Jeremy Chadwick wrote, on 7/22/2008 9:34 PM:
> On Tue, Jul 22, 2008 at 11:45:30AM -0800, Royce Williams wrote:
>> We have 10 SuperMicro PDSMi+ 5015M-MTs that are panic'ing every few
>> days. This started shortly after upgrade from 6.2-RELEASE to
>> 6.3-RELEASE with freebsd-update.
>
> We use the
Lots of good discussion on this thread, I'm going to cherry-pick some
things to respond to.
Kevin Oberman wrote:
And, if you are not sure how good a job it does (and I am not), you
should use the OARC test to check how well it works: dig +short
porttest.dns-oarc.net TXT
If the result is not
On Tue, Jul 22, 2008 at 11:45:30AM -0800, Royce Williams wrote:
> We have 10 SuperMicro PDSMi+ 5015M-MTs that are panic'ing every few
> days. This started shortly after upgrade from 6.2-RELEASE to
> 6.3-RELEASE with freebsd-update.
We use the same hardware (board and chassis), and have no such pr
On Tue, Jul 22, 2008 at 11:45:30AM -0800, Royce Williams wrote:
> We have 10 SuperMicro PDSMi+ 5015M-MTs that are panic'ing every few
> days. This started shortly after upgrade from 6.2-RELEASE to
> 6.3-RELEASE with freebsd-update.
I was having similar problems on some servers using 6.2-psometh
--On July 23, 2008 10:46:43 AM +1000 Mark Andrews <[EMAIL PROTECTED]>
wrote:
I just played around with it recently. It's not that easy to
understand initially *and* the trust anchors thing is a royal PITA.
Once you implement DNSSEC you *must* generate keys every 30 days. So,
I thin k,
if you
Jeremy, I can't agree with you more, for some reason
crypto people seem to believe that in order to drive
a car you should have to know how to rebuild a carb.
Makes no sense.
The funny part is that your comparison with setting up
IPsec is the same thing that I compare these things to.
Back in 20
On Tue, Jul 22, 2008 at 12:52:15PM -0500, Paul Schmehl wrote:
> --On Tuesday, July 22, 2008 10:27:42 -0700 Doug Barton
> <[EMAIL PROTECTED]> wrote:
>
>> Matthew Seaman wrote:
>>
>>> Are there any plans to enable DNSSEC capability in the resolver built
>>> into FreeBSD?
>>
>> The server is already
> On Tue, Jul 22, 2008 at 05:52:42PM +0200, Oliver Fromme wrote:
> > Brett Glass wrote:
> > > At 02:24 PM 7/21/2008, Kevin Oberman wrote:
> > >
> > > > Don't forget that ANY server that caches data, including an end system
> > > > running a caching only server is vulnerable.
> > >
> > > Act
> This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
> --enig5488BAD5E4511AF4D0C2864A
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: quoted-printable
>
> Doug Barton wrote:
> > Matthew Seaman wrote:
> >=20
> >> Are there any plans to
> --On Tuesday, July 22, 2008 10:27:42 -0700 Doug Barton <[EMAIL PROTECTED]>
> wrote:
>
> > Matthew Seaman wrote:
> >
> >> Are there any plans to enable DNSSEC capability in the resolver built
> >> into FreeBSD?
> >
> > The server is already capable of it. I'm seriously considering enabling the
On Tue, Jul 22, 2008 at 06:47:34PM +0100, ian j hart wrote:
> On Tuesday 22 July 2008 17:37:24 Jeremy Chadwick wrote:
> > On Tue, Jul 22, 2008 at 05:27:52PM +0100, ian j hart wrote:
> > > Same hardware as my other thread.
> > > http://www.supermicro.com/products/system/1U/5015/SYS-5015B-MT.cfm
> >
Royce Williams wrote:
Kris Kennaway wrote, on 7/22/2008 12:12 PM:
Royce Williams wrote:
db> trace
Tracing pid 71182 tid 100325 td 0xcc08b180
kdb_enter(c095f294) at kdb_enter+0x2b
panic(c09768ad,1000,1400,c145bc88,1000,...) at panic+0x127
kmem_malloc(c14680c0,1000,102,eba6a8cc,c07e3fa5,...)
