From jaltman@auristor.com  Fri Dec 10 23:25:09 2021
From: jaltman@auristor.com (Jeffrey E Altman)
Date: Fri, 10 Dec 2021 18:25:09 -0500
Subject: [OpenAFS] Slow loading of virtually hosted web content
In-Reply-To: <CABWMJQWHYUusSvS=um1Waob2bfk7bpP4C7hHCDRFOeOjH2-x3w@mail.gmail.com>
References: <CABWMJQUUa4mHFrTR7jAA8gZ9g9R16PqZ2NZ4Nss0zaDqM6915w@mail.gmail.com>
 <3fa2a371-8576-dfb4-a482-5c8b1c5c9b7f@auristor.com>
 <CABWMJQWHYUusSvS=um1Waob2bfk7bpP4C7hHCDRFOeOjH2-x3w@mail.gmail.com>
Message-ID: <94dbe234-6cb6-7559-4afd-4b9e809b0bc9@auristor.com>

This is a cryptographically signed message in MIME format.

--------------ms040808080201020903010708
Content-Type: multipart/alternative;
 boundary="------------z5xuVL1QlksvaxW946MV0wFD"

--------------z5xuVL1QlksvaxW946MV0wFD
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On 11/29/2021 1:11 PM, Kendrick Hernandez (kendrick.hernandez@umbc.edu)
wrote:
> We were able to narrow the problem down to DNS timeouts from an
> internal DNS server that had reached its limit for NF connection
> tracking. Once that limit was increased, the issue went away.
> Along with some forwarded insights from the folks at CMU and some
> isolated testing, we were able to confirm that disabling dynamic root
> and DNS-based server discovery on the cache manager also worked around
> issue.
>
I'm glad you identified a solution.

Do you know what the issued DNS queries were for?

The primary reason to avoid disabling dynamic root is the machine
restarts and the OpenAFS cache manager cannot read the "root.afs" volume
from the cell, the system will panic.  This could be due to the machine
booting without a network interface or a failure of the cell similar to
what occurred on January 14th of this year.

The afsd -afsdb option is not required for a web server that will only
be serving content from the local cell if the cell's location service
list of servers is present in the local CellServDB file.   Sites that
want the option of being able to dynamically relocate their location
service instances will want to avoid local CellServDB entries. 

AuriStorFS clients implement configurable ignorelists [1] to permit use
of dynroot and DNS SRV/AFSDB lookups while blocking lookups for specific
names either in the dynroot directory or any volume root directory.

Jeffrey Altman

[1] fs_ignorelist (auristor.com)
<https://www.auristor.com/documentation/man/linux/1/fs_ignorelist.html>


--------------z5xuVL1QlksvaxW946MV0wFD
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">On 11/29/2021 1:11 PM, Kendrick
      Hernandez (<a class="moz-txt-link-abbreviated" href="mailto:kendrick.hernandez@umbc.edu">kendrick.hernandez@umbc.edu</a>) wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CABWMJQWHYUusSvS=um1Waob2bfk7bpP4C7hHCDRFOeOjH2-x3w@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">We were able to narrow the problem down to DNS
        timeouts from an internal DNS server that had reached its limit
        for NF connection tracking. Once that limit was increased, the
        issue went away. <br>
        <div>Along with some forwarded insights from the folks at CMU
          and some isolated testing, we were able to confirm that
          disabling dynamic root and DNS-based server discovery on the
          cache manager also worked around issue. <br>
        </div>
        <br>
      </div>
    </blockquote>
    <p>I'm glad you identified a solution.</p>
    <p>Do you know what the issued DNS queries were for?</p>
    <p>The primary reason to avoid disabling dynamic root is the machine
      restarts and the OpenAFS cache manager cannot read the "root.afs"
      volume from the cell, the system will panic.  This could be due to
      the machine booting without a network interface or a failure of
      the cell similar to what occurred on January 14th of this year.</p>
    <p>The afsd -afsdb option is not required for a web server that will
      only be serving content from the local cell if the cell's location
      service list of servers is present in the local CellServDB file.  
      Sites that want the option of being able to dynamically relocate
      their location service instances will want to avoid local
      CellServDB entries.  <br>
    </p>
    <p>AuriStorFS clients implement configurable ignorelists [1] to
      permit use of dynroot and DNS SRV/AFSDB lookups while blocking
      lookups for specific names either in the dynroot directory or any
      volume root directory.</p>
    <p>Jeffrey Altman</p>
    <p>[1] <a
href="https://www.auristor.com/documentation/man/linux/1/fs_ignorelist.html">fs_ignorelist
        (auristor.com)</a></p>
    <p><br>
    </p>
  </body>
</html>
--------------z5xuVL1QlksvaxW946MV0wFD--


