Sysop: | Amessyroom |
---|---|
Location: | Fayetteville, NC |
Users: | 21 |
Nodes: | 6 (0 / 6) |
Uptime: | 31:58:29 |
Calls: | 139 |
Files: | 91 |
Messages: | 42,750 |
On Fri, Aug 2, 2024 at 7:29 PM Dan Ritter wrote:
I do. If you assign an IP and a DNS name to the IP, all the
network printers I am aware of will work just fine. (They don't
care about the DNS name, either, but it's more convenient if you
don't want to remember the IP.)
Yep, a static IP address is assigned via DHCP and the name exists in
DNS. Now what?
if it's not obvious, I know appx. zip about linux administration, so
hints about what to do after assigning a name and address would be appreciated.
Back before IANA's recent explosion in TLDs - when all you really had was
.com, .org, .net and a bunch of country-specific TLDs
- there was a healthy business in alternative DNS roots (altroots).
On Sat, Aug 3, 2024 at 2:55 AM Jeffrey Walton wrote:
On Fri, Aug 2, 2024 at 5:13 PM Lee wrote:
Yes.
On Thu, Aug 1, 2024 at 10:40 PM Jeffrey Walton wrote:
I personally remove mDNS and Bonjour from my machines. mDNS is not the >>>> source of truth on my networks. Rather, DNS is the source of truth in
my networks ...
Do you have any network printers? That work without having mDNS enabled? >>
I enable SLP, LPD and IPP only. I use CUPS Postscript drivers. And I
believe I use PCL-5, and not PCL-6.
I disable AirPrint, Bonjour, WS-Discovery, WS-Print, Telnet printing,
TFTP printing and 9100-Printing.
Oh my goodness!! I install Debian and printing Just Works.
I know it's got something to do with mDNS because printing didn't work
for me with mDNS disabled, but... that's a lot of enabling and
disabling that you do. What does all that get you?
uh oh ..
"It would be as well to check whether any functioning print queues
have been automatically installed by cups-browsed prior to a manual
setup. This can be done with
lpstat -a"
$ lpstat -a
Canon_MG3600_series accepting requests since Sat Aug 3 00:00:28 2024 HP_ENVY_5540_series_20A070_ accepting requests since Sat Aug 3 00:00:28 2024
I'd have to go back to an /etc/nsswitch.conf with
hosts: files dns
and then manually configure the print queues. Correct?
and use either
the web interface on port 631 or system-config-printer in a GUI
to set up your printer. If it's recent, it can probably use the
ipp driver; if it is middle-aged, it can probably be used via
the port 9100 lp system.
Thanks for the info. I'm not sure that manual configuration is all
that much better than the automatic stuff tho.. it seems like if
someone can get on my network and respond to mDNS queries I've got
worse problems than them impersonating a printer.
Am I missing something or does manually configuring printer queues
just remove my print queue dependency on avahi / mDNS?
I can see not wanting mDNS in a work environment, but at home?? I
don't see how it improves my security all that much.
Lee wrote:
On Thu, Aug 1, 2024 at 10:40 PM Jeffrey Walton wrote:
I personally remove mDNS and Bonjour from my machines. mDNS is not the source of truth on my networks. Rather, DNS is the source of truth in
my networks ...
Do you have any network printers? That work without having mDNS enabled?
I do. If you assign an IP and a DNS name to the IP, all the
network printers I am aware of will work just fine. (They don't
care about the DNS name, either, but it's more convenient if you
don't want to remember the IP.)
my nsswitch.conf is "hosts: files mdns4_minimal [NOTFOUND=return] dns"
i don't remenber changing it in the past few decades
i recently had a situation that made me question the ordering
my dns server is my primary router
should dns be first
On Thu, Aug 01, 2024 at 14:30:05 +0000, fxkl47BF@protonmail.com wrote:
my nsswitch.conf is "hosts: files mdns4_minimal [NOTFOUND=return] dns"
i don't remenber changing it in the past few decades
i recently had a situation that made me question the ordering
my dns server is my primary router
should dns be first
It would be *extremely* unusual to want to consult DNS before /etc/hosts.
I recommend leaving files first unless you have a *really* good reason
to switch them.
I have no comment on mdns4_minimal because I don't really know what that
is.
On Thu, Aug 01, 2024 at 14:30:05 +0000, fxkl47BF@protonmail.com wrote:
my nsswitch.conf is "hosts: files mdns4_minimal [NOTFOUND=return] dns"
i don't remenber changing it in the past few decades
i recently had a situation that made me question the ordering
my dns server is my primary router
should dns be first
It would be *extremely* unusual to want to consult DNS before /etc/hosts.
