How to serve multiple search domains from Cisco IOS DHCP server?

Source –

The expected

[code language=“plain“]ip dhcp pool
option 119 ascii,[/code]

doesn’t work. So you need to encode search domains in hex using following example script written in Python:

[code language=“python“]#!/usr/bin/env python
import syshexlist = []for domain in sys.argv[1:]:
for part in domain.split(„.“):
hexlist.append(„%02x“ % len(part))
for c in part:
hexlist.append(„00“)print „“.join([(„.%s“ % (x) if i and not i % 2 else x) \
for i, x in enumerate(hexlist)])[/code]

Execute it:

[code language=“plain“]$ ./

So the config in ios must look like:

[code language=“plain“]ip dhcp pool
option 119 hex 036e.6574.0765.7861.6d70.6c65.0363.6f6d.0007.6578.616d.706c.6503.636f.6d00[/code]

It’s done!

Be careful with isc-bind 9.13.1

  • named can no longer use the EDNS CLIENT-SUBNET option for view selection. In its existing form, the authoritative ECS feature was not fully RFC-compliant, and could not realistically have been deployed in production for an authoritative server; its only practical use was for testing and experimentation. In the interest of code simplification, this feature has now been removed.The ECS option is still supported in dig and mdig via the +subnet argument, and can be parsed and logged when received by named, but it is no longer used for ACL processing. The geoip-use-ecs option is now obsolete; a warning will be logged if it is used in named.conf. ecs tags in an ACL definition are also obsolete, and will cause the configuration to fail to load if they are used. [GL #32]

If in front of your dns authoritive  DNS server you have load balancer like dnsdist,  and you use „useClientSubnet=true“ into his configuration, the views in bind are going useless.

So the possible way to do similar things is to use dnsdist and to implement bind views into dnsdist using configuration like this

Problem with transmission and IPv6

The problem with net-p2p/transmission-daemon and IPv6 is that transmission developers are … not willing to implement such functionality as visible from:

So the user who need to use IPv6 but NOT use IPv6 with transmission are left alone.

So you can use this quick patch:

cd /usr/ports/net-p2p/transmission-daemon ;
make extract ;
cd work/transmission-2.93/libtransmission/ ;
vi net.c

@@ -598,7 +598,7 @@
int addrlen = 16;
const int rc = tr_globalAddress( AF_INET6,
ipv6, &addrlen );
– have_ipv6 = ( rc >= 0 ) && ( addrlen == 16 );
+ have_ipv6 = 0; /** NO, we do not have IPv6 **/
last_time = now;

cd ../../../ ; make deinstall install package clean ;
service transmission restart


Enjoy your non-ipv6 enabled daemon on ipv6/ipv4 dualstack system!

DualStack/tcp46 web and mail server

You can verify it via commands

dig AAAA


curl -6

IPv6 Certification Badge for jostreff


It’s funny to see that in ipv6 worlds my site is 6 hop away. In ipv4 it’s 7 hops away.


Jordan-Ostreffs-MBP:~ jostreff$ traceroute6
traceroute6 to (2001:470:1f0a:1830::2) from 2001:470:1f15:1303:31ca:10e:17ec:fdd8, 64 hops max, 12 byte packets
1 2001:470:1f15:1303:ba8d:12ff:fe5b:1ff0 1.168 ms 1.502 ms 0.762 ms
2 37.673 ms 36.499 ms 36.333 ms
3 35.521 ms 33.730 ms 51.334 ms
4 44.787 ms 37.329 ms 41.756 ms
5 42.740 ms 42.329 ms 43.809 ms
6 75.220 ms 72.095 ms 72.247 ms

Jordan-Ostreffs-MBP:~ jostreff$ traceroute
traceroute to (, 64 hops max, 52 byte packets
1 ( 1.455 ms 0.874 ms 0.847 ms
2 ( 2.043 ms 1.629 ms 1.429 ms
3 ( 7.621 ms 8.028 ms 7.951 ms
4 ( 13.347 ms 11.934 ms 10.202 ms
5 * * *
6 ( 13.115 ms 9.090 ms 8.943 ms
7 ( 9.356 ms 9.351 ms 9.125 ms

Next task to build dualstack tcp46 mail system.

Already passed also ipv6 enabled mail system.

DualStack ipv46 home network achieved

IPv6 Certification Badge for jostreff





~ jostreff$ ping6
PING6(56=40+8+8 bytes) 2001:470:1f15:1303:e813:c674:204e:ff54 –> 2a00:1450:4017:809::200e
16 bytes from 2a00:1450:4017:809::200e, icmp_seq=0 hlim=53 time=73.786 ms
16 bytes from 2a00:1450:4017:809::200e, icmp_seq=1 hlim=53 time=76.331 ms
16 bytes from 2a00:1450:4017:809::200e, icmp_seq=2 hlim=53 time=76.304 ms
– ping6 statistics –
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 73.786/75.474/76.331/1.193 ms


Next task – to made live in ipv6 world!

Suppress warning messages using mysql from within Terminal, but password written in shell script

Here’s how I got my bash script for my daily mysqldump database backups to work more securely.
1. First use mysql_config_editor (comes with mysql 5.6+) to set up the encrypted password file. Suppose your username is „db_user“. Running from the shell prompt:

mysql_config_editor set –login-path=local –host=localhost –user=db_user –password

It prompts for the password. Once you enter it, the user/pass are saved encrypted. Of course, change „system_username“ to your username on the server.

2. Change your shell script from this:

mysqldump -u db_user -pInsecurePassword my_database | gzip > db_backup.tar.gz

to this:

mysqldump –login-path=local my_database | gzip > db_backup.tar.gz

No more exposed passwords.