[00:26] <genii-around> typo3 default database name of typo3-database causes problems when you try to do a mysql command like:   GRANT ALL ON typo3-database TO 'somebody'@'somewhere'   ...it chunks out because of the hyphen
[01:37] <kjs> is anyone on amazon EC2 micro? I wonder if it's fast enough for a small blog? about 5k visitors a day?
[01:38] <TheLordOfTime> i don't have 5k visitors a day but i dont see why it wouldnt be able to handle 5,000 visitors a day
[01:38] <TheLordOfTime> i know a few ubuntu members with HUGE blog turnaround traffic-wise and they use EC2 micros.
[01:39] <kjs> TheLordOfTime: but you're on a micro?
[01:39] <kjs> ah ok, cool, if you don't mind me asking, how much does it cost you roughly per month?
[01:41] <tonyyarusso> Is micro the one they'll give you free for the first year?
[01:43] <TheLordOfTime> kjs, my blog's on a micro, but i'm in the free tier right now
[01:43] <TheLordOfTime> my blog doesn't get 5k/day traffic though
[01:43] <kjs> 5k is not a lot
[01:44] <kjs> my blog is also static, so it should be fine... the free tier?
[01:44]  * kjs goes to google about this
[01:45] <TheLordOfTime> they have a free 1y micro tier for people
[01:45] <TheLordOfTime> then after that year they charge you.
[01:45] <tonyyarusso> Works out to about $15/mo, compared to $20 for the base Linode.
[01:45] <TheLordOfTime> mhm
[01:46] <TheLordOfTime> of course when my year's up i'm 'shifting data over to the cheaper server(s) i use for TrekWeb (which is a LOT higher data traffic)
[01:46] <TheLordOfTime> (cheaper, yet higher data traffic... don't ask how i even achieve that)
[01:47] <kjs> I am currently at Linode.
[01:47] <tonyyarusso> me too
[01:47] <kjs> might move to amazon for a year if it's free tho :P
[01:48] <tonyyarusso> I should probably ask if I can run a server at work though and save the money.  Would be pretty easy.
[01:50] <kjs> I know at work we have a bunch of VPS now + an old dedicated server, I wonder if I should setupa  server running openstack and run the vps's on that would save money... Single point of failure on that server then though...
[01:51] <kjs> OVH are setting 2 x 120Gb SSD's, 32Gb of ram unlimited 100mbps for 59GBP
[01:54] <tonyyarusso> My workplace has a full datacenter (a couple, actually), but I don't know if they'd let me colocate a personal system there.  Probably, but I don't know.
[01:54] <tonyyarusso> might be worth a shot
[01:54] <kjs> patch it in and find out ;)
[01:55] <tonyyarusso> heh, no
[02:47] <RoyK>  +++
[02:47] <RoyK>  ++
[05:47] <TheGuy> Hey everyone, happy thanksgiving
[05:48] <TheGuy> anyone with eperience setting up multiple websites under one eternal IP address? Having difficulties setting it up properly
[05:51] <patdk-lap> using what webserver?
[05:52] <TheGuy> standard LAMP setup, apache2
[05:52] <TheGuy> I have been looking into the virtual host setup guides and hve not been able to find one applicable or that will work
[05:53] <patdk-lap> http://ubuntu-tutorials.com/2008/01/09/setting-up-name-based-virtual-hosting/
[05:53] <patdk-lap> probably the simplest
[05:53] <TheGuy> as is, it directs querries from both site domain addresses to one sites files
[05:54] <patdk-lap> now your not making sense
[05:55] <TheGuy> excuse me, when someone types one address, it goes to one site, they type the other address it goes to the same site
[05:55] <patdk-lap> then you probably failed to setup the default catchall virtualhost for that ip
[05:55] <patdk-lap> so that all unknowns go there
[05:55] <patdk-lap> otherwise apache just picks one, or the first one, or whatever
[05:56] <TheGuy> I will look through this site you linked me, looks like some good info, Ill keep that in mind
[06:13] <TheGuy> hmmm, that guide did not work either, a lot of errors on the reload
[06:15] <patdk-lap> it sounds like you have followed too many guides
[06:15] <patdk-lap> and have made way too many changes that you dunno what they are
[06:25] <TheGuy> no, i actually know the eact files that i have changed lol
[06:25] <TheGuy> since it is only 1 that they tell me to change that is included
[06:26] <TheGuy> which is the apache2.conf file, and that i should make the site-available files and then enable them
[06:27] <TheGuy> the webserver is still more then operational and does show 1 site, but the other site is not shown when typing in its adress, it defaults to the first one
[06:28] <TheGuy> there has to be something im missing, or that these guides are missing, since its all basically the same process minus one thing here and plus one thing there, i have not gotten any to work
[12:06] <Akendo> Good Morning Guys, what a wonderful day!
