Archive

Archive for August, 2011

Strange DNS queries when Google Chrom(ium) is running

August 10th, 2011 No comments

I noticed something strange lately, when Google Chrom(ium) 12.0.742.112 (90304) on my up-to-date Ubuntu 11.04 is running, it sends in 10 seconds interval always DNS queries out similar to these:

09:28:54.892711 IP linux.home.lan.52626 > ipv4gw.home.lan.domain: 55443+ AAAA? www.google.com. (32)
09:28:54.899660 IP linux.home.lan.33455 > ipv4gw.home.lan.domain: 13122+ PTR? 1.1.168.192.in-addr.arpa. (42)
09:28:54.900955 IP ipv4gw.home.lan.domain > linux.home.lan.33455: 13122* 1/0/0 PTR ipv4gw.home.lan. (74)
09:28:54.901153 IP linux.home.lan.50369 > ipv4gw.home.lan.domain: 21436+ PTR? 229.1.168.192.in-addr.arpa. (44)
09:28:54.902997 IP ipv4gw.home.lan.domain > linux.home.lan.50369: 21436* 1/0/0 PTR linux.home.lan. (75)
09:28:54.944839 IP ipv4gw.home.lan.domain > linux.home.lan.52626: 55443 1/0/0 CNAME www.l.google.com. (52)
09:28:54.945042 IP linux.home.lan.41788 > ipv4gw.home.lan.domain: 60563+ A? www.google.com. (32)
09:28:55.003016 IP ipv4gw.home.lan.domain > linux.home.lan.41788: 60563 3/0/0 CNAME www.l.google.com., A 209.85.143.99, A 209.85.143.104 (84)

09:28:55.894074 IP linux.home.lan.52008 > ipv4gw.home.lan.domain: 29437+ AAAA? mmxavuhjug.home.lan. (40)
09:28:55.894357 IP linux.home.lan.35436 > ipv4gw.home.lan.domain: 521+ AAAA? vhskgbyarv.home.lan. (40)
09:28:55.894595 IP linux.home.lan.45136 > ipv4gw.home.lan.domain: 53766+ AAAA? ksufeyycxa.home.lan. (40)
09:28:55.895823 IP ipv4gw.home.lan.domain > linux.home.lan.52008: 29437 NXDomain 0/0/0 (40)
09:28:55.895963 IP linux.home.lan.36059 > ipv4gw.home.lan.domain: 12946+ A? mmxavuhjug.home.lan. (40)
09:28:55.897602 IP ipv4gw.home.lan.domain > linux.home.lan.35436: 521 NXDomain 0/0/0 (40)
09:28:55.897676 IP ipv4gw.home.lan.domain > linux.home.lan.45136: 53766 NXDomain 0/0/0 (40)
09:28:55.897765 IP linux.home.lan.44839 > ipv4gw.home.lan.domain: 64206+ A? ksufeyycxa.home.lan. (40)
09:28:55.897835 IP linux.home.lan.41554 > ipv4gw.home.lan.domain: 45782+ A? vhskgbyarv.home.lan. (40)
09:28:55.899852 IP ipv4gw.home.lan.domain > linux.home.lan.36059: 12946 NXDomain 0/0/0 (40)
09:28:55.899993 IP ipv4gw.home.lan.domain > linux.home.lan.44839: 64206 NXDomain 0/0/0 (40)
09:28:55.900277 IP linux.home.lan.37840 > ipv4gw.home.lan.domain: 24605+ AAAA? ksufeyycxa.home.lan. (40)
09:28:55.900530 IP linux.home.lan.38511 > ipv4gw.home.lan.domain: 59521+ AAAA? mmxavuhjug.home.lan. (40)
09:28:55.902077 IP ipv4gw.home.lan.domain > linux.home.lan.41554: 45782 NXDomain 0/0/0 (40)
09:28:55.902148 IP ipv4gw.home.lan.domain > linux.home.lan.37840: 24605 NXDomain 0/0/0 (40)
09:28:55.902503 IP linux.home.lan.36729 > ipv4gw.home.lan.domain: 26133+ AAAA? vhskgbyarv.home.lan. (40)
09:28:55.902630 IP linux.home.lan.37400 > ipv4gw.home.lan.domain: 39639+ A? ksufeyycxa.home.lan. (40)
09:28:55.904271 IP ipv4gw.home.lan.domain > linux.home.lan.38511: 59521 NXDomain 0/0/0 (40)
09:28:55.904344 IP ipv4gw.home.lan.domain > linux.home.lan.36729: 26133 NXDomain 0/0/0 (40)
09:28:55.904469 IP linux.home.lan.38786 > ipv4gw.home.lan.domain: 4130+ A? mmxavuhjug.home.lan. (40)
09:28:55.904570 IP linux.home.lan.42703 > ipv4gw.home.lan.domain: 52825+ A? vhskgbyarv.home.lan. (40)
09:28:55.906403 IP ipv4gw.home.lan.domain > linux.home.lan.37400: 39639 NXDomain 0/0/0 (40)
09:28:55.906547 IP ipv4gw.home.lan.domain > linux.home.lan.38786: 4130 NXDomain 0/0/0 (40)
09:28:55.907959 IP ipv4gw.home.lan.domain > linux.home.lan.42703: 52825 NXDomain 0/0/0 (40)