I recommend leaving files first unless you have a *really* good reason
to switch them.
I have no comment on mdns4_minimal because I don't really know what that
is.
i have mysql on host1
i created a user for mysql so i could have access from 192.168.1.%
that works fine
on host2 i use "mysql -u user1 -p --host=host1" and it works
if on host1 i use "mysql -u user1 -p --host=host1" it fails
ERROR 1045 (28000): Access denied for user 'user1'@'localhost' (using password: YES)
in /etc/hosts i have "127.0.1.1 host1.my-network host1"
if i comment this line out, accessing mysql from host1 works
i created a user for mysql so i could have access from 192.168.1.%
that works fine
ERROR 1045 (28000): Access denied for user 'user1'@'localhost' (using password: YES)
in /etc/hosts i have "127.0.1.1 host1.my-network host1"
if i comment this line out, accessing mysql from host1 works
On Thu, Aug 01, 2024 at 14:47:49 +0000, fxkl47BF@protonmail.com wrote:
i have mysql on host1
i created a user for mysql so i could have access from 192.168.1.%
that works fine
on host2 i use "mysql -u user1 -p --host=host1" and it works
if on host1 i use "mysql -u user1 -p --host=host1" it fails
ERROR 1045 (28000): Access denied for user 'user1'@'localhost' (using password: YES)
in /etc/hosts i have "127.0.1.1 host1.my-network host1"
if i comment this line out, accessing mysql from host1 works
Take one more step back:
Do you have a local area network, with two or more hosts on it, and does
each of those hosts have an assigned IP address?
I.e. is host1 *always* 192.168.1.5?
If that's the case, then the correct fix is to change the 127.0.1.1 line, replacing 127.0.1.1 with the assigned IP address (192.168.1.5 or whatever
it is).
The 127.0.1.1 is a fallback for systems where the IP address isn't fixed.
It guarantees that your system will be able to look up its own hostname
and get *some* kind of working IP address. But if you have a fixed IP address, you should use that instead.
If your hosts are getting their IP addresses by DHCP, and you'd like them
to get the same address every time so that you *can* make this change to
your /etc/hosts files, then you'll want to tell your DHCP server to assign
a fixed IP address to each MAC address.
On Thu 01 Aug 2024 at 10:32:27 (-0400), Greg Wooledge wrote:
On Thu, Aug 01, 2024 at 14:30:05 +0000, fxkl47BF@protonmail.com wrote:
my nsswitch.conf is "hosts: files mdns4_minimal [NOTFOUND=return] dns"
i don't remenber changing it in the past few decades
i recently had a situation that made me question the ordering
my dns server is my primary router
should dns be first
It would be *extremely* unusual to want to consult DNS before /etc/hosts.
I recommend leaving files first unless you have a *really* good reason
to switch them.
I have no comment on mdns4_minimal because I don't really know what that is.
AIUI mdns4_minimal is for devices that configure themselves using
multicast DNS on .local. If you put dns first, then the names of any
.local devices will be leaked out of your LAN and on to the Internet's
DNS servers. [NOTFOUND=return] is what prevent that happening IF you
leave the order alone.
(BTW don't use .local for your LAN domain name.)
Cheers,
David.
On Thu, Aug 1, 2024 at 7:41 PM George at Clug wrote:
On Friday, 02-08-2024 at 00:48 David Wright wrote:
On Thu 01 Aug 2024 at 10:32:27 (-0400), Greg Wooledge wrote:
On Thu, Aug 01, 2024 at 14:30:05 +0000, fxkl47BF@protonmail.com wrote:
my nsswitch.conf is "hosts: files mdns4_minimal [NOTFOUND=return] dns"
i don't remenber changing it in the past few decades
i recently had a situation that made me question the ordering
my dns server is my primary router
should dns be first
It would be *extremely* unusual to want to consult DNS before /etc/hosts.
I recommend leaving files first unless you have a *really* good reason to switch them.
I have no comment on mdns4_minimal because I don't really know what that
is.
AIUI mdns4_minimal is for devices that configure themselves using multicast DNS on .local. If you put dns first, then the names of any .local devices will be leaked out of your LAN and on to the Internet's DNS servers. [NOTFOUND=return] is what prevent that happening IF you leave the order alone.
(BTW don't use .local for your LAN domain name.)
Why is that? (recently I was starting to believe I should stop using the domain names I had chosen, and start using (what I thought was) the standard of .local)
Because .local is used for names that can be resolved by multicast
DNS. See the wikipedia article
https://en.wikipedia.org/wiki/.local
Is it your personal preference, or a technical necessity?
to quote from wikipedia
Linux distributions use the Name Service Switch configuration file /etc/nsswitch.conf[9] in which mDNS name resolution was
added via the mdns4_minimal plugin to nsswitch. In this
configuration, where mdns4_minimal precedes the standard dns option,
which uses /etc/resolv.conf, the mDNS resolution will block
subsequent DNS resolution on the local network.
What is best practice for a local LAN prefix? (I have never found conclusive instruction).
home.arpa
see https://www.rfc-editor.org/rfc/rfc8375.html
It is my belief that .local is a MS idea originating from the configuration of their servers. Is this correct?
again, quoting from the .local wikipedia article
Microsoft TechNet article 708159[7] suggested .local ...
but later recommended against it
Regards,
Lee
On Friday, 02-08-2024 at 00:48 David Wright wrote:
On Thu 01 Aug 2024 at 10:32:27 (-0400), Greg Wooledge wrote:
On Thu, Aug 01, 2024 at 14:30:05 +0000, fxkl47BF@protonmail.com wrote:
my nsswitch.conf is "hosts: files mdns4_minimal [NOTFOUND=return] dns" i don't remenber changing it in the past few decades
i recently had a situation that made me question the ordering
my dns server is my primary router
should dns be first
It would be *extremely* unusual to want to consult DNS before /etc/hosts. I recommend leaving files first unless you have a *really* good reason
to switch them.
I have no comment on mdns4_minimal because I don't really know what that is.
AIUI mdns4_minimal is for devices that configure themselves using
multicast DNS on .local. If you put dns first, then the names of any
.local devices will be leaked out of your LAN and on to the Internet's
DNS servers. [NOTFOUND=return] is what prevent that happening IF you
leave the order alone.
(BTW don't use .local for your LAN domain name.)
Why is that? (recently I was starting to believe I should stop using the domain names I had chosen, and start using (what I thought was) the standard of .local)
Is it your personal preference, or a technical necessity?
What is best practice for a local LAN prefix? (I have never found conclusive instruction).
It is my belief that .local is a MS idea originating from the configuration of their servers. Is this correct?
Do you know if there is a good place to post Bind9 DNS server configuration questions to?
I desire to set up an isolated-from-the-Internet environment to test DMARC and DNSSEC protected email systems, hence I want to replicate the Internet's DNS system, or to put it, configure a TLD nameservers for Chain of Trust in my Isolated network thatis not able to reach the ICANN's real TLD nameservers.
https://www.cloudflare.com/en-au/learning/dns/dns-records/dns-dmarc-record/ Domain-based Message Authentication Reporting and Conformance (DMARC) is a method of authenticating email messages. A DMARC policy tells a receiving email server what to do after checking a domain's Sender Policy Framework (SPF) and DomainKeysIdentified Mail (DKIM) records, which are additional email authentication methods.
On Thu, Aug 1, 2024 at 9:45 PM George at Clug <Clug@goproject.info> wrote:
On Friday, 02-08-2024 at 00:48 David Wright wrote:
On Thu 01 Aug 2024 at 10:32:27 (-0400), Greg Wooledge wrote:
[...]
I have no comment on mdns4_minimal because I don't really know what that >>>> is.
AIUI mdns4_minimal is for devices that configure themselves using
multicast DNS on .local. If you put dns first, then the names of any
.local devices will be leaked out of your LAN and on to the Internet's
DNS servers. [NOTFOUND=return] is what prevent that happening IF you
leave the order alone.
(BTW don't use .local for your LAN domain name.)
Why is that? (recently I was starting to believe I should stop using the domain names I had chosen, and start using (what I thought was) the standard of .local)
Is it your personal preference, or a technical necessity?
What is best practice for a local LAN prefix? (I have never found conclusive instruction).
It is my belief that .local is a MS idea originating from the configuration of their servers. Is this correct?
.local is a multicast DNS (mDNS) thing. See <https://www.rfc-editor.org/rfc/rfc6762.html> and <https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml>.
I personally remove mDNS and Bonjour from my machines. mDNS is not the
source of truth on my networks. Rather, DNS is the source of truth in
my networks, ao I use home.arpa from RFC 8375, <https://www.rfc-editor.org/rfc/rfc8375.html>.
Jeff
.
ISP's dns. I suppose eventually they'll issue
.den and I be forced to pick some other 3 letter name for my local domain.
On Fri, Aug 02, 2024 at 10:29:40 -0400, gene heskett wrote:I already have a paid for, legally registered domainname, Greg. Not
ISP's dns. I suppose eventually they'll issue
.den and I be forced to pick some other 3 letter name for my local domain.
https://www.hostzealot.com/domains/den
.