--------------ms040808080201020903010708
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
DGswggXSMIIEuqADAgECAhBAAW0B1qVVQ32wvx2EXYU6MA0GCSqGSIb3DQEBCwUAMDoxCzAJ
BgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTEy
MB4XDTE5MDkwNTE0MzE0N1oXDTIyMTEwMTE0MzE0N1owcDEvMC0GCgmSJomT8ixkAQETH0Ew
MTQxMEMwMDAwMDE2RDAxRDZBNTQwMDAwMDQ0NDcxGTAXBgNVBAMTEEplZmZyZXkgRSBBbHRt
YW4xFTATBgNVBAoTDEF1cmlTdG9yIEluYzELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCY1TC9QeWnUgEoJ81FcAVnhGn/AWuzvkYRUG5/ZyXDdaM212e8
ybCklgSmZweqNdrfaaHXk9vwjpvpD4YWgb07nJ1QBwlvRV/VPAaDdneIygJJWBCzaMVLttKO
0VimH/I/HUwFBQT2mrktucCEf2qogdi2P+p5nuhnhIUiyZ71Fo43gF6cuXIMV/1rBNIJDuwM
Q3H8zi6GL0p4mZFZDDKtbYq2l8+MNxFvMrYcLaJqejQNQRBuZVfv0Fq9pOGwNLAk19baIw3U
xdwx+bGpTtS63Py1/57MQ0W/ZXE/Ocnt1qoDLpJeZIuEBKgMcn5/iN9+Ro5zAuOBEKg34wBS
8QCTAgMBAAGjggKcMIICmDAOBgNVHQ8BAf8EBAMCBPAwgYQGCCsGAQUFBwEBBHgwdjAwBggr
BgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEIGCCsGAQUF
BzAChjZodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NlcnRzL3RydXN0aWRjYWEx
Mi5wN2MwHwYDVR0jBBgwFoAUpHPa72k1inXMoBl7CDL4a4nkQuwwCQYDVR0TBAIwADCCASsG
A1UdIASCASIwggEeMIIBGgYLYIZIAYb5LwAGAgEwggEJMEoGCCsGAQUFBwIBFj5odHRwczov
L3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRt
bDCBugYIKwYBBQUHAgIwga0MgapUaGlzIFRydXN0SUQgQ2VydGlmaWNhdGUgaGFzIGJlZW4g
aXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmlj
YXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRp
ZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8v
dmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC90cnVzdGlkY2FhMTIuY3JsMB8GA1UdEQQY
MBaBFGphbHRtYW5AYXVyaXN0b3IuY29tMB0GA1UdDgQWBBR7pHsvL4H5GdzNToI9e5BuzV19
bzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAFlm
JYk4Ff1v/n0foZkv661W4LCRtroBaVykOXetrDDOQNK2N6JdTa146uIZVgBeU+S/0DLvJBKY
tkUHQ9ovjXJTsuCBmhIIw3YlHoFxbku0wHEpXMdFUHV3tUodFJJKF3MbC8j7dOMkag59/Mdz
Sjszdvit0av9nTxWs/tRKKtSQQlxtH34TouIke2UgP/Nn901QLOrJYJmtjzVz8DW3IYVxfci
SBHhbhJTdley5cuEzphELo5NR4gFjBNlxH7G57Hno9+EWILpx302FJMwTgodIBJbXLbPMHou
xQbOL2anOTUMKO8oH0QdQHCtC7hpgoQa7UJYJxDBI+PRaQ/HObkwggaRMIIEeaADAgECAhEA
+d5Wf8lNDHdw+WAbUtoVOzANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzESMBAGA1UE
ChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEw
HhcNMTUwMjE4MjIyNTE5WhcNMjMwMjE4MjIyNTE5WjA6MQswCQYDVQQGEwJVUzESMBAGA1UE
ChMJSWRlblRydXN0MRcwFQYDVQQDEw5UcnVzdElEIENBIEExMjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANGRTTzPCic0kq5L6ZrUJWt5LE/n6tbPXPhGt2Egv7plJMoEpvVJ
JDqGqDYymaAsd8Hn9ZMAuKUEFdlx5PgCkfu7jL5zgiMNnAFVD9PyrsuF+poqmlxhlQ06sFY2
hbhQkVVQ00KCNgUzKcBUIvjv04w+fhNPkwGW5M7Ae5K5OGFGwOoRck9GG6MUVKvTNkBw2/vN
MOd29VGVTtR0tjH5PS5yDXss48Yl1P4hDStO2L4wTsW2P37QGD27//XGN8K6amWB6F2XOgff
/PmlQjQOORT95PmLkwwvma5nj0AS0CVp8kv0K2RHV7GonllKpFDMT0CkxMQKwoj+tWEWJTiD
KSsCAwEAAaOCAoAwggJ8MIGJBggrBgEFBQcBAQR9MHswMAYIKwYBBQUHMAGGJGh0dHA6Ly9j
b21tZXJjaWFsLm9jc3AuaWRlbnRydXN0LmNvbTBHBggrBgEFBQcwAoY7aHR0cDovL3ZhbGlk
YXRpb24uaWRlbnRydXN0LmNvbS9yb290cy9jb21tZXJjaWFscm9vdGNhMS5wN2MwHwYDVR0j
BBgwFoAU7UQZwNPwBovupHu+QucmVMiONnYwDwYDVR0TAQH/BAUwAwEB/zCCASAGA1UdIASC
ARcwggETMIIBDwYEVR0gADCCAQUwggEBBggrBgEFBQcCAjCB9DBFFj5odHRwczovL3NlY3Vy
ZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDADAgEB
GoGqVGhpcyBUcnVzdElEIENlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBpbiBhY2NvcmRh
bmNlIHdpdGggSWRlblRydXN0J3MgVHJ1c3RJRCBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQg
YXQgaHR0cHM6Ly9zZWN1cmUuaWRlbnRydXN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L3Rz
L2luZGV4Lmh0bWwwSgYDVR0fBEMwQTA/oD2gO4Y5aHR0cDovL3ZhbGlkYXRpb24uaWRlbnRy
dXN0LmNvbS9jcmwvY29tbWVyY2lhbHJvb3RjYTEuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFKRz2u9pNYp1zKAZewgy+GuJ
5ELsMA0GCSqGSIb3DQEBCwUAA4ICAQAN4YKu0vv062MZfg+xMSNUXYKvHwvZIk+6H1pUmivy
DI4I6A3wWzxlr83ZJm0oGIF6PBsbgKJ/fhyyIzb+vAYFJmyI8I/0mGlc+nIQNuV2XY8cypPo
VJKgpnzp/7cECXkX8R4NyPtEn8KecbNdGBdEaG4a7AkZ3ujlJofZqYdHxN29tZPdDlZ8fR36
/mAFeCEq0wOtOOc0Eyhs29+9MIZYjyxaPoTS+l8xLcuYX3RWlirRyH6RPfeAi5kySOEhG1qu
NHe06QIwpigjyFT6v/vRqoIBr7WpDOSt1VzXPVbSj1PcWBgkwyGKHlQUOuSbHbHcjOD8w8wH
SDbL+L2he8hNN54doy1e1wJHKmnfb0uBAeISoxRbJnMMWvgAlH5FVrQWlgajeH/6NbYbBSRx
ALuEOqEQepmJM6qz4oD2sxdq4GMN5adAdYEswkY/o0bRKyFXTD3mdqeRXce0jYQbWm7oapqS
ZBccFvUgYOrB78tB6c1bxIgaQKRShtWR1zMM0JfqUfD9u8Fg7G5SVO0IG/GcxkSvZeRjhYcb
TfqF2eAgprpyzLWmdr0mou3bv1Sq4OuBhmTQCnqxAXr4yVTRYHkp5lCvRgeJAme1OTVpVPth
/O7HJ7VuEP9GOr6kCXCXmjB4P3UJ2oU0NqfoQdcSSSt9hliALnExTEjii20B2nSDojGCAxQw
ggMQAgEBME4wOjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEXMBUGA1UEAxMO
VHJ1c3RJRCBDQSBBMTICEEABbQHWpVVDfbC/HYRdhTowDQYJYIZIAWUDBAIBBQCgggGXMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMTIxMDIzMjUwOVow
LwYJKoZIhvcNAQkEMSIEIHpMGUiruj/K41rVp/IqTBnHK9E01rBrXSBNAkciCHYbMF0GCSsG
AQQBgjcQBDFQME4wOjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEXMBUGA1UE
AxMOVHJ1c3RJRCBDQSBBMTICEEABbQHWpVVDfbC/HYRdhTowXwYLKoZIhvcNAQkQAgsxUKBO
MDoxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQg
Q0EgQTEyAhBAAW0B1qVVQ32wvx2EXYU6MGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEq
MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC
AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEATGw3FgRS44NO
hRkneg/5USrAHxv+7PcXODz0SyZmBJ0bTrJKXR7jyD/0LbYxRZUnIJvTc+Rwrk4Cibuezp5l
f8Q2Vv3fOmtl4XWRdCIFG6jre1VYxH+2S4kdmXk4oRLow0xzZ2R799D4cM3Fc9NJqbpFrzm9
SCuvIYN6DZLU8cCgpB7JBAwF+rlPios1jVsI3HjKoMI9Wh70YmqreJaUFmjZ2ewsvqRZBuz3
dwbU7Fojm01lwiEM5fhoR7UslitKEi4A8ijEQDSaM3FNV0HDYy/ui/ThvygUdNd0fmuXp/sw
mWNKwKw+ioLGOHn8d9BfjDbjB3tUb/7Zy44GmNgYDAAAAAAAAA==
--------------ms040808080201020903010708--


