Logs for jdev@conference.jabber.org
[00:01:28] * Tobias left the chat.
[00:32:27] * Zash left the chat.
[01:10:19] * Neustradamus joined the chat.
[01:10:19] * Neustradamus left the chat.
[01:23:41] * Flow left the chat.
[01:51:46] * Lance left the chat.
[01:56:37] * Lance left the chat.
[02:08:07] * waqas left the chat.
[02:13:36] * Neustradamus joined the chat.
[02:29:19] * Neustradamus left the chat.
[02:34:49] * Maranda left the chat.
[02:42:24] * waqas joined the chat.
[02:45:11] * Lance joined the chat.
[03:03:22] * Lance left the chat.
[03:22:24] * edwinm left the chat.
[03:26:07] * edwinm joined the chat.
[03:46:21] * Lance joined the chat.
[03:58:25] * Darlan left the chat.
[04:05:46] * Lance left the chat.
[04:23:22] * Maranda joined the chat.
[04:26:00] <> hmm jabberd 2.2.14 seems to have a bad issue, if you close its stream with unsupported-version as condition it starts to loop
indefinitely attempting to reconnect.
[04:27:03] <> [05:20:52] HAL: j.vip72.org is running jabberd version 2.2.14 on FreeBSD i386 <-- at least this looks to be affected.
[04:49:50] * Lance joined the chat.
[05:08:17] * Lance left the chat.
[05:17:51] * Lance joined the chat.
[05:18:57] * MattJ left the chat.
[05:19:08] * Lance joined the chat.
[05:29:05] * Maranda left the chat.
[05:59:35] * Lance left the chat.
[06:04:34] * Lance left the chat.
[06:07:27] * bear left the chat.
[06:38:21] * Philonous joined the chat.
[07:02:48] * Tobias joined the chat.
[07:08:37] * ralphm joined the chat.
[07:13:24] * waqas left the chat.
[07:14:39] * waqas joined the chat.
[07:16:55] <> There, flipped the switch on ik.nu
[07:16:55] * edwinm left the chat.
[07:32:25] * ermine joined the chat.
[07:45:39] * kevin joined the chat.
[07:56:25] * Lance joined the chat.
[08:01:11] * edwinm joined the chat.
[08:04:42] * waqas left the chat.
[08:12:46] * KevWalke left the chat.
[08:12:56] * KevWalke joined the chat.
[08:28:16] * kevin left the chat.
[08:44:36] * KevWalke left the chat.
[08:45:19] * KevWalke joined the chat.
[08:46:44] * KevWalke left the chat.
[08:47:20] * KevWalke joined the chat.
[08:49:05] * KevWalke left the chat.
[08:49:26] * KevWalke joined the chat.
[09:11:15] * bear joined the chat.
[09:16:04] * Darlan joined the chat.
[09:31:00] * kevin joined the chat.
[09:52:35] * bear left the chat.
[10:03:30] <> Maranda: Mandate dialback? Certainly not, it will work requiring strong auth.
[10:04:47] <> And that's the switch thrown on j.org
[10:46:55] * Darlan left the chat.
[10:51:55] * 测试 joined the chat.
[10:52:07] * 测试 left the chat.
[10:55:10] <> Kev: whoo!
[10:59:10] * bblog joined the chat.
[11:00:55] * Flow joined the chat.
[11:03:57] * bblog left the chat.
[11:38:35] * aman joined the chat.
[11:51:38] * Lance left the chat.
[12:10:47] * Maranda joined the chat.
[12:18:03] <> Kev, I asked it because I noticed j.org presenting dialback but not sasl external when it receives the incoming connection
connection from my server so I supposed it could not trust my server certificate.
[12:18:16] <> Kev, I asked it because I noticed j.org presenting dialback but not sasl external when it receives the incoming connection
from my server so I supposed it could not trust my server certificate.
[12:19:04] <> and that jabberd s2s connection loop bug is causing my logs to explode ^^
[12:34:55] * ThurahT joined the chat.
[12:49:14] <> Maranda: Yes, j.org isn't trusting anyone for strong auth at the moment.
[12:50:05] <> Kev, ok.
[12:50:09] <> Maranda: But that's a deployment choice, rather than M-Link requirement
[12:52:58] <> (See http://www.isode.com/products/disa-apl.html for example of M-Link getting tested in strong-auth environments)
[12:53:04] <> I think the test is going according to plans here cept the mentioned jabberd2 issues. It tries to keep reconnecting very fast
from 1k-2k connections/s so it's rather annoying.
[12:53:29] <> Can you suggest a domain doing this? I'll have a look on j.org to see if I see anything similar.
[12:53:57] <> Kev, I mentioned it earlier.
[12:54:09] <> j.vip72.org
[12:54:16] <> So you did, ta.
[12:55:08] <> to note I decided to drop version < 1.0 streams with unsupported-version when I require s2s encryption.
[12:55:34] <> Oh, well, that's going to make it a little worse then, yes.
[12:55:47] <> I think there are still some pre-1.0 deployments out there. Although of jabberd1 rather than jabberd2, I thought.
