Kris Buytaert's blog

Nov 18 2009

Tom Limoncelli is wrong

Tom Limoncelli is so wrong , he list DNS problem only as nr 33 on his dumb-things to check list.

And obviously it should be the very First thing you check !

Nov 18 2009

Got Interviewed

by @botchagalupe
on Virtualization, Open Source tools and DNS Problems

Nov 14 2009

Dear Mollom,

What I would like as a feature from Santa,

I would like to be able to report a comment as URL Spam , you know the case where the content of a comment is perfectly OK, but the URL the commenter uses is a link to a NSF, pure spamming or absolutely unrelated site.

There's nofollow etc , but to keep my site clean I'd have to report these commen
ts as spam, however when you start analysing the content of the message and comparing that content to other posts you will eventually get false positives.

So a small option "URL Link is spam, content is acceptable" would probably help all of us

Nov 12 2009

Yet Another DNS Issue

While browsing trough my enormous mailinglist backlog I ran into the following message from Gianluca Cecchi on the DRBD-user mailing list

guess I`ll have to give Lars a T-Shirt when we next meet ;)

  1. From: Gianluca Cecchi
  2. To: drbd-user@lists.linbit.com
  3. Subject: [DRBD-user] notes on 8.3.2
  4.  
  5.  
  6. - drbdadm create-md r0 segfaults when the command "hostname" on the
  7. server contains the fully qualified domain name but you have put only
  8. the hostname part in drbd.conf
  9. Instead, the command "drbdadm dump" correctly gives you a warning in
  10. this case (suggesting how to correct the error you made....):
  11.  
  12. suppose complete hostname is virtfed.domainname.com and you put
  13. virtfed alone in drbd.conf
  14. [root@virtfed ~]# drbdadm dump
  15. WARN: no normal resources defined for this host (virtfed.domainname.com)!?
  16.  
  17. while
  18. [root@virtfed ~]# drbdadm create-md r0
  19. Segmentation fault

Guess I`ll have to give the Linbit crowd a T-Shirt when we next meet ;)

Nov 09 2009

What DNS is Not

This article by Paul Vixie is a must read if you want to know what DNS is not about .. and how people abuse it for the sake of extorting money from morons.

Ah well.. nothing we didn't already know.. just more proof that
Everything is a Freaking DNS problem.

Not sure on which layer the problem is.. must be on a layer even above the religious one.. the "Greed" one.

Nov 06 2009

Funambol on Android

So we have a Zimbra, and a Funambol and I have an Android, so what would you think I want to test .. exactly .. run the Android Funambol client on my phone.

On forge.funambol.org it looks great .. nice screenshot .. then you look closer ..
Contacts OK, Calendar Not supported (yet) .. apparently it has been like that sincs it got released which is over a year ago.

So I`m looking for other ideas on how to sync my Zimbra Calendar with my Android

Nov 05 2009

A long overdue report of DevopsDays

Here's how it started :

So I used to be a software developer, writing perl for the web, then C, then Java, then PHP, till I realized nobody ever configured my servers correctly and I changed trades becoming a system engineer, while teaching new developers the basics of their trade, whom grew into doing Infrastructure Architecture .. familiar story for much of the crowd at DevopsDays ... a crowd that wants to stopping the war between developers and system engineering , a crowd that wants to automate builds, integrate testing, deploy, deploy on very large scale, deploy in the cloud and much more.

So what do you get when you put together some of the experts on building software, organizing development teams , Agile geeks, Cloud infrastructure projects, and Automating guru's in 1 location for 2 days in Gent ? Exactly .. DevopsDays ..

The format was 2 days .. 3 kickass formal talks in the morning.. Open Space sessions in the afternoon. ... Friday featured talks on Non Functional Requirements, CucumberNagios and Monitoring in the Cloud with FlapJack and Building Agile Infrastructures with Puppet while discussing the James White Manifesto ..

which I had never heard of, but which apparently comes down to this

  1. == Rules ==
  2. On Infrastructure
  3. -----------------
  4. There is one system, not a collection of systems.
  5. The desired state of the system should be a known quantity.
  6. The "known quantity" must be machine parseable.
  7. The actual state of the system must self-correct to the desired state.
  8. The only authoritative source for the actual state of the system is the system.
  9. The entire system must be deployable using source media and text files.
  10.  
  11. On Buying Software
  12. -------------------
  13. Keep the components in the infrastructure simple so it will be better understood.
  14. All products must authenticate and authorize from external, configurable sources.
  15. Use small tools that interoperate well, not one "do everything poorly" product.
  16. Do not implement any product that no one in your organization has administered.
  17. "Administered" does not mean saw it in a rigged demo, online or otherwise.
  18. If you must deploy the product, hire someone who has implemented it before to do so.
  19.  
  20. On Automation
  21. -------------
  22. Do not author any code you would not buy.
  23. Do not implement any product that does not provide an API.
  24. The provided API must have all functionality that the application provides.
  25. The provided API must be tailored to more than one language and platform.
  26. Source code counts as an API, and may be restricted to one language or platform.
  27. The API must include functional examples and not requre someone to be an expert on the product to use.
  28. Do not use any product with configurations that are not machine parseable and machine writeable.
  29. All data stored in the product must be machine readable and writeable by applications other than the product itself.
  30. Writing hacks around the deficiencies in a product should be less work than writing the product's functionality.
  31.  
  32. In general
  33. ----------
  34. Keep the disparity in your architecture to an absolute minimum.
  35. Use [http://en.wikipedia.org/wiki/Set_theory Set Theory] to accomplish this.
  36. Do not improve manual processes if you can automate them instead.
  37. Do not buy software that requires bare-metal.
  38. Manual data transfers and datastores maintained manually are to be avoided.

