Re: DNS migration and folks that don't play nice
[EMAIL PROTECTED] (Kevin D. Clark) writes: > Bruce Dawson writes: > >> Add to this the fact that most BIND servers operate using UDP instead of >> TCP, and its easy to understand how BIND servers could become >> corrupt. > > How does the fact that a BIND server uses TCP instead of UDP make it > more or less secure? > > (I don't know; this is why I ask) I think it's more a reliability thing than security (though one could argue reliability is part of good security...) If you're name servers are receiving updates via UDP, it's far easier to drop updates in the zone transfer since UDP is lacking everything required to guarantee a complete transaction. Moving your zone transfers over to a TCP connection do a lot more to guarantee the entire update completes correctly. Note, though, usually, BIND is configured for zone transfers to occur over TCP, not the average resolver query. That still happen over UDP as far as I know. -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
Bruce Dawson <[EMAIL PROTECTED]> writes: > That explains it! Older versions of BIND had problems - they were > especially vulnerable to attacks, and "fell down" in pathologically bad > ways. It got to the point where I was restarting BIND every two days > until they (ISC) started coming out with security fixes. [...] > I would not be surprised at all if it looked like a BIND server was > operating correctly for a few zones, and not others. > > Add to this the fact that most BIND servers operate using UDP instead of > TCP, and its easy to understand how BIND servers could become corrupt. > Add to this the amount of malware on the Internet, and its surprising > that things are working at all! We just migrated to a new BIND server and finally retired our very old and tired NetBSD machine. The NetBSD machine was 5+ years old, and was already tired when I inherited 2.5 years ago. As people have probably suspected for a while, the network I currently manage is, ahm, a little on the irregular side of things :) For "Directory Services", we run Hesiod, which is essentially nothing more than using DNS TXT and CNAME records to wrap around your /etc/passwd file and serve them up using a DNS server. It's quite lightweight, and very fast. However, our primary DNS server was our slave Hesiod server, and vice versa. For some reason, whenever we updated the records on the Hesiod server we had to actually kill off the named running on the primary dns server for it to update it's copy of the hesiod domain. I have no idea why, but nothing else would update the primary servers cache of the domain except a hard restart of named. The only (ONLY he says, as if this is a *small* thing when discussing BIND :) was that the primary was running BIND9 and the Hesiod servers are running BIND8. This really *shouldn't* matter, and indeed, the new server we're running as our primary is also running BIND9 with nothing changing on the Hesiod servers, and the update "just works" with no restart necessary on the new BIND9 server. So, yeah, BIND can be wacky at times :) Oh, an as far as the original question goes, I usually just shorten the TTLs leading up to the event, make the switch, and wait for the rest of the world to catch up. I've never bothered to maintain forwarders for any length of time, but then again, I've only had these events happen 3 or 4 times over the past decade and it's just never been a problem. If I were running a big site where I might miss one in 2 billion e-mails comming in, or a trading site or something, I might be more cautious :) -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
Cole Tuininga writes: > > Preface - > > The folks on the sys-admin list are talking about the migration of > services from the older server to the newer server. Of course, one of > the issues that's come up is DNS. This led to the following snippet: > > On Sat, 2006-04-08 at 09:04 -0400, wrote: > > > Well, there's at least one easy workaround for that, aside from the > > > obvious (shorten TTL ahead of time, to force fast propagation). > > > > Unfortunately, shortening the TTL doesn't work for clients (like AOL) > > that cache/maintain their own DNS. > > I was curious - how do folks in general deal with this? While AOL can > certainly constitute a large number of users, my inclination is to say > "hell with 'em". If they can't conform to proper netiquette, why should > I be bending over backwards to support them? > > I was just curious to get other folks' take on this quasi-philosophical > point. For HTTP you can create temporary A/PTRs that have never existed then use a 302 to redirect from old to new. For example: old server has www.example.com that responds with a 302 redirecting to www2.example.com new server hosts both www and www2 with the same content. That way people with and old cache will request a new lookup for www2 (which is new and never had the old address). This of course means you need to keep the www2 name around indefinately because it could end up in people's bookmarks/links. If bandwidth isn't an issue for the short term, the better solution is to NAT requests going to the old server to the new server. Use both SNAT and DNAT in iptables to redirect important UDP/TCP ports on the old server to the new server. -- Dave ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Laptop OS Virtualization?
