Re: dynamic dns updates for clients in my home network?
I also encountered this requirement and created a tool to handle it. It runs as a non-privileged user and is independent of dhclient and the like. My DNS zones are hosted in AWS, so it uses their API. No other DNS providers are supported. https://github.com/jsleeio/ru1 I'm much more sysadmin than developer but this has been sufficiently reliable that I forget it's there John On Sun, 26 Apr 2020 at 12:00, Bryan Stenson wrote: > I've thought about this as welland would love to use native > OpenBSD tools for the job. > > Just a design idea: > > 1. Use dhcpd(8) synchronization > (https://man.openbsd.org/dhcpd.8#SYNCHRONISATION) to send details of > dhcp leases to a DNS creator/listener. > 2. The dns creator/listener creates/updates the zone file, and > 3. Send a SIGHUP to nsd(8) (https://man.openbsd.org/nsd.8#SIGHUP) to > reload the zone details. > > Issues to consider: > 1. hostname collisions - what happens (what should happen?) when more > than one dhcp client has the same hostname? > 2. what should ttl on these A records be? probably something much > less than the dhcp lease duration (depending on how aggressive clients > are at renewing soon-to-be-expired leases). > > I'm sure there are a thousand other things to consider > here...thoughts/ideas? > > On Sat, Apr 25, 2020 at 3:10 PM Raymond, David > wrote: > > > > I use dnsmasq (an openbsd package) on the gateway for my lab ethernet > > network and it works great with minimal configuration as a local DNS > > server. At home I have a Synology wireless router which does the same > > as long as you tell it to make DNS reservations. Your mileage may > > vary with cheaper routers. One could in principle use dnsmasq even in > > this case, but I haven't tried it. > > > > > > Dave Raymond > > > > On 4/25/20, bofh wrote: > > > Hi, > > > I searched through the archives and saw a couple of discussions about > using > > > Dnsmasq from a long time ago. > > > > > > Is that the best way to let the stuff in my home to have valid dns > entries > > > in my home network? > > > > > > How difficult is it to get the OpenBSD provided dhcpd and unbound to do > > > this? > > > > > > Thanks. > > > > > > > > > -- > > David J. Raymond > > david.raym...@nmt.edu > > http://physics.nmt.edu/~raymond > > > >
Re: dynamic dns updates for clients in my home network?
I've thought about this as welland would love to use native OpenBSD tools for the job. Just a design idea: 1. Use dhcpd(8) synchronization (https://man.openbsd.org/dhcpd.8#SYNCHRONISATION) to send details of dhcp leases to a DNS creator/listener. 2. The dns creator/listener creates/updates the zone file, and 3. Send a SIGHUP to nsd(8) (https://man.openbsd.org/nsd.8#SIGHUP) to reload the zone details. Issues to consider: 1. hostname collisions - what happens (what should happen?) when more than one dhcp client has the same hostname? 2. what should ttl on these A records be? probably something much less than the dhcp lease duration (depending on how aggressive clients are at renewing soon-to-be-expired leases). I'm sure there are a thousand other things to consider here...thoughts/ideas? On Sat, Apr 25, 2020 at 3:10 PM Raymond, David wrote: > > I use dnsmasq (an openbsd package) on the gateway for my lab ethernet > network and it works great with minimal configuration as a local DNS > server. At home I have a Synology wireless router which does the same > as long as you tell it to make DNS reservations. Your mileage may > vary with cheaper routers. One could in principle use dnsmasq even in > this case, but I haven't tried it. > > > Dave Raymond > > On 4/25/20, bofh wrote: > > Hi, > > I searched through the archives and saw a couple of discussions about using > > Dnsmasq from a long time ago. > > > > Is that the best way to let the stuff in my home to have valid dns entries > > in my home network? > > > > How difficult is it to get the OpenBSD provided dhcpd and unbound to do > > this? > > > > Thanks. > > > > > -- > David J. Raymond > david.raym...@nmt.edu > http://physics.nmt.edu/~raymond >
Re: dynamic dns updates for clients in my home network?
I use dnsmasq (an openbsd package) on the gateway for my lab ethernet network and it works great with minimal configuration as a local DNS server. At home I have a Synology wireless router which does the same as long as you tell it to make DNS reservations. Your mileage may vary with cheaper routers. One could in principle use dnsmasq even in this case, but I haven't tried it. Dave Raymond On 4/25/20, bofh wrote: > Hi, > I searched through the archives and saw a couple of discussions about using > Dnsmasq from a long time ago. > > Is that the best way to let the stuff in my home to have valid dns entries > in my home network? > > How difficult is it to get the OpenBSD provided dhcpd and unbound to do > this? > > Thanks. > -- David J. Raymond david.raym...@nmt.edu http://physics.nmt.edu/~raymond
Re: dynamic dns updates for clients in my home network?
