[00:01] <jmarsden|work> MTecknology: well, one virtual machine per website would be one way do to it with decent separation between each site, but that might blow your budget if you pay per VM.
[00:01] <MTecknology> jmarsden|work: we do, we pay a lot each
[00:02] <jmarsden|work> You couldn't lease a single physical server and divide it up into VMs yourselves?  There's a conflict between "make sure no website can touch another website at all" and having them all run on one webserver...
[00:03] <Fidelix> Guys, i hired a VPS plan from some company. Now, question: Do i need bind?
[00:04] <jmarsden|work> Fidelix: Only if you want to run yur own DNS server and choose bind for that role.
[00:05] <Fidelix> Oh, got it.
[00:06] <MTecknology> jmarsden|work: ya.. I was able to do a pretty decent job with what I had, really the only issue was eating resources with php-cgi running for each user - but the user could (and still can) run any php process. The way I have things now, a logged in user can't even touch the database - only the php process can. But doing it that way doesn't work on linude and i have no idea why.
[00:06] <Fidelix> So, if i just set my registrar to point ns1.mydomain.com to my domain's ip it'll work automatically, right?
[00:07] <jmarsden|work> MTecknology: Ask the linode sysasdmins for advice, they know how they do their VMs.
[00:08] <jmarsden|work> Fidelix: No.  Someone somewhere needs to run a DNS server for your domain.
[00:08] <Fidelix> oh... so thats the problem.
[00:08] <jmarsden|work> That can be you, or an ISP, or a dedicated DNS provider, or a friend of yours...
[00:08] <Fidelix> Know any free ones?
[00:09] <MTecknology> I use active-domain as my registrar and linode as my dns server
[00:09] <jmarsden|work> It's been years... granitecanyon used to do free DNS, I think??
[00:09] <jmarsden|work> MTecknology: Right, generally the VPS provider will do DNS for you.
[00:10] <Fidelix> well, burstnet wont (i think).
[00:10] <MTecknology> jmarsden|work: I was just letting Fidelix know what i do - didn't know if it'd help
[00:10] <jmarsden|work> Makes sense.
[00:11] <jmarsden|work> Fidelix: Then you can run bind or another DNS server and learn how to configure it, or you can pay someone to run DNS for you.
[00:12] <jmarsden|work> Fidelix: I have never tried it and so can't say how good they are, but perhaps http://www.zoneedit.com/ would do what you need?
[00:12] <Fidelix> Thanks
[00:13] <jmarsden|work> Fidelix: You're welcome.
[00:14] <Tohuw> Is the @ in a BIND9 zone file just a shortcut for the FQDN the file is for? so like example.com. might have an "@ IN NS ns.example.com.", which is the same as "example.com. IN NS ns.example.com."
[00:14] <jmarsden|work> Tohuw: Correct.
[00:14] <Tohuw> jmarsden|work: splendid, thanks
[00:14] <jmarsden|work> Tohuw: You're welcome.
[01:02] <MTecknology> thesheff17: ping?
[01:09] <thesheff17> MTecknology: I
[01:09] <thesheff17> m' here
[01:09] <MTecknology> thesheff17: you willing to help me set that dang thing up?
[01:10] <thesheff17> MTecknology: sure what do you need me to do ?
[01:11] <MTecknology> thesheff17: I'll rebuild that VM and you can help me setup the jailkit :P
[01:11] <thesheff17> MTecknology: sure at 8 CST I have to do some homework for school due at midnight :)
[01:11] <MTecknology> oh
[01:12] <thesheff17> but I will be around
[01:12] <MTecknology> that's about 45min
[01:13] <thesheff17> MTecknology: I still have no clue what would cause that terrible error :(
[01:14] <MTecknology> thesheff17: me either - maybe working with you we'll know what did it - otherwise it could be an issue with xen
[01:15] <MTecknology> thesheff17: I think I might do debian 4.0 this time - just for default resource usage
[01:15] <MTecknology> thesheff17: it's being created
[01:16] <thesheff17> MTecknology: sounds good.....so executed everything over again with your script and same results so said?
[01:16] <thesheff17> you said I mean?
[01:16] <Tohuw> jmarsden|work (or anyone): If I have a "master" domain setup using BIND9 already and the ns records are configured, is adding another domain just a matter of using a similar entry in named.local.conf, substituting the new domain name? Then I just have to make a new db.newdomainname.com file, using similar settings to the old one. Is that right, or is there something different you do for additional domains once the first one is setup?
[01:16] <MTecknology> thesheff17: last time ya - but now I'm starting fresh again
[01:16] <thesheff17> MTecknology: k
[01:17] <jmarsden|work> Tohuw: You have the right idea.  After making those changes either restart bind or else do rndc reload to cause it to reread the config files.
[01:18] <thesheff17> Tohuw: I think you can even just make it a slave and it replicated all the dns records.
[01:18] <thesheff17> Tohuw: but yea either way should work
[01:18] <jmarsden|work> thesheff17: That would be for a second DNS server on a different machine, for redundancy.  Tohuw was asking about adding a new domain to one single DNS server.
[01:19] <thesheff17> MTecknology: ah ok
[01:20] <MTecknology> thesheff17: ssh michael@72.14.187.192
[01:20] <MTecknology> thesheff17: same pass as before
[01:22] <thesheff17> MTecknology: k i'm in...you want to install screen?
[01:22] <MTecknology> thesheff17: nevermind... I'm going back to ubuntu....
[01:22] <thesheff17> MTecknology: haha ok :)
[01:22] <MTecknology> thesheff17: I'm already too irritated :P
[01:22] <thesheff17> MTecknology: I don't blame you :)
[01:23] <MTecknology> thesheff17: :P
[01:24] <MTecknology> thesheff17: ya.. if I can't 'aptitude update && aptitude install screen' .... there's something to be irritated by :P
[01:25] <thesheff17> MTecknology: debian complained about that?