Add me to the VMWare crowd. I use it every time I do a demo. My laptop came from Oracle with WinXP on it, I run Linux, WinXP and Win2K Server VMs depending on which demo I want to run. Sometimes running the WinXP VM with Oracle EE database, Oracle EE Application Server, Oracle BPEL Server, Oracle XML Publisher, Oracle Forms, Oracle Reports and Oracle Discoverer can be a bit slow. Generally we recommend putting that much software on more than one machine or at least one machine with more power than my laptop: Dell D600 1.6 MHz, 2GB Ram, 80 GB HD with 250GB USB drive to hold all the VMs (some of them are 40+ GB in size). VM 5.5 for me. Rich Ted Roche wrote: Has anyone got multiple OSes running simultaneously on their personal machines? I've got a laptop I dual-boot between WinXPPro (client work) and Linux (more client work, home & hobby), and I'd like to be able to toggle between the two rather than a slow reboot. Anyone doing this? What VM manager are you using? What host OS? Tips? Reviews? Pans? Warnings? Ted "You've got answers? I've got questions!" Roche Ted Roche & Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Monadnock Linux User Group - April 13th
If you want a presenter this thursday, we might be able to bang something together! Take at look at our website, www.resara.com Warren L On Monday 10 April 2006 2:48 pm, guy Pardoe wrote: > The next meeting of the Monadnock Linux User Group (MonadLUG) will be this > Thursday, April 13th, 7:00pm, at the SAU 1 Superintendent's Office behind > South Meadow School in Peterborough. > > For directions, visit > http://wiki.gnhlug.org/twiki2/bin/view/Www/OurChapters#monadlug > > > > AGENDA > > 1. Announcements. > > 2. Due to some unavoidable issues, the presentation that was planned for > this meeting is being postponed. So there is no formal speaker this month. > Bring your questions & problems for some open discussion. > > > * > > > We're also looking for topics for future meetings. If you have a > suggestion or would like to present a topic yourself, please contact me at > [EMAIL PROTECTED] > > Please forward this announcement to anyone you think may be interested in > attending. > > Thank you, > > Guy Pardoe > MonadLUG Coordinator > > ___ > gnhlug-announce mailing list > gnhlug-announce@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss -- Warren Luebkeman Founder, Resara LLC 1.888.357.9191 www.resara.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Monadnock Linux User Group - April 13th
The next meeting of the Monadnock Linux User Group (MonadLUG) will be this Thursday, April 13th, 7:00pm, at the SAU 1 Superintendent's Office behind South Meadow School in Peterborough. For directions, visit http://wiki.gnhlug.org/twiki2/bin/view/Www/OurChapters#monadlug AGENDA 1. Announcements. 2. Due to some unavoidable issues, the presentation that was planned for this meeting is being postponed. So there is no formal speaker this month. Bring your questions & problems for some open discussion. * We're also looking for topics for future meetings. If you have a suggestion or would like to present a topic yourself, please contact me at [EMAIL PROTECTED] Please forward this announcement to anyone you think may be interested in attending. Thank you, Guy Pardoe MonadLUG Coordinator ___ gnhlug-announce mailing list gnhlug-announce@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Laptop OS Virtualization?
