Compilation results for dns2004.wikimedia.org: System changes detected

Catalog differences

Summary

Resources only in the new catalog

• Augeas[lo_2620:0:860:53::1/128]
• Augeas[lo_2620:0:861:53::1/32]
• Augeas[lo_2a02:ec80:53::1/128]
• Exec[ip addr add 2620:0:860:53::1/128 label lo:anycast dev lo]
• Exec[ip addr add 2620:0:861:53::1/32 dev lo]
• Exec[ip addr add 2a02:ec80:53::1/128 label lo:anycast dev lo]

Resources modified

• File[/etc/gdnsd/config-options]

  Content differences:

  --- /etc/gdnsd/config-options.orig
  +++ /etc/gdnsd/config-options
  @@ -16,11 +16,23 @@
           udp_threads = 12
           tcp_threads = 12
       }
  +    "2620:0:861:53::1" = {
  +        udp_threads = 12
  +        tcp_threads = 12
  +    }
       "208.80.153.231" = {
           udp_threads = 12
           tcp_threads = 12
       }
  +    "2620:0:860:53::1" = {
  +        udp_threads = 12
  +        tcp_threads = 12
  +    }
       "198.35.27.27" = {
  +        udp_threads = 12
  +        tcp_threads = 12
  +    }
  +    "2a02:ec80:53::1" = {
           udp_threads = 12
           tcp_threads = 12
       }

• File[/etc/ferm/conf.d/05_udp_dns_auth]

  Content differences:

  --- /etc/ferm/conf.d/05_udp_dns_auth.orig
  +++ /etc/ferm/conf.d/05_udp_dns_auth
  @@ -1,7 +1,7 @@
   # Autogenerated by puppet. DO NOT EDIT BY HAND!
   #
   # 
  -&D_SERVICE(udp, 53, (208.80.154.238 208.80.153.231 198.35.27.27));
  +&D_SERVICE(udp, 53, (208.80.154.238 2620:0:861:53::1 208.80.153.231 2620:0:860:53::1 198.35.27.27 2a02:ec80:53::1));
   
   
   

• File[/etc/ferm/conf.d/06_tcp_dotls_auth]

  Content differences:

  --- /etc/ferm/conf.d/06_tcp_dotls_auth.orig
  +++ /etc/ferm/conf.d/06_tcp_dotls_auth
  @@ -1,7 +1,7 @@
   # Autogenerated by puppet. DO NOT EDIT BY HAND!
   #
   # 
  -&D_SERVICE(tcp, 853, (208.80.154.238 208.80.153.231 198.35.27.27));
  +&D_SERVICE(tcp, 853, (208.80.154.238 2620:0:861:53::1 208.80.153.231 2620:0:860:53::1 198.35.27.27 2a02:ec80:53::1));
   
   
   

• File[/etc/ferm/conf.d/05_tcp_dns_auth]

  Content differences:

  --- /etc/ferm/conf.d/05_tcp_dns_auth.orig
  +++ /etc/ferm/conf.d/05_tcp_dns_auth
  @@ -1,7 +1,7 @@
   # Autogenerated by puppet. DO NOT EDIT BY HAND!
   #
   # 
  -&D_SERVICE(tcp, 53, (208.80.154.238 208.80.153.231 198.35.27.27));
  +&D_SERVICE(tcp, 53, (208.80.154.238 2620:0:861:53::1 208.80.153.231 2620:0:860:53::1 198.35.27.27 2a02:ec80:53::1));
   
   
   

• File[/etc/bird/bird.conf]

  Content differences:

  --- /etc/bird/bird.conf.orig
  +++ /etc/bird/bird.conf
  @@ -1,4 +1,5 @@
   include "/etc/bird/anycast-prefixes.conf";
  +include "/etc/bird/anycast6-prefixes.conf";
   
   router id 208.80.153.48;
   
  @@ -8,9 +9,20 @@
           export all;
       };
   }
  +protocol direct {
  +    interface "*";
  +    ipv6 {
  +        export all;
  +    };
  +}
   
   protocol kernel {
       ipv4 {
  +        import none;
  +    };
  +}
  +protocol kernel {
  +    ipv6 {
           import none;
       };
   }
  @@ -22,9 +34,21 @@
   {
       return net ~ ACAST_PS_ADVERTISE;
   }
  +function match_route6()
  +{
  +    return net ~ ACAST6_PS_ADVERTISE;
  +}
   
   filter vips_filter {
       if ( net.len = 32 && net !~ 203.0.113.1/32 && match_route() ) then {
  +        accept;
  +    }
  +    else {
  +        reject;
  +    }
  +}
  +filter vips6_filter {
  +    if ( net.len = 128 && net !~ 2001:db8::1/128 && match_route6() ) then {
           accept;
       }
       else {
  @@ -64,3 +88,23 @@
       neighbor 208.80.153.193 external;
   }
   
