Fixing "unexpected RCODE (SERVFAIL)" and "unexpected RCODE (REFUSED)"

Wednesday 26 January 2011, 18:55

This is another one where I searched the net, the answers I found were very unhelpful, and so I'm posting what worked for me for the benefit of anyone making similar searches.

The problem: new ADSL connection from MTS Allstream, which is the deregulated ghost of the Manitoba telecom monopoly. Works pretty well, except they do that damn misguided "helpful" redirection of failed DNS requests to a search engine, thereby screwing up all non-Web activities that depend on the DNS actually working according to the protocol. They offer opt-out but that doesn't work. So I set up my own caching DNS server and everything seemed fine... except just a few Web sites wouldn't work. Always the same sites; little or no rhyme or reason to which ones they were. Penny Arcade, Weather Underground, the Canada Revenue Agency, and the CBC, were the most annoying examples. The browser would hang, trying to connect, forever.

Digging through the system logs revealed lines like these:

Jan 25 11:34:38 tetsu named[1613]: unexpected RCODE (SERVFAIL) resolving 'art.penny-arcade.com/A/IN': 72.52.2.1#53
Jan 25 11:37:55 tetsu named[1613]: unexpected RCODE (REFUSED) resolving 'cbc.radio-canada.ca/A/IN': 207.164.234.37#53

Searching on the Web produced many people complaining about error messages like these, and the following answers on how to resolve it:

  • "You must be the authoritative server for these domains, and you haven't given BIND the correct path to the zone files." No, I am not the authoritative server for these domains.
  • "You must be the authoritative server for these domains, and someone on the Net is trying to break into your nameserver." No, I really am not the authoritative server for these domains, the failing requests are coming from an authorized user on localhost (namely me), and incoming unauthorized DNS requests would be stopped at the firewall anyway.
  • "The remote authoritative servers for these domains are misconfigured and you must contact the admins and tell them to fix the problem." Yes, I REALLY HAVE THE TIME AND ABILITY TO CONVINCE EVERY ADMINISTRATOR OF A MISCONFIGURED NAMESERVER ON THE ENTIRE INTERNET TO FIX THEIR CONFIGURATIONS BECAUSE THEY WILL ALL LISTEN TO ME! Also, of course, I can contact these administrators by pure mental telepathy, since my computer cannot connect to theirs to send them email.

Clearly, none of these answers was helpful. Here's the actual answer: The MTU on my Ethernet connection was set to the default of 1500. Packets that size cannot pass through the ADSL connection; and to make matters worse, MTS apparently drops ICMP traffic (this could be my fault because it may be happening at the firewall box, which is theirs but was reconfigured by me), so that Path MTU Discovery (which would automatically adjust the setting) doesn't work. It wasn't really anything specific to DNS, but would cause subtle effects in a lot of places; DNS was just the most visible thing failing. Solved by changing my MTU to 1400; there may be some slightly larger number that will work (I'll experiment), but 1500 evidently is too big. It appeared only, but consistently, on a few domains, because those were the ones where the DNS query or its answer (which would generally be consistent per domain) happened to both exceed the ADSL connection's real MTU and not be fragmented anywhere else in the network.

Typographical history of the TTC

Tuesday 18 January 2011, 11:42

Here's a Web log article, with several links and a couple of posters for sale, on something I've wondered about before: the unique typeface used for station names and some other signage on the TTC.

Notes on Winnipeg

Saturday 8 January 2011, 15:42

The firewall box does seem to be dead. It's quite possible that some parts of it are salvageable, but it appears that I can also reconfigure the MTS DSL box to do most of the firewalling I would like, and that doesn't cost me anything in replacement parts. Given that I'm already over budget on such things as the movers' fees, and doormats, I'm going to go that route and keep the firewall box for parts. More moving-in notes below.

オフィスの写真

Friday 7 January 2011, 23:02

今日はオフィスの写真を撮りました。

ドア

アパートの写真

Thursday 6 January 2011, 22:37

最近ウィ二ペッグに引っ越しました。月曜日に着きました。寒いは予想通りでした。今零下20度です。

マッシュの顔

でも、私の新しいアパートはいいです。このアパートの方がトロントに住んだアパートより広いです。下は写真です。

The day a star is born

Saturday 18 December 2010, 19:57

This is my last posting from the desktop machine before I take it down to pack - a little earlier than I'd first planned, but I'm trying to get my packing done with as much safety margin as possible and now that the paper deadlines are past, I don't need the main computer to be online in this location any longer. I can use my laptop for networking in the next few days before my move.