I've been running VMware on laptops for years now. VMware 3.x worked almost flawlessly on my Dell Inspiron 7500 running Win98 on top of RedHat 7.3. For some reason I have problems with mouse and keyboard response when running VMware 4.5 hosted on SuSE 9.3 with guest Win2k on an IBM Thinkpad G41. I get jerky mouse response and more duplicate keystrokes when VMware is running, on host and guest OS but it is worse in the guest. Its a bit painful, but it beats booting into Windows and allows me to use the Windows-only programs I need. I've been able to figure out how to attach USB devices to the guest and they seem to mostly work. -- Mark Polhamus Ted Roche wrote: > Has anyone got multiple OSes running simultaneously on their personal > machines? I've got a laptop I dual-boot between WinXPPro (client work) > and Linux (more client work, home & hobby), and I'd like to be able to > toggle between the two rather than a slow reboot. > > Anyone doing this? What VM manager are you using? What host OS? Tips? > Reviews? Pans? Warnings? > > Ted "You've got answers? I've got questions!" Roche > Ted Roche & Associates, LLC > http://www.tedroche.com > > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss > ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
Cole Tuininga wrote: On Mon, 2006-04-10 at 10:27 -0400, John Abreau wrote: Cole Tuininga wrote: I wasn't aware that AOL was screwing this up as well. Last I was aware, AOL cached DNS entries for a minimum of two weeks, no matter what the TTL. However, I don't see anything that can be done about their blatant disregard for the way DNS is designed to work. Saying "the hell with 'em" is probably your only realistic option. Well, some folks take the approach that they will try to make sure services remain forwarding for at least two weeks, to accommodate this. As I try to remember to set TTL's to a low value for a while before making changes, I usually say "to hell with 'em" and only support the forwarding for a little longer than the TTL allows fo If you're doing that for an enterprise, sure; but does GNHLUG have the resources and spare machine to do that for the server migration? -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Seacoast LUG - Meeting tonight at UNH - Intro to Python
I liked yours better ;) On Mon April 10 2006 12:50, Greg Rundlett wrote: > Aplogies for jumping ahead of Rob on this announcement, I couldn't > find any announcement about tonight's meeting in my email. But I just > saw on the SLUG website that tonight's SLUG meeting is an Introduction > to Python. > > > What Meeting > When 2006-04-10 > from 19:00 to 21:00 > Where UNH Morse Hall conference room 301 > > Spread the word, and see you at UNH in Dartmouth! > > Directions, details and more at > > http://slug.gnhlug.org/slug/Members/rea/SLUG/slug-meetings/introduction-to- >python -- -- Robert E. Anderson email: [EMAIL PROTECTED] Systems Programmer phone: (603) 862-3489 UNH Research Computing Centerfax: (603) 862-1761 -- ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: GNHLUG Seacoast - Intro to Python - 10 Apr
On 4/10/06, Greg Rundlett <[EMAIL PROTECTED]> wrote: > thanks Ben, much better announcement. I was in too much of a hurry. That's okay... When I saw yours, I thought I'd post a message to gnhlug-announce. But I didn't think to check the mail queues prior to sending my announcement. So Rob's went out too. We now have three announcements for this meeting in circulation, within minutes of each other. I guess maybe we're trying to compensate for any lateness of notice with quantity of notices. ;-) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: GNHLUG Seacoast - Intro to Python - 10 Apr
thanks Ben, much better announcement. I was in too much of a hurry. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Laptop OS Virtualization?
