An exciting aspect about teaching is “what questions will I get today?”, and I wasn’t disappointed when a student asked:

Why was a dot chosen to separate labels in presentation for DNS names?

I mumble something about it being neater than a ‘#’ and less strange than a ‘$’ and that it’s easy to type on a US keyboard, but I really don’t know and say so. I put it aside and later looked through RFC 1034 and RFC 1035 and didn’t find an answer, so I asked on the Fediverse, and got a lot of feedback.

I’ve had bad experience linking to social media accounts, so I’m going to refer to contributors by their first names; you’ll know who you are.

First off, Hans suggested it might be something about connecting the dots; cute, but ‘no’. ;)

Ed refers to dots used in hostnames, and indeed, old host.txt files from 1988 contain names with dots, and Paul H. adds that this 1985 hosts.txt is the first to use dots.

...
HOST : 18.27.0.23 : MIT-DAFFY-DUCK.ARPA,MIT-DAFFY-DUCK,DAFFY-DUCK,DAFFY : SYMBOLICS-3600 : LISPM : TCP/TELNET,TCP/FTP,TCP/SMTP,TCP/TIME,TCP/FINGER,UDP/TIME,UDP/TFTP,UDP/FINGER :
HOST : 18.10.0.24 : MIT-NMS.ARPA,MIT-NMS,NMS : PDP-11 : NMS ::
...

The plot thickens.

Jeroen suggests contacting Paul Mockapetris who is well known as the person who invented the DNS (with others), and links him to the Mastodon thread. At least we got Paul to create an account there, though I’ve not otherwise heard back from the gentleman.

Martin points out that the 1983 RFC 881 already accepts the dot as given and likewise assumes a mundane reason based on keyboard layouts. I laugh when he rightly points out that the name of the file hosts.txt also contains a dot.

Florian brings on a comparison to quad dotted decimal IP addresses, and looking back it seems that the 1981 RFC 780 (Mail Transfer Protocol), might be the first mention with

Another form is four small decimal integers separated by dots and enclosed by brackets, e.g., “[123.255.37.321]”, which indicates a 32 bit ARPA Internet Address in four eight bit fields.

Paul W. has a good point when he says

we use it between sentences. It’s small, and clear and visually presents a good divider and commonly in use already

And finally I ask a medium which is omnipresent in today’s world and get the following response which sounds good but sadly lacks in naming sources for its answers, as it always does:

When DNS was first developed in the early 1980s, designers of the system had to choose a character to serve as the separator. The dot was chosen because it is a simple, non-alphanumeric character that wasn’t typically used in regular hostnames or labels themselves.

Additionally, dots are easy to read and visually distinct, making domain names easy to parse by both humans and machines.

Some of you might recall a similar question nine years ago, when we researched why the comment character in a DNS zone master file is a semicolon.

Via Hugo I saw a question on whether anybody had an example of DNSviz rendering a revoked KSK, and that tickled my fancy, as I’d not actually seen one on that marvelous platform.

As I have a local copy of dnsviz running here, I thought I’d quickly set it up by creating a zone with a CSK and a revoked CSK (note the keytag/keyId changes when revoking a KSK).

$ dnssec-keygen -a13 -fk xexample.aa
Generating key pair.
Kxexample.aa.+013+06060
$ dnssec-revoke Kxexample.aa.+013+06060.
Kxexample.aa.+013+06188

I signed the zone, loaded it into a BIND name server (the brand is not relevant), and configured dnsviz to probe and graph the zone.

$ z=xexample.aa
$ dnsviz probe -A \
        -x aa+:mini.aa=127.0.0.2:53 \
        --pretty-output \
        -o $z.json \
        $z
Analyzing aa (stub)
Analyzing xexample.aa

$ dnsviz graph -r $z.json -T html -O --rr-types NS --rr-types SOA

The result is pretty much what I expected

although I had hoped the colour of a revoked key would be different so as to quickly identify it without hovering over it. :)

It’s hard to put into words how much I appreciate the work people invested into DNSviz.

Sunday afternoons is when I run my Ansible playbooks to set up the training environment for students on Monday, and I’m hard-pressed to recall an occasion when something didn’t run smoothly. Sometimes something’s changed in Ansible, but for a long time now I keep a version of Ansible I’m happy with so that that doesn’t occur.

Usually it’s something which has changed upstream, and that’s what happened today, two months after the last training.

