Diomidis Spinellis's questions

I am trying to debug a mind-boggling DNS failure when an OpenVPN client is operating. Although I can ping 8.8.8.8, when I run dig +trace example.com @8.8.8.8 I get as a reply connection timed out; no servers could be reached. Strangely, when I capture and inspect network packets, no port 53 packets appear on any of the computer's network interfaces. (Other packets appear fine in the packet dump when OpenVPN is connected, and port 53 packets also appear when OpenVPN is not connected.)

Through packet capture I've narrowed down the problem to the complete disappearance of port 53 packets when the OpenVPN client is running. Specifically:

• when the OpenVPN client is running no UDP or TCP port 53 packets appear on the packet trace if I execute echo hi | nc -u 1.2.3.4 53 or echo hi | nc 1.2.3.4 53,
• packets appear normally in the packet trace if I send them on a different port, e.g. echo hi | nc -u 1.2.3.4 52 or echo hi | nc 1.2.3.4 52,
• packets appear normally in the packet trace if the OpenVPN client is not running.

By tracing the CygWin nc (netcat) system calls, I further narrowed down the failure to a WSAEACCES (10013) error when the socket is created.

 23   21665 [main] nc 2406 cygwin_socket: 3 = socket(2, 1 (flags 0x0), 6)
204   21869 [main] nc 2406 __set_errno: void __set_winsock_errno(const char*, int):200 setting errno 1
 24   21893 [main] nc 2406 __set_winsock_errno: connect:810 - winsock error 10013 -> errno 1

This is a "Permission denied" error, documented as follows: "An attempt was made to access a socket in a way forbidden by its access permissions. An example is using a broadcast address for sendto without broadcast permission being set using setsockopt(SO_BROADCAST)."

OpenVPN is operating in tap mode using the default 1194 port on a Windows 10 machine. The Windows Defender Firewall and the Windows Defender antivirus are temporarily turned off to rule them out as culprits. For the same reason, no other firewall or anti-virus software is currently running on the specific computer. Exactly the same OpenVPN configuration works fine on a Debian GNU/Linux computer.

I want to configure a Unix system to run on International Atomic Time (TAI) in order to be able to see the year-end leap second properly reported as 2016-12-31 23:59:60. I know this will cause the system's timestamps to be incompatible with POSIX ones, but I'm doing this as an experiment. I have already copied the timezone file from /usr/share/zoneinfo/right/ to /etc/localtime. These are my questions.

• How can I accurately set the system's time? I understand that it must be set to TAI seconds, rather than UTC seconds. Is it possible to do this via NTP? Currently, the system displays the time 36 seconds off from the correct one.
• Will the displayed time continue to be correct after 2017-02-01? Do the zoneinfo/right timezone files need to be updated?

I am trying to download a binary file from an AWS S3 bucket using Amazon's new command-line interface. However, the tool responds with an error message.

$ aws s3 get-object --bucket myBucketName --key myFileName

<requests.packages.urllib3.response.HTTPResponse object at 0x1e61710> is not JSON serializable

Specifying text output format, gives the object's metadata, but again not the actual data.

$ aws --output text get-object --bucket myBucketName --key myFileName
<requests.packages.urllib3.response.HTTPResponse object at 0x298f710>   Fri, 05 Apr 2013 18:11:47 GMT   bytes   application/x-rpm       310000

The tests in the tool's source code distribution don't seem to exercise this functionality.

Today I found the following message in the daily log mail I get from a FreeBSD server:

ad2c: hard error reading fsbn 1081249272 of 540624636-540624639 (ad2 bn 1081249272; cn 1072667 tn 14 sn 54) status=59 error=40

What is the best way to find the file corresponding to above block number?