[01:25] <MTecknology> thesheff17: 404
[01:25] <thesheff17> MTecknology: jeeze :)
[01:26] <MTecknology> thesheff17: k - go back out there
[01:27] <thesheff17> MTecknology: k...you start screen under root?
[01:28] <MTecknology> thesheff17: nope, connect now
[01:28] <hggdh> MTecknology: out of sheer curiosity -- why not use byobu instead of plain screen?
[01:30] <MTecknology> hggdh: I'm planningon looking at that soon - once I have time - peak at my latest blog
[01:32] <MTecknology> seconds to latest
[01:32] <MTecknology> thesheff17: yay updates :P
[01:32] <thesheff17> MTecknology: you have a local mirror?  it is really nice
[01:33] <MTecknology> thesheff17: this isn't a local server
[01:33] <thesheff17> MTecknology: ah true...wish the datacenters had mirrors :)
[01:33] <MTecknology> ya :P
[01:35] <Tohuw> I have a domain, lazarwolf.com. I have it setup at the registrar to point to ns3.constellationmedia.com and ns4.constellationmedia.com. I thought I had these nameservers setup correctly on my server, but I guess not, because if I query lazarwolf.com on www.intodns.com, I get "WARNING: One or more of your nameservers did not return any of your NS records." and pinging lazarwolf.com fails. What am I doing wrong? db.lazarwolf.com: http://
[01:36] <MTecknology> thesheff17: you watching what I'm doing still?
[01:36] <thesheff17> MTecknology: yea you want lenny instead of lucid?
[01:37] <MTecknology> thesheff17: ya, it's smaller - in my dev environment I even trimmed down lenny
[01:37] <thesheff17> ah ok
[01:40] <MTecknology> thesheff17: should I reboot after installing this?
[01:41] <Tohuw> oh, lots of this in syslog: Aug  7 00:23:05 nebula named[28749]: client 192.221.164.189#23409: query (cache) 'www.lazarwolf.com/AAAA/IN' denied
[01:41] <MTecknology> thesheff17: oh! Does any kernel module come along with this thing either?
[01:41] <thesheff17> I'm not sure :-/
[01:42] <MTecknology> thesheff17: I just logged in successfuly - let's reboot and be sure..
[01:42] <MTecknology> thesheff17: I didn't do that before - maybe it's the ticket :P
[01:43] <Tohuw> jmarsden|work: I hate to bother you again, but if you get a moment, can you scroll up and take a look at my current issue? I'm a bit lost... new to BIND D:
[01:43] <jmarsden|work> Tohuw: Let me take a look...
[01:44] <Tohuw> Thank you, I greatly appreciate it
[01:44] <MTecknology> thesheff17: k, it's back up
[01:44] <thesheff17> I'm not sure :-/
[01:44] <thesheff17> k
[01:46] <Tohuw> jmarsden|work: here's a tail of syslog that may prove informative: http://pastebin.com/T38KWK9z
[01:46] <jmarsden|work> Tohuw: whois lazarwolf.com shows that the authoritative DNS servers for that domain are ns3.constellationmedia.com and ns4.constellataionmedia.com.  However both those machines refuse my DNS queries about lazarwolf.com.
[01:47] <jmarsden|work> Does your bind config file allow everyone to query that lazarwolf.com zone ?
[01:48] <Tohuw> jmarsden|work: I don't know :( Here it is: http://pastebin.com/QpW3c1zb
[01:48] <Tohuw> (that's named.conf.local)
[01:48] <MTecknology> thesheff17: sorry, reconnect to screen
[01:49] <jmarsden|work> Tohuw: There does not seem to be a config entry for lazarwolf.com in that file at all ... ?
[01:49] <Tohuw> jmarsden|work: oops! Let me add it back in... >.<
[01:51] <jmarsden|work> Tohuw: In about ten minutes or so I will have to get back to "real work"... will try to help you until then.
[01:53] <Tohuw> jmarsden|work: oh awesome it worked that time, though the zone file is still a mess (missing mx and stuff, but that's easy to fix). Now I'm having an apache problem (I think): it's going to the default site, not the lazarwolf.com vhost entry I set. Feel up to assisting me with that?
[01:54] <jmarsden|work> In 7 minutes? :)  We can try.  Did you set a ServerName and ServerAlias for lazarwolf.com and www.lazarwolf.com in the vhost entry?  Can you pastebin it for me to read?
[01:54] <thesheff17> MTecknology: you think it is anything to do with using lenny?
[01:56] <Tohuw> jmarsden|work: the clock is ticking! ;) http://pastebin.com/j4YX7T8N
[01:56] <MTecknology> thesheff17: that error for apt - yes
[01:56] <MTecknology> thesheff17: the rest - it's working perfect
[01:56] <MTecknology> thesheff17: NO explanation of why though
[01:57] <Tohuw> jmarsden|work: I have a separate vhosts file for each site (because I like utilizing the a2ensite tool), so if you need my default vhosts or my apache2.conf, let me know
[01:57] <thesheff17> MTecknology: through the reboot fine as well
[01:58] <MTecknology> thesheff17: yup
[01:58] <jmarsden|work> Tohuw: The lazarwolf.com one looks fine to me.  I'm seeing a "Hello world" page when I browse to http://lazarwolf.com, is that your default vhost?
[01:58] <Tohuw> yes
[01:58] <MTecknology> thesheff17: it's perfect as far as i can see.....
[01:58] <jmarsden|work> OK.  But there are other working vhosts on the machine?  Or is the lazarwolf.com one the only 'real' vhost so far?
[01:59] <thesheff17> MTecknology: yea everything you did looked good?  not sure what happened with the other
[01:59] <thesheff17> hehe not a question.
[01:59] <thesheff17> MTecknology: you think it has to do with moving over the other home dirs?
[02:00] <jmarsden|work> Tohuw: I'm wondering if virtual named hosts are enabled for the IP address concerned?  Looks like an issue of that sort, but I'm guessing and about out of time for now...
