cdcc RTTs in FreeBSD Jails

Andy Hilker
Tue Jun 1 19:05:29 UTC 2004

> Consider the situation.  You make a change outside the DCC code and
> something stops working.  Where is the best place to look for the
> cause of the problem, in the DCC code or in the outside change?

Outside DCC, where the change happened. But now i think it is not
a jail problem, because now i have some similar behaviour on other
real servers.

I tried a fresh install on another (real) host, maximum of 4 servers
are working. Requests for only 4 servers are sent out.

And again, by placing an arbitrary server on top (or the first ...
entries) in map.txt, doing 
 # rm map; cdcc "load map.txt" 
i could get nearly every server working.  But manually adding 12
working servers only 1, 4, 9 or 10 servers are declared as working.
There seems to be a max # of servers per host.
Very very strange, i know this :)

I see DNS requests and response for all dcc1-5 servers. But 6277
requests only for the # of working servers.

Is there a possibility to debug, to which servers cdcc tries to
send out requests?  And if no query, why not?
I do not understand why hosts at the same switch, with nearly the
same configuration all have different maximum # of servers.

> A lot of stuff sold as "security" is snake oil.  Many other security
> mechanisms are not worthwhile.  Good security does not involve doing
> whatever can be done, but consists of measured responses against
> coherent and specific threat models.  

I know this, thanks :)

> What threat model requires running your MTA inside a jail?

I do not running jails for security reasons (ok, for security, too,
but...). Jails are not comparable with chroots. Jails are nearly
virtual systems partitioning the host system.

The server hosts many virtual Systems with shell accounts, web
servers, ... customers are isolated from each other.
Jails could be useful for administrating, too (in my opionion).

More information about the DCC mailing list

Contact by mail or use the form.