I’ve had my Zabbix install set up to notify me if the remote server has a high ping using this expression:

{__Remote_Hosts:icmppingsec.avg(30)}>120

The problem is, if your network is congested, it can really hit often. I recommend moving the failed ping average up to 500, and adding another trigger:

{__Remote_Hosts:icmpping.max(120)}<1

This checks for no ping within 120 seconds (or 2 minutes) so it gives you a better idea if the host is “down” or just seeing a high ping latency.

Here is something that I did not know - DNS servers use TCP port 53 to do zone transfers (axfrs). Make sure to open that port up in your firewall if you are allowing zone transfers from your DNS server. Knowing that could have saved me a lot of time

So for future reference:
Incoming open ports:
TCP/53
UDP/53

Outgoing open ports:
TCP/53
UDP/53
TCP/1024-65535
UDP/1024-65535

I’ve recently been testing/installing PowerDNS for a web hosting provider. Man am I impressed. You have a number of options to choose for a backend to PowerDNS, my choice is the mysql (gmysql) backend. The DNS server basically relies on a MySQL server to store all of the data. Why is this so great you ask? You can then replicate this SQL data to a number of other DNS servers, across the datacenter or across the country.

The one feature I had a hard time implementing was the “supermaster” or “superslave” feature. This allows another server to be the “supermaster” server, thus allowing zone transfers (axfr) from this other server. I had to dig for this info so I hope someone else finds it helpful.

You need to add an entry into the “supermasters” table (this goes for the mysql and pgsql backends):
insert into supermasters (’10.0.0.11’,’ns1.yourserver.com’,’internal’);
From then on, notifies from this supermaster IP including the ns record “ns1.yourserver.com” will
will lead to the provisioning of a slave domain under the account ’internal’ or other account of your choosing.

Once you have powerDNS set up, try using PowerAdmin for a GUI frontend to PowerDNS. It works great and gives you a nice interface to work with (no more editing those ugly named conf files!)

Clean Archives Plugin by Shawn Grimes is a great, simple plugin to do your archives with. It has an easy to modify template so you can really make it look at easy as you want. It works well on my Wordpress 2 installation and can be viewed here.

Let’s say you just installed windows, but told it to use FAT instead of NTFS. Now you have problems because this program won’t work without permissions on the drive. Whoops! Also the Security feature will not work with FAT or FAT32, you will need NTFS for that. There is an easy way to do this:
convert c: /fs:ntfs
Replace c: with your drive name if different. It will warn you about doing this to a mounted drive, tell it N to skip doing this now. Then it will ask you if you want to do this on the next reboot. Say Y. When you reboot, it will convert the drive to NTFS.

I you are trying to compile software on a new system, and you get this error:
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.

Then you need to install the gcc-c++ compiler:
# yum install gcc-c++
or
# sudo apt-get install gcc-c++
Installing gpp or gcc themselves is not enough.

Apache’s mod_proxy module is simply one of the best Apache modules out there. With it, you can do all sorts of things that you usually would not be able to do if you are behind a firewall or other limited network situations.

A problem that recently came up for me was how Microsoft Outlook Web Access (OWA) needs to run on an exchange server, however my linux server is the one that faces the internet (I have the firewall forward the ports to this server). I also purchased an SSL certificate for one domain, so I wanted to use this certificate to access OWA with a proper validating certificate.

All sounds well and good. Using this mod_proxy configuration should work:
ProxyPreserveHost On

#OWA
ProxyPass /exchange https://exchangserver.example.com/exchange
ProxyPassReverse /exchange https://exchangeserver.example.com/exchange
ProxyPass /Exchange https://exchangeserver.example.com/exchange
ProxyPassReverse /Exchange https://exchangeserver.example.com/exchange
ProxyPass /exchweb https://exchangeserver.example.com/exchweb
ProxyPassReverse /exchweb https://exchangeserver.example.com/exchweb
ProxyPass /public https://exchangeserver.example.com/public
ProxyPassReverse /public https://exchangeserver.example.com/public
ProxyPass /iisadmpwd https://exchangeserver.example.com/iisadmpwd
ProxyPassReverse /iisadmpwd https://exchangeserver.example.com/iisadmpwd

Problem - it works ok - except in IE it will prompt you for the password indefinately and not allow you in. In Firefox (Mozilla) it rejects your password, until you hit cancel, then enter your password and it finally allows you in.

To fix this issue, you need to disable “Integrated Windows Authentication”. In the IIS administration panel, go to the website for your exchange server (”Default site” by default) and find the exchange share (This is most likely “Exchange” and “Public”). From there, right click, go to Properties->Directory Security->Anonymous Access and Authentication Control. Make sure “Basic Authentication” is checked while “Integrated Windows Authentication” is unchecked. Do this for any other Exchange shares. This allows authentication to work OK.

Second problem… in OWA, in Internet Explorer only, when you try to view your inbox the “Loading…” message appears indefinately. Microsoft’s Knowledgebase Article 280823 has a few workarounds for this problem, none of which worked for me. OWA apparently has two modes that it runs in, “rich” and “reach” modes. The “rich” client, which it uses for Internet Explorer, can have issues when running behind a firewall. It uses http-dav components which are not passed through correctly.

Now a fix, let’s make sure all clients run in “reach” mode! Using apache, we can hard-code the User agent that will hit the Exchange server. We use the mod_header module of apache, so make sure you compile it in with –enable-headers. Note: this only works with Apache 2.0. Once you have this compiled in, let’s set the User agent:
RequestHeader set User-Agent "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7)"
You can use whatever you’d like in the user-agent string, as long as Outlook Web Access does not think it is IE, then it will serve the “reach” client.

After correcting all of the above issues, Outlook Web Access finally works in both Internet Explorer and Firefox.

More and more people seem to be using an open source mail server on linux, such as Postfix, to proxy e-mails coming in from the net and relaying them to their exchange server. I know I’ve had this type of setup since January and it has been working really well for me. It gives you the ability to do advanced spam and antivirus filtering on messages, while keeping the easy to use GUI interface for creating exchange mailboxes. When will we get a great e-mail client so we can finally ditch the Exchange/Outlook setup that most businesses rely on? I know I haven’t found a solution that comes close (I’m sorry, Evolution for Win32 needs to come a bit further, and Thunderbird isn’t even close).

Anyway, once you have this system set up (there are some great instructions here, maybe I will cover this more another day), you may wish to sync up your Exchange users with your postfix “relay users” in order to trash messages coming in who are not addressed to anyone on the Exchange server. This will free up CPU cycles on the exchange server postfix server, and also reduce some bandwidth. Fortunately, Exchange 2000 and beyond use LDAP to publish this information. You can use Perl’s Net::LDAP module to grab this information. Chris Covington put together this nice script to grab the Exchange users and post to a file, which can then be postmapped and used in relay_recipient_maps. I hope you find it as useful as I did! [Local Mirror of the Script]