Re: Mail server
> I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? You can reduce the recommended hardware a bit if you use Courier IMAP, which is far more performant than uwimapd. :) - Jeff -- "In addition to these ample facilities, there exists a powerful configuration tool called gcc." - Elliot Hughes, author of lwm
Re: Mail server
How often will these people be checking email? ONLY through the webmail interface, or will they be checking by pop3, imap, etc.? If they start playing around with imap and storing large files and attachments on your server, the requirements will vary greatly. If you're doing a Hotmail setup (2Mb each user), then you can get by with virtually any kinda hardware above a pentium 233MMX ;-) Sincerely, Jason - Original Message - From: "James" <[EMAIL PROTECTED]> To: Sent: Sunday, November 04, 2001 11:55 AM Subject: Mail server > I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? > > - James > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > http://www.zentek-international.com >
Mail server
I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) that will serve about 300-500 users. There will not be a major amount of traffic being put through it and was wondering if anyone had any cost effective hardware recommendations for CPU/RAM/HD space? - James
Re: RAID & Hard disk performance
> There's a number of guides that tell you about hdparm and what DMA is, but if > you already know that stuff then there's little good documentation. "Oh bum." :) > Then on the rare occasions that I do meet people who know this stuff > reasonably well they seem to spend all their time trying to convince me that > SCSI is better than IDE (regardless of benchmark results). :( Heh, there's a religious war waiting to happen. > > [1] http://people.redhat.com/alikins/system_tuning.html I've just found that iostat (in unstable's sysstat package) supports extended I/O properties in /proc if you have sct's I/O monitoring patches. Unfortunately, the last one on his ftp site is for 2.3.99-preBlah. I sent an email to lkml last night to see if there's a newer patch - I'll follow up here if so. Thanks Russell, - Jeff -- Wars end, love lasts.
Re: Mail server
> I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? You can reduce the recommended hardware a bit if you use Courier IMAP, which is far more performant than uwimapd. :) - Jeff -- "In addition to these ample facilities, there exists a powerful configuration tool called gcc." - Elliot Hughes, author of lwm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: nameservers open to world - with test output
Well, it is a problem if your DNS server has zone files for lots of internal network servers. You could have two seperate instances of BIND (if you need an external dns server to be answering for your domain name etc). bind each to theiir applicable interface. On Sat, Nov 03, 2001 at 05:02:07PM -0500, James wrote: > Well, if your company runs the DNS for your website on those servers and > you block outside IPs from querying from, no one on the internet will be > able to go to your website. :) > > Overall, I do not think it is a big problem, unless someone is pointing > massive amounts of traffic to your DNS servers. DNS traffic is usually > very small UDP packets (I think like less than 512 bytes). If it goes > over that, it uses TCP. > > But generally, I think to go over 512 bytes in one request would mean a > zone transfer attempt (bad). > > So, IMO: Leave it open and monitor traffic. Potentially block TCP to > prevent zone transfers. > > - James > > -Original Message- > From: Ted Knab [mailto:[EMAIL PROTECTED] On Behalf Of Thedore > Knab > Sent: Saturday, November 03, 2001 1:57 PM > To: debian-isp@lists.debian.org > Subject: nameservers open to world - with test output > > It has recently came to my attention that anyone can use our company's > nameservers. > > I recently setup my home machine to use the company's nameserver to > confirm this. > > I was wondering if there was anyway to prevent people from using our > company's NS for their personal servers ? > > Would the extra traffic generated cause any problems on our network that > I may not be aware of ? > > > Test Confirmation that our NS is open to world: | > > > --- > Step one: lookup name | > --- > > mylinux machine$ whois ourdomain.com > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: ournameserver.com > Registrar: NETWORK SOLUTIONS, INC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: NS1.ournameserver.net > Name Server: NS2.ournameserver.net > Updated Date: 27-oct-2001 > > > Step two: change /etc/resolv.conf to the following | > > > search ournameserver.com > nameserver 123.123.123.123 # nameserver1 > nameserver 123.123.123.134 # nameserver2 > > - > Step three: sample run | > - > > mylinux machine$ nslookup www.debian.org > > Server: ournameserver.com > Address: 123.123.123.123 > > Non-authoritative answer: > Name: www.debian.org > Address: 198.186.203.20 > > mylinux machine$ > > -- > GNU PGP public key > http://www.annapolislinux.org/docs/public_key/GnuPG.txt > - > Ted Knab > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Nick Jennings
RE: nameservers open to world - with test output
James> Well, if your company runs the DNS for your website on
James> those servers and you block outside IPs from querying from,
James> no one on the internet will be able to go to your website.
