:D I don't understand how one only knows how to make food that tastes close to nothing I wouldn't recommend my moms cooking to my worst enemey i'm trying to find a list of all our subdomains - is this possible with dig? yes and no is the answer :D robotarmy: if you're nameserver is configured to allow your client to axfr, then yes. you can. jpalmer: robotarmy : yes, but usually axfr is turned off, for security purposes up_the_irons: sure, but assuming you have administrative control over the NS, you can easily enable it for specific (assuming administrative) clients. thats what I do. jpalmer: true an axfr is the only real (as in, safe) way to get an accurate "to the second" view of DDNS zones. so I always enable what I call an "administrative dig client" hehe up_the_irons: did you ever get anywhere with being able to delegate the "bind support tasks?" or is it still somewhere on the TODO? jpalmer: still on the todo :( hehe I know how that goes, trust me ;) yeah are you using straight BIND, or BIND-dlz with a DB backend? jpalmer: straight BIND, but have been thinking about a DB backend. if you have experience with a DB-backed version, do tell your thoughts :) well, the real question is, do you do seperate views? or one global view for your zones? DB backed is considerably slower (straight bind can handle thousands of queries per second, depending on hardware) DB backed, is more in the hundreds range. so what most people do, is a BIND-dlz master, and then file backed BIND for slaves. but if you are doing views, that gets complicated. no views hundreds / sec is probably fine for my purposes cd $lunch Do you have someone you can pay to build a web frontend to your DB? becuase if so, you could easily have it setup so customers can handle their own DNS requests. i've done a bind (with database) master, with many bind file-backed slaves in front works great though there's probably better things out there now if you are doing standard zone transfers (BIND-dlz does) then you can have standard secondaries that use the standard textfile backends. yeah jpalmer: I do in fact have someone I can pay. how to do DB-backed BIND _effectively_ was the looming question, but sounds like you've answered that for me :) Man, I learn a lot from this channel :) it's nice to be able to give back. yup and it sounds like you have at least 2 of us capable of answering some of the -dlz questions. that's why I publish the custom kvm I use in my PPA ok, cd $lunch for real enjoy. now if someone would just punch seabios into adding an f12 option for cdrom .. we'd be rid of the openbsd issues with kvm here at arp .. ;-) hehe just switch to VMware, it's all taken care of :P jpalmer: bpheew... I had a couple free vmware containers at a client site was that the sound a laserbeam makes as you shoot at me? bpheew? never could get console, serial or graphics, so I could never do anything serious with them as a result, and came here jpalmer: that is me snorting at you 'never could get' as in said client told me I didn't need it he would just fix it if it broke for me. like that's gonna work when I want a ddb> prompt .. ;-) vshpere uses a client, to connect to their infrastructure. the easiest way to do it, would likely be: create an account, assign them a resource pool. and let them admin their own pool. (ie, they install the vsphere client on the local machine, and connect over the network.) something tells me vsphere client is !openbsd friendly no, you'd need a windows machine locally. how ick. ehh, don't knock it till you try it. the vmware esx/esxi line is pretty damned solid. actually, you wouldn't even need the windows client. vmware has the RCLI. if you wanted to script everything.. you could do it remotely. 'trying' it would require me to use windows to administrate a loonix skeleton running the vmware stuff. not my cup of tea. bbl jpalmer: toddf : but the thing is, why go through all those hoops? with kvm, one can use normal open source tools to do anything you need. and from my client base as proof, it'll work on windows, linux, *bsd, anything kvm++ hehe vmware is sweet we use 4.1 esxi at work with vcenter (runs on windows unfortunatley) up_the_irons: OSS is nice, but where I work... anything with the word "free" in it is bad where i work anything with 'no vendor support' is bad ;) yeah VMware is slick with vmotion only 1 packet loss moving a VM between hosts Where I work we don't use software unless we have the source code. mike-burns: sounds like a place I would like to work :) toddf: kvm isn't openbsd-friendly either :P (and though he was right, Theo isn't vm-friendly) *-friendly maybe, but that's irrelevant right now ;) his attitude is entirely reasonable in that regard, I'm just saying that worrying about how various virtualization offerings work with openbsd is probably a losing battle. s/about how various virtualization offerings work with// honestly kvm uses a bios that presents a bogus mpbios in the UP case, openbsd has not found any real hardware to present that, and thus it is a bug with kvm; newer kvm uses seabios however that doesn't have an 'hit f12 for cdrom' option and thus up_the_irons can't upgrade to newer bios with vmware/vmotion, I can literally move a running VM from one host to another, and not even lose my SSH session. toddf: I agree. I can't say for certain because I... don't know, but he sure appears to be completely correct. toddf: otoh he said in the same thread that virtualization is a potential vulnerability (yep) and that he's not particularly concerned with how well obsd works under it (I may be paraphrasing that last bit, it's been a long time since I read it) ... I dunno, I don't work here. :) jdoe: virtualization does compromise the security of any os, just think about all the secrets decrypted or easily reachable via memory snooping. tis why we know that flash freezing memory can preserve bits if it is yanked quickly. in terms of implementing kvm or a kvm alike interface in openbsd as a host, that'd take one or more people to show up who care to do it `right' .. sofar no code has show up though I've heard rustlings of people in the past. er I agree as it turns out, this all started because I misread what you said, I thought you were talking about vmware not playing nice with openbsd. oops.