[13:56] <zul> Daviey: apparently you can download vm in openstack through bittorrent
[13:58] <Daviey> zul: oh?
[13:58] <zul> xenapi only though
[14:01] <Daviey> interesting... it's how twitter do their code pushout aiui
[14:01] <Daviey> zul: whilst i have you, yolanda is super keen to contribute.. Do you have anything that would be good th throw that way?
[14:02] <zul> Daviey: are we talking packaging or upstream stuff?
[14:03] <iliv> anyone familiar with policykit? I botched up sudoers file, and read it on the might Internet that pkexec visudo can help me, but it needs /usr/lib/policykit-1/polkit-agent-helper-1 running. however, trying to start that helper results in "polkit-agent-helper-1: wrong number of arguments. This ...
[14:03] <iliv> ... incident has been logged.'
[14:04] <zul> yolanda: ping
[14:04] <yolanda> hi zul
[14:04] <iliv> booting into recovery mode is least desired option, I'd love to do this with 0 downtime
[14:05] <zul> yolanda: heya...python-glanceclient is ftbfs if you want to take a crack at fixing that, that would be cool otherwise there is a bunch of bugs folsom-backport-potential in launchpad at https://bugs.launchpad.net/bugs that could possibly be backported
[14:07] <yolanda> checking
[14:08] <yolanda> zul, ok, i'll take a look at it
[14:08] <zul> yolanda: cool if you need any help lemme know
[14:09] <yolanda> ok
[14:10] <zul> koolhead17: you want some openstack stuff to do?
[14:13] <koolhead17> zul, sure sir
[14:13] <koolhead17> show me the way am all in
[14:13] <zul> koolhead17: figure out why stable/folsom is ftbfs https://jenkins.qa.ubuntu.com/view/Openstack_Testing/view/Folsom/job/precise_folsom_nova_stable/664/console
[15:21] <hallyn> stgraber: bug 1075917, I'm intendingn to mark it wontfix with a comment that it is a new feature, not a bugfix.  should if you disagree
[15:22] <stgraber> hallyn: yeah, sounds fine. I'm in the process of getting an official lxc backport to precise anyway
[15:24] <yolanda> zul, here is a paste of the errors on glanceclient: http://paste.ubuntu.com/1379659/
[15:25] <zul> yolanda: grr...ok we just might want to disable the tests or let the package to build even if the tests fail
[15:26] <yolanda> i'll take a look
[15:33] <hallyn> stgraber: cool, thanks
[15:41] <chmac> What's the command to see which applications are using the network?
[15:41] <chmac> Something on the machine is downloading ~1Mb/s and I can't figure out what it is.
[15:49] <iliv> chmuri, try trafshow or iptraf
[16:17] <jamespage> zul, I just noticed that all of the branch merges in the lab happen the wrong way around
[16:17] <zul> jamespage: uh?
[16:17] <jamespage> its not functionally impacting but it makes the bzr history look really odd
[16:18] <zul> jamespage: how so?
[16:18] <jamespage> bzr branch lp:~openstack-ubuntu-testing/nova/grizzly
[16:18] <zul> right
[16:18] <jamespage> bzr merge lp:~openstack-ubuntu-testing/nova/grizzly-precise
[16:18] <jamespage> bzr push lp:~openstack-ubuntu-testing/nova/grizzly-precise
[16:18] <jamespage> the changelog for the merge accmulates over time
[16:19] <jamespage> I think it should branch the grizzly-precise branch; merge the grizzly branch and then push it
[16:20] <jamespage> maybe
[16:20] <jamespage> I need to take a look at it again
[16:20] <zul> jamespage: that sounds right to me
[16:24] <jamespage> zul, from the precise-grizzly branch atm its impossible to tell the lab builds apart from each other
[16:24] <jamespage> lol
[16:30] <zul> okies g1 uploaded
[16:33] <yolanda> zul, if i build the package with the DEB_BUILD_OPTIONS=nocheck , it builds properly
[16:34] <zul> yolanda: right because nocheck disables the testsuite, if you add || true where it runs the test then you should be ok
[16:35] <yolanda> ok, just force the conditions for the nocheck always to be true, right?
[16:36] <zul> right
[16:36] <yolanda> ok
[16:58] <yolanda> zul, it works, yes
[16:58] <zul> yolanda: cool
[16:58] <yolanda> where can i push the changes?