Much unlike the FAIL Manifesto

The openspaces tackled how to migrate from a totally unreproducable environment too a correctly bootstrapped infreaastructure, over the Ubuntu Enterprise Cloud , then dinner and off for beers to the Vooruit . The OpenQRM "crowd" stayed at my place so I didn't stay around too late ..

Saturday morning came early ... sadly I missed the first 10 minutes of a very interresting talk about Kanban in operations ... let's ee if we can convince some more people to try it out ...

The talk on Continuous integration, Build Pipelines and Continuous deployment was also really interresting with lots of stories from the real world.. . after the openqRM talk it was time again for OpenSpaces with e.g discussions on svn vs git and building a feature matrix of Cloud , with @botchagalupe, @openqrm and @maesjoch in the room and @diegomarino online .

Devopsdays ended too soon , with way to much interresting ideas to build on .. Let's hope we can all work them out !

Nov 05 2009

Life with an Android

I've have never been a really an HTC fan, because of the platform they used before, I have been a Ericsson GA628, SH888, then Sony Ericsson fanboy for all my life T39m, K700, K800i , so this is my first attempt into using a different brand of phone , I've been wanting an Open Phone for ages.. but I've been waiting for Godot, er the openMoko, for way to long now so with the introduction of the HTC and my K800i being long overdue for a replacement.

The Good,

So in gereral I`m pretty satisfied with my HTC Hero so far, it's quick/reactive , the wifi has good reception , screen quality is good, the touch screen however will take some time to get used to .. it already happened a couple of times that I accidently started calling the wrong person while I was still browing trough the addressbook. But in short .. I like the phone ..

However there's lots of people out there warning us that the Android isn't really an Open phone, true, lots of the software on it is proprietary, and lots of the software in the Market is cripple or pay ware. However imvho it's a step in the good direction going from a fully closed phone so something already more open...

The Bad

The volume button is to easy to use when in your pocket , hence putting the phone on silent by walking around is not unusable and Camera Autofocus is pretty bad .. no I'm not comparing to my EOS 400D, but to my previos Ericsson phone. the quality of the pictures is shaky and there is no way to cover the lens.

As for the The Ugly I'd have to say Bluetooth support, hey I want to be able to browse / download my addressbook from my Phone to my Bluetooth enabled car , this is a feature I had on my previous phone, and the phone before that ..I want to be able to upload and download files over Bluetooth, works on both my previous phones , I want to be able to send phonebook entries over bluetooth .. so that's pretty much my biggest annoyancy
(unless someone knows solutions for this ?)

So when will Sony Ericsson release their Android in Europe ? I`m hoping they'd keep the features they already had on their previous phones , so I`m hoping for better camera and better bluetooth support ..

We have come a long way for Linux to be present in our daily life , even for Joe Average, at home we watch TV using MythTV, my alarm is a Chumby, the phone in my downstairs office is a TuxScreen ... So I`m wondering when I finally will get a car that is running Linux,

Oct 28 2009

DNS Tools

In my latest DNS Problem related post I mentionned that don't know all the answers, I however know about some good tools to help you setup a clean DNS server.

Ages ago via Planet Fedora I ran into an article from Steven Moix about a tool he and his fellow students build for a summer project.

The tool is DNSKnife and it's really interresting.

DNS Knife is a good tool to check if your DNS setup is ok, it checks the parent servers, it checks for if your nameservers are listed on the parent server, checks if all your nameservers are reachable and are authorative .
And so on and so on ...

It warns for Open Relays, if you care for that ..in fact an Open DNS relay also means that you can use it from everywhere eg for tcp over dns.

It warns for misconfigured SOA , such as too short Expire values etc
You know.. the time a secondary dns server will keep it's copy of the zone valid when It can't contact the primary , not the other misinterpretations you folks usually have ..

Off course it isn't always correct. it considers not finding MX records a failur
e , however some domains just don't want a MX record.

DNSKnife actually provides you with an automated alternative to manually verify ing RFC 1912 , well at least partly :)

Oct 22 2009

Apparently there are Borders

And therefore, sometimes you need to register domains in different countries.
So how does one proceed, one takes the zone file of the existing domain e.g. .be and creates a symlink for the different countries to the original zonefile e.g .nl and .eu . Afterall, you want to have te same hosts available in every country and you want to keep the hassle down when you update a host.

You tell your registrar, to reg the same domain for the other tld's with the usueal Nameservers , you know . the one that are listed in your original zonefile

So your host file might look like this

  1. IN NS ns1
  2. IN NS ns2

Any idea what the effect is ?

Exactly your zone file tells the world to use ns1.domain.nl for each and every country you create it. So not ns1.domain.be as you intened.

Now some TLD's don't really care, but Frank teached me that .nl DOES check this. To technically I had to give myselve a "Freaking DNS" T-Shirt. Apart from that it is just better practise to keep your setup correct anyhow.

PS. Obviously same goes for .org .net and .com series.

PS2. Yes the title of my blog is Everything is a Freaking DNS problem, doesn't mean I don't make mistakes or that I know all the answers, I just figured it's a big cause of problems :)