Made on IRCNow

Commit Diff

Commit:: 19467a88e6e1f95bf4cc7988ab4b1b53f6adca03
From:: jrmu <jrmu@ircnow.org>
Date:: Sun Dec 15 08:00:32 2024 UTC
Message:: Daily backup
Actions:: Patch | Tree
commit - af7d9b20f83173599bac8457b2a01e9f85eeb0c8
commit + 19467a88e6e1f95bf4cc7988ab4b1b53f6adca03
blob - /dev/null
blob + cc437497b866ba3c9c7d251c7ddb1d149bd72869 (mode 644)
--- /dev/null
+++ wiki.d/Resolv.Conf-Draft,del-1734141515
@@ -0,0 +1,28 @@
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230718
+author=jrmu
+charset=UTF-8
+csum=
+ctime=1712162557
+host=104.167.242.140
+name=Resolv.Conf-Draft
+rev=5
+targets=Resolvd.Usage,Unbound.Configure,Resolv.Conf,Unwind.Configure
+text=(:title Resolv.conf:)%0a%0aOpenBSD's name lookup relies on%0a[[https://man.openbsd.org/resolv.conf.5|resolv.conf(5)]] to tell it%0awhich nameservers to query.%0a%0a!! Change Default Nameserver%0a%0aSuppose we want to use the nameserver @@198.51.100.1@@ as our caching%0anameserver. If we are using DHCP and this differs from what we are%0agiven by the DHCP server, we may need to disable%0a[[resolvd/usage|resolvd]] as follows:%0a%0a[@%0a# rcctl stop resolvd%0a# rcctl disable resolvd%0a@]%0a%0aThen, we can fill @@/etc/resolv.conf@@ with our own values:%0a%0a[@%0alookup file bind%0anameserver 198.51.100.1%0a@]%0a%0a!! Use local caching nameserver%0a%0aSuppose we want to run our own caching nameserver with%0a[[unbound/configure|unbound]].%0a%0aIn that case, we edit @@/etc/resolv.conf@@:%0a%0a[@%0alookup file bind%0anameserver 127.0.0.1%0a@]%0a%0a!! Prefer IPv6%0a%0aTo get the resolver to choose IPv6 first, then fall back to IPv4:%0a%0a[@%0afamily inet6 inet4%0a@]%0a%0aPut this in @@/home/znc/etc/resolv.conf@@ to force ZNC to use IPv6 first.%0a%0a!! Flush stale DNS records%0a%0aIf your records have changed, make sure to flush your old DNS cache%0abefore running @@host@@. How to do this depends on which nameservers%0ayou have specified in [[resolv/conf|resolv.conf]], whether you have%0asetup [[resolvd/usage|resolvd]], [[unwind/configure|unwind]], or%0a[[unbound/configure|unbound]].%0a%0aIt's recommended to run your own local caching DNS server with [[unbound/configure|unbound]] instead of using Google or the nameserver provided by your ISP. By running a local caching DNS server, you have more freedom to pick nameservers, which can help prevent censorship and privacy issues.%0a%0a%0aBy default, @@host@@ uses the nameservers you%0aput in [[resolv/conf|resolv.conf]]. Suppose this is present in /etc%0a%0a[@%0anameserver 8.8.8.8%0alookup file bind%0a@]%0a%0aresolv.conf tells your server to ask 8.8.8.8 (Google) for domain name lookup.%0a%0aIf you decide to use unbound, you will want to resolv.conf to point to localhost:%0a%0a[@%0anameserver 127.0.0.1%0alookup file bind%0a@]%0a%0aThen, if you have updated your DNS records, you can simply restart the nameserver to flush the cache of DNS records:%0a%0a[@%0a$ doas rcctl restart unbound%0a@]%0a%0aThen, run host again.%0a
+time=1732327414
+title=Resolv.conf
+author:1732327414=jrmu
+diff:1732327414:1732327354:=7,8d6%0a%3c !! Change Default Nameserver%0a%3c %0a26,27d23%0a%3c !! Use local caching nameserver%0a%3c %0a38,39d33%0a%3c !! Prefer IPv6%0a%3c %0a47,48d40%0a%3c %0a%3c !! Flush stale DNS records%0a
+host:1732327414=104.167.242.140
+author:1732327354=jrmu
+diff:1732327354:1732326820:=7,11c7,8%0a%3c Suppose we want to use the nameserver @@198.51.100.1@@ as our caching%0a%3c nameserver. If we are using DHCP and this differs from what we are%0a%3c given by the DHCP server, we may need to disable%0a%3c [[resolvd/usage|resolvd]] as follows:%0a%3c %0a---%0a> You can specify the nameservers in this file as follows:%0a> %0a13,14c10,11%0a%3c # rcctl stop resolvd%0a%3c # rcctl disable resolvd%0a---%0a> lookup file bind%0a> nameserver 127.0.0.1%0a17,32c14,24%0a%3c Then, we can fill @@/etc/resolv.conf@@ with our own values:%0a%3c %0a%3c [@%0a%3c lookup file bind%0a%3c nameserver 198.51.100.1%0a%3c @]%0a%3c %0a%3c Suppose we want to run our own caching nameserver with%0a%3c [[unbound/configure|unbound]].