James Raftery

Here you'll find programs, patches and reference material related to DNS, email systems, FreeBSD, perl and other assorted whatnots. There are also some lecture slides, essays, notes and that sort of thing; some serious, some very much not. If you're not a geek, this site is dull, dull, dull.

This site is served by RedBrick, the DCU Networking Society. Email me: james .at. now .dot. ie

Software

DNS related

dnsrend

MD5 (dnsrend-0.08.tar.gz) = 83a1059f84b25223a0189edb92db43e5 Released 8th November 2010
dnsrend is a DNS message dissector, showing excruciating detail to diagnose malformed message contents.

You can grab the source below along with some of the documentation or look at the more informative dnsrend page for more information.
[ README | Download source | More info. ]

route53d

MD5 (route53d-0.01-alpha.tgz) = 490a7229b1e5044a7bfad6f97a440d30 Released 15th December 2010
route53d is a DNS frontend to the Amazon Route 53 API, letting you use dynamic updates and (soon) zone transfers to push DNS changes into Route 53.

The full rundown is on the route53d page.
[ README | Download source | More info. ]

SRV-aware WHOIS client

Download whois-srv to get a WHOIS client which can use DNS SRV resource records to locate the appropriate WHOIS server to send the query to. Written in perl, with the Net::DNS module. It doesn't have much documentation. This client includes support for the SRV location process described in draft-whois-srv-02.txt

db2dns

A perl filter to write both BIND master-zone-file format and tinydns-data format DNS records for domain objects found in a version 2 RIPE-like database. Feed a v.2 database on stdin and get BIND and/or tinydns zone data appended to files of your choice!

dnsnotify

dnsnotify manually sends DNS NOTIFY messages to DNS servers. Written in perl and requires Net::DNS. Based on Jos Backus's original script. Andrew Pam took dnsnotify and turned it into something better. [local copy of dnsnotify]

djbdns (dnscache) cache hit/miss statistics

This patch to djbdns 1.05 modifies the dnscache program to keep a counter of cache hits and cache misses. Two new fields are added to the stats output line: the fifth number is the number of cache hits; the sixth number is the number of cache misses.

@400000003fa92ccc317d70f4 stats 3 1201 1 0 21 49

A stats line such as the above indicates 21 hits and 49 misses since dnscache was started. We plot the statistics in rrdtool graphs: (1), (2).

DNS reference for Palm

A MobileDB format database for the Palm specifying all of the DNS parameter numbers (3KB) maintained by the IANA.

djbdns mirror

The Irish mirror of tinydns.org, the usersite for Dan Bernstein's excellent djbdns software is hosted here. Its canonical URL is http://djbdns.now.ie/.

dnspython Resolver patch

I wanted an easy way to send non-recursive queries using the python dnspython module. I extended the Resolver object's query() function to accept a dns.message.Message argument to allow me to create a complete Message object with my choice of flags, opcodes, etc. and hand that to query() to send. There's more discussion in the dnspython-dev mailing list archive. Apply this patch to dnspython.

dnsassert

MD5 (dnsassert-0.04.tar.gz) = d3cd82ef8f93409e22711d80c11d0f0c Released 25th August 2009

We run a busy set of DNS boxes serving zones for a very informal community. Users regularly move their delegation elsewhere without telling us. To manage the cruft accumulation I wrote dnsassert to check that various DNS records are as expected. In our particular case I feed it the list of names from our BIND and MTA configs. and have it flag any NS or MX RRsets that we're not listed in any more. It's written in Python and uses the dnspython module. It has nothing to do with the BIND UPDATE assert() bug.
Why is dnsassert not threaded, you ask? Because dnspython isn't thread-safe. I have a patch to fix that but I'm not distributing it. Sorry.

Email servers, tools and patches

vodmr

MD5 (vodmr-0.13.tar.gz) = d51b823e974c1e0be44f6015d21694af Released 30th August 2005.
This program is an RFC 2645 On-Demand Mail Relay (ODMR) / Authenticated TURN (ATRN) server for vpopmail/vchkpw mail servers running qmail.