From kendrick.hernandez@umbc.edu  Tue Dec 14 17:51:57 2021
From: kendrick.hernandez@umbc.edu (Kendrick Hernandez)
Date: Tue, 14 Dec 2021 12:51:57 -0500
Subject: [OpenAFS] Slow loading of virtually hosted web content
In-Reply-To: <94dbe234-6cb6-7559-4afd-4b9e809b0bc9@auristor.com>
References: <CABWMJQUUa4mHFrTR7jAA8gZ9g9R16PqZ2NZ4Nss0zaDqM6915w@mail.gmail.com>
 <3fa2a371-8576-dfb4-a482-5c8b1c5c9b7f@auristor.com> <CABWMJQWHYUusSvS=um1Waob2bfk7bpP4C7hHCDRFOeOjH2-x3w@mail.gmail.com>
 <94dbe234-6cb6-7559-4afd-4b9e809b0bc9@auristor.com>
Message-ID: <CABWMJQUJfM=DsB5sa-tCe5GP2384Uo63LFHG4SzBRTfCHZ+LWw@mail.gmail.com>

--00000000000022916705d31ed9dc
Content-Type: text/plain; charset="UTF-8"

On Fri, Dec 10, 2021 at 6:25 PM Jeffrey E Altman <jaltman@auristor.com>
wrote:

> On 11/29/2021 1:11 PM, Kendrick Hernandez (kendrick.hernandez@umbc.edu)
> wrote:
>
> We were able to narrow the problem down to DNS timeouts from an internal
> DNS server that had reached its limit for NF connection tracking. Once that
> limit was increased, the issue went away.
> Along with some forwarded insights from the folks at CMU and some isolated
> testing, we were able to confirm that disabling dynamic root and DNS-based
> server discovery on the cache manager also worked around issue.
>
> I'm glad you identified a solution.
>
> Do you know what the issued DNS queries were for?
>
We believe they were triggered by requests for /afs/.htaccess, as these web
servers have it enabled.


