end.re

I've made a plenty of domains with full of various intentional mistakes for testing DNS implementations, and also for sanity checks while making a check script that will operate very much like ISZT regcheck 'Domi'. Maybe I'll call it OpenDomi as ISZT refused to open the source of Domi. Here are the domains and description of mistakes they have:

Feel free to use these domains for your tests.

The long awaited 4.1 is out with implemented features came from right top of the wishlistes:

• tray support in i3bar (for NetworkManager, Skype, etc.);
• window criteria now supports PCRE;
• application startup notification;
• the application window will appear on the workspace on which it was launched and not on the currently focused workspace (actually, I will miss this 'feature' as I used to launch libreoffice from a shell and then I switched to another workspace to use libreoffice from there);
• i3bar is now configurable in the i3 configfile.

and much more in the release notes.

However, I still miss a Nagios-like event broker interface for further event notification and control scripting support. The simple event subscription API in i3 is too simple for my needs right now (I have a long-lasting dream of a hardware interface for i3, details later :) ). I've flagged the Arch community package as out of date so expect an 'official' update package release soon.

Just a quick note on 11/11/11: I'd like to express how awesome big-endian is in all aspects of life. In Hungary we use big-endian for pretty much everything (very much like Japan), eg. representing dates, names and addresses.

For example, in hungarian language, the date of today is usually expressed like:

longest form: 2011. november 11, péntek. (YYYY-MM-DD, day-of-week)
shortest form: 11.11.11 (YY.MM.DD.)

It can be much easier to interpret a date that comes in front of you while browsing the net when it starts with a year, because it will hardly represent a middle-endian date (YYYY-dd-mm), while dates ending with year can be confusing, because if the day part is lesser than 13, you can't be sure if month or day comes first (mm/dd/yyyy or dd/mm/yyyy).

In Hungarian names, the Family name (thus the most significant) comes first and then the given name, and maiden/middle (least significant) name last. People with three names is quite uncommon though.

An address specification is like the following (Parlament of Hungary in this case):

Budapest
V. kerület
Kossuth tér 2
1051

Budapest (most significan data) is the capitcal city of Hungary, 'V. kerület' means 5th district, Kussuth ter stands for Kossuth square, and 2 is the house number (least significant). 1051 is the post code (here is some redundancy as post codes specifies a region of the country so if someone misses to specify the city or the district, its letter still can be delivered to the right address).

Soon there will be 11:11:11 UTC that can be representated as

2011-11-11T11:11:11Z

according to the ISO8601 standard. The standard is pretty straightforward, no confusion at all.

FFS use big-endian every where plox.

Hey, I've made a PKGBUILD for our blog engine Blogofile to be used in Arch Linux. The stable version is 0.7.1 as of now, and I will update the package if upstream comes out with a newer version. It has only one dependency (python-textile) that is not in the official Arch repo but can be found in AUR as well.

Reverse DNS is good for you. Especially if you run your own SMTP MTAs. Without proper reverse-forward DNS record mapping, some nice anomalies may appear for you. You may have faced the fact some other MTAs shut down your incoming connection for no particular reason. OpenSSH daemon also has the option to check if your forward and reverse DNS entries match. Also, being on IRC with only an IP address is lame ;)

In the IPv4 times we had relatively small subnets where we could easily set up reverse reocrds for our hosts. However, with IPv6 we now have plenty addresses available so dealing manually with the records is not the way to go.

A Hungarian telco, Magyar Telecom, provides IPv6 access pilot for home users via ADSL PPPoE, delegating them /56 subnets upon request. Many tunnel brokers let you use your own nameservers for reverse PTR records for the delegated subnets. This is not the case with Telekom, they serve the reverse records for every each IP address that belong to the delegated subnets. The have chosen representation of non-compressed ipv6 addresses without the colon sign (20014C48010002D3D80C3CA1F161E842.access.pool.telekom.hu). Digi, another company in Hungary service area is providing IPv6 access that has dynamic v6 reverse servers for their customers. Digi has became a SixXS PoP with two nodes and also has an IPv6 pilot for customers in a chosen city. Digi does this by two other nameservers than their main ones, ns1-dynv6.hdsnet.hu. and ns2-dynv6.hdsnet.hu. respectively. They represent IP addresses as they are in regular convention but with changing colons to minus signs (2a01-0368-e002-0000-0000-0000-0000-0001.pool6.digikabel.hu). The actual solution Magyar Telekom and Digi uses is unknown to me.

