Skip to content

Dnsmasq fun

Ever wanted to setup a forwarding DNS for just one zone with Dnsmasq in DD-WRT? Here's how:
   server=/example.com/10.0.0.1
This will forward requests for *.example.com to 10.0.0.1. While we're on it, how about static DNS entries (w/o using DHCP) in DD-WRT? It's as easy as:
  address=/foo.example.com/f00.example.com/10.0.0.3
  address=/bar.example.com/b4r.example.com/10.0.0.4

Encrypted /home with Ubuntu 10.04

This has troubled me for quite some time now:
# adduser --encrypt-home foo
[...]
foo$ cat README.txt 
THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA.

From the graphical desktop, click on:
 "Access Your Private Data"
or
From the command line, run:
 ecryptfs-mount-private

foo$ ecryptfs-mount-private 
ERROR: Encrypted private directory is not setup properly

When adding the user via the GUI it did not work either :-\ Turns out, I had to reinstall, again:

# apt-get purge ecryptfs-utils libecryptfs0 keyutils \
          libpam-encfs encfs librlog5 libboost-*
# apt-get install libpam-encfs ecryptfs-utils

# adduser --debug --encrypt-home foo
Adding user `foo' ...
Selecting UID from range 1000 to 29999 ...
Selecting GID from range 1000 to 29999 ...
Adding new group `foo' (1001) ...
/usr/sbin/groupadd -g 1001 foo
Adding new user `foo' (1001) with group `foo' ...
/usr/sbin/useradd -d /home/foo -g foo -s /bin/bash -u 1001 foo
Creating home directory `/home/foo' ...
Setting up encryption ...
/usr/bin/ecryptfs-setup-private -b -u foo
************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************
[...]

foo$ mount | tail -1
/home/foo/.Private on /home/foo type ecryptfs (ecryptfs_sig=521cef411f2c84b1, \
ecryptfs_fnek_sig=44158dfbb2100d2f,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)

foo$ df -h .
Filesystem            Size  Used Avail Use% Mounted on
/home/foo/.Private    9.4G  2.9G  6.1G  32% /home/foo

rsyslog: imklog: Cannot open proc file system

For some time now rsyslog was not logging kern.* messages any more on this Ubuntu system:
Jul  6 18:07:08 len kernel: imklog: Cannot open proc file system, 2.
Jul  6 18:07:08 len rsyslogd: [origin software="rsyslogd" ...] (re)start
It has been upgraded from 9.10, and LP#401433 seems to suggest that some upgrade broke imklog. The fix suggested there would involve the following commands, but since my /var/run is a tmpfs, I'd have to have this executed after every reboot (and before rsyslog starts):
  mkdir -m0700 -p /var/run/rsyslog
  chown syslog:syslog /var/run/rsyslog
  mkfifo -m 600 /var/run/rsyslog/kmsg
  chown syslog:syslog /var/run/rsyslog/kmsg
  start-stop-daemon --start --pidfile /var/run/rsyslog/kmsgpipe.pid \
                    --exec /bin/dd -b -m -- if=/proc/kmsg of=/var/run/rsyslog/kmsg
The "real" fix here was to apply a bit of Windows-fu *) to this setup and reinstall rsyslog :-\

*) The three Rs of Microsoft support: Retry, Reboot, Reinstall