/srv/irclogs.ubuntu.com/2010/08/07/#ubuntu-server.txt

jmarsden|workMTecknology: well, one virtual machine per website would be one way do to it with decent separation between each site, but that might blow your budget if you pay per VM.00:01
MTecknologyjmarsden|work: we do, we pay a lot each00:01
jmarsden|workYou couldn't lease a single physical server and divide it up into VMs yourselves?  There's a conflict between "make sure no website can touch another website at all" and having them all run on one webserver...00:02
FidelixGuys, i hired a VPS plan from some company. Now, question: Do i need bind?00:03
jmarsden|workFidelix: Only if you want to run yur own DNS server and choose bind for that role.00:04
FidelixOh, got it.00:05
MTecknologyjmarsden|work: ya.. I was able to do a pretty decent job with what I had, really the only issue was eating resources with php-cgi running for each user - but the user could (and still can) run any php process. The way I have things now, a logged in user can't even touch the database - only the php process can. But doing it that way doesn't work on linude and i have no idea why.00:06
FidelixSo, if i just set my registrar to point ns1.mydomain.com to my domain's ip it'll work automatically, right?00:06
jmarsden|workMTecknology: Ask the linode sysasdmins for advice, they know how they do their VMs.00:07
jmarsden|workFidelix: No.  Someone somewhere needs to run a DNS server for your domain.00:08
Fidelixoh... so thats the problem.00:08
jmarsden|workThat can be you, or an ISP, or a dedicated DNS provider, or a friend of yours...00:08
FidelixKnow any free ones?00:08
MTecknologyI use active-domain as my registrar and linode as my dns server00:09
jmarsden|workIt's been years... granitecanyon used to do free DNS, I think??00:09
jmarsden|workMTecknology: Right, generally the VPS provider will do DNS for you.00:09
Fidelixwell, burstnet wont (i think).00:10
MTecknologyjmarsden|work: I was just letting Fidelix know what i do - didn't know if it'd help00:10
jmarsden|workMakes sense.00:10
jmarsden|workFidelix: Then you can run bind or another DNS server and learn how to configure it, or you can pay someone to run DNS for you.00:11
jmarsden|workFidelix: I have never tried it and so can't say how good they are, but perhaps http://www.zoneedit.com/ would do what you need?00:12
FidelixThanks00:12
jmarsden|workFidelix: You're welcome.00:13
TohuwIs the @ in a BIND9 zone file just a shortcut for the FQDN the file is for? so like example.com. might have an "@ IN NS ns.example.com.", which is the same as "example.com. IN NS ns.example.com."00:14
jmarsden|workTohuw: Correct.00:14
Tohuwjmarsden|work: splendid, thanks00:14
jmarsden|workTohuw: You're welcome.00:14
uvirtbotNew bug: #614620 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu9 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/61462000:56
MTecknologythesheff17: ping?01:02
thesheff17MTecknology: I01:09
thesheff17m' here01:09
MTecknologythesheff17: you willing to help me set that dang thing up?01:09
thesheff17MTecknology: sure what do you need me to do ?01:10
MTecknologythesheff17: I'll rebuild that VM and you can help me setup the jailkit :P01:11
thesheff17MTecknology: sure at 8 CST I have to do some homework for school due at midnight :)01:11
MTecknologyoh01:11
thesheff17but I will be around01:12
MTecknologythat's about 45min01:12
thesheff17MTecknology: I still have no clue what would cause that terrible error :(01:13
MTecknologythesheff17: me either - maybe working with you we'll know what did it - otherwise it could be an issue with xen01:14
MTecknologythesheff17: I think I might do debian 4.0 this time - just for default resource usage01:15
MTecknologythesheff17: it's being created01:15
thesheff17MTecknology: sounds good.....so executed everything over again with your script and same results so said?01:16
thesheff17you said I mean?01:16
Tohuwjmarsden|work (or anyone): If I have a "master" domain setup using BIND9 already and the ns records are configured, is adding another domain just a matter of using a similar entry in named.local.conf, substituting the new domain name? Then I just have to make a new db.newdomainname.com file, using similar settings to the old one. Is that right, or is there something different you do for additional domains once the first one is setup?01:16
MTecknologythesheff17: last time ya - but now I'm starting fresh again01:16
thesheff17MTecknology: k01:16
jmarsden|workTohuw: You have the right idea.  After making those changes either restart bind or else do rndc reload to cause it to reread the config files.01:17
thesheff17Tohuw: I think you can even just make it a slave and it replicated all the dns records.01:18
thesheff17Tohuw: but yea either way should work01:18
jmarsden|workthesheff17: That would be for a second DNS server on a different machine, for redundancy.  Tohuw was asking about adding a new domain to one single DNS server.01:18
thesheff17MTecknology: ah ok01:19
MTecknologythesheff17: ssh michael@72.14.187.19201:20
MTecknologythesheff17: same pass as before01:20
thesheff17MTecknology: k i'm in...you want to install screen?01:22
MTecknologythesheff17: nevermind... I'm going back to ubuntu....01:22
thesheff17MTecknology: haha ok :)01:22
MTecknologythesheff17: I'm already too irritated :P01:22
thesheff17MTecknology: I don't blame you :)01:22
MTecknologythesheff17: :P01:23
MTecknologythesheff17: ya.. if I can't 'aptitude update && aptitude install screen' .... there's something to be irritated by :P01:24
thesheff17MTecknology: debian complained about that?01:25
MTecknologythesheff17: 40401:25
thesheff17MTecknology: jeeze :)01:25
MTecknologythesheff17: k - go back out there01:26
thesheff17MTecknology: k...you start screen under root?01:27
MTecknologythesheff17: nope, connect now01:28
hggdhMTecknology: out of sheer curiosity -- why not use byobu instead of plain screen?01:28
MTecknologyhggdh: I'm planningon looking at that soon - once I have time - peak at my latest blog01:30
MTecknologyseconds to latest01:32
MTecknologythesheff17: yay updates :P01:32
thesheff17MTecknology: you have a local mirror?  it is really nice01:32
MTecknologythesheff17: this isn't a local server01:33
thesheff17MTecknology: ah true...wish the datacenters had mirrors :)01:33
MTecknologyya :P01:33
TohuwI have a domain, lazarwolf.com. I have it setup at the registrar to point to ns3.constellationmedia.com and ns4.constellationmedia.com. I thought I had these nameservers setup correctly on my server, but I guess not, because if I query lazarwolf.com on www.intodns.com, I get "WARNING: One or more of your nameservers did not return any of your NS records." and pinging lazarwolf.com fails. What am I doing wrong? db.lazarwolf.com: http://01:35
MTecknologythesheff17: you watching what I'm doing still?01:36
thesheff17MTecknology: yea you want lenny instead of lucid?01:36
MTecknologythesheff17: ya, it's smaller - in my dev environment I even trimmed down lenny01:37
thesheff17ah ok01:37
MTecknologythesheff17: should I reboot after installing this?01:40
Tohuwoh, lots of this in syslog: Aug  7 00:23:05 nebula named[28749]: client 192.221.164.189#23409: query (cache) 'www.lazarwolf.com/AAAA/IN' denied01:41
MTecknologythesheff17: oh! Does any kernel module come along with this thing either?01:41
thesheff17I'm not sure :-/01:41
MTecknologythesheff17: I just logged in successfuly - let's reboot and be sure..01:42
MTecknologythesheff17: I didn't do that before - maybe it's the ticket :P01:42
Tohuwjmarsden|work: I hate to bother you again, but if you get a moment, can you scroll up and take a look at my current issue? I'm a bit lost... new to BIND D:01:43
jmarsden|workTohuw: Let me take a look...01:43
TohuwThank you, I greatly appreciate it01:44
MTecknologythesheff17: k, it's back up01:44
thesheff17I'm not sure :-/01:44
thesheff17k01:44
Tohuwjmarsden|work: here's a tail of syslog that may prove informative: http://pastebin.com/T38KWK9z01:46
jmarsden|workTohuw: whois lazarwolf.com shows that the authoritative DNS servers for that domain are ns3.constellationmedia.com and ns4.constellataionmedia.com.  However both those machines refuse my DNS queries about lazarwolf.com.01:46
jmarsden|workDoes your bind config file allow everyone to query that lazarwolf.com zone ?01:47
Tohuwjmarsden|work: I don't know :( Here it is: http://pastebin.com/QpW3c1zb01:48
Tohuw(that's named.conf.local)01:48
MTecknologythesheff17: sorry, reconnect to screen01:48
jmarsden|workTohuw: There does not seem to be a config entry for lazarwolf.com in that file at all ... ?01:49
Tohuwjmarsden|work: oops! Let me add it back in... >.<01:49
jmarsden|workTohuw: In about ten minutes or so I will have to get back to "real work"... will try to help you until then.01:51
Tohuwjmarsden|work: oh awesome it worked that time, though the zone file is still a mess (missing mx and stuff, but that's easy to fix). Now I'm having an apache problem (I think): it's going to the default site, not the lazarwolf.com vhost entry I set. Feel up to assisting me with that?01:53
jmarsden|workIn 7 minutes? :)  We can try.  Did you set a ServerName and ServerAlias for lazarwolf.com and www.lazarwolf.com in the vhost entry?  Can you pastebin it for me to read?01:54
thesheff17MTecknology: you think it is anything to do with using lenny?01:54
Tohuwjmarsden|work: the clock is ticking! ;) http://pastebin.com/j4YX7T8N01:56
MTecknologythesheff17: that error for apt - yes01:56
MTecknologythesheff17: the rest - it's working perfect01:56
MTecknologythesheff17: NO explanation of why though01:56
Tohuwjmarsden|work: I have a separate vhosts file for each site (because I like utilizing the a2ensite tool), so if you need my default vhosts or my apache2.conf, let me know01:57
thesheff17MTecknology: through the reboot fine as well01:57
MTecknologythesheff17: yup01:58
jmarsden|workTohuw: The lazarwolf.com one looks fine to me.  I'm seeing a "Hello world" page when I browse to http://lazarwolf.com, is that your default vhost?01:58
Tohuwyes01:58
MTecknologythesheff17: it's perfect as far as i can see.....01:58
jmarsden|workOK.  But there are other working vhosts on the machine?  Or is the lazarwolf.com one the only 'real' vhost so far?01:58
thesheff17MTecknology: yea everything you did looked good?  not sure what happened with the other01:59
thesheff17hehe not a question.01:59
thesheff17MTecknology: you think it has to do with moving over the other home dirs?01:59
jmarsden|workTohuw: I'm wondering if virtual named hosts are enabled for the IP address concerned?  Looks like an issue of that sort, but I'm guessing and about out of time for now...02:00