James> :) [...]
I think the right way to do this in bind 8.?? is:
In named.conf
options {
// bla bla
allow-query { 127/8; your-network/bits; };
};
and for domain names you are authoritative for
zone "your-domain-name.com" in {
type master;
allow-query { any; } ;
file "/etc/bind/your-domain-name.com";
};
This will accomplish what you want.
cheers,
BM
Re: Mail server
How often will these people be checking email? ONLY through the webmail interface, or will they be checking by pop3, imap, etc.? If they start playing around with imap and storing large files and attachments on your server, the requirements will vary greatly. If you're doing a Hotmail setup (2Mb each user), then you can get by with virtually any kinda hardware above a pentium 233MMX ;-) Sincerely, Jason - Original Message - From: "James" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, November 04, 2001 11:55 AM Subject: Mail server > I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? > > - James > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > http://www.zentek-international.com > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mail server
I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) that will serve about 300-500 users. There will not be a major amount of traffic being put through it and was wondering if anyone had any cost effective hardware recommendations for CPU/RAM/HD space? - James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RAID & Hard disk performance
> There's a number of guides that tell you about hdparm and what DMA is, but if > you already know that stuff then there's little good documentation. "Oh bum." :) > Then on the rare occasions that I do meet people who know this stuff > reasonably well they seem to spend all their time trying to convince me that > SCSI is better than IDE (regardless of benchmark results). :( Heh, there's a religious war waiting to happen. > > [1] http://people.redhat.com/alikins/system_tuning.html I've just found that iostat (in unstable's sysstat package) supports extended I/O properties in /proc if you have sct's I/O monitoring patches. Unfortunately, the last one on his ftp site is for 2.3.99-preBlah. I sent an email to lkml last night to see if there's a newer patch - I'll follow up here if so. Thanks Russell, - Jeff -- Wars end, love lasts. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: nameservers open to world - with test output
Well, if your company runs the DNS for your website on those servers and you block outside IPs from querying from, no one on the internet will be able to go to your website. :) Overall, I do not think it is a big problem, unless someone is pointing massive amounts of traffic to your DNS servers. DNS traffic is usually very small UDP packets (I think like less than 512 bytes). If it goes over that, it uses TCP. But generally, I think to go over 512 bytes in one request would mean a zone transfer attempt (bad). So, IMO: Leave it open and monitor traffic. Potentially block TCP to prevent zone transfers. - James -Original Message- From: Ted Knab [mailto:[EMAIL PROTECTED] On Behalf Of Thedore Knab Sent: Saturday, November 03, 2001 1:57 PM To: debian-isp@lists.debian.org Subject: nameservers open to world - with test output It has recently came to my attention that anyone can use our company's nameservers. I recently setup my home machine to use the company's nameserver to confirm this. I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ? Would the extra traffic generated cause any problems on our network that I may not be aware of ? Test Confirmation that our NS is open to world: | --- Step one: lookup name | --- mylinux machine$ whois ourdomain.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ournameserver.com Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.ournameserver.net Name Server: NS2.ournameserver.net Updated Date: 27-oct-2001 Step two: change /etc/resolv.conf to the following | search ournameserver.com nameserver 123.123.123.123 # nameserver1 nameserver 123.123.123.134 # nameserver2 - Step three: sample run | - mylinux machine$ nslookup www.debian.org Server: ournameserver.com Address: 123.123.123.123 Non-authoritative answer: Name: www.debian.org Address: 198.186.203.20 mylinux machine$ -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RAID & Hard disk performance