> The primary reason to avoid disabling dynamic root is the machine restarts
> and the OpenAFS cache manager cannot read the "root.afs" volume from the
> cell, the system will panic.  This could be due to the machine booting
> without a network interface or a failure of the cell similar to what
> occurred on January 14th of this year.
>
> The afsd -afsdb option is not required for a web server that will only be
> serving content from the local cell if the cell's location service list of
> servers is present in the local CellServDB file.   Sites that want the
> option of being able to dynamically relocate their location service
> instances will want to avoid local CellServDB entries.
>
Ah, good to know. Thanks!

k-

-- 
Kendrick Hernandez
*UNIX Systems Administrator*
Division of Information Technology
University of Maryland, Baltimore County

--00000000000022916705d31ed9dc
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Fri, Dec 10, 2021 at 6:25 PM Jeffr=
ey E Altman &lt;<a href=3D"mailto:jaltman@auristor.com">jaltman@auristor.co=
m</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
>
 =20
   =20
 =20
  <div>
    <div>On 11/29/2021 1:11 PM, Kendrick
      Hernandez (<a href=3D"mailto:kendrick.hernandez@umbc.edu" target=3D"_=
blank">kendrick.hernandez@umbc.edu</a>) wrote:<br>
    </div>
    <blockquote type=3D"cite">
     =20
      <div dir=3D"ltr">We were able to narrow the problem down to DNS
        timeouts from an internal DNS server that had reached its limit
        for NF connection tracking. Once that limit was increased, the
        issue went away. <br>
        <div>Along with some forwarded insights from the folks at CMU
          and some isolated testing, we were able to confirm that
          disabling dynamic root and DNS-based server discovery on the
          cache manager also worked around issue. <br>
        </div>
        <br>
      </div>
    </blockquote>
    <p>I&#39;m glad you identified a solution.</p>
    <p>Do you know what the issued DNS queries were for? <br></p></div></bl=
ockquote><div>We believe they were triggered by requests for /afs/.htaccess=
, as these web servers have it enabled. <br></div><div>=C2=A0</div><blockqu=
ote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px=
 solid rgb(204,204,204);padding-left:1ex"><div><p></p>
    <p>The primary reason to avoid disabling dynamic root is the machine
      restarts and the OpenAFS cache manager cannot read the &quot;root.afs=
&quot;
      volume from the cell, the system will panic.=C2=A0 This could be due =
to
      the machine booting without a network interface or a failure of
      the cell similar to what occurred on January 14th of this year.</p>
    <p>The afsd -afsdb option is not required for a web server that will
      only be serving content from the local cell if the cell&#39;s locatio=
n
      service list of servers is present in the local CellServDB file.=C2=
=A0=C2=A0
      Sites that want the option of being able to dynamically relocate
      their location service instances will want to avoid local
      CellServDB entries.=C2=A0 <br>
    </p></div>
</blockquote></div><div>Ah, good to know. Thanks!</div><div><br></div><div>=
k-<br> </div><div><br>-- <br><div dir=3D"ltr" class=3D"gmail_signature"><di=
v dir=3D"ltr">Kendrick Hernandez<br><i>UNIX Systems Administrator</i><br>Di=
vision of Information Technology<br><span style=3D"font-family:georgia,seri=
f">University of Maryland, Baltimore County</span><br></div></div></div></d=
iv>

--00000000000022916705d31ed9dc--

From jaltman@auristor.com  Tue Dec 14 18:44:43 2021
From: jaltman@auristor.com (Jeffrey E Altman)
Date: Tue, 14 Dec 2021 13:44:43 -0500
Subject: [OpenAFS] Slow loading of virtually hosted web content
In-Reply-To: <CABWMJQUJfM=DsB5sa-tCe5GP2384Uo63LFHG4SzBRTfCHZ+LWw@mail.gmail.com>
References: <CABWMJQUUa4mHFrTR7jAA8gZ9g9R16PqZ2NZ4Nss0zaDqM6915w@mail.gmail.com>
 <3fa2a371-8576-dfb4-a482-5c8b1c5c9b7f@auristor.com>
 <CABWMJQWHYUusSvS=um1Waob2bfk7bpP4C7hHCDRFOeOjH2-x3w@mail.gmail.com>
 <94dbe234-6cb6-7559-4afd-4b9e809b0bc9@auristor.com>
 <CABWMJQUJfM=DsB5sa-tCe5GP2384Uo63LFHG4SzBRTfCHZ+LWw@mail.gmail.com>
Message-ID: <401b0459-9c75-f54a-0c14-6403ed242c7f@auristor.com>

This is a cryptographically signed message in MIME format.

