IP.OF.UPSTREAM.RESOLVER
-
From
(not that his, currently, self-signed cert isn't a WTF in of itself, but that's not the discussion point here)we learn that
[one of the changes is to] Clarify that IP.OF.UPSTREAM.RESOLVER is not actually the hostname of a server you can use.
Intrigued, I go searching, to find..
Which is essentially
forward-zone: name: "." - forward-addr: IP.OF.UPSTREAM.RESOLVER + forward-addr: 1.2.3.4 # replace with upstream resolver's IP </pre></blockquote> Further configuration options can be found in
So, while possibly more syntactically correct....
-
I understand all the words in this post and the linked article, but not what any of this means.
-
@cartman82
tl;dr: Dumb person just pulled the example YAML into their production YAML without reading through it or understanding it, things broked, developer had to clean up after luser.
-
@izzion said in IP.OF.UPSTREAM.RESOLVER:
@cartman82
tl;dr: Dumb person just pulled the example YAML into their production YAML without reading through it or understanding it, things broked, developer had to clean up after luser.I don't understand. Can you make it simpler?
-
@cartman82 man break thing. Break funny
-
@cartman82
The example config couldn't sort fruits. So they updated the example config so that it still won't sort fruit if you just use it, but at least it won't throw an exception.
-
@izzion said in IP.OF.UPSTREAM.RESOLVER:
@cartman82
The example config couldn't sort fruits. So they updated the example config so that it still won't sort fruit if you just use it, but at least it won't throw an exception.AH YES! FRUIT! SORT FRUIT GOOD! CANDIDATE NOT SORT FRUIT BAD! CANDIDATE SLOW TYPE BAD! CARTMAN SMART!
-
-
@izzion said in IP.OF.UPSTREAM.RESOLVER:
@cartman82
tl;dr: Dumb person just pulled the example YAML into their production YAML without reading through it or understanding it, things broked, developer had to clean up after luser.but did so in a way that didn't "fix" the problem.
also BOOOOOOOOO! person who posted a commit comment pointing this out and suggesting an alternate fix that doesn't have the issue! BAD Developer! BAD! you should have let the WTF go unchallenged so we could laugh at it on the front page!
-
@accalia
Eeeeeh. 1.2.3.4 is a blacklisted publicly routable IP address. You're right, but IANA isn't going to assign it at this point, so they're not wrong either, since Cisco has already poisoned the 1.2.3.4 water hole.Ok, I'm wrong. But it's only assigned somewhere in Australia, they're OK to bomb with DNS resolution requests.
-
If I was the lead maintainer, I'd this commit because
- If someone is dumb enough to leave
IP.OF.UPSTREAM.RESOLVER
in the config, then they're dumb enough to leave1.2.3.4
or any other IP in there. - Having a valid IP in there makes it harder to work out what's failing. Even
256.256.256.256
would be better than1.2.3.4
.
- If someone is dumb enough to leave
-
@pjh said in IP.OF.UPSTREAM.RESOLVER:
Clarify that IP.OF.UPSTREAM.RESOLVER is not actually the hostname of a server you can use.
If you pay their tax, I'm sure ICANN will be more than happy to let you register the .resolver TLD.
@pjh said in IP.OF.UPSTREAM.RESOLVER:
+ forward-addr: 1.2.3.4 # replace with upstream resolver's IP
Good job, asshole, now you're sending even more traffic to that block.
-
Oops...
-
@pjh
Is there a reverse ONE OF US badge for when you inflictthe slavering hordesWTDWTF on an external user?
-
@raceprouk
It's likely that256.256.256.256
would generate an exception the same way thatIP.OF.UPSTREAM.RESOLVER
did, and thus wouldn't meet their requirement for changing.
-
@izzion said in IP.OF.UPSTREAM.RESOLVER:
@raceprouk
It's likely that256.256.256.256
would generate an exception the same way thatIP.OF.UPSTREAM.RESOLVER
didExactly! :D
@izzion said in IP.OF.UPSTREAM.RESOLVER:
and thus wouldn't meet their requirement for changing
Their requirement is as stupid as the user who left
IP.OF.UPSTREAM.RESOLVER
in the config.
-
@raceprouk
Having the example file actually not throw exceptions when implemented is, in my opinion, a much better default than having your example file throwE_FUCK_YOU_USER
Though, maybe that's why I'm a Windows heathen instead of a Linux convert.