Serving this large zones obviously cannot be done with regular in-memory static zone files as it would need much MUCH storage just to store the records names for 2^72 address for one single subscriber's subnet.

Solutions in the wild

There are simple yet powerful services for this issue, one of them is ip6arpa.co.cc. It only needs your reverse zones delegated to its nameserver, everything else done magically. Of course this prevents you to have custom rDNS record for your hosts. Another one is made by DJB: walldns that simply maps the IP address to the appropiate in-addr.arpa entries pretty much the same way as ip6arpa.co.cc does.

I also met this technique when I was at 27c3, where the network guys set up a DNS server providing dynamic reverse (and forward) records for both the IPv4 (/16) and IPv6 (/48) subnets delegated for the congress. They made nice hosts on IRC like the following:

muckl [~hans@node-d635ikmq0jzy23f.ipv6.congress.ccc.de] has joined #27c3
nikNULLP0INTER [~okin@node-37k.ipv4.congress.ccc.de] has joined #27c3

Base 36 encoding of IP address is the most compact way an IP address can be represented (though an april's fool RFC is out for base85 representation). This was more than perfect for me SoHo needs I just needed the proper solution the 27c3 guys were using. The authoritive name server DNS version query showed that PowerDNS was being used for this purpose.

I have heard of PowerDNS being powerful, just not thought that this much powerful.

So with all these informations I began to search the net for ready made solutions. The first relevant match was v6rev which just does an eye-friendly reverse representation of ip addresses but not in such a compact way. Later I found a pipe backend written in C for PowerDNS which had the same limitation as v6rev had: it still need its own subdomain for the delegated zone. I find it awesome to have the reverse records mapped automatically right in the topmost domain.

My own approach

There were no ready tools having these features, so I started to write my own in Perl. A prototype version worked well but it did a lot math with the IP addreses. Meanwhile I have found the original code that was used on 27c3 and I immediately started to enchance it to my needs because it also had support for IPv4 addresses with the same library they were using for IPv6. I have addedd the following features to the original code:

• custom prefix and postfix settings per subnet,
• longest prefix match with radix tree,
• attribute inheriting prefix tree (dict inheriting class included),
• automatic reverse zone calculation.

It accepts the following configuration parameters stored in a dictionary:

DEFAULTS = {
    'email': 'hostmaster.example.com',
    'dns': 'ns0.example.com',
    'ttl': 300,
    'version': 6,
    'nameserver': [
        'ns0.example.com',
        'ns1.example.com'
    ]
}

Default are for the SOA record as well for the NS records needed to reflect the zone delegation records defined at the tunnelbroker side. Prefix delegation mapping are defined like the following (all defined values are overriding the default ones):

PREFIXES = {
    netaddr.IPNetwork('2a01:270:201b::/48'):    HierDict(DEFAULTS,{'prefix': 'u', 'postfix': '-node0', 'forward': 'y7.hu',}),
    netaddr.IPNetwork('2a01:270:201b:1::/64'):  HierDict(DEFAULTS,{'prefix': 'h', 'postfix': '-vpn0-node0', 'forward': 'y7.hu',})
}

Example operation:

# dig -x 2a01:270:90bd::1 +short
u1-node0.y7.hu.
# dig -x 2a01:270:90bd:1::1 +short
h1-vpn0-node0.y7.hu.
# dig -x 2a01:270:90bd::dead:c0de +short
u1ps9xb2-node0.y7.hu.
#
# dig -t aaaa h1-vpn0-node0.y7.hu. +short
2a01:270:90bd:1::1
# dig -t aaaa usomefoobar-node0.y7.hu. +short
2a01:270:90bd:0:a:597c:761c:6333
# dig -t aaaa hsomefoobar-vpn0-node0.y7.hu. +short
2a01:270:90bd:1:a:597c:761c:6333

Automatically generated record can be overridden depending of the order of the launch of backends specified in the PowerDNS configuration. The forked source can be found in my github repo.