Hey Ted, I am using VMWare running on top of Kubuntu. I have several Microsoft virtual machines running, each with different software installed. The nice thing about it is I can "pause" a virtual machine and then "resume" it later, totally circumventing the windows boot process. In my work flow I use the virtual windows for about ten minutes at a time, then pause it. So far, I have no complaints. I am using vmware 5 and Windows XP Professional. Another thing that is nice, is that vmware lets me share part of the linux partition as a mapped drive on Windows. I don't have to connect to the internet with windows at all this way. Helps with security. Kjel On Monday 10 April 2006 12:39 pm, Ted Roche wrote: > Has anyone got multiple OSes running simultaneously on their personal > machines? I've got a laptop I dual-boot between WinXPPro (client > work) and Linux (more client work, home & hobby), and I'd like to be > able to toggle between the two rather than a slow reboot. > > Anyone doing this? What VM manager are you using? What host OS? Tips? > Reviews? Pans? Warnings? > > Ted "You've got answers? I've got questions!" Roche > Ted Roche & Associates, LLC > http://www.tedroche.com > > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
SLUG meeting tonight at 7pm Topic: Introduction to the Python programming language
Who:Robert Anderson wil be presenting an set of Introduction to Python slides prepared by Harold Boley. What: An introduction to the Python programming language. When: Monday April 10th at 7:00pm Where: Morse Hall Conference room 301 The following slide presentation will be covered, along with any discussion or questions that may follow: http://www.cs.unb.ca/~boley/FLP/python-intro.pdf -- -- Robert E. Anderson email: [EMAIL PROTECTED] Systems Programmer phone: (603) 862-3489 UNH Research Computing Centerfax: (603) 862-1761 -- ___ gnhlug-announce mailing list gnhlug-announce@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Laptop OS Virtualization?
On 4/10/06, Ted Roche <[EMAIL PROTECTED]> wrote: > Has anyone got multiple OSes running simultaneously on their personal > machines? I've got a laptop I dual-boot between WinXPPro (client > work) and Linux (more client work, home & hobby), and I'd like to be > able to toggle between the two rather than a slow reboot. > > Anyone doing this? What VM manager are you using? What host OS? Tips? > Reviews? Pans? Warnings? This month's LJ covers Xen, VMWare and other virtualization stuff. If that weren't reason enough to pick up a copy, it also features a new column written by Maddog himself. I feel more famous now, by association. Way to go Maddog! ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
GNHLUG Seacoast - Intro to Python - 10 Apr
What : Introduction to Python Who : Rob Anderson Group: SLUG (Seacoast LUG) Where: Room 301, Morse Hall, UNH, Durham Day : Mon 10 Apr 2006 Time : 7 PM - 9 PM >From the SLUG website: "April's SLUG topic will be the Python programming language. We'll be going over a set of slides created to give a good overview of Python." >From the Python website: "Python is an interpreted, interactive, object-oriented programming language. It incorporates modules, exceptions, dynamic typing, very high level dynamic data types, and classes. Python combines remarkable power with very clear syntax. It has interfaces to many system calls and libraries, as well as to various window systems, and is extensible in C or C++. It is also usable as an extension language for applications that need a programmable interface. Finally, Python is portable: it runs on many Unix variants, on the Mac, and on PCs under MS-DOS, Windows, Windows NT, and OS/2." http://slug.gnhlug.org/plone/Members/rea/SLUG/slug-meetings/introduction-to-python/ http://www.gnhlug.org http://www.python.org ___ gnhlug-announce mailing list gnhlug-announce@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Seacoast LUG - Meeting tonight at UNH - Intro to Python
On 4/10/06, Cole Tuininga <[EMAIL PROTECTED]> wrote: > On Mon, 2006-04-10 at 12:50 -0400, Greg Rundlett wrote: > > Spread the word, and see you at UNH in Dartmouth! > > s/Dartmouth/Durham/ > Sorry about that brain cramp. YES, the meeting is in Durham, NH ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Seacoast LUG - Meeting tonight at UNH - Intro to Python
On Mon, 2006-04-10 at 12:50 -0400, Greg Rundlett wrote: > Spread the word, and see you at UNH in Dartmouth! s/Dartmouth/Durham/ ? -- Cole Tuininga <[EMAIL PROTECTED]> ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Laptop OS Virtualization?
