From owner-freebsd-questions@freebsd.org Wed Sep 1 15:37:05 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 03DE766CE78 for ; Wed, 1 Sep 2021 15:37:05 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H07TX27blz4pH6 for ; Wed, 1 Sep 2021 15:37:04 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 32E1A9A191 for ; Wed, 1 Sep 2021 15:37:04 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 181Fb4RM016235 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Wed, 1 Sep 2021 15:37:04 GMT (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 181Fb3Dc016232 for ; Wed, 1 Sep 2021 15:37:03 GMT (envelope-from doug@fledge.watson.org) Date: Wed, 1 Sep 2021 15:37:03 +0000 (UTC) From: doug Reply-To: doug@safeport.com To: freebsd-questions@freebsd.org Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> Message-ID: References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4H07TX27blz4pH6 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of doug@fledge.watson.org has no SPF policy when checking 204.107.128.30) smtp.mailfrom=doug@fledge.watson.org X-Spamd-Result: default: False [-0.99 / 15.00]; HAS_REPLYTO(0.00)[doug@safeport.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.989]; CTYPE_MIXED_BOGUS(1.00)[]; DMARC_NA(0.00)[watson.org]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2021 15:37:05 -0000 On Wed, 1 Sep 2021, doug wrote: > > > On Wed, 1 Sep 2021, Graham Perrin wrote: > >> On 31/08/2021 22:12, Doug Denault wrote: >> >>>>> ? www.mozilla.com uses security technology that is outdated and >>>>> vulnerable to attack. An attacker could easily reveal information >>>>> which you thought to be safe. The website administrator will need to >>>>> fix the server first before you can visit the site. >>>>> >>>>> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >>>>> >>>>> Others without security (for me) include american.express, >>>>> google.com, amazon.com and youtube.com. freebsd.org works. As far as >>>>> I can tell this only affects me. >>>>> >>>> >>>> couple things worth checking: >>>> - make sure ca_root_nss is on latest version (I'm on v3.69 and not >>>> seeing this issue) >>>> - make sure your system clock is in sync >>>> >>>> for debugging, maybe try accessing a site via curl.  it may report a >>>> more helpful error message, or if it works it's possible the issue is >>>> isolated to firefox. >>> >>> Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks >>> are sync'd using FreeBSD defaults and, curl gave no output. Chrome >>> works. It seems clear that the lack of any others there is something >>> firefox does not like about my setup. >> >> >> Do you get the same error for ? >> (The site to which redirects, for me in the UK.) > > No, wow! How did you come up with that?? That works as does onelook.com, > safeport.com and all the sites we host and random others. After I posted > this I found that libreoffice was also broken by the thunderbird install > and upgrades. It was missing 8 dynamic libraries. I added the missing files > from another workstation and got libreoffice to start but it only wanted to > recover my "lost" files. Removing libreoffice and all its dependencies > fixed that issue. I am wondering if my particular combination of packages > has another "hidden" dependency. I stored my bookmarks using the facility > that allows sync-ing. That does not work. Other than that firefox works > perfectly on the sites it will load. > _______________________________________________ Well cool. After posting this I went back and did it again. Now https://www.mozilla.org/en-GB/firefox/ no longer works. Clearly my combination of things if a one-of-a-kind. From owner-freebsd-questions@freebsd.org Thu Sep 2 06:07:41 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2C71B678DB8 for ; Thu, 2 Sep 2021 06:07:41 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H0Vp367Kjz4m5d for ; Thu, 2 Sep 2021 06:07:39 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 6712291E03 for ; Thu, 2 Sep 2021 06:07:39 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 18267du3093903 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Thu, 2 Sep 2021 06:07:39 GMT (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 18267dLG093900 for ; Thu, 2 Sep 2021 06:07:39 GMT (envelope-from doug@fledge.watson.org) Date: Thu, 2 Sep 2021 06:07:39 +0000 (UTC) From: doug Reply-To: doug@safeport.com To: freebsd-questions@freebsd.org Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: Message-ID: References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4H0Vp367Kjz4m5d X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of doug@fledge.watson.org has no SPF policy when checking 204.107.128.30) smtp.mailfrom=doug@fledge.watson.org X-Spamd-Result: default: False [1.00 / 15.00]; HAS_REPLYTO(0.00)[doug@safeport.