On Sat, 3 Nov 2001 14:33, Jeff Waugh wrote: > > > > RAID-5 is another issue though. But then you have to consider that Linux > > software RAID kills the performance of most hardware RAID controllers. > > Run an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > > performance for bulk IO that an entry level Mylex RAID controller with > > Ultra2 SCSI 10K rpm drives. I expect that a top-end Mylex controller > > will perform well (but who can afford one of them?). > > Wow! > > Russell, do you know of any Linux I/O and hard disk performance guides? > I've recently read Adrian Likins' system tuning page [1] and am interested > too see if there's anything more specific. I'll have to check out that link. But generally I rely on my own experience when playing with disk performance. I haven't (yet) come across any guides to these things which were good and pitched at a high technical level. There's a number of guides that tell you about hdparm and what DMA is, but if you already know that stuff then there's little good documentation. Then on the rare occasions that I do meet people who know this stuff reasonably well they seem to spend all their time trying to convince me that SCSI is better than IDE (regardless of benchmark results). :( > [1] http://people.redhat.com/alikins/system_tuning.html -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: nameservers open to world - with test output
Well, it is a problem if your DNS server has zone files for lots of internal network servers. You could have two seperate instances of BIND (if you need an external dns server to be answering for your domain name etc). bind each to theiir applicable interface. On Sat, Nov 03, 2001 at 05:02:07PM -0500, James wrote: > Well, if your company runs the DNS for your website on those servers and > you block outside IPs from querying from, no one on the internet will be > able to go to your website. :) > > Overall, I do not think it is a big problem, unless someone is pointing > massive amounts of traffic to your DNS servers. DNS traffic is usually > very small UDP packets (I think like less than 512 bytes). If it goes > over that, it uses TCP. > > But generally, I think to go over 512 bytes in one request would mean a > zone transfer attempt (bad). > > So, IMO: Leave it open and monitor traffic. Potentially block TCP to > prevent zone transfers. > > - James > > -Original Message- > From: Ted Knab [mailto:[EMAIL PROTECTED]] On Behalf Of Thedore > Knab > Sent: Saturday, November 03, 2001 1:57 PM > To: [EMAIL PROTECTED] > Subject: nameservers open to world - with test output > > It has recently came to my attention that anyone can use our company's > nameservers. > > I recently setup my home machine to use the company's nameserver to > confirm this. > > I was wondering if there was anyway to prevent people from using our > company's NS for their personal servers ? > > Would the extra traffic generated cause any problems on our network that > I may not be aware of ? > > > Test Confirmation that our NS is open to world: | > > > --- > Step one: lookup name | > --- > > mylinux machine$ whois ourdomain.com > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: ournameserver.com > Registrar: NETWORK SOLUTIONS, INC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: NS1.ournameserver.net > Name Server: NS2.ournameserver.net > Updated Date: 27-oct-2001 > > > Step two: change /etc/resolv.conf to the following | > > > search ournameserver.com > nameserver 123.123.123.123 # nameserver1 > nameserver 123.123.123.134 # nameserver2 > > - > Step three: sample run | > - > > mylinux machine$ nslookup www.debian.org > > Server: ournameserver.com > Address: 123.123.123.123 > > Non-authoritative answer: > Name: www.debian.org > Address: 198.186.203.20 > > mylinux machine$ > > -- > GNU PGP public key > http://www.annapolislinux.org/docs/public_key/GnuPG.txt > - > Ted Knab > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Nick Jennings -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: nameservers open to world - with test output
James> Well, if your company runs the DNS for your website on
James> those servers and you block outside IPs from querying from,
James> no one on the internet will be able to go to your website.
James> :) [...]
I think the right way to do this in bind 8.?? is:
In named.conf
options {
// bla bla
allow-query { 127/8; your-network/bits; };
};
and for domain names you are authoritative for
zone "your-domain-name.com" in {
type master;
allow-query { any; } ;
file "/etc/bind/your-domain-name.com";
};
This will accomplish what you want.
