Re: [DNG] TB and Enigmail
On Thu, Oct 29, 2020 at 02:46:37PM +0900, Simon Walter wrote: > On 2020-10-28 07:47, Rick Moen wrote: > > I continue to like projects that are limited in feature scope enough to > > not live or die by corporate underwriting. E.g., mutt continues to be > > maintainable by a small group of motivated developers. When I want it > > to be graphical, I run it in an xterm. ;-> > > I totally agree. That is one reason I thought TB was a good choice over > other, at the time, popular software such as Eudora and Outlook. That's because you're not the target audience of those three. They're not for hackers, but "normal" users. Of which there are two kinds: * business (managers, marketing, sales, ...) * home/non-office (a gamer teenager, a plumber, ...) The first group was (and still is) a juicy target for money-making, so IBM/Microsoft/... targetted them with comprehensive and intentionally incompatible with others office suites. What we consider breakage is not there because of stupidity, but is there by design. The second group would be salvageable, up to early '90s. With the diverse set of personal machines (Atari ST/Amiga/IBM PC/...), compatibility wasn't something that could be ignored, and despite duking out of various standards (like, above-ASCII encodings), people went a long way towards agreeing together (eg. in Poland the Mazovia encoding won, despite efforts by Microsoft -- but then got steamrolled out by Windows non-support). But then came Windows monopoly... In the meantime, people like me and you stuck to pine/elm/mutt/..., and RFC-compliant etiquette. These groups of people and tools are incompatible enough that I use two clients: * mutt for free software work * thunderbird[1] for contacts with people in suits[2] -- and it's exclusively the former group that uses GPG. Thus, crap support in Thunderbird is not a problem for me -- I have yet to see a GPG-signed piece of mail. Meow! [1]. To be honest, 99% Outlook on a locked-down company laptop. [2]. Who at my work wear sane clothing, but it's not about clothes... -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ * *** ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TB and Enigmail
Adam Borowski wrote: > -- and it's exclusively the former group that uses GPG. Thus, crap support > in Thunderbird is not a problem for me -- I have yet to see a GPG-signed > piece of mail. > not really... 15-20 years ago while working for a bank edp/it dpt, PGP was required almost for half the email volume. so it was/is not just a geeky thing, industry used it also.. using it back then with locked down corp outlook+pgp plugin.. i guess these days is even more broadly used in that sector.. (to hide their scam mostly :D ) lately even public sector required pgp encrypted emails for some transactions. also, lots of activists (since pre-snowden era) required GPG for internal coms + OTR for chats... Thunderbird+enigmail was/is the easier/free way for non-techy people to setup gpg.. lots of guides around, w/ https://emailselfdefense.fsf.org being most commonly known... (TB78 broke this..) so, maybe these are not the majority of email users, but certainly gpg is not exclusively used by a few geeks... just take a look at keyservers stats..: there's a few million keys already... and those are just a fraction of keys since not everyone uploads their keys.. 2c. d. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] the email universe
Greetings Found the list of MUA useful. The last time I went looking though - - - it seemed to me anyway that much more than just a MUA is needed for a complete system. Would someone be able to outline for the unknowing what all actually is required? (I am very much wanting to get away from outside product that is selling me down the road - ie like the alphabet (soup) company!). TIA ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] the email universe
On Thursday 29 October 2020 at 12:12:40, o1bigtenor via Dng wrote: > Greetings > > Found the list of MUA useful. > > The last time I went looking though - - - it seemed to me anyway that > much more than just a MUA is needed for a complete system. Please define "complete system". I can't tell whether you're looking for a user agent which will run on your machine and interact with a mail store somewhere else, which you don't really care about, or whether you want to include the mail store as well, and a transport system to send & receive the stuff, and... > Would someone be able to outline for the unknowing what all actually > is required? Tell us what you want it to do and we can suggest what might be able to do it. Antony. -- I bought a book on memory techniques, but I've forgotten where I put it. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] the email universe
On 2020-10-29 20:12, o1bigtenor via Dng wrote: > Greetings > > Found the list of MUA useful. > > The last time I went looking though - - - it seemed to me anyway that > much more than just a MUA is needed for a complete system. > > Would someone be able to outline for the unknowing what all actually > is required? ... What do you mean by complete system? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Self-hosted SMTP (was: TB and Enigmail)
