Re: OpenBSD in a dual stack anycast DNS resolving setup
Kostas Zorbadelos kzo...@otenet.gr writes: I want to thank anyone who contributed info both on and off-list. Regards, Kostas -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba () www.asciiribbon.org - against HTML e-mail proprietary attachments /\
Re: OpenBSD in a dual stack anycast DNS resolving setup
* James Shupe jsh...@osre.org [2011-12-15 16:46]: On 12/15/11 9:40 AM, David Coppa wrote: On Thu, Dec 15, 2011 at 3:49 PM, James Shupe jsh...@osre.org wrote: I've never used it, but I wouldn't even bother because there are no native Java builds available for OpenBSD, and thus it's going to be untested and completely unsupported. Uh?!? # pkg_add -v jdk-1.7.0.00v0.tgz There is a difference between it being in ports, and being a supported platform. Also, that's OpenJDK, which is itself unsupported by a quite a few Java projects (ie, Jira). stop whining already. as much as java is sh**, we do run very big java application servers for customers on openbsd. no problems. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: OpenBSD in a dual stack anycast DNS resolving setup
James Shupe jsh...@osre.org writes: I can't speak for anycast DNS deployments, but I use OSPF heavily in large production environments and have had a great experiences with it. This is very nice to know, thank you. - what is your opinion about using a latest version of BIND from ISC instead of the BIND distribution coming with OpenBSD? The BIND distribution included in the base install is fine. Unless you happen to need a feature that is available only in a later version of BIND. The reason I asked is because I saw no relevant package in ports. - would you consider Java support on OpenBSD production quality? Seems irrelevant but we might utilize some Java tools for measurement/statistics I've never used it, but I wouldn't even bother because there are no native Java builds available for OpenBSD, and thus it's going to be untested and completely unsupported. From the sounds of it, you need to rethink your monitoring strategy and consider using SNMP and a central statistics server running the software of your choice. OK, this was an understatement from my behalf. What I have in mind is more ambitious than just monitoring/alerting. For moniting and graphs, our cacti/nagios solution will do just fine. But storing and analysing DNS query data is a whole different story... Regards, Kostas -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba () www.asciiribbon.org - against HTML e-mail proprietary attachments /\
Re: OpenBSD in a dual stack anycast DNS resolving setup
Stuart Henderson s...@spacehopper.org writes: Quagga doesn't seem to care much about OpenBSD, the current version doesn't even build here. (I did port the last round of ospf crash fixes to the previous version which does build, these are in the ports tree). Development is very fragmented, a lot of tweaks exist in 3rd party repos but there seems to be no central group trying to hold them together (at one point it looked like the google fork might do this but it appears to have stagnated). This rather recent announcement cought my interest: http://www.isc.org/news-article/how-extinct-zebra-could-upend-networking-market Seems there is quite a lot of hype and activity around Open Source routing and I think OpenBSD could play a good role there. It would be interesting to hear the thoughts of some OpenBSD developers on these areas. Perhaps in another thread, an article on Undeadly, or when they have the time and interest :) Thanks, Kostas -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba () www.asciiribbon.org - against HTML e-mail proprietary attachments /\
Re: OpenBSD in a dual stack anycast DNS resolving setup
On 12/16/11 4:57 AM, Kostas Zorbadelos wrote: James Shupe jsh...@osre.org writes: I can't speak for anycast DNS deployments, but I use OSPF heavily in large production environments and have had a great experiences with it. This is very nice to know, thank you. - what is your opinion about using a latest version of BIND from ISC instead of the BIND distribution coming with OpenBSD? The BIND distribution included in the base install is fine. Unless you happen to need a feature that is available only in a later version of BIND. The reason I asked is because I saw no relevant package in ports. - would you consider Java support on OpenBSD production quality? Seems irrelevant but we might utilize some Java tools for measurement/statistics I've never used it, but I wouldn't even bother because there are no native Java builds available for OpenBSD, and thus it's going to be untested and completely unsupported. From the sounds of it, you need to rethink your monitoring strategy and consider using SNMP and a central statistics server running the software of your choice. OK, this was an understatement from my behalf. What I have in mind is more ambitious than just monitoring/alerting. For moniting and graphs, our cacti/nagios solution will do just fine. But storing and analysing DNS query data is a whole different story... Reporting shouldn't be done on your production servers. Set up a centralized syslog server and send your query logs there for analysis. Henning Brauer says that Java works fine on OpenBSD for large deployments and I take his word for it. Still, running local reports on each server is ridiculous when you're talking about multiple servers providing the same services. Regards, Kostas -- James Shupe