--------------ms000907080006070804040404
Content-Type: multipart/alternative;
 boundary="------------fupFWX0Yw38VWEeSCygMDuSQ"

--------------fupFWX0Yw38VWEeSCygMDuSQ
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On 12/14/2021 12:51 PM, Kendrick Hernandez (kendrick.hernandez@umbc.edu)
wrote:
>
> On Fri, Dec 10, 2021 at 6:25 PM Jeffrey E Altman
> <jaltman@auristor.com> wrote:
>
>     Do you know what the issued DNS queries were for?
>
> We believe they were triggered by requests for /afs/.htaccess, as
> these web servers have it enabled.

If an AuriStorFS client were deployed these lookups could be disabled
using the following yfs-client.conf configuration file entry.

    [afsd]

        ignorelist-afsmountdir = .htaccess

Instead of attempting to resolve a cellular mountpoint for
/afs/.htaccess Apache would be provided a zero-length file.

Happy Holidays.

Jeffrey Altman

--------------fupFWX0Yw38VWEeSCygMDuSQ
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">On 12/14/2021 12:51 PM, Kendrick
      Hernandez (<a class="moz-txt-link-abbreviated" href="mailto:kendrick.hernandez@umbc.edu">kendrick.hernandez@umbc.edu</a>) wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CABWMJQUJfM=DsB5sa-tCe5GP2384Uo63LFHG4SzBRTfCHZ+LWw@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr"><br>
        <div class="gmail_quote">
          <div dir="ltr" class="gmail_attr">On Fri, Dec 10, 2021 at 6:25
            PM Jeffrey E Altman &lt;<a
              href="mailto:jaltman@auristor.com" moz-do-not-send="true"
              class="moz-txt-link-freetext">jaltman@auristor.com</a>&gt;
            wrote:<br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px
            0.8ex;border-left:1px solid
            rgb(204,204,204);padding-left:1ex">
            <div>Do you know what the issued DNS queries were for? <br>
            </div>
          </blockquote>
          <div>We believe they were triggered by requests for
            /afs/.htaccess, as these web servers have it enabled.<br>
          </div>
        </div>
      </div>
    </blockquote>
    <p>If an AuriStorFS client were deployed these lookups could be
      disabled using the following yfs-client.conf configuration file
      entry.</p>
    <pre>    [afsd]</pre>
    <pre>        ignorelist-afsmountdir = .htaccess

</pre>
    <p>Instead of attempting to resolve a cellular mountpoint for
      /afs/.htaccess Apache would be provided a zero-length file.</p>
    <p>Happy Holidays.</p>
    <p>Jeffrey Altman<br>
    </p>
  </body>
</html>
--------------fupFWX0Yw38VWEeSCygMDuSQ--


