tech stuff.

Posts Tagged ‘Ubuntu

Ubuntu, systemd-resolver and DVE-2018-0001

leave a comment »

I noticed that systemd is spamming syslog with:

Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

DVE-2018-0001 is a workaround for some captive portals that respond to DNSSEC queries with NXDOMAIN. systemd-resolver in Ubuntu retries every one of these NXDOMAIN responses without EDNS0.

In practice this means one syslog entry every time a domain isn’t resolvable. This is surprising, so I dug further.

Ubuntu pulled in a PR to systemd implementing DVE-2018-0001 in systemd-resolved. It’s not configurable, except that it’s not attempted in DNSSEC strict mode.

As an aside, I feel like Ubuntu integrating unmerged upstream patches isn’t fair to systemd. I incorrectly assumed that it was systemd that was introducing these spammy log messages. Maybe they will eventually, but they haven’t yet.

I’m pretty sure it’s a terrible idea, but I enabled DNSSEC strict mode by setting DNSSEC=yes in /etc/systemd/resolved.conf. I’ll have to try to remember I did this in a few days when I can’t browse the web.

There’s a really good write-up at of the underlying problem.

Written by Lee Verberne

2020-02-28 at 09:15

Posted in Linux

Tagged with ,

Fix your drifting pointer in GNOME

leave a comment »

Plagued with a drifting pointer? I sure am.

For me this happens when I accidentally zoom using an accessibility “feature” in GNOME. Actually, it’s in Compiz and ambushes me when I accidentally hit Super (windows key) instead of Alt when resizing a window using the Alt+middle click+drag combination.

Compiz seems to be a little particular about getting the screen fully zoomed out again, but here’s a method that’s (so far) always reset the zoom without leaving me with a randomly drifting cursor.

To zoom out again, hold the super key and scroll down using your scroll wheel. I’m sure there’s a better way, but I don’t know it. Disabling zoom hotkeys in gconf-editor didn’t seem to work for me. If you’ve figured this out, please leave a comment!

Written by Lee Verberne

2011-01-04 at 12:47

Posted in Linux

Tagged with ,

ecryptfs mount options

leave a comment »

I was having trouble tracking down the ecryptfs mount options that can be used to stop the mount.ecryptfs helper utility from prompting quite so much.  I tested this on Ubuntu 10.10.  ecryptfs_verbosity claims to be the option that I really want to change, but I couldn’t get this one working.

You can add these options to your /etc/fstab.  Their values are partially documented here:

Here’s what I added to my /etc/fstab to stop mount.ecryptfs from prompting for anything besides the password on Ubuntu 10.10:

/root/.crypto /root/crypto ecryptfs noauto,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n 0 0

Read the rest of this entry »

Written by Lee Verberne

2010-11-05 at 14:56

Posted in Linux

Tagged with