Welcome to Server Circle. It's a friendly site and all levels of experience are welcome. Be aware that we use cookies for your login.
Server Circle - Ask questions about Servers and get answers from experts.
Beta (0.66 sec)
jonathan's profile (335 points)

About: Systems Administrator for a major UK-based music streaming website and ex-Company Directory of a successful UK-based Web Hosting provider using Linux-only servers. 10 years of using Linux solely through Red Hat/CentOS, Debian/Ubuntu and Gentoo.
Sometimes I don't trust my tools and I'd like a remote site that gives a good list of things I might have missed. Do you know of any ?
Asked in: DNS-Servers  (4 answers)
jonathan's response: There's also http://www.dnscog.com/ which is provided by the same people at offer DynDNS. There's takes a little longer to process but can offer more detail and information to help diagnosis.
Is there an easy way to deal with spam getting through an Ubuntu - ISPConfig2 server? Other than changing the spam score for each user (which isn't working very well anyway)? I.e. creating global rules my self and is there a web GUI for doing this sort of job? I have the settings for individuals so high I'm getting false positives and yet obvious spam is still getting through!
Asked in: Linux-Servers  (5 answers)
jonathan's response: I use a combination of Greylisting (Postgrey), RBL's (at the moment SpamHaus and SpamCop) along with data validation (for example, requiring that EHLO is a fqdn and that any senders have a valid domain name and domain records). This easily cuts out about 95% of any potential Spam before it hit's the server. Custom white/blacklists for important e-mail and then enabling Bayesian analysis on Spamassassin to learn mean that I get 2 or 3 false negatives a month. In fact, I only receive around 70-100 Spam messages a month. Let me know if you (or anyone else interested) is using Postfix and I'll send over the configuration details.
Is there a way of backing up with a script and not using a GUI to Amazon's S3 ? I can use S3Fox manually.
Asked in: Fedora-Linux-Servers  (3 answers)
jonathan's response: I've created automated scripts in the past with AWS by Timothy Kay: http://timkay.com/aws/ It's a great little program that works with EC2, SQS, SDB and ELB along with S3; for example: aws put bucket path/to/file Put your secret information in ~/.awssecret and away you go.
Are all modern browsers capable of using Round Robin DNS now ?
Asked in: DNS-Servers  (6 answers)
jonathan's response: Completely agree. I've never used it in production (we use a combination of Pound and hard-coded DNS redirections). If you want load-balancing or fallover support RR DNS is not the way to go.
Are all modern browsers capable of using Round Robin DNS now ?
Asked in: DNS-Servers  (6 answers)
jonathan's response: Browsers can cache the DNS request, just as the Operating System and Router will do with their stub own resolvers, so there is a case that it this isn't behaving correctly, it can cause an issue, but it is unlikely. This cache can also be on a per-tab or per-process basis. If you shut down the browser, or close the tab, it will clear an incorrect entry, but with separate caches it could be possible for two different tabs/windows to have two different addresses. This is especially true around the TTL point of the original DNS request when a connection is maintained but another one is spawned separately. However, these cases are rare and are a potential side-effect of Round Robin rather than the browser itself. In what cases are you thinking there could be a problem?
Are all modern browsers capable of using Round Robin DNS now ?
Asked in: DNS-Servers  (6 answers)
jonathan's response: Round Robin DNS is independent of any Browser. It will use the stub resolver on the operating system to make a request to a more competent DNS server (normally onto your router, which then sends it onto your ISP for a more complete process). It is up to this (ISP) DNS server to fetch the IP address and will normally be the first in the list provided by the resolving server (which will rotate the order with each request sent out). At no point does the browser know there are multiple addresses, unless a later request issues a new address, but even then it should just use the new address regardless.
I have two identical drives in my new server and I'm going to put Ubuntu on it. What's the most reliable RAID config for automatically running off the other drive if a drive fails ? I've never used RAID before. Cheers for any help.
Asked in: Ubuntu-Linux-Servers  (6 answers)
jonathan's response: The only initial downside of using software RAID1 is that it is the partitions that are mirrored, not the drives themselves. When the install process configures Grub to boot the server, it will only do it on the first drive. If that was to fail and the server restarted, any attempt to boot from the second drive will fail. Use the following (although the first three lines are normally optional) to configure both drives correctly: grub>device (hd0) /dev/sda grub>root (hd0,0) grub>setup (hd0) grub>device (hd0) /dev/sdb grub>root (hd0,0) grub>setup (hd0) The "device (hd0) /dev/sdb" is important: It tells grub to treat the drive as if it was sda when configuring it, not sdb. When it reboots, it will essentially become sda and therefore grub will see it as the first disk; if its looking around for sdb it won't find the /boot partition and fail to boot.
I want to be able to control how much inbound traffic the IPs on my Server receive (I've replaced the IP with one from a private range in the example below). DEV=eth0 tc qdisc del dev $DEV handle ffff: ingress tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 1 u32 match ip dst 10.10.10.10 police rate 1Mbit burst 250k drop flowid :111 This seems to work just fine but when I drop the 1Mbit parameter in tc to anything less than 256kbps the results go all screwy. Any fixes ? Is this just perculiar to the ingress qdisc ?
Asked in: Server-Networking  (3 answers)
jonathan's response: Your burst value may be too high. Ideally it should be somewhere between 10k and 100k, depending on the rate of traffic you want. I'd say try around 15k for 1Mbps of traffic. I normally reserve the full 100k for more than about 250Mbps of traffic. However, if your worried about DoS attacks, this will not stop it, as it will only protect the services on the server from receiving too much traffic. The traffic will have already reached the server and if it's flooding your port, then this will not help.
I need to be able to remotely test that I've set up the Reverse DNS at RIPE correctly for a /24 IP range I have. Their online wizard says I have (there's a few simple, minor non-fail errors, like name servers on the same subnet) but I need to be confident that it's propagating. I have a £5 Amazon Voucher and 50 Best Answer points for the, ahem, best answer (if you win then be sure to tell me which Amazon site you would like it sent from). I'm using host 123.123.123.123 PRI.AUTHDNS.RIPE.NET at the moment but firstly I'm not sure that I'm using the correct name servers and secondly although I'm querying a RIPE name server I think I might need to use another tool like dig so there's more information and less likelihood of caching but the parameters for dig are gobbledygook. Thanks in advance.
Asked in: DNS-Servers  (4 answers)
jonathan's response: You can also use: dig -x +trace +all 123.123.123.123 and this will take you through, step-by-step, the queries that are made as it contacts the root DNS servers downwards and the replies you receive. If there are issues, you can use this to find out at which point you went astray.
Is there an easy way to deal with spam getting through an Ubuntu - ISPConfig2 server? Other than changing the spam score for each user (which isn't working very well anyway)? I.e. creating global rules my self and is there a web GUI for doing this sort of job? I have the settings for individuals so high I'm getting false positives and yet obvious spam is still getting through!
Asked in: Linux-Servers  (5 answers)
jonathan's response: I use a combination of Greylisting (Postgrey), RBL's (at the moment SpamHaus and SpamCop) along with data validation (for example, requiring that EHLO is a fqdn and that any senders have a valid domain name and domain records). This easily cuts out about 95% of any potential Spam before it hit's the server. Custom white/blacklists for important e-mail and then enabling Bayesian analysis on Spamassassin to learn mean that I get 2 or 3 false negatives a month. In fact, I only receive around 70-100 Spam messages a month. Let me know if you (or anyone else interested) is using Postfix and I'll send over the configuration details.
Is there a way of backing up with a script and not using a GUI to Amazon's S3 ? I can use S3Fox manually.
Asked in: Fedora-Linux-Servers  (3 answers)
jonathan's response: I've created automated scripts in the past with AWS by Timothy Kay: http://timkay.com/aws/ It's a great little program that works with EC2, SQS, SDB and ELB along with S3; for example: aws put bucket path/to/file Put your secret information in ~/.awssecret and away you go.
Are all modern browsers capable of using Round Robin DNS now ?
Asked in: DNS-Servers  (6 answers)
jonathan's response: Round Robin DNS is independent of any Browser. It will use the stub resolver on the operating system to make a request to a more competent DNS server (normally onto your router, which then sends it onto your ISP for a more complete process). It is up to this (ISP) DNS server to fetch the IP address and will normally be the first in the list provided by the resolving server (which will rotate the order with each request sent out). At no point does the browser know there are multiple addresses, unless a later request issues a new address, but even then it should just use the new address regardless.
I want to be able to control how much inbound traffic the IPs on my Server receive (I've replaced the IP with one from a private range in the example below). DEV=eth0 tc qdisc del dev $DEV handle ffff: ingress tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 1 u32 match ip dst 10.10.10.10 police rate 1Mbit burst 250k drop flowid :111 This seems to work just fine but when I drop the 1Mbit parameter in tc to anything less than 256kbps the results go all screwy. Any fixes ? Is this just perculiar to the ingress qdisc ?
Asked in: Server-Networking  (3 answers)
jonathan's response: Your burst value may be too high. Ideally it should be somewhere between 10k and 100k, depending on the rate of traffic you want. I'd say try around 15k for 1Mbps of traffic. I normally reserve the full 100k for more than about 250Mbps of traffic. However, if your worried about DoS attacks, this will not stop it, as it will only protect the services on the server from receiving too much traffic. The traffic will have already reached the server and if it's flooding your port, then this will not help.
About Us : Contact Us : Etiquette : Terms : CDN Failover : ShorterURL : CDN Fallback : © 2013 Server Circle