Re: OpenBSD in a dual stack anycast DNS resolving setup
* Kostas Zorbadelos kzo...@otenet.gr [2011-12-16 12:08]: This rather recent announcement cought my interest: http://www.isc.org/news-article/how-extinct-zebra-could-upend-networking-market Seems there is quite a lot of hype and activity around Open Source routing and I think OpenBSD could play a good role there. It would be interesting to hear the thoughts of some OpenBSD developers on these areas. Perhaps in another thread, an article on Undeadly, or when they have the time and interest :) we're not into marketing. nor into hardware development/production. this is something where non-developers can easily jump in. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: OpenBSD in a dual stack anycast DNS resolving setup
On 2011-12-16, James Shupe jsh...@osre.org wrote: Reporting shouldn't be done on your production servers. Set up a centralized syslog server and send your query logs there for analysis. sending dns query logs via syslog to a remote server? oh man... how about mirror ports https://www.dns-oarc.net/tools/dsc
Re: OpenBSD in a dual stack anycast DNS resolving setup
On Fri, Dec 16, 2011 at 01:05:32PM +0200, Kostas Zorbadelos wrote: Stuart Henderson s...@spacehopper.org writes: Quagga doesn't seem to care much about OpenBSD, the current version doesn't even build here. (I did port the last round of ospf crash fixes to the previous version which does build, these are in the ports tree). Development is very fragmented, a lot of tweaks exist in 3rd party repos but there seems to be no central group trying to hold them together (at one point it looked like the google fork might do this but it appears to have stagnated). This rather recent announcement cought my interest: http://www.isc.org/news-article/how-extinct-zebra-could-upend-networking-market Seems there is quite a lot of hype and activity around Open Source routing and I think OpenBSD could play a good role there. It would be interesting to hear the thoughts of some OpenBSD developers on these areas. Perhaps in another thread, an article on Undeadly, or when they have the time and interest :) So when will ISC start to integrate Quagga into BIND? A DNS server needs its own routing suite. -- :wq Claudio
Re: OpenBSD in a dual stack anycast DNS resolving setup
* Claudio Jeker cje...@diehard.n-r-g.com [2011-12-16 22:58]: So when will ISC start to integrate Quagga into BIND? A DNS server needs its own routing suite. when it has been rewritten in python. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: OpenBSD in a dual stack anycast DNS resolving setup
On Fri, 2011-12-16 at 21:33 +, Stuart Henderson wrote: On 2011-12-16, James Shupe jsh...@osre.org wrote: Reporting shouldn't be done on your production servers. Set up a centralized syslog server and send your query logs there for analysis. sending dns query logs via syslog to a remote server? oh man... how about mirror ports https://www.dns-oarc.net/tools/dsc Nice looking tool... I was unaware of it. I mentioned the remote syslog option because one of the educational institutions I work for logs all DNS queries to a central server for monitoring student internet usage. Works fine. I reckon the tool you linked is a better fit for the op's use, but assume that they have their own in house software written in Java that uses either pcap or log entries... -- James Shupe
OpenBSD in a dual stack anycast DNS resolving setup
Greetings to all, we are running a project to anycast our DNS resolver infrastructure. The case is a big commercial country-wide IP network. The company uses Linux extensively in the infrastructure but no BSDs. I keep an eye on OpenBSD developments (mostly high level) and use the system personally, but I have no personal experience in larger setups and production services. I find the project a good match for OpenBSD, because of the system's strong networking features and routing support. I will definitely include OpenBSD in our tests and hopefully make a case for it, to introduce it in our infrastructure. The main contenders as you realise are Linux-based setups with either Quagga or BIRD. As for DNS software we will stick with BIND for now and perhaps consider UNBOUND in the future (when the future involves DNSSEC). From what I have seen so far in various sources, people mention Quagga's scalability problems and maybe old architecture while good words are said about BIRD. We are after a solid OSPF implementation both v2 and v3 (IPv6). I have seen OpenBSD's routing software architecture and I like it a lot and I also have a high regard for the system's quality. Of course personal taste is not enough as you understand to support a case of introduction of a new platform in a production, commercial environment with A LOT of contraints mostly non-technical. The questions therefore are: - has anyone done anything similar using OpenBSD that would like to share? - how would you compare with facts and not flamewars OpenOSPFd against Quagga or BIRD implementations? - what is your opinion about using a latest version of BIND from ISC instead of the BIND distribution coming with OpenBSD? - is there any option of commercial support? - would you consider Java support on OpenBSD production quality? Seems irrelevant but we might utilize some Java tools for measurement/statistics Thanks for the very good and hard work on the system. I would be interested to hear any thoughts even off-list. Regards, Kostas -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba () www.asciiribbon.org - against HTML e-mail proprietary attachments /\