> Date: Tue, 22 Jul 2008 15:30:53 -0500
> From: Paul Schmehl <[EMAIL PROTECTED]>
>
> --On Tuesday, July 22, 2008 13:07:20 -0700 Kevin Oberman <[EMAIL PROTECTED]>
> wrote:
> >
> >> Once you implement DNSSEC you *must* generate keys every 30 days. So,
> >> I think, if you're going to enable it by
On 2008-07-22 00:00, John Baldwin wrote:
> On Monday 21 July 2008 06:07:52 am Oleg V. Nauman wrote:
>> Well.. Backout 1.243.2.3 revision of /usr/src/sys/dev/acpica/acpi.c
>> (committed to RELENG_7 at July 10 by jhb) fixes this issue for me:
>>
>> acpi_hpet0: iomem 0xfed0-0xfed003ff on
> a
Kris Kennaway wrote, on 7/22/2008 12:12 PM:
> Royce Williams wrote:
>
>> db> trace
>> Tracing pid 71182 tid 100325 td 0xcc08b180
>> kdb_enter(c095f294) at kdb_enter+0x2b
>> panic(c09768ad,1000,1400,c145bc88,1000,...) at panic+0x127
>> kmem_malloc(c14680c0,1000,102,eba6a8cc,c07e3fa5,...) at kme
On Tuesday 22 July 2008 04:37:51 am Oleg V. Nauman wrote:
> Quoting John Baldwin <[EMAIL PROTECTED]>:
>
> > On Monday 21 July 2008 06:07:52 am Oleg V. Nauman wrote:
> >> Quoting "Oleg V. Nauman" <[EMAIL PROTECTED]>:
> >>
> >> > Quoting Jeremy Chadwick <[EMAIL PROTECTED]>:
> >> >
> >> >> On Sat, Ju
--On Tuesday, July 22, 2008 13:07:20 -0700 Kevin Oberman <[EMAIL PROTECTED]>
wrote:
Once you implement DNSSEC you *must* generate keys every 30 days. So,
I think, if you're going to enable it by default, there needs to be a
script in periodic that will do all the magic to change keys every 30
Royce Williams wrote:
db> trace
Tracing pid 71182 tid 100325 td 0xcc08b180
kdb_enter(c095f294) at kdb_enter+0x2b
panic(c09768ad,1000,1400,c145bc88,1000,...) at panic+0x127
kmem_malloc(c14680c0,1000,102,eba6a8cc,c07e3fa5,...) at kmem_malloc+0x89
You forgot to include the panic, but this is
> Date: Tue, 22 Jul 2008 12:52:15 -0500
> From: Paul Schmehl <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
>
> --On Tuesday, July 22, 2008 10:27:42 -0700 Doug Barton <[EMAIL PROTECTED]>
> wrote:
>
> > Matthew Seaman wrote:
> >
> >> Are there any plans to enable DNSSEC capability in the resolve
We have 10 SuperMicro PDSMi+ 5015M-MTs that are panic'ing every few
days. This started shortly after upgrade from 6.2-RELEASE to
6.3-RELEASE with freebsd-update.
Other than switching to a debugging kernel, a little sysctl tuning,
and patching with freebsd-update, they are stock. The debugging
ke
Kostik Belousov написав(ла):
On Tue, Jul 22, 2008 at 03:26:29PM -0400, Mikhail Teterin wrote:
Kostik Belousov написав(ла):
Did you switched to the process before doing backtrace (using the proc
command)?
Ok, thanks. Did not know about this one. Here:
...
(kgdb) proc 79759
(kgdb) bt
#0 sched
On Tue, Jul 22, 2008 at 01:09:28PM -0400, Mikhail Teterin wrote:
> Kris Kennaway написав(ла):
> >Mikhail Teterin wrote:
> >>Kris Kennaway написав(ла):
> >>>Well, I mean kernel backtrace.
> >>Can I obtain that remotely and without restarting/panicking the box?
> >>Thanks,
> >kgdb on /dev/mem or pro
On Tue, Jul 22, 2008 at 03:26:29PM -0400, Mikhail Teterin wrote:
> Kostik Belousov написав(ла):
> >Did you switched to the process before doing backtrace (using the proc
> >
> >command)?
> Ok, thanks. Did not know about this one. Here:
> ...
> (kgdb) proc 79759
> (kgdb) bt
> #0 sched_switch (td=0
Kostik Belousov написав(ла):
Did you switched to the process before doing backtrace (using the proc
command)?
Ok, thanks. Did not know about this one. Here:
...
(kgdb) proc 79759
(kgdb) bt
#0 sched_switch (td=0xff01286dc000, newtd=0xff00010ce000,
flags=2) at /var/src/sys/kern/sched_4b
Doug Barton wrote:
Matthew Seaman wrote:
Are there any plans to enable DNSSEC capability in the resolver built
into FreeBSD?
The server is already capable of it. I'm seriously considering enabling
the define to make the CLI tools (dig/host/nslookup) capable as well
(there is already an OPTI
> If you're interested in a resolver-only solution (and that is not a
> bad way to go) then you should evaluate dns/unbound. It is a
> lightweight resolver-only server that has a good security model and
> already implements query port randomization. It also has the advantage
> of being maintain
--On Tuesday, July 22, 2008 10:27:42 -0700 Doug Barton <[EMAIL PROTECTED]>
wrote:
Matthew Seaman wrote:
Are there any plans to enable DNSSEC capability in the resolver built
into FreeBSD?