On 2020-04-25 15:00, bofh wrote: > Hi, > I searched through the archives and saw a couple of discussions about using > Dnsmasq from a long time ago. > > Is that the best way to let the stuff in my home to have valid dns entries > in my home network? > > How difficult is it to get the OpenBSD provided dhcpd and unbound to do > this? > > Thanks. https://web.archive.org/web/20160310223857/http://www.thismetalsky.org/files/dhcp_dns/dhcp_dns/ This person wrote a little perl script that parsed the dhcpd lease file and wrote a Dan Bernstein TinyDNS data file. A number of years ago, he put an ISC license on it...and apparently since took it off his website. I managed to rework it to put out NSD compatible zone files, I think this is much preferable to running a package for this, but your opinion may vary. I'd show my code, but it currently runs as root, and that's just wrong (it should probably use nsd-control(8) to reload nsd. My code should probably also create a reverse DNS file, but I've not missed that enough to worry about it). I've been using this script, first As Is, but now with NSD for over 15 years. Nick.
Re: dynamic dns updates for clients in my home network?
bofh writes: > Hi, > I searched through the archives and saw a couple of discussions about > using Dnsmasq from a long time ago. > > Is that the best way to let the stuff in my home to have valid dns > entries in my home network? I've not worked with dnsmasq so can't comment on it. > How difficult is it to get the OpenBSD provided dhcpd and unbound to > do this? It's been a few years and it's not something I go back to often, but I did not find it difficult to configure dhcpd and unbound for this scenario. I basically set up dhcpd.conf with static addresses for the devices that would get local dns names, and a local-zone, local-data, and local-data-ptr records for these in unbound.conf. Also configure interface and access-control for your local network, and forward-zone to send everything else to your ISP's DNS, Google, or whatever. If you've never done it before, as I hadn't, do study the man pages. My advice is to keep configurations as minimal/simple or as close to default as possible until you understand what's going on. I found https://dnswatch.com/dns-docs/UNBOUND/ helpful for additional reading also, but with any blog posts be sure to crosscheck the current man pages as blogs tend to go stale over time. Allan
Re: dynamic dns updates for clients in my home network?
OpenBSD dhcpd and unbound does not support dynamic dns. The easyest way is to install isc-dhcp-server and isc-bind from packages. There are pretty much howtos for this setup. 25.04.2020 22:00, bofh пишет: Hi, I searched through the archives and saw a couple of discussions about using Dnsmasq from a long time ago. Is that the best way to let the stuff in my home to have valid dns entries in my home network? How difficult is it to get the OpenBSD provided dhcpd and unbound to do this? Thanks.
dynamic dns updates for clients in my home network?
Hi, I searched through the archives and saw a couple of discussions about using Dnsmasq from a long time ago. Is that the best way to let the stuff in my home to have valid dns entries in my home network? How difficult is it to get the OpenBSD provided dhcpd and unbound to do this? Thanks.
Re: pthreads, C and guacamole [Was: Reduce attack surface - Tomcat and guacamole...]
Hi Steve,
You're talking about
https://github.com/apache/guacamole-server/blob/master/src/libguac/pool.c
, I presume? In that case you're right unless
- the malloc and pthread_* functions are redefined to mean something weird, or
- the physical page containing malloc'ed pool is later made shared
between processes, or is flagged to be shared with a child after
forking, or remapped to another virtual address in the same process,
all of which are highly unlikely.
So a process-shared mutex is unnecessary here on any POSIX system, not
only on OpenBSD.
Nick Permyakov
> Hi,
>
> I am looking into guacamole's use of pthread_mutexattr_setpshare.
> (an aside, if I comment out the 4 lines of code invoking
> pthread_mutexattr_setpshare, it compiles with gcc on OpenBSD 6.6
> (GENERIC.MP) )
>
> I am an experienced C programmer, but I've never looked in threading in
> C before so it has required quite a bit of reading. I haven't been able
> to find a comprehensive "architecture" document, just various man pages,
> some with sample code.
>
> For example:
> https://linux.die.net/man/3/pthread_mutexattr_init
>
> In the above documentation, it states:
>
> ...the possibility that an application may allocate the
> synchronization objects from this section in memory that is accessed
> by multiple processes (and therefore, by threads of multiple processes).
>
> That is the purpose of the guacamole's pthread_mutexattr_setpshared(foo,
> PTHREAD_PROCESS_SHARED) , to permit multiple threaded processes to
> access the resource protected by the MUTEX.
>
> However, from my reading of the code, the MUTEX is only protecting
> malloc'd memory, which as far as I know, isn't a resource that can be
> accessed by multiple processes.
>
> It is my newby (to pthreads) interpretation of the code that in all 4
> cases, the code is malloc'ing memory that is being protected by the
> MUTEX. For example:
>
> src/libguac/pool.c:
> ...