On 29-10-2020 04:34, Rick Moen wrote: > Quoting Bernard Rosset via Dng (dng@lists.dyne.org): > >> It seems we're drifting away from the main subject. >> Count me in! > Roger that! Subject header tweaked. > >> ? >> If your emails are being refused by others, including major email >> hosters, I would kindly suggest you check you got at least correct >> SPF + DKIM entries. You can throw DMARC into the mix if you wish so, >> too. > Umm... > > As I already mentioned upthread, my domains' e-mail continue to have > very high deliverability. Those domains feature strongly asserted SPF > RRs in their auth DNS. > > However, by carefully considered local policy, I decline to also > implement DKIM/DMARC, considering those extensions to have been botched > in design and implementation by Yahoo, Inc. (DKIM seems to be the > keystone problem, there, particularly its hapless hostility to > MLM-mediated forwarding.) Empirically, I so far perceive no measurable > loss of host reputation from declining to implement DKIM/DMARC. > > I _do_ publish, in each of my domains' DNS, deliberately non-compliant > DMARC RRs, just to make my stance quite clear, e.g.: > > :r! dig -t txt _dmarc.linuxmafia.com @ns1.linuxmafia.com +short > "DMARC: tragically misdesigned since 2012. Check our SPF RR, instead." > > >> It's saddening to assess how little is known by the general public >> (including people who actually work on technical matters in IT) about >> key technologies, like DNS (the mother/father of all) or email. > True datum: When I began hosting my own SMTP smarthosts, I was still a > staff accountant (UK: chartered accountant) for a living, not a > sysadmin. Fortunately, nobody told me I couldn't do it, so it worked. I do administer 3 different mailservers from which 1 does have the full package from spf, dkim and dmarc. In my experience dmarc does not add much of value but spf does. Dkim is much liked by isp's with strict spam policies. But those are still reachable without after some waiting time as long as you are not on a spam blocklist. A reverse dns record does help too. To ease the maintenance of those servers i intend to migrate them to docker containers. I wonder people on this list have experience on this subject? Grtz. Nick signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] the email universe
On Thu, 29 Oct 2020 06:12:40 -0500, o1bigtenor wrote in message : > Greetings > > Found the list of MUA useful. > > The last time I went looking though - - - it seemed to me anyway that > much more than just a MUA is needed for a complete system. > > Would someone be able to outline for the unknowing what all actually > is required? (I am very much wanting to get away from outside product > that is selling me down the road - ie like the alphabet (soup) > company!). ..since you ask the above, I'll read your "a complete system" as MUA-with-local-storage + (Fetchmail||Getmail) + (Procmail||Sieve): On Sat, 19 Sep 2020 23:55:46 +0200, Arnt wrote in message <20200919235546.4551f862@d44>: > ..me, I use Fetchmail as an imap and pop3 client to fetch my email, > and Procmail to sprinkle it down my ~/Mail tree, and Claws Mail to > read it, and to write and to send my outgoing email, directly out > thru my isp's smtp servers. That's all I really need. ..you probably want Sieve rather than Procmail, and possibly Getmail rather than Fetchmail, as Sieve and Getmail(?) are newer and supposedly easier to set up. I've never used those, I simply move my /home over whenever I setup a new laptop, and my .fetchmailrc and .procmailrc still works great. :o) ..I posted message <20200919235546.4551f862@d44> as a wee hint on an email business opportunity (search this list for "[DNG] ..devuan to the rescue? Easiest possible newbie email server setup, ideas?") and to learn more on how "complete MUA-with-local-storage systems" are best set up on Devuan these days. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] the email universe
Hi > Would someone be able to outline for the unknowing what all actually > is required? (I am very much wanting to get away from outside product > that is selling me down the road - ie like the alphabet (soup) > company!). If you want to host your own email server you would need: 1 - a system with a static IP and reasonable connectivity 2 - a DNS name (MX record, reverse, possibly spf, ...) 3 - a MTA (postfix, exim, ...) 4 - and your mail client MUA (mutt, thunderbird, ...) If you want to experiment first, find a spare computer or set up a container - that doesn't have to be on the proper internet yet. Then do the following to achieve points 3 and 4: su apt-get install postfix mutt vim /etc/postfix/main.cf adduser a adduser b su - a mutt b exit tail /var/log/mail.log su - b mutt The line editing main.cf is a large topic, but postfix has pretty substantial documentation, and the distribution defaults should get you going too... Once that is set up you could try using multiple computers on a lan, or move on to points 1 and 2. regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] devuan ?
