From owner-freebsd-security@freebsd.org Wed Jun 8 00:29:36 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D8140B6F0AE; Wed, 8 Jun 2016 00:29:36 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id A3C8A17C7; Wed, 8 Jun 2016 00:29:36 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 555A16501; Wed, 8 Jun 2016 00:29:29 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 4CB3062383; Wed, 8 Jun 2016 02:29:29 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Slawa Olhovchenkov Cc: stable@freebsd.org, freebsd-security@freebsd.org Subject: Re: unbound and ntp issuse References: <20160602122727.GB75625@zxy.spb.ru> Date: Wed, 08 Jun 2016 02:29:29 +0200 In-Reply-To: <20160602122727.GB75625@zxy.spb.ru> (Slawa Olhovchenkov's message of "Thu, 2 Jun 2016 15:27:27 +0300") Message-ID: <86pors7cba.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 00:29:36 -0000 Slawa Olhovchenkov writes: > IMHO, ntp.conf need to include some numeric IP of public ntp servers. https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Wed Jun 8 09:49:02 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2A54B6FADC; Wed, 8 Jun 2016 09:49:02 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 984B114B1; Wed, 8 Jun 2016 09:49:02 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAa6d-000CqF-S6; Wed, 08 Jun 2016 12:48:59 +0300 Date: Wed, 8 Jun 2016 12:48:59 +0300 From: Slawa Olhovchenkov To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= Cc: freebsd-security@freebsd.org, stable@freebsd.org Subject: Re: unbound and ntp issuse Message-ID: <20160608094859.GH75625@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <86pors7cba.fsf@desk.des.no> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 09:49:02 -0000 On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote: > Slawa Olhovchenkov writes: > > IMHO, ntp.conf need to include some numeric IP of public ntp servers. > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link What you suggestion? From owner-freebsd-security@freebsd.org Thu Jun 9 08:04:44 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 401A4ADC9A0; Thu, 9 Jun 2016 08:04:44 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 01AF216DC; Thu, 9 Jun 2016 08:04:44 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAuxE-000O5w-PX; Thu, 09 Jun 2016 11:04:40 +0300 Date: Thu, 9 Jun 2016 11:04:40 +0300 From: Slawa Olhovchenkov To: krad Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , freebsd-security@freebsd.org, "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160609080440.GR75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 08:04:44 -0000 On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > googles will be pretty static, but i would just use them as a one off, ie > with ntpdate i am talk about freebsd system/project. > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote: > > > > > Slawa Olhovchenkov writes: > > > > IMHO, ntp.conf need to include some numeric IP of public ntp servers. > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > What you suggestion? > > > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > From owner-freebsd-security@freebsd.org Thu Jun 9 13:37:42 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6376EB700D4; Thu, 9 Jun 2016 13:37:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2783D118E; Thu, 9 Jun 2016 13:37:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bB09T-0006NM-U0; Thu, 09 Jun 2016 16:37:39 +0300 Date: Thu, 9 Jun 2016 16:37:39 +0300 From: Slawa Olhovchenkov To: krad Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , freebsd-security@freebsd.org, "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160609133739.GV75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:37:42 -0000 On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > I doubt that will happen as you are asking to pollute every release > installation for an edge condition when there is numerous work arounds > that would be acceptable to most. eg two lines in rc.conf will fix the > issue. This manual editing will be required by every install on RPi, for example. Also, this issuse hard to dignostics by average user. > On 9 June 2016 at 09:04, Slawa Olhovchenkov wrote: > > > On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > > > > > googles will be pretty static, but i would just use them as a one off, ie > > > with ntpdate > > > > i am talk about freebsd system/project. > > > > > > > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > > > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote: > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > IMHO, ntp.conf need to include some numeric IP of public ntp > > servers. > > > > > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > > > > > What you suggestion? > > > > > > > > _______________________________________________ > > > > freebsd-stable@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > To unsubscribe, send any mail to " > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > From owner-freebsd-security@freebsd.org Fri Jun 10 13:17:50 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 853D7B7045E; Fri, 10 Jun 2016 13:17:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 42E7E1A5B; Fri, 10 Jun 2016 13:17:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bBMJh-000F0p-5V; Fri, 10 Jun 2016 16:17:41 +0300 Date: Fri, 10 Jun 2016 16:17:41 +0300 From: Slawa Olhovchenkov To: krad Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , freebsd-security@freebsd.org, "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160610131741.GC75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 13:17:50 -0000 On Fri, Jun 10, 2016 at 12:53:04PM +0100, krad wrote: > Pretty much every box requires some form of configuration so its a moot > point. IF you want automated deployment you will almost certainly be > building a pxe or prepreared usb/cd image of some sort. In which case you > include these settings in the deployed rc.conf. This sound like "installer and default config not need, use ansible for all" > On 9 June 2016 at 14:37, Slawa Olhovchenkov wrote: > > > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > > > > > I doubt that will happen as you are asking to pollute every release > > > installation for an edge condition when there is numerous work arounds > > > that would be acceptable to most. eg two lines in rc.conf will fix the > > > issue. > > > > This manual editing will be required by every install on RPi, for > > example. > > > > Also, this issuse hard to dignostics by average user. > > > > > On 9 June 2016 at 09:04, Slawa Olhovchenkov wrote: > > > > > > > On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > > > > > > > > > googles will be pretty static, but i would just use them as a one > > off, ie > > > > > with ntpdate > > > > > > > > i am talk about freebsd system/project. > > > > > > > > > > > > > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > > > > > > > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav > > wrote: > > > > > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > > > IMHO, ntp.conf need to include some numeric IP of public ntp > > > > servers. > > > > > > > > > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > > > > > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > > > > > > > > > What you suggestion? > > > > > > > > > > > > _______________________________________________ > > > > > > freebsd-stable@freebsd.org mailing list > > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > > > To unsubscribe, send any mail to " > > > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > > > > > > >