Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 23, Number 3 - March 2007

Next Meeting
Daylight Saving Time Postmortem
The Usual Suspects
Thursday, March 15, 7:00 PM

Contents:

The CACTUS Newsletter is a monthly publication, distributed to our members and other interested people. Visit the CACTUS Newsletter on the web at http://www.cactus.org/Newsletter/. There you will find archives of back issues, as well as instructions on how to subscribe to the e-mail distribution. We welcome newsletter submissions by our members. Please contact newsletter [at] cactus <dot> org for more information.


March Meeting Program

Bring you left over equipment from the gratuitous daylight savings change--generators, spare fuel, ammunition, etc. We'll discuss why the doom is still pending.

The next CACTUS meeting will be held on Thursday, March 15, 2007 at 7:00 PM (doors open at 6:30 PM for pizza and informal discussion), at Mangia Pizza at the corner of Burnet Rd./Mopac service road and Gracy Farms Ln. (See end of newsletter for directions to the facility).


February Meeting Report

by Ron Roberts for Don Kassebaum

Complaining about increasingly bad performance of FreeBSD 6.2, Gil Kloepfer exclaimed that he was having an "I hate BSD" moment. There are currently four flavours of BSD: FreeBSD, OpenBSD, NetBSD and Dragonfly.

The food order was delayed, because the restaurant's computers were down. The membership was pretty sure which operating system was to blame. Several offered to reinstall their computers.

Membership chair Mark Scarborough, noted that James Johnson had rejoined CACTUS. There were two additional new memberships.

Program chair Brad Knowles offered a menu of presentations: IMAP, Sendmail or DNS. The majority selected DNS. Brad brought not only a video projector, but an extension cord.

While Brad was setting up, Gil was explaining how one could buy a flux capacitor. If you already own a Delorean automobile, it's free. Just go to:

http://delorean.com/dmcstore/onlinestore-search.asp

Then enter the part number: 18851985

Brad Knowles was ready by the time that we realized that no one present owned a Delorean, and we were doomed to remain in the present.

Brad's presentation was a comparison of Domain Name Server (DNS) software. He'd previously presented this at LISA in 2002 and Reseaux IP Europeen (RIPE). Brad compared the following versions:

A number of others were not considered: QuickDNS, MaraDNS, Pdnsd, Posadis, MyDNS, LDAPDNS, UltraDNS, Cisco Network Registrar and Incognito DNS Commander.

To perform a survey of the top level domains (TLD), Brad originally thought he would synthesize it. He discovered he could obtain a copy of it. Using old hardware in his basement, he configured these DNS servers and put them through their paces.

In the course of his investigation, he discovered that UUNET DNS servers were configured to be open and recursive. This made them vulnerable to cache pollution or poisoning. After he published this, UUNET corrected the problem. Open recursive servers are vulnerable to phishing or spearphishing.

Brad used the TLD and the .tv zone, which was the largest zone (about 20 MB) that he could get. By listing the responses of the various servers to particular requests, Brad was able to identify which server software many of the top level domains were using. For instance, he identified Bind 8 was used by the root TLD and arpa, com, edu, gov, mil and org.

Brad explained how to obtain and build all of these DNS servers. He went into detail about how he measured the performance. He also gave a general description of the tested servers.

ISC's Bind is the gold standard. Bind 8 is legacy/spaghetti code, with some security risk, and doesn't support IPv6. But it's a little faster than Bind 9. Bind 9 supports multi-processors, has enhanced protocol support and improved standard conformance.

Bernstein's dbjdns is actually two pieces: dnscache and tinydns. It violates RFC's. By default, it does not support zone transfers. By default, it does not provide referrals, nor does it support TCP by default. It also truncates reponses illegally. It has limited hardware support, and the author does not seem intent on supporting new DNS features. It does address security issues in Bind 8.

Name Server Daemon (NSD) is an authorative only, high performance, simple open-source name server. It was developed under the auspices of NLnet Labs. It's for the experienced DNS administrator. Not much hand holding provided. It precomputes all possible questions and answers for the zone it serves and generates an indexed database to provide the mapping. This makes it very fast for an authoritive only server.