Hi everyone, i am new on this list and in search for a place to ask for a wired problem with a devuan installation. Is this the place for that kind of questions ? re ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Self-hosted SMTP (was: TB and Enigmail)
On 10/29/20 2:27 PM, d...@d404.nl wrote: I do administer 3 different mailservers from which 1 does have the full package from spf, dkim and dmarc. In my experience dmarc does not add much of value but spf does. Dkim is much liked by isp's with strict spam policies. But those are still reachable without after some waiting time as long as you are not on a spam blocklist. A reverse dns record does help too. To ease the maintenance of those servers i intend to migrate them to docker containers. I wonder people on this list have experience on this subject? You might want to take a look at this project: https://github.com/mailserver2/mailserver It is a project that might provide what you want to do. It is in the hands of a group of volunteers that took over when the original maintainer called it quits. The original project was: https://github.com/hardware/mailserver Cheers Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
On Thursday 29 October 2020 at 15:55:22, radisso...@gmx.de wrote: > Hi everyone, > i am new on this list and in search for a place to > ask for a wired problem with a devuan installation. > > Is this the place for that kind of questions ? Yes. Did you really mean a wired problem, or is it a weird problem? Whichever, try to give us as much detail as possible, so that we could perhaps reproduce the problem for ourselves. Welcome :) Antony. -- "640 kilobytes (of RAM) should be enough for anybody." - Bill Gates Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Clarification please
On 29/10/2020 13:44, Michael Neuffer wrote: > On 10/29/20 2:27 PM, d...@d404.nl wrote: --snip-- >> To ease the maintenance of those servers i intend to migrate them to >> docker containers. I wonder people on this list have experience on this >> subject? > > > You might want to take a look at this project: > > https://github.com/mailserver2/mailserver Please correct me if I am mistaken, I thought 'unbound' was tied to 'systemd creep' nowadays and have been avoiding it for that reason alone. I want to avoid creating a dependency on something I don't already have only to need to purge it next year ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TB and Enigmail
On Tue, 27 Oct 2020 15:47:29 -0700 Rick Moen wrote: > Quoting John Crisp via Dng (dng@lists.dyne.org): > > [snip much-appreciated picture of behind-the-scenes management > folderol at Thunderbird Project:] > Thanks ;-) I have an alter ego that is on some lists as this ego (!) got banned some years back. I have had recent chats with one or two there who appraised me of a few things. > > The problem is decent alternatives are not great [...] > > Just in case people have lost track of this, the long-term nub of the > problem is: revenue model. > Always boils down to filthy lucre. > Firefox brought in money. Thunderbird did not. When all is said and > done, Mozilla Foundation is an appendage of Mozilla, Inc., which as a > for-profit corporation is bound to a depressing pursuit of quarterly > earnings targets as a primary objective. From