--------------ms000907080006070804040404
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
DGswggXSMIIEuqADAgECAhBAAW0B1qVVQ32wvx2EXYU6MA0GCSqGSIb3DQEBCwUAMDoxCzAJ
BgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTEy
MB4XDTE5MDkwNTE0MzE0N1oXDTIyMTEwMTE0MzE0N1owcDEvMC0GCgmSJomT8ixkAQETH0Ew
MTQxMEMwMDAwMDE2RDAxRDZBNTQwMDAwMDQ0NDcxGTAXBgNVBAMTEEplZmZyZXkgRSBBbHRt
YW4xFTATBgNVBAoTDEF1cmlTdG9yIEluYzELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCY1TC9QeWnUgEoJ81FcAVnhGn/AWuzvkYRUG5/ZyXDdaM212e8
ybCklgSmZweqNdrfaaHXk9vwjpvpD4YWgb07nJ1QBwlvRV/VPAaDdneIygJJWBCzaMVLttKO
0VimH/I/HUwFBQT2mrktucCEf2qogdi2P+p5nuhnhIUiyZ71Fo43gF6cuXIMV/1rBNIJDuwM
Q3H8zi6GL0p4mZFZDDKtbYq2l8+MNxFvMrYcLaJqejQNQRBuZVfv0Fq9pOGwNLAk19baIw3U
xdwx+bGpTtS63Py1/57MQ0W/ZXE/Ocnt1qoDLpJeZIuEBKgMcn5/iN9+Ro5zAuOBEKg34wBS
8QCTAgMBAAGjggKcMIICmDAOBgNVHQ8BAf8EBAMCBPAwgYQGCCsGAQUFBwEBBHgwdjAwBggr
BgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEIGCCsGAQUF
BzAChjZodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NlcnRzL3RydXN0aWRjYWEx
Mi5wN2MwHwYDVR0jBBgwFoAUpHPa72k1inXMoBl7CDL4a4nkQuwwCQYDVR0TBAIwADCCASsG
A1UdIASCASIwggEeMIIBGgYLYIZIAYb5LwAGAgEwggEJMEoGCCsGAQUFBwIBFj5odHRwczov
L3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRt
bDCBugYIKwYBBQUHAgIwga0MgapUaGlzIFRydXN0SUQgQ2VydGlmaWNhdGUgaGFzIGJlZW4g
aXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmlj
YXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRp
ZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8v
dmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC90cnVzdGlkY2FhMTIuY3JsMB8GA1UdEQQY
MBaBFGphbHRtYW5AYXVyaXN0b3IuY29tMB0GA1UdDgQWBBR7pHsvL4H5GdzNToI9e5BuzV19
bzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAFlm
JYk4Ff1v/n0foZkv661W4LCRtroBaVykOXetrDDOQNK2N6JdTa146uIZVgBeU+S/0DLvJBKY
tkUHQ9ovjXJTsuCBmhIIw3YlHoFxbku0wHEpXMdFUHV3tUodFJJKF3MbC8j7dOMkag59/Mdz
Sjszdvit0av9nTxWs/tRKKtSQQlxtH34TouIke2UgP/Nn901QLOrJYJmtjzVz8DW3IYVxfci
SBHhbhJTdley5cuEzphELo5NR4gFjBNlxH7G57Hno9+EWILpx302FJMwTgodIBJbXLbPMHou
xQbOL2anOTUMKO8oH0QdQHCtC7hpgoQa7UJYJxDBI+PRaQ/HObkwggaRMIIEeaADAgECAhEA
+d5Wf8lNDHdw+WAbUtoVOzANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzESMBAGA1UE
ChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEw
HhcNMTUwMjE4MjIyNTE5WhcNMjMwMjE4MjIyNTE5WjA6MQswCQYDVQQGEwJVUzESMBAGA1UE
ChMJSWRlblRydXN0MRcwFQYDVQQDEw5UcnVzdElEIENBIEExMjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANGRTTzPCic0kq5L6ZrUJWt5LE/n6tbPXPhGt2Egv7plJMoEpvVJ
JDqGqDYymaAsd8Hn9ZMAuKUEFdlx5PgCkfu7jL5zgiMNnAFVD9PyrsuF+poqmlxhlQ06sFY2
hbhQkVVQ00KCNgUzKcBUIvjv04w+fhNPkwGW5M7Ae5K5OGFGwOoRck9GG6MUVKvTNkBw2/vN
MOd29VGVTtR0tjH5PS5yDXss48Yl1P4hDStO2L4wTsW2P37QGD27//XGN8K6amWB6F2XOgff
/PmlQjQOORT95PmLkwwvma5nj0AS0CVp8kv0K2RHV7GonllKpFDMT0CkxMQKwoj+tWEWJTiD