> guac_pool* guac_pool_alloc(int size) {
>
> pthread_mutexattr_t lock_attributes;
> guac_pool* pool = malloc(sizeof(guac_pool));
> ^^^
> Allocate memory that will only be accessible by this process
>
> /* If unable to allocate, just return NULL. */
> if (pool == NULL)
> return NULL;
>
> /* Initialize empty pool */
> pool->min_size = size;
> pool->active = 0;
> pool->__next_value = 0;
> pool->__head = NULL;
> pool->__tail = NULL;
>
> /* Init lock */
> pthread_mutexattr_init(_attributes);
> pthread_mutexattr_setpshared(_attributes, PTHREAD_PROCESS_SHARED);
> pthread_mutex_init(&(pool->__lock), _attributes);
>
> This codes saves the MUTEX in the locally allocated memory
>
> No other process can find this MUTEX in malloc'd memory, so setting it
> to PTHREAD_PROCESS_SHARED seems totally irrelevant.
>
> If so, I *think* it's OK to just comment out that code as OpenBSD's
> pthread implementation will work fine within a process, just not
> multiple processes.
>
> Is this a correct assessment of the code and OpenBSD's pthread environnment?
>
> Thanks,
> Steve W.
>
> On 15/04/2020 10:19 a.m., Stuart Henderson wrote:
> > On 2020-04-14, Steve Williams wrote:
> >> Guacamole (I believe) needs to run under something like tomcat to serve
> >> up the java war file & application.
> > I looked at this before - it also requires guacamole-server to be built
> > (written in C), it requires mutexes shared between different processes
> > (pthread_mutexattr_setpshared(foo, PTHREAD_PROCESS_SHARED) which
> > isn't supported in OpenBSD's thread library.
> >
> > But what you can do is run guacamole elsewhere and have a reverse http
> > proxy running on OpenBSD doing http auth and feeding connections across.
> >
> >> So, I was thinking of using some form of authpf to open up pf rules when
> >> I needed to access systems remotely.
> >>
> >> But, I don't want to open up Tomcat to the world when I'm using
> >> guacamole, so is it possible to have authpf tweak pf rules so that the
> >> originating IP address of the ssh session would be the only one that
> >> could access Tomcat?
> > That is exactly what authpf normally does anyway.
> >
> >> I was thinking even httpd in front of tomcat with httpd authentication,
> >> but that doesn't seem to make sense to me at a high level.
> >>
> >> I was looking at relayd but it doesn't seen to have any authentication
> >> mechanism built in.
> > httpd can't proxy connections to another http server. relayd can but as
> > you say doesn't have a way to add http authentication. You can do this
> > with nginx, haproxy or Apache httpd though.
> >
Re: More than 16 partitions
> Medoesn't a care a flying fsck about what is "trendy". Is this the most ironic sentence ever posted on here? Dubiously censoring an expletive with a common 'Unix' utility isn't motivated by some sort of desire to feel like a part of the righteous ones? Come on.
Re: More than 16 partitions
If you didn't make any of this up, you dumbed it down to the point where there's no useful info left. You seem to operate on the assumption that merely dissing the work of companies and from ecosystems you don't like, as though it's the 'trendy' thing to do, is enough for you to get by on this forum without scrutiny. -- Patrick Harper paia...@fastmail.com On Thu, 23 Apr 2020, at 18:06, zeurk...@volny.cz wrote: > "Groot" wrote: > > I've tried and failed to create more than 16 > > partitions on OpenBSD. First of all I don't > > understand the difference between the operations > > performed by fdisk and disklabel. Is it that > > OpenBSD sees partitions differently? First we > > create an OpenBSD partition with fdisk and then > > with disklabel we can create at the most 16 more > > filesystem partitions within it. > > Traditionally, BSD has used only its own disklabel(5). Unfortunately, > mess-dos on the IBM pee-cee set a competing standard, the "Master Boot > Record", with a separate partition table (and a lot of kludging to > support more than 4 partitions). While it was (and AFAIK remains) > possible to use the whole disk the traditional way (only a BSD > disklabel, as on e.g. sparc64), it has become common practice to wrap > the BSD stuff in a mess-dos partition, with the caveat that some of the > mess-dos partition entries are duplicated in the BSD label. > > Thus, the BSD label is essentially OpenBSD's version of the structure of > things on the disk. But is an imperfect version: 16 partitions *is* the > limit for an OpenBSD label, and, of course, mess-dos partition > identifiers (which are more *ahem* fine-grained) are not used. To top it > off, partitions which rest within the mess-dos OpenBSD partition are not > necessarily represented on the mess-dos level (this would count, from > the mess-dos perspective, as overlap between partitions and thus confuse > a great many tools). > > Then GPT entered the story to make the mess complete. But me'll remain > blissfully unaware of the inner workings of that particular clusterfsck, > if you don't mind ;) > > It's no shame to be confused by this garbage. Almost all of us'd like > better, but for the above hysterical raisins, it's not so easy to make > it so. > > --zeurkous. > > -- > Friggin' Machines! > >
