The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Archive for the ‘Internet’ Category

« Previous Entries
Next Entries »

DNS, glue records and TTL

Posted by jpluimers on 2017/12/06

If I ever need to read why, here are the explanatory links:

TL;DR:

  • You need glue records for your domains if the nameserver is in the same TLD as your domain is (more explanation in the above links).
  • Your domain registrar allows you to change both your DNS servers and the glue at the TLD servers.
  • Glue records have a TTL at the TLD of 48 hours so changing them takes some waiting.
  • This is how you query the glue records so you can verify what’s setup at your DNS servers matches the ones at the TLD servers (in the below examples, replace google.com by your domain name).

dig +trace +additional google.com

 

Notes:

At the time of writing the dig output is this:

Read the rest of this entry »

Posted in DNS, Internet, Power User | Leave a Comment »

DNS Knowledge DNS Tutorial, News and Tools: How to setup Quad9 DNS on a Linux

Posted by jpluimers on 2017/11/24

Reminder to self so I try this out: [Archive.isDNS Knowledge DNS Tutorial, News and Tools: How to setup Quad9 DNS on a Linux

Quad9 is a free security solution that uses DNS to protect your systems against the most common cyber threats and you can setup it on Linux.

Related: [Archive.is] Quad9 | Internet Security & Privacy In a Few Easy Steps:

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system’s performance, plus, it preserves and protects your privacy. It’s like an immunization for your computer.

Via: [WayBack] Remember 8.8.8.8 (Google DNS)? Now we have 9.9.9.9 from IBM/Quad9 that brings together cyber threat intelligence about malicious domains…. – nixCraft – Google+

Remember 8.8.8.8 (Google DNS)? Now we have 9.9.9.9 from IBM/Quad9 that brings together cyber threat intelligence about malicious domains. It can block malware and other bad domains. https://www.dnsknowledge.com/tutorials/how-to-setup-quad9-dns-on-a-linux/ and https://quad9.net/#/ What do you think? Do you use Google DNS or OpenDNS or ISP DNS or newer Quad9 DNS?

–jeroen

Posted in *nix, DNS, Internet, Power User, Security | Leave a Comment »

OpenBSD on PC Engines APU2 | Hacker News

Posted by jpluimers on 2017/11/21

Via [WayBackOpenBSD on PC Engines APU2 | Hacker News and [WayBackIlya S – Google+ commenting at [WayBack] I am thinking about moving to BSD as my main OS – Joe C. Hecht – Google+:

Just in case I want to build my own router on PC Engines APU2 hardware: installation instructions at [Wayback/Archive] elad/openbsd-apu2: OpenBSD on the APU2

–jeroen

Posted in APU, Development, Hardware, Hardware Development, Internet, Network-and-equipment, Power User, routers | Leave a Comment »

DNS BIND9 acl clause – they *can* be nested

Posted by jpluimers on 2017/11/16

One of the use cases of DNS acl I needed involved having some data to be duplicated across acl.

So I was looking at some way to de-duplicate and found out the term for that is nesting which the bind acl allow.

–jeroen

Posted in DNS, Internet, Power User | Leave a Comment »

Some links on isolating parts of networks with Mikrotik

Posted by jpluimers on 2017/11/10

On my research list so I can do proper LoT.

–jeroen

Read the rest of this entry »

Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »

How to connect S+DA0003 using SFP between MikroTikCRS226 and MikroTikCCR1009

Posted by jpluimers on 2017/10/30

Mikrotik and SFP versus SFTP+ is always confusing especially as the text on their equipment and their documentation doesn’t show well which situations work.

Equipment text is further on, this is their text searchable documentation:

As usually, a long search in the forums reveals the background information:

[WayBackSFP in SFP+ slot – MikroTik RouterOS: 10Gb SFP+ sockets are usually backward compatible with SFP, but this is not guaranteed.

There are two tricks involved to get an SFP connection between these devices working:

Read the rest of this entry »

Posted in Internet, MikroTik, Power User, routers | Leave a Comment »

MAC address ranges safe for testing purposes (Locally Administered Address)

Posted by jpluimers on 2017/10/25

Similar to IP ranges for private networks that are safe for testing

  • 10.0.0.0/8 (255.0.0.0)
  • 172.16.0.0/12 (255.240.0.0)
  • 192.168.0.0/16 (255.255.0.0)
  • fd00::/8

there are also locally administered MAC address ranges safe for testing

  • x2:xx:xx:xx:xx:xx
  • x6:xx:xx:xx:xx:xx
  • xA:xx:xx:xx:xx:xx
  • xE:xx:xx:xx:xx:xx

Thanks to [WayBack] Sam and [WayBackPeter for answering.

–jeroen

References:

Posted in Ethernet, Internet, Network-and-equipment, Power User | Leave a Comment »

Delay running a script after restart – MikroTik RouterOS

Posted by jpluimers on 2017/10/24

Start Time special value `startup`

Start Time special value `startup`

There is a special startup value for “Start Time” you can enter which makes it runs once 3 seconds after reboot.

If by then your router isn’t fully “up” yet (i.e. waiting for PPPoE or DHCP network settings), then inside the script you can perform a delay global command as shown in the code fragment from the below forum post.

