Krausmueller.de

Dynamc DNS client for IPv6

Dynamic DNS is used to automatically update the DNS record of a host which IP changes often. This allows you to provide web services from a host at home behind your personal (V)DSL connection with a non-changing name. There are several providers for DDNS. I use SPDyn. The update of the DNS record is handled by a client like ddclient or directly by your router (e.g. Fritzbox). For IPv4 this is easy. The IP is always the external IP of the router which forwards ports to hosts on your local network. Since my ISP uses Dual-Stack and also provides me IPv6 I created an AAAA-record in the past pointing to the IPv6 address of my local host. When doing so I didn’t realise my ISP changes the IPv6 prefix with every reconnect. Because of this the IPv6 address of my local host changes quite regularly and the AAAA-record created got invalid. I noticed this due to an error when renewing a Let’s Encrypt certificate (post about acme-tiny).

If an AAAA-record is available Let’s Encrypt prefers it for validation of the domain (API Announcements). Because my AAAA-record was not valid anymore the renewal of the certificate threw an error:

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying domain.com...
Traceback (most recent call last):
  File "acme_tiny.py", line 199, in 
    main(sys.argv[1:])
  File "acme_tiny.py", line 195, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme_tiny.py", line 150, in get_crt
    domain, challenge_status))
ValueError: domain.com challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'217.251.47.207', u'2003:86:2455:9c00:d1:3ff:fe81:bd3f'], u'url': u'http://domain.com/.well-known/acme-challenge/PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0', u'hostname': u'domain.com', u'addressesTried': [], u'addressUsed': u'2003:86:2455:9c00:d1:3ff:fe81:b46f', u'port': u'80'}], u'keyAuthorization': u'PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0.YW7Ac9LxjjuWvWzD542ZzSKxcFKDIdehVVzAuYA0vHI', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/-yjij3RP1r4YC_TkQrUemgjhfWI17pQZSjMZ8kr-Lps/1441804350', u'token': u'PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://domain.com/.well-known/acme-challenge/PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0: Timeout'}, u'type': u'http-01'}

You can see the IPv6 address is used when looking at addressUsed. Because the address is invalid a timeout is reached.

To correct this and be able to access my local host via IPv6 in addition to the A-record for IPv4 the AAAA-record for IPv6 also has to be updated.

Read more →

Transfer rate when accessing Samba share from Mac OS X

I use my Cubietruck as a Samba server. Some day I noticed the transfer rate when copying files from my Mac with OS X El Captian was only around 10 MB/s. As the Cubietruck has a gigabit ethernet port the transfer rate should be much higher. I also remembered the transfer rate to be around 30 MB/s in the past. Not as fast as gigabit can deliver but I guess CPU load is a factor here.

Read more →

PowerShell Scripts with WhatIf

Sometimes you want to simulate the execution of a PowerShell script. Instead of actually doing the things defined in the script you just want to see what would have been done. Many Cmdlets understand the parameter -WhatIf. If you use it e.g. when creating a directory it actually will not be created. Instead you get a message describing what would have been done:

1
New-Item -ItemType Directory -Name "test" -Path "c:\temp" -WhatIf
PS C:\> New-Item -ItemType Directory -Name "test" -Path "c:\temp" -WhatIf
What if: Performing the operation "Create Directory" on target "Destination: C:\temp\test".

Read more →

Infrared remote (e.g. Logitech Harmony) with Wetek OpenELEC

Wetek OpenELEC is a small box running OpenELEC. OpenELEC is a media center based on Kodi. In comparison to a Raspberry Pi running OpenELEC, Wetek OpenELEC includes a TV tuner (DVB-C/T, DVB-S oder ATSC). So you don’t have to find a compatible tuner by yourself and have everything integrated in a nice little box. Shipment includes an AirMouse. This is a remote which can be used as a mouse due to built-in motion sensors. Because I already use a Logitech Harmony as an universal remote I also wanted to control Wetek OpenELEC with this remote. Wetek OpenELEC is a special edition of Wetek Play (differences between these two). So getting an infrared remote to work with Wetek Play should be pretty similar.

Read more →

Intermediate certificate for acme-tiny

As mentioned in the article regarding acme-tiny you need to create a script to renew your Let’s Encrypt certificate regularly. In this script you download the intermediate certificate of Let’s Encrypt which was used to generate the certificate for your domain. Only if you include the intermediate certificate in your web server configuration the browser can get the complete chain. If you do not offer the intermediate certificate your rating at SSL Labs drops to “B”.

Read more →