Since my last Japanese lesson on the 10th, I'm on my own as far as continuing my studies, and one thing I'm doing is translating song lyrics. Another I might do is post entries on the Japanese side of this site. Anyway, although I'm not promising to share much or any of whatever is created by my learning process - it depends very much on amount and nature of reader response - I'm going to post a song translation in this entry. It seems appropriate.

Electric kerning

Thursday 9 December 2010, 20:57

It's not like I don't have enough projects to work on already. Nonetheless, I had an idea I thought was pretty cool, and I'm going to at least describe it here, whether I end up implementing it or not.

Okay, so: kerning. If you're setting type, you need to know where to put each glyph in relation to the previous one. In the old old days, it was easy because each glyph came on a little metal block and you'd just set them right next to each other and clamp them in place. But a computer (and, earlier, a phototypesetting machine) has the opportunity to make a decision. And if you just have a fixed bounding box for each glyph and set them side by side, you run into problems when you have situations like a capital A next to a capital V. "AV". Using the bounding boxes that would be correct for those letters in other contexts, you end up putting too much space between them. You need to squeeze them together so that part of the V projects into the space that the A, if it were next to something else, would reserve for itself. This squeezing together is called "kerning."

The Terrible Secret of OpenType Glyph Substitution

Monday 6 December 2010, 13:18

I was up until 3 this morning trying to figure out how to make OpenType glyph substitution work. That, in itself, is not news. Anyone who has tried to write substitution rules for OpenType fonts has probably gone through something similar. What is unusual, though, is that I not only succeeded, but also figured out the undocumented underlying principle so that I can predictably succeed in the future; as far as I can tell, the more usual practice is to just try things at random until one eventually either gets it working by accident, or gives up, without having learned anything useful either way.

The purpose of this entry is to provide the important information that I wasn't able to find on the Net and wish I had had. There is one important point I call the Terrible Secret, which makes all the difference to getting it to work; but rather than jump to that immediately I'm going to give the needed background first. I'll be using the terms that make sense to me, rather than the "easy" but uselessly vague simplified style used by all existing documentation I found.

Animated romance day

Thursday 25 December 2003, 22:26

This is a re-posting of an item that originally appeared on Livejournal.

I think it was "dagbrown" who told me that in Japan, December 25 is like February 14 in North America - it's not so much a family holiday as a couples' holiday, the day you give your lover gifts if you have one, or feel sad and alone if you don't. Maybe he told me that or maybe I just inferred it from the Irresponsible Captain Tylor Christmas episode. Either way, this seems like a good opportunity to post some thoughts about romance in anime. This may contain spoilers for Inuyasha, FLCL, and Saikano, and if you aren't familiar with those series, you probably won't get most of it anyway.

Again with the child-porn PSAs

Sunday 21 November 2010, 10:24

I'm in Winnipeg at the moment, here to look for an apartment - and it looks like I was successful, in that I have an application and deposit in now on a place that seems pretty much perfect. Prices are a fair bit lower here than in Toronto, with the result that for only a little more than I was paying in the big smoke, I can get a significantly nicer apartment. It's a little hair-raising because it will take them longer to process my application than the length of my stay here, so if somehow I'm not approved, I'll be in trouble. But that's not likely.

There are a lot of anti-child-porn public service announcements here. Pretty much every transit bus carries at least one, usually more than one. My colleagues actually warned me about this before I came - yes, they said, it is kind of weird and disturbing, but we don't actually have massive amounts of child abuse here, honest! I'm sure it points to something interesting about the culture. But I noticed something more specific that I thought I'd highlight.

Okay, two posters. Nearly identical design, both advertising the same thing, obviously part of the same campaign. They're trying to convey that if you happen to see some child porn on the Net, you should report it to the police an unaccountable private citizens' group. I note that Canadian law does not provide a strong safe harbour for doing so, and not only possession but "accessing" it are highly illegal, with mandatory minimum jail sentences, even in the case of fictional text created without the involvement of any real children, so you should have a really good story of how you happened to find the material by accident - but never mind that. I'm interested in the subtle difference between the two posters. One shows a woman looking concerned, with the caption "I wouldn't want my kids in those pictures. SO I REPORTED IT." The other shows a man looking concerned, with the caption "I wouldn't want my little girl in those pictures. SO I REPORTED IT."

Maybe the designers just wanted some variety, so they didn't use exactly the same wording on the two posters. But would it work just as well if you swapped the two captions? I think it wouldn't; and I think the reason for that is a big clue to why this subject matter is so difficult for us to think about.