Archív kategorií: Linux

PowerDNS – GSQLBackend lookup query:Attempt to bind more parameters than query has

PowerDNS is a very good DNS nameserver, but debugging is sometimes very hard. I just add some records to my zone and zone stops working: server doesn’t respond to DNS queries.

Here is error from syslog:

2018-03-28T23:59:14+02:00 my [err] [pdns] Exception building answer packet for hostname.sk/MX (All data was not consumed) sending out servfail
 2018-03-28T23:59:30+02:00 my [err] [pdns] Backend reported permanent error which prevented lookup (GSQLBackend lookup query:Attempt to bind more parameters than query has: SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name=? and domain_id=?), aborting

Tracing of pdns told me the following exception:

$ strace -s 4096 -f -e send,recv,read,write,sendmsg -p `pidof /usr/sbin/pdns_server-instance`
[pid 12801] send(3, "<27>Mar 29 01:09:08 pdns[12791]: Exception building answer packet for zcvisioncare.sk/A (All data was not consumed) sending out servfail\0", 137, MSG_NOSIGNAL) = 137

After few hours of googling, debugging, removing records etc. I have found:

$ pdnsutil check-zone hostname.sk
[Error] Following record had a problem: "hostname.sk IN SOA ns.hostname.sk hostmaster.hostname.sk 2018032808 21600 7200 1209600 3600 "
[Error] Error was: All data was not consumed
Checked 14 records of 'hostname.sk', 1 errors, 0 warnings.

Did you notice extra space at the end of record? After removing extra space problem get solved.

I have added the following crontab job to prevent problems in the feature:

@daily pdnsutil check-all-zones | grep Error

Firewall rule to allow access to windows updates

When you try to install Windows updates for the first time (e.g. you buy a new computer with Windows 8.1 preinstalled), windows doesn’t start to download updates unless you permit UDP connection to port 3544.

Here is the firewalling rule for your linux firewall:

iptables -A FORWARD -d 94.245.64.0/18 -p udp -m udp --dport 3544 -m conntrack --ctstate NEW -j ACCEPT

Here we go!
Windows_update

Howto make sure nagstamon is running on your desktop

nagstamon_header_logo Add the following line to your (desktop user, not root) crontab:

*/5 * * * * [ -z "`pidof -x /usr/bin/nagstamon`" ] && DISPLAY=:0.0 /usr/bin/nagstamon &

This will start nagstamon and make sure user doesn’t closes them. Tricky is configuration of connection to you Xserver / graphical environment. But solution is simple: set $DISPLAY environment variable to :0.0 value, which means ‚use the first desktop running on localhost‘.

Did you know ‚xauth list‘ command?

Nagstamon – Python OpenSSL certificate validation

nagstamon_header_logo When I try to connect to my monitoring system with desktop widget Nagstamon, Nagstamon was not able to connect due to SSL certificate validation problem. I’m using certificate from CAcert.org.

After a while of hacking I have found this workaround in source code. This is the wrong way: Pokračovať v čítaní →

MySQL Workbench – passwords not being saved in keychain

If you have problem, that your MySQL Workbench can’t save passwords for your MySQL connections, try to start mysql-workbench in verbose mode. Maybe you will see a error:

$ mysql-workbench --verbose
** Message: Gnome keyring daemon seems to not be available. Stored passwords will be lost once quit
['un\\"o', 'do``s']
Ready.

Thread started

Pokračovať v čítaní →

OpenSSL – verify OpenSSL certificate using your own CA

For more details see man x509

Print issuer hash of your OpenSSL certificate

echo '' | \
    openssl s_client  -connect ldap.hostname.sk:ldaps -status 2>/dev/null | \
    openssl x509 -noout -issuer_hash

Pokračovať v čítaní →

sendxmpp release v1.24

New config file format is supported since sendxmpp version 1.24. Issue #9 – passwords with spaces not supported in .sendxmpprc. has been fixed.

Example for Google Talk servers:

$ cat ~/.sendxmpprc
username: lubomir.host
jserver: talk.google.com
password: my-"secure-pass _word with sp@ce!
component: gmail.com

Please, don’t try the password above, I have changed them. 🙂

Flash plugin doesn’t work in Chromium (Debian) – SOLVED

Flash plugin in Chromium

I you have a problem with flash plugin in Chromium, here is a little howto. Debian howto helps me only a little, because one important information is missing.

Pokračovať v čítaní →

Make cryptsetup ask the same password only once at boot

initramfs-tools-cryptroot-as-password-onceI bought a new hard drive. Because I protect all my harddisk with encryption, I setup LUKS for new harddrive too. But init scripts ask password for every encrypted partition and I want enter my harddisk password only once. I have started with googling but I wasn’t succesfull. I have found this thread about the same problem. But author didn’t provide patch and uploaded *.tar.gz archive is no longer available. Pokračovať v čítaní →

Attachments

initramfs-tools-cryptroot-as-password-once (1kB)

Howto develop SQL procedures faster

Developer at work

If you are working on some SQL project, making SQL dump more readable is very usefull. You need to optimize edit-import-try-fix-export loop, because you want develop your SQL procedures fast. Here are some tips how to accomplish this.
Pokračovať v čítaní →

Blog Ľubomíra Hosta

súkromný blog

Archív kategorií: Linux

PowerDNS – GSQLBackend lookup query:Attempt to bind more parameters than query has

Firewall rule to allow access to windows updates

Howto make sure nagstamon is running on your desktop

Nagstamon – Python OpenSSL certificate validation

MySQL Workbench – passwords not being saved in keychain

OpenSSL – verify OpenSSL certificate using your own CA

Print issuer hash of your OpenSSL certificate

sendxmpp release v1.24

Flash plugin doesn’t work in Chromium (Debian) – SOLVED

Make cryptsetup ask the same password only once at boot

Attachments

Howto develop SQL procedures faster