Over the past 14 months, I’ve sporadically been quite ill. During the latter stages of getting this investigated, it turns out the cause has likely been responsible for some pain and illness I’ve had for around 4 years, maybe longer.

I decided to write this, partly to document what happened to me, and partly in case any of it is helpful to someone else. It’s wholly from memory, and my perspective on what’s happened.

The first instance I can remember was around the end of 2006, and as that was a bit of a stressful time in my private life, I assumed it was stress related.

I would get a pain right across my chest, just around the level of the bottom of my ribs. Back in 2006 it was uncomfortable, and went within an hour or so, was generally early to mid evening, and so I assumed it was indigestion. I also assumed, as I said, that it was aided by stress, and so took some anti-acid tablets or gaviscon each day and that seemed to clear it up.

The whole episode lasted about 6 to 8 weeks I guess. Not every day, sometimes not every week, but here and there.

As quickly as it had arrived, it went again, and it wasn’t until around December 2009 that it returned. We’d got married, and moved house, and while both enjoyable experiences, the organisation of them is well known to be stressful.

This time, however, the pain came on, and didn’t let up. It started out like indigestion, but gradually concentrated up around the bottom of my ribs. By around 9pm, having tried anti-acid tablets, as well as some pain killers, with nothing touching it, and the pain now unbearable, my wife called the GP practice out of hours number. When they called back, she explained the situation, asked some questions, and then asked her to drive me to the local A&E.

On arrival at A&E, with the pain still there, I was examined by a Doctor. They gave me some codeine which numbed the pain, and some omeprazole, and told me to go and see my GP as soon as possible.

The following morning, with the pain gone, I arranged to see my GP. They examined me, and suggested I was producing too much acid and that this could be stress related. It was suggested that this may have given me an ulcer or the start of one. This seemed to go with my analysis of my situation. The GP put me on 20mg omeprazole for 6 weeks.

While I was on the omeprazole I had no symptoms whatsoever, but within 2 weeks of coming off them, the pain was back; mild and bearable on it’s first visit, but I wasn’t waiting for the full volume of pain I’d bad before, and returned to my GP.

Different GPs were available on different days, and so I saw I different GP by chance. They suggested that I should have been on omeprazole for at least 8 weeks, not 6, and so prescribed 8 weeks of 20mg omeprazole. I also got an appointment to see a nurse to have a blood sample taken to test for helicobacter pylori. The blood test showed negative, and within 2 weeks of finishing the omeprazole, I was back at the GP having had a mild return of pain.

I saw the original GP, who, this time, took a slightly different approach; suggesting I wasn’t as thin as I might be, and that this could be squishing my stomach and pushing acid up into my oesophagus, causing my pain. It was suggested that I could have an endoscopy, but that it’s an unpleasant experience and I seemed to be steered to continuing as we were. There was also a suggestion that the drop off from 20mg of omeprazole’s suppression of acid production was upsetting the stomach, and that a lower dose might be in order. To that end, I was prescribed 3 months of 10mg omeprazole, and I was to take them every other day for the last 2 weeks to try and taper off the end, minimising the impact of ‘normal’ acid production once off of the medication.

I did as instructed, and at the end of the medication, took it one day at a time. All seemed to be fine. I had one very mild dose, but it was a lot more like indigestion, and I’d over indulged a little that day, so I let it slide. All appeared to be going well, and I thought it was all behind me.

However, on Dec 22nd 2010, I had another mild dose of what I thought was indigestion, but it did make me start to think I should return to the GP and push for the endoscopy. I decided to do this between Christmas and New Year, or early in the new year, depending on when I could get an appointment.

My plans were sped up, somewhat, when on Christmas Day, having avoided anything that I though may provoke symptoms, and certainly not over indulged, the indigestion feeling started arriving early evening. By mid evening, it started to become clear that it wasn’t indigestion, and I took some anti-acid tablets. A short while later, I took some co-codamol pain killers as the pain was starting to get unbearable. Around half hour later when the pain wasn’t easing, if anything it was still building, I called the GP out of hours number. They called me back, and after asking me questions, asked me if someone could take me to the local A&E.

