Archive
Posts in Networking
Asynchronous writes in NFSv3
While debugging an interesting NFSv3 problem last week, I came across the following information in one of my snoop captures: Prior to reviewing the snoop capture, I didn't know that NFSv3 supported asynchronous I/O. While reading through various pieces of information, I came across the following nugget of information: "NFS Version 3 introduces the concept of "safe asynchronous writes." A Version 3 client can specify that the server is allowed to reply before it has saved the requested data to disk, permitting the server to gather small NFS write operations into a single efficient disk write operation. A Version 3 client can also specify that the data must be written to disk before the server replies, just like a Version 2 write. The client specifies the type of write by setting the stable_how field in the arguments of each write operation to UNSTABLE to request a safe asynchronous write, and FILE_SYNC for an NFS Version 2 style write." This explained why we were seeeing what we were seeing (more on that later), and is one of those things to keep in the back of your mind…
$ read more →Limiting how much memory BIND can use
I support BIND on a few servers, and when run as a caching name server, BIND can consume a fair amount of memory if you have lots of clients. There are two ways to restrict the amount of memory BIND uses. The first method, which is described in Pro DNS and BIND, is to set the "datasize" variable to the total amount of memory you want to allocate to BIND. The book provides an awesome description of this variable: datasize >"The maximum amount of data memory the server may use…
$ read more →Monitoring DNS servers
I recently started supporting several DNS servers running BIND 9. To ensure that these server are up and operational at all times, I wrote a small shell script named dns-check to test the operational state of each server. The script takes a file as an argument, and each line in the file contains the IP address of a DNS server (names will also work), a name to resolve, and the record type that should be requested. If the script is unable to resolve the name for one reason or another (any return code > 0 is a failure), the script will log a message to syslog, and send E-mail to the address listed in the $ADMIN variable, or an address passed to the "-e" option…
$ read more →Verifying DNS and Mail server configurations
If you run DNS and SMTP servers, you probably know how important it is to validate the configurations used by your SMTP relays and DNS servers. Broken configurations can lead to clients not being able to find your website, open mail relays, unroutable mail, and your domain being blackholed by the Internet. Luckily there are three awesome services that can be used to sanity check the DNS and SMTP servers for a domain. The first service is the Mail abuse website, which checks to see if your mail server is acting as an open relay: Mail abuse website The second service is DNS report, which validates the DNS server configuration for a specific domain: DNS server report The last service is the open SPF website, which allows you to generate SPF (Sender Policy Framework) TXT records for a domain: OpenSPF website I use all three services, and can't begin to describe how useful they are.
$ read more →Calculating network and broadcast network addresses with ipcalc
For several years I turned to a CIDR reference or bc to calculate network and broadcast addresses when variable length subnetting was in use. While poking around the /bin directory on one of my CentOS 4.0 servers, I came across the ipcalc utility. This nifty utility allows you to feed it an IP address and prefix, and it will spit out the network and broadcast address associated with that IP address: I love finding buried treasure. :)
$ read more →