-
@izzion On the other hand, having it throw an error
You dun fukked up ur IP address, luzer!
at least makes it obvious what's wrong :P
-
@izzion Both lead to ops droids going "It no worky", as evidenced by more than a few threads, and neither will lead them to investigate the issue further. At least -- with
mosta few applications -- a syntactic error in the configuration gives a specific problem statement, file name, and line number for whoever they escalate to to fix, as opposed to a semantic error which usually kills functionality leaving no trace.
-
@izzion
The funny part is that 3 of our forum members commented before even looking at the repository long enough to figure out that it's a mirror. It's unlikely that the developers will ever read their comments.
-
-
@asdf said in IP.OF.UPSTREAM.RESOLVER:
@izzion
The funny part is that 3 of our forum members commented before even looking at the repository long enough to figure out that it's a mirror. It's unlikely that the developers will ever read their comments.i trusted @PJH to post the most relevant link. if they did not then my trust was misplaced and i am severely disappoint. Shame on they for doing this thing. Shame.
-
@accalia said in IP.OF.UPSTREAM.RESOLVER:
post the most relevant link
Have fun finding a link to the private git repo...
-
@pjh said in IP.OF.UPSTREAM.RESOLVER:
@accalia said in IP.OF.UPSTREAM.RESOLVER:
post the most relevant link
Have fun finding a link to the private git repo...
I tried.
Not very hard, but I did try.
I was bored, OK? :P
-
@pjh There's no private git repo. There's a public CVS repo, but you can only file issues against it by running OpenBSD and running
bugreport
from the command line.
-
@twelvebaud There is a mailing list too. Who the fuck prefer mailing lists?
-
@twelvebaud said in IP.OF.UPSTREAM.RESOLVER:
@pjh There's no private git repo. There's a public CVS repo, but you can only file issues against it by running OpenBSD and running
bugreport
from the command line.Install BSD to file a bug report in the defautl BSD configuration?
-
-
@izzion said in IP.OF.UPSTREAM.RESOLVER:
@raceprouk
having your example file throwE_FUCK_YOU_USER
BRB. Adding something to my example file processing…
-
@twelvebaud said in IP.OF.UPSTREAM.RESOLVER:
Why didn't her post stream in?...
Sounds like you're using the default chunk size for loading (20 posts) and the streaming loader was broken. Which sort of happens rather often. :(
-
@izzion said in IP.OF.UPSTREAM.RESOLVER:
Having the example file actually not throw exceptions when implemented is, in my opinion, a much better default than having your example file throw E_FUCK_YOU_USER
Having the example file (try to) do something against a random server is worse than having it do nothing at all. And even leaving an invalid-but-parseable-enough IP address here muddies the waters.
What happened to failing fast?
-
this shit?
Either your software has a useful preset or your software bitchcomplainfails until it's properly configured. Everything else is bad software.
-
@maciejasjmj said in IP.OF.UPSTREAM.RESOLVER:
What happened to failing fast?
Now we have the there right out of the box…
-
@maciejasjmj The correct answer is to put
8.8.8.8
in there, like they do in the actual example file, but they're probably scared of another Poul-Henning Kamp incident. Failing that, they should put something unparseable there, but that's "unclear". Having ruled out the only correct options, we're limited to trying to recommend other incorrect options that are still better than the terrible one they picked. "No" may be the right answer, but it's a terrible business case.
-
@twelvebaud said in IP.OF.UPSTREAM.RESOLVER:
another Poul-Henning Kamp incident
I don't recall seeing that.
-
@dkf I dug through the mailing list archives (!) and found where they updated (without it being mirrored across) the example config file to have the latest public DNS resolvers. Some of the discussion was about how they can't uncomment any of those lines by default because it would lead to shitstorms of traffic, similar to when D-Link decided to use Kamp's NTP server for, oh, a few hundred million devices without warning. Today's brouhaha is about the documentation for how to make an OpenBSD router using PF, their dain-bramaged version of IPTables.
The actual upstream Unbound source code does it correctly. Mostly.
-
@twelvebaud Oh yes, I very vaguely remember that.
Except that adding a few hundred million devices all at once probably wouldn't stress
8.8.8.8
all that much. Google's infrastructure is more than a little resilient to traffic surges…
-
@twelvebaud said in IP.OF.UPSTREAM.RESOLVER:
@maciejasjmj The correct answer is to put
8.8.8.8
in there, like they do in the actual example file, but they're probably scared of another Poul-Henning Kamp incident. Failing that, they should put something unparseable there, but that's "unclear". Having ruled out the only correct options, we're limited to trying to recommend other incorrect options that are still better than the terrible one they picked. "No" may be the right answer, but it's a terrible business case.I mean, maybe change "IP.OF.UPSTREAM.RESOLVER" to something like "CHANGEME"?
