Site Sections
Posts
254
Comments
120
Trackbacks
120
December 2006 Entries
A break from the technical stuff: Transformers!!

Even on a professional blog, man cannot live by technical insights alone.

When I heard that Michael Bay was tapped to be the director of the forthcoming live-action/CGI Transformers movie, I was skeptical. However, earlier today my co-worker Ryan pointed me to Yahoo's exclusive trailer.

All I have to say is, I cannot wait for July 4th.

posted @ Wednesday, December 20, 2006 6:00 PM | Feedback (0)
Surviving the all-nighter

Every now and then, the IT professional gets to put in time beyond the normal working hours. Even more occasionally (we hope), we get the joy of pulling an all-nighter. Systems admins, network admins, and mail admins are no strangers to having a fixed amount of time to perform a big or complicated (and if you're unlucky, it's big and complicated) task during the late night and early morning hours.

Back when I was in my mid-20s working for startups with no budget, I'd have to do all-nighters on a regular basis. I never really had trouble with them; I'd stay up for 36 or 48 hours, go home, sleep for 12, and be ready to do it again. I remember one particularly messed-up week where I pulled a scheduled all-nighter and was up for 48 hours, had just gotten to bed and gotten 3 hours of sleep, then got called back into the office to deal with a different issue that took me over 96 hours to resolve.

Nowadays, though, I don't handle them so well. Earlier this week I had an Exchange mailbox move turn into an all-nighter, and it wiped me out because I forgot to observe some basic strategies to minimize the impact of planned and unplanned all-nighters:

  • Know what you really need to achieve, and have a plan to achieve it. Even if you're suddenly pulling an all-nighter in response to an emergency or other unexpected event, take a few minutes to think your way through what you want to accomplish. You don't need details, but you need to have a list of the particular milestones you need to hit to be making acceptable progress. In my case, I was moving mailboxes to an Exchange 2007 server. A couple of us had mailboxes on a temporary Exchange 2007 server, while the majority of employees were on an Exchange 2003 server. My key goal was moving the Exchange 2003 mailboxes; the temporary server could be dealt with at a different time. If I'd ratholed myself on moving everything, I'd have spent even longer on the task than I normally did.
  • Don't make assumptions. Because the Exchange 2007 server had been previously set up, I assumed that the disk partitions had been properly configured and that the storage groups and mailbox databases had been moved to suitable partitions with adequate space. Bad assumption; only the system partition (24GB) had been defined, and I ran out of space on the system volume mid-way through the mailbox moves thanks to the log files. I lost valuable time performing a full backup (to truncate the logfiles), creating the partitions, and moving the storage groups and databases -- not to mention the time I lost trying to move some large mailboxes and having them fail.
  • Don't get so lost in emergency response mode that you forