Saturday, October 15, 2005
Can you block Skype with an RBL?
A random thought I had earlier this evening ... Is it possible to block Skype using a realtime block list?
See more ...
posted by guy at: 22:01 SAST |
path: /systems |
permanent link
Wednesday, June 15, 2005
Active Directory and BIND 9
A few years ago, Jody and I managed to get the Computer Science Department's Active
Directory to play nicely with the University's BIND 9 name servers. At the
time we said we should document the process ... we didn't and today I had to
do it all again, this time for SAIAB. Here's some documentation.
See more ...
posted by guy at: 15:50 SAST |
path: /systems |
permanent link
Tuesday, March 15, 2005
GINX V
After many, many months in the pipeline, GINX got
its first (second actually, Rhodes was
the first) peer
— kudos to Bradley for
bringing the Albany Schools Network online.
A few teething problems emerged once we started to see real traffic via the
GINX switch. The first of these related to some DNS hacks we were doing.
Because Albany Schools effectively moved from inside our firewall to outside
(history;
don't ask ...), we needed to punch some holes into our firewall to get
things to work as they were before. This won't be the case when other
people come on board.
The second problem was that we had an asymmetric route to Rhodes. We're
peering to GINX with our two redundant border routers. A bug in the config
of our primary router meant it wasn't advertising its route to GINX but was
learning routes from it — so traffic from Rhodes went out via one
router and in via a different one. Sorta breaks stateful firewall rules ;-)
Adding the missing allow line to the config fixed that problem; GINX now sees two routes for Rhodes
and gets the preference (metric, multi-exit
discriminator) right. BGP is cool.
To celebrate this, Russell and I had
a go at updating the GINX website to
do content
negotiation à la the W3C's Architecture of the World Wide Web.
So now http://ginx.org.za/lookingglass.cgi is http://ginx.org.za/lookingglass,
http://ginx.org.za/status.html is http://ginx.org.za/status and so on.
We also created an RSS feed and got Sablotron and
PHP to render the status page from it via an XSLT style
sheet. The web is a wonderful place. CSS, PHP and XML can make it better.
Now we need to get Cliff at Imaginet to get round to setting up
his peer — all the bits seem to be in place, he just needs to plug
them together — and we'll start seeing some real use from GINX. Oh,
and the Foundation would be nice
too, but that's a lot more complex to get right because of how it's
connected to the peering point and they're about to start SciFest. Broken routing there would
probably go down like a lead balloon.
posted by guy at: 22:46 SAST |
path: /systems |
permanent link