the corporate > perspective, Thunderbird development resources are deadweight, a > dispensible community sponsorship that earns nothing. > Yes, as a corporate project TB was a drag to them. However, TB still receives a not insignificant income, almost exclusively from donations. The alleged reason for going corporate was they could "do things they couldn't as a NfP" Hmmm. Quite frankly the only thing I can see they can have is shares, dividends and pay people more money. I guess they are trying to establish themselves as a corporate entity to appeal more to businesses and be more 'business like' with support contracts or whatever. It'll probably end up as more jobs for the boys., he said cynically. The TB council is controlled by a few loyal MZ supporters (because it is EXTREMELY hard for anyone to actually get elected due to the qualifying requirements, and voters qualifying requirements), and the whole thing is tightly controlled by MZ themselves, despite them saying TB is a separate entity. It was MOZILLA employees that did the recent banning. Go figure. Note I believe there is a side story to be told about the recent Enigmail push but am not at liberty blah blah. Hey ho - what do I know? :-) pgpN6tyFbJFUl.pgp Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Yes. Le Thu, 29 Oct 2020 15:55:22 +0100, radisso...@gmx.de a écrit : > Hi everyone, > i am new on this list and in search for a place to > ask for a wired problem with a devuan installation. > > Is this the place for that kind of questions ? > > re - -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEhJ0DCOrV8MPFuM4uvCvwxohusTIFAl+a/7wACgkQvCvwxohu sTL/qg/+OVTiNBNTFcOYf9I4DR0Lv560QzPw13e+JjCq/9gqn19FqCUSn0xI83Bz oF3bStO4O4UHm0HWWY9Ff5513smMYDFNEx2tCthT/VFai1LUJ8XPxGCIpnkpD/W+ fNl1L6BDpQwTJ6ZuhuD2XkcRy7fDP1AZ3D80y+jdWi3NAzzqSIx7iBZjGaO2i89E TUM5HEEpDWMM/9xk+vuC/S1+Vk8W7tor+l9EdSIBsWgvU4XehCbX2TKaG5IaUcLa jQBSl+gnvQSFhfL/uoWWKHM93wD5nuD8x/LV7b7K9fTGLv76rf+DvO1CtOBfz8pQ 7sKc3dfpaw7nWNiJbmd1RgPzNvvnGxa4td9/KhbYMB3JIbM42dhKz5AmG8HdvKYX mljeUhm7mn6ldP0aqKKFh2GYuBqQszCDadzmdmxkiiaCd1xsPsO8uxbNuair0xIO X8+SYLC4IV81lGNSFchYX9pAU2Vut+ucAcBLGQUOR77wj7dANRjlBc3YbCYmCQpD B43JjHm0o7oJ0nMbAlIAckyxbnG0is6C4tcvCeqZiyxJkS7WBNcw5xpleF//J5xM YQR/J90S+1x4M5SkG4zsdK74y5YzCLYwf6yuUzYOTzAWLAMd3xrPj7FaE6HHy47k nt5f8+OE3Ieqrry5OxP3+TJfxTYbaq6u4c2WIlomsFMg+obk5C0= =a3Fe - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEhJ0DCOrV8MPFuM4uvCvwxohusTIFAl+a/98ACgkQvCvwxohu sTJOYA//fVIL+xvH+cQ8abZHdO15cUN0h+YLjcZkBQxrDscYS/jK/bnDPoj9cKwQ JtxXmBR3G67TjPKkVpdYvOp7jsBn5xL5eVBlWjo4PMRoUvwpilNtYTISUo2Z4DKK EWLNmXVtaxEzWIPUbjL5hIiC8gizpvnG0KJRRY/uCIB7/BkqSnaekIVZPQ4cZK1Q SUE4Z3TsRJZs66ucyswrqywzHlS9E3/D4t2/tXGbVB6RZWCvOXHWardaCvq1rn3h o1H6mmWZPNHs+BA5x6bXv8tHCXLliVvzN2CziJKKs9UszunQ4ymRswY457hqoqjD SGQXk2xfMD+jPjROFXAEtwFqdRAKBj8mxQ3e8ypTZuVvcaGOzfZxofldctKRBurb Mdm9c9UtXiINGjHE08kXkZggfZEDZu/G9AQNzONp2t6aQfhuBl+J5i31FfBWGv+B eUGAQwkKQl8+D7DJoCFhfxEuCOV3gUtDVbryVlU1IxumXTTpQr0uaTcAf5kVddLy IHEXDxayKssIwD+bJkQJxwC9DqOwFUO2S8w7QUm5ZGSSZzTY6BPdIV0rIIfkTG78 YR/O0qh85gnJDkKHNxsXtDZxxPeVzLhCBwSmxWonw0qhGr1vXwfWUQgo3kMxMzmI R0MjU5BlUPxHM+V7eOiMyadefUbdLWChuufSh5U/29giiMrj2Rs= =CB11 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clarification please