[02:00] <Tohuw> jmarsden|work: http://lazarwolf.com/~lazarwolf/ (mod_userdir is on) works, this is where lazarwolf.com is supposed to be pointing. There is another site running, http://projects.constellationmedia.com. And actually, that's where that hello world is from... hmmmm
[02:01] <Tohuw> jmarsden|work: understood. I'll research virtual named hosts
[02:01] <MTecknology> thesheff17: it could.. then I'll find out..
[02:01] <jmarsden|work> Tohuw: OK, sorry to run away but... real work is what I get paid for, and why I am still at work at 6pm local time :)
[02:02] <Tohuw> jmarsden|work: completely understood... reading http://httpd.apache.org/docs/2.2/vhosts/name-based.html now
[02:02] <jmarsden|work> Tohuw: OK.  I may be back here from home as jmarsden in a couple of hours... but hopefully you'll have it all working before that.
[02:03] <Tohuw> hopefully! thanks again :)
[02:03] <jmarsden|work> Tohuw: You're welcome.
[02:16] <thesheff17> MTecknology: also I would check what you ran to move your users over when you do that.
[02:16] <thesheff17> MTecknology: to the chroot
[02:16] <thesheff17> MTecknology: not you don't already know that :)
[02:16] <MTecknology> thesheff17: same thing I used to more testuser1 :P
[02:17] <MTecknology> cd /home/ && for i in *.*; do jk_jailuser -m -j /jail -s /bin/bash -$i; done
[02:17] <MTecknology> thesheff17: each web user has a period in the username - no others do
[02:18] <thesheff17> MTecknology: ah ok
[02:24] <MTecknology> thesheff17: http://dpaste.com/225836/
[02:25] <MTecknology> thesheff17: it didn't like profarius.com
[02:25] <MTecknology> thesheff17: but... I can still log in
[02:25] <MTecknology> thesheff17: I'm gonan reboot and see how long my luck lasts
[02:30] <thesheff17> MTecknology: k
[02:31] <MTecknology> thesheff17: I want to know what it wasn't working - but at the same time I care very little right now.. it's working...
[02:31] <MTecknology> yay
[02:31] <thesheff17> nice
[02:43] <thesheff17> MTecknology: you are running it inside xen right? can you take snapshots of your image in case it breaks again and then you can at least roll back to that moment in time.
[02:43] <MTecknology> thesheff17: no :(
[02:44] <thesheff17> MTecknology: ug...that is why I like kvm and virt-clone :-/
[02:44] <MTecknology> thesheff17: I could do it if i had posession of the host
[03:03] <MTecknology> thesheff17: ......
[03:03] <MTecknology> YES!
[03:04] <thesheff17> working good?
[03:05] <MTecknology> thesheff17: yuppers - flawless
[03:05] <MTecknology> thesheff17: now to move all DNS back and touch up settings and crap
[03:05] <thesheff17> good to hear...hopefully that problem was just a fluke :)
[03:06] <MTecknology> thesheff17: ya, one that only happened twice
[03:10] <tschundeee> how do I add a user to sudoers?
[03:10] <tschundeee> adduser username admin doesn't work
[03:11] <tschundeee> I get: adduser: The group `admin' does not exist.
[03:11] <tschundeee> wtf?! has that changed in 10.04 server?
[03:11] <MTecknology> thesheff17: usermod -a -G sudo USER
[03:11] <MTecknology> thesheff17: cat /etc/group
[03:12] <MTecknology> tschundeee: **
[03:13] <tschundeee> MTecknology: thx
[03:13] <tschundeee> that worked well :)
[03:27] <tschundeee> when I do sudo su with my user I get: sudo: "unable to resolve host myhostname" and then I get su o_O
[03:29] <tschundeee> whoa guys ubuntu server is so great!!! I love it
[03:29] <tschundeee> :D
[03:32] <MTecknology> tschundeee: get it?
[03:33] <tschundeee> MTecknology: jupp ... my /etc/hosts was a little mess
[03:41] <gfx0> hi there
[03:48] <MTecknology> g'day
[03:50] <gfx0> I've assembled a nice little NAS, currently running on ubuntu. Any Ideas what services I should install beside samba, ftp and ssh?
[03:51] <MTecknology> oh...
[03:51] <MTecknology> I get what that emergency sync is now...
[03:52] <gfx0> emergency sync?
[03:53] <jmarsden> gfx0: Making sure everyone has an emergency at *exactly* the same time? :)
[03:54] <jmarsden> gfx0: You could probably run ntp so it acts as a time server for your local LAN.
[03:54] <MTecknology> gfx0: sorry, wrong channel
[03:54] <MTecknology> jmarsden|OffWork: HI!
[03:55] <jmarsden> MTecknology: Hi.  Yes, I'm at home now, but that's my default location, so I'm plain jmarsden :)
[03:55] <MTecknology> jmarsden|plain: oh, ok :)
[03:56] <MTecknology> jmarsden: :P
[03:56]  * jmarsden should probably learn the quassel approach to IRC use, but xchat works fine
[03:56] <MTecknology> jmarsden: I use irssi :) - I just wanted to have some fun
[03:56] <MTecknology> very very VEERRRY crappy day
[03:57] <jmarsden> MTecknology: Understood.  I hope the misery was not caused by Ubuntu -- if it was, file a bug :)
[03:58] <MTecknology> jmarsden: nah - it had to do with a combination of black magic mixed with white hope and unicorn souls were needed
[03:58] <MTecknology> jmarsden: in short... I know what broke - but I don't knwo how or why
[03:59] <jmarsden> OK... I don't have any spare unicorns you can sacrifice, I'm afraid :)
[05:28] <axisys> i am pretty sure it will.. but is there a way to check if debian will run on sun x86 x2270 m2 with 2 Intel 2.40GHz Quad-Core Xeon E5620 and Dual 10-Gigabit Ethernet SFP+ LP
[05:35] <axisys> i meant ubuntu*
[05:48] <jmarsden> axisys: Stick a LiveCD in the machine and press the reset button? :)
[05:57] <axisys> i guess as long as I use latest kernel I should be good
[05:57] <axisys> http://kmuto.jp/debian/hcl/Sun/SunFire+X2270
[07:17] <Tohuw> jmarsden: you around by any chance?
[07:18] <jmarsden> Tohuw: Yes, but somewhat involved helping others in other channels right now... ask away, just don't expect fast responses.
[07:23] <Tohuw> jmarsden: understood. I'm heart-stoppingly close to having my DNS setup kosher, but I've got a little glitch: http://www.intodns.com/constellationmedia.com complains that there are no Reverse MX A records. Here's my named.conf.local: http://pastebin.com/6vRxpRmR And my db.69 (reverse ptr): http://pastebin.com/dmWKFij6
[07:26] <jmarsden> For PTR records, ask the ISP (or are you the ISP)?  It is very unlikely your newly created DNS server will have been delegated authority for reverse DNS for a chunk of public IP address space.
[07:27] <jmarsden> The PTR record needs to be done by whoever "owns" the IP space, not by a normal user like you.
[07:28] <Tohuw> jmarsden: oh! okay, then I need to have the data center (or their backbone providers) handle that. Gotcha. Should I remove my reverse info then?
[07:28] <jmarsden> Probably, it won't do any good for you to publish that from your server, noone will every query your server for that info :)
[07:29] <Tohuw> gotcha. I was just following https://help.ubuntu.com/9.10/serverguide/C/dns-configuration.html D:
[07:30] <jmarsden> For reverse DNS on a LAN, you can do your own thing.  But in general, not for reverse DNS on the public Internet, unless you have been allocated that chunk of IP addresses... they belong to your ISP, not to you, most likely.
[07:32]  * patdk-lap volunteers to query his server for that info :)
[07:33] <Tohuw> jmarsden: makes perfect sense. Thanks!
[07:33] <jmarsden> Tohuw: You're welcome.
[07:35] <patdk-lap> man, I dunno what my colo center did, but they attempt to change the port an for one of their backbone lines
[07:35] <patdk-lap> and everything broke, including all the other backbones
[07:35] <Tohuw> D:
[07:35]  * patdk-lap notes I can ping their stuff now
[07:36] <patdk-lap> hmm, so world to them works again
[07:36] <patdk-lap> them to nyc still broken
[07:36] <Tohuw> patdk-lap: someone over there is hastily correcting a missing "." in a zone file right now
[07:37] <patdk-lap> no
[07:37] <Tohuw> >.>
[07:37] <patdk-lap> not dns issue, this is much more serious
[07:37] <Tohuw> Oh wait, that was me earlier today
[07:37] <patdk-lap> bgp
[07:37] <jmarsden> patdk-lap: If you radically change how you connect to the backbone, it can take a while for dynamic routing tables to recognize the change and stabilize...
[07:37] <jmarsden> Yup, BGP.
[07:37] <patdk-lap> and broken routers
[07:37] <ppher> After installing an ircd, what else need to be done to access it?
[07:38] <patdk-lap> jmarsden, ya, but they have 12 different providers
[07:38]  * Tohuw reads http://en.wikipedia.org/wiki/Border_Gateway_Protocol
[07:38] <patdk-lap> and I tried to get to them over 4 different ones
[07:38] <patdk-lap> their report said they only changed one, the one I had been having issues with from them to nyc
[07:39] <patdk-lap> and after they reported, all complete, working fine, it started to go down
[07:39]  * patdk-lap guesses the replacement couldn't handle the load or something
[07:39] <jmarsden> ppher: telnet or nc to the port it is listening on, if you speak IRC protocol.   Normal humans usually use an IRC client program (xchat, or irssi, or whatever) to talk to it instead.  But for testing whether the ircd is alive, telnet or nc works fine :)
[07:39] <patdk-lap> and started to cause other issues for things that where fine
[07:41] <bcomp> jmarsden: ha thanks.
[07:41]  * patdk-lap is like 4hours late to bed
[07:43] <patdk-lap> it looks like they shutdown the dc -> ny connection, but they still have their ny router advertizing on bgp, causing the issue
[07:43] <Tohuw> jmarsden: http://www.intodns.com/lazarwolf.com reports there are no MX records, but I set some in the zone file: http://pastebin.com/VTheN3Rm
[07:43] <jmarsden> patdk-lap: Stay up another 4 and it will no longer be a problem ... you won't even need to get up :)
[07:43] <patdk-lap> Tohuw, is that valid?
[07:44] <patdk-lap> it's tricky when you edit zone files like that
[07:44] <Tohuw> patdk-lap: can you elaborate? Am I doing that part wrongly?
[07:44]  * patdk-lap also wonders how you have lazarwolf.com. for an A record
[07:44] <Tohuw> I just learned how to use bind today
[07:44] <patdk-lap> what domain is that suppost to be for?
[07:44] <Tohuw> lazarwolf.com
[07:45] <jmarsden> Tohuw: Looks OK, when you made your last change to the zone file did you also increase the serial number in it and reload/restart bind?
[07:46] <patdk-lap> would be much *safer* to use @ instead of the lazarwolf.com. for that MX entry
[07:46] <patdk-lap> but the www in a lazarwolf.com. is invalid
[07:46] <Tohuw> jmarsden: yes, but i can increment/restart bind again patdk-lap: why? (to both of your statements)
[07:46] <patdk-lap> I wonder if named bombs out on that, not sure, I haven't used named forever
[07:47] <patdk-lap> well, you already use @ everywhere else, why not keep it the same, less chances of human mistakes
[07:47] <jmarsden> patdk-lap: www should have the domain auto added to it, should work great.
[07:47] <patdk-lap> though it's technically correct
[07:47] <patdk-lap> named auto changes the dns name to an ip?
[07:47] <patdk-lap> cause A records can only have ip's
[07:48] <jmarsden> ah... sorry.  I see what you mean now.  I though it was the www you were concerned about...
[07:49] <patdk-lap> I think he wanted a cname, though I perfer to put the ip in there and use an A
[07:49] <jmarsden> Tohuw: www should either be a cname for lazarwolf.com, or an A record pointing to an IP address.  Right now it seems to be sort of half andf half.
[07:49] <bcomp> Jmarsden: I just tried telneting in, but got a fat access denied
[07:50] <jmarsden> bcomp: Then either there is a firewall in the way, or you telnetted to the wrong port, or the ircd isn't running and listening on the port you think it is... usual network server debugging.
[07:50] <Tohuw> jmarsden: is one "better" than the other (making it an A and changing it to IP or making it CNAME and keeping it hostname). I personally like the latter idea, only because it's less likely I will change the hostname it points to than the IP it should point to.
[07:51] <patdk-lap> cname causes an extra lookup
[07:51] <bcomp> jmarsden: opened the firewall on 6667, which I thought was the default irc port, but maybe I should check that...
[07:52] <jmarsden> bcomp: So use netstat or similar to check what ports are being listened to, on the server
[07:52] <Tohuw> patdk-lap: how "bad" is an extra lookup?
[07:52] <jmarsden> Tohuw: patdk-lap is right, using a CNAME can lead to an extra DNS query being required, although I think in this case bind will do the smart think and include the necessary A record info as additional info in the first answer it gives.
[07:52] <patdk-lap> depends on the clients dns location and stuff
[07:53] <patdk-lap> 20ms to 300ms
[07:53] <patdk-lap> but only for the first time they access your site
[07:53] <patdk-lap> after that, it doesn't
[07:53] <jmarsden> In fact, I think your web based dns checking tool was telling you that it *did* avoid the extra lookup, earlier on.
[07:53] <Tohuw> so just use an a and call it a day, in your opinion?
[07:53] <patdk-lap> so it depends on how paranoid you are about first page load times
[07:53] <Tohuw> not very, tbh
[07:53] <jmarsden> Then CNAME is fine, just do it :)
[07:55] <Tohuw> ok!
[07:55] <patdk-lap> it's alittle depressing more and more dns is being done over tcp :(
[07:55] <patdk-lap> makes it slower :(
[07:56]  * Tohuw like being told to do what he was going to do anyway
[07:58]  * patdk-lap thinks he will passout in 5min or less
[07:58] <Tohuw> Still getting a "no MX record" error. Updated the zone file: http://pastebin.com/3Kw1E9qn
[07:58] <bcomp> well nmap says the ircd isn't listening on any port, and I started it per the man instructions
[07:59] <patdk-lap> you queried the server directly?
[07:59] <bcomp> Too bad there's no documentation
[07:59] <patdk-lap> not using a dns proxy/recursor?
[07:59] <bcomp> I did it via ssh on the server itself
[07:59] <Tohuw> patdk-lap: using http://www.intodns.com/lazarwolf.com
[07:59] <patdk-lap> that is no good
[07:59] <bcomp> :x
[07:59] <patdk-lap> dns negative cache, of 1hour :)
[08:00] <patdk-lap> so that check won't work for an hour from now :)
[08:00] <patdk-lap> to test your changes
[08:00] <Tohuw> oh
[08:00] <Tohuw> D:
[08:01] <patdk-lap> change your negative cache ttl to like 60 if you want it faster (still have to wait an hour this first time though)
[08:01] <bcomp> jmarsden: well apparently I didn't start the ircd even though I thought I did because the documentation sucks
[08:01] <jmarsden> bcomp: Check on the server itself, using netstat or ss or similar tools.  Yes, that would explain it.
[08:01] <bcomp> Yeah I ssh'd and ran nmap
[08:01] <Tohuw> patdk-lap: is there a way to run tests inside of the negative cache time? install dnsutils on the local server and use dig or something?
[08:02] <bcomp> It wasn't listening to any port
[08:02] <patdk-lap> I don't see any mx direct
[08:03] <jmarsden> OK, I need to get some sleep... goodnight all.
[08:03]  * patdk-lap is confused though, ns3.constellationmedia.com is saying you have an AAAA record, but I don't see one in what you posted
[08:03] <bcomp> Night
[08:06] <Tohuw> patdk-lap: I deleted it. Is there any reason to keep it? I know it's for IPv6, but I'm not really using that for any interfaces, etc. Should I still bother with AAAA records
[08:06] <patdk-lap> you should only ever use aaaa if you have a working ipv6 running your services
[08:07] <patdk-lap> otherwise people with ipv6 will attempt to use it, and never use ipv4
[08:07] <Tohuw> makes sense. I don't.
[08:07] <patdk-lap> well, I guess your dns servers are not up to date
[08:07] <patdk-lap> guess you are playing with a hidden-master server
[08:07] <patdk-lap> and those two servers are slaves, and out of date
[08:08] <patdk-lap> the ns3 and ns4.constellationmedia.com ones
[08:09] <patdk-lap> hmm, actually, I think your soa went back in time
[08:10] <patdk-lap> cause those have 2010080711, but your post says 2010080706
[08:10] <patdk-lap> need to incrase your soa in your server to be higher
[08:11] <patdk-lap> or they will never get updated
[08:12] <Tohuw> patdk-lap: I am manually sync'ing the server with ns1. and ns2. It can't be set as a slave because it has WHM on it, and I can't heavily interfere with it or cause downtime. It's scheduled for very soon deprecation anyway. So technically ns1. and ns3. are both masters (yes I know that's sort of bad)
[08:12] <patdk-lap> well, it still doesn't help that your soa values are out of order
[08:13] <patdk-lap> the ones you posted you said you fixed those issues
[08:13] <patdk-lap> but it's soa value is smaller
[08:15] <Tohuw> patdk-lap: db.lazarwolf.com is 201080706, db.constellationmedia.com. is 2010080711
[08:23] <chrislabeard> Hey guys, how would I allow my server to be shared across the network ?