Nominum provides two pieces: Foundation Authoritative Name Server (ANS) and Caching Name Server (CNS). These are carrier class products. Paul Mockapetris invented DNS in 1983, and now serves as chief scientist for Nominum. They're fast and easy to use.

PowerDNS nameserver is a modern, advanced and high performance authoritative-only name server. It was written from scratch and conforms to all relevant DNS standards. It can interface with almost any database, and it's now open source. Commercial support and consulting are available. PowerDNS also sells domain and WEB hosting. Their documentation needs work.

Brad displayed performance graphs for authoritative name server and caching performance for each of the servers examined.

A couple of members indicated that while they had worked with DNS for years, much of the presentation went over their heads. This report does not begin to scratch the surface.

The complete presentation is a available at:

http://www.shub-internet.org/brad/papers/dnscomparison

Thanks to Mangia Pizza for the hospitality, and Brad Knowles for the excellent presentation.


CACTUS System News

by Randy Zagar

Some of you may not have noticed, but Linux.cactus.org has a new IP address. Outserv.net, who graciously hosts some of our machines at their facility, has changed upstream Internet providers. Our packets are no longer being handled by TexLink, but are now traveling down a much fatter pipe provided by Time Warner Cable Commercial Services. This turned out to be a moderately big deal because Linux.cactus.org is the primary name server for our domain. It took a couple hours to iron out all the wrinkles, but everything has been working fine since then. Many thanks to Dave Maynard and the folks at Outserv for making this transition as painless as possible.

Other changes are going to be happening soon as well. After much delay and discussion, Unix shell account services and mail services on Linux.cactus.org and Bubba.cactus.org are going to be moved. Both of these machines are running obsolete Linux versions and need to be upgraded. Plus, our mail server configuration hasn't been updated in years and just isn't coping well with the fact that 99% of the mail messages it receives are all SPAM.

I've got the newest machine, Outserv.cactus.org, already configured with Postfix, Procmail, and Dovecot. The new machine will become the primary mail exchanger for cactus.org on April 19th. POP and IMAP services will be available at pop-server.cactus.org and imap-server.cactus.org, and both services will be protected with SSL so there won't be any issue with cleartext passwords going over the Internet. There are some additional details to nail down before then, but you'll be able to see all that on our Cactus Wiki page:

https://outserv.cactus.org/mediawiki/

Operating System upgrades on Bubba.cactus.org and Linux.cactus.org will begin after the May 17th meeting, so all the home directories on both of those systems will have to be moved to Outserv.cactus.org before that can begin.

If you've got any questions, suggestions, or a burning desire to help, please come to the next meeting so you can put your two cents in.


Legislation Watch

by Randy Zagar

There are two interesting bills filed with the Texas Legislature this session that should be of interest to CACTUS members. Texas bill SB-446, for instance, mandates that each electronic document created by a state agency must be in an open XML file format that is:

  1. interoperable among diverse internal and external platforms and applications
  2. published without restrictions or royalties
  3. fully and independently implemented by multiple software providers on multiple platforms without any intellectual property reservations for necessary technology
  4. controlled by an open industry organization with a well-defined inclusive process for evolution of the standard.

To borrow a phrase from our Honorable Governor Rick Perry, this bill says "Adios, MoFo" to proprietary file formats.

Another bill has been filed in the Texas House that addresses electronic voting issues. Texas bill HB-3119 tries to address three concerns:

  1. That information about electronic voting systems submitted to the Secretary of State is public information, and is subject to disclosure under Texas' Sunshine laws.
  2. Requires the Secretary of State to create standards for voting systems.
  3. And these systems must implement a Voter Verified Paper Audit Trail (VVPAT).

You can track the progress of these bills on the Texas Legislature's web site:

http://www.legis.state.tx.us/

I'd encourage everyone to read these bills and contact your representatives to let them know what you think.


Membership Report

by Mark Scarborough

CACTUS would like to thank David Crow, John Kingman, and Gil Kloepfer for renewing their memberships.

Special thanks to Ray Solanik for his continued sponsorship of CACTUS!

To renew your membership, please send check or money order payable to CACTUS ($30/yr for regular membership and $100/yr for corporate sponsorship):

CACTUS
PO BOX 9786
Austin, TX 78766-9786

You can also pay in person at the general meetings. Please direct any inquiries or address changes to membership [at] cactus <dot> org.


CACTUS Officers

President:
Randy Zagar (jrzagar [at] cactus <dot> org)
Treasurer:
Johnny Long (longjy [at] cactus <dot> org)
Programs Chair:
Brad Knowles (knowles [at] cactus <dot> org)
Membership:
Mark Scarborough (mscar-cactus [at] cactus <dot> org)
Publicity & Webmaster:
Lindsay Haisley (fmouse [at] fmp <dot> com)
Newsletter:
Ron Roberts (ronr [at] cactus <dot> org)
Scribe:
Don Kassebaum (dak [at] cactus <dot> org)
Members at Large:
Gil Kloepfer ( kloepfer [at] cactus <dot> org)
Larry Rosenman (ler [at] cactus <dot> org)

CACTUS Sponsors

Significant Contributing Sponsors

Applied Research Laboratories/University of Texas at Austin
(Gil Kloepfer, Computer Science Division (CSD), 835-3771, gilc [at] arlut <dot> utexas <dot> edu)
CoreNAP, L.P.
(Kenneth Smith, (512) 685-0010, kenneth [at] corenap <dot> com)
Provides server colocation and high-speed Internet access to businesses in the Austin and central Texas area
Newisys, Inc.
(Tim Wood, (512) 340-9050, tim <dot> wood [at] newisys <dot> com)
Development of enterprise-class servers
Onramp
(Chad Kissinger, president, 322-9200, info [at] onr <dot> com)
Broadband Internet access, web design and colocation
Outserv.net, Inc.
(David Maynard, dpm [at] outserv <dot> net)
e-Business Operations Service Provider

Sponsors

Dresser - Wayne
(Steve Cox, (512) 338-8444, steve <dot> cox [at] dresser <dot> com)
Provides instrumentation and services to the oil and energy
Flowing Circles Engineering
(Johnny Long, (512) 293-7894, longjy [at] fcei <dot> com)
Taking advantage of grid computing to solve matrix engineering and energy conversion problems.
IBM Corporation
(George Kraft IV, (512)838-2688, gk4 [at] austin <dot> ibm <dot> com)
Journyx, Inc.
(John Madollozzo, (512)833-3274, john [at] journyx <dot> com)
Web-based products to track time, expenses, and attendance, for project management and billing.
Ray Solanik, Technical Consultant
(Ray Solanik, solanik [at] cactus <dot> org)
Starflight Corp.
(Jon Roland, jon <dot> roland [at] the-spa <dot> com)
Computer consulting, management solutions, documentation, and technical writing.
TEKsystems, Inc.
(Russell Labay, (512) 249-4912, (888) 598-5877, rlabay [at] teksystems <dot> com)
A leading provider of strategic staffing and managed services for the Information Technology and Communications (IT&C) community.
Veraci Inc.
(Michael Shrivathsan, michael [at] veraci <dot> com)
VoIPing, LLC
(Lenny Tropiano, 512-698-VOIP (8647) or Brian Sinclair 512-698-8031, info [at] voiping <dot> com)
IT Consulting and Services, converged networks, Unix, and Voice over IP

Friends of CACTUS

Applied Formal Methods, Inc.
(Susan Gerhart, 794-9732, gerhart [at] cactus <dot> org)
Auspex Systems
(Paul Levine, plevine [at] auspex <dot> com)
Fastest reliable network fileservers
Austin Code Works
(Scott Guthery, 258-0785, info [at] acw <dot> com)
BestRegistrar.com
((800) 977-3475, registrar [at] bestregistrar <dot> com)
A top-level domain name registrar, CORE member
Covad/Laserlink
(Chip Rosenthal)
CTG
(Maurine Mecer, 502-0190 (FAX 502-0287))
Professional recruiting
Compaq Computer Corporation (now HP)
(Ron Boerger, 432-8000)
Provider of scalable, high availbility systems
EDP Contract Services
(Mark Grabenhorst, 346-1040)
Professional recruiting
Hewlett Packard
(Bill Sumrall, 338-7221)
Hounix
(Marilyn Harper)
Houston's Unix Users Group
Network Appliance Corporation
(Frank Mozina, fmozina [at] netapp <dot> com)
O'Keefe Search
(John O'Keefe, john [at] okeefesearch <dot> com, 512-658-9224 or 888-446-2137)
Professional recuiting
Rocksteady Networks, Inc.
(Eric White, 512-427-1319, ewhite [at] rocksteady <dot> com)
Sailaway System Design
(Chris J Johnson, 447-5243)
Schlumberger
(Kathy O'Brien, obrien [at] asc <dot> slb <dot> com)
Technical services and products in over 100 countries
Silicon Graphics
(Don Williams, 346-9342)
Solid Systems
(Pete Farrell, 442-2222)
Sterling Infomation Group
(Darrell Hanshaw, 344-1005)
Sun Microsystems
(Rick Taylor)
Supplier of Unix client-server computing solutions
Texas Internet Consulting
(Smoot Carl-Mitchell, 451-6176, smoot [at] tic <dot> com)
TCP/IP networking, Unix, and open systems standards
Technow
A Sun Authorized Training Center and a Hardware Reseller
Unison Software
(Shelley St. John, 478-0611)
Supplier of networked systems management solutions
UT Computer Science Department
(Patti Spencer)
UT Computation Center
(Mike Cerda, 471-3241, cerda [at] uts <dot> cc <dot> utexas <dot> edu)

Directions to Meeting Location

CACTUS meets on the third Thursday of each month at the Mangia Pizza (Gracy Farms location):

Mangia Pizza - Gracy Farms
12,001 Burnet Road at Gracy Farms Ln.
Austin, TX 78758
(512) 832-5550
http://www.mangiapizza.com/33/Gracy_Farms.html

This location is approximately 2 miles north of our previous meeting location at ARL. Note that the Mapquest map on Mangia's web site is slightly wrong.

Mangia pizza is on the north-east corner of the Mopac service road and Gracy Farms Ln.

From 183 north of Duval Rd.:
Take the Duval Rd. exit on 183 and turn left onto Duval Rd. When you get to the intersection of Mopac (Loop 1) and Duval Rd., make the left turn as though you were going to get onto Mopac North (this is Gracy Farms Ln.). You will see Mangia Pizza in front of you to the left at the traffic light. Turn left and then make an immediate right turn into the little store cluster.
From 183 south:
Take the Burnet Rd. exit on 183 and head toward UT Applied Research Labs (ARL) as you would normally. Instead of going to ARL, continue on Burnet Rd. In approximately 2 miles, Burnet Rd. will fork - to the left will be Duval Rd. continuing straight will bring you to a traffic light (at Gracy Farms Ln.). You should see Mangia Pizza on your right. Continue through the traffic light and make a right turn into the store cluster.
From Mopac:
Exit at Duval Rd./Burnet Rd. From the south, continue on the service road. Continue straight at the traffic light to the next traffic light just a little bit further up. You will see Mangia Pizza in front of you to the left at the traffic light. Turn left and then make an immediate right turn into the little store cluster.

From the north, make a left turn onto Duval Rd./Burnet Rd. and then an immediate left turn (as though you were going to make a U-turn back onto Mopac) and there will be another traffic light where you will see Mangia Pizza in front of you to the left. Turn left and then make an immediate right turn into the little store cluster.

Note: If you pass Mangia Pizza, there is a U-turn on the left just a little past the store cluster. Follow the directions for Mopac coming from the north.


Valid HTML 4.01!