After running my setup, I also ensure that the solutions to labs I give students will work. One of the labs is called airports.yml: it configures a machine with a thttpd server, sets up a cron job, and installs a program. Let me show you what the lab looks like when students have managed to create the playbook and run it successfully.

The dashboard shows one of many airports from a program they install; students run the program from cron which causes a different random airport to be used. The idea is that they set up a complete “application” with package installs, system settings, files, etc. It’s not horribly difficult and most are able to complete the lab within an hour or ninety minutes, but there are some challenges. Anyway, that’s all beside the point.

So, first surprise moments ago when testing the lab: the base image I’m using no longer comes with cron or crontab. It’s a Rocky Linux install and I now have to install a package called cronie and enable and start a service called crond. I’m probably at fault for this surprise, as I changed the base of this image to Rocky mid June and wrongly assumed it would contain the same packages at the predecessor.

What hurts me most is that thttpd is no longer found in Epel. I’ve not the time to rewrite my labs and test everything by tomorrow, so we’re going to wing this: I’m going to have students use Ansible adhoc commands to install a thttpd Fedora RPM. I’ll sell it as “so we learn adhoc commands”. ;-)

I know I get what I pay for with Linux, but I thought I’d vent anyway. And no, I don’t really feel better.

Microsoft, in their infinite wisdom, decided to not address the topic of how plain text is formatted in incoming or outgoing mails or any other of the dozens of errors in the program. Instead they’ve added a “like”-type button to emails with which I can add a reaction to a received email.

Adding one of these idiotic reactions causes Outlook to send an email back to the original sender with the reaction. So, in a case where I clicked on “laugh”, the email I got back looked like this:

From: "Jolie, Jane" <xxx>
Date: Tue, 9 Jul 2024 08:20:21 +0000
To: Jan-Piet Mens <yyy>
Subject: RE: Test msreactions

[laugh]         Jolie, Jane reacted to your message:
________________________________
From: Jan-Piet Mens <yyy>
Sent: Monday, July 8, 2024 7:19:12 AM
To: Jolie, Jane <xxx>
Subject: Test msreactions

lorem ipsum dolor

I recently learned (can’t find the source) that if I add a header to my outgoing mails, Outlook won’t send the reaction mails.

Henceforth, my .muttrc contains

my_hdr x-ms-reactions: disallow

Can we now PLEASE get back to adding only useful features to software? Thanks.

It’s close on a quarter century that I worked for a company which had deployed a humongous issue-and-everything tracking system employees detested using. I can’t remember the name of the product, but the vendor’s name had the letters ‘P’ and ‘H’ in it. I worked with a team which flat-out refused to use the product, so I went in search of something we wouldn’t hate too much.

I found mantis, at the time a relatively simple tool, and it worked with Apache and PHP which we had an abundance of so we gave it a try. It’s almost needless to say that the whole company abandoned the awful tool and settled on the much simpler mantis within just a few months. It had its issues (pun not necessarily intended), but it worked.

One thing I’ve always thought missing in the combination of monitoring software and issue trackers is to be able to have a system which raises an issue and adds information about what that system actually is and how to operate it. Say I’m monitoring a Web server and the monitoring system detects an anomaly, it should open an issue and say what the current situation is. Simultaneously, though, I want it to log what a possible resolution is, for instance in it sending along a link to the documentation, etc.

That was one of the modifications I applied at the time to our Nagios installation. When it detected an anomaly, it used the combination of host / service (IIRC) to pick up a text file, the content of which it added to the ticket it created in mantis.

This is something I do even today. I try to automate when it seems reasonable to me to do so, but there are still tasks which I schedule to run from cron. These then send me an email to which I must react.

One example is issuance of a Let’s Encrypt TLS certificate which I run locally using ACME dns-01 challenge. When the certificate for the remote server is issued I get an email with an attachment:

From: ACME Lego <jp>
Date: Fri, 05 Jul 2024 07:46:04 +0200
Subject: ACME renewal for *.example.com

Certificate for *.example.com renewed and attached. Run

     to acme-example-wild; make push

If doing this manually, SFTP to bla and

put *.example.com.crt dump/
chmod 644 dump/*.crt

It’s primitive, but it helps me: I don’t have to try remembering what to do when I get the email, as the instructions are right there for copy/pasting. And should I have to delegate this at some point the instructions for the next person are right there, every 60 days.

Could I automate this? Yes, I could, but in this particular case it’s not worth my while, and I want to know when it happened anyway, i.e. I want the email notification.