***: hsien has quit IRC (Ping timeout: 240 seconds)
Ehtyar has joined #arpnetworks
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
ramanK has joined #arpnetworks
ramanK has left
fink has joined #arpnetworks
heavysixer has quit IRC (Ping timeout: 255 seconds)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
LT has quit IRC (Quit: Leaving)
nerdd has joined #arpnetworks
nerdd_ has quit IRC (Ping timeout: 250 seconds)
nuke` has quit IRC (Ping timeout: 250 seconds)
nuke- has joined #arpnetworks
robotarmy has joined #arpnetworks robotarmy: :D dxtr: I don't understand how one only knows how to make food that tastes close to nothing
I wouldn't recommend my moms cooking to my worst enemey ***: zxvf is now known as zxvff
baklava has quit IRC (Remote host closed the connection)
baklava has joined #arpnetworks robotarmy: i'm trying to find a list of all our subdomains - is this possible with dig?
yes
and no is the answer
:D ***: schmir has joined #arpnetworks jpalmer: robotarmy: if you're nameserver is configured to allow your client to axfr, then yes. you can. up_the_irons: jpalmer: robotarmy : yes, but usually axfr is turned off, for security purposes jpalmer: up_the_irons: sure, but assuming you have administrative control over the NS, you can easily enable it for specific (assuming administrative) clients. thats what I do. up_the_irons: jpalmer: true jpalmer: an axfr is the only real (as in, safe) way to get an accurate "to the second" view of DDNS zones. so I always enable what I call an "administrative dig client" hehe
up_the_irons: did you ever get anywhere with being able to delegate the "bind support tasks?" or is it still somewhere on the TODO? up_the_irons: jpalmer: still on the todo :( jpalmer: hehe I know how that goes, trust me ;) up_the_irons: yeah jpalmer: are you using straight BIND, or BIND-dlz with a DB backend? up_the_irons: jpalmer: straight BIND, but have been thinking about a DB backend. if you have experience with a DB-backed version, do tell your thoughts :) jpalmer: well, the real question is, do you do seperate views? or one global view for your zones?
DB backed is considerably slower (straight bind can handle thousands of queries per second, depending on hardware) DB backed, is more in the hundreds range. so what most people do, is a BIND-dlz master, and then file backed BIND for slaves.
but if you are doing views, that gets complicated. up_the_irons: no views
hundreds / sec is probably fine for my purposes
cd $lunch jpalmer: Do you have someone you can pay to build a web frontend to your DB? becuase if so, you could easily have it setup so customers can handle their own DNS requests. bob^^: i've done a bind (with database) master, with many bind file-backed slaves in front
works great
though there's probably better things out there now jpalmer: if you are doing standard zone transfers (BIND-dlz does) then you can have standard secondaries that use the standard textfile backends. bob^^: yeah up_the_irons: jpalmer: I do in fact have someone I can pay. how to do DB-backed BIND _effectively_ was the looming question, but sounds like you've answered that for me :) Man, I learn a lot from this channel :) jpalmer: it's nice to be able to give back. up_the_irons: yup jpalmer: and it sounds like you have at least 2 of us capable of answering some of the -dlz questions. up_the_irons: that's why I publish the custom kvm I use in my PPA
ok, cd $lunch for real jpalmer: enjoy. toddf: now if someone would just punch seabios into adding an f12 option for cdrom .. we'd be rid of the openbsd issues with kvm here at arp .. ;-) jpalmer: hehe
just switch to VMware, it's all taken care of :P -: jpalmer ducks toddf: jpalmer: bpheew...
I had a couple free vmware containers at a client site jpalmer: was that the sound a laserbeam makes as you shoot at me? bpheew? toddf: never could get console, serial or graphics, so I could never do anything serious with them as a result, and came here
jpalmer: that is me snorting at you
'never could get' as in said client told me I didn't need it he would just fix it if it broke for me. like that's gonna work when I want a ddb> prompt .. ;-) jpalmer: vshpere uses a client, to connect to their infrastructure. the easiest way to do it, would likely be: create an account, assign them a resource pool. and let them admin their own pool.
