Tuesday, November 26, 2013

Automatically Select Fastest Servers for apt in Ubuntu

Using GUI-based Ubuntu, it is very easy to select the fastest (or change, in general) mirror servers for apt purposes. All you need to do is just select  System|Administration|Software Sources.

But things get ugly if you want to do it on command-line. You have to update sources.lists manually. That is a tiresome job, and not cool either :D

Well, other people have thought about the same problem and they have been working solutions for this. There is a package named after netselect-apt. It allows you to update the fastest apt server automatically, via command-line.

But, there is another way, and it is easier. All you have to do is adding these lines at the top of your sources.list (assuming you are using Ubuntu 12.04):

deb mirror://mirrors.ubuntu.com/mirrors.txt precise main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-updates main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-backports main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-security main restricted universe multiverse


That is it. You need to perform 'apt-get update' first, and then 'apt-get upgrade'. Notice that the server used is the fastest one (relative to your location).

Wednesday, November 13, 2013

Named: error (broken trust chain)

My DNS server keeps complaining similar to this:
error (broken trust chain) resolving '0.ubuntu.pool.ntp.org/AAAA/IN': 208.67.220.220#53
Having researched on Google, many people suggested that the problem lies on the time accuracy. Therefore, we need to update the clock.

I had updated my system using ntpdate. But bind9 error logs didn't change.

After taking few times tinkering about his weird problem, I was stumbled upon a mailing list discussion about dnssec. It was an old discussion. There was a bug in the bind version (then) which produced similar error output if configured as forwarder.

I immediately changed my named.conf.options, from the following:
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

to this one:
dnssec-enable no;
dnssec-validation no;

after I restarted the bind9 service (I am using Ubuntu 12.04):
service bind9 restart

finally, business went normal again!

I haven't dug deep about this issue. Once I figure out the problem, I'll update this post.