The server is already capable of it. I'm seriously considering enabling the
define to make the CLI tool
On Tuesday 22 July 2008 17:37:24 Jeremy Chadwick wrote:
> On Tue, Jul 22, 2008 at 05:27:52PM +0100, ian j hart wrote:
> > Same hardware as my other thread.
> > http://www.supermicro.com/products/system/1U/5015/SYS-5015B-MT.cfm
> >
> > [using 2Gb RAM and SATA in legacy mode]
> >
> > I'd like to focu
--On Tuesday, July 22, 2008 09:37:14 -0700 Doug Barton <[EMAIL PROTECTED]>
wrote:
Clifton Royston wrote:
I also think that modular design of security-sensitive tools is the
way to go, with his DNS tools as with Postfix.
Dan didn't write postfix, he wrote qmail.
I think his point was that
Matthew Seaman wrote:
Are there any plans to enable DNSSEC capability in the resolver built
into FreeBSD?
The server is already capable of it. I'm seriously considering
enabling the define to make the CLI tools (dig/host/nslookup) capable
as well (there is already an OPTION for this in ports
Doug Barton wrote:
Clifton Royston wrote:
I also think that modular design of security-sensitive tools is the
way to go, with his DNS tools as with Postfix.
Dan didn't write postfix, he wrote qmail.
If you're interested in a resolver-only solution (and that is not a bad
way to go) then you
Clifton Royston wrote:
On Tue, Jul 22, 2008 at 09:39:20AM -0700, Doug Barton wrote:
cpghost wrote:
Yes indeed. If I understand all this correctly, it's because the
transaction ID that has to be sent back is only 2 bytes long,
2 bits, 16 bytes.
^ Think you mean those the othe
Kris Kennaway написав(ла):
Mikhail Teterin wrote:
Kris Kennaway написав(ла):
Well, I mean kernel backtrace.
Can I obtain that remotely and without restarting/panicking the box?
Thanks,
kgdb on /dev/mem or procstat
[EMAIL PROTECTED]:~ (107) kgdb /boot/kernel/kernel /dev/mem
[...]
(kg
On Tue, Jul 22, 2008 at 09:39:20AM -0700, Doug Barton wrote:
> cpghost wrote:
> >Yes indeed. If I understand all this correctly, it's because the
> >transaction ID that has to be sent back is only 2 bytes long,
>
> 2 bits, 16 bytes.
^ Think you mean those the other way!
> >and
On Tue, Jul 22, 2008 at 09:37:14AM -0700, Doug Barton wrote:
> Clifton Royston wrote:
> > I also think that modular design of security-sensitive tools is the
> >way to go, with his DNS tools as with Postfix.
>
> Dan didn't write postfix, he wrote qmail.
I know, but I think qmail sucks. Wietse
Mikhail Teterin wrote:
Kris Kennaway написав(ла):
Well, I mean kernel backtrace.
Can I obtain that remotely and without restarting/panicking the box?
Thanks,
-mi
kgdb on /dev/mem or procstat
Kris
___
freebsd-stable@freebsd.org mailing list
h
Kris Kennaway написав(ла):
Well, I mean kernel backtrace.
Can I obtain that remotely and without restarting/panicking the box? Thanks,
-mi
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsub
Jeremy Chadwick wrote:
On Tue, Jul 22, 2008 at 12:13:25PM -0400, Mikhail Teterin wrote:
Kris Kennaway ???(??):
Mikhail Teterin wrote:
Hello!
My attempt to build openoffice.org-3 seems to be hanging. Pressing
Ctrl-T produces:
load: 0.11 cmd: tcsh 79759 [sleeping without queue] 0.00
cpghost wrote:
Yes indeed. If I understand all this correctly, it's because the
transaction ID that has to be sent back is only 2 bytes long,
2 bits, 16 bytes.
and if the query port doesn't change as well with every query, that
can be cracked in milliseconds: sending 65536 DNS queries to a
co
On Tue, Jul 22, 2008 at 05:27:52PM +0100, ian j hart wrote:
> Same hardware as my other thread.
> http://www.supermicro.com/products/system/1U/5015/SYS-5015B-MT.cfm
>
> [using 2Gb RAM and SATA in legacy mode]
>
> I'd like to focus only on making the CDROM boot complete.
>
> Summary: hangs just a
Clifton Royston wrote:
I also think that modular design of security-sensitive tools is the
way to go, with his DNS tools as with Postfix.
Dan didn't write postfix, he wrote qmail.