[16:59] <zul> bzr branch lp:~openstack-ubuntu-testing/glance/grizzly
[16:59]  * zul lunches
[16:59] <yolanda> ok
[17:07] <yolanda> zul, sorry, what version number should i set in changelog? the last one is 2013.1~g1~20121114.296.g517739f-0ubuntu3
[17:08] <TheLordOfTime> wouldnt it be all that plus a .1 ?
[17:08] <TheLordOfTime> for bugfixing at least.
[17:09] <TheLordOfTime> new releases, different issue :P
[17:09] <jamespage> yolanda, one sec - lemme check
[17:10] <jamespage> yolanda, just add your changes to the changelog entry already present
[17:10] <jamespage> its UNRELEASED so still open for additions prior to final upload
[17:11] <yolanda> ok
[17:11] <jamespage> yolanda, dch -t will add you to the current changelog entry
[17:12] <yolanda> yes
[17:18] <jamespage> adam_g, zul: I sorted out the swift stable/folsom builds - not sure why it had not been switched over from trunk but it is now
[17:18]  * jamespage likes lots of green balls
[17:19] <yolanda> zul, should i push it to same branch or i push to another that is mine and then we do the merge?
[17:19] <zul> yolanda: just push it to the same branch we havent worked out the merge system yet
[17:19] <yolanda> ok
[17:20] <Daviey> jamespage: I think that should be added as a quote.
[17:21] <jamespage> yolanda, you can raise a merge proposal but you currently then have to re-target it in launchpad to the correct branch
[17:21] <zul> jamespage: can we add a table of contents to this page: https://wiki.ubuntu.com/ServerTeam/OpenStack im going to be adding some content as well me thinks
[17:21] <zul> Daviey:  done and done
[17:21] <jamespage> zul, feel free - but make it nice and pretty!
[17:27] <yolanda> seems i'm having some issue with the push: bzr: ERROR: Cannot lock LockDir(http://bazaar.launchpad.net/~openstack-ubuntu-testing/glance/grizzly/.bzr/branch/lock): Transport operation not possible: http does not support mkdir()
[17:27] <yolanda> i readed and says something about being identified with launchpad-login, but i'm in
[17:27] <Daviey> yolanda: please can you work out where you are pushing?
[17:28] <Daviey> seems you are pushing over http, not ssh.
[17:29] <yolanda> seems i'm pushing to http, yes, but if i push by bzr+ssh it also fails with permission denied
[17:29] <Daviey> yolanda: you are not in ~openstack-ubuntu-testing... you want to psuh to ~yolanda and request a merge proposal
[17:29] <yolanda> i see
[17:32] <yolanda> oh, my launchpad messed keys again :(
[17:32] <yolanda> i cannot push event to my existing branches
[17:32] <yolanda> sorry, even
[17:37] <lvmer> I'm looking to setup a LAN storage for movies / pictures that will be viewable on a living room tv. What is the best way to do this? 1) Have a simple win7 computer next to the TV that connects to a LAN Samba storage server in the basement - funnels movie/picture files to the tv. 2) Are "smart" tv's available? Where I can just ethernet connect them and they will work with the samba server? 3) DLNA? 4) open to ideas?
[17:38] <sarnold> lvmer: investigate mythtv
[17:38] <digadvan> any of you setup a bind9 dns slave server before? are the zone files suppose to replicate from master to slave automatically?
[17:38] <sarnold> lvmer: I've tried dlna to my ps3, damned thing is very picky about file formats though
[17:38] <xnox> lvmer: mythbuntu is for you.
[17:38] <lvmer> yah I was thinking either mythtv or a dlna like tvmobili
[17:39] <lvmer> but I was definitely worried about formats
[17:39] <sarnold> lvmer: but simple http to serve the files, copy them over to the ps3, and play them 'locally', works well enough for me for as infrequently as top gear is released....
[17:39] <lvmer> sarnold: YOU ARE A TOP GEAR FAN?!
[17:39] <lvmer> sarnold: omg mee too!!! I have every single episode / special
[17:39] <sarnold> lvmer: of course. :) hehe.
[17:39] <lvmer> sarnold: lmk if you ever need any,  'finalgear.com' is a great resource.... xD
[17:40] <sarnold> lvmer: yeah, I'm thrilled for those guys, saves tons of time on irc, feels way less dirty than the Big Torrent Sites... :)
[17:40] <lvmer> so for myth tv - I will need 2 computers right?  1 = NAS or samba storage   2 = vga to tv & sound to reciever?
[17:41] <lvmer> because some of my blue ray rips from my brother (he is obsessed with blurays) are 7.1 sound. And I'm not quite sure how to get that in/out the tv or reciever
[17:42] <sarnold> lvmer: I think there's a backend myth machine and a frontend myth machine; probably storage could be on backend or on a third machine
[17:42] <lvmer> because vga = no sound connection && hdmi = stero
[17:42] <lvmer> sarnold: ok, & which computer is the most important?