You can grab the source below along with some of the documentation or look at the more informative vodmr page for more information.
[ README | FAQ | INSTALL | ANNOUNCEMENT | Download source | More info. ]

Net::QMTP perl module

MD5 (Net-QMTP-0.06.tar.gz) = cca980e12f14808164e70ff2786f15d1 Released 2nd November 2004.
Net::QMTP is a perl module which provides an object interface to a Quick Mail Transfer Protocol (QMTP) client. QMTP is a replacement for the Simple Mail Transfer Protocol (SMTP). The module is in very early development. Net::QMTP can be downloaded from my CPAN directory. You can also browse the module's documentation on CPAN. The qmail package includes a QMTP server.

You can download version 0.06 from here or the latest files from CVS instead, but please do try to use your nearest CPAN mirror. FreeBSD users can use the ports collection: cd /usr/ports/mail/p5-Net-QMTP && make install

vpopmail vadddomain patch

The -e flag to vadddomain configures a virtual domain's default delivery to reinject a message to the specified user rather than delivering into the user's Maildir (as qmailadmin does). This means the envelope information from the original message is lost. This patch modifies the behaviour of the -e flag to deliver into the specified user's Maildir if the argument to -e does not contain an @ symbol. (This patch has been incorporated into the 5.3.20 development release of vpopmail, upon which the 5.4.0 stable release will be based)

assign-lint for qmail

assign-lint highlights problems and inconsistencies in a users/assign file as created by qmail-newu and used by qmail-lspawn, both components of the qmail MTA. Checks syntax and semantics, written in perl. [local copy of assign-lint]

qmail ETRN logging

A small patch for qmail's SMTP daemon (version 1.03) to log ETRN commands, instead of reject them. A log watcher can follow the daemon's log output and fire off an appropriate dequeuing procedure (send an ALRM to qmail-send, start serialmail, etc). Based on Markus Stumpf's patch. I've patched Postfix 1.1.8 to do the same. While Postfix supports ETRN it rejects ETRNs for domains not in $fast_flush_domains, and doesn't log approved ETRNs without increasing the logging level to an unacceptable verbosity. Apply this patch to src/smtpd/smtpd.c.

qmail canonicalised recipient logging

qmail-remote fulfills the canonicalisation requirements of SMTP for qmail -- that is, the standard prohibits host names in `RCPT TO' (recipients) from being aliases. qmail-remote, like other MTAs, rewrites aliases in `RCPT TO' to the canonical host name found in DNS.
The logs however only show the address before canonicalisation.

starting delivery 90: msg 12642 to remote some_user@www.redbrick.dcu.ie

If you were to try to diagnose a problem with this, it would be useful to know that qmail actually sent the message to some_user@prodigy.redbrick.dcu.ie because www.redbrick.dcu.ie isn't canonical (especially if the remote site has since removed the CNAME).

Apply this patch to qmail-remote.c to have delivery reports (and bounce messages) log the real recipient.

delivery 90: success: <some_user@prodigy.redbrick.dcu.ie>_136.206.1.5_accepted_message./ Remote_host_said:_250_<3D738B0800096B73>_Mail_accepted/

qmailadmin support for vpopmail mailbox flags

The qmailadmin web administration tool for vpopmail does not permit a user to view or modify mailbox flags. Such a flag is required to enable ODMR access to a mailbox. If you want to be able to view and change mailbox flags with qmailadmin apply this patchset to qmailadmin 1.0.12 (or later) sources. (This patch has been incorporated into the 1.0.16 development release of qmailadmin. If you're using that release or later this patch is redundant)

The patch adds a new ## output tag: ##Jx. ##J0 selects V_USER0 if set, ##J1 V_USER0 if unset, ##J2 selects V_USER1 if set, ##J3 V_USER1 if unset, and so on.