You're wrong, unbound worked and still works fine without systemd. Στις 29 Οκτωβρίου 2020 6:53:43 μ.μ. EET, ο/η g4sra via Dng έγραψε: >On 29/10/2020 13:44, Michael Neuffer wrote: >> On 10/29/20 2:27 PM, d...@d404.nl wrote: >--snip-- >>> To ease the maintenance of those servers i intend to migrate them to >>> docker containers. I wonder people on this list have experience on >this >>> subject? >> >> >> You might want to take a look at this project: >> >> https://github.com/mailserver2/mailserver > >Please correct me if I am mistaken, I thought 'unbound' was tied to >'systemd creep' nowadays and have been avoiding it for that reason >alone. >I want to avoid creating a dependency on something I don't already have >only to need to purge it next year ... > >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clarification please
On Thu, Oct 29, 2020 at 04:53:43PM +, g4sra via Dng wrote: > Please correct me if I am mistaken, I thought 'unbound' was tied to > 'systemd creep' nowadays and have been avoiding it for that reason alone. No, that's systemd-resolved. Unbound is unrelated. That said, I've stopped using unbound and I'm using straight BIND as my local resolver lately. It's pleasant. -- Mason Loring Bliss (( If I have not seen as far as others, it is because ma...@blisses.org )) giants were standing on my shoulders. - Hal Abelson signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clarification please
That said, I've stopped using unbound and I'm using straight BIND as my local resolver lately. It's pleasant. From what we discovered about unbound during one of the meetings, I clearly do not trust that technology. Too bad: it was on my to-test list. However, unbound is recursive-only IIRC. Since I am most interested in authoritative NS technology, I have yet to test knot, of which I read good stuff. BIND is ol' do-it-all grand-daddy. A bit messy & overcomplicated to properly set up & manage to my taste. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
The problem is a bit weired: I did install Beowulf 3.0 had some problems nothing i could not fix, then i tried to install gcc via apt-get install gcc Do you want to continue? [Y/n] Err:1 http://deb.devuan.org/merged beowulf/main amd64 linux-libc-dev amd64 4.19.118-2 404 Not Found [IP: 130.225.254.116 80] Unable to correct missing packages. E: Failed to fetch http://mirrors.dotsrc.org/debian/pool/main/l/linux/linux-libc-dev_4.19.118-2_amd64.deb 404 Not Found [IP: 130.225.254.116 80] E: Aborting install. but i can install (e.g. make) After this operation, 1327 kB of additional disk space will be used. Get:1 http://deb.devuan.org/merged beowulf/main amd64 make amd64 4.2.1-1.2 [341 kB] Fetched 341 kB in 0s (804 kB/s) Selecting previously unselected package make. (Reading database ... 113596 files and directories currently installed.) Preparing to unpack .../make_4.2.1-1.2_amd64.deb ... Unpacking make (4.2.1-1.2) ... Setting up make (4.2.1-1.2) ... Processing triggers for man-db (2.8.5-2) ... so linux-libc-dev can not be found what is a bit basic, is this a problem in the repo ? i am left in limbo ... > Gesendet: Donnerstag, 29. Oktober 2020 um 17:22 Uhr > Von: "Antony Stone" > An: dng@lists.dyne.org > Betreff: Re: [DNG] devuan ? > > On Thursday 29 October 2020 at 15:55:22, radisso...