[17:42] <sarnold> lvmer: dunno there, sorry. :)
[17:43] <lvmer> because right now I have 2 old computers.... 1x = year 2000 & p4 - 2ghz, 2gb ram, IDE HDDS, other = laptop 2008, 3gb ram, duo-core.
[17:43] <lvmer> my goal is to build a newer computer so I can use like 6x SATA HDD's
[17:43] <lvmer> and I'm wondering... should this be the storage computer in the basement? or the computer with an old gpu connected to the tv?
[17:44] <yolanda> https://code.launchpad.net/~yolanda.robla/glance/grizzly/+merge/135955
[17:44] <yolanda> zul ^
[17:44] <digadvan> any bind gurus online?
[17:45] <lvmer> xnox: I appreciate the help.
[17:45] <lvmer> sarnold: I appreciate the help.
[17:45] <lvmer> /me is off to investigate mythtv & mythubuntu
[17:46] <sarnold> digadvan: oh, right, slaves, got distracted. I _think_ the zone transfers need to be configured on both peers, to ensure the master allows the slave to request zone transfer
[17:50] <digadvan> sarnold: I did configure the slave to see the master and allowed tranfer from master to slave.. but still no go.
[17:50] <sarnold> digadvan: anything in the logs?
[17:53] <genii-around> digadvan: You might have to bump the serial number in the zone file. eg: right under IN SOA  ns hostmaster (      is usually something like: 2012112200      ; serial number -- yyyyMMddss.
[17:54] <genii-around> Otherwise it doesn't push the new records out
[18:07] <zul> yolanda: merged thanks
[18:16] <yolanda> zul great
[18:17] <zul> yolanda: np
[18:18] <yolanda> leaving for today, have a nice weekend
[19:04] <sh_t> hi everyone. has anyone here used Ubuntu precise with bonding mode 4 (LACP/802.3ad)? I'm unable to get any traffic past my gateway router.. but I can ping the gateway. everything in /proc/net/bonding/bond0 appears to be correct as if the bond was working but no traffic passes through the gateway.
[19:05] <sh_t> I've attempted exactly what's described here https://help.ubuntu.com/community/UbuntuBonding as well as an older method where you put the configuration into /etc/modprobe.d/bonding.conf -- both behave the same
[19:07] <sarnold> sh_t: does 'ip route show' show the gateway as a 'via nnn.nnn.nnn.nnn' entry anywhere?
[19:08] <capitaninsaneoh> hello
[19:08] <capitaninsaneoh> If I am adding iptables rules to the default input chain and I've opened up a service that uses UDP and TCP do I need to add a default drop rule?
[19:09] <capitaninsaneoh> do I need to add - iptables -A INPUT -j DROP -p udp -i eth0
[19:09] <capitaninsaneoh> ?
[19:12] <Daviey> zul: grizzly staging populated with folsom now
[19:12] <zul> Daviey: cool...still scheming
[19:13] <Daviey> roaksoax: suck, the LP diff is flawed.
[19:16] <sh_t> sarnold: sorry just a sec, tinkering to get it back to how it was :p
[19:17] <roaksoax> Daviey: boomer, how so? any links?
[19:18] <sh_t> sarnold: yes, it says "default via a.b.c.1 dev bond0 metric 100", next line "a.b.c.0/28 dev bond0 proto kernel scope link src a.b.c.10" where .10 is the servers IP
[19:19] <sarnold> sh_t: then I'm out of ideas :( good luck :)
[19:19] <sh_t> baha
[19:19] <sh_t> fml
[19:28] <Daviey> roaksoax: no, it was just the auto generated LP diff was broken
[19:30] <roaksoax> ah, boomer
[20:11] <Danawar> Hey #ubuntu server i host minecraft servers on my server and today we got to 30 people online and the network just droped out on the server bring eth0 down then up again resolved the issue but it happened again after we again got more people joining is there any reason why this would happen and is there any way i can find out why it happened and resolve it thanks in advanced.
[20:12] <pmatulis> Danawar: check kernel logs
[20:12] <Danawar> Sure pmatulis what am i looking for in the kernel logs?
[20:12] <pmatulis> Danawar: anything suspicious.  how should anyone here know what problem you have?
[20:13] <sarnold> when you say "the network just dropped out", do you mean that you had to use a physical console to run ifup / ifdown? or did your minecraft game stop working?