A kind neighbour that had not been drinking (it’s Christmas Day, remember), drove my wife and I to A&E and I was seen pretty much straight away. The doctor investigated, and said she would give me some omeprazole. With over a year’s experience, I knew that omeprazole wasn’t going to deal with the pain now it was there, and explained this. They seemed concerned that the co-codamol also hadn’t helped at all. They were concerned enough to admit me to the Surgical Emergency Unit at the John Radcliffe Hospital. The kind neighbour had hung around and took us to the hospital.

There was a short wait once there, but within about 45 mins of arriving I was seen by a triage doctor, who asked questions and examined me. By this point, the pain had been almost unbearable for about 4 hours, and started to subside. They’d taken blood and urine samples for testing, and decided more tests were needed. As it was now around 1am, they kept me in over night. They gave me 40mg omeprazole, inserted a line for a drip, just in case, and I slept for a few hours.

The following morning, Boxing Day, I was in radiology at 6.45am, having my chest and abdomen x-rayed.

A little later, I was told that the doctors were having another look at my x-rays, as they couldn’t decide what additional tests were required, and a short while after this, a selection of people arrived in my room, including the doctor that had examined me the night before. He gave a report, which to my non-medical ears simply contained a lot of the word ‘unremarkable’. Even to my untrained ear, this seemed to indicate they couldn’t find anything wrong, and I worried, briefly, that they would say it was stress, or similar, and send me on my way. After the report, one of the other doctors explained that he suspected I had biliary colic, and that as long as the omeprazole seemed to be dealing with the symptoms for the time being, I would be discharged but must come back to his clinic as an out patient for further tests.

I was overjoyed. Someone had said I had something wrong. My pain was being caused by something. I almost didn’t care what, at that point, just that someone had said something was wrong and needed further investigation.

I have private health care cover, and so I invoked this, to try and speed things along a bit.

In due course, I received an appointment for an endoscopy. I now knew that the person receiving the report on boxing day and suggesting I attend his clinic, was a consultant surgeon, and it was him that was conducting the endoscopy. I’d thought I would be fully sedated, but he explained that this would involve me remembering nothing of the procedure afterwards. He explained that if possible, it’s generally easier to have a local anaesthetic throat spray, and to be fully aware of what is going on. He added that I could be sedated at any time, if it got too much. At all times, what was happening was explained, if something would be a little uncomfortable, such as swallowing the camera, it was all explained well in advance.

The procedure only took around 15 minutes, and I was glad in the end that I’d gone without sedation. I could hear what the surgeon was saying to me, and also to the nurses. A biopsy sample was taken, along with a photograph of the valve leading from my stomach to my duodenum. It showed that I have reflux of bile from the duodenum back up into the stomach. Given I’m on 40mg omeprazole, this isn’t good.

I also received an appointment for ultrasound, and this showed up the main culprits: I have 2 gallstones, 14mm and 16mm, in my gallbladder.

I had a follow up consultation where the situation was discussed. The biopsy result showed mild gastritis. It was explained that the 2 gallstones I knew about, whilst causing the sporadic and unpredictable pain, and by now, an almost constant ache in my back, were actually only part of the problem. To go with them, there will undoubtedly be smaller stones, and there is a risk that these can escape the gallbladder, and get stuck in the common bile duct. If they do, they can block the pipe where it is shared with the pancreas. This can cause pancreatitis. This, in turn, comes in two flavours; mild, and acute. Acute pancreatitis is fatal. 30% of pancreatitis cases are acute. Of course, they could be quiet, and cause me no problems for the rest of my life. There were also a lot of ‘possible’ and ‘could’ in there, but the bottom line was the word ‘fatal’ appeared.

The suggested treatment is to remove the gall bladder via keyhole surgery. This, of course, has risks associated with it, but even before hearing them, I was thinking that as long as none of them had any mention of ‘fatal’ in them, I’d go ahead with the surgery.

As it turns out, the main risk is of injury to the common bile duct, either during surgery, or due to scarring afterwards. Papers suggest it happens in between 1 in 300 and 1 in 500 patients. The obvious question was what was his track record like? He’s done around a thousand, with no occurrences. This is a good track record as far as I was concerned, and surgery was still the answer for me. If it did occur, the symptoms would be unpleasant, and would likely require further surgery to fix, but it’s not a life threatening condition.

There’s also a lesser risk that the body won’t adapt to having bile dripping through from the liver to the intestines all the time, instead of via the gall bladder, however, it’s likely that my largeish stones and diseased gall bladder would be causing an overflow and similar symptoms anyway, and it’s thought I’d adapt. Even if I don’t, it can be fixed with some medication.

So, going with surgery involves:

• Likely removal of re-occurance of pain
• Slight risk of common bile duct injury, but can be fixed, and surgeon has good track record.

Going without surgery involves:

• Chance the pain can return at any time, with no warning. There’s no way to predict it, no foods that avoidance will guarantee freedom from the pain.
• Chance of pancreatitis, together with, however small and unlikely, chance of death.

One of the key things for me, was that if I didn’t have the surgery, I’d continue to get the pain. I’d presumably get used to it, and just go lie down and suffer through it, maybe with some pain killers. This means that one day, I could dismiss the pain as “just another attack” when it could be pancreatitis.

I didn’t need to make a choice right there and then, but even before discussion with my wife and family, it seemed that the sane, sensible choice, was to have the surgery. This was still the case after talking to them.

An appointment was quickly made for the end of the following week. It was at an NHS hospital, rather than the wholy private hospital I’d been to for all my tests, but I’m no private hospital snob, and couldn’t honestly see why I would pick one over the other. It was explained that whilst I shouldn’t need it, the NHS hospital had full A&E as well as intensive care. As I said, I wasn’t bothered either way, and had invoked the private cover to make things go quicker, which they certainly were.

3 days before surgery, I went to the hospital for a pre-operation assessment. This basically involved some blood samples, an examination, and a bunch of questions, all to make sure I was health and fit for surgery.

That night, I had an episode of pain. It was the first time I’d had the pain whilst actually on omeprazole, and frankly, when it escalated to the worst the pain had been, and quite simply unbearable, I called the GP out of hours number. I was frightened. They called back, asked questions, and the trip to A&E was on. The doctor saw me about 45 minutes after I arrived, and I explained the situation. He gave me anti-sickness and anti-spasmodic injections and left me to lie down in an adjoining room for around half an hour. When he returned, I noted that that pain was still as bad, but I didn’t seem quite so bothered by it. I returned home with some Tramadol that I was to take if needed for the pain.

The pain subsided enough for me to sleep, but it was still there to a lesser degree when I woke up on Wednesday morning. I took one of the tramadol tablets and was left with a crampy stitch kind of feeling that lingered most of the day. This was a first as well, and I was glad surgery was just around the corner.

I called the hospital I was due to have surgery at, as I didn’t know if what had happened was important. The surgeon’s secretary called me back a while later and asked if A&E had taken any blood samples. They hadn’t, but apparently a blood sample tested for amylase could have told them if I was developing pancreatitis. There seemed to be some consideration as to whether or not to bring my surgery forward, but in the end it wasn’t. I was instructed to call the hospital if the pain returned prior to surgery.

As it stands, I’m due for surgery tomorrow, Friday 25th Feb.

Tags: abdomen,Biliary Colic,Duodenum,Endoscopy,Gallbladder,Gallstones,pain,Stomach,Surgery,Ultrasound
Categories: Personal Life
No Comments »

It was back in late 2010 that, with permission, finally, for Michelle to take unpaid leave in the middle of term, we booked our tickets to Florida.

It was a very exciting time, as we’d been given an opportunity to go to Florida, and more specifically, to Daytona, to marshal, or, as it’s called in the USA, be a corner worker at, the 2011 Rolex24.

There are a few differences in the job between the UK and USA, however, at the end of the day, you’re there for the same reason: safety.

In the UK, a marshal will typically be allocated a specific job, and indeed, this will be based on their usual grade; so you may be a flag marshal, incident marshal, incident officer, post chief, etc. In the USA, you’d be allocated to a turn and then on a rota, you’d do all the jobs: Safety, Flag & Communicator. Of course, like the UK, there’s no pressure to do a job you’re uncomfortable with, but everyone is encouraged to have a go.

The Safety job is much the same as our incident marshal, although you do not go trackside without permission. At all. In many cases, EV (Emergency Vehicles) will respond trackside before you do, making the safety job more about observing and reporting back to the corner captain. That’s not to say that you don’t respond when needed!

The Flag job is exactly the same as in the UK; typically a team of two, one standing ready with yellow, back to the traffic, and one, as their ‘eyes’ and safety, standing ready with blue. The blue flag has a yellow stripe across it’s diagonal, the purpose of which appears to be to make the flag more visible at night. “Black all around” is the equivalent of our red flags, where cars are expected to return at a safe speed to pit/paddock, and red flags are very rare: they mean stop safely right there. “Double yella all around” signifies safety car. At least for Rolex, there were no red or green flags used.

Communicator is very much the same as the role of a Post Chief, but without the report pad: they are the communicator between the turn (post), and race control. All radio calls start with an announcement of the calling station, and the current flag status, before clearing the channel and waiting for race control to give you the go-ahead to talk further. Reports are then short, clear, concise, with the car number and colour (aids other turns spotting a car approaching) and briefly what happened. Race control will always ask for more detail if they require it.

I noted that black flagging a single car was aided by calling the car around to the black flag post, who would have the number and flag ready. Additionally, all manner of details about a car can be communicated among team members without radio or voice, using hand signals and gestures. Generally in the UK, we can communicate what kind of tow is required, but in the USA they can give colour and number as well.

It’s very unusual to see corner workers without either a radio or scanner, listening in, but the discipline to not act unless the communicator and/or corner captain says so, is high.

We worked the first 4 hour shift from 3.30pm until 7.30pm, and then went for a walk around and some food. In passing, it’s worth pointing out that throughout the 24 hours, the corner worker compound was constantly manned and stocked with hot food, and drink, and all free for corner workers. That’s certainly something that’d be welcome in the UK!. We walked the whole track, pretty much, as well as the pit lane and paddock. Our corner worker passes were ‘go everywhere’ passes, and as our first Rolex24 experience, we made full use of them. After our 8 hours down time, it was time for another 4 hour shift, and so at 3.30am, we were back on duty. You don’t associate cold with Florida, but boy, it was. In the day, we’d been warm with our white T shirts and jeans on, however, in the early hours of the morning, we had as many layers as we had with us on. The fog came down, and the bulk of our shift was spent “double yella all around’. The safety car was out for so long, they had to put the spare out while the first went to refuel!

After our second shift we were, in theory, done. However, as we’d not done a 24 hour race before, and certainly hadn’t done Daytona before, we enjoyed the time walking around and seeing the sights, and to see the end of the race.

We’d like to thank all those that made it possible for us to go, and all those new friends we made for making us feel so welcome.

Tags: Corner Worker,Daytona,Marshal,Marshalling,Motorsport,Rolex24
Categories: Motorsport
No Comments »

It’s a few days over 30 since I tinkered with DNSSEC and wrote my previous blog entry on the subject.

I played for a couple of days, got it working, blogged it, and then, of course, totally forgot about it while other stuff filled my mind and time.

Until today.

Today, it turns out, is 30 days since I last updated the zonefile, and the last time I signed it.

So, today, the RRSIGs expired, and anything that’s doing DNSSEC started failing when resolving it.

So, I’ve knocked up some quick and dirty monitoring that runs from cron on the primary.

First, there’s a shocking bit of shell that decides if the zone has any records with RRSIGs about to expire, and if there are, re-signs the zone and issues an rndc reload.

As an aside, I’d previously used -N INCREMENT in the signzone command. The meant I’d have to open the original zone, and modify it. For the automatic re-signing, I’ve changed this to UNIXTIME so that no modifications are required to the unsigned zone. I’d previously used a serial number format of YYYYMMDDXX, and so swapping to UNIXTIME meant a quick visit to the secondaries to persuade them to transfer the zone, but all should be working well now.

The way the shell decides if the zone has expired or about to expire RRSIGs is by calling a bit of perl that opens the zonefile, and hauls through it looking at the RRSIG expiry timestamps.

The scripts output nothing if all is well, and something useful if not. It’s designed to run from cron, once per day, and so cron will email me if there are problems, and won’t bother me if all is well.

It’s a bit rough and ready, but functional.

ToDo:

• Make it less rough. I’ve been lazy, and so used shell for the shell’y kind of bits, and perl for hunting around regexp style in the zonefile. On the upside it took minutes to write and test.
• Package it into a perl module?
• Somehow automate hunting for zones that are signed and checking them. Whoring round /var/cache/bind looking for *.signed is quick, but probably a bit hacky?

Tags: BIND,DNS,DNSSEC
Categories: Technical
No Comments »

Introduction

With the recent signing of the root, I’ve discovered a sudden interest in DNSSEC, and decided to have a go myself to aid my understanding of it.

This article is written as an aid-memoir to me, and summary of the bits I’ve read. Of course, I’ve provided links to the whole blog entries I found the information in, in case you want to read more than I’ve written.

Whilst the root is signed, only certain TLDs are signed, and so if you want the full chain of trust experience, you want a domain with a signed TLD.

At the moment, .uk is signed, but .co.uk etc are not, so that rules them out. .net is scheduled for around Nov 2010, and .com sometime around March 2011.

.org, however, is already signed, and so I thought I’d grab one to play with.

Not All Registrars Are Equal

I used my regular registrar, and registered karldyson.org to go with my collection of .com and .co.uk versions.

This was my first sticking point, because their upstream (Tucows) aren’t accredited for DNSSEC yet (and, it would appear, have no plans on doing so).

I’d need my domain to be with a registrar that is accredited.

My registrar helpfully supplied me with a list of registrars that are, so I could choose one and either register a domain there, or move my new one.

I registered another .org to add to another set, this time with GoDaddy. They’re on the list.

Signing The Zone

I had told GoDaddy that I wanted to use my own nameservers during sign up, and so after creating a regular zonefile for bind, I had a look through the blog entry I found at http://clayshek.wordpress.com/2009/01/13/enabling-dnssec-on-bind/

Essentially, the steps are (all completed whlist IN the zonefile directory):

• Generate a zone signing key (ZSK) :

  dnssec-keygen -a RSASHA1 -b 1024 -n ZONE example.org

• Generate a key signing key:

  dnssec-keygen -a RSASHA1 -b 2048 -n ZONE -f KSK example.org

• Concatenate the created public keys into the zone file:

  cat Kexample.org+*.key >> example.org

• Sign any child zones first: 

  dnssec-signzone -N INCREMENT child.example.org

• Concatenate the DS records for the child into the parent zone:

  cat dsset-child.example.org >> example.org

• Sign the zone:

  dnssec-signzone -N INCREMENT example.org

Generating the ZSK and KSK took ages on my Atom 330 dedicated server, and so I can recommend a good book, or some other talk while you wait for this to finish!

Like the child zone signing, you will get DS records for the parent zone. These need to be supplied to your registrar to maintain the chain of trust. GoDaddy has a nice interface for submitting these, you just need to know what the different bits of the DS records are. They’re detailed in RFC4034 but to save you some time, and sanity….

Your DS Records

example.org. 86400 IN DS 60485 5 1 2BB183AF5F22588179A53B0A98631FAD1A292118

The first four text fields specify the name, TTL, Class, and RR type (DS).

Value 60485 is the key tag for the corresponding ”example.org.” DNSKEY RR

Value 5 denotes the algorithm used by this “example.org.” DNSKEY RR.

Value 1 is the algorithm used to construct the digest.

The rest of the RDATA text is the digest in hexadecimal.

Your Caching Resolver

Your caching resolver will need DNSSEC enabled for queries. I added the following to my bind server’s options section:

dnssec-enable yes;
dnssec-validation yes;

Your System Resolver

With your local system pointed at your caching resolver, it would appear you’ll need EDNS0 enabled. This is achieved by adding the following option to your /etc/resolv.conf

options edns0

This appears to be supported on newer versions of libresolv – my Debian 5 system doesn’t appear to support it, whereas my Ubuntu 10.04 system does.

So, on to the cool stuff… SSH

..and so, at last, on to the cool stuff.

Given you can now trust DNS, you can do something interesting. Rather than need to verify all the SSH fingerprints, you can store them in DNS and have your SSH client automagically verify that all is well. I followed a set of instructions I found at http://blog.exanames.com/2009/06/one-more-thing-to-do-with-dnssec-ssh.html, and as before, here’s a summary. Run the following two comands on each host you’d like to generate fingerprints for:

ssh-keygen -r `hostname`. -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -r `hostname`. -f /etc/ssh/ssh_host_dsa_key

This will generate two SSHFP records that you will need to include in the zonefile, then you can re-sign and re-publish the zone.