@gmx.de wrote: > > > Hi everyone, > > i am new on this list and in search for a place to > > ask for a wired problem with a devuan installation. > > > > Is this the place for that kind of questions ? > > Yes. > > Did you really mean a wired problem, or is it a weird problem? > > Whichever, try to give us as much detail as possible, so that we could perhaps > reproduce the problem for ourselves. > > Welcome :) > > > Antony. > > -- > "640 kilobytes (of RAM) should be enough for anybody." > > - Bill Gates > >Please reply to the list; > please *don't* CC me. > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
On 29/10/2020 18:31, radisso...@gmx.de wrote: > The problem is a bit weired: > > I did install Beowulf 3.0 had some problems nothing i could not fix, > then i tried to install gcc via apt-get install gcc > > > > Do you want to continue? [Y/n] > Err:1 http://deb.devuan.org/merged beowulf/main amd64 linux-libc-dev amd64 > 4.19.118-2 > 404 Not Found [IP: 130.225.254.116 80] > Unable to correct missing packages. > E: Failed to fetch > http://mirrors.dotsrc.org/debian/pool/main/l/linux/linux-libc-dev_4.19.118-2_amd64.deb > 404 Not Found [IP: 130.225.254.116 80] > E: Aborting install. > --snip-- Have you 'apt update' and accepted the repo change from testing ? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clarification please
On 29/10/2020 18:19, Bernard Rosset via Dng wrote: >> That said, I've stopped using unbound and I'm using straight BIND as my >> local resolver lately. It's pleasant. > > From what we discovered about unbound during one of the meetings, I clearly > do not trust that technology. Too bad: it was on my to-test list. > > However, unbound is recursive-only IIRC. > > Since I am most interested in authoritative NS technology, I have yet to test > knot, of which I read good stuff. > > BIND is ol' do-it-all grand-daddy. A bit messy & overcomplicated to properly > set up & manage to my taste. Used it for ages, I like what I am used to, and after battling with Micro$oft's offering but it is not appropriate for my current project. Can anybody suggest a suitable authoritative/recursive DNSSEC supporting name server for SOHO domain use on embedded systems. What I am looking for is something like dnsmasq. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
On Thursday 29 October 2020 at 19:31:10, radisso...@gmx.de wrote: > Do you want to continue? [Y/n] > Err:1 http://deb.devuan.org/merged beowulf/main amd64 linux-libc-dev amd64 > 4.19.118-2 404 Not Found [IP: 130.225.254.116 80] > Unable to correct missing packages. > E: Failed to fetch > http://mirrors.dotsrc.org/debian/pool/main/l/linux/linux-libc-dev_4.19.118 > -2_amd64.deb 404 Not Found [IP: 130.225.254.116 80] E: Aborting install. I too experience this from time to time with mirrors.dotsrc.org I jut repeat the command, and provided I get a different IP destination, the package installs. It seems to me that there's some problem with one of the servers mirrors.dotsrc.org points at - the IP address presumably reveals which one. Antony. -- In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are British, the mechanics are German, the lovers are French, the entertainment is American, and everything is organised by the Swiss. In Hell, the beer is American, the chefs are British, the supermarkets are German, the mechanics are French, the lovers are Swiss, the entertainment is Belgian, and everything is organised by the Italians. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