[12:58:36] <> I don't think that domain is trying to connect to j.org at all.
[13:07:57] <> Well that seems trimming out some clunky ejabberd servers as well which don't provide the version attribute on the stream
header (one is chat.chajab.com)
[13:59:41] * dezant left the chat.
[13:59:44] * dezant joined the chat.
[14:00:28] * naw joined the chat.
[14:07:46] * Darlan joined the chat.
[14:28:50] * Neustradamus joined the chat.
[14:28:50] * Neustradamus left the chat.
[14:28:56] * Maranda joined the chat.
[14:30:14] * naw left the chat.
[14:38:13] * MattJ joined the chat.
[14:57:46] * naw joined the chat.
[15:16:04] * scippio joined the chat.
[15:18:31] * Maranda left the chat.
[15:54:39] * Maranda joined the chat.
[16:31:03] * kevin left the chat.
[16:32:20] * kevin joined the chat.
[16:52:44] * aRyo joined the chat.
[17:09:55] * Asterix joined the chat.
[17:11:04] * jcea joined the chat.
[17:11:23] * Maranda left the chat.
[17:14:58] * aRyo left the chat.
[17:14:59] * aRyo joined the chat.
[17:17:15] * aRyo left the chat.
[17:18:31] * Zash joined the chat.
[17:22:53] * aRyo joined the chat.
[17:23:14] * Darlan left the chat.
[17:23:14] * Asterix left the chat.
[17:23:30] * Asterix joined the chat.
[17:23:42] * Darlan joined the chat.
[17:24:18] * Maranda left the chat.
[17:30:07] * aRyo left the chat.
[17:31:06] * Tobias left the chat.
[17:41:02] * Darlan left the chat.
[17:52:25] * Maranda joined the chat.
[17:53:35] * Tobias joined the chat.
[17:55:14] * aman left the chat.
[17:56:13] * aman joined the chat.
[18:06:28] <> Asterix, could you run s2s:closeall"lightwitch.org" into gajim.org's telnet console if you have it loaded?
[18:07:35] * aRyo joined the chat.
[18:08:51] * waqas joined the chat.
[18:11:36] * bear joined the chat.
[18:12:28] * Darlan joined the chat.
[18:12:30] <> Asterix, seems like your server isn't opening an outgoing stream back to mine btw.
[18:24:41] <> sure
[18:25:00] <> s2s:closeall"lightwitch.org"
| OK: Closed 1 s2s session
[18:25:36] <> incoming s2s connection lightwitch.org->gajim.org complete
[18:25:46] <> Out of connection options, can't connect to lightwitch.org
[18:26:04] <> what's the network related error?
[18:26:35] <> I don't have more info in my logs
[18:26:44] <> :|
[18:27:14] <> I suppose timeout on ipv6
[18:27:33] <> and / or timeout period.
[18:27:34] <> strange, I have a working ipv6 stack on my server
[18:28:58] <> Prosody should retry on ipv4 if connecting on ipv6 fails
[18:29:37] <> I have working connection to ipv6 servers
[18:29:42] <> (since there's both an A and AAAA record)
[18:30:17] <> although no debug logs, no party. Brb need to walk the dog out.
[18:31:07] <> ok, when you're back I'll enable debug logs and we can try again
[18:35:46] * Darlan left the chat.
[18:35:46] * Asterix left the chat.
[18:36:04] * Asterix joined the chat.
[18:36:04] * Darlan joined the chat.
[18:36:17] * aman left the chat.
[18:37:01] * aman joined the chat.
[18:39:31] * KevWalke left the chat.
[18:39:31] * KevWalke joined the chat.
[18:40:13] <> Maranda: I have more info
[18:45:37] <> My bind don't like your domain ...
host lightwitch.org 127.0.0.1
Host lightwitch.org not found: 3(NXDOMAIN)
[18:59:16] * Asterix left the chat.
[19:00:03] * Asterix joined the chat.
[19:01:12] * aman left the chat.
[19:17:32] <> O_O
[19:19:33] <> ~$ dig srv @8.8.8.8 _xmpp-server._tcp.lightwitch.org +short
10 0 5269 meaveen.lightwitch.org.
[19:19:48] <> It exists, Google agrees too :O
[19:23:15] <> yes ... but my bind don't want your domain ...
[19:23:18] <> I have no idea why
[19:42:07] <> Jan 4 19:45:19 panoramix named[28910]: validating @0x7fb184019f60: lightwitch.org DNSKEY: verify failed due to bad signature
(keyid=19972): RRSIG has expired
[19:42:42] <> Stale expired RRSIG?
[19:43:00] <> Happend to a bunch of people over newyear
[19:43:15] <> My prosody wouldn't talk to xnyhps for example
[19:44:26] <> BTW if someone know why my server sent me a mail saying:
"The zone "gajim.org" is in the middle of KSK rollover. In order for rollover to continue, its keyset must be transferred
to its parent."
