Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I get a call: "Hey the site is down. Fix it!"
Worked on my workstation, not on my phone => DNS issue.
Local cache: "All OK"
ISP's DNS: "No record"
Google DNS: "Server error"
MXToolbox: "All OK"
CloudFlare DNS: "Domain? What domain?"
After a day of fucking around with configs and wanting to strangle the customer support guy, I just started pressing buttons, until suddenly, it worked. Turns out I'd accidentally enabled DNSSEC on a domain, that wasn't configured for it.
Lesson learned: There is no official DNS error code for "DNSSEC failed somewhere upstream". If you're lucky, you might get something useful out of the authoritative server, but apparently not on Mondays.8 -
Successfully moved my server across the big pond - or so I thought.
Turns out that Vultr has newly acquired a IP range that was belonging to a ISP in Greece. So far so good. But, it existed on 6-7 blacklists, Vultr had failed to delegate the network to their rDNS, and my domain suffered from DNSSEC ( fuck DNSSEC )
After two days of complaining to Vultr because they did not believe me they finally fixed their shit. My domain did start working again from some reason that I dont know and the blacklists is being removed one by one.
The Circus ended with a beer on the balcony, I like beer 🍻🍻🍻9 -
DNS is everywhere.
I hate DNS.
I hate DNS migrations.
I hate having a hundred plus DNS names inside my brain.
I hate resolving issues.
I hate DNSSEC.
I hate CNAMES.
I hate services which cannot be persuaded to stop trying AAAA resolves first.
I hate the fucking stupid braindead idea to use TXT as a configuration store inside DNS... And thus the necessity to blow up DNS query size aka EDNS.
I really really really really really want to burn this whole mfucking shit down...7 -
Why does noone implement autoupdater, especialy on linux side? Is there a reason i dont get? Sure, most system stuff is better in apt, but if i install servers, i do not want to wait for these stupid linux release timings! If it were hard, id understand. But most of this is possible with something like GitHub API and 20 Minutes of time. I mean, yeah backwards compatibility and what not, but then handle that internaly.
Example: I use dnsmasq on a raspberry pi. RPI is running raspbian. Raspian is debian 8. Debian 8 has a version of dnsmasq with a pretty annoying bug, which prevents me from using dnssec, as i cant open any cloudflare pages. Why, o why isnt this updated at MY will? Then, if it isnt, why is it so impossible hard to compile this myself, no docs for that, no binaries, NOTHING? Dear server devs, please add atleast basic autoupdate functionality without having to rely on the base os.
Or, give me easily deployable binaries, if you cant write something integrated.12 -
WHY!
Email was invented a gazillion years ago and it's still a shiit experience to setup on linux. Just give me ONE complete package!!
nooo i need to get postfix, dovecot, spamassassain mailscanner, antivirus, opendmarc, opendkim, dovecot-managesieve dovecot-sieve, roundcube, database, webserver and then i still have to configure everything and setup certs, spf, dnssec, dkimkeys on the domains, domains, mailboxes, deny weak certs etc.
I know the whole do one thing and do that one thing well but how about you just be a mailserver and do that ONE thing well without me needing to putting all of the puzzle pieces together myself! I don't want to waste time setting all this shit up. and don't even get me started on symantec and live.com and their blocking!14 -
So got first invoice for Internet in my new flat. Via e-mail with winmail.dat attached. WTF? Send them reply that their mailing system is broken. They replied that *I* probably have wrongly setup *Outlook* and sent me instructions how to configure my Outlook. Thank you, my mutt us fine and your instructions wouldn't work. Sent them another reply that I'm happy that they know the answer and that they should apply it to their setup as my mail setup is correct. Got e-mail with pdf. No wonder those guys don't suppprt IPv6 nor DNSSEC if they have troubles using plain e-mail. Maybe I should check whether they have DKIM or SPF and do some little evil...1
-
The current finish of the whole network stuff is... exhausting.
We are in the finishing phase...
Like in the Simpsons:
Knife goes in, guts come out.
I've debugged today 4 h DNS...
One of the nodes - and the only node of 5 - didn't resolve one zone of many correctly.
It always tried to resolve via INet / Dot ...
So a _very_ special snowflake.
After going crazy... I decided to isolate the setup and increase verbosity for debugging.
It tourned out that the DNS server answered correctly - but was asked then again for a response by the defective node.
So I ripped out DNSSEC out from the DNS server, hoping the defective node would be fine with it.
Nope. It resolved then by itself via internet...
Well...
A lot of domain-insecure sprinkles later the defective node behaved correctly.
But why the fuck does _ONE_ single fucking stupid cunt machine decide to go rogue? Every node is equal....
It's just... Insane.
And reading the logs was insane too.
Top Tags
Weekly Rant
View