cheers,
BM
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: nameservers open to world - with test output
You could always firewall out port 53 on your external interface. On Sat, Nov 03, 2001 at 01:56:34PM -0500, Thedore Knab wrote: > It has recently came to my attention that anyone can use our company's > nameservers. > > I recently setup my home machine to use the company's nameserver to confirm > this. > > I was wondering if there was anyway to prevent people from using our > company's NS for their personal servers ? > > Would the extra traffic generated cause any problems on our network that I > may not be aware of ? > > > Test Confirmation that our NS is open to world: | > > > --- > Step one: lookup name | > --- > > mylinux machine$ whois ourdomain.com > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: ournameserver.com > Registrar: NETWORK SOLUTIONS, INC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: NS1.ournameserver.net > Name Server: NS2.ournameserver.net > Updated Date: 27-oct-2001 > > > Step two: change /etc/resolv.conf to the following | > > > search ournameserver.com > nameserver 123.123.123.123 # nameserver1 > nameserver 123.123.123.134 # nameserver2 > > - > Step three: sample run | > - > > mylinux machine$ nslookup www.debian.org > > Server: ournameserver.com > Address: 123.123.123.123 > > Non-authoritative answer: > Name: www.debian.org > Address: 198.186.203.20 > > mylinux machine$ > > -- > GNU PGP public key > http://www.annapolislinux.org/docs/public_key/GnuPG.txt > - > Ted Knab > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Nick Jennings
Re: nameservers open to world - with test output
Hello! You can reconfigure BIND so that it only answers to requests from your company's network only. If recursiv resolving is what you mean. I suggest you to use D. J. Bernstein's djbdns. It's small, fast, reliable and secure. check it out - cr.yp.to/djbdns.html I use it myself and suggest it to others also.. You will save yourself soem time if you use djbdns. It's way simpler to manage tinydns data files than it is to mess around with BIND zone files. -- Martin 'pisi' Paljak / freelancer consultant [EMAIL PROTECTED] / pisi.pisitek.com www.pisitek.com On Sat, 3 Nov 2001, Thedore Knab wrote: > It has recently came to my attention that anyone can use our company's > nameservers. > > I recently setup my home machine to use the company's nameserver to confirm > this. > > I was wondering if there was anyway to prevent people from using our > company's NS for their personal servers ? > > Would the extra traffic generated cause any problems on our network that I > may not be aware of ? > > > Test Confirmation that our NS is open to world: | > > > --- > Step one: lookup name | > --- > > mylinux machine$ whois ourdomain.com > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: ournameserver.com > Registrar: NETWORK SOLUTIONS, INC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: NS1.ournameserver.net > Name Server: NS2.ournameserver.net > Updated Date: 27-oct-2001 > > > Step two: change /etc/resolv.conf to the following | > > > search ournameserver.com > nameserver 123.123.123.123 # nameserver1 > nameserver 123.123.123.134 # nameserver2 > > - > Step three: sample run | > - > > mylinux machine$ nslookup www.debian.org > > Server: ournameserver.com > Address: 123.123.123.123 > > Non-authoritative answer: > Name: www.debian.org > Address: 198.186.203.20 > > mylinux machine$ > > -- > GNU PGP public key > http://www.annapolislinux.org/docs/public_key/GnuPG.txt > - > Ted Knab > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
RE: nameservers open to world - with test output
Well, if your company runs the DNS for your website on those servers and you block outside IPs from querying from, no one on the internet will be able to go to your website. :) Overall, I do not think it is a big problem, unless someone is pointing massive amounts of traffic to your DNS servers. DNS traffic is usually very small UDP packets (I think like less than 512 bytes). If it goes over that, it uses TCP. But generally, I think to go over 512 bytes in one request would mean a zone transfer attempt (bad). So, IMO: Leave it open and monitor traffic. Potentially block TCP to prevent zone transfers. - James -Original Message- From: Ted Knab [mailto:[EMAIL PROTECTED]] On Behalf Of Thedore Knab Sent: Saturday, November 03, 2001 1:57 PM To: [EMAIL PROTECTED] Subject: nameservers open to world - with test output It has recently came to my attention that anyone can use our company's nameservers. I recently setup my home machine to use the company's nameserver to confirm this. I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ? Would the extra traffic generated cause any problems on our network that I may not be aware of ? Test Confirmation that our NS is open to world: | --- Step one: lookup name | --- mylinux machine$ whois ourdomain.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ournameserver.com Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.ournameserver.net Name Server: NS2.ournameserver.net Updated Date: 27-oct-2001 Step two: change /etc/resolv.conf to the following | search ournameserver.com nameserver 123.123.123.123 # nameserver1 nameserver 123.123.123.134 # nameserver2 - Step three: sample run | - mylinux machine$ nslookup www.debian.org Server: ournameserver.com Address: 123.123.123.123 Non-authoritative answer: Name: www.debian.org Address: 198.186.203.20 mylinux machine$ -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RAID & Hard disk performance