If you're interested in a resolver-only solution (and that is not a
bad way to go) then you should evaluate dns
Same hardware as my other thread.
http://www.supermicro.com/products/system/1U/5015/SYS-5015B-MT.cfm
[using 2Gb RAM and SATA in legacy mode]
I'd like to focus only on making the CDROM boot complete.
Summary: hangs just after the CPUs are launched.
6.2-RELEASE works okay, no AHCI support
6.3
Jeremy Chadwick написав(ла):
On Tue, Jul 22, 2008 at 12:13:25PM -0400, Mikhail Teterin wrote:
Kris Kennaway написав(ла):
Mikhail Teterin wrote:
Hello!
My attempt to build openoffice.org-3 seems to be hanging. Pressing
Ctrl-T produces:
load: 0.11 cmd: tcsh 79759 [sleepin
On Tue, Jul 22, 2008 at 05:52:42PM +0200, Oliver Fromme wrote:
> Brett Glass wrote:
> > At 02:24 PM 7/21/2008, Kevin Oberman wrote:
> >
> > > Don't forget that ANY server that caches data, including an end system
> > > running a caching only server is vulnerable.
> >
> > Actually, there is a
On Tue, Jul 22, 2008 at 12:13:25PM -0400, Mikhail Teterin wrote:
> Kris Kennaway ???(??):
>> Mikhail Teterin wrote:
>>> Hello!
>>>
>>> My attempt to build openoffice.org-3 seems to be hanging. Pressing
>>> Ctrl-T produces:
>>>
>>>load: 0.11 cmd: tcsh 79759 [sleeping without queue] 0.00u
On Tue, July 22, 2008 06:07, Pawel Jakub Dawidek wrote:
> On Mon, Jul 21, 2008 at 06:18:10PM -0300, Nenhum_de_Nos wrote:
>> > The ZFS code in 7.0 is the same as in HEAD, so no worries.
>>
>> I'm trying zfs myself in a small enviroment at home, but for that I do
>> follow 7-STABLE. there's no need
These are new boxes.
http://www.supermicro.com/products/system/1U/5015/SYS-5015B-MT.cfm
core 2 Q6600 CPU
8Gb 667 RAM
Boxes were memtested from Fri-Mon okay. 6.3-RELEASE (amd64) installs fine.
Build cycle okay. Running (no load) for a week or so.
However, when I try to configure gmirror they han
Kris Kennaway написав(ла):
Mikhail Teterin wrote:
Hello!
My attempt to build openoffice.org-3 seems to be hanging. Pressing
Ctrl-T produces:
load: 0.11 cmd: tcsh 79759 [sleeping without queue] 0.00u 0.00s
0% 0k
(tcsh is used by OOo's build-script). What is this "sleeping without
queu
On Tue, Jul 22, 2008 at 05:52:42PM +0200, Oliver Fromme wrote:
> I'm curious, is djbdns exploitable, too? Does it randomize
> the source ports of UDP queries?
Apparently, djbdns had randomization of the source ports a long
time ago...
> > Of course, all solutions that randomize ports are really
Brett Glass wrote:
> At 02:24 PM 7/21/2008, Kevin Oberman wrote:
>
> > Don't forget that ANY server that caches data, including an end system
> > running a caching only server is vulnerable.
>
> Actually, there is an exception to this. A "forward only"
> cache/resolver is only as vulnerable
Mikhail Teterin wrote:
Hello!
My attempt to build openoffice.org-3 seems to be hanging. Pressing
Ctrl-T produces:
load: 0.11 cmd: tcsh 79759 [sleeping without queue] 0.00u 0.00s 0% 0k
(tcsh is used by OOo's build-script). What is this "sleeping without
queue" state, and why is process i
Hello!
My attempt to build openoffice.org-3 seems to be hanging. Pressing
Ctrl-T produces:
load: 0.11 cmd: tcsh 79759 [sleeping without queue] 0.00u 0.00s 0% 0k
(tcsh is used by OOo's build-script). What is this "sleeping without
queue" state, and why is process in it for so long?
This
Quoting John Baldwin <[EMAIL PROTECTED]>:
On Monday 21 July 2008 06:07:52 am Oleg V. Nauman wrote:
Quoting "Oleg V. Nauman" <[EMAIL PROTECTED]>:
> Quoting Jeremy Chadwick <[EMAIL PROTECTED]>:
>
>> On Sat, Jul 19, 2008 at 10:03:15AM +0300, Oleg V. Nauman wrote:
>>> It seems to be something was
On Mon, Jul 21, 2008 at 06:18:10PM -0300, Nenhum_de_Nos wrote:
> > The ZFS code in 7.0 is the same as in HEAD, so no worries.
>
> I'm trying zfs myself in a small enviroment at home, but for that I do
> follow 7-STABLE. there's no need to do that, as based in the above
> statement ?
There might b
54 matches
Mail list logo