%0a%3c %0a%3c In that case, we edit @@/etc/resolv.conf@@:%0a%3c %0a%3c [@%0a%3c lookup file bind%0a%3c nameserver 127.0.0.1%0a%3c @]%0a---%0a>      The resolv.conf file specifies how the resolver routines in the C%0a>      library (which provide access to the Internet Domain Name System)%0a>      should operate.  The resolver configuration file contains%0a>      information that is read by the resolver routines the first time%0a>      they are invoked by a process.  If the resolv.conf file does not%0a>      exist, only the local host file /etc/hosts will be consulted, i.e.%0a>      the Domain Name System will not be used to resolve hosts.%0a> %0a> %0a> To get the resolver to choose IPv6 first, then fall back to IPv4:%0a> %0a
+host:1732327354=104.167.242.140
+author:1732326820=jrmu
+diff:1732326820:1712174948:=3,8c3,4%0a%3c OpenBSD's name lookup relies on%0a%3c [[https://man.openbsd.org/resolv.conf.5|resolv.conf(5)]] to tell it%0a%3c which nameservers to query.%0a%3c %0a%3c You can specify the nameservers in this file as follows:%0a%3c %0a---%0a> To get the resolver to choose IPv6 first, then fall back to IPv4:%0a> %0a10,11c6%0a%3c lookup file bind%0a%3c nameserver 127.0.0.1%0a---%0a> family inet6 inet4%0a14,28d8%0a%3c      The resolv.conf file specifies how the resolver routines in the C%0a%3c      library (which provide access to the Internet Domain Name System)%0a%3c      should operate.  The resolver configuration file contains%0a%3c      information that is read by the resolver routines the first time%0a%3c      they are invoked by a process.  If the resolv.conf file does not%0a%3c      exist, only the local host file /etc/hosts will be consulted, i.e.%0a%3c      the Domain Name System will not be used to resolve hosts.%0a%3c %0a%3c %0a%3c To get the resolver to choose IPv6 first, then fall back to IPv4:%0a%3c %0a%3c [@%0a%3c family inet6 inet4%0a%3c @]%0a%3c %0a30,63d9%0a%3c %0a%3c If your records have changed, make sure to flush your old DNS cache%0a%3c before running @@host@@. How to do this depends on which nameservers%0a%3c you have specified in [[resolv/conf|resolv.conf]], whether you have%0a%3c setup [[resolvd/usage|resolvd]], [[unwind/configure|unwind]], or%0a%3c [[unbound/configure|unbound]].%0a%3c %0a%3c It's recommended to run your own local caching DNS server with [[unbound/configure|unbound]] instead of using Google or the nameserver provided by your ISP. By running a local caching DNS server, you have more freedom to pick nameservers, which can help prevent censorship and privacy issues.%0a%3c %0a%3c %0a%3c By default, @@host@@ uses the nameservers you%0a%3c put in [[resolv/conf|resolv.conf]]. Suppose this is present in /etc%0a%3c %0a%3c [@%0a%3c nameserver 8.8.8.8%0a%3c lookup file bind%0a%3c @]%0a%3c %0a%3c resolv.conf tells your server to ask 8.8.8.8 (Google) for domain name lookup.%0a%3c %0a%3c If you decide to use unbound, you will want to resolv.conf to point to localhost:%0a%3c %0a%3c [@%0a%3c nameserver 127.0.0.1%0a%3c lookup file bind%0a%3c @]%0a%3c %0a%3c Then, if you have updated your DNS records, you can simply restart the nameserver to flush the cache of DNS records:%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart unbound%0a%3c @]%0a%3c %0a%3c Then, run host again.%0a
+host:1732326820=104.167.242.140
+author:1712174948=jrmu
+diff:1712174948:1712162557:=8,9d7%0a%3c %0a%3c Put this in @@/home/znc/etc/resolv.conf@@ to force ZNC to use IPv6 first.%0a
+host:1712174948=104.167.242.140
+author:1712162557=jrmu
+diff:1712162557:1712162557:=1,7d0%0a%3c (:title Resolv.conf:)%0a%3c %0a%3c To get the resolver to choose IPv6 first, then fall back to IPv4:%0a%3c %0a%3c [@%0a%3c family inet6 inet4%0a%3c @]%0a
+host:1712162557=104.167.242.140
blob - /dev/null
blob + b651ab9a6d6077c483b43040ddf08639fb6d5e14 (mode 644)
--- /dev/null
+++ wiki.d/Unbound.Control
@@ -0,0 +1,25 @@
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230718
+author=jrmu
+charset=UTF-8
+csum=
+ctime=1734123628
+host=2602:fccf:1:2243::
+name=Unbound.Control
+rev=4
+targets=