An older and cruder version of this patch for qmailadmin 1.0.6 has similar functionality. It isn't as clever as the 1.0.12 patch. Don't use it unless you're desperate.

vpopmail.pm vauth_getpw uid/gid/clear_passwd patch

Sean Scanlon's vpopmail.pm module provides access to the vpopmail C API from your perl programs. The current version of the module (0.08) doesn't fully implement the C vauth_getpw function -- it does not return the uid, gid or clear_passwd field of the user. This patch to vpopmail.xs adds that functionality. You should only attempt to apply this patch if you have a vpopmail that supports clear text passwords (4.10 or newer).

mutt message rescore patch

The mutt mail client supports message scores to rank, sort and display messages according to user specified policies. Scores are calculated when a folder is opened and are not updated as messages' statuses change (from `New' to `Read'; from `Unflagged' to `Flagged'; etc). If you're like me, with over 3000 messages in a folder on a very slow IMAP server, reopening the folder (which takes about 90 seconds) to update scores isn't pleasant. mutt-rescore.mesg.patch is a small patch to mutt which updates message scores in real-time.

mutt scoring extended patterns patch

The mutt message score system, mentioned above, forbids "for efficiency reasons" some patterns that match on message parts not shown in the index. It seems to me that the user should decide if any performance decrease is acceptable to them, rather than endure a blanket ban. Here is a patch to remove the pattern restriction for scoring.

SMTP client bash script

This script is a simple SMTP client written in bash. I use it to quickly send test emails through SMTP servers I'm working on, especially from demonic 'appliance' type platforms that don't provide telnet/netcat/etc.

FreeBSD

FreeBSD ``Freeze-dried Workstation''

MD5 (fdws-skeleton-0.02.tar.gz) = e756353aea4bd2cc81aef70559b54fdb Released 18th October 2003.
The ``Freeze-dried Workstation'' is a FreeBSD port skeleton which will do a pretty good job of turning a freshly installed FreeBSD machine into one suitable for my desktop, with minimal effort. It works by installing nothing itself but having dependencies upon the tools and applications I want. It's here because it may be useful to you too. Be aware that this will download, compile and install a lot of software. It will likely take a very long time and use a lot of disk. All told, fdws will install 105 ports (mostly dependencies [16 Oct. 2003 ports tree]).
Download the skeleton, extract it into /usr/ports, then do make install in /usr/ports/misc/fdws. Go for a long coffee break.

FreeBSD SCSI DA kernel patch

A small patch for the FreeBSD 4 kernel's SCSI Direct Access driver to get my USB pen flash drive working -- a Wincan [branded as ``Copera''] 64MB USB pen flash drive. The kernel detects it as <Wincan HARD DRIVE DISK 1.05> Removable Direct Access SCSI-0 device. The patch, and hardware details, are in FreeBSD PR kern/37378. [local copy of scsi_da.c.patch]

FreeBSD ps(1) format patch

This patch to /usr/src/bin/ps/print.c stops ps printing an empty line when empty headers are specified. After this patch ps -o pid= -o cpu= -p 1, for example, prints on one line not two. [FreeBSD PR bin/43389] (This has been fixed in RELENG_4 since Nov. 30 2002.)

FreeBSD whois(1) patch for IANA/TLD lookups

This patch to /usr/src/usr.bin/whois/whois.{1,c} adds a -I flag to whois to query the IANA whois server, whois.iana.org. Top-level domain network information is now served by this host. It is no longer available from NetSol. or InterNIC WHOIS. [FreeBSD PR bin/48914] (This patch was commited to HEAD/-CURRENT on June 14 2004, and to RELENG_4 on December 12 2004.)

FreeBSD port maintenance

I am the maintainer of a few FreeBSD ports, namely mail/p5-vpopmail, mail/vodmr, mail/p5-Net-QMTP and textproc/p5-Text-Netstring. I no longer maintain net/vnc.

Everything else

cram-auth

MD5 (cram-auth-0.1.tar.gz) = 4d69dc4636492be69c5a92cde38da9a3
This program produces CRAM-MD5 authentication responses as used in SASL (e.g. SMTP AUTH). It's written in perl and requires the Digest::HMAC_MD5 and MIME::Base64 modules.

Snakes and Ladders

I wrote a pretty basic Snakes and Ladders applet in Java for a university programming class. I still get a steady stream of email about it, and I'm happy to help with genuine queries. Please don't bother trying to get me to do your homework. I won't. Oh, and things you need to do to pass your assignment but are "missing" from this game are not "bugs".