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; CTYPE_MIXED_BOGUS(1.00)[]; DMARC_NA(0.00)[watson.org]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 06:07:41 -0000 On Wed, 1 Sep 2021, doug wrote: > On Wed, 1 Sep 2021, doug wrote: > >> >> >> On Wed, 1 Sep 2021, Graham Perrin wrote: >> >>> On 31/08/2021 22:12, Doug Denault wrote: >>> >>>>>> ? www.mozilla.com uses security technology that is outdated and >>>>>> vulnerable to attack. An attacker could easily reveal information >>>>>> which you thought to be safe. The website administrator will need to >>>>>> fix the server first before you can visit the site. >>>>>> >>>>>> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >>>>>> >>>>>> Others without security (for me) include american.express, >>>>>> google.com, amazon.com and youtube.com. freebsd.org works. As far as >>>>>> I can tell this only affects me. >>>>>> >>>>> >>>>> couple things worth checking: >>>>> - make sure ca_root_nss is on latest version (I'm on v3.69 and not >>>>> seeing this issue) >>>>> - make sure your system clock is in sync >>>>> >>>>> for debugging, maybe try accessing a site via curl.  it may report a >>>>> more helpful error message, or if it works it's possible the issue is >>>>> isolated to firefox. >>>> >>>> Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks >>>> are sync'd using FreeBSD defaults and, curl gave no output. Chrome >>>> works. It seems clear that the lack of any others there is something >>>> firefox does not like about my setup. >>> >>> >>> Do you get the same error for ? >>> (The site to which redirects, for me in the UK.) >> >> No, wow! How did you come up with that?? That works as does onelook.com, >> safeport.com and all the sites we host and random others. After I posted >> this I found that libreoffice was also broken by the thunderbird install >> and upgrades. It was missing 8 dynamic libraries. I added the missing files >> from another workstation and got libreoffice to start but it only wanted to >> recover my "lost" files. Removing libreoffice and all its dependencies >> fixed that issue. I am wondering if my particular combination of packages >> has another "hidden" dependency. I stored my bookmarks using the facility >> that allows sync-ing. That does not work. Other than that firefox works >> perfectly on the sites it will load. >> _______________________________________________ > > Well cool. After posting this I went back and did it again. Now > https://www.mozilla.org/en-GB/firefox/ no longer works. Clearly my > combination of things if a one-of-a-kind. > _______________________________________________ > On a test system I followed the same upgrade path getting the same firefox errors. Following a suggestion I got on the Facebook group, I did a upgrade all. This fixes firefox. I think that means firefox requires something in xfce or Xorg be upgraded. E.g, a missing dependency From owner-freebsd-questions@freebsd.org Thu Sep 2 08:13:32 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 88DD367B40E for ; Thu, 2 Sep 2021 08:13:32 +0000 (UTC) (envelope-from mark@tinka.africa) Received: from the-host.tinka.africa (ge-1.ln-01-jnb.za.seacomnet.com [105.28.96.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0YbH67X6z3tYH for ; Thu, 2 Sep 2021 08:13:31 +0000 (UTC) (envelope-from mark@tinka.africa) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Type:MIME-Version:Date:Message-ID:To: Subject:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NhPUQn7UHWVDHhDGaBvSYQXnU2Yvdu5F1MWF+VyQ5Co=; b=jQKOlhyuaHAaKe8hHj+aHhBapF 1igJAHCGvnmo5juf4wnlVp677mL1cR5rbPEU5DtjVrOx1/1BAZY3/8WW2MV5DsY7K4bv5A+RX/pNs +ogWfidLQw3uUOroVTK5Os8vLSnbz+RnvJ7Wz8K8ersXuywVmaz9VsGRLKkDg1hTVfA5Rg3DFAI5p qCV+iyK8cJI9Q9vdHGSQDbNiNrL9d6qjSzyNil6H0Jel+ztG231BSYZ+ffgqWC1LYXM70JhaRP42j Jhe4R4dW7W1UlIsuKtc+rlJq2O7LS3hcvjTXxch08EC8rw+t6rISedvMgMZTSs+6yCJxI8LjNVqS1 xEoKneYQ==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYSS6H-0009FM-6V for freebsd-questions@freebsd.org; Thu, 02 Sep 2021 10:13:29 +0200 From: Mark Tinka Subject: BIND 'max-cache-size' Value on FreeBSD-13.0 To: freebsd-questions@freebsd.org Message-ID: Date: Thu, 2 Sep 2021 10:13:23 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 Content-Language: en-US X-Rspamd-Queue-Id: 4H0YbH67X6z3tYH X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b=jQKOlhyu; dmarc=pass (policy=none) header.from=tinka.africa; spf=pass (mx1.freebsd.org: domain of mark@tinka.africa designates 105.28.96.5 as permitted sender) smtp.mailfrom=mark@tinka.africa X-Spamd-Result: default: False [-3.00 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; FREEFALL_USER(0.00)[mark]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.28.96.5]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[tinka.africa:+]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; DMARC_POLICY_ALLOW(-0.50)[tinka.africa,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 08:13:32 -0000 Hi all. Ever since we moved from BIND-9.11 to BIND-9.16, we've been experiencing 'named' crashing after 24hrs - 36hrs on high-load resolver-only servers, running on FreeBSD-13.0. We found that the reason for this was due to BIND running out of swap space. An increase in swap space by creating a 4GB swap file did not help. So we are now playing with the 'max-cache-size' value in BIND. The system has 15GB of physical RAM. Limiting BIND to 13GB of memory does not work; 'named' still crashes due to a lack of swap space. We have then switched to % values, and it's still crashing for the same reason at 90% and now 80%. We are now testing 70%. Anyone have some idea of how we can get this under control? Is there a possibility that BIND is not properly understanding how much physical RAM is available to FreeBSD, and just burns through it anyway, tripping swap space in the process? I can't think of any reason why BIND would keep burning RAM if it has been told to limit its demand to a certain value or %. All help appreciated. Thanks. Mark.