[20:14] <Danawar> I have alot of  [UFW BLOCK] IN=eth0
[20:15] <Danawar> and before any of that "eth0: no IPv6 routers present"
[20:15] <sarnold> no ipv6 routers is normal unless you expected to be able to use ipv6 on your network :)
[20:16] <sarnold> ufw blocking IN=eth0 might be normal things or might be abnormal, depending upon what was being blocked and your local configuration.
[20:16] <Danawar> trying to remember the exact time it went down i should have noted it down ;/
[20:16] <Danawar> because i use a kvm there is alot of spam from keyboard and mouse hooks where i flick back and forth
[20:17] <Danawar> The only other abnormal thing i can see is ADDRCONF(NETDEV_UP): eth0: link is not rea
[20:18] <Danawar> and below it : atl1c 0000:02:00.0: irq 46 for MSI/MSI-X
[20:18] <Danawar> atl1c 0000:02:00.0: atl1c: eth0 NIC Link is Up<100 Mbps Full Duplex>
[20:21] <sarnold> "link is not ready" looks like another ipv6-specific thing:
[20:21] <sarnold> ./net/ipv6/addrconf.c:				pr_info("ADDRCONF(NETDEV_UP): %s: link is not ready\n",
[20:22] <sarnold> but if it were going up and down due to something else, something unexpected, that's interesting. :)
[20:22] <Danawar> It could be my poorly configured loopbacks
[20:22] <Danawar> i did them a while ago
[20:22] <Danawar> and never removed them
[20:22] <Danawar> because i got lost with ip tables O.o
[20:23] <Danawar> alot of firewall : SRC=0.0.0.0 DST=224.0.0.1
[20:23] <Danawar> but before the server went down
[20:24] <Danawar> lots of : SRC=78.70.170.191 DST=192.168.1.3 LEN=82 TOS=0x18 PREC=0x60 TTL=110 ID=16623 DF $
[20:24] <Danawar> $ PROTO=UDP SPT=63804 DPT=49461 LEN=36
[20:24] <guntbert> !paste | Danawar
[20:25] <Danawar> Sorry guntbert
[20:26] <guntbert> Danawar: no worries, keeping a paste in a pastebin just makes it easier to read - and doesn't clutter the channel :)
[20:26] <Danawar> Could i have been spam with requests from 78?
[20:26] <Danawar> like a ddos from one machine
[20:26] <sarnold> what's listening on 49461, if anything
[20:27] <Danawar> the requests have all different ports i believe
[20:27] <Danawar> The one underneath it says : PROTO=TCP SPT=55177 DPT=5010 WINDOW=8192 RES=0x00 SYN URGP=0
[20:32] <Danawar> one quick question is where are iptables stored?
[20:33] <guntbert> Danawar: stored? you mean when you shut down your system?
[20:34] <Danawar> guntbert: along time ago i was trying to take requests like plotme.lagcraft.co.uk on a certain port and forward them to port 5001 but since i have never removed them because i couldnt figure out how
[20:35] <guntbert> !ufw | Danawar
[20:39] <Danawar> Iptables is so confusing O.o tryed to list them but i cant see any of the ones the i remember adding i guess this is abit to complex for me at the moment =/
[21:01] <sh_t> is there a simple way to prioritize traffic to certain ip's/ports on a network interface? i have a busy NIC sharing different jobs and connections to a mysql server are problematic.. was hoping to prioritize 3306 traffic for example
[21:02] <sarnold> sh_t: do you know lartc.org ?
[21:09] <webfox> Hello folks!
[21:10] <MrTorque> Hi everyone!
[21:10] <webfox> I am fcaing some hard time to use a version of Ubuntu Server as a client at a VirtualBox machine. I intend to use it as a Bridged client but I've heard it would be necessary to install hdcleint, is it true I need it and isn't it already pre-intalled?
[21:10] <MrTorque> I want to set up ubuntu with DNS for small office. Do i need to configure it as "Caching Server" or as "Primary Master Server"? (referring https://help.ubuntu.com/community/BIND9ServerHowto )
[21:11] <ScottK> MrTorque: Caching Server
[21:13] <MrTorque> ScottK: Two more questions then: would you recommend to setup dhcp-server to give "fix" ip adresses to the clients?
[21:14] <MrTorque> ScottK: Can i use Samba 4 with only caching DNS?
[21:15] <patdk-lap> samba doesn't depend on dns
[21:16] <patdk-lap> it helps yes, but not needed
[21:16] <MrTorque> patdk-lap: for AD they strongly recommend it (they said a working dns would prevent much frustration...)
[21:17] <patdk-lap> well for AD yes
[21:17] <patdk-lap> but you didn't say AD
[21:17] <patdk-lap> AD requires dns
[21:19] <MrTorque> patdk-lap: what kind of dns? Is "Caching DNS" sufficient?