I'm running VmWare and have always been happy with it. Over time the workstation version has gotten progressively more powerful. For example I'm currently running VmWare on a Windows X64 (64bit) host laptop. The guest OS is a 64 bit Ubuntu system. With VmWare I can forget about the problems I ran into with ACPI and the unsupported Broadcom wireless chipset in the laptop. When I put Ubuntu into full screen mode I defy most users from being able to tell that Ubuntu is the guest and X64 the host. Of course the system has reasonable horse power - 1 Gig of RAM, ML30 (64 bit) CPU running at 1.6 ghz and a 100 GB hard drive. Plenty of room to install several guest OSs and enough RAM to run a couple of guest OSs concurrently. VmWare allows the guest OS to access the network in several modes (NAT, bridged etc.) and you can access USB devices, the CD drive and audio. -Alex P.S. I'm running VmWare 5.51 P.P.S. The license for VmWare workstation is currently ~$200 which is more than some of the alternatives but less than it was a couple of years back. - Original Message - From: "Ted Roche" <[EMAIL PROTECTED]> To: "GNHLUG User Group" Sent: Monday, April 10, 2006 12:39 PM Subject: Laptop OS Virtualization? Has anyone got multiple OSes running simultaneously on their personal machines? I've got a laptop I dual-boot between WinXPPro (client work) and Linux (more client work, home & hobby), and I'd like to be able to toggle between the two rather than a slow reboot. Anyone doing this? What VM manager are you using? What host OS? Tips? Reviews? Pans? Warnings? Ted "You've got answers? I've got questions!" Roche Ted Roche & Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Seacoast LUG - Meeting tonight at UNH - Intro to Python
Aplogies for jumping ahead of Rob on this announcement, I couldn't find any announcement about tonight's meeting in my email. But I just saw on the SLUG website that tonight's SLUG meeting is an Introduction to Python. WhatMeeting When2006-04-10 from 19:00 to 21:00 Where UNH Morse Hall conference room 301 Spread the word, and see you at UNH in Dartmouth! Directions, details and more at http://slug.gnhlug.org/slug/Members/rea/SLUG/slug-meetings/introduction-to-python ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Laptop OS Virtualization?
Hey Ted, I am using VMWare running on top of Kubuntu. I have several Microsoft virtual machines running, each with different software installed. The nice thing about it is I can "pause" a virtual machine and then "resume" it later, totally circumventing the windows boot process. In my work flow I use the virtual windows for about ten minutes at a time, then pause it. So far, I have no complaints. I am using vmware 5 and Windows XP Professional. Another thing that is nice, is that vmware lets me share part of the linux partition as a mapped drive on Windows. I don't have to connect to the internet with windows at all this way. Helps with security. Kjel On Monday 10 April 2006 12:39 pm, Ted Roche wrote: > Has anyone got multiple OSes running simultaneously on their personal > machines? I've got a laptop I dual-boot between WinXPPro (client > work) and Linux (more client work, home & hobby), and I'd like to be > able to toggle between the two rather than a slow reboot. > > Anyone doing this? What VM manager are you using? What host OS? Tips? > Reviews? Pans? Warnings? > > Ted "You've got answers? I've got questions!" Roche > Ted Roche & Associates, LLC > http://www.tedroche.com > > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Laptop OS Virtualization?
On Mon, 2006-04-10 at 12:39, Ted Roche wrote: > Has anyone got multiple OSes running simultaneously on their personal > machines? I've got a laptop I dual-boot between WinXPPro (client > work) and Linux (more client work, home & hobby), and I'd like to be > able to toggle between the two rather than a slow reboot. VMWare has released it's server software as a free download, http://www.vmware.com/products/server/. I have it on a couple of machines (not laptops) and it works very well. --charlie > > Anyone doing this? What VM manager are you using? What host OS? Tips? > Reviews? Pans? Warnings? > > Ted "You've got answers? I've got questions!" Roche > Ted Roche & Associates, LLC > http://www.tedroche.com > > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
Kevin D. Clark wrote: > Bruce Dawson writes: > >>Add to this the fact that most BIND servers operate using UDP instead of >>TCP, and its easy to understand how BIND servers could become >>corrupt. > > How does the fact that a BIND server uses TCP instead of UDP make it > more or less secure? Its more a reliability than a security issue. UDP is more suseptible to DOS attacks than TCP. Its also easier to spoof (largely because its simpler than TCP). Keep in mind that TCP has packet counts, checksums, ... UDP has none of that. --Bruce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Laptop OS Virtualization?