Re: OpenBSD in a dual stack anycast DNS resolving setup
On 12/15/11 6:15 AM, Kostas Zorbadelos wrote: Greetings to all, we are running a project to anycast our DNS resolver infrastructure. The case is a big commercial country-wide IP network. The company uses Linux extensively in the infrastructure but no BSDs. I keep an eye on OpenBSD developments (mostly high level) and use the system personally, but I have no personal experience in larger setups and production services. I find the project a good match for OpenBSD, because of the system's strong networking features and routing support. I will definitely include OpenBSD in our tests and hopefully make a case for it, to introduce it in our infrastructure. The main contenders as you realise are Linux-based setups with either Quagga or BIRD. As for DNS software we will stick with BIND for now and perhaps consider UNBOUND in the future (when the future involves DNSSEC). From what I have seen so far in various sources, people mention Quagga's scalability problems and maybe old architecture while good words are said about BIRD. We are after a solid OSPF implementation both v2 and v3 (IPv6). I have seen OpenBSD's routing software architecture and I like it a lot and I also have a high regard for the system's quality. Of course personal taste is not enough as you understand to support a case of introduction of a new platform in a production, commercial environment with A LOT of contraints mostly non-technical. The questions therefore are: - has anyone done anything similar using OpenBSD that would like to share? I can't speak for anycast DNS deployments, but I use OSPF heavily in large production environments and have had a great experiences with it. - how would you compare with facts and not flamewars OpenOSPFd against Quagga or BIRD implementations? I haven't used BIRD, but Quagga worked well when I used it. On that note, the OpenBSD network stack seems a lot better tuned for production routing services than an out of the box Linux install from any vendor. You also get to run on a code base that was carefully designed and audited rather than hacked together by a bunch of third parties with varying skills and interests when running OpenBSD. - what is your opinion about using a latest version of BIND from ISC instead of the BIND distribution coming with OpenBSD? The BIND distribution included in the base install is fine. - is there any option of commercial support? There are lots of great third party support providers. http://www.openbsd.org/support.html - would you consider Java support on OpenBSD production quality? Seems irrelevant but we might utilize some Java tools for measurement/statistics I've never used it, but I wouldn't even bother because there are no native Java builds available for OpenBSD, and thus it's going to be untested and completely unsupported. From the sounds of it, you need to rethink your monitoring strategy and consider using SNMP and a central statistics server running the software of your choice. Thanks for the very good and hard work on the system. I would be interested to hear any thoughts even off-list. Regards, Kostas -- James Shupe
Re: OpenBSD in a dual stack anycast DNS resolving setup
On Thu, Dec 15, 2011 at 3:49 PM, James Shupe jsh...@osre.org wrote: I've never used it, but I wouldn't even bother because there are no native Java builds available for OpenBSD, and thus it's going to be untested and completely unsupported. Uh?!? # pkg_add -v jdk-1.7.0.00v0.tgz ciao, David
Re: OpenBSD in a dual stack anycast DNS resolving setup
On 12/15/11 9:40 AM, David Coppa wrote: On Thu, Dec 15, 2011 at 3:49 PM, James Shupe jsh...@osre.org wrote: I've never used it, but I wouldn't even bother because there are no native Java builds available for OpenBSD, and thus it's going to be untested and completely unsupported. Uh?!? # pkg_add -v jdk-1.7.0.00v0.tgz There is a difference between it being in ports, and being a supported platform. Also, that's OpenJDK, which is itself unsupported by a quite a few Java projects (ie, Jira). ciao, David -- James Shupe
Re: OpenBSD in a dual stack anycast DNS resolving setup
Uh?!? # pkg_add -v jdk-1.7.0.00v0.tgz By the way, I got this jdk-1.7.0.00v0.tgz installed on my system, but I don't see a JAVA plugin for the Firefox. :( I need JAVA for a couple of minutes to check out several remove Windows machines through a remote JAVA applet. Anybody can advise something? Thank you. ciao, David
Re: OpenBSD in a dual stack anycast DNS resolving setup