[21:19] <patdk-lap> no
[21:19] <patdk-lap> you need caching and server
[21:20] <MrTorque> patdk-lap: hmpf... this thing is not easy for me.
[21:20] <patdk-lap> well, it shouldn't be
[21:21] <patdk-lap> you picked something that is not unix natice, and something relatively new
[21:21] <patdk-lap> and attempting to peice all the parts together
[21:21] <patdk-lap> it will take time, and lots of work
[21:22] <MrTorque> patdk-lap: hm. How long do you think would it take to get samba 4 running on ubuntu server with AD support (without encryption, without any mailserver-stuff)?
[21:23] <patdk-lap> no idea, never even wanted to attempt that myself :)
[21:23] <patdk-lap> but your going need ldap, dns, kerberos, samba
[21:24] <MrTorque> -.-
[21:24] <patdk-lap> I've set them all up, but never attempting to join them all to imitate AD
[21:24] <MrTorque> i hoped it would be easy nowadays...
[21:25] <patdk-lap> it really is, install windows server
[21:25] <patdk-lap> but then, I do believe in using the correct solution for the correct problem
[21:27] <MrTorque> I just need to share folders with some data and be able to configure access-rights with windows-explorer
[21:27] <MrTorque> Being able to reset the user-password on the server-side also would be nice
[21:38] <ball> Do Ubuntu kernels come with SLIP enabled?
[21:40] <patdk-lap> always
[21:41] <ball> Thanks
[21:49] <hallyn> stgraber: have you worked at all with the raring package?  I notice bug 1070914 for instance still needs to be fixed in raring.
[21:49] <hallyn> (I'll just add it to what I push on monday,
[21:50] <hallyn> but I want to make sure there isn't more still missing)
[21:50] <stgraber> hallyn: I'm not using the distro packages. I use my daily builds of the staging branch :)
[21:50] <stgraber> I'm planning to use my nexus7 to test the stock LXC but I need a new kernel for that
[21:51] <hallyn> stgraber: ok.  i'll look through the quantal-proposed changelog on monday and make sure it'll all uptodate
[22:20] <MrTorque> I am trying to set up bind9. but i get an error with: dig 100.168.192.in-addr.arpa. AXFR
[22:20] <MrTorque> ;; connection timed out; no servers could be reached
[22:21] <MrTorque> Where did i do a mistake?
[22:21] <MrTorque> other checking-commands work: named-checkzone 100.168.192.in-addr.arpa. /etc/bind/db.192
[22:21] <MrTorque> and named-checkzone yfm.lc /etc/bind/db.yfm.lc
[22:24] <sarnold> MrTorque: do you know that the machine where you ran 'dig' from is allowed to contact the bind server on tcp port 53? that might be disabled in a firewall or configuration file
[22:25] <MrTorque> sarnold: i followed https://help.ubuntu.com/community/BIND9ServerHowto . The machine with the dns-server is the same machein as the one with the dig-command
[22:25] <MrTorque> iptables -L does not contain any rule (fresh installation of ubuntu server)
[22:27] <sarnold> MrTorque: hrm, do you need to add the allow-transfer directive with 127.0.0.1 in that case?
[22:29] <MrTorque> sarnold: i dont know.
[22:31] <MrTorque> the how-to does not say to do so
[22:32] <sarnold> MrTorque: indeed, the impression I'm getting is that bind9 is wide open until you add an allow-transfer directive...
[22:32] <sarnold> MrTorque: can you telnet localhost 53 ?
[22:32] <MrTorque> yes
[22:34] <MrTorque> nmap localhost gives: 53/tcp open  domain
[22:34] <MrTorque> ping yfm.lc gives ping: unknown host yfm.lc
[22:34] <MrTorque> yfm.lc is the domain I did configure
[22:34] <MrTorque> (or at least tried to)
[22:35] <sarnold> MrTorque: hrm; does axfr work for reverse zones?
[22:36] <MrTorque> how do i check? and btw what does axfr stand for? is it a special token/name?
[22:41] <sarnold> MrTorque: axfr asks for the zone transfer
[22:41] <sarnold> MrTorque: what does dig yfm.lc axfr do? does that work?
[22:42] <MrTorque> yes, it does. i will pastebin it...
