237) 21.579 ms 20.602 ms 21.884 ms > 5 195.66.224.34 21.450 ms 22.067 ms 22.186 ms > 6 kwak.bitfolk.com (85.119.80.6) 21.823 ms 21.810 ms 21.224 ms > 7 swalk.eu (85.119.82.47) [open] 22.171 ms 21.821 ms 21.212 ms Thanks. It is getting more complicated :( I am in an internet cafe using Windows and cannot run that command. When I arrive where I am staying I will have access to a bash command line. A few minutes ago I successfully logged into the box using putty. I looked at /var/log/security and the previous attempts to log in were recorded. I guess that means that the initial ssh request was received. Unfotunately putty then crashed and I am unable to access it at all now. There is no response to a ping. Maybe it is a temporary blip or the server has crashed (the centos installation can be a bit flaky and does stop responding every ferw months) > >> Can anyone advise me on what the problem is, > > Probably something in the middle is injecting a TCP reset or > otherwise blocking the connection. The tcptraceroute may help to see > where. > >> why an ISP might do whatever it does to stop the connection > > I can't really speculate as to why they might not want you to use > port 2222. Maybe the number 2222 is against the law there. I doubt if that port in particular is blocked. It was a semi-random number I picked. When I lived in Spain this ISP was quite flexible and I ran ftp, apache, ssh and a few other things with out any problems from a domestic adsl connection. I guess it is a glitch rather than something evil. > >> or suggest some sort of work around. > > Does port 22 work? I don´t know and cannot test it at the moment. > >> PS I know I should be using SSH with authentication key instead of >> password but I have been a bit lazy getting around to it. > > The problem here seems more fundamental. Thanks for the help. I will get back to you when I have the information you requested. Steve

11 years, 7 months

Plan for enabling DNSSEC on BitFolk's resolvers

by Andy Smith

Hi, TL;DR ----- DNSSEC validation will be enabled on BitFolk's resolvers on Monday 29th April. The Plan -------- After consultation¹, we've come up with a plan for enabling DNSSEC validation on BitFolk's resolvers: 0. As of Wednesday 27th a test resolver has been available on 85.119.80.243, with validation enabled. You can either query through it directly, e.g.: dig -t a www.dnssec-failed.org @85.119.80.243 dig -t test.dnssec-or-not.net @85.119.80.243 or replace all IPs in your /etc/resolv.conf to send all your DNS queries through it. 1. Sometime on Saturday 30th March (tomorrow) we'll enable Unbound's "permissive mode" which performs validation and logs errors but always passes answers back to clients anyway: http://unbound.net/documentation/howto_turnoff_dnssec.html Note that this can give the impression that DNSSEC is in use, but it is strictly for testing and you are achieving no security benefit while this setting is in effect. 2. Around Saturday 6th April we'll review the logs to see what sort of impact real validation will have. We will not be examining each and every failure and we will not be providing per-customer details; it is your responsibility to make use of the test resolver if you wish to test your own queries. 3. Provided the results of stage 2 are not too shocking, validation will be switched on sometime on Monday 29th April, deliberately a working day so that those of you using your VPSes for business purposes will hopefully be around to spot any issues in the unlikely event of anything breaking. Frequently Asked Questions -------------------------- - What is DNSSEC? DNSSEC is a means by which DNS domain owners can digitally sign records in their zones, so that DNS resolvers can check that the answers they are receiving have not been tampered with at any stage. Aside from routine mangling of DNS responses done by local resolvers not under your control (think: the built-in DNS resolver in the access point of your hotel, or an ISP resolver that for some reason is set to monetise particular kinds of queries), there are other threats such as the hijacking for DNS for popular or critical sites. Additionally, digital signing of zone content is needed before you can trust other secure data that might be stored in the DNS such as cryptographic public keys, e.g. SSH host keys and DANE data. RFC 3833 - Threat Analysis of the Domain Name System (DNS): http://tools.ietf.org/html/rfc3833 If a DNS zone is DNSSEC-signed but the signatures fail validation, the query will typically fail with a SERVFAIL response instead of the expected answer. - Do I need to do anything? No; validation is configured in the resolver, and BitFolk runs the resolvers that are listed by default in your /etc/resolv.conf. More and more resolvers will start enabling DNSSEC so you may like to test it out for yourself ahead of time though. - I'm running a DNS server on my VPS for my domain. Do I need to change anything? No; this is about the DNS resolvers you use which are defined in your /etc/resolv.conf, not any DNS server you might be running to serve authoritative DNS data. Whether or not you enable DNSSEC signing for your domain is a separate (and more complicated) issue. - Does this mean bitfolk.com will be DNSSEC-signed? No; having resolvers that validate DNSSEC signatures is a necessary first step before we can consider DNSSEC-signing bitfolk.com and bitfolk.co.uk. - Am I secure as soon as this is enabled? Only if the domains you query have enabled DNSSEC. And only for the things that DNSSEC actually protects you against. If you have any further questions about any of this, please do reply here or contact us off-list at support(a)bitfolk.com. Cheers, Andy ¹ Thread on users list starts here: http://lists.bitfolk.com/lurker/message/20130326.230706.21113786.en.html -- http://bitfolk.com/ -- No-nonsense VPS hosting > The optimum programming team size is 1. Has Jurassic Park taught us nothing? — pfilandr _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

11 years, 8 months

Re: [bitfolk] Ubuntu 13.04 LTS (Raring Ringtail) available for install

by Andrew Quarton

I've just upgraded a nginx/mysql/php-fpm Bitfolk VPS to 13.04. No issues to report.

11 years, 8 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

BitFolk Users