Has anyone got multiple OSes running simultaneously on their personal machines? I've got a laptop I dual-boot between WinXPPro (client work) and Linux (more client work, home & hobby), and I'd like to be able to toggle between the two rather than a slow reboot. Anyone doing this? What VM manager are you using? What host OS? Tips? Reviews? Pans? Warnings? Ted "You've got answers? I've got questions!" Roche Ted Roche & Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
Bruce Dawson writes: > Add to this the fact that most BIND servers operate using UDP instead of > TCP, and its easy to understand how BIND servers could become > corrupt. How does the fact that a BIND server uses TCP instead of UDP make it more or less secure? (I don't know; this is why I ask) Thanks, --kevin -- GnuPG ID: B280F24E And the madness of the crowd alumni.unh.edu!kdc Is an epileptic fit -- Tom Waits ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On 4/10/06, Mark Komarinski <[EMAIL PROTECTED]> wrote: > When we change a host's IP address, we drop the TTL to 300 seconds a > few days before, make the change, then raise it back up to 1 day. Ideally, one does a "ramp down" on the TTL. For example, if your TTL is set to one week normally, then one week in advance, you reduce the TTL to six days. Six days out. you, you reduce it to five. And so on. Use a little padding. I believe DJB's DNS tools have a feature that does this automagically. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On Mon, Apr 10, 2006 at 10:04:53AM -0400, Cole Tuininga wrote: > > Preface - > > The folks on the sys-admin list are talking about the migration of > services from the older server to the newer server. Of course, one of > the issues that's come up is DNS. This led to the following snippet: > > On Sat, 2006-04-08 at 09:04 -0400, wrote: > > > Well, there's at least one easy workaround for that, aside from the > > > obvious (shorten TTL ahead of time, to force fast propagation). When we change a host's IP address, we drop the TTL to 300 seconds a few days before, make the change, then raise it back up to 1 day. We don't have many AOL users, but so far haven't had any complaints from users that they can't reach the site or hit the wrong site. -Mark signature.asc Description: Digital signature
Re: DNS migration and folks that don't play nice
Cole Tuininga wrote: > On Mon, 2006-04-10 at 10:58 -0400, Mark Komarinski wrote: >>Any evidence of this? > > Nope - my knowledge is both anecdotal and quite possibly very out of > date. > Yes, but not recent, and not in the form of log files. I used "AOL" merely to indicate that there are some "large" organizations that have what appears to be deliberately broken DNS servers. >>I've got a friend at AOL (who knows of such >>things) and says they're using BIND and thus are honoring TTL. That explains it! Older versions of BIND had problems - they were especially vulnerable to attacks, and "fell down" in pathologically bad ways. It got to the point where I was restarting BIND every two days until they (ISC) started coming out with security fixes. > Interesting - this does seem counter to the experience a few of my (less > tech savvy) friends who make use of aol. I wonder - perhaps the aol > software itself caches the lookups? I dunno. There's lots of crufty software between BIND and the resolver. And the resolver's cache could easily be scrod. I would not be surprised at all if it looked like a BIND server was operating correctly for a few zones, and not others. Add to this the fact that most BIND servers operate using UDP instead of TCP, and its easy to understand how BIND servers could become corrupt. Add to this the amount of malware on the Internet, and its surprising that things are working at all! --Bruce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On 4/10/06, Cole Tuininga <[EMAIL PROTECTED]> wrote: Preface -The folks on the sys-admin list are talking about the migration ofservices from the older server to the newer server. Of course, one ofthe issues that's come up is DNS. This led to the following snippet: On Sat, 2006-04-08 at 09:04 -0400, wrote:> > Well, there's at least one easy workaround for that, aside from the> > obvious (shorten TTL ahead of time, to force fast propagation).> Unfortunately, shortening the TTL doesn't work for clients (like AOL) > that cache/maintain their own DNS.I was curious - how do folks in general deal with this? While AOL cancertainly constitute a large number of users, my inclination is to say"hell with 'em". If they can't conform to proper netiquette, why should I be bending over backwards to support them? Becouse your users may be using them. ;-) Best suggestion is, add the new DNS servers into the root server, so that both the old AND new servers are present. Wait for this to propogate, bring up the new servers, bring down the old, and remove the old servers entries. Doing it over a period of a few days, tends to work best. Thomas