[22:42] <MrTorque> http://pastebin.ca/2254686
[22:43] <sarnold> that's axrf, not axfr -- what changes there? :)
[22:43] <sarnold> damn I hate dns. :)
[22:45] <MrTorque> hehe, and i do not yet understand it -.-
[22:45] <MrTorque> anyway, i get with axfr: ;; communications error to 80.83.97.38#53: end of file
[22:46] <MrTorque> http://pastebin.ca/2254688
[22:48] <sarnold> o_O
[22:49] <MrTorque> I added the new stuff at the top
[22:49] <MrTorque> so don't be confused because of that...
[22:49] <maswan> for dig:ing axfr:s you should specify the NS with @server.name.tld
[22:49] <sarnold> I tried it myself and got this: $ dig @80.83.97.38 yfm.lc axfr
[22:49] <sarnold> ;; communications error to 80.83.97.38#53: end of file
[22:50] <MrTorque> maswan: but name resolution should work correctly by default, shouldn't it?
[22:50] <sarnold> .. which I think means that my IP is not allowed to make that query. heh.
[22:51] <MrTorque> sarnold: it is just a domain in the LAN, not a public one.
[22:51] <maswan> MrTorque: zone transfers are a special case, and can only be served by an NS holding the zone, not a general recursive resolver
[22:51] <MrTorque> maswan: I did create that zone (I think..., i followed https://help.ubuntu.com/community/BIND9ServerHowto  and they were able to ping exaple.com )
[22:53] <maswan> is 80.83.97.38 your IP that you are setting up bind on?
[22:54] <MrTorque> maswan: no, it is not. I am behind a router, just wanting to set it up in LAN
[22:56] <maswan> MrTorque: then it doesn't make any sense to ask 80.83.97.38 for a zone transfer of yfm.lc
[22:57] <maswan> MrTorque: you should do @the.nameserver.IP  (or name)
[22:58] <MrTorque> maswan: I thought the system would search locally first (since I am setting up a DNS Server) and then fallback on NS of internet. Or did I misunderstand sth?
[22:58] <MrTorque> i did upload my configuration files: named.conf.local http://paste.ubuntu.com/1380725/
[22:58] <sarnold> when you're configuring zone transfers you need to specifically ask the master :)
[22:58] <maswan> MrTorque: the system searches in whatever is configured in /etc/resolv.conf
[22:58] <MrTorque> db.yfm.lc http://paste.ubuntu.com/1380726/
[22:59] <MrTorque> db.192 http://paste.ubuntu.com/1380727/
[22:59] <maswan> MrTorque: the resolving is totally decoupled from the serving
[22:59] <MrTorque> maswan: cat /etc/resolv.conf gives: nameserver 80.83.97.38 \n nameserver 80.83.97.38 \n seach lan
[23:00] <MrTorque> how do I tell my system to first search on localhost?
[23:00] <maswan> MrTorque: yeah, you'd need to change that to nameserver 127.0.0.1
[23:01] <MrTorque> how do i do that? and will I be able to resolve internet domains as well?
[23:03] <maswan> MrTorque: if your local nameserver also resolves internet domains as well (for instance, if the "forwarders" section includes 80.83.97.38 80.83.97.38 like from the help.u.c page)
[23:05] <MrTorque> maswan: i added a forwarder section with google NS
[23:05] <maswan> MrTorque: DNS is not really very easy to just add some stuff locally, it fairly strongly assumes a global name tree. Making local additions can be done, but take a bit of work. I usually use a plain /etc/hosts for adding local stuff that isn't in a real zone.
[23:05] <MrTorque> so how do set my ns to 127.0.0.1?
[23:05] <maswan> MrTorque: yeah, that should work too.
[23:05] <maswan> MrTorque: you can start by testing it out with dig @127.0.0.1 www.ubuntu.com
[23:06] <MrTorque> maswan: that works
[23:06] <maswan> MrTorque: and also dig @127.0.0.1 axfr yfm.lc
[23:06] <maswan> to try your local zone
[23:06] <MrTorque> maswan: my long-term target is to get samba 4 with kerberos running
[23:06] <MrTorque> yes, that also
[23:07] <maswan> MrTorque: then you change /etc/resolv.conf so that there is only one "nameserver" line, and that is "nameserver 127.0.0.1"
[23:07] <MrTorque> I guess that is a good sign
[23:08] <maswan> unfortunately if you have more than one, it'll just ask one of them. and then sometimes you'd know about your local name, and sometimes it would go "nope, no .lc, doesn't exist" when you hit the other IP
[23:08] <maswan> it's actually much easier to do with a proper domain and a couple of public IPs
[23:10] <MrTorque> grml...
[23:11] <MrTorque> I sit behind a managed router
[23:11] <maswan> but did changing the nameserver line work for you locally?
[23:11] <MrTorque> And I do only have a ssh tunnel...