KSsCAwEAAaOCAoAwggJ8MIGJBggrBgEFBQcBAQR9MHswMAYIKwYBBQUHMAGGJGh0dHA6Ly9j
b21tZXJjaWFsLm9jc3AuaWRlbnRydXN0LmNvbTBHBggrBgEFBQcwAoY7aHR0cDovL3ZhbGlk
YXRpb24uaWRlbnRydXN0LmNvbS9yb290cy9jb21tZXJjaWFscm9vdGNhMS5wN2MwHwYDVR0j
BBgwFoAU7UQZwNPwBovupHu+QucmVMiONnYwDwYDVR0TAQH/BAUwAwEB/zCCASAGA1UdIASC
ARcwggETMIIBDwYEVR0gADCCAQUwggEBBggrBgEFBQcCAjCB9DBFFj5odHRwczovL3NlY3Vy
ZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDADAgEB
GoGqVGhpcyBUcnVzdElEIENlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBpbiBhY2NvcmRh
bmNlIHdpdGggSWRlblRydXN0J3MgVHJ1c3RJRCBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQg
YXQgaHR0cHM6Ly9zZWN1cmUuaWRlbnRydXN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L3Rz
L2luZGV4Lmh0bWwwSgYDVR0fBEMwQTA/oD2gO4Y5aHR0cDovL3ZhbGlkYXRpb24uaWRlbnRy
dXN0LmNvbS9jcmwvY29tbWVyY2lhbHJvb3RjYTEuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFKRz2u9pNYp1zKAZewgy+GuJ
5ELsMA0GCSqGSIb3DQEBCwUAA4ICAQAN4YKu0vv062MZfg+xMSNUXYKvHwvZIk+6H1pUmivy
DI4I6A3wWzxlr83ZJm0oGIF6PBsbgKJ/fhyyIzb+vAYFJmyI8I/0mGlc+nIQNuV2XY8cypPo
VJKgpnzp/7cECXkX8R4NyPtEn8KecbNdGBdEaG4a7AkZ3ujlJofZqYdHxN29tZPdDlZ8fR36
/mAFeCEq0wOtOOc0Eyhs29+9MIZYjyxaPoTS+l8xLcuYX3RWlirRyH6RPfeAi5kySOEhG1qu
NHe06QIwpigjyFT6v/vRqoIBr7WpDOSt1VzXPVbSj1PcWBgkwyGKHlQUOuSbHbHcjOD8w8wH
SDbL+L2he8hNN54doy1e1wJHKmnfb0uBAeISoxRbJnMMWvgAlH5FVrQWlgajeH/6NbYbBSRx
ALuEOqEQepmJM6qz4oD2sxdq4GMN5adAdYEswkY/o0bRKyFXTD3mdqeRXce0jYQbWm7oapqS
ZBccFvUgYOrB78tB6c1bxIgaQKRShtWR1zMM0JfqUfD9u8Fg7G5SVO0IG/GcxkSvZeRjhYcb
TfqF2eAgprpyzLWmdr0mou3bv1Sq4OuBhmTQCnqxAXr4yVTRYHkp5lCvRgeJAme1OTVpVPth
/O7HJ7VuEP9GOr6kCXCXmjB4P3UJ2oU0NqfoQdcSSSt9hliALnExTEjii20B2nSDojGCAxQw
ggMQAgEBME4wOjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEXMBUGA1UEAxMO
VHJ1c3RJRCBDQSBBMTICEEABbQHWpVVDfbC/HYRdhTowDQYJYIZIAWUDBAIBBQCgggGXMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMTIxNDE4NDQ0M1ow
LwYJKoZIhvcNAQkEMSIEIJT8DKxdltYI2WKup+7URJVsBvt2w5+5sFMSKuKK+JxiMF0GCSsG
AQQBgjcQBDFQME4wOjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEXMBUGA1UE
AxMOVHJ1c3RJRCBDQSBBMTICEEABbQHWpVVDfbC/HYRdhTowXwYLKoZIhvcNAQkQAgsxUKBO
MDoxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQg
Q0EgQTEyAhBAAW0B1qVVQ32wvx2EXYU6MGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEq
MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC
AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEATt/N8/Jc7uMI
vVu5lg2r9TovfZD2Y9gRwZeCE23znpaTymouwbqSoLBSJ7ML5Ya1/VKONoh/Nw88wG/g0BwG
dGpw5f2ISEnbwNidCNSifJrGPkHdnactr86o/AGw0/NaCGt7wRD2tGQiWVSkhLzZcSqzMCeV
85KWQH6Ugoflx01Qwody52J6yrvW8/B0AT5mR4VGCvTG/LJu6B6UzERE/klvoXM27cb7gYsZ
r7L4sxYmRsgk9G8EGHNHJHVjSHRAPWjCj5RbLpj3xAxzFqkcHiaj4pcGHhr98rf4SolOwga+
tSOynZ6dbkR+3E3HpxrUT2n/FnYK2ArJHf6zYy8OuwAAAAAAAA==
--------------ms000907080006070804040404--