[19:45:00] <> You need to send them to .org
[19:45:11] <> but I didn't saw any new key generated to send to .org
[19:45:54] <> I don't know what you use
[19:46:08] <> dnssec-tools produces a dsset file
[19:46:48] <> that file contains DS records that need to be sent to the parent zone via ones registrar
[19:48:09] <> hmm
[19:48:16] <> /me runs zonesigner, brb
[19:50:15] <> Zash: I use that tuto: http://www.howtoforge.com/configuring-dnssec-on-bind9-9.7.3-on-debian-squeeze-ubuntu-11.10
[19:50:26] <> Asterix, ok resigned
[19:50:52] <> Maranda: now everything is ok
[19:52:03] <> I have those dsset files
[19:53:55] <> I have indeed a new line in it. I attache the same public key to it?
[19:54:32] <> Asterix: I don't know, you'll need to send that to your registrar somehow.
[19:54:44] <> I can send him the public key only
[19:55:08] <> My registrar has a web form for DS stuff
[19:55:16] <> mine too (gandi)
[19:56:11] <> so put stuff there, wait until all the name servers are synced and the old keys would have expired from all the caches, then
remove the old keys, ???, profit
[19:56:13] <> or something
[19:56:29] <> this is scary stuff
[19:56:37] <> the problem is that a new key has probably been generated, but I don't know where ...
[19:56:40] <> do it wrong and you stop existing
[19:57:03] * ermine left the chat.
[19:58:01] <> or maybe I need to generate new one myself?
[20:01:36] <> /me wants to move off from Network Solution.
[20:01:40] <> /me wants to move off from Network Solutions.
[20:04:12] <> Right, I can't use the automagic rollover management stuff because they don't support DANE
[20:04:42] <> I don't use DANE ...
[20:04:52] <> I'm generating new KSK using https://nsrc.org/workshops/2013/nznog-dnssec/attachment/wiki/Agenda/dnssec-bind-manual-ksk-rollover.txt
[20:05:38] <> but what isn't clear for me is that the mail I received suggest there are already new keys ...
[20:06:48] * Kev left the chat.
[20:06:54] * Kev joined the chat.
[20:06:54] <> the man of rollerd also suggest new KSK is generated automatically:
http://www.dnssec-tools.org/docs/tool-description/rollerd.html
[20:10:23] <> in the logs of rollerd I only see KSK pahse 4 and 5, not the one before
[20:21:52] <> is that supposed to work:
dig DS gajim.org?
[20:23:06] <> ~$ dig gajim.org ds @b2.org.afilias-nst.org.
;; ANSWER SECTION:
gajim.org. 86400 IN DS 16786 8 2 F7F8116BFAB9B3B3DDBD862F5753BFBDC31F763CCF6CDE5180B9D3CF 24283F5C
gajim.org. 86400 IN DS 42429 8 2 494F92A962FFD0899829D36ACD9608A9E4CA5624631DA3E543FE85C6 73D58342
gajim.org. 86400 IN DS 58254 8 2 86010DFC70D9C43A44A14F05F816B4E1043528AAF4B50B8AEFFCE1B5 6B0A279E
[20:23:49] <> ho ok ... we have to know this address to request DS?
[20:24:31] <> That's one of .org's NSes
[20:24:38] <> ok
[20:24:46] <> dig org ns
[20:37:11] * freakbyte joined the chat.
[20:37:33] * freakbyte left the chat.
[21:24:24] * Tobias left the chat.
[21:25:36] * kevin left the chat.
[21:38:39] * Zac Pappis joined the chat.
[21:38:56] <> howdy :)
[21:39:55] <> Hey
[22:00:03] * Lance joined the chat.
[22:21:56] * Tobias joined the chat.
[22:23:13] <> Oofs.
[22:23:56] <> /me wished he didn't register his domain back when there was just NetSol or almost :/.
[22:26:03] * Zac Pappis left the chat.
[22:28:00] <> No way they ever gonna do DNSSEC delegation and transferring domains off 'em takes an eon and is rather risky.
[22:32:28] <> There's something to be said about choosing TLDs because it reads nicely vs how much you trust the people who run it.
[22:38:27] * MattJ left the chat.
[22:38:29] * MattJ joined the chat.
[22:39:01] * tato joined the chat.
[22:41:16] <> I don't like "price listings to be defined" stuff.
[22:42:25] <> (Although there's to say I got robbed for 15 years straight by that monopoly surrogate remnant called NetSol)
[23:19:57] * jabberjocke joined the chat.
[23:19:57] * jabberjocke left the chat.
[23:23:27] * jabberjocke joined the chat.
[23:26:29] * jabberjocke left the chat.
[23:31:29] * jcea left the chat.
[23:34:29] * jabberjocke left the chat.
[23:35:37] <> suppose it's time to rollback the switch?
[23:35:57] <> NEVER!
[23:42:08] * Neustradamus joined the chat.
[23:42:46] * Maranda left the chat.
[23:43:11] * Maranda joined the chat.
[23:44:40] <> Can't vex my users too much with "lab tests" :D (I do that plenty enough already)
[23:44:58] * Lance left the chat.
[23:50:46] * scippio left the chat.
[23:52:04] * scippio joined the chat.
[23:53:29] * Neustradamus left the chat.