> Gesendet: Donnerstag, 29. Oktober 2020 um 20:31 Uhr > Von: "Antony Stone" > An: dng@lists.dyne.org > Betreff: Re: [DNG] devuan ? > > On Thursday 29 October 2020 at 19:31:10, radisso...@gmx.de wrote: > > > Do you want to continue? [Y/n] > > Err:1 http://deb.devuan.org/merged beowulf/main amd64 linux-libc-dev amd64 > > 4.19.118-2 404 Not Found [IP: 130.225.254.116 80] > > Unable to correct missing packages. > > E: Failed to fetch > > http://mirrors.dotsrc.org/debian/pool/main/l/linux/linux-libc-dev_4.19.118 > > -2_amd64.deb 404 Not Found [IP: 130.225.254.116 80] E: Aborting install. > > I too experience this from time to time with mirrors.dotsrc.org > > I jut repeat the command, and provided I get a different IP destination, the > package installs. > > It seems to me that there's some problem with one of the servers > mirrors.dotsrc.org points at - the IP address presumably reveals which one. > So far i understand it is a RR. When i tried to find it (with browser) i had no success. Is there any way to really check it ? > > Antony. > > -- > In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are > British, the mechanics are German, the lovers are French, the entertainment is > American, and everything is organised by the Swiss. > > In Hell, the beer is American, the chefs are British, the supermarkets are > German, the mechanics are French, the lovers are Swiss, the entertainment is > Belgian, and everything is organised by the Italians. > >Please reply to the list; > please *don't* CC me. > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
On 2020-10-29 15:24, radisso...@gmx.de wrote: Gesendet: Donnerstag, 29. Oktober 2020 um 20:31 Uhr Von: "Antony Stone" An: dng@lists.dyne.org Betreff: Re: [DNG] devuan ? On Thursday 29 October 2020 at 19:31:10, radisso...@gmx.de wrote: > Do you want to continue? [Y/n] > Err:1 http://deb.devuan.org/merged beowulf/main amd64 linux-libc-dev amd64 > 4.19.118-2 404 Not Found [IP: 130.225.254.116 80] > Unable to correct missing packages. > E: Failed to fetch > http://mirrors.dotsrc.org/debian/pool/main/l/linux/linux-libc-dev_4.19.118 > -2_amd64.deb 404 Not Found [IP: 130.225.254.116 80] E: Aborting install. I too experience this from time to time with mirrors.dotsrc.org I jut repeat the command, and provided I get a different IP destination, the package installs. It seems to me that there's some problem with one of the servers mirrors.dotsrc.org points at - the IP address presumably reveals which one. So far i understand it is a RR. When i tried to find it (with browser) i had no success. Is there any way to really check it ? http://borta.devuan.dev/apt-panopticon/results/Report-web.html Antony. -- In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are British, the mechanics are German, the lovers are French, the entertainment is American, and everything is organised by the Swiss. In Hell, the beer is American, the chefs are British, the supermarkets are German, the mechanics are French, the lovers are Swiss, the entertainment is Belgian, and everything is organised by the Italians. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan ?
