As SARS-CoV-2 entered the United States a few weeks ago, we collectively looked at the ongoing experiences of China and Italy and jokingly compared it to Captain Trips. Meghan and I studied the history of the Spanish Flu looking for parallels and worst-case scenarios.
The lessons learned from 1918 are being applied by health officials right now, in an effort to avoid a healthcare-system-crushing pandemic. We can’t avoid contracting the virus, that is clear, but perhaps we can prevent everyone from catching it all at once.
In the middle of last week schools in the Commonwealth of Massachusetts started closing as a preemptive measure. Many businesses did as well, including my own. A few did not until they were ordered to. This all mirrors the experiences (and failures) in other countries that were hit by the virus first.
As I write this, the governor has ordered all schools closed for at least three weeks. Large gatherings are prohibited, originally capped at 250 people and now capped at 25.
So basically we could go out if we really wanted to, but there’s no where to go right now.
Grocery stores are still allowed to be open, so people can buy things eat, but the doomsday preppers have effectively cleaned the shelves. Stores have struggled to keep essentials in stock, including (oddly) paper products like toilet paper, kleenex, and paper towels, as well as the true essentials that never spoil, like bread, milk, and eggs. Meghan witnessed someone buying five gallons of milk on Saturday. It’s like snow is coming.
Some businesses are instituting, or are relying on, work-from-home policies; unfortunately others, especially service-oriented jobs, are sending people home without pay.
I’m fortunate that I can work from home. We’ve cleaned out the office so I can get real work done, and made a spot for Butter to curl up. Meghan’s situation is a little murky, but so far as we can tell she will continue to be paid for the duration.
Baba has been asking for advice on what social events to attend. (answer: zero.) My own parents have continued to live like nothing has changed, though they’re a bit less social than Baba. All three grand-parental-units are in multiple high-risk groups. Connecticut has been less affected by the outbreak so far. I’ve got my fingers crossed that they’ll come through without contracting it.
Surprisingly, it worked beautifully… that is, until I discovered an unintended side effect
My ISP is pretty terrible but living in the United States, as I do, effectively makes internet service a regional monopoly. In my case, not only do I pay too much for service but certain websites (cough google.com cough) are incredibly slow for no reason other than my ISP is a dick and won’t peer with them properly.
This particular ISP, despite being very large, has so far refused to roll out IPv6. This was annoying until I figured out that I could use this to my advantage. If they won’t peer properly over IPv4, maybe I can go through a tunnel broker to get IPv6 and route around them. Surprisingly, it worked beautifully. GMail has never loaded so fast at home.
It was beautiful, that is, until I discovered an unintended side effect: Netflix stopped working.
Despite my brokered tunnel terminating inside the United States, Netflix suspects me of coming from outside the United States.
A quick Google search confirmed my suspicion. Netflix denies access to known proxies, VPNs, and, sadly, IPv6 tunnel brokers. My brave new world was about to somewhat less entertaining if I couldn’t fix this.
Background
Normally a DNS lookup returns both A (IPv4) and AAAA (IPv6) records together:
Some services will choose to provide multiple addresses for redundancy; if the first address doesn’t answer then your computer will automatically try the next in line.
Netflix in particular will return a large number of addresses:
The key is to have your local DNS resolver return A records, but not AAAA, if (and only if) it’s one of Netflix’s hostnames.
Before I document the solution, it helps to know my particular setup and assumptions:
IPv6 via a tunnel broker
BIND’s named v9.14.8
Earlier versions of BIND are configured somewhat differently: you may have different options, or (if it’s a really old build) you may need to run two separate named instances. YMMV.
Step 0: Break Out Your Zone Info (optional but recommended)
If your zone info is part of named.conf you really should put it into it’s own file for easier maintenance and re-usability. The remaining instructions won’t work, without modification, if you don’t.
# /etc/bind/local.conf
zone "." in {
type hint;
file "/var/bind/named.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};
# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
type master;
file "pri/0.0.127.zone";
};
Step 1: Add a New IP Address
You can run a single instance of named but you’ll need at least two IP addresses to handle responses.
In this example the DNS server’s “main” IP address is 192.168.1.2 and the new IP address will be 192.168.1.3.
How you do this depends on your distribution. If you’re using openrc and netifrc then you only need to modify /etc/conf.d/net:
# Gentoo and other netifrc-using distributions
config_eth0="192.168.1.2/24 192.168.1.3/24"
Step 2: Listen To Your New Address
Add your new IP address to your listen-on directive, which is probably in /etc/bind/named.conf:
listen-on port 53 { 127.0.0.1; 192.168.1.2; 192.168.1.3; };
It’s possible that your directive doesn’t specify the IP address(es) and/or you don’t even have a listen-on directive – and that’s ok. From the manual:
The server will listen on all interfaces allowed by the address match list. If a port is not specified, port 53 will be used… If no listen-on is specified, the server will listen on port 53 on all IPv4 interfaces.
What this block is saying is, if a request comes in on the new address, pass it through the filter-aaaa plugin.
We’re configuring the plugin to filter all AAAA record replies to ipv4 clients (filter-aaaa-on-v4) and ipv6 clients (filter-aaaa-on-v6).
Now add a new block after the first block, or modify your existing default view:
# forward certain domains back to the ipv4-only view
view "internal" {
include "/etc/bind/local.conf";
# AAAA zones to ignore
zone "netflix.com" {
type forward;
forward only;
forwarders { 192.168.1.3; };
};
};
This is the default view for internal clients. Requests that don’t match preceding views fall through here.
