Gandi en avance sur son temps ?

Reçu ce matin :

Subject: [GANDI] 1 domaine(s) expirant dans 15 jours / 1 domain(s) expiring in 15 days

Cher client,

Vous recevez ce message car vous êtes contact des domaines listés
ci-dessous (voir tout en bas du message, après la partie anglaise).

Ces domaines arriveront à échéance dans 15 jours, et vous devez
effectuer le payement du renouvellement avant échéance,
sans quoi vos domaines seront détruits,
et de nouveau disponibles à l’enregistrement au public.

[..]

Liste de vos domaines / List of your domains:

Expiration                                  Creation                  Domain(e)
2007-09-21 02:33:35  2001-09-21 02:33:35  LUCAS-NUSSBAUM.NET

(Heureusement, un mail d’excuses a suivi dans l’après-midi.)

Rajouté aux rumeurs de domaines dont les contacts ou les serveurs DNS ont été mystérieusement modifiés, et aux domaines .fr enregistrés (et payés) par deux personnes différentes, il y a de quoi s’inquiéter un peu.

Peut-être que Gandi devrait moins s’intéresser aux blogs et un peu plus aux noms de domaines ?

Rencontres Mondiales du Logiciel Libre / Libre Software Meeting

I’ll be attending the RMLL/LSM this year again, in Nancy from July 4th to 8th. Ping me if you are going there too, we could chat a bit :-)

Like almost every year, organizers aren’t very good at communication, and there are many open questions :

  • The registration deadline is today, however, it seems you can cancel your registration on the web page after today. Does it mean that if you are not sure of coming, you can just register today and then cancel later ? (it seems so)
  • Will internet access be available ? Will it be shut down during Thursday afternoon like last year ? :-)

Humour geek

Un collègue ne locke pas son poste de travail, et vous voulez lui faire une blague ? Un journal linuxfr propose quelques idées. Les plus fines :

  • Ctrl+s dans ses terminaux (mais il faut tomber sur quelqu’un qui ne connait pas)
  • setxkbmap dvorak (ou setxkbmap fr, selon le collègue !)
  • alias ssh=logout

Au passage, j’ai aussi découvert cowsay.

qemu 0.8.1 and tun/tap networking

qemu’s documentation isn’t really crystal clear, and I lost a lot of time with this today.

The way you can link your guest system and your host system has changed between qemu 0.7 and 0.8, with the introduction of Virtual LANs. They are mandatory: you always have to use one, even if you only want to use one qemu instance.

When running qemu, you have to specify both endpoints :

  • the one to the host system (using -net tap)
  • the one to the guest system (using -net nic)

A working command line to start qemu looks like qemu -net nic -net tap -hda ….

Non-google Summer of Code proposal: Distributed monitoring of the Jabber network

(This was initially a Google SoC project proposal. Someone got a grant to work on this, but then, he got another grant to work on another project, and he chose to work on the other one…)

The Jabber network isn’t really known for its reliability: servers are often down, or are unable to contact other servers. And most server admins don’t have tools to detect such problems. There’s some data on http://public.jabbernet.dk/mrtg/, but it’s far from being enough.

The goal of this project is to build a testing framework to be able to monitor the public servers and answer those questions :

  • Do client connections using SASL, TLS or SSL currently work on server foo.com ? (not only checking if the TCP port is open, but do full login)
  • Do server-to-server communications works between server foo.com and bar.com ? What about latency ? (To determine that, you need to connect to both servers and exchange ping messages)

Of course one would need a nice way to vizualize such data (matrix + rrdtool graphs ?)

Additional ideas :

  • Allow server admins to set a contact email, so they can be informed of problems (and/or provide an RSS feed)
  • Integrate this into the XMPP Federation

I would like to work on this, but I won’t have time. If you are interested, please contact me !

IP over DNS

Sometimes, you are at an airport, hotel, train station, … Wireless Internet access is available, but very expensive, and you start to feel not so well because you haven’t checked your mail in the last 6 hours.

Often, DNS works : you can resolve everything, which is quite frustrating… But wait. Why can’t we tunnel IP packets into DNS packets ?

There are two existing solutions (to my knowledge) to do that. Both work using the same principle : you delegate a subdomain to a special DNS server (so you need to be able to run a DNS server somewhere, that means having UDP port 53 still available). Then, the client software issues DNS requests for TXT records in this subdomain. Data is encapsulated into those DNS requests.

NSTX (latest version, project page, Debian package) is written in C and tries to build a full VPN between you and the server. While it works, it doesn’t always work, probably because of some caching DNS servers which might not like your crafted packets. Also, it requires setting tun interfaces at both ends. So I gave up with it, and switched to OzymanDNS

OzymanDNS (latest release, no real documentation available) is a simpler alternative, written in Perl. It only allows you to tunnel a TCP connection, which is enough, because if you can establish an SSH connection, you can use SSH tunnelling, Socks proxying, or even build a full VPN with OpenSSH 4.3.

To run OzymanDNS, you need to install the necessary perl modules (Debian packages libnet-dns-perl and libmime-base32-perl, amongst others) on both ends. You also need to delegate a subdomain to your crafted server (we will use tunnel.example.com). Then :

  • On the server, start: ./nomde.pl -i 127.0.0.1 tunnel.example.com (the -i 127.0.0.1 is not important, it’s just the IP address the server returns in case it receives an A query).
  • On the client, run ssh with ProxyCommand: ssh -o ProxyCommand="./droute.pl sshdns.tunnel.example.com" localhost. The sshdns asks the server for a connection to localhost:22.
  • You know have an SSH connection open to the other end.

While it’s not very fast, it’s still quite usable for stuff like reading mails with mutt. Also, I experienced some crashes while trying to transfer a quite large file with scp over socks over ssh over IP over DNS, so there might be some bugs. If somebody wants to hack on this … :-)

Update: Nice presentation about all this stuff here.

Update 2: As mentionned in the comments, there’s also iodine, which is similar to nstx (tunnelling IP over DNS using tun devices on both ends). I also found DNScat. It’s written in Java, and can do tunnelling using ppp.