Also, to manually inspect out a particular IP, e.g. 130.225.254.116, as a resolution for deb.devuan.org, you would add temporarily a line to /etc/hosts: 130.225.254.116 deb.devuan.org and then point your sane browser at http://deb.devuan.org/devuan/ Remove that line later, Ralph. radisso...@gmx.de wrote on 30/10/20 7:24 am: >> Gesendet: Donnerstag, 29. Oktober 2020 um 20:31 Uhr >> Von: "Antony Stone" >> An: dng@lists.dyne.org >> Betreff: Re: [DNG] devuan ? >> >> On Thursday 29 October 2020 at 19:31:10, radisso...@gmx.de wrote: >> >>> Do you want to continue? [Y/n] >>> Err:1 http://deb.devuan.org/merged beowulf/main amd64 linux-libc-dev amd64 >>> 4.19.118-2 404 Not Found [IP: 130.225.254.116 80] >>> Unable to correct missing packages. >>> E: Failed to fetch >>> http://mirrors.dotsrc.org/debian/pool/main/l/linux/linux-libc-dev_4.19.118 >>> -2_amd64.deb 404 Not Found [IP: 130.225.254.116 80] E: Aborting install. >> >> I too experience this from time to time with mirrors.dotsrc.org >> >> I jut repeat the command, and provided I get a different IP destination, the >> package installs. >> >> It seems to me that there's some problem with one of the servers >> mirrors.dotsrc.org points at - the IP address presumably reveals which one. >> > > So far i understand it is a RR. When i tried to find it (with browser) i had > no success. > Is there any way to really check it ? > > > >> >> Antony. >> >> -- >> In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are >> British, the mechanics are German, the lovers are French, the entertainment >> is >> American, and everything is organised by the Swiss. >> >> In Hell, the beer is American, the chefs are British, the supermarkets are >> German, the mechanics are French, the lovers are Swiss, the entertainment is >> Belgian, and everything is organised by the Italians. >> >>Please reply to the list; >> please *don't* CC >> me. >> ___ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >> > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clarification please
Quoting g4sra via Dng (dng@lists.dyne.org): > Can anybody suggest a suitable authoritative/recursive DNSSEC > supporting name server for SOHO domain use on embedded systems. What > I am looking for is something like dnsmasq. dnsmasq, it should be noted, is _just_ a forwarder. It forwards outbound queries to one or more IP-identified recursive servers you specify. Those recursive servers do the actual work. Respectable recursive(-only) nameserver packages (that are open source): o Unbound o PowerDNS-recursor o dnscache (from the djbdns suite), if patched to modern standards o Deadwood o Knot Resolver o Bundy recursive portion (but it's probably scary betaware) Respectable authoritative(-only) nameserver packages (that are open source): o NSD o PowerDNS Authoritative Server o MaraDNS authoritative portion o rbldnsd o YADIFA o MyDNS-NG (which also does forwarding of out-of-bailiwick queries) o ldapdns o Knot DNS o gndsd o dnsjava o tinydns (from the djbdns suite), if patched to modern standards o Bundy authoritative portion (but it's probably scary betaware) (Something that becomes apparent as one studies this field is that writing an authoritative daemon is relatively easy and many folks have done it. Writing a recursive daemon without messing up is difficult, so there are far fewer successful examples.) I maintain a bestiary of all known DNS software for Linux, here: http://linuxmafia.com/faq/Network_Other/dns-servers.html The above list is extracted from it. The page is still missing one peculiar^W innovative package, called Ironsides. Coverage is coming, Real Soon Now. I _hope_ the page is reasonably clear and complete about DNSSEC support, but: Errare humanum est, sed perseverare autem diabolicum. FWIW, I am no longer comfortable with the idea of a combined authoritative/recursive server on a publicly exposed static IP. That has been deprecated for long decades as bad security, particularly because it increases the risk of cache poisoning of the recursive server. IMO, a LAN connected to public networks, even a small one, ought to have the authoritative service on a separate, public-facing host, and the recursive service on a protected, internal-network machine that is as shielded from public networks as possible. I have personal experience with: BIND9 (and predecessors), NSD, Unbound, PowerDNS Recursor, PowerDNS Authoritative Server, dnscache, tinydns. I can enthusiastically recommend NSD and PowerDNS Server. Before a recent troubling thing with Unbound where the developers made a dumb decision to accomodate containerising, I was a huge Unbound cheerleader and might be again. Necessary disclaimer: I'm personal friends with Deadwood/MaraDNS author Sam Trenholme (but have yet to substantially deploy his software). As an administrator whose experience with BIND goes all the way back to BIND4 days, I know well that it's the path of least resistance to just deploy a do-it-all nameserver package like BIND9, but that's been known to be a bad idea for a long time, and it's past time to stop doing that. -- Cheers,"Rand Paul being patient zero for a Senate Rick Moen viral outbreak is a sign of a writers' room r...@linuxmafia.comdropping too much acid, late in the season." McQ! (4x80)-- @owillis (Oliver Willis) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