[08:23] <chrislabeard> So you can access it
[08:25] <Callum__> chrislabeard: use Samba and/or NFS
[08:52] <MACscr> how can i uninstall something with aptitude, but keep all its dependencies?
[09:09] <Tohuw> Any idea why http://www.intodns.com/lazarwolf.com would report there are no MX records? My zone file for lazarwolf.com: http://pastebin.com/3Kw1E9qn
[10:00] <Tohuw> All fixed now; PEBKAC
[10:08] <robertpayne> Is there any complete guides on the Ubuntu wiki for 10.4 Postfix/Dovecot mail server by chance?
[10:20] <Tohuw> robertpayne: have you looked at https://help.ubuntu.com/10.04/serverguide/C/email-services.html ?
[10:21] <robertpayne> Tohuw: not specifically..I think I'm getting caught up in details when I install everything
[10:22] <Tohuw> robertpayne: check out the docs listed there; it's a good place to start and get a walkthrough of initial configuration
[10:22] <robertpayne> Tohuw: Setting up a full mail stack with virtual box and trying to get TLS/SASL ontop of it...
[10:23] <robertpayne> Tohuw: Yeah thanks, The part that gets confusing for me is TLS/SASL. Do you need both installed? I'm planning on only allowing connections through TLS but the password is still sent as plain text then correct?
[10:26] <Tohuw> You need a mechanism. TLS is just what it says it is: a layer for secure transport. SASL is how you authenticate, TLS is how it is secured. See https://help.ubuntu.com/10.04/serverguide/C/postfix.html#postfix-smtp-authentication
[10:51] <Callum__> hmmm, I wonder where I can buy some gigabit ethernet cards at a decent price
[10:52] <Callum__> damn no money being non-profit
[11:39] <mina> hi, anybody can answer an apache related question?
[11:55] <MACscr> i have my swap partition created and setup within fstab, but it doesnt seem to be working as swap is showing 0k available. What log should i look at to see why its not being mounted ot boot or what might be wrong?
[11:57] <zash> MACscr: try grep swap /var/log/messages
[11:58] <oCean_> MACscr: what does "swapon -s" output?
[11:58] <MACscr> doesnt show anything listed
[11:59] <oCean_> MACscr: have you added the swap partition in /etc/fstab using its UUID?
[11:59] <MACscr> i just have /dev/sda2	swap	swap	defaults	0	0
[11:59] <oCean_> MACscr: and after editin /etc/fstab, you did 'swapon -a' ?
[12:01] <MACscr> oCean_: thanks, looks like the server image had the partition names wrong. I should have checked that. It should have been xvda2
[12:01] <MACscr> fixed and thanks
[12:02] <MACscr> btw, i just had another user login as root while i was logged into root. How do i view that users history?
[12:02] <oCean_> MACscr: you could set it up using the device's UUID, that way you know it's always the correct device. Use 'sudo blkid' to identify partitions by UUID
[12:03] <oCean_> MACscr: the history gets "mixed" in with yours (in ~/.bash_history) after exiting the shell
[12:04] <MACscr> oCean_: i ran history and its only showing my stuff
[12:05] <oCean_> MACscr: is the other user logged out yet?
[12:05] <MACscr> yes
[12:06] <oCean_> hmm.. I'd say in that case you would see his history too. Maybe you should logout also (and in again ofcourse)
[12:06] <oCean_> I didn't think that necessary
[12:06] <MACscr> loooks like just doing 'cat ~/.bash_history' worked. Thought i could just do 'history'
[12:07] <oCean_> MACscr: I guess when you log in again, you'll see it in 'history' command
[12:12] <MACscr> ok, last question for awhile. I installed a deb using dpkg and it installed a bunch of dependencies like apache, mysql, etc. Anyway, i removed just the main app by doing dpkg -r name. Now anytime i try to do anything with aptitude, its saying its going to remove apache, mysql, etc. How can i stop that?
[12:58] <oCean_> MACscr: dpkg --get-selections | grep apache2 shows "deinstall" ? You could use --set-selections to change it to "install". I don't exactly know in what state the package becomes. (configure-file wise I mean) a 'dpkg -l apache2' shows "rc" at starting of line?
[14:01] <CppIsWeird> how does a package install into the update-java-alternatives list?
[16:05] <stavi2> anyone have experiencing diagnosing grub issues remotely?  I can reboot to a rescue environment, but can't see the screen.  datacenter is useless.  does grub keep any logs?
[16:08] <patdk-lap> what kind of video card in it?
[16:08] <stavi2> its at datacenter far away...that's why i can't see the screen.
[16:08] <patdk-lap> oh
[16:08] <patdk-lap> I thought you meant the datacenter people wouldn't read the screen also
[16:09] <patdk-lap> lucid?
[16:09] <stavi2> oh, they will read the screen for me.  with a 3 hour turn around time to find out what message it says.
[16:09] <stavi2> 10.04
[16:09] <patdk-lap> this is where asking them to plug in a ip-kvm is nice
[16:10] <stavi2> this is where they having ipkvms would be awesome, I agree.  I'm actually probably switching hosts over that issue.
[16:10] <stavi2> I can't fix bootloader/kernel stuff without it...and they can't fix it because they don't know how.
[16:10] <patdk-lap> heh
[16:10] <patdk-lap> I can think of several different issues
[16:10] <patdk-lap> but hard to say what is your issue without any info :(
[16:10] <stavi2> well, let me tell you the full story about what I did.
[16:11] <stavi2> this server had 10.04 installed on it.  But I wasn't really using it.  Another of my servers crashed, so I am trying to restore that server to this one.  I basically rsynced the entire hard drive over to this server.
[16:12] <stavi2> all the permissions have been preserved, everything looks ok.  But according to the datacenter people, when it boots, it just hangs saying "GRUB"
[16:14] <patdk-lap> was grub2 on it? or old grub?