Re: DNS migration and folks that don't play nice
Another term in this equation is that your average AOL user is just slighter dumber than their computer -- with the power off. They're more likely to have misconfigured settings, spyware, DNS hijacking, other badware, obsolete software, etc. That sure doesn't help. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On Mon, 2006-04-10 at 10:58 -0400, Mark Komarinski wrote: > Any evidence of this? Nope - my knowledge is both anecdotal and quite possibly very out of date. > I've got a friend at AOL (who knows of such > things) and says they're using BIND and thus are honoring TTL. Interesting - this does seem counter to the experience a few of my (less tech savvy) friends who make use of aol. I wonder - perhaps the aol software itself caches the lookups? I dunno. -- Cole Tuininga <[EMAIL PROTECTED]> ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On Mon, Apr 10, 2006 at 10:04:53AM -0400, Cole Tuininga wrote: > > Preface - > > The folks on the sys-admin list are talking about the migration of > services from the older server to the newer server. Of course, one of > the issues that's come up is DNS. This led to the following snippet: > > On Sat, 2006-04-08 at 09:04 -0400, wrote: > > > Well, there's at least one easy workaround for that, aside from the > > > obvious (shorten TTL ahead of time, to force fast propagation). > > > > Unfortunately, shortening the TTL doesn't work for clients (like AOL) > > that cache/maintain their own DNS. > > I was curious - how do folks in general deal with this? While AOL can > certainly constitute a large number of users, my inclination is to say > "hell with 'em". If they can't conform to proper netiquette, why should > I be bending over backwards to support them? > > I was just curious to get other folks' take on this quasi-philosophical > point. > Any evidence of this? I've got a friend at AOL (who knows of such things) and says they're using BIND and thus are honoring TTL. -Mark signature.asc Description: Digital signature
Re: DNS migration and folks that don't play nice
On Mon, 2006-04-10 at 10:04 -0400, Cole Tuininga wrote: > Preface - > > The folks on the sys-admin list are talking about the migration of > services from the older server to the newer server. Of course, one of > the issues that's come up is DNS. This led to the following snippet: > > On Sat, 2006-04-08 at 09:04 -0400, wrote: > > > Well, there's at least one easy workaround for that, aside from the > > > obvious (shorten TTL ahead of time, to force fast propagation). > > > > Unfortunately, shortening the TTL doesn't work for clients (like AOL) > > that cache/maintain their own DNS. > > I was curious - how do folks in general deal with this? (Context is HTTP and SMTP servers) Usually, I will try to run in parallel for up to 10 days. I'll also watch the logs a bit to see how quickly traffic dries up at the old site. When serving static pages, this is pretty painless. It is also fairly easy to migrate data that gets posted to a RDBMS on the old site. The last site I moved, HowsYourBaby worked quite smoothly. The old site usage dried up in a day except for 1 laggard who showed up about 5 days later. (Could not find the record now, but I think that's accurate.) I pulled off the laggard data from the old DB and reposted it to the new DB after the 10 day wait. Yes this means paying double hosting fees for a month. > While AOL can > certainly constitute a large number of users, my inclination is to say > "hell with 'em". If they can't conform to proper netiquette, why should > I be bending over backwards to support them? > > I was just curious to get other folks' take on this quasi-philosophical > point. -- Lloyd Kvam Venix Corp ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On 4/10/06, Cole Tuininga <[EMAIL PROTECTED]> wrote: >> Unfortunately, shortening the TTL doesn't work for clients (like AOL) >> that cache/maintain their own DNS. > > I was curious - how do folks in general deal with this? There's nothing much you can do about Internet