I had a play what is causing this, and I figured that it is definitely Chrome. I closed down all the tabs, and it was still happening. The queries are always different, they never repeat themselves. I wonder what would happen if one of these resolves to an actual internal IP….

Categories: Security Tags:

How do I test my IPv6 capable mailserver?

August 9th, 2011 No comments

Just a quick tip: You have Postfix running and want to enable IPv6 for your email as well? After quite some playing around I finally got it right:

inet_interfaces = 127.0.0.1, 94.229.77.82, 2a01:348:6:315::2, ::1
inet_protocols = ipv4, ipv6

This makes Postfix listen only where you actually need it to – I dont like daemons listening on interfaces where they are not serving any requests.

How do I test IPv6 enabled mail?

Just go to here and off you go. Dont forget to put a fancy text in there what you can show off with… *g

Categories: IPv6 Tags:

Nginx, PHP-FPM and APC – and your server will love you

August 9th, 2011 No comments

I have to admit, I really loved Apache with ModSecurity (with the CoreRuleSet), it gave me “peace at night”. But then I noticed that this actually eats quite a lots of memory… and as a heavy TinyTinyRSS user I noticed that TTRSS  is sometimes quite sluggish loading articles. So I had another look on Nginx again. I did have a look at it in the past, but I gave up on it, as the provided version from Debian Lenny didnt support IPv6, the version for Squeeze does though.

So initially I installed Nginx with PHP-FASTCGI. It was good, fast, memory problems were sorted. The sluggishness with TTRSS was solved as well. (Now after some weeks running it, I still notice “phew, memory isnt used at all, how does this work actually?”.)

(Preface: I wont be posting configuration details on here, just my experience and some pointers. I dont like repetition and with the search engine of your choice speckled with some common “sysadmin sense”, you will find what you need.)

I already found some hints that PHP-FPM is much better than PHP-FASTCGI. (I was surprised that this was not good enough.) And so I came recently across dotdeb.org (again), which gives you the ability

  1. to install a more recent Nginx than Debian Squeeze one
  2. Update PHP to 5.3.6
  3. install PHP-FPM

which is even better. I also enabled APC as an PHP opcode cache which helps further (I actually configured the latter one that it does write a logfile (I still want to know when something goes wrong), but the actual service is not restarted, just the new logfile is opened. You can do this by sending SIGUSR1 to the php5-fpm master process. This doesnt empty the cache. At the time of writing I have 473362 Hits vs. 656 Misses (99.9% / 0.1%), I wonder when I have 100%.).

Tests and results

If I did some tests to show you some fancy numbers which prove that this is faster? I am sorry, but I have to disappoint you.

I can give you some hard facts:

  1. The system never ran out of memory  with Nginx and it is now running for maybe 5+ weeks.
  2. The sluggishness with TTRSS (ie. browsing quickly through different RSS articles is much faster, as TTRSS is loading everytime the article and if I did this fast enough, TTRSS was locked up for some time, as Apache didnt deliver the actual article fast enough). On a subjective note: it is definitely faster.

I am happy with my choice. Anything on the internet should be kept up2date anyway – despite the fact you are running ModSec.

And it is faster and uses less memory – what more does a sysadmin want?

PS: I forgot: Next step is enabling the Caching plugin in Nginx this should speed it up even further. When you are serving a lots of static objects, like pictures, Varnish is your friend and very easy to configure.

Post-PS: WordPress optimizations are the next thing! CDN – here I come!

Categories: New technology Tags: