[01:21] *** LT has joined #arpnetworks
[02:00] *** hsien has quit IRC (Ping timeout: 240 seconds)
[02:15] *** Ehtyar has joined #arpnetworks
[05:05] *** heavysixer has joined #arpnetworks
[05:05] *** ChanServ sets mode: +o heavysixer
[05:12] *** ramanK has joined #arpnetworks
[05:23] *** ramanK has left 
[06:54] *** fink has joined #arpnetworks
[07:47] *** heavysixer has quit IRC (Ping timeout: 255 seconds)
[07:50] *** heavysixer has joined #arpnetworks
[07:50] *** ChanServ sets mode: +o heavysixer
[08:59] *** LT has quit IRC (Quit: Leaving)
[09:09] *** nerdd has joined #arpnetworks
[09:11] *** nerdd_ has quit IRC (Ping timeout: 250 seconds)
[09:14] *** nuke` has quit IRC (Ping timeout: 250 seconds)
[09:16] *** nuke- has joined #arpnetworks
[09:43] *** robotarmy has joined #arpnetworks
[09:43] <robotarmy> :D
[09:49] <dxtr> I don't understand how one only knows how to make food that tastes close to nothing
[09:49] <dxtr> I wouldn't recommend my moms cooking to my worst enemey
[09:50] *** zxvf is now known as zxvff
[11:51] *** baklava has quit IRC (Remote host closed the connection)
[11:52] *** baklava has joined #arpnetworks
[12:11] <robotarmy> i'm trying to find a list of all our subdomains - is this possible with dig?
[12:24] <robotarmy> yes
[12:24] <robotarmy> and no is the answer
[12:24] <robotarmy> :D
[12:53] *** schmir has joined #arpnetworks
[13:12] <jpalmer> robotarmy: if you're nameserver is configured to allow your client to axfr,  then yes.  you can.
[13:13] <up_the_irons> jpalmer: robotarmy : yes, but usually axfr is turned off, for security purposes
[13:14] <jpalmer> up_the_irons: sure,  but assuming you have administrative control over the NS,  you can easily enable it for specific (assuming administrative) clients.  thats what I do.
[13:15] <up_the_irons> jpalmer: true
[13:16] <jpalmer> an axfr is the only real (as in, safe) way to get an accurate "to the second" view of DDNS zones.  so I always enable what I call an "administrative dig client"  hehe
[13:17] <jpalmer> up_the_irons: did you ever get anywhere with being able to delegate the "bind support tasks?"  or is it still somewhere on the TODO?
[13:18] <up_the_irons> jpalmer: still on the todo :(
[13:18] <jpalmer> hehe  I know how that goes,  trust me ;)
[13:18] <up_the_irons> yeah
[13:18] <jpalmer> are you using straight BIND,  or BIND-dlz with a DB backend?
[13:19] <up_the_irons> jpalmer: straight BIND, but have been thinking about a DB backend.  if you have experience with a DB-backed version, do tell your thoughts :)
[13:20] <jpalmer> well,  the real question is,  do you do seperate views?  or one global view for your zones?
[13:21] <jpalmer> DB backed is considerably slower (straight bind can handle thousands of queries per second, depending on hardware)   DB backed, is more in the hundreds range.  so what most people do,   is a BIND-dlz master,  and then file backed BIND for slaves.
[13:22] <jpalmer> but if you are doing views,  that gets complicated.
[13:27] <up_the_irons> no views
[13:27] <up_the_irons> hundreds / sec is probably fine for my purposes
[13:27] <up_the_irons> cd $lunch
[13:28] <jpalmer> Do you have someone you can pay to build a web frontend to your DB?  becuase if so, you could easily have it setup so customers can handle their own DNS requests.
[13:28] <bob^^> i've done a bind (with database) master, with many bind file-backed slaves in front
[13:28] <bob^^> works great
[13:28] <bob^^> though there's probably better things out there now
[13:29] <jpalmer> if you are doing standard zone transfers (BIND-dlz does)  then you can have standard secondaries that use the standard textfile backends.
[13:30] <bob^^> yeah
[13:31] <up_the_irons> jpalmer: I do in fact have someone I can pay.  how to do DB-backed BIND _effectively_ was the looming question, but sounds like you've answered that for me :)  Man, I learn a lot from this channel :)
[13:31] <jpalmer> it's nice to be able to give back.
[13:31] <up_the_irons> yup
[13:32] <jpalmer> and it sounds like you have at least 2 of us capable of answering some of the -dlz questions.
[13:32] <up_the_irons> that's why I publish the custom kvm I use in my PPA
[13:32] <up_the_irons> ok, cd $lunch for real
[13:32] <jpalmer> enjoy.
[13:32] <toddf> now if someone would just punch seabios into adding an f12 option for cdrom .. we'd be rid of the openbsd issues with kvm here at arp .. ;-)
[13:33] <jpalmer> hehe
[13:33] <jpalmer> just switch to VMware,  it's all taken care of :P
[13:33] * jpalmer ducks
[13:33] <toddf> jpalmer: bpheew...
[13:33] <toddf> I had a couple free vmware containers at a client site
[13:34] <jpalmer> was that the sound a laserbeam makes as you shoot at me?  bpheew?
[13:34] <toddf> never could get console, serial or graphics, so I could never do anything serious with them as a result, and came here
[13:34] <toddf> jpalmer: that is me snorting at you
[13:34] <toddf> 'never could get' as in said client told me I didn't need it he would just fix it if it broke for me. like that's gonna work when I want a ddb> prompt .. ;-)
[13:35] <jpalmer> vshpere uses a client, to connect to their infrastructure.  the easiest way to do it, would likely be:  create an account, assign them a resource pool.  and let them admin their own pool.
[13:36] <jpalmer> (ie, they install the vsphere client on the local machine, and connect over the network.)
[13:36] <toddf> something tells me vsphere client is !openbsd friendly
[13:36] <jpalmer> no, you'd need a windows machine locally.
[13:36] <toddf> how ick.
[13:37] <jpalmer> ehh,  don't knock it till you try it.  the vmware esx/esxi line is pretty damned solid.
[13:37] <jpalmer> actually,  you wouldn't even need the windows client.   vmware has the RCLI.  if you wanted to script everything.. you could do it remotely.
[13:37] <toddf> 'trying' it would require me to use windows to administrate a loonix skeleton running the vmware stuff. not my cup of tea.
[13:39] * jpalmer wonders if anyone is doing vmware hosting like that.  I'm sure someone has to be.
[13:40] <jpalmer> bbl
[14:37] *** schmir has quit IRC (Ping timeout: 240 seconds)
[15:48] <up_the_irons> jpalmer: toddf : but the thing is, why go through all those hoops?  with kvm, one can use normal open source tools to do anything you need.  and from my client base as proof, it'll work on windows, linux, *bsd, anything
[15:48] <mhoran> kvm++
[15:48] <up_the_irons> hehe
[15:59] *** heavysixer has quit IRC (Quit: BAMPF!)
[17:10] *** amdprophet has quit IRC (Quit: amdprophet)
[17:18] *** amdprophet has joined #arpnetworks
[17:47] *** fink has quit IRC (Quit: fink)
[18:01] <infrared> vmware is sweet
[18:01] <infrared> we use 4.1 esxi at work
[18:01] <infrared> with vcenter (runs on windows unfortunatley)
[18:02] <infrared> up_the_irons: OSS is nice, but where I work... anything with the word "free" in it is bad
[18:05] <mjp> where i work anything with 'no vendor support' is bad ;)
[18:06] <infrared> yeah
[18:06] <infrared> VMware is slick with vmotion
[18:06] <infrared> only 1 packet loss moving a VM between hosts
[18:07] <mike-burns> Where I work we don't use software unless we have the source code.
