[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] debian potato and Bind9



>Sounds like you need a smug consultant to come in and fix things up.
>
 >It just so happens . . .

I really really do.
But that's what these new guys are. Consultants. One of whom is meant to be a linux guru, but who is having more trouble with this system than I am, and 3 months ago I was a linux n00b.
I'd love to be able to tell my boss that the current guy doesn't know this stuff well enough and we need someone else but I don't know how she'd take it.
Anyway, how much do you charge?

>Hmm, hang on -- the core router you said is running 2.2 -- but that
>refers to the kernel, right?  What version of what OS is it using?

Sorry, I meant debian 2.2, potato. It's behind the firewall.

>What *do* you mean by that, btw?

I mean possibly plugging a switch into the router and having all traffic on that port free to do pretty much whatever it wants. This is what the consultant has suggested, at least.

>this box is also the DHCP server?

No, we have 2 DHCP severs, one for each side of the network (it used to be 2 companies sharing some common servers but isolated from each other via routing rules, now that one of them has left the other has inherited the horrible network left behind)

I don't think the network has been upgraded really since potato came out.
Newer servers have been added, but the backbone is really really old and should be junked. I keep trying to tell people this...

Anyway they seem to think everything can just be moved over on thursday. I don't think this will work, as we have to repatch the entire rack and remove a cabinet that night too, which means powering down 5 machines and powering them up again while praying they work correctly when they come back.

There are enough spare machines, and possibly enough spare network cards to rebuild the core router with the latest stable debian build. But probably not enough spare time :(

The main reason behind moving DNS to the potato machine is that all the other machines can already see it so it doesn't require all that many changes.

I think the main issue is that no one knows how to set up proper rules in the routers and the firewall in order to let the VPN traffic through and rather than learn a dead technology they would like to replace it.  Which is fair enough if the replacement will work. Which I don't think it will, but then it's pretty much out of my hands now and not my fault if it fails. (but probably will still end up being my problem)

As for backups, well, there is a tape machine somewhere but it's not plugged in...

I think I may have to resort to learning ipchains and iptables and how they interact with each other. Either that or replace the ancient router with a new machine and build the ruleset from scratch. There are so many usless rules in there anyway thanks to all the machines no longer exising...

Thank god for this list though. It's good to be able to talk out ideas with people that know what you're talking about and can tell when you don't...

Michael