Don’t you love how people still tend to both repeat themselves and abbreviate stuff even though they have code completion at their disposal?:

{:delay 10};
/log print file=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]); \
/tool e-mail send to="xxx@xxx.com" subject=([/system identity get name] . " Log " . \
[/system clock get date]) file=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".txt"); :delay 10; \
/file rem [/file find name=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".txt")]; \
:log info ("System Log emailed at " . [/sys cl get time] . " " . [/sys cl get date])

Read the rest of this entry »

Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »

Mikrotik Router OS 6.37.1 – scripts and schedules – what policies they need to run

Posted by jpluimers on 2017/10/19

minimum schedule and script policies: read/write/policy/test

minimum schedule and script policies: read/write/policy/test

A year later, Mikrotik still needs to update their documentation, so from my question at [WayBack[Mikrotik follow-up needed] Router OS 6.37.1 – scheduled script cannot execute script – MikroTik RouterOS.

TL;DR:

  • use the same policies for scripts and schedules
  • use these policies as a minimum for scripts and schedules:
    • read
    • write
    • policy
    • test

Forum post:

I found out two things:

  1. the testFunctionScript needs at least these policies to call a function: read, write, policy, test
  2. a schedule needs at least the same permissions as a script in order to run the script at all

This is how the various permissions affect the testFunctionScript script:

  • no policies only allow :log info "testFunctionScript"; .
  • read allows the above and :local testFunctionJobs [/system script job print as-value detail]; which then is be logged with :log info "testFunctionJobs=$testFunctionJobs";
  • only write seems equivalent to no policies as it will only allow :log info "testFunctionScript";
  • read and write is equivalent to read
  • a lone policy or test policy (talk about confusion!) do not add functionality, so any combinations of just policy or testwith read and/or write get the same functionality as above
  • policy and test without any other seem equivalent to no policies as they result in only :log info "testFunctionScript"; to execute
  • the combined policies read, write, policy, test allow full script functionality including the function call and using the function call result

The above findings show that more logging is needed: the scheduler should log when (and why!) it does not have enough permissions to run a script. Right now you’re in the dark on when (and why!) a script isn’t ran by the scheduler.

The above findings show that these parts of the documentation need updating:

http://wiki.mikrotik.com/wiki/Manual:Sc … repository (update with info about the above policy combinations)
http://wiki.mikrotik.com/wiki/Manual:Ro … Properties (update with info about the above policy combinations)
http://wiki.mikrotik.com/wiki/Manual:System/Scheduler (does not document anything about policies at all)

The various scripts (apply your mix of policies that you need)

## logon as user jeroenp

/system script environment remove [ /system script environment find where name="testFunction" ];
:global testFunction do={
  :local result [/system resource get uptime];
  :return $result;
}

/system script environment print detail where name=testFunction
# 0 name="testFunction" value=";(eval /system scheduler  (eval /localname=$result;value=(eval (eval /system resource getvalue-name=uptime))) (eval /returnvalue=$result))" 

:log info "direct execution of testFunction"

{
:global testFunction;
:local testFunctionType [:typeof testFunction];
:local testFunctionResult [$testFunction];
:log info "testFunctionScript";
:log info "testFunctionType=$testFunctionType";
:log info "testFunctionResult=$testFunctionResult";
:log info "testFunction=$testFunction";
}

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system script remove [ /system script find where name="testFunctionScript" ];
/system script add name=testFunctionScript owner=jeroenp policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global testFunction;\r\
    \n:log info \"testFunctionScript\";\r\
    \n:local testFunctionType [:typeof testFunction];\r\
    \n:local testFunctionResult [\$testFunction];\r\
    \n:log info \"testFunctionType=\$testFunctionType\";\r\
    \n:log info \"testFunctionResult=\$testFunctionResult\";\r\
    \n:log info \"testFunction=\$testFunction\";\r\
    \n"

:log info "execution of testFunction via testFunctionScript"

/system script run testFunctionScript

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system scheduler remove [ /system scheduler find where name="testFunctionScriptSchedule" ];
/system scheduler add interval=10s name=testFunctionScriptSchedule on-event=testFunctionScript policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=sep/22/2015 start-time=12:02:37

:log info "execution of testFunction via testFunctionScriptSchedule calling testFunctionScript"
:delay 20s
/system scheduler disable testFunctionScriptSchedule

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system scheduler print detail where name="testFunctionScriptSchedule"

–jeroen

Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »

Encoding horror: Wayback Machine “Sorry.This snapshot cannot be displayed due to an internal error.”

Posted by jpluimers on 2017/10/13

Sorry.This snapshot cannot be displayed due to an internal error.

When the Wayback Machine tries to display the archived https://plus.google.com/+KristianKöhntopp/posts/2yw9QFgCdtx which is about Unicode encoding horror.

The real horror? This used to work in the past.

Luckily it’s archived on https://archive.fo/b36gn

–jeroen

Later: credit where credit is due, as they fixed it:

[WayBack] WayBack didn’t respond to me, but instead fixed the archival of +Kristian Köhntopp’s G+ posts:… – Jeroen Wiert Pluimers – Google+

https://web.archive.org/web/*/https://plus.google.com/+KristianK%C3%B6hntopp/posts/*

Posted in Development, Encoding, Internet, InternetArchive, Power User, Software Development, WayBack machine | Leave a Comment »

« Previous Entries
Next Entries »