That was weird, I somehow added a muc as a contact
blackbookhas joined
sonnyhas joined
blackbookhas left
jayteeukhas left
jayteeukhas joined
blackbookhas joined
blackbookhas left
blackbookhas joined
kmqhas left
tom
Why is xmpp.org's xmpp server on a nonstandard port 2605:da00:5222:5269::3:1:9269
tom
?
kmqhas joined
tom
$ host -t srv _xmpp-server._tcp.xmpp.org
_xmpp-server._tcp.xmpp.org has SRV record 1 1 9269 xmpp.xmpp.org.
tom
It's strange
tom
It's a good thing I didn't deploy egress filtering yet
SERGE90has joined
sonnyhas left
blackbookhas left
blackbookhas joined
stpeter
tom: I can't recall. When we deployed it originally, it might have been running on a machine that was already using the standard port. We change probably change it to the standard port now.
stpeter
s/change/can/
jayteeukhas left
jayteeukhas joined
kmqhas left
kmqhas joined
blackbookhas left
blackbookhas joined
tomhas left
tomhas joined
Frinkel
Curious, what's the issue with using a nonstandard port as long as the appropriate SRV records exist?
blackbookhas left
stpeter
I suspect that tom wanted to set up a firewall rule that allowed only well-defined ports.
tom
I saw a weird connection I didn't recognize in netstat
tom
I didn't recognize it because the port number was nonstandard
tom
I was originally going to setup egress filtering, where the xmpp daemon user could only make external requests on certain ports, namely xmpp-server
blackbookhas joined
tom
Now I'm not so sure that's a good idea if people are running their s2s connections on nonstandard ports often
jayteeukhas left
tom
Do I need to setup a STUN server if I want Jingle to work reliably? Is that not covered by the socks proxy XEP-0065?
blackbookhas left
blackbookhas joined
stpeterhas left
jayteeukhas joined
blackbookhas left
blackbookhas joined
kmqhas left
kmqhas joined
blackbookhas left
blackbookhas joined
blackbookhas left
carloshas left
carloshas joined
Alinhas left
Alinhas joined
felixhas left
felixhas joined
tomhas left
tomhas joined
tomhas left
tomhas joined
tomhas left
tomhas joined
Frinkelhas left
tomhas left
tomhas joined
tomhas left
tomhas joined
Licaon_Kterhas joined
jayteeukhas left
jayteeukhas joined
Licaon_Kterhas left
tomhas left
tomhas joined
blackbookhas joined
bowlofeggshas left
bowlofeggshas joined
tomhas left
tomhas joined
tomhas left
tomhas joined
blackbookhas left
felixhas left
tomhas left
tomhas joined
felixhas joined
tomhas left
tomhas joined
jayteeukhas left
jayteeukhas joined
tomhas left
tomhas joined
Licaon_Kterhas joined
jayteeukhas left
jayteeukhas joined
podhas joined
lorddavidiiihas joined
tomhas left
tomhas joined
felixhas left
jayteeukhas left
jayteeukhas joined
holgerhas joined
jayteeukhas left
jayteeukhas joined
ibikkhas joined
Pingu from Woodquarterhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
paulhas joined
tomhas left
tomhas joined
jayteeukhas left
jayteeukhas joined
rom1dep
> Now I'm not so sure that's a good idea if people are running their s2s connections on nonstandard ports often
You can often see non standard s2s ports for direct tls for instance
jayteeukhas left
jayteeukhas joined
tom
Ah
tom
So I should let prosody open whatever port it wants to external hosts
tom
As long as it's TCP
lashhas joined
blackbookhas joined
volkerhas joined
blackbookhas left
madmalkavhas joined
jayteeukhas left
jayteeukhas joined
volkerhas left
ibikkhas left
ibikkhas joined
volkerhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
404.cityhas joined
volkerhas left
debaclehas joined
volkerhas joined
jayteeukhas left
jayteeukhas joined
felixhas joined
Marandahas left
Marandahas joined
Ge0rG
Also don't forget UDP for DNS lookups
jayteeukhas left
jayteeukhas joined
solhas joined
jayteeukhas left
jayteeukhas joined
perflysthas joined
tom
That shouldn't be coming from the xmpp daemon
solhas left
solhas joined
blackbookhas joined
felixhas left
blackbookhas left
jayteeukhas left
jayteeukhas joined
solhas left
perflysthas left
perflysthas joined
Ge0rG
I'm not so sure about that
Martin
I would also guess it uses the local dns.
Hack4Funhas joined
Martin
Why should they nih a dns resolver?
Hack4Funhas left
lashhas left
dropshas left
dropshas joined
MattJ
Martin: because the system resolver often doesn't support async or SRV
MattJ
If you run a resolver on 127.0.0.1, fine
MattJ
If not, UDP out is required
lashhas joined
perflysthas left
perflysthas joined
Martin
I have unbound listening on 127.0.0.1 and that's the only dns referred in resolv.conf. So prosody should be happy. :)
jayteeukhas left
jayteeukhas joined
MattJ
Yep
perflysthas left
perflysthas joined
sonnyhas joined
jayteeukhas left
jayteeukhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
joerghas left
joerghas joined
sonnyhas joined
jayteeukhas left
jayteeukhas joined
sonnyhas left
dropshas left
felixhas joined
sonnyhas joined
tskhas left
tskhas joined
jayteeukhas left
jayteeukhas joined
perflysthas left
ajhas left
perflysthas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
blackbookhas joined
404.cityhas left
felixhas left
sonnyhas left
blackbookhas left
jayteeukhas left
jayteeukhas joined
sonnyhas joined
jayteeukhas left
jayteeukhas joined
dropshas joined
felixhas joined
Ge0rG
Martin: but don't dare stopping it for some minutes
Martin
Why should I?
debaclehas left
felixhas left
felixhas joined
Ge0rG
Martin: beause you do a package update?
Martin
That will stop it for minutes?
sonnyhas left
Ge0rG
maybe long enough for prosody to freak out about the DNS server being gone