In my case, the records generated were for .co.uk variants of the hostname, but I found no problems changing them to .org

You’ll then need to persuade SSH to perform verification using DNS. I did this by adding the relevant option to /etc/ssh/ssh_config

VerifyHostKeyDNS yes

There, you’re done. You should now be able to ssh to the host(s) concerned without needing to manually verify the fingerprints.

Tags: BIND,DNSSEC,Linux,Network,SSH
Categories: Technical
No Comments »

Situation

Hamilton is released a split second after Vettel, and as his garage is ahead of Vettel, this means the two are along side each other in the pit lane. Hamilton is passed, and yet doesn’t yield and tuck in behind. Vettel appears to move over (attempted intimidation?) on Hamilton, pushing him into the pit garages. Are either of them in the wrong? Are either of the teams in the wrong?

The Lolly-pop Man

It could be argued the McLaren lolly-pop man should not have released Hamilton; but as far as I can see, in the slow motion replays, there is only a split second in it. Given when he releases Hamilton, the glance down the pit lane a split second before that, would have had Vettel still in his box. I don’t think this is a punishable offence, just a racing incident.

Side by Side

However, Hamilton, once released, carries on alongside Vettel for the length of the pit lane. He is clearly being passed by Vettel as released, and in my opinion, should drop in behind rather than continue down the right hand side, almost in the remaining pit garages. This was not in the best interests of safety for the pit crews along this section of the pit lane.

As Bad As Each Other?

Vettel meanwhile, appears to move over and try and ‘nudge’ him out of the way. It could be interpreted as trying to intimidate Hamilton into taking up the place behind him.

However, I have to wonder if Vettel could actually see Hamilton in those daft mirrors? Hamilton appears to be right in his blind spot. You can see in some of the footage, Vettel is looking to his right as much as the design of the car, and helmet will permit (which isn’t a lot) and as I say, I wonder if he could see Hamilton? I’d still suggest that Hamilton should have tucked in behind way before he actually did, right at the end of the pit lane.

The Answer

Whilst I await the stewards answer to this with baited breath, I don’t like the fact that any resulting penalty may be carried over to the next race. In my opinion, the race should be dealt with, and penalties for it, applied to it’s results. Of course, some things happen sufficiently late in the race that applying the penalty in the race is not an option, due to the process needed to decide if something has been done wrong. However, there is still the ability to add a time penalty to a drivers time, equivalent to that which would have been incurred had they had a drive through penalty during the race.

Edited 13:15, Sun 18th to add:

In this case, the incident under investigation happened early enough in the race to not qualify for a time penalty after the race, and the stewards are bound to have wanted, needed, even, to speak to the drivers for their version before making a decision. Could Vettel see Hamilton in his mirror, for example? This leaves no choice if a penalty is chosen, other than carrying it forward to the next race. For something of this level, I still don’t like the idea of a penalty being carried through to the next race, though. What the answer is, I don’t know. Maybe time penalties shouldn’t be restricted to a certain number of laps prior to the end (for some infringements, or all?). Also, I guess there’s yet another fine line, somewhere, where an incident is severe enough to need a race ban, grid position penalty etc. Where that line is, I wouldn’t like to speculate.

As it happens, in this case, both drivers have received a reprimand and it’s been left at that. In Hamilton’s case, he’s been advised not to weave, and now this. It’s a shame, really, as on the circuit itself, his racing was very good.

Personally, I particularly liked the passing of Schumacher. I’d been waiting a while, looking forward to seeing Schumacher wheel to wheel with Hamilton, especially in the wet. Just not this Schumacher.

Entry / Exit

Exiting the pit lane, for safety reasons, the exiting car is not allowed to cross the white ‘blend’ line. However, in two separate occasions today, we saw two cars jostling for position, all over the white lines, on the way into the pit lane. There’s a fine line between racing, and safety, and I’m really not sure which side of the line these two occurrences were on, to be honest.

As always, just my two pence.

Tags: Formula One,Motorsport,Pit Lane,Safety
Categories: Motorsport
No Comments »

Introduction

I wanted to have a bit more of a play with IPv6, and with the opportunity of needing to migrate an ADSL line to a new provider, picked Andrews & Arnold due to previous good experience, service and support from them, and, of course, they offer “native” IPv6.

Audience

This article is mainly aimed at noting down what I did to get it working, rather than being a low level newbie guide. It assumes a few basics of knowledge, and points out where I tripped up along the way.

Basics

Connect the Vigor 120′s ADSL port to the splitter with the cable supplied. Once you’ve done this, you can just connect to the ethernet side, and the Vigor will give you an IP via DHCP. By default, it’s on 192.168.2.1, and gives you .10. You can browse to it, leaving the username and password blank when prompted, to get to the status and information screens.

No changes are actually needed for “normal” ADSL on a BT phone line. If you’re using BE, or some others (O2 spring to mind, I think), you’ll need some changes, although I know not what they are. I seem to remember seeing something on Draytek’s FAQ section about this though, so check there if you’re affected.

What you can see here, is the sync rate, SNR, etc. You can’t see this information once the PPP session is established (which is a shame, but understandable to a degree), so if you want to look, look now!

Moving on…

Now that the basics are established, connect the linux box that’s going to act as your router and terminate the PPP session.

Personally, I’ve used Ubuntu Server 9.10. If you don’t like Ubuntu, don’t start a holy war, it “Just Works” as far as I can see, so if you’re using something else, you’ll need to adapt the instructions a bit, maybe.

In my case, eth0 is the interface connected to the Vigor 120, whilst eth1 is on the “inside”. What I did to make the router box route, firewall, and other useful stuff will be covered in future articles.

You’ll need to install a couple of packages:

• ppp
• pppoe

There are no doubt others, but they’re the main ones.

Configuration

First, get IPv4 working. In my case, my WAN IP is allocated automagically by A&A on connection, so I don’t need to specify it. I ran pppoeconf which probed for PPPoE, and asked a bunch of questions before writing the config file, and making sure it connects at reboot.

In /etc/network/interfaces, I have:

auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up
provider dsl-provider

It’s important that you do not have an IP on eth0, and bring it up as above (or equivalent).

The /etc/ppp/peers/dsl-provider file looks like this:

noipdefault
defaultroute
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect /bin/true
noauth
persist
mtu 1492
noaccomp
default-asyncmap
plugin rp-pppoe.so eth0
user "some_user_account"
maxfail 0

One thing that tripped me up, was missing out the “maxfail 0″ option. By default, it’ll retry the “dial” sequence 10 times, then it gives up. Setting maxfail to zero basically makes it try forever.

You don’t want to forget to set this on a remote box, like I did. If BT flap about a lot like they did a week ago, and your box uses up its 10 retries without getting a connection, you’ll have to go there to fix it.

You can manually bring the connection up and down with pon and poff, and you should get a default route when you do. You might want to reboot to check it all works after a power outage!

IPv6

Now that we have IPv4 working, we can make a couple of tweaky changes to make IPv6 work.

In /etc/ppp/options, or /etc/ppp/peers/dsl-provider (I picked the latter) add a single line:

ipv6 ,

I also added a file /etc/ppp/ipv6-up.d/defaultroute that contains:

ip -6 route add default dev ${PPP_IFACE}

Then, I applied the first IP from my IPv6 allocation to eth1 as follows:

iface eth1 inet6 static
address 2001:xxx:xxxx::1
netmask 64
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth1/autoconf

Initially, I found that IPv6 didn’t appear to be working. On the linux box, I started a ping6 to a host outside my network, and then set about some tcpdumping. Helpfully, A&A facilitate performing a tcpdump on your line on their LNS. Comparing the two showed the ICMPv6 echo request packets leaving the local box, passing through the LNS, and then the echo-reply packets coming back through the LNS. However, the tcpdump on the linux box showed malformed IP6 packets.

All the PPP options seemed to be OK, and so to make sure I wasn’t banging my head against a brick wall trying to do something that would never work, I wrote to Draytek support. They wrote back explaining that it wasn’t supported, but kindly including a beta firmware for the Vigor 120 that they had reports of customers having success with IPv6 with. I applied the update, and IPv6 popped into life.

Tags: ADSL,Internet,Linux,Network
Categories: Technical
5 Comments »

A friend sent me a link to the following article, which I’ve taken a screenshot of incase someone at The Times spots and corrects it.

On reading it, I had to double check it wasn’t April 1st.

Did the editor not spot it?