-
@wharrgarbl said in IP.OF.UPSTREAM.RESOLVER:
@twelvebaud There is a mailing list too. Who the fuck prefer mailing lists?
Apparently people who use Discourse.
-
@tsaukpaetra said in IP.OF.UPSTREAM.RESOLVER:
@wharrgarbl said in IP.OF.UPSTREAM.RESOLVER:
@twelvebaud There is a mailing list too. Who the fuck prefer mailing lists?
Apparently people who use Discourse.
I'm surprised they haven't given NNTP a chance - ya know, distribute between all the currently running instances...
alt.discourse.bugs.ignored.really-ignored.hidden.jeffed.deleted.purged
.moderated
e.g.:looks_up:
Ah - thought I was in a different thread.
-
@pjh said in IP.OF.UPSTREAM.RESOLVER:
I'm surprised they haven't given NNTP a chance - ya know, distribute between all the currently running instances...
alt.discourse.bugs.ignored.really-ignored.hidden.jeffed.deleted.purged
.moderated
e.g.:looks_up:
Ah - thought I was in a different thread.
alt.jeff.alien-vampire.flonk.flonk.flonk
-
@pjh said in IP.OF.UPSTREAM.RESOLVER:
@tsaukpaetra said in IP.OF.UPSTREAM.RESOLVER:
@wharrgarbl said in IP.OF.UPSTREAM.RESOLVER:
@twelvebaud There is a mailing list too. Who the fuck prefer mailing lists?
Apparently people who use Discourse.
I'm surprised they haven't given NNTP a chance - ya know, distribute between all the currently running instances...
alt.discourse.bugs.ignored.really-ignored.hidden.jeffed.deleted.purged
.moderated
e.g.:looks_up:
Ah - thought I was in a different thread.
Didn't someone from here try to make a discourse-to-nntp gateway?
-
@pleegwat said in IP.OF.UPSTREAM.RESOLVER:
@pjh said in IP.OF.UPSTREAM.RESOLVER:
@tsaukpaetra said in IP.OF.UPSTREAM.RESOLVER:
@wharrgarbl said in IP.OF.UPSTREAM.RESOLVER:
@twelvebaud There is a mailing list too. Who the fuck prefer mailing lists?
Apparently people who use Discourse.
I'm surprised they haven't given NNTP a chance - ya know, distribute between all the currently running instances...
alt.discourse.bugs.ignored.really-ignored.hidden.jeffed.deleted.purged
.moderated
e.g.:looks_up:
Ah - thought I was in a different thread.
Didn't someone from here try to make a discourse-to-nntp gateway?
IIRC they succeeded.
-
@pleegwat said in IP.OF.UPSTREAM.RESOLVER:
Didn't someone from here try to make a discourse-to-nntp gateway?
https://what.thedailywtf.com/topic/13678/discourse-to-nntp-gateway
-
Now that we're on NodeBB, we have a working search box.
It's the second result.
-
@pjh said in IP.OF.UPSTREAM.RESOLVER:
@pleegwat said in IP.OF.UPSTREAM.RESOLVER:
Didn't someone from here try to make a discourse-to-nntp gateway?
https://what.thedailywtf.com/topic/13678/discourse-to-nntp-gateway
And over on the serious side (well it hasn't been deleted yet):
https://meta.discourse.org/t/mailing-list-and-nntp-bridge/3453
-
-
@timebandit said in IP.OF.UPSTREAM.RESOLVER:
From that thread
Sam Saffron co-founder:
Keep in mind, Discourse is a system of rainbows,
Rainbows, but not clown vomit. Duh!
-
@twelvebaud said in IP.OF.UPSTREAM.RESOLVER:
The correct answer is to put 8.8.8.8 in there, like they do in the actual example file, but they're probably scared of another Poul-Henning Kamp incident.
Even without Google sending you sternly-worded letters to cut that shit, you're still introducing a dependency to a system you're not controlling. Have fun picking up all those support calls when Google screws something up!
It might not be a huge issue in that case since a lot of other things will break if 8.8.8.8 ever goes down and in the midst of the chaos of nuclear apocalypse the complaints of all three users of BSD will get lost in the noise, but it's still bad on principle.
-
@maciejasjmj That's why the example file has them all commented out. You actually have to pick one from the six or seven they've confirmed won't send individuals sternly worded letters, in which case you're assuming responsibility. But, barring the chaos of the nuclear apocalypse, all of those options work as soon as they're uncommented.