We’re importing the local zone from step 0 (so we don’t have to maintain two copies of the same information), then forwarding all netflix.com look-ups to the new IP address, which will be handled by the internal-ipv4only view.
Step 4: Include the New Configuration File
Modify /etc/bind/named.conf again, so we’re loading the new configuration file (which includes local.conf).
#include "/etc/bind/local.conf";
include "/etc/bind/limited-ipv6.conf";
Restart named after you make this change.
Testing
nslookup can help you test and troubleshoot.
In the example below we call the “normal” service and get both A and AAAA records, but when we call the ipv4-only service we only get A records:
I got a fish tank a year or so ago. It’s one of those Back to the Roots garden tanks that support a betta and three plant buckets. We had an alge problem, so we added a snail. He gets around a lot, so we call him the SpeedSnail.
(The fish is Fish Stick. It’s what was for dinner the night we brought him home.)
Yesterday, I noticed that the tank walls were getting a little brown. I decided today was the day to clear the counters and do some maintenance on the tank. The first part of that maintenance is to take out the plant pots.
So, I take out the middle pot. The roots are a little long, but not bad. Take out the far left pot. That one is ew and I may need to invest in new growth rocks. Then comes the one with the spider plant in it. This was an experimental plant. I look in the pot and notice one of the rocks looks strangely smooth. And round.
We collect shells. I have several snail shells from various beaches and our yard. So the obvious first thought is, “who put one of the shells in there?”
Then I look at the tank, and all the alge. I look at the tiger-striped shell in my pot. And SpeedSnail took a quick trip back into the tank.
He must have climbed up the feeding tube, gotten across the rocks, and discovered there was no water up there. He sealed himself up, and waited for the water to come back.
I watched him for a while before I left to meet Quinn for lunch, and spotted him sneaking a peak from inside his shell. When I got back to the house, he was busy hoovering up alge as fast as he could.
So, the snail had an adventure. The tank will get nice and clean again. FishStick can make aggressive moves against a tank-mate that can’t care less about what he’s doing.
After a few too many close calls, I approached the town about making our street and another into one-way lanes. A counter-clockwise, 1.7 mile loop around the lake.
Silver Lake, bounded by Main, Lake, and Grove
The town said “no” for some very good reasons. I knew they would, but I had to give it a try. They paid the courtesy of taking it seriously, giving me a meeting with various officials, and explaining the reasons.
I had put an actual proposal together in case this went further. I include it here for posterity. Read it here: Better Traffic Around Silver Lake
Living where we do, with a high water table, houses are obligated to have a large hole in the floor of the basement called a “sump“. For those lucky enough to not know, a sump’s job is to collect groundwater before it seeps up through the floor of the basement. You then evacuate the water with a pump, colloquially (and quite logically) known as a “sump pump”.
A sump pump is a replaceable part. The typical lifetime is supposed to be around ten years, give or take.
We last replaced our pump in 2014. I purchased a replacement unit from “Watchdog” that proclaimed it’s longevity, speed, and reliability. This is that same unit, a mere five years later:
Notice the hole in the side of the housing. It was not there when I purchased and installed the unit.
The unit continued to work in some condition, until it didn’t. It completely failed during a heavy December rainstorm this weekend. I came into the basement early Saturday morning to find ankle-deep water on the floor.
Woe unto the person who does not have a water alarm or redundant standby sump pump. That person would be me.
The pump is now replaced with a unit from a different manufacturer. Hopefully this one stands up to the elements a little better. We’re working on a water alarm as well.
Ah, winter in New England. Go home, winter, you’re already drunk and it’s barely December.
Last week we had a snowstorm and we were home-bound for three days. School was cancelled on Monday and Tuesday. I worked from home both days and slowly dug out in the afternoons.
We finally leveled out with over a foot of snow
A week later, temperatures reached 60° F. I was walking around in shorts and flip-flops. (I might be weird, but you have to admit that it wasn’t weather-inappropriate.) The clouds dropped two inches of water on us. With nowhere for the water to go, there are puddles and ponds everywhere.
Last night, the temperature rapidly dropped, the rain turned to snow, and we got a couple or more inches. At least the end of the day cleared up with some sun. The snowmelt, which became treacherous as night fell, was downright beautiful for a while.
This water on the back of my car hadn’t finished freezing when I walked by.
Tonight, as I left the house to take the dog for an icy, slippery walk, I saw signs that we had some visitors during the day. A hawk snatched a meal from our front yard. Meghan left our Thanksgiving bundle of corn out for the birds and squirrels; it seems that we’re feeding the whole neighborhood instead.
Some small animal and a hawk came to our front yard expecting a meal. Only one of them was disappointed.
By this weekend we’re expecting to be back in the 50s with more rain. The rollercoaster that is our local weather continues. Whee!
I haven’t been posting much lately. Lets see what I’ve bee up to:
I’ve repaired 6 Chromebooks this week. There will be more tomorrow.
Apple is replacing a damaged iPad because I am wicked polite and prepared with documentation.
I’m not going up the 20′ ladder. Just no.
I’ve finished yet another stocking, except for the name. I’m putting it off because I’m not sure about placement. Probably, I should make it easy to remove and change if they want to.
Accidentally ruined my favorite hiking boots.
Took some pictures.
Knit a hat.
Bought Christmas cards. I’ll start filling them out as soon as I’m done with the stocking.