On Sat, 3 Nov 2001 14:33, Jeff Waugh wrote: > > > > RAID-5 is another issue though. But then you have to consider that Linux > > software RAID kills the performance of most hardware RAID controllers. > > Run an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > > performance for bulk IO that an entry level Mylex RAID controller with > > Ultra2 SCSI 10K rpm drives. I expect that a top-end Mylex controller > > will perform well (but who can afford one of them?). > > Wow! > > Russell, do you know of any Linux I/O and hard disk performance guides? > I've recently read Adrian Likins' system tuning page [1] and am interested > too see if there's anything more specific. I'll have to check out that link. But generally I rely on my own experience when playing with disk performance. I haven't (yet) come across any guides to these things which were good and pitched at a high technical level. There's a number of guides that tell you about hdparm and what DMA is, but if you already know that stuff then there's little good documentation. Then on the rare occasions that I do meet people who know this stuff reasonably well they seem to spend all their time trying to convince me that SCSI is better than IDE (regardless of benchmark results). :( > [1] http://people.redhat.com/alikins/system_tuning.html -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
nameservers open to world - with test output
It has recently came to my attention that anyone can use our company's nameservers. I recently setup my home machine to use the company's nameserver to confirm this. I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ? Would the extra traffic generated cause any problems on our network that I may not be aware of ? Test Confirmation that our NS is open to world: | --- Step one: lookup name | --- mylinux machine$ whois ourdomain.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ournameserver.com Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.ournameserver.net Name Server: NS2.ournameserver.net Updated Date: 27-oct-2001 Step two: change /etc/resolv.conf to the following | search ournameserver.com nameserver 123.123.123.123 # nameserver1 nameserver 123.123.123.134 # nameserver2 - Step three: sample run | - mylinux machine$ nslookup www.debian.org Server: ournameserver.com Address: 123.123.123.123 Non-authoritative answer: Name: www.debian.org Address: 198.186.203.20 mylinux machine$ -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab
Re: nameservers open to world - with test output
You could always firewall out port 53 on your external interface. On Sat, Nov 03, 2001 at 01:56:34PM -0500, Thedore Knab wrote: > It has recently came to my attention that anyone can use our company's nameservers. > > I recently setup my home machine to use the company's nameserver to confirm this. > > I was wondering if there was anyway to prevent people from using our company's NS >for their personal servers ? > > Would the extra traffic generated cause any problems on our network that I may not >be aware of ? > > > Test Confirmation that our NS is open to world: | > > > --- > Step one: lookup name | > --- > > mylinux machine$ whois ourdomain.com > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: ournameserver.com > Registrar: NETWORK SOLUTIONS, INC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: NS1.ournameserver.net > Name Server: NS2.ournameserver.net > Updated Date: 27-oct-2001 > > > Step two: change /etc/resolv.conf to the following | > > > search ournameserver.com > nameserver 123.123.123.123 # nameserver1 > nameserver 123.123.123.134 # nameserver2 > > - > Step three: sample run | > - > > mylinux machine$ nslookup www.debian.org > > Server: ournameserver.com > Address: 123.123.123.123 > > Non-authoritative answer: > Name: www.debian.org > Address: 198.186.203.20 > > mylinux machine$ > > -- > GNU PGP public key > http://www.annapolislinux.org/docs/public_key/GnuPG.txt > - > Ted Knab > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Nick Jennings -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: nameservers open to world - with test output