Tohuwjmarsden|work: http://lazarwolf.com/~lazarwolf/ (mod_userdir is on) works, this is where lazarwolf.com is supposed to be pointing. There is another site running, http://projects.constellationmedia.com. And actually, that's where that hello world is from... hmmmm02:00
Tohuwjmarsden|work: understood. I'll research virtual named hosts02:01
MTecknologythesheff17: it could.. then I'll find out..02:01
jmarsden|workTohuw: OK, sorry to run away but... real work is what I get paid for, and why I am still at work at 6pm local time :)02:01
Tohuwjmarsden|work: completely understood... reading http://httpd.apache.org/docs/2.2/vhosts/name-based.html now02:02
jmarsden|workTohuw: OK.  I may be back here from home as jmarsden in a couple of hours... but hopefully you'll have it all working before that.02:02
Tohuwhopefully! thanks again :)02:03
jmarsden|workTohuw: You're welcome.02:03
thesheff17MTecknology: also I would check what you ran to move your users over when you do that.02:16
thesheff17MTecknology: to the chroot02:16
thesheff17MTecknology: not you don't already know that :)02:16
MTecknologythesheff17: same thing I used to more testuser1 :P02:16
MTecknologycd /home/ && for i in *.*; do jk_jailuser -m -j /jail -s /bin/bash -$i; done02:17
MTecknologythesheff17: each web user has a period in the username - no others do02:17
thesheff17MTecknology: ah ok02:18
MTecknologythesheff17: http://dpaste.com/225836/02:24
MTecknologythesheff17: it didn't like profarius.com02:25
MTecknologythesheff17: but... I can still log in02:25
MTecknologythesheff17: I'm gonan reboot and see how long my luck lasts02:25
thesheff17MTecknology: k02:30
MTecknologythesheff17: I want to know what it wasn't working - but at the same time I care very little right now.. it's working...02:31
MTecknologyyay02:31
thesheff17nice02:31
thesheff17MTecknology: you are running it inside xen right? can you take snapshots of your image in case it breaks again and then you can at least roll back to that moment in time.02:43
MTecknologythesheff17: no :(02:43
thesheff17MTecknology: ug...that is why I like kvm and virt-clone :-/02:44
MTecknologythesheff17: I could do it if i had posession of the host02:44
MTecknologythesheff17: ......03:03
MTecknologyYES!03:03
thesheff17working good?03:04
MTecknologythesheff17: yuppers - flawless03:05
MTecknologythesheff17: now to move all DNS back and touch up settings and crap03:05
thesheff17good to hear...hopefully that problem was just a fluke :)03:05
MTecknologythesheff17: ya, one that only happened twice03:06
tschundeeehow do I add a user to sudoers?03:10
tschundeeeadduser username admin doesn't work03:10
tschundeeeI get: adduser: The group `admin' does not exist.03:11
tschundeeewtf?! has that changed in 10.04 server?03:11
MTecknologythesheff17: usermod -a -G sudo USER03:11
MTecknologythesheff17: cat /etc/group03:11
MTecknologytschundeee: **03:12
tschundeeeMTecknology: thx03:13
tschundeeethat worked well :)03:13
tschundeeewhen I do sudo su with my user I get: sudo: "unable to resolve host myhostname" and then I get su o_O03:27
tschundeeewhoa guys ubuntu server is so great!!! I love it03:29
tschundeee:D03:29
MTecknologytschundeee: get it?03:32
tschundeeeMTecknology: jupp ... my /etc/hosts was a little mess03:33
gfx0hi there03:41
MTecknologyg'day03:48
gfx0I've assembled a nice little NAS, currently running on ubuntu. Any Ideas what services I should install beside samba, ftp and ssh?03:50
MTecknologyoh...03:51
MTecknologyI get what that emergency sync is now...03:51
gfx0emergency sync?03:52
jmarsdengfx0: Making sure everyone has an emergency at *exactly* the same time? :)03:53
jmarsdengfx0: You could probably run ntp so it acts as a time server for your local LAN.03:54
MTecknologygfx0: sorry, wrong channel03:54
MTecknologyjmarsden|OffWork: HI!03:54
jmarsdenMTecknology: Hi.  Yes, I'm at home now, but that's my default location, so I'm plain jmarsden :)03:55
MTecknologyjmarsden|plain: oh, ok :)03:55
MTecknologyjmarsden: :P03:56
* jmarsden should probably learn the quassel approach to IRC use, but xchat works fine03:56
MTecknologyjmarsden: I use irssi :) - I just wanted to have some fun03:56
MTecknologyvery very VEERRRY crappy day03:56
jmarsdenMTecknology: Understood.  I hope the misery was not caused by Ubuntu -- if it was, file a bug :)03:57
MTecknologyjmarsden: nah - it had to do with a combination of black magic mixed with white hope and unicorn souls were needed03:58
MTecknologyjmarsden: in short... I know what broke - but I don't knwo how or why03:58
jmarsdenOK... I don't have any spare unicorns you can sacrifice, I'm afraid :)03:59
=== gblfxt is now known as racertom
axisysi am pretty sure it will.. but is there a way to check if debian will run on sun x86 x2270 m2 with 2 Intel 2.40GHz Quad-Core Xeon E5620 and Dual 10-Gigabit Ethernet SFP+ LP05:28
axisysi meant ubuntu*05:35
jmarsdenaxisys: Stick a LiveCD in the machine and press the reset button? :)05:48
axisysi guess as long as I use latest kernel I should be good05:57
axisyshttp://kmuto.jp/debian/hcl/Sun/SunFire+X227005:57
Tohuwjmarsden: you around by any chance?07:17
jmarsdenTohuw: Yes, but somewhat involved helping others in other channels right now... ask away, just don't expect fast responses.07:18
Tohuwjmarsden: understood. I'm heart-stoppingly close to having my DNS setup kosher, but I've got a little glitch: http://www.intodns.com/constellationmedia.com complains that there are no Reverse MX A records. Here's my named.conf.local: http://pastebin.com/6vRxpRmR And my db.69 (reverse ptr): http://pastebin.com/dmWKFij607:23
jmarsdenFor PTR records, ask the ISP (or are you the ISP)?  It is very unlikely your newly created DNS server will have been delegated authority for reverse DNS for a chunk of public IP address space.07:26
jmarsdenThe PTR record needs to be done by whoever "owns" the IP space, not by a normal user like you.07:27
Tohuwjmarsden: oh! okay, then I need to have the data center (or their backbone providers) handle that. Gotcha. Should I remove my reverse info then?07:28
jmarsdenProbably, it won't do any good for you to publish that from your server, noone will every query your server for that info :)07:28
Tohuwgotcha. I was just following https://help.ubuntu.com/9.10/serverguide/C/dns-configuration.html D:07:29
jmarsdenFor reverse DNS on a LAN, you can do your own thing.  But in general, not for reverse DNS on the public Internet, unless you have been allocated that chunk of IP addresses... they belong to your ISP, not to you, most likely.07:30
* patdk-lap volunteers to query his server for that info :)07:32
Tohuwjmarsden: makes perfect sense. Thanks!07:33
jmarsdenTohuw: You're welcome.07:33
patdk-lapman, I dunno what my colo center did, but they attempt to change the port an for one of their backbone lines07:35
patdk-lapand everything broke, including all the other backbones07:35
TohuwD:07:35
* patdk-lap notes I can ping their stuff now07:35
patdk-laphmm, so world to them works again07:36
patdk-lapthem to nyc still broken07:36
Tohuwpatdk-lap: someone over there is hastily correcting a missing "." in a zone file right now07:36
patdk-lapno07:37
Tohuw>.>07:37
patdk-lapnot dns issue, this is much more serious07:37
TohuwOh wait, that was me earlier today07:37
patdk-lapbgp07:37
jmarsdenpatdk-lap: If you radically change how you connect to the backbone, it can take a while for dynamic routing tables to recognize the change and stabilize...07:37
jmarsdenYup, BGP.07:37
patdk-lapand broken routers07:37
ppherAfter installing an ircd, what else need to be done to access it?07:37
patdk-lapjmarsden, ya, but they have 12 different providers07:38
* Tohuw reads http://en.wikipedia.org/wiki/Border_Gateway_Protocol07:38
patdk-lapand I tried to get to them over 4 different ones07:38
patdk-laptheir report said they only changed one, the one I had been having issues with from them to nyc07:38
=== ppher is now known as bcomp
patdk-lapand after they reported, all complete, working fine, it started to go down07:39
* patdk-lap guesses the replacement couldn't handle the load or something07:39
jmarsdenppher: telnet or nc to the port it is listening on, if you speak IRC protocol.   Normal humans usually use an IRC client program (xchat, or irssi, or whatever) to talk to it instead.  But for testing whether the ircd is alive, telnet or nc works fine :)07:39
patdk-lapand started to cause other issues for things that where fine07:39
bcompjmarsden: ha thanks.07:41
* patdk-lap is like 4hours late to bed07:41
patdk-lapit looks like they shutdown the dc -> ny connection, but they still have their ny router advertizing on bgp, causing the issue07:43
Tohuwjmarsden: http://www.intodns.com/lazarwolf.com reports there are no MX records, but I set some in the zone file: http://pastebin.com/VTheN3Rm07:43
jmarsdenpatdk-lap: Stay up another 4 and it will no longer be a problem ... you won't even need to get up :)07:43
patdk-lapTohuw, is that valid?07:43
patdk-lapit's tricky when you edit zone files like that07:44
Tohuwpatdk-lap: can you elaborate? Am I doing that part wrongly?07:44
* patdk-lap also wonders how you have lazarwolf.com. for an A record07:44
TohuwI just learned how to use bind today07:44
patdk-lapwhat domain is that suppost to be for?07:44
Tohuwlazarwolf.com07:44
jmarsdenTohuw: Looks OK, when you made your last change to the zone file did you also increase the serial number in it and reload/restart bind?07:45
patdk-lapwould be much *safer* to use @ instead of the lazarwolf.com. for that MX entry07:46
patdk-lapbut the www in a lazarwolf.com. is invalid07:46
Tohuwjmarsden: yes, but i can increment/restart bind again patdk-lap: why? (to both of your statements)07:46
patdk-lapI wonder if named bombs out on that, not sure, I haven't used named forever07:46
patdk-lapwell, you already use @ everywhere else, why not keep it the same, less chances of human mistakes07:47
jmarsdenpatdk-lap: www should have the domain auto added to it, should work great.07:47
patdk-lapthough it's technically correct07:47
patdk-lapnamed auto changes the dns name to an ip?07:47
patdk-lapcause A records can only have ip's07:47
jmarsdenah... sorry.  I see what you mean now.  I though it was the www you were concerned about...07:48
patdk-lapI think he wanted a cname, though I perfer to put the ip in there and use an A07:49
jmarsdenTohuw: www should either be a cname for lazarwolf.com, or an A record pointing to an IP address.  Right now it seems to be sort of half andf half.07:49
bcompJmarsden: I just tried telneting in, but got a fat access denied07:49
jmarsdenbcomp: Then either there is a firewall in the way, or you telnetted to the wrong port, or the ircd isn't running and listening on the port you think it is... usual network server debugging.07:50
Tohuwjmarsden: is one "better" than the other (making it an A and changing it to IP or making it CNAME and keeping it hostname). I personally like the latter idea, only because it's less likely I will change the hostname it points to than the IP it should point to.07:50
patdk-lapcname causes an extra lookup07:51
bcompjmarsden: opened the firewall on 6667, which I thought was the default irc port, but maybe I should check that...07:51
jmarsdenbcomp: So use netstat or similar to check what ports are being listened to, on the server07:52
Tohuwpatdk-lap: how "bad" is an extra lookup?07:52
jmarsdenTohuw: patdk-lap is right, using a CNAME can lead to an extra DNS query being required, although I think in this case bind will do the smart think and include the necessary A record info as additional info in the first answer it gives.07:52
patdk-lapdepends on the clients dns location and stuff07:52
patdk-lap20ms to 300ms07:53
patdk-lapbut only for the first time they access your site07:53
patdk-lapafter that, it doesn't07:53
jmarsdenIn fact, I think your web based dns checking tool was telling you that it *did* avoid the extra lookup, earlier on.07:53
Tohuwso just use an a and call it a day, in your opinion?07:53
patdk-lapso it depends on how paranoid you are about first page load times07:53
Tohuwnot very, tbh07:53
jmarsdenThen CNAME is fine, just do it :)07:53
Tohuwok!07:55
patdk-lapit's alittle depressing more and more dns is being done over tcp :(07:55
patdk-lapmakes it slower :(07:55
* Tohuw like being told to do what he was going to do anyway07:56
* patdk-lap thinks he will passout in 5min or less07:58
TohuwStill getting a "no MX record" error. Updated the zone file: http://pastebin.com/3Kw1E9qn07:58
bcompwell nmap says the ircd isn't listening on any port, and I started it per the man instructions07:58
patdk-lapyou queried the server directly?07:59
bcompToo bad there's no documentation07:59
patdk-lapnot using a dns proxy/recursor?07:59
bcompI did it via ssh on the server itself07:59
Tohuwpatdk-lap: using http://www.intodns.com/lazarwolf.com07:59
patdk-lapthat is no good07:59
bcomp:x07:59
patdk-lapdns negative cache, of 1hour :)07:59
patdk-lapso that check won't work for an hour from now :)08:00
patdk-lapto test your changes08:00
Tohuwoh08:00
TohuwD:08:00
patdk-lapchange your negative cache ttl to like 60 if you want it faster (still have to wait an hour this first time though)08:01
bcompjmarsden: well apparently I didn't start the ircd even though I thought I did because the documentation sucks08:01
jmarsdenbcomp: Check on the server itself, using netstat or ss or similar tools.  Yes, that would explain it.08:01
bcompYeah I ssh'd and ran nmap08:01
Tohuwpatdk-lap: is there a way to run tests inside of the negative cache time? install dnsutils on the local server and use dig or something?08:01
bcompIt wasn't listening to any port08:02
patdk-lapI don't see any mx direct08:02
jmarsdenOK, I need to get some sleep... goodnight all.08:03
* patdk-lap is confused though, ns3.constellationmedia.com is saying you have an AAAA record, but I don't see one in what you posted08:03
bcompNight08:03
Tohuwpatdk-lap: I deleted it. Is there any reason to keep it? I know it's for IPv6, but I'm not really using that for any interfaces, etc. Should I still bother with AAAA records08:06
patdk-lapyou should only ever use aaaa if you have a working ipv6 running your services08:06
patdk-lapotherwise people with ipv6 will attempt to use it, and never use ipv408:07
Tohuwmakes sense. I don't.08:07
patdk-lapwell, I guess your dns servers are not up to date08:07
patdk-lapguess you are playing with a hidden-master server08:07
patdk-lapand those two servers are slaves, and out of date08:07
patdk-lapthe ns3 and ns4.constellationmedia.com ones08:08
patdk-laphmm, actually, I think your soa went back in time08:09
patdk-lapcause those have 2010080711, but your post says 201008070608:10
patdk-lapneed to incrase your soa in your server to be higher08:10
patdk-lapor they will never get updated08:11
Tohuwpatdk-lap: I am manually sync'ing the server with ns1. and ns2. It can't be set as a slave because it has WHM on it, and I can't heavily interfere with it or cause downtime. It's scheduled for very soon deprecation anyway. So technically ns1. and ns3. are both masters (yes I know that's sort of bad)08:12
patdk-lapwell, it still doesn't help that your soa values are out of order08:12
patdk-lapthe ones you posted you said you fixed those issues08:13
patdk-lapbut it's soa value is smaller08:13
Tohuwpatdk-lap: db.lazarwolf.com is 201080706, db.constellationmedia.com. is 201008071108:15
chrislabeardHey guys, how would I allow my server to be shared across the network ?08:23
chrislabeardSo you can access it08:23
Callum__chrislabeard: use Samba and/or NFS08:25
=== jmarsden_ is now known as jmarsden
MACscrhow can i uninstall something with aptitude, but keep all its dependencies?08:52
=== bcomp__ is now known as bcomp
TohuwAny idea why http://www.intodns.com/lazarwolf.com would report there are no MX records? My zone file for lazarwolf.com: http://pastebin.com/3Kw1E9qn09:09
TohuwAll fixed now; PEBKAC10:00
uvirtbotNew bug: #614691 in excalibur-logkit (main) "Merge excalibur-logkit 2.0-4 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/61469110:01
robertpayneIs there any complete guides on the Ubuntu wiki for 10.4 Postfix/Dovecot mail server by chance?10:08
Tohuwrobertpayne: have you looked at https://help.ubuntu.com/10.04/serverguide/C/email-services.html ?10:20
robertpayneTohuw: not specifically..I think I'm getting caught up in details when I install everything10:21
Tohuwrobertpayne: check out the docs listed there; it's a good place to start and get a walkthrough of initial configuration10:22
robertpayneTohuw: Setting up a full mail stack with virtual box and trying to get TLS/SASL ontop of it...10:22
robertpayneTohuw: Yeah thanks, The part that gets confusing for me is TLS/SASL. Do you need both installed? I'm planning on only allowing connections through TLS but the password is still sent as plain text then correct?10:23
TohuwYou need a mechanism. TLS is just what it says it is: a layer for secure transport. SASL is how you authenticate, TLS is how it is secured. See https://help.ubuntu.com/10.04/serverguide/C/postfix.html#postfix-smtp-authentication10:26
=== mquin_ is now known as mquin
Callum__hmmm, I wonder where I can buy some gigabit ethernet cards at a decent price10:51
Callum__damn no money being non-profit10:52
minahi, anybody can answer an apache related question?11:39
MACscri have my swap partition created and setup within fstab, but it doesnt seem to be working as swap is showing 0k available. What log should i look at to see why its not being mounted ot boot or what might be wrong?11:55
zashMACscr: try grep swap /var/log/messages11:57
oCean_MACscr: what does "swapon -s" output?11:58
MACscrdoesnt show anything listed11:58
oCean_MACscr: have you added the swap partition in /etc/fstab using its UUID?11:59
MACscri just have /dev/sda2swapswapdefaults0011:59
oCean_MACscr: and after editin /etc/fstab, you did 'swapon -a' ?11:59
MACscroCean_: thanks, looks like the server image had the partition names wrong. I should have checked that. It should have been xvda212:01
MACscrfixed and thanks12:01
MACscrbtw, i just had another user login as root while i was logged into root. How do i view that users history?12:02
oCean_MACscr: you could set it up using the device's UUID, that way you know it's always the correct device. Use 'sudo blkid' to identify partitions by UUID12:02
oCean_MACscr: the history gets "mixed" in with yours (in ~/.bash_history) after exiting the shell12:03
MACscroCean_: i ran history and its only showing my stuff12:04
oCean_MACscr: is the other user logged out yet?12:05
MACscryes12:05
oCean_hmm.. I'd say in that case you would see his history too. Maybe you should logout also (and in again ofcourse)12:06
oCean_I didn't think that necessary12:06
MACscrloooks like just doing 'cat ~/.bash_history' worked. Thought i could just do 'history'12:06
oCean_MACscr: I guess when you log in again, you'll see it in 'history' command12:07
MACscrok, last question for awhile. I installed a deb using dpkg and it installed a bunch of dependencies like apache, mysql, etc. Anyway, i removed just the main app by doing dpkg -r name. Now anytime i try to do anything with aptitude, its saying its going to remove apache, mysql, etc. How can i stop that?12:12
oCean_MACscr: dpkg --get-selections | grep apache2 shows "deinstall" ? You could use --set-selections to change it to "install". I don't exactly know in what state the package becomes. (configure-file wise I mean) a 'dpkg -l apache2' shows "rc" at starting of line?12:58
CppIsWeirdhow does a package install into the update-java-alternatives list?14:01
uvirtbotNew bug: #614731 in autofs5 (main) "shutdown hangs with wlan autofs/nfs mounted homedirs" [Undecided,New] https://launchpad.net/bugs/61473114:31
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
=== dendrobates is now known as dendro-afk
stavi2anyone have experiencing diagnosing grub issues remotely?  I can reboot to a rescue environment, but can't see the screen.  datacenter is useless.  does grub keep any logs?16:05
patdk-lapwhat kind of video card in it?16:08
stavi2its at datacenter far away...that's why i can't see the screen.16:08
patdk-lapoh16:08
patdk-lapI thought you meant the datacenter people wouldn't read the screen also16:08
patdk-laplucid?16:09
stavi2oh, they will read the screen for me.  with a 3 hour turn around time to find out what message it says.16:09
stavi210.0416:09
patdk-lapthis is where asking them to plug in a ip-kvm is nice16:09
stavi2this is where they having ipkvms would be awesome, I agree.  I'm actually probably switching hosts over that issue.16:10
stavi2I can't fix bootloader/kernel stuff without it...and they can't fix it because they don't know how.16:10
patdk-lapheh16:10
patdk-lapI can think of several different issues16:10
patdk-lapbut hard to say what is your issue without any info :(16:10
stavi2well, let me tell you the full story about what I did.16:10
stavi2this server had 10.04 installed on it.  But I wasn't really using it.  Another of my servers crashed, so I am trying to restore that server to this one.  I basically rsynced the entire hard drive over to this server.16:11
stavi2all the permissions have been preserved, everything looks ok.  But according to the datacenter people, when it boots, it just hangs saying "GRUB"16:12
patdk-lapwas grub2 on it? or old grub?16:14
stavi2old grub.  I've chroot'ed from the rescue env. to the real system.  grub says version 0.9716:15
patdk-lapheh, evil16:15
patdk-lapthat is probably why it broke16:15
patdk-lapnever ran update-grub after the restore?16:15
stavi2I did, actually.  but I'll try it again.16:15
patdk-lapgrub depends on knowing where the files are on the disk16:15
patdk-lapgrub2 doesn't16:15
stavi2ya, I wish it was grub2, but again, datacenter does weird things...this is how they fixed it when a kernel update broke my server.16:16
stavi2I'd kill for an IPKVM right now.16:16
stavi2update-grub seemed to do something....i'll try rebooting again :)16:16
patdk-lapwait, maybe16:17
patdk-lapmight want to check what it did :)16:17
stavi2it asked me if my changes to menu.lst were ok (they are).16:17
patdk-lapwhat is in /boot/grub/device.map?16:18
stavi2(fd0)   /dev/fd016:23
stavi2(hd0)   /dev/sda16:23
stavi2which looks ok.  /boot is on sda1.  / is on sda516:23
patdk-lapwant to pastebin /boot/grub/menu.1st16:25
stavi2http://pastebin.com/sGbKmE5L16:26
patdk-laphmm, you have grub2 chainload installed16:28
stavi2grub2 was installed at one point...but that broke things, so they (datacenter) switched it back to grub116:28
patdk-lapheh, I love the def of broke things16:29
patdk-lapdon't fix, replace :)16:29
stavi2without an ipkvm, i got no choice but to have them fix it...it's not the way I would have gone.16:29
patdk-laphmm, looks ok, your is missing groot option that mine has16:29
patdk-lapbut I don't *think* it's required16:29
stavi2hmm...that's weird.  /tmp was empty before I tried booting it.  now it has a couple files in it...maybe it's getting at least part way through the boot process now.16:31
patdk-lapheh, my hardy and gusty systems both have it though16:31
patdk-lapheh, if tmp has anything16:31
patdk-lapit was atleast remounted rw16:31
patdk-lapso it's upto/paste initrd atleast16:32
patdk-lappast16:32
stavi2I've got two dir's .ICE-unix and .X11-unix, and a hsperfdata_root folder16:32
patdk-laphmm, that would be booted16:32
stavi2yeah...maybe the update-grub did fix it.16:32
stavi2hey!  there's stuff in /var/log that has a recent timestamp!16:33
patdk-lapyou didn't use update-grub2 last time by mistake? :)16:33
stavi2nope, i'm sure I didn't./16:33
wieshkaHELP: i installled ubuntu 10.04 lucid server on RAID 1 + LVM (each physical disk, contains one big RAID partition, and after that, on RAID device #0 i setted up LVM with 1 volume group with 8 logical volumes) ... now i am trying to boot my fresh install - i have error and boot fails. Error data: http://wieshka.pastebin.com/mv1yuusb16:33
stavi2but I might have run the one from the rescue environment instead of running it after chrooting.16:33
stavi2lets reboot and see if it works...16:33
patdk-lapureadahead exit code 4 isn't an issue16:35
patdk-lapata_id[680]: HDIO_GET_IDENTITY failed for '/dev/sda', I dunno if it's an issue or not, dunno what it means16:35
patdk-lapbut your lvm mounted just fine16:35
wieshkapatdk-lap: i dont have any idea what ata_id[664]: HDIO_GET_IDENTITY failed for '/dev/sdb' means ....16:36
wieshkah/w RAID is disabled in BIOS16:36
wieshkaso there is no fakeRAID, what makies mess16:37
stavi2wieshka:  the HDIO_GET_IDENTIFY failed appears to mean that hdparam can't identify the drive.  that's usually normal for SCSI/SATA drives.  Might prevent things liks SMART from working, but shouldn't be a show stopping issue.16:37
wieshkaSMART - it was a BIOS option ?16:38
stavi2at least that's what my googling shows.16:38
wieshkaS.M.A.R.T if i remember correctly16:38
stavi2smart tells you if a hard drive is showing signs of failing soon.16:38
patdk-lapthe bios option for it, just makes your computer not boot, if the drives smart says a drive is bad16:39
wieshkaok - what are my opions now16:39
wieshkaHDD's are identical and directly from shop16:39
=== dendro-afk is now known as dendrobates
wieshkai can boot in rescue mode, but what i need to check out ? hdparm output ? what it will give for me16:41
stavi2what's the last thing on the screen when you try to boot it?16:43
wieshkainit: unreadahead-other main process (992) terminated with status 416:43
stavi2http://techblogparade.blogspot.com/2010/05/howto-fix-ureadahead-problem-after.html16:44
wieshkastavi2: thx - i will give a try!16:45
wieshkarebooting in rescue mode16:46
stavi2wieshka:  hope it works16:46
stavi2patdk-lap: well, tried rebooting the server.  still not responding to ping.  maybe it's running fsck, so I'll give it a little while before going back to rescue mode and looking at the logs.16:46
wieshkastavi2: i hope to - anyway better have a option to check out, then no ideas :)16:46
wieshkaok - so now i am in rescue mode16:49
wieshkabecouse rescue didnt found my raid device to mount16:49
wieshkastavi2: i cant mount my system16:54
wieshkafrom busybox16:54
wieshkafdisk -l lists two identical disks as Linux raid autodetect16:55
wieshkahow can i access my RAID disk (mount) using rescue mode .... rescue mode offers me only two options - try to mount /dev/sda1 what fails, or do not usa a root file system, so, i have only BusyBox17:08
=== dendrobates is now known as dendro-afk
wieshkastavi2: still here ?17:13
carleasI've set up bind9 on my server, and I want to make sure it's serving the right stuff before I have my secondaries start transfering it.  How can I query that?  I know dig looks that stuff up for a live server, but as of now it's not serving to anyone, so dig pulls up info from my old nameserver17:20
hggdhcarleas: dig @<your server> <query where <your server> points to your server17:38
carleasBut I currently have mydomain.com being set up through another nameserver.  When I use dig, it gives me information from that server.17:40
carleasCurrently, a server rsyncs the zone file for my domain from myserver1.  I'm setting up a primary DNS server on myserver2, and I want to test that I've configured it right before I switch between them.17:43
hggdhcarleas: dig@myserver2 something17:45
hggdhcarleas: dig @myserver2 something17:45
hggdhif myserver2 has the data, you will get it (or it may forward therequest, depends on your settings)17:46
carleasOK, cool.  Thanks, hggdh.18:01
ruben23 hi guys20:20
ruben23does anyone know how to correct this error----> http://pastebin.com/eFZgtGQa20:20
Black_Princerm -rf ~/.ssh20:21
ruben23on the server.>?20:22
Black_Princeon the system you are trying to connect FROM20:22
ruben23Black_Prince::-D sorry im confused, this errors occur on client.. while connecting to server, whihc i set this.20:24
Black_Princeroot@chris-laptop:~#20:24
Black_Princeon this terminal20:24
Black_Princeyou type rm -rf ~/.ssh20:24
Black_Princeon your client computer20:24
ruben23 Black_Prince:still the same as i run that...20:27
Black_Princeyou typed it on laptop or on server?20:27
ruben23on the altop20:28
ruben23laptop i mena20:28
Black_Princerm /root/.ssh/known_hosts20:29
guntbertBlack_Prince: both statements might be bad advice ™20:30
ruben23guntbert:why..?20:30
patdk-lapdid you recently reinstall that computer your attempting to connect to?20:31
* patdk-lap would just delete the first line, if it's known it should change20:31
ruben23patdk-lap: no20:31
guntbertruben23: because 1) it might be possible that you have really a "man in the middle", 2) you might have other known hosts too -- so you should look into it and the decide how to go on20:31
patdk-lapwell, that message is saying something changed20:32
patdk-lapif you didn't change it, well20:32
guntbert*then20:32
chrislabeardhey, guys I'm using ehcp for my server and for some reason apache can't write to the user's directory is there a way that I can set this up to work for every user.20:33
guntbertruben23: it works this way: whenever you connect to some machine for the first time you are asked if you trust its signature20:33
* patdk-lap started putting all his thumbprints in dns, makes it nice20:33
guntbertruben23: if you say "yes" the key is added to .ssh/known_hosts20:33
ruben23ok20:34
ruben23then20:34
guntbertwhenever the same host presents a different key you are alerted20:34
guntbertthats why patdk-lap asked if *you* changed something20:34
ruben23oh.., host key chnages when changed IP..? and what others task triggers for the jey to change..?20:35
=== tschundeee_ is now known as tschundeee
guntbertruben23: no, the hostkey is usually not changed by address changes20:37
guntbertruben23: but for (2): you may have many keys in .ssh/known_hosts, you can see from the error that in this case it is the first entry (each entry is 1 line in the file), so you *can* delete just that line when you are certain that it is ok20:39
ruben23ok clear now20:40
guntbertruben23: please see http://www.thegeekstuff.com/2010/04/how-to-fix-offending-key-in-sshknown_hosts-file/20:43
=== tschundeee_ is now known as tschundeee
stavi2So I got hacked...found SHV5 rootkit.  How do I figure out how they got in in the first place, to make sure it doesn't happen again?20:53
patdk-lapdisconnect the network cable and never plug it in again :)20:55
stavi2patdk-lap:  lol.  I restored it from a backup from before they got in...but that means whatever vulnerability they used in the first place is still there.20:56
patdk-lapI find almost all issues relate to crappy cgi or ftp20:56
stavi2no ftp server.  apache runs on this server, but the entire thing requires a password.20:57
patdk-laprequires a password over ssl?20:58
patdk-lapor none-ssl20:58
stavi2patdk-lap: no ssl :(20:58
patdk-lapif non-ssl, then the password is mostly useless20:58
stavi2guess all I can do it go searching through logs and hope they didn't clean up after themselves very well.20:58
patdk-lapany public wifi, private wifi, ...., hacked home router, ...., could of recorded it20:58
patdk-laphappens all the time for ftp20:58
stavi2it's a server in a datacenter.20:59
patdk-lapno, I mean for where you accessed it from20:59
stavi2oh, right20:59
patdk-lapor where anyone accessed it from20:59
uvirtbotNew bug: #614825 in mysql-dfsg-5.1 (main) "upstart fails to start mysql in mysql-server-core-5.1.41-3ubuntu12.6, downgrading fixed " [Undecided,New] https://launchpad.net/bugs/61482521:06
=== dendro-afk is now known as dendrobates
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
fidelix_Hey guys, i created my mail server, and i can send emails and connect to it with Thunderbird.22:50
fidelix_However, sending mails to my account from outside bounces the message back.22:51
fidelix_What could be happening?22:51
fidelix_Can you guys help me to set my DNS server?23:12
Joshua1983Hello23:17
Joshua1983 23:17
=== dendrobates is now known as dendro-afk
Callum__okay, so I retired my last SCSI drives out of my server, since they are pretty much dead and I have enough SATA drive capacity to replace them with23:54
Callum__they were good to me for a good while, shame they had to die23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!