[16:15] <stavi2> old grub.  I've chroot'ed from the rescue env. to the real system.  grub says version 0.97
[16:15] <patdk-lap> heh, evil
[16:15] <patdk-lap> that is probably why it broke
[16:15] <patdk-lap> never ran update-grub after the restore?
[16:15] <stavi2> I did, actually.  but I'll try it again.
[16:15] <patdk-lap> grub depends on knowing where the files are on the disk
[16:15] <patdk-lap> grub2 doesn't
[16:16] <stavi2> ya, I wish it was grub2, but again, datacenter does weird things...this is how they fixed it when a kernel update broke my server.
[16:16] <stavi2> I'd kill for an IPKVM right now.
[16:16] <stavi2> update-grub seemed to do something....i'll try rebooting again :)
[16:17] <patdk-lap> wait, maybe
[16:17] <patdk-lap> might want to check what it did :)
[16:17] <stavi2> it asked me if my changes to menu.lst were ok (they are).
[16:18] <patdk-lap> what is in /boot/grub/device.map?
[16:23] <stavi2> (fd0)   /dev/fd0
[16:23] <stavi2> (hd0)   /dev/sda
[16:23] <stavi2> which looks ok.  /boot is on sda1.  / is on sda5
[16:25] <patdk-lap> want to pastebin /boot/grub/menu.1st
[16:26] <stavi2> http://pastebin.com/sGbKmE5L
[16:28] <patdk-lap> hmm, you have grub2 chainload installed
[16:28] <stavi2> grub2 was installed at one point...but that broke things, so they (datacenter) switched it back to grub1
[16:29] <patdk-lap> heh, I love the def of broke things
[16:29] <patdk-lap> don't fix, replace :)
[16:29] <stavi2> without an ipkvm, i got no choice but to have them fix it...it's not the way I would have gone.
[16:29] <patdk-lap> hmm, looks ok, your is missing groot option that mine has
[16:29] <patdk-lap> but I don't *think* it's required
[16:31] <stavi2> hmm...that's weird.  /tmp was empty before I tried booting it.  now it has a couple files in it...maybe it's getting at least part way through the boot process now.
[16:31] <patdk-lap> heh, my hardy and gusty systems both have it though
[16:31] <patdk-lap> heh, if tmp has anything
[16:31] <patdk-lap> it was atleast remounted rw
[16:32] <patdk-lap> so it's upto/paste initrd atleast
[16:32] <patdk-lap> past
[16:32] <stavi2> I've got two dir's .ICE-unix and .X11-unix, and a hsperfdata_root folder
[16:32] <patdk-lap> hmm, that would be booted
[16:32] <stavi2> yeah...maybe the update-grub did fix it.
[16:33] <stavi2> hey!  there's stuff in /var/log that has a recent timestamp!
[16:33] <patdk-lap> you didn't use update-grub2 last time by mistake? :)
[16:33] <stavi2> nope, i'm sure I didn't./
[16:33] <wieshka> HELP: i installled ubuntu 10.04 lucid server on RAID 1 + LVM (each physical disk, contains one big RAID partition, and after that, on RAID device #0 i setted up LVM with 1 volume group with 8 logical volumes) ... now i am trying to boot my fresh install - i have error and boot fails. Error data: http://wieshka.pastebin.com/mv1yuusb
[16:33] <stavi2> but I might have run the one from the rescue environment instead of running it after chrooting.
[16:33] <stavi2> lets reboot and see if it works...
[16:35] <patdk-lap> ureadahead exit code 4 isn't an issue
[16:35] <patdk-lap> ata_id[680]: HDIO_GET_IDENTITY failed for '/dev/sda', I dunno if it's an issue or not, dunno what it means
[16:35] <patdk-lap> but your lvm mounted just fine
[16:36] <wieshka> patdk-lap: i dont have any idea what ata_id[664]: HDIO_GET_IDENTITY failed for '/dev/sdb' means ....
[16:36] <wieshka> h/w RAID is disabled in BIOS
[16:37] <wieshka> so there is no fakeRAID, what makies mess
[16:37] <stavi2> wieshka:  the HDIO_GET_IDENTIFY failed appears to mean that hdparam can't identify the drive.  that's usually normal for SCSI/SATA drives.  Might prevent things liks SMART from working, but shouldn't be a show stopping issue.
[16:38] <wieshka> SMART - it was a BIOS option ?
[16:38] <stavi2> at least that's what my googling shows.
[16:38] <wieshka> S.M.A.R.T if i remember correctly
[16:38] <stavi2> smart tells you if a hard drive is showing signs of failing soon.
[16:39] <patdk-lap> the bios option for it, just makes your computer not boot, if the drives smart says a drive is bad
[16:39] <wieshka> ok - what are my opions now
[16:39] <wieshka> HDD's are identical and directly from shop
[16:41] <wieshka> i can boot in rescue mode, but what i need to check out ? hdparm output ? what it will give for me
[16:43] <stavi2> what's the last thing on the screen when you try to boot it?
[16:43] <wieshka> init: unreadahead-other main process (992) terminated with status 4
[16:44] <stavi2> http://techblogparade.blogspot.com/2010/05/howto-fix-ureadahead-problem-after.html
[16:45] <wieshka> stavi2: thx - i will give a try!
[16:46] <wieshka> rebooting in rescue mode
[16:46] <stavi2> wieshka:  hope it works
[16:46] <stavi2> patdk-lap: well, tried rebooting the server.  still not responding to ping.  maybe it's running fsck, so I'll give it a little while before going back to rescue mode and looking at the logs.
[16:46] <wieshka> stavi2: i hope to - anyway better have a option to check out, then no ideas :)
[16:49] <wieshka> ok - so now i am in rescue mode
[16:49] <wieshka> becouse rescue didnt found my raid device to mount
[16:54] <wieshka> stavi2: i cant mount my system
[16:54] <wieshka> from busybox
[16:55] <wieshka> fdisk -l lists two identical disks as Linux raid autodetect
[17:08] <wieshka> how can i access my RAID disk (mount) using rescue mode .... rescue mode offers me only two options - try to mount /dev/sda1 what fails, or do not usa a root file system, so, i have only BusyBox
[17:13] <wieshka> stavi2: still here ?
[17:20] <carleas> I've set up bind9 on my server, and I want to make sure it's serving the right stuff before I have my secondaries start transfering it.  How can I query that?  I know dig looks that stuff up for a live server, but as of now it's not serving to anyone, so dig pulls up info from my old nameserver
[17:38] <hggdh> carleas: dig @<your server> <query where <your server> points to your server
[17:40] <carleas> But I currently have mydomain.com being set up through another nameserver.  When I use dig, it gives me information from that server.
[17:43] <carleas> Currently, a server rsyncs the zone file for my domain from myserver1.  I'm setting up a primary DNS server on myserver2, and I want to test that I've configured it right before I switch between them.
[17:45] <hggdh> carleas: dig@myserver2 something
[17:45] <hggdh> carleas: dig @myserver2 something
[17:46] <hggdh> if myserver2 has the data, you will get it (or it may forward therequest, depends on your settings)
[18:01] <carleas> OK, cool.  Thanks, hggdh.
[20:20] <ruben23>  hi guys
[20:20] <ruben23> does anyone know how to correct this error----> http://pastebin.com/eFZgtGQa
[20:21] <Black_Prince> rm -rf ~/.ssh
[20:22] <ruben23> on the server.>?
[20:22] <Black_Prince> on the system you are trying to connect FROM
[20:24] <ruben23> Black_Prince::-D sorry im confused, this errors occur on client.. while connecting to server, whihc i set this.
[20:24] <Black_Prince> root@chris-laptop:~#
[20:24] <Black_Prince> on this terminal
[20:24] <Black_Prince> you type rm -rf ~/.ssh
[20:24] <Black_Prince> on your client computer
[20:27] <ruben23>  Black_Prince:still the same as i run that...
[20:27] <Black_Prince> you typed it on laptop or on server?
[20:28] <ruben23> on the altop
[20:28] <ruben23> laptop i mena
[20:29] <Black_Prince> rm /root/.ssh/known_hosts
[20:30] <guntbert> Black_Prince: both statements might be bad advice ™
[20:30] <ruben23> guntbert:why..?
[20:31] <patdk-lap> did you recently reinstall that computer your attempting to connect to?
[20:31]  * patdk-lap would just delete the first line, if it's known it should change
[20:31] <ruben23> patdk-lap: no
[20:31] <guntbert> ruben23: because 1) it might be possible that you have really a "man in the middle", 2) you might have other known hosts too -- so you should look into it and the decide how to go on
[20:32] <patdk-lap> well, that message is saying something changed
[20:32] <patdk-lap> if you didn't change it, well
[20:32] <guntbert> *then
[20:33] <chrislabeard> hey, guys I'm using ehcp for my server and for some reason apache can't write to the user's directory is there a way that I can set this up to work for every user.
[20:33] <guntbert> ruben23: it works this way: whenever you connect to some machine for the first time you are asked if you trust its signature
[20:33]  * patdk-lap started putting all his thumbprints in dns, makes it nice
[20:33] <guntbert> ruben23: if you say "yes" the key is added to .ssh/known_hosts
[20:34] <ruben23> ok
[20:34] <ruben23> then
[20:34] <guntbert> whenever the same host presents a different key you are alerted
[20:34] <guntbert> thats why patdk-lap asked if *you* changed something
[20:35] <ruben23> oh.., host key chnages when changed IP..? and what others task triggers for the jey to change..?
[20:37] <guntbert> ruben23: no, the hostkey is usually not changed by address changes
[20:39] <guntbert> ruben23: but for (2): you may have many keys in .ssh/known_hosts, you can see from the error that in this case it is the first entry (each entry is 1 line in the file), so you *can* delete just that line when you are certain that it is ok
[20:40] <ruben23> ok clear now
[20:43] <guntbert> ruben23: please see http://www.thegeekstuff.com/2010/04/how-to-fix-offending-key-in-sshknown_hosts-file/
[20:53] <stavi2> So I got hacked...found SHV5 rootkit.  How do I figure out how they got in in the first place, to make sure it doesn't happen again?
[20:55] <patdk-lap> disconnect the network cable and never plug it in again :)
[20:56] <stavi2> patdk-lap:  lol.  I restored it from a backup from before they got in...but that means whatever vulnerability they used in the first place is still there.
[20:56] <patdk-lap> I find almost all issues relate to crappy cgi or ftp
[20:57] <stavi2> no ftp server.  apache runs on this server, but the entire thing requires a password.
[20:58] <patdk-lap> requires a password over ssl?
[20:58] <patdk-lap> or none-ssl
[20:58] <stavi2> patdk-lap: no ssl :(
[20:58] <patdk-lap> if non-ssl, then the password is mostly useless
[20:58] <stavi2> guess all I can do it go searching through logs and hope they didn't clean up after themselves very well.
[20:58] <patdk-lap> any public wifi, private wifi, ...., hacked home router, ...., could of recorded it
[20:58] <patdk-lap> happens all the time for ftp
[20:59] <stavi2> it's a server in a datacenter.
[20:59] <patdk-lap> no, I mean for where you accessed it from
[20:59] <stavi2> oh, right
[20:59] <patdk-lap> or where anyone accessed it from
[22:50] <fidelix_> Hey guys, i created my mail server, and i can send emails and connect to it with Thunderbird.
[22:51] <fidelix_> However, sending mails to my account from outside bounces the message back.
[22:51] <fidelix_> What could be happening?
[23:12] <fidelix_> Can you guys help me to set my DNS server?
[23:17] <Joshua1983> Hello
[23:17] <Joshua1983>  
[23:54] <Callum__> okay, so I retired my last SCSI drives out of my server, since they are pretty much dead and I have enough SATA drive capacity to replace them with
[23:54] <Callum__> they were good to me for a good while, shame they had to die