brain damage, so all you can do is plan for it. When it comes to service migration, there are usually things one can do to work around any TTL issues. These are a good idea even without deliberate brain damage -- accidental brain damage is common enough. For example, when it comes to migrating mail, we're going to implement a mechanism where the old system forwards mail to the new for some time after changing the MX records. We can monitor logs to see how things progress. If think DNS TTL brain damage is bad, try path MTU discovery some time... > While AOL can certainly constitute a large number of users, my > inclination is to say "hell with 'em". Me too. Alas, I've found a large number of paying customers either use AOL themselves, or have customers who do. AOL claims their resolvers properly honor TTL (http://dns.info.aol.com/). I don't know if one should believe them or not. It may have been a "past behavior" thing. OTOH, AOL is big enough and incompetent enough that they might think they are doing things right but still have non-compliant resolvers. > If they can't conform to proper netiquette, why should > I be bending over backwards to support them? With AOL, it's usually more like bending over forwards... -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On Mon, April 10, 2006 10:27 am, John Abreau wrote: > I wasn't aware that AOL was screwing this up as well. However, I don't > see anything that can be done about their blatant disregard for the way DNS > is designed to work. There's actually one nice side-benefit I've noticed: some spammers (unsurprisingly) also violate DNS stuff, and cache the MX record for, well, a long, long time. It was kind of amusing to see spam attempts, addressed correctly, but going to a server that was no longer forwarding the e-mail -- and this went on for *months*. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
On Mon, 2006-04-10 at 10:27 -0400, John Abreau wrote: > Cole Tuininga wrote: > > I wasn't aware that AOL was screwing this up as well. Last I was aware, AOL cached DNS entries for a minimum of two weeks, no matter what the TTL. > However, I don't > see anything that can be done about their blatant disregard for the way > DNS is designed to work. > > Saying "the hell with 'em" is probably your only realistic option. Well, some folks take the approach that they will try to make sure services remain forwarding for at least two weeks, to accommodate this. As I try to remember to set TTL's to a low value for a while before making changes, I usually say "to hell with 'em" and only support the forwarding for a little longer than the TTL allows fo -- Cole Tuininga <[EMAIL PROTECTED]> ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: DNS migration and folks that don't play nice
Cole Tuininga wrote: Unfortunately, shortening the TTL doesn't work for clients (like AOL) that cache/maintain their own DNS. I was curious - how do folks in general deal with this? While AOL can certainly constitute a large number of users, my inclination is to say "hell with 'em". If they can't conform to proper netiquette, why should I be bending over backwards to support them? I was just curious to get other folks' take on this quasi-philosophical point. I wasn't aware that AOL was screwing this up as well. However, I don't see anything that can be done about their blatant disregard for the way DNS is designed to work. Saying "the hell with 'em" is probably your only realistic option. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
DNS migration and folks that don't play nice
Preface - The folks on the sys-admin list are talking about the migration of services from the older server to the newer server. Of course, one of the issues that's come up is DNS. This led to the following snippet: On Sat, 2006-04-08 at 09:04 -0400, wrote: > > Well, there's at least one easy workaround for that, aside from the > > obvious (shorten TTL ahead of time, to force fast propagation). > > Unfortunately, shortening the TTL doesn't work for clients (like AOL) > that cache/maintain their own DNS. I was curious - how do folks in general deal with this? While AOL can certainly constitute a large number of users, my inclination is to say "hell with 'em". If they can't conform to proper netiquette, why should I be bending over backwards to support them? I was just curious to get other folks' take on this quasi-philosophical point. -- Cole Tuininga <[EMAIL PROTECTED]> ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