Hello! You can reconfigure BIND so that it only answers to requests from your company's network only. If recursiv resolving is what you mean. I suggest you to use D. J. Bernstein's djbdns. It's small, fast, reliable and secure. check it out - cr.yp.to/djbdns.html I use it myself and suggest it to others also.. You will save yourself soem time if you use djbdns. It's way simpler to manage tinydns data files than it is to mess around with BIND zone files. -- Martin 'pisi' Paljak / freelancer consultant [EMAIL PROTECTED] / pisi.pisitek.com www.pisitek.com On Sat, 3 Nov 2001, Thedore Knab wrote: > It has recently came to my attention that anyone can use our company's nameservers. > > I recently setup my home machine to use the company's nameserver to confirm this. > > I was wondering if there was anyway to prevent people from using our company's NS >for their personal servers ? > > Would the extra traffic generated cause any problems on our network that I may not >be aware of ? > > > Test Confirmation that our NS is open to world: | > > > --- > Step one: lookup name | > --- > > mylinux machine$ whois ourdomain.com > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: ournameserver.com > Registrar: NETWORK SOLUTIONS, INC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: NS1.ournameserver.net > Name Server: NS2.ournameserver.net > Updated Date: 27-oct-2001 > > > Step two: change /etc/resolv.conf to the following | > > > search ournameserver.com > nameserver 123.123.123.123 # nameserver1 > nameserver 123.123.123.134 # nameserver2 > > - > Step three: sample run | > - > > mylinux machine$ nslookup www.debian.org > > Server: ournameserver.com > Address: 123.123.123.123 > > Non-authoritative answer: > Name: www.debian.org > Address: 198.186.203.20 > > mylinux machine$ > > -- > GNU PGP public key > http://www.annapolislinux.org/docs/public_key/GnuPG.txt > - > Ted Knab > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
nameservers open to world - with test output
It has recently came to my attention that anyone can use our company's nameservers. I recently setup my home machine to use the company's nameserver to confirm this. I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ? Would the extra traffic generated cause any problems on our network that I may not be aware of ? Test Confirmation that our NS is open to world: | --- Step one: lookup name | --- mylinux machine$ whois ourdomain.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ournameserver.com Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.ournameserver.net Name Server: NS2.ournameserver.net Updated Date: 27-oct-2001 Step two: change /etc/resolv.conf to the following | search ournameserver.com nameserver 123.123.123.123 # nameserver1 nameserver 123.123.123.134 # nameserver2 - Step three: sample run | - mylinux machine$ nslookup www.debian.org Server: ournameserver.com Address: 123.123.123.123 Non-authoritative answer: Name: www.debian.org Address: 198.186.203.20 mylinux machine$ -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RAID & Hard disk performance
> RAID-5 is another issue though. But then you have to consider that Linux > software RAID kills the performance of most hardware RAID controllers. Run > an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > performance for bulk IO that an entry level Mylex RAID controller with Ultra2 > SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform > well (but who can afford one of them?). Wow! Russell, do you know of any Linux I/O and hard disk performance guides? I've recently read Adrian Likins' system tuning page [1] and am interested too see if there's anything more specific. Thanks for bonnie++ btw, - Jeff [1] http://people.redhat.com/alikins/system_tuning.html -- o/~ we all live in a yellow subroutine o/~ - auspex
Re: Survey .. how many domains do you host? (Now RAID)
On Sat, 3 Nov 2001 01:19, Jason Lim wrote: > Hum... if the Highpoint chipsets are merely IDE controllers... whats the > advantage to using them over the regular plain vanilla generic IDE > controller cards? > > Don't they offload ANY work from the processor at ALL? They have to have > SOME sort of benefit... otherwise, why market them as RAID controllers? For RAID-0 the only work is to do a translation: drive = blocknum % 2; drive_blocknum = blocknum / 2; For RAID-1 the only work is to decide which drive has a shorter queue for reading and to write the same data to both drives for writing, and of course the rebuild on reboot. It's not so much work. The benefit of hardware RAID (including BIOS software RAID) for RAID-0 and RAID-1 is to enable booting from the RAID without any hassles. RAID-5 is another issue though. But then you have to consider that Linux software RAID kills the performance of most hardware RAID controllers. Run an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the performance for bulk IO that an entry level Mylex RAID controller with Ultra2 SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform well (but who can afford one of them?). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Survey .. how many domains do you host? (Now RAID)
