Re: [osol-discuss] Sorry to rehash... turn off system bell b134

2010-11-05 Thread Harry Putnam 
Harry Putnam  writes:

> I've seen directions how to do it using gnome-config-editor
>
> That does not seem to be available here... (a recent b134 install)
>
> pkg list can't find it

Disregard this question, a bit more googling turned up the answer.

Anyone else who missed the technique:

google for the string `opensolaris bell config-editor'

You will find the way to do it.

___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Will Fiveash 
On Fri, Nov 05, 2010 at 10:50:45AM -0700, Mike DeMarco wrote:
> > ssh will try to do krb auth by default and krb
> > bypasses the nsswitch to
> > always try DNS to canonicalize host names.  So it may
> > help to config ssh
> > to not try krb auth (which is basically the gssapi*
> > auth methods, see
> > man ssh_config).  If that doesn't help, use truss or
> > dtrace to see how
> > dns is getting called via ssh.
> > 
> 
> Will:  Man pages say that GSSAPIAuthentication defaults to on. I turned it 
> off in the ssh_config file and it still does a dns lookup.  
> So what your saying is that in krb mode ssh does not do a gethostbyname ? 
> What does it do since gethostbyname would hit the nsswitch.

I was making an educated guess.  Use truss to see exactly what it is doing.
Try:
truss -o truss.out -t!all -u *: ssh 
or
truss -o truss.out -t!all -u *:: ssh 
for more detail (will slow ssh way down).

You can also use ssh -vvv to get verbose debug info from ssh to see what
auths it is trying.

-- 
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app 
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Mike Gerdts 
On Fri, Nov 5, 2010 at 12:22 PM, Milan Jurik  wrote:
>
> Hi,
>
> Mike Gerdts píše v pá 05. 11. 2010 v 12:10 -0500:
> > It is trying to do an IPv6 lookup (via ipnodes) before trying an IPv4
> > lookup (via hosts).  Since you probably aren't using IPv6, you can get
> > the desired behavior with:
> >
> > hosts: files nis dns
> > ipnodes: files
> >
>
> such config is really bd idea. Keep them in sync from Solaris 10
> releases.

Can you elaborate?  If IPv6 is not in use, having ipnodes go to DNS
does little other than cause unnecessary DNS requests that will always
fail.  My observation is that the times that you notice it is failing
are those times where it causes a really long timeout to be invoked.

--
Mike Gerdts
http://mgerdts.blogspot.com/
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Mike DeMarco 
> So yes I took the dns away from ipnodes and the
> lookups stopped. So the question is why is ipnodes
> not adhearing to nsswitch hierarchy?

Duo. Ok since I don't have ipv6 in my DNS it was timing out on that 

All makes sense now..

Thanks for your help
-- 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Mike DeMarco 
So yes I took the dns away from ipnodes and the lookups stopped. So the 
question is why is ipnodes not adhearing to nsswitch hierarchy?
-- 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Mike DeMarco 
> ssh will try to do krb auth by default and krb
> bypasses the nsswitch to
> always try DNS to canonicalize host names.  So it may
> help to config ssh
> to not try krb auth (which is basically the gssapi*
> auth methods, see
> man ssh_config).  If that doesn't help, use truss or
> dtrace to see how
> dns is getting called via ssh.
> 

Will:  Man pages say that GSSAPIAuthentication defaults to on. I turned it off 
in the ssh_config file and it still does a dns lookup.  
So what your saying is that in krb mode ssh does not do a gethostbyname ? What 
does it do since gethostbyname would hit the nsswitch.

> -- 
> Will Fiveash
> Oracle
> http://opensolaris.org/os/project/kerberos/
> Sent using mutt, a sweet, text based e-mail app
> 
> ___
> opensolaris-discuss mailing list
> opensolaris-discuss@opensolaris.org
>
-- 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Will Fiveash 
On Fri, Nov 05, 2010 at 10:03:25AM -0700, Mike DeMarco wrote:
> Build 134
> My nsswitch.conf file is setup as such
> 
> hosts files nis dns
> ipnodes files nis dns
> 
> when snooping the interface I see dns lookups even though the ipaddress lives 
> in the local host file and or the nis database.
> 
> It was a very early problem with nsswitch that it would still follow through 
> with requests even though they were satisfied with the prior request. I tried 
> to limit it going out to the next resource if the current one was found with
> 
> hosts:  files [SUCCESS=return] nis [SUCCESS=return] dns
> ipnodes:files [SUCCESS=return] nis [SUCCESS=return] dns
> 
> But still every request goes to dns no matter what it finds in the files 
> database or nis database.
> 
> Waiting for a dns timeout on every ssh to a host that is not in dns is a 
> killer.
> 
> Anyone seen this behavior and have input.

ssh will try to do krb auth by default and krb bypasses the nsswitch to
always try DNS to canonicalize host names.  So it may help to config ssh
to not try krb auth (which is basically the gssapi* auth methods, see
man ssh_config).  If that doesn't help, use truss or dtrace to see how
dns is getting called via ssh.

-- 
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app 
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Milan Jurik 
Hi,

Mike Gerdts píše v pá 05. 11. 2010 v 12:10 -0500:
> It is trying to do an IPv6 lookup (via ipnodes) before trying an IPv4
> lookup (via hosts).  Since you probably aren't using IPv6, you can get
> the desired behavior with:
> 
> hosts: files nis dns
> ipnodes: files
> 

such config is really bd idea. Keep them in sync from Solaris 10
releases.


