Topic: https broken since yesterday's updates?

[William R H]

I cannot access https://www.barclays.co.uk or adobeacrobat login or answers.microsoft.com or paypal

for Barclays on Chrome in Win 10 I see the message "waiting for proxy tunnel" in the status bar then eventually "ERR_TUNNEL_CONNECTION_FAILED". On Edge in Win 10 I see "Error code: INET_E_SECURITY_PROBLEM"

for Barclays on Firefox in Ubuntu I see no error message

for Barclays app in Android phone going via our LAN - service not available, going via 4G mobile broadband ok

Opening a PDF on Acrobat DC in Win 10 Acrobat is unable to log me on to their server.

Without knowing enough to be able to pin this down any further I have to think that the recent updates to sme server have caused the problem. Anyone else?

Is there a log file I can look at to try and see what is going on?

I'm not saying that the updates are wrong - perhaps I need to reset something at my end?

[ReetP]

Sorry - I pushed a fix for djbdns 1_05-10_el6_sme yesterday for this bug:

https://bugs.contribs.org/show_bug.cgi?id=10374

But there was another later version in testing that I couldn't track down.

I've just found it and released it:
https://bugs.contribs.org/show_bug.cgi?id=10300

djbdns-1_05-11_el6_sme

It should hit the mirrors soon.

We had resolution issues ourselves with the old versions that seem to have been resolved with the -11 fix.

Please let us know if this works OK.

[William R H]

thanks - but no update appearing here yet.

I looked through the two bugs and noted that someone had avoided the problem by using the google dns servers.

I tried that and all seems to be well now. I did it via "Modify corporate DNS settings".

Is that the right place to do it? Does it mean all my DNS queries are handled by google now or do I still have a local cache that is used?

[root@mailserver ~]# rpm -qa djbdns
djbdns-1.05-10.el6.sme.x86_64
[root@mailserver ~]# yum update
Loaded plugins: fastestmirror, post-transaction-actions, smeserver
Setting up Update Process
Loading mirror speeds from cached hostfile
 * base: mirrors.vooservers.com
 * smeaddons: ftp.nluug.nl
 * smeextras: ftp.nluug.nl
 * smeos: ftp.nluug.nl
 * smeupdates: ftp.nluug.nl
 * updates: mozart.ee.ic.ac.uk
No Packages marked for Update
[root@mailserver ~]# time dnsqr a  www.paypal.com
1 www.paypal.com:
144 bytes, 1+4+0+0 records, response, noerror
query: 1 www.paypal.com
answer: www.paypal.com 231 CNAME www.glb.paypal.com
answer: www.glb.paypal.com 3241 CNAME www.paypal.com.edgekey.net
answer: www.paypal.com.edgekey.net 31 CNAME e16973.a.akamaiedge.net
answer: e16973.a.akamaiedge.net 19 A 2.20.93.6

real   0m0.063s
user   0m0.000s
sys   0m0.001s[/font]

[ReetP]

Personally I won't touch Google DNS less I have too. They already know too much

Yes, if you pass all DNS to Google I think it mitigates it by bypassing the internal DNS/caching, but that isn't the best way to do it really.

You can try and clear your yum cache

Code: [Select]

yum --enablerepo=* clean all
The yum update again

[piran]

djbdns-1_05-11_el6_sme
Please let us know if this works OK.

Magic:-) I've been scratching my head for over a day with the 'bad DNS' and getting really patchy resolution lookups. Now all the stuff, that didn't route, is routing fine. Albeit getting a couple of hours of mains utility brown-out incoming (70Vac instead of 230Vac) in between wasn't helpful after the UPS batteries ran down. Both issues now resolved []. Cheers.

[ReetP]

Magic:-) I've been scratching my head for over a day with the 'bad DNS' and getting really patchy resolution lookups. Now all the stuff, that didn't route, is routing fine. Albeit getting a couple of hours of mains utility brown-out incoming (70Vac instead of 230Vac) in between wasn't helpful after the UPS batteries ran down. Both issues now resolved []. Cheers.

Cool. I didn't realise that the released version caused new problems despite fixing others.

I then stumbled over the newer version 0.5-11 but couldn't find out where the bug/notes were.

Hopefully it will resolve a number of issues - my UK office said sites they had struggled with for a long time suddenly worked. Oddly enough, it didn't affect us here at all.

Trying to get round and push out other long overdue updates - hope I don't break anything else (yes we know about ClamAV!!)

[piran]

hope I don't break anything else

My smart TV's iPlayer (over the FTTH) hasn't worked 'since'...
Could be co-incidence or something else I'll keep you posted.

PostEdit: Macrium Reflect detects an auto update but
cannot download it citing "It was not possible to connect to the
revocation server or a definitive response could not be obtained."
This happened slightly before the 11 update & still happening.
My Synology NAS had a similar 'can't update' issue. Seems to
be happy about phoning home but there is not an update with
which to test. As for the smart TV I am still sleuthing. BBC
iPlayer is still dead but GooglePlay and uTubeView are OK.
Don't use anything else on it... So, no BBC iPlayer (still).
Doh! TV is cat5 hardwired to router eg bypasses SME so is
a completely separate issue (probably needs a reboot).

PostEdit conclusions: browser now routing with '11'
Macrium Reflect not downloading properly - will give
them a call tomorrow after I've done some more work.
More work done... reading between the lines I need to
upgrade my Reflect. Also the smart TV needed a reset
(probably to get DHCP again) - BBC iPlayer now OK.

My thanks again ReetP for fixing the DNS issue.

[William R H]

...
You can try and clear your yum cache

Code: [Select]

yum --enablerepo=* clean all
The yum update again

Thanks that worked fine and I have got it all working without using google dns.

[ReetP]

Fab. Sorry for the cockup... !!

I'm still learning

[Drifting]

Fab. Sorry for the cockup... !!

I'm still learning

It takes a man to acknowledge a mistake! Well done for spotting it in the end, did wonder why my bank would not let me in, thought they might have Brexited out of the UK like all the others for a moment.

Paul

[ReetP]

Yup - the fault was all mine.... I have big shoulders and thick skin !!!

At least I am trying...........

Hopefully we'll get on top of things and know where we are at moving forward.

If anyone wants to get involved helping then let me know. I have a rocket chat room where Terry and I are working.... come join in the fun.