On Sat, 3 Nov 2001 00:07, Dave Watkins wrote: > Contrary to popular belief the Highpoint chipsets are only software RAID. > The driver uses processor time to actually do the RAID work. The chip is > just an IDE controller. Based on that even if it isn't supported at a RAID > level you can still use the software RAID avaliable in linux as the kernel > has had standard IDE drivers for the highpoint for a while now >From 2.4.13 Configure.help: HPT366 chipset support CONFIG_BLK_DEV_HPT366 HPT366 is an Ultra DMA chipset for ATA-66. HPT368 is an Ultra DMA chipset for ATA-66 RAID Based. HPT370 is an Ultra DMA chipset for ATA-100. [snip] So it seems that the HPT368 RAID controller is supported - even if not in RAID mode. >From 2.4.13 drivers/ide/Config.in: dep_tristate 'Support for IDE Raid controllers' CONFIG_BLK_DEV_ATARAID $CONFIG_BLK_DEV_IDE $CONFIG_EXPERIMENTAL dep_tristate ' Support Promise software RAID (Fasttrak(tm))' CONFIG_BLK_DEV_ATARAID_PDC $CONFIG_BLK_DEV_IDE $CONFIG_EXPERIMENTAL $CONFIG_BLK_DEV_ATARAID dep_tristate ' Highpoint 370 software RAID' CONFIG_BLK_DEV_ATARAID_HPT $CONFIG_BLK_DEV_IDE $CONFIG_EXPERIMENTAL $CONFIG_BLK_DEV_ATARAID There's no help for the above (I recall there was in one of the -ac kernels). They allow Linux software RAID to do the same thing as the BIOS software RAID in those adapters. Having software RAID in the BIOS match software RAID in Linux will solve some boot problems and does offer benefits over a straight Linux software RAID solution. Setting it up properly with the boot loader will be tricky though (setting it up to basically boot will be easy). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
RAID & Hard disk performance
> RAID-5 is another issue though. But then you have to consider that Linux > software RAID kills the performance of most hardware RAID controllers. Run > an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > performance for bulk IO that an entry level Mylex RAID controller with Ultra2 > SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform > well (but who can afford one of them?). Wow! Russell, do you know of any Linux I/O and hard disk performance guides? I've recently read Adrian Likins' system tuning page [1] and am interested too see if there's anything more specific. Thanks for bonnie++ btw, - Jeff [1] http://people.redhat.com/alikins/system_tuning.html -- o/~ we all live in a yellow subroutine o/~ - auspex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Survey .. how many domains do you host? (Now RAID)
On Sat, 3 Nov 2001 01:19, Jason Lim wrote: > Hum... if the Highpoint chipsets are merely IDE controllers... whats the > advantage to using them over the regular plain vanilla generic IDE > controller cards? > > Don't they offload ANY work from the processor at ALL? They have to have > SOME sort of benefit... otherwise, why market them as RAID controllers? For RAID-0 the only work is to do a translation: drive = blocknum % 2; drive_blocknum = blocknum / 2; For RAID-1 the only work is to decide which drive has a shorter queue for reading and to write the same data to both drives for writing, and of course the rebuild on reboot. It's not so much work. The benefit of hardware RAID (including BIOS software RAID) for RAID-0 and RAID-1 is to enable booting from the RAID without any hassles. RAID-5 is another issue though. But then you have to consider that Linux software RAID kills the performance of most hardware RAID controllers. Run an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the performance for bulk IO that an entry level Mylex RAID controller with Ultra2 SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform well (but who can afford one of them?). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Survey .. how many domains do you host? (Now RAID)
On Sat, 3 Nov 2001 00:07, Dave Watkins wrote: > Contrary to popular belief the Highpoint chipsets are only software RAID. > The driver uses processor time to actually do the RAID work. The chip is > just an IDE controller. Based on that even if it isn't supported at a RAID > level you can still use the software RAID avaliable in linux as the kernel > has had standard IDE drivers for the highpoint for a while now >From 2.4.13 Configure.help: HPT366 chipset support CONFIG_BLK_DEV_HPT366 HPT366 is an Ultra DMA chipset for ATA-66. HPT368 is an Ultra DMA chipset for ATA-66 RAID Based. HPT370 is an Ultra DMA chipset for ATA-100. [snip] So it seems that the HPT368 RAID controller is supported - even if not in RAID mode. >From 2.4.13 drivers/ide/Config.in: dep_tristate 'Support for IDE Raid controllers' CONFIG_BLK_DEV_ATARAID $CONFIG_BLK_DEV_IDE $CONFIG_EXPERIMENTAL dep_tristate ' Support Promise software RAID (Fasttrak(tm))' CONFIG_BLK_DEV_ATARAID_PDC $CONFIG_BLK_DEV_IDE $CONFIG_EXPERIMENTAL $CONFIG_BLK_DEV_ATARAID dep_tristate ' Highpoint 370 software RAID' CONFIG_BLK_DEV_ATARAID_HPT $CONFIG_BLK_DEV_IDE $CONFIG_EXPERIMENTAL $CONFIG_BLK_DEV_ATARAID There's no help for the above (I recall there was in one of the -ac kernels). They allow Linux software RAID to do the same thing as the BIOS software RAID in those adapters. Having software RAID in the BIOS match software RAID in Linux will solve some boot problems and does offer benefits over a straight Linux software RAID solution. Setting it up properly with the boot loader will be tricky though (setting it up to basically boot will be easy). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