On Thu, 15 Dec 2011, Vitali wrote: From: Vitali coonar...@gmail.com To: misc@openbsd.org Date: Thu, 15 Dec 2011 15:57:24 Subject: Re: OpenBSD in a dual stack anycast DNS resolving setup X-Spam-Score: 0.0 (/) Uh?!? # pkg_add -v jdk-1.7.0.00v0.tgz By the way, I got this jdk-1.7.0.00v0.tgz installed on my system, but I don't see a JAVA plugin for the Firefox. :( I need JAVA for a couple of minutes to check out several remove Windows machines through a remote JAVA applet. Anybody can advise something? From: http://www.openbsd.org/faq/faq8.html#Programming Due to Sun's restrictive SCSL license, OpenBSD cannot ship binary packages for the JDK 1.7. Starting from 1.7 OpenBSD has a fully GPLv2 licensed port, that can be installed as a package. Users looking for the browser plugin will still need to build 1.5 or 1.6 from ports until Sun releases the plugin code. Note that you will need plenty of RAM for this build to succeed. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101
Re: OpenBSD in a dual stack anycast DNS resolving setup
On 2011-12-15, Kostas Zorbadelos kzo...@otenet.gr wrote: Greetings to all, we are running a project to anycast our DNS resolver infrastructure. The case is a big commercial country-wide IP network. The company uses Linux extensively in the infrastructure but no BSDs. I keep an eye on OpenBSD developments (mostly high level) and use the system personally, but I have no personal experience in larger setups and production services. I find the project a good match for OpenBSD, because of the system's strong networking features and routing support. I will definitely include OpenBSD in our tests and hopefully make a case for it, to introduce it in our infrastructure. The main contenders as you realise are Linux-based setups with either Quagga or BIRD. As for DNS software we will stick with BIND for now and perhaps consider UNBOUND in the future (when the future involves DNSSEC). From what I have seen so far in various sources, people mention Quagga's scalability problems and maybe old architecture while good words are said about BIRD. We are after a solid OSPF implementation both v2 and v3 (IPv6). I have seen OpenBSD's routing software architecture and I like it a lot and I also have a high regard for the system's quality. Of course personal taste is not enough as you understand to support a case of introduction of a new platform in a production, commercial environment with A LOT of contraints mostly non-technical. The questions therefore are: - has anyone done anything similar using OpenBSD that would like to share? - how would you compare with facts and not flamewars OpenOSPFd against Quagga or BIRD implementations? Quagga doesn't seem to care much about OpenBSD, the current version doesn't even build here. (I did port the last round of ospf crash fixes to the previous version which does build, these are in the ports tree). Development is very fragmented, a lot of tweaks exist in 3rd party repos but there seems to be no central group trying to hold them together (at one point it looked like the google fork might do this but it appears to have stagnated). OpenBSD is not a primary target for BIRD, it runs here but misses some things. I'd probably favour it over Quagga if for some reason you couldn't use the native tools. I certainly wouldn't have a problem running something like this using ospfd. I haven't used ospf6d at all yet myself so couldn't comment on it. - what is your opinion about using a latest version of BIND from ISC instead of the BIND distribution coming with OpenBSD? I haven't used either much recently, so I can't really say. (I'm running Unbound myself). - is there any option of commercial support? There are some on www.openbsd.org/support.html who can help, but if you need something particular you might do better to outline what you need on misc@ and ask for people to reply off-list ... - would you consider Java support on OpenBSD production quality? Seems irrelevant but we might utilize some Java tools for measurement/statistics I've only used it for non-critical things myself but it seems to work fairly well. Thanks for the very good and hard work on the system. I would be interested to hear any thoughts even off-list. Regards, Kostas
Re: OpenBSD in a dual stack anycast DNS resolving setup
- how would you compare with facts and not flamewars OpenOSPFd against Quagga or BIRD implementations? This is not technical but...the openbsd ospfd tools does not pretend to be Cisco and does not mimic the god-awful IOS cli and config format. Personally that is something I really, really like. OpenBSD's ospf v3 may not be up to your requirements but I havent followed that so it might be usable now. - what is your opinion about using a latest version of BIND from ISC instead of the BIND distribution coming with OpenBSD? I use the OpenBSD nsd from base along with unbound so I can't say. - would you consider Java support on OpenBSD production quality? Seems irrelevant but we might utilize some Java tools for measurement/statistics Not using Java for this purpose, or any purpose, so I can't say. We use SNMP and collectd to get performance metrics. Cheers, Lars