  +protocol bgp {
  +    multihop;
  +    bfd yes;
  +    ipv6 {
  +        import none;
  +        export filter vips6_filter;
  +    };
  +    local 2620:0:860:2:208:80:153:48 as 64605;
  +    neighbor 2620:0:860:ffff::1 external;
  +}
  +protocol bgp {
  +    multihop;
  +    bfd yes;
  +    ipv6 {
  +        import none;
  +        export filter vips6_filter;
  +    };
  +    local 2620:0:860:2:208:80:153:48 as 64605;
  +    neighbor 2620:0:860:ffff::2 external;
  +}

• File[/etc/anycast-healthchecker.d/hc-vip-ns2.wikimedia.org.conf]

  Content differences:

  --- /etc/anycast-healthchecker.d/hc-vip-ns2.wikimedia.org.conf.orig
  +++ /etc/anycast-healthchecker.d/hc-vip-ns2.wikimedia.org.conf
  @@ -7,3 +7,13 @@
   check_disabled    = false
   on_disabled       = withdraw
   ip_prefix         = 198.35.27.27/32
  +
  +[hc-vip-ns2.wikimedia.org.ipv6]
  +check_cmd         = /usr/local/bin/check_authdns_ns2_state /usr/lib/nagios/plugins/check_dns_query -H 2a02:ec80:53::1 -a -l -d www.wikipedia.org -t 1
  +check_interval    = 1
  +check_timeout     = 1
  +check_fail        = 1
  +check_rise        = 10
  +check_disabled    = false
  +on_disabled       = withdraw
  +ip_prefix         = 2a02:ec80:53::1/128

• File[/etc/anycast-healthchecker.d/hc-vip-ns1.wikimedia.org.conf]

  Content differences:

  --- /etc/anycast-healthchecker.d/hc-vip-ns1.wikimedia.org.conf.orig
  +++ /etc/anycast-healthchecker.d/hc-vip-ns1.wikimedia.org.conf
  @@ -7,3 +7,13 @@
   check_disabled    = false
   on_disabled       = withdraw
   ip_prefix         = 208.80.153.231/32
  +
  +[hc-vip-ns1.wikimedia.org.ipv6]
  +check_cmd         = /usr/local/bin/check_authdns_ns1_state /usr/lib/nagios/plugins/check_dns_query -H 2620:0:860:53::1 -a -l -d www.wikipedia.org -t 1
  +check_interval    = 1
  +check_timeout     = 1
  +check_fail        = 1
  +check_rise        = 10
  +check_disabled    = false
  +on_disabled       = withdraw
  +ip_prefix         = 2620:0:860:53::1/128

• File[/etc/anycast-healthchecker.conf]

  Content differences:

  --- /etc/anycast-healthchecker.conf.orig
  +++ /etc/anycast-healthchecker.conf
  @@ -4,7 +4,7 @@
   [daemon]
   pidfile                = /var/run/anycast-healthchecker/anycast-healthchecker.pid
   ipv4                   = true
  -ipv6                   = false
  +ipv6                   = true
   bird_conf              = /etc/bird/anycast-prefixes.conf
   bird6_conf             = /etc/bird/anycast6-prefixes.conf
   bird_variable          = ACAST_PS_ADVERTISE

• File[/etc/haproxy/haproxy.cfg]

  Content differences:

  --- /etc/haproxy/haproxy.cfg.orig
  +++ /etc/haproxy/haproxy.cfg
  @@ -36,9 +36,18 @@
   listen dns_ns0-v4
       bind 208.80.154.238:853 ssl tfo allow-0rtt curves X25519:X448:P-256 crt /etc/acmecerts/dotls-for-authdns/live/ec-prime256v1.chained.crt.key
       server gdnsd 127.0.0.1:535 send-proxy-v2
  +listen dns_ns0-v6
  +    bind 2620:0:861:53::1:853 ssl tfo allow-0rtt curves X25519:X448:P-256 crt /etc/acmecerts/dotls-for-authdns/live/ec-prime256v1.chained.crt.key
  +    server gdnsd 127.0.0.1:535 send-proxy-v2
   listen dns_ns1-v4
       bind 208.80.153.231:853 ssl tfo allow-0rtt curves X25519:X448:P-256 crt /etc/acmecerts/dotls-for-authdns/live/ec-prime256v1.chained.crt.key
  +    server gdnsd 127.0.0.1:535 send-proxy-v2
  +listen dns_ns1-v6
  +    bind 2620:0:860:53::1:853 ssl tfo allow-0rtt curves X25519:X448:P-256 crt /etc/acmecerts/dotls-for-authdns/live/ec-prime256v1.chained.crt.key
       server gdnsd 127.0.0.1:535 send-proxy-v2
   listen dns_ns2-v4
       bind 198.35.27.27:853 ssl tfo allow-0rtt curves X25519:X448:P-256 crt /etc/acmecerts/dotls-for-authdns/live/ec-prime256v1.chained.crt.key
       server gdnsd 127.0.0.1:535 send-proxy-v2
  +listen dns_ns2-v6
  +    bind 2a02:ec80:53::1:853 ssl tfo allow-0rtt curves X25519:X448:P-256 crt /etc/acmecerts/dotls-for-authdns/live/ec-prime256v1.chained.crt.key
  +    server gdnsd 127.0.0.1:535 send-proxy-v2

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Standard Diff
• Full Diff