It’s a shame that after June, you won’t be able to see The Times any more. I guess they’ll claim a win if people sign up, and blame someone else if it all falls apart.

Tags: Humour
Categories: General
No Comments »

The internet has a defined set of rules known as RFCs. They work together to make sure that all participants of the internet community are working in the same way, and that the things they do as part of that community will work with, and interact correctly with the things that others do.

RFC1035 section 4.2.1 (UDP Transport) states:

Messages carried by UDP are restricted to 512 bytes (not counting the IP or UDP headers). Longer messages are truncated and the TC bit is set in the header.

You then fall back to TCP and repeat your query to get the full response.

Yes, AXFR queries are TCP, but not exclusively!

Assuming that, because you won’t be doing any transfers and therefore don’t need to allow tcp/53, is wrong, and will invariably involve you having issues with some service or other, due to not getting the correct information from DNS.

I’ll give you an example:

You use a service that, for whatever reason, decides that as a basic form of load balancing, to use multiple A records for the ‘name’ you’ve queried. So, you ask for www.example.com and, rather than give you back a single A record, they give you one for each of their servers. This could easily become longer than 512 bytes, the answer will be truncated, and you *should* repeat your request using TCP. Your computer knows this, and will automatically do it.

If you’ve blocked tcp/53 on your firewall, it’ll fail. You’ll sit, staring at your computer, thinking that www.foo.com has fallen over, failed in some way, when they have not. It’s not their fault that you’ve not followed the rules.

It’s not just website related records either, email related records (MX, or the TXT for DKIM, DomainKeys or SPF) are other great examples of this…. block tcp/53 from your mail server, and you could quite easily find yourself not receiving email from some senders.

[edited 18/3 at 15:00 to add the following]

Further reading (thanks to Duncan for the pointer) of RFC1123 section 6.1.3.2 (Transport Protocols) states:

DNS resolvers and recursive servers MUST support UDP, and
SHOULD support TCP, for sending (non-zone-transfer) queries.
Specifically, a DNS resolver or server that is sending a
non-zone-transfer query MUST send a UDP query first. If the
Answer section of the response is truncated and if the
requester supports TCP, it SHOULD try the query again using
TCP.

I guess I’m a little disappointed to see “SHOULD” instead of “MUST”, but given the document was written in 1989, I think today, it should be read as “SHOULD, if you want it to work”. It does go on to say:

Whether it is possible to use a truncated answer depends on the application. A mailer must not use a truncated MX response, since this could lead to mail loops.

Tags: DNS,Internet,RFC
Categories: Technology
1 Comment »

Although I knew new tyres were just around the corner, I had, inevitably been hoping they’d last just that little bit longer

This hoping was doubled when I realised that not only were the fronts going to need doing, but that the rears were joining in the fun. Great.

I also knew that any day would see the arrival of the car insurance renewal dropping on the door mat.

As an aside, the renewal duly arrived a couple of days ago. The renewal seemed a bit steep, so I checked with the broker that now deals with the classic insurance policy. They could do a much better deal, not only cheaper, but including breakdown.

Now, here’s the bit I don’t quite understand. I called the company that sent the renewal out, told them to stop writing me reminders, as I wasn’t renewing with them. They said, and this made me chuckle “if you tell us what they quoted, we can at least match it”. I asked why, if they could do me a better price, had they not done so? Were they hoping I’d just renew and not check around so they could make a bit of bonus money?

Anyway, these things always happen in threes, of course, so I wasn’t overly surprised to see

on the Saab’s dash.

Luckily (?) it’s an intermediate, so not too hard on the pocket!

So it’s all booked in. The dealer even quoted a sensible price for the four shiney new 235/45 SportContact3, so there’ll be one of those on each corner too.

….I wonder if they’ll lend me a TTiD to play with while it’s in there

Tags: Cars,Insurance,Saab,Tyres
Categories: Personal Life
No Comments »

Well, I’ve no idea where the last 5 or so months have gone, really.

Married, house moved, and suddenly ’09 is gone too, and ’10 is here.

If ‘noughties’ isn’t bad enough, I hear we’re now in the ‘teenies’.

Hope you’ve all had an excellent Christmas and New Year, and maybe I’ll post a little more often this year!

Back to work tomorrow. Hrumph…

Tags: Happy New Year
Categories: General, Personal Life
No Comments »