(ie, they install the vsphere client on the local machine, and connect over the network.) toddf: something tells me vsphere client is !openbsd friendly jpalmer: no, you'd need a windows machine locally. toddf: how ick. jpalmer: ehh, don't knock it till you try it. the vmware esx/esxi line is pretty damned solid.
actually, you wouldn't even need the windows client. vmware has the RCLI. if you wanted to script everything.. you could do it remotely. toddf: 'trying' it would require me to use windows to administrate a loonix skeleton running the vmware stuff. not my cup of tea. -: jpalmer wonders if anyone is doing vmware hosting like that. I'm sure someone has to be. jpalmer: bbl ***: schmir has quit IRC (Ping timeout: 240 seconds) up_the_irons: jpalmer: toddf : but the thing is, why go through all those hoops? with kvm, one can use normal open source tools to do anything you need. and from my client base as proof, it'll work on windows, linux, *bsd, anything mhoran: kvm++ up_the_irons: hehe ***: heavysixer has quit IRC (Quit: BAMPF!)
amdprophet has quit IRC (Quit: amdprophet)
amdprophet has joined #arpnetworks
fink has quit IRC (Quit: fink) infrared: vmware is sweet
we use 4.1 esxi at work
with vcenter (runs on windows unfortunatley)
up_the_irons: OSS is nice, but where I work... anything with the word "free" in it is bad mjp: where i work anything with 'no vendor support' is bad ;) infrared: yeah
VMware is slick with vmotion
only 1 packet loss moving a VM between hosts mike-burns: Where I work we don't use software unless we have the source code. infrared: mike-burns: sounds like a place I would like to work :) ***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer jdoe: toddf: kvm isn't openbsd-friendly either :P
(and though he was right, Theo isn't vm-friendly) mjp: *-friendly jdoe: maybe, but that's irrelevant right now ;)
his attitude is entirely reasonable in that regard, I'm just saying that worrying about how various virtualization offerings work with openbsd is probably a losing battle. mjp: s/about how various virtualization offerings work with// -: jdoe gives up :P toddf: honestly kvm uses a bios that presents a bogus mpbios in the UP case, openbsd has not found any real hardware to present that, and thus it is a bug with kvm; newer kvm uses seabios however that doesn't have an 'hit f12 for cdrom' option and thus up_the_irons can't upgrade to newer bios jpalmer: with vmware/vmotion, I can literally move a running VM from one host to another, and not even lose my SSH session. ***: tuv_ has joined #arpnetworks
tuv has quit IRC (Ping timeout: 255 seconds) jdoe: toddf: I agree. I can't say for certain because I... don't know, but he sure appears to be completely correct.
toddf: otoh he said in the same thread that virtualization is a potential vulnerability (yep) and that he's not particularly concerned with how well obsd works under it
(I may be paraphrasing that last bit, it's been a long time since I read it)
... I dunno, I don't work here. :) toddf: jdoe: virtualization does compromise the security of any os, just think about all the secrets decrypted or easily reachable via memory snooping. tis why we know that flash freezing memory can preserve bits if it is yanked quickly.
in terms of implementing kvm or a kvm alike interface in openbsd as a host, that'd take one or more people to show up who care to do it `right' .. sofar no code has show up though I've heard rustlings of people in the past. jdoe: er
I agree
as it turns out, this all started because I misread what you said, I thought you were talking about vmware not playing nice with openbsd.
oops. ***: awyeah has quit IRC (Read error: Connection reset by peer)
ww__ has joined #arpnetworks
bitslip has quit IRC (Read error: Connection reset by peer)
islandfox has quit IRC (Read error: Connection reset by peer)
Husky has quit IRC (Ping timeout: 255 seconds)
mhoran_ has joined #arpnetworks
ChanServ sets mode: +o mhoran_
islandfox has joined #arpnetworks
IPv6Free1y has quit IRC (Read error: Connection reset by peer)
awyeah has joined #arpnetworks
IPv6Freely has joined #arpnetworks
dxtr has quit IRC (Read error: Connection reset by peer)
mhoran has quit IRC (Read error: Connection reset by peer)
Lefty_ has joined #arpnetworks
ww has quit IRC (Read error: Connection reset by peer)
koan has quit IRC (Read error: Connection reset by peer)
bitslip has joined #arpnetworks
mjp has quit IRC (Read error: Connection reset by peer)
dxtr has joined #arpnetworks
mjp has joined #arpnetworks
Sheath has joined #arpnetworks
Lefty has quit IRC (Read error: Connection reset by peer)
heidar_ has joined #arpnetworks
heidar has quit IRC (Ping timeout: 245 seconds)
koan has joined #arpnetworks