> Releases of Solaris/OpenSolaris later than what you appear to be
> running know how to look up IPv6 addresses via hosts as well.  That
> is, ipnodes in nsswitch.conf becomes obsolete.
> 

Not at all.

Anyway, I would check these things:

/etc/hosts -> ./inet/hosts
/etc/inet/ipnodes -> ./hosts

aka - are both flat files pointing on the same file in /etc/inet/hosts

---

Mike DeMarco píše v pá 05. 11. 2010 v 10:12 -0700:
> Even though nscd is running with the default ttl a ssh to the same
> host within a minute is still going out and hitting DNS.
> 

nscd is respecting DNS TTLs. Also check nscd.conf

And use dtrace on nscd, check if nss_files functions are called and what
they return.

Best regards,

Milan

> Mike
> 
> On Fri, Nov 5, 2010 at 12:03 PM, Mike DeMarco 
> wrote:
> Build 134
> My nsswitch.conf file is setup as such
> 
> hosts files nis dns
> ipnodes files nis dns
> 
> when snooping the interface I see dns lookups even though the
> ipaddress lives in the local host file and or the nis
> database.
> 
> It was a very early problem with nsswitch that it would still
> follow through with requests even though they were satisfied
> with the prior request. I tried to limit it going out to the
> next resource if the current one was found with
> 
> hosts:  files [SUCCESS=return] nis [SUCCESS=return] dns
> ipnodes:files [SUCCESS=return] nis [SUCCESS=return] dns
> 
> But still every request goes to dns no matter what it finds in
> the files database or nis database.
> 
> Waiting for a dns timeout on every ssh to a host that is not
> in dns is a killer.
> 
> Anyone seen this behavior and have input.
> 
> Thanks
> --
> This message posted from opensolaris.org
> ___
> opensolaris-discuss mailing list
> opensolaris-discuss@opensolaris.org
> 
> 
> 
> -- 
> Mike Gerdts
> http://mgerdts.blogspot.com/
> ___
> opensolaris-discuss mailing list
> opensolaris-discuss@opensolaris.org


___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Mike DeMarco 
Even though nscd is running with the default ttl a ssh to the same host within 
a minute is still going out and hitting DNS.
-- 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] System always hits dns

2010-11-05 Thread Mike Gerdts 
It is trying to do an IPv6 lookup (via ipnodes) before trying an IPv4 lookup
(via hosts).  Since you probably aren't using IPv6, you can get the desired
behavior with:

hosts: files nis dns
ipnodes: files

Releases of Solaris/OpenSolaris later than what you appear to be running
know how to look up IPv6 addresses via hosts as well.  That is, ipnodes in
nsswitch.conf becomes obsolete.

Mike

On Fri, Nov 5, 2010 at 12:03 PM, Mike DeMarco  wrote:

> Build 134
> My nsswitch.conf file is setup as such
>
> hosts files nis dns
> ipnodes files nis dns
>
> when snooping the interface I see dns lookups even though the ipaddress
> lives in the local host file and or the nis database.
>
> It was a very early problem with nsswitch that it would still follow
> through with requests even though they were satisfied with the prior
> request. I tried to limit it going out to the next resource if the current
> one was found with
>
> hosts:  files [SUCCESS=return] nis [SUCCESS=return] dns
> ipnodes:files [SUCCESS=return] nis [SUCCESS=return] dns
>
> But still every request goes to dns no matter what it finds in the files
> database or nis database.
>
> Waiting for a dns timeout on every ssh to a host that is not in dns is a
> killer.
>
> Anyone seen this behavior and have input.
>
> Thanks
> --
> This message posted from opensolaris.org
> ___
> opensolaris-discuss mailing list
> opensolaris-discuss@opensolaris.org
>



-- 
Mike Gerdts
http://mgerdts.blogspot.com/
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

[osol-discuss] System always hits dns

2010-11-05 Thread Mike DeMarco 
Build 134
My nsswitch.conf file is setup as such

hosts files nis dns
ipnodes files nis dns

when snooping the interface I see dns lookups even though the ipaddress lives 
in the local host file and or the nis database.

It was a very early problem with nsswitch that it would still follow through 
with requests even though they were satisfied with the prior request. I tried 
to limit it going out to the next resource if the current one was found with

hosts:  files [SUCCESS=return] nis [SUCCESS=return] dns
ipnodes:files [SUCCESS=return] nis [SUCCESS=return] dns

But still every request goes to dns no matter what it finds in the files 
database or nis database.

Waiting for a dns timeout on every ssh to a host that is not in dns is a killer.

Anyone seen this behavior and have input.

Thanks
-- 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

[osol-discuss] Sorry to rehash... turn off system bell b134

2010-11-05 Thread Harry Putnam 
I've been googling around for an hour now and seeing lots of stuff
about the obnoxious system bell...

Apparently its gone back and forth as to how to turn it off.

Here, `xset -b | xset b off' does not turn it off in an xterm

I've seen directions how to do it using gnome-config-editor

That does not seem to be available here... (a recent b134 install)

pkg list can't find it

Maybe called something else now?

The volume control under preferences, does nothing to it.
Anyway, what is a sure fire way to turn the system bell clear off?


___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org