[18:07] <infrared> mike-burns: sounds like a place I would like to work :)
[18:25] *** heavysixer has joined #arpnetworks
[18:25] *** ChanServ sets mode: +o heavysixer
[18:46] <jdoe> toddf: kvm isn't openbsd-friendly either :P
[18:47] <jdoe> (and though he was right, Theo isn't vm-friendly)
[18:52] <mjp> *-friendly
[18:54] <jdoe> maybe, but that's irrelevant right now ;)
[18:55] <jdoe> his attitude is entirely reasonable in that regard, I'm just saying that worrying about how various virtualization offerings work with openbsd is probably a losing battle.
[19:03] <mjp> s/about how various virtualization offerings work with//
[19:05] * jdoe gives up :P
[19:25] <toddf> honestly kvm uses a bios that presents a bogus mpbios in the UP case, openbsd has not found any real hardware to present that, and thus it is a bug with kvm; newer kvm uses seabios however that doesn't have an 'hit f12 for cdrom' option and thus up_the_irons can't upgrade to newer bios
[19:57] <jpalmer> with vmware/vmotion, I can literally move a running VM from one host to another,  and not even lose my SSH session.
[20:19] *** tuv_ has joined #arpnetworks
[20:22] *** tuv has quit IRC (Ping timeout: 255 seconds)
[21:10] <jdoe> toddf: I agree. I can't say for certain because I... don't know, but he sure appears to be completely correct.
[21:10] <jdoe> toddf: otoh he said in the same thread that virtualization is a potential vulnerability (yep) and that he's not particularly concerned with how well obsd works under it
[21:10] <jdoe> (I may be paraphrasing that last bit, it's been a long time since I read it)
[21:15] <jdoe> ... I dunno, I don't work here. :)
[21:28] <toddf> jdoe: virtualization does compromise the security of any os, just think about all the secrets decrypted or easily reachable via memory snooping. tis why we know that flash freezing memory can preserve bits if it is yanked quickly.
[21:32] <toddf> in terms of implementing kvm or a kvm alike interface in openbsd as a host, that'd take one or more people to show up who care to do it `right' .. sofar no code has show up though I've heard rustlings of people in the past.
[21:38] <jdoe> er
[21:38] <jdoe> I agree
[21:40] <jdoe> as it turns out, this all started because I misread what you said, I thought you were talking about vmware not playing nice with openbsd.
[21:40] <jdoe> oops.
[22:24] *** awyeah has quit IRC (Read error: Connection reset by peer)
[22:24] *** ww__ has joined #arpnetworks
[22:25] *** bitslip has quit IRC (Read error: Connection reset by peer)
[22:25] *** islandfox has quit IRC (Read error: Connection reset by peer)
[22:25] *** Husky has quit IRC (Ping timeout: 255 seconds)
[22:25] *** mhoran_ has joined #arpnetworks
[22:25] *** ChanServ sets mode: +o mhoran_
[22:25] *** islandfox has joined #arpnetworks
[22:25] *** IPv6Free1y has quit IRC (Read error: Connection reset by peer)
[22:25] *** awyeah has joined #arpnetworks
[22:25] *** IPv6Freely has joined #arpnetworks
[22:25] *** dxtr has quit IRC (Read error: Connection reset by peer)
[22:25] *** mhoran has quit IRC (Read error: Connection reset by peer)
[22:25] *** Lefty_ has joined #arpnetworks
[22:25] *** ww has quit IRC (Read error: Connection reset by peer)
[22:26] *** koan has quit IRC (Read error: Connection reset by peer)
[22:26] *** bitslip has joined #arpnetworks
[22:26] *** mjp has quit IRC (Read error: Connection reset by peer)
[22:26] *** dxtr has joined #arpnetworks
[22:26] *** mjp has joined #arpnetworks
[22:26] *** Sheath has joined #arpnetworks
[22:26] *** Lefty has quit IRC (Read error: Connection reset by peer)
[22:26] *** heidar_ has joined #arpnetworks
[22:26] *** heidar has quit IRC (Ping timeout: 245 seconds)
[22:31] *** koan has joined #arpnetworks