Safari/Firefox “Site not found” errors

Numerous people have posted to the Apple discussion board regarding “site not found” errors, and web browsers requiring two attempts to load a page:

http://discussions.info.apple.com/webx?14@101.TyczaANxCsQ.1@.689ef4f7

This was REALLY annoying me, so I started doing some digging to see what was wrong. When I broke out tcpdump, I noticed that OS X was sending AAAA record ( these are the IPv6 equivalent to an IPv4 A record ) requests to my DNS server:

$ sudo tcpdump -i en1 -vvvv -n -e port 53

[ … ]

08:51:49.710240 00:0d:93:83:1d:73 > 00:03:ba:05:9d:9f, ethertype IPv4 (0x0800), length 73: IP (tos 0x0, ttl 64, id 29629, offset 0, flags [none], length: 59) 192.168.1.8.49428 > 192.168.1.1.53: [udp sum ok] 20324+ AAAA? www.apple.com. (31)

08:51:49.712412 00:03:ba:05:9d:9f > 00:0d:93:83:1d:73, ethertype IPv4 (0x0800), length 171: IP (tos 0x0, ttl 64, id 20532, offset 0, flags [none], length: 157) 192.168.1.1.53 > 192.168.1.8.49428: 20324 q: AAAA? www.apple.com. 1/1/0 www.apple.com. CNAME[|domain]

Now, why Safari is causing the name resolution libraries to query “www.apple.com” when I visit www.cnn.com is beyond me ( I will have to do some more digging). Since I am on a pure IPv4 network, I tried disabling IPv6 in the network preferences tab to see if it would stop sending AAAA record requests. This was not the case, and I still had trouble loading pages. While reviewing the latest errata on the OpenBSD errata page:

http://www.openbsd.org/errata35.html

I came across the following:

“BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unneccessary timeouts and thus slow DNS queries.”

Well hot dog, this seems to align with what I was seeing and experiencing!!!! I applied the patch to my OpenBSD name server, restarted named, and the problem seems to be fixed. Several of the folks on the discussion board also mentioned hard coding the DNS servers, which may or may not fix the issue ( if this is a BIND specific issue, then your ISP will need to patch their servers). Once I get some additional time, I will check to see if this is BIND or OpenBSD specific. Stay tuned!

Checking for OpenLDAP unindexed searches

I was checking my openldap logfiles today, and noticed that the “cn” attribute wasn’t indexed. I found this by checking for the “index_param” string in my OpenLDAP logfiles:

$ grep “index_param failed” /var/log/openldap

Dec 25 13:37:19 winnie slapd[730]: [ID 635189 local4.debug] < = bdb_substring_candidates: (cn) index_param failed (18) To fix this problem, I added an "index" statement to my slapd.conf: index cn,mail,sn eq,pres,sub Once the index was added, I rebuilt the indexes with the "slapdindex" utility: $ slapindex -f /usr/local/openldap-common/etc/slapd.conf -b “dc=synackfin,dc=com”

The OpenLDAP documentation has more info in case your interested in learning more:

http://www.openldap.org/doc/admin22/

Bash arrays

I have been trying to get a better grasp of some advanced bash concepts, and have been reading through the following reference manual:

http://www.tldp.org/LDP/abs/html/

I am pretty familiar with C and perl arrays, but have never had a need to use arrays in a bash script. The syntax for a bash array is almost identical to Perl:

array[1]=12
echo ${array[1]}

This assigns the value 12 to the first slot in the array. Since bash variables are untyped, we can assign a string to the same array:

array[2]=”my string”
echo ${array[2]}

This assigns the string “my string” to slot two in the array. Useful stuff!

Solaris Entropy statistics

I exchanged an email or two with Andy Tucker regarding Solaris 9 entropy pools, and found out that entropy statistics are available through mdb’s (modular debugger) “rnd_stats” dcmd:

$ uname -a
SunOS winnie 5.9 Generic_117171-14 sun4u sparc SUNW,Ultra-5_10

$ mdb -k

Loading modules: [ unix krtld genunix ip lofs nfs random ptm ]

> ::rnd_stats
Random number generator statistics:
    8192 bits of entropy estimate
       0 bytes generated for /dev/random
 5998456 bytes generated for /dev/urandom
 2277764 bits of entropy added to the pool
   94006 bits of entropy extracted from the pool
 4849216 bytes added to the random pool
     240 bytes extracted from the random pool

With Solaris 10, you can use the “swrand_stats” and “rnd_stats” dcmds to get entropy statistics:

$ uname -a
SunOS sparky 5.10 s10_69 i86pc i386 i86pc

$ mdb -k

Loading modules: [ unix krtld genunix specfs dtrace ufs ip sctp uhci usba nca random lofs sppp nfs crypto ptm ]

> ::swrand_stats                      
Software-based Random number generator statistics:
    8192 bits of entropy estimate
  861095 bits of entropy added to the pool
    8480 bits of entropy extracted from the pool
 2318888 bytes added to the random pool
    1060 bytes extracted from the random pool

> ::rnd_stats
Random number device statistics:
       0 bytes generated for /dev/random
       0 bytes read from /dev/random cache
      36 bytes generated for /dev/urandom

I wish there was a way to tell if an application blocked because of a depleted pool in Solaris 9 ( dtrace may solve this problem in Solaris 10).