SSHFP records

I hate getting this prompt:

If you see it often enough you probably ignore it – it then loses its purpose if you find yourself blindly typing yes. SSHFP records stop that happening. As I secure my DNS zone with DNSSEC already I think this is an acceptable way of verifying the host at […]

ESX/vSphere grow disk under Linux

If you are running VMware ESX/vSphere with a Linux VM that is running out of disk space it is usually a trivial task. Assuming you have a simple partition layout like this:

If you want to grow the root partition follow these instructions. If you are growing a block device that has no partitions […]

StartSSL certificates with Apache mod_ssl

I have been using StartSSL for free SSL certificates for a while. They are great for personal projects – they are trusted by every device I have tried so far and they are issued almost immediately. You can test if the certificate is trusted by accessing this post as https – click here. Note that […]

Unbound Caching Nameserver

I have added an article to my wiki covering setup of Unbound as a cache name server. This includes DNSSEC support as well as IPv6 support. If it is a busy name server it may need to be tweaked for performance, see the performance section of my wiki above and the Unbound website.

Debian Multiple IPv6 Interfaces

I have been trying to figure out how to set up multiple IPv6 interfaces properly the “Debian” way but it seems like something is a bit broken now. Lets say I have two interfaces: eth0 and eth1. eth0 is on vlan 100 and eth1 on vlan 200. I would expect this to work in /etc/network/interfaces:

Debian Wheezy ipvsadm error

After upgrading some load balancers to Debian Wheezy I noticed this error (happens when dpkg-reconfigure ipvsadm) is ran:

If you encounter this error you can run this sed command to fix up the template: sed -i -r ‘s/^_+//’ /var/lib/dpkg/info/ipvsadm.templates

Debian TARPIT iptables How To

After recently upgrading some of my servers to Debian Wheezy, I noticed the xtables-addons-dkms package is now available. This means you no longer have to build the iptables modules from source to get tarpit support (and more). If you are not sure what the tarpit target is or why you would want to use it, […]