On Fri, Aug 02, 2024 at 10:29:40 -0400, gene heskett wrote:
ISP's dns. I suppose eventually they'll issue
.den and I be forced to pick some other 3 letter name for my local domain.
https://www.hostzealot.com/domains/den
Hi,
On Fri, Aug 02, 2024 at 10:39:46AM -0400, Greg Wooledge wrote:
On Fri, Aug 02, 2024 at 10:29:40 -0400, gene heskett wrote:
ISP's dns. I suppose eventually they'll issuehttps://www.hostzealot.com/domains/den
.den and I be forced to pick some other 3 letter name for my local domain. >>
Weird - that TLD has not yet been delegated by IANA so I don't get
how they are selling it. Perhaps I have missed something.
https://www.iana.org/domains/root/db
Still, your point does remain that it could be delegated at some
point. There is a new set of proposals being entertained right now
for new TLDs so there will be some pointless new ones soon.
Gene';s reply to you misses your point so if/when it does happen
that .den is delegated I'm sure he will miss the point again anyway.
Thanks,
Andy
What is best practice for a local LAN prefix? (I have never found conclusive instruction).
home.arpa
see https://www.rfc-editor.org/rfc/rfc8375.html
A fairly straight forward statement in this RFC, just not sure if I could get used to using .arpa as a suffix. But seems like a great choice?
It is my belief that .local is a MS idea originating from the configuration of their servers. Is this correct?
again, quoting from the .local wikipedia article
Microsoft TechNet article 708159[7] suggested .local ...
but later recommended against it
https://en.wikipedia.org/wiki/.local
If you have *Macintosh client computers* that are running the Macintosh OS X version 10.3 operating system or later, ... it is recommended that you do not use the .local label for the full DNS name of your internal domain.
On Thu, Aug 1, 2024 at 7:41 PM George at Clug wrote:
home.arpa
see https://www.rfc-editor.org/rfc/rfc8375.html
A fairly straight forward statement in this RFC, just not sure if
I could get used to using .arpa as a suffix. But seems like a
great choice?
On 8/2/24 12:09, Andy Smith wrote:
Gene';s reply to you misses your point so if/when it does happen
that .den is delegated I'm sure he will miss the point again anyway.
Thanks for the no-confidence vote Andy.
On Thu, Aug 1, 2024 at 10:40 PM Jeffrey Walton wrote:
I personally remove mDNS and Bonjour from my machines. mDNS is not the source of truth on my networks. Rather, DNS is the source of truth in
my networks ...
Do you have any network printers? That work without having mDNS enabled?
On Fri, Aug 2, 2024 at 10:35 PM Lee <ler762@gmail.com> wrote:
On Fri, Aug 2, 2024 at 7:29 PM Dan Ritter wrote:
Lee wrote:
On Thu, Aug 1, 2024 at 10:40 PM Jeffrey Walton wrote:
I personally remove mDNS and Bonjour from my machines. mDNS is not the
source of truth on my networks. Rather, DNS is the source of truth in my networks ...
Do you have any network printers? That work without having mDNS enabled?
I do. If you assign an IP and a DNS name to the IP, all the
network printers I am aware of will work just fine. (They don't
care about the DNS name, either, but it's more convenient if you
don't want to remember the IP.)
Yep, a static IP address is assigned via DHCP and the name exists in
DNS. Now what?
if it's not obvious, I know appx. zip about linux administration, so
hints about what to do after assigning a name and address would be appreciated.
As far as DNS goes, the only hosts that require a static IP address
are your DNS servers. Just about everything else can get an address
from DHCP, including file servers, mail servers and print servers.
When I was an admin at the Social Security Administration, the SSA ran
in that configuration. SSA had about 120,000 hosts on the network at
the time, and the agency had no problems in the configuration. They
used a private Class A network with 10.*.*.* addresses. I think SSA
also used static IP addresses for gateways, but I can't recall for
certain. And gateways were always .1 or .2 by convention on the
network segment.
At the time, I _think_ SSA had the second-largest network in the world
- only IBM was larger. SSA also used a token ring network up until
about 2001 or 2002. The agency did not cutover to ethernet until about
2002 or 2003.
If you are interested in some good reading on Unix & Linux networking,
then pick up a copy of W. Richard Stevens' TCP/IP Illustrated, Volume
I: The Protocols (<https://www.amazon.com/dp/0201633469>). It is a
great book to learn from. Stevens gives you plenty of command line
examples to demonstrate concepts.
Jeff