+text=(:title Unbound-control:)%0a%0aYou can manage [[https://man.openbsd.org/unbound.8|unbound(8)]] with%0a[[https://man.openbsd.org/unbound-control.8|unbound-control(8)]].%0a%0a!! Setup keys for unbound-control%0a%0aTo create a self-signed certificate and private keys for the%0a[[https://man.openbsd.org/unbound.8|unbound]] server and client:%0a%0a[@%0a# unbound-control-setup             %0asetup in directory /var/unbound/etc%0aGenerating RSA private key, 3072 bit long modulus%0a...%0aSetup success. Certificates created. Enable in unbound.conf file to use%0a@]%0a%0a!! Inspect the cache%0a%0a[@%0a# unbound-control dump-cache%0a@]%0a%0a!! Inspect nameservers%0a%0aTo inspect which nameservers are used in the lookup of @@example.com@@:%0a%0a[@%0a# unbound-control lookup example.com%0aThe following name servers are used for lookup of example.com.%0a...%0a@]%0a%0a!! Flush cache%0a%0aTo reload the server, re-read the config file, and flush the cache:%0a%0a[@%0a# unbound-control reload%0a@]%0a%0a!! Flush negative cache%0a%0aIf a DNS record fails to validate the first time, this error will get cached:%0a%0a[@%0aMar  8 01:34:41 hostname unbound: [45846:0] info: validation failure %3cexample.com. A IN>: key for validation . is marked as invalid because of a previous validation failure %3cexample.com. A IN>: no DNSKEY rrset for trust anchor . while building chain of trust%0a@]%0a%0aThe solution is to flush all negative cache.%0a%0a[@%0a# unbound-control flush_negative%0a@]%0a%0a!! List forward zones%0a%0aTo list the forward zones:%0a%0a[@%0a# unbound-control list_forwards%0a@]%0a
+time=1734125981
+title=Unbound-control
+author:1734125981=jrmu
+diff:1734125981:1734125461:=55,62d54%0a%3c @]%0a%3c %0a%3c !! List forward zones%0a%3c %0a%3c To list the forward zones:%0a%3c %0a%3c [@%0a%3c # unbound-control list_forwards%0a
+host:1734125981=2602:fccf:1:2243::
+author:1734125461=jrmu
+diff:1734125461:1734123935:=6,10c6,7%0a%3c !! Setup keys for unbound-control%0a%3c %0a%3c To create a self-signed certificate and private keys for the%0a%3c [[https://man.openbsd.org/unbound.8|unbound]] server and client:%0a%3c %0a---%0a> !! Inspecting unbound's cache%0a> %0a12,16c9%0a%3c # unbound-control-setup             %0a%3c setup in directory /var/unbound/etc%0a%3c Generating RSA private key, 3072 bit long modulus%0a%3c ...%0a%3c Setup success. Certificates created. Enable in unbound.conf file to use%0a---%0a> # unbound-control dump-cache%0a19,24d11%0a%3c !! Inspect the cache%0a%3c %0a%3c [@%0a%3c # unbound-control dump-cache%0a%3c @]%0a%3c %0a33,54d19%0a%3c @]%0a%3c %0a%3c !! Flush cache%0a%3c %0a%3c To reload the server, re-read the config file, and flush the cache:%0a%3c %0a%3c [@%0a%3c # unbound-control reload%0a%3c @]%0a%3c %0a%3c !! Flush negative cache%0a%3c %0a%3c If a DNS record fails to validate the first time, this error will get cached:%0a%3c %0a%3c [@%0a%3c Mar  8 01:34:41 hostname unbound: [45846:0] info: validation failure %3cexample.com. A IN>: key for validation . is marked as invalid because of a previous validation failure %3cexample.com. A IN>: no DNSKEY rrset for trust anchor . while building chain of trust%0a%3c @]%0a%3c %0a%3c The solution is to flush all negative cache.%0a%3c %0a%3c [@%0a%3c # unbound-control flush_negative%0a
+host:1734125461=2602:fccf:1:2243::
+author:1734123935=jrmu
+diff:1734123935:1734123628:=10,19d9%0a%3c @]%0a%3c %0a%3c !! Inspect nameservers%0a%3c %0a%3c To inspect which nameservers are used in the lookup of @@example.com@@:%0a%3c %0a%3c [@%0a%3c # unbound-control lookup example.com%0a%3c The following name servers are used for lookup of example.com.%0a%3c ...%0a
+host:1734123935=2602:fccf:1:2243::
+author:1734123628=jrmu
+diff:1734123628:1734123628:=1,10d0%0a%3c (:title Unbound-control:)%0a%3c %0a%3c You can manage [[https://man.openbsd.org/unbound.8|unbound(8)]] with%0a%3c [[https://man.openbsd.org/unbound-control.8|unbound-control(8)]].%0a%3c %0a%3c !! Inspecting unbound's cache%0a%3c %0a%3c [@%0a%3c # unbound-control dump-cache%0a%3c @]%0a
+host:1734123628=2602:fccf:1:2243::