[23:12] <maswan> hm. if you want to do samba 4 with kerberos you probably have more than one machine, so instead of 127.0.0.1 I'd probably put in the rfc1918 adress you have on the inside in resolv.conf, then you can have the same on all of them
[23:13] <MrTorque> I did change /etc/resolv.conf. But i still can not ping yfm.lc
[23:13] <MrTorque> dig yfm.lc works
[23:13] <maswan> MrTorque: do you get an A record with an IP back from dig?
[23:14] <MrTorque> http://paste.ubuntu.com/1380750/
[23:15] <MrTorque> does not look like an A-entry
[23:15] <MrTorque> A record
[23:15] <maswan> yeah, that's a "yup, I can answer for yfm.lc, but there is no A-record there"
[23:15] <maswan> can you ping ns.yfm.lc?
[23:15] <maswan> or box.yfm.lc?
[23:15] <MrTorque> yes, both
[23:16] <maswan> then the dns setup works, just a matter of adding all the stuff you want to the zone
[23:16] <maswan> oh, you could also check if reverse works
[23:17] <maswan> I forget how to do that with dig, but the less precise but more user-friendly tool "host" can do that easily, just host 192.168.100.6
[23:17] <MrTorque> dig ns.yfm.lc axrf?
[23:18] <MrTorque> host 192.168.100.6 gives:
[23:18] <MrTorque> 6.100.168.192.in-addr.arpa domain name pointer yfm.lc.
[23:18] <MrTorque> 6.100.168.192.in-addr.arpa domain name pointer ns.yfm.lc.
[23:18] <maswan> dig @ns.yfm.lc axfr 100.168.192.in-addr.arpa.
[23:19] <MrTorque> http://paste.ubuntu.com/1380757/
[23:19] <maswan> ah, that works then. even if it is a bit strange that that IP should have the name "yfm.lc" and the name "ns.yfm.lc"
[23:19] <myhrlin> hi, is there a way to make PAM use multiple hash functions for passwords?
[23:20] <maswan> MrTorque: anyway, looks like you have both zones working then for now. "just" a matter of adding the right stuff to them. :)
[23:20] <MrTorque> but this still is only because I did manually edit /etc/resolv.conf
[23:21] <maswan> MrTorque: yeah, since you're adding stuff that isn't in the main globally known tree, it will only be known to clients that have been explicitly configured to only ask your name servers
[23:21] <MrTorque> which will forwad if he does not know either.
[23:21] <maswan> MrTorque: yeah
[23:21] <MrTorque> so far so good.
[23:22] <sarnold> myhrlin: have you seen pam_unix and crypt(3) manpages yet?
[23:22] <MrTorque> now i need to tell ubuntu to use 127.0.0.1 (himself (or herself?) rather itself...) to resolve names
[23:23] <maswan> MrTorque: yeah, or 192.168.100.6. other hosts on the same network that also need to resolve yfm.lc also need to be configured to use 192.168.100.6
[23:23] <myhrlin> sarnold: I have not, looking at them now and it looks like that's all I needed so far -- thanks!
[23:24] <sarnold> myhrlin: excellent :)
[23:24] <MrTorque> maswan: yeah, right.
[23:24] <maswan> MrTorque: Now, I'm a bit hazy on how modern ubuntu does that though. might be something involving network manager or so.  On our server installs we ship custom resolv.conf:es that we've carefully written.
[23:25] <sarnold> MrTorque: if all your networked devices get settings from dhcp, you could have your dhcp server tell them which dns server to use
[23:26] <maswan> that's true, for a dhcp network that'd be the good place to configure it
[23:28] <MrTorque> sarnold: that would be awesome! I would not need to configure all the clients manually :)
[23:31] <MrTorque> can I somehow give prioritys for the nameservers?
[23:32] <maswan> hm. maybe. "If  there  are  multiple  servers,  the  resolver library  queries them in the order listed.  " but I'm not sure on how reliable that is
[23:32] <MrTorque> I added dns-nameservers 192.168.100.6 to /etc/network/interfaces but in resolv.conf the two NS from my ISP are on the top
[23:33] <maswan> that's from the manpage of resolv.conf
[23:33] <maswan> My experience is that you shouldn't mix
[23:34] <MrTorque> maswan: yes, I experience that too. ohm, yes, and it tells to add dns-nameservers to /etc/network/interfaces :)
[23:39] <maswan> anyway, there I'm not very experty and I'm also off for other things, 'later!
[23:46] <MrTorque> maswan: thank you very much for being so patient with me and I have a working dns now :)
[23:46] <MrTorque> sarnold: thank you also very much.
[23:47] <sarnold> MrTorque: I'm glad maswan came around :) recent experience wins every time :)