RedBrick Code decoder

rbdecode is a RedBrick Code decoder. The RedBrick Code is similar to the Geek Code, but, well, it's a little closer to home. Here's an example of what it does.

Text::Netstring perl module

MD5 (Text-Netstring-0.07.tar.gz) = df1fd67977d687a1b104e8756dff4761 Released 20th November 2006.
The Text::Netstring module gives your perl programs an easy way to create and manipulate netstring encoded strings, as used by the QMTP and QMPC protocols. The module can be downloaded from my CPAN directory. You can also browse the module's documentation on CPAN.

You can download version 0.07 from here or the latest files from CVS instead, but please do try to use your nearest CPAN mirror. FreeBSD users can use the ports collection: cd /usr/ports/textproc/p5-Text-Netstring && make install

Unix::Supervise perl module

MD5 (Unix-Supervise-0.01.tar.gz) = 906bab7792c4893a8fd9238f6bfee241 Released 3rd February 2003.
Unix::Supervise is an object interface to svscan/supervise monitored unix services. svscan and supervise are components of Dan Bernstein's daemontools package. You can download version 0.01 from here. This is alpha software.

Mozilla / Firefox searchbar plugins

With these plugins, use the Mozila/Firefox Search Bar to search cisco.com or docs.sun.com.
N.B. for Unix: Search plugins can't be installed unless you can write to the searchplugins directory. This is /usr/X11R6/lib/firefox/lib/firefox-0.9.1/searchplugins for my Firefox 0.9.1.

"date +%s" for Solaris

Getting the number of seconds since the epoch in a Solaris userland is a pain: strftime(3C) doesn't have a +s conversion so date(1) is no help. I'm sick of it. Here is a tiny C program, with source and Solaris/SPARC dynamic and statically linked binaries that prints seconds since the epoch.

Net::Pcap::Reassemble perl module

MD5 (Net-Pcap-Reassemble-0.05.tar.gz) = 6ac8784e652e2ad3d516a25c579403e0 Released 14th May 2010.
This module is a wrapper around the loop() function in Net::Pcap. It performs reassembly of IPv4 and IPv6 fragments in the capture data and so provides a complete, reassembled datagram to the caller via the normal callback mechanism. The module can be downloaded from my CPAN directory. You can also browse the module's documentation on CPAN.

You can download version 0.05 from here or the latest files from CVS instead, but please do try to use your nearest CPAN mirror.

Writings

• Some notes on Internationalized Domain Names (IDN) at http://pógmothóin.now.ie/
• I keep short notes, mostly about technology that's annoyed me, on my Jottit site.
• Building a custom, patched FreeBSD ISO install image.
• The Europa Hotel in Belfast, and the traditions that befall it.
• I try to rationalise my decision to vote yes to Nice.
• A longish piece on my day at the anti-war protest in Shannon Airport on October 12 2002.
• The New York Post tells us that France has forgotten World War Two. I disagree.
• A presentation entitled Legal Aspects of Computer System Security given at HEAnet's Security - Protecting our Resources seminar.
• I wrote an article for the Irish Linux Users Group describing DNS transaction signatures.
• The guys are right and the girls are wrong: Men and Primary Colours. There are eleven primary colours.
• Saddam Hussein is a villainous menace, but perhaps he's not all bad.
• The dosser's dictionary; my personal lexicon of madeupisms.
• More ...

Brain food

Currently reading: Psychology: the Science of Mental Life by George A. Miller, A Brief History of Time by Stephen Hawking and Adrian Mole: the Cappuccino Years by Sue Townsend.

Guardian Unlimited and The New York Times publish first chapters on the web. Read them.

USENIX have collated the Best Papers winners. The ACM have published some of their best too, including Ken Thompson's infamous Reflections on trusting trust.

Freedom of information, protection of human rights and a little social justice wouldn't harm anyone would they? Help fight online bully-boy tactics. Indulge in a little heresy. Or perhaps you'd like to join me in laughing at the state of modern justice.

Nonsense

Help the manhunt for an escaped GAA player.
US foreign policy: spot (and explain) the difference.
Is latin really such a daunting challenge?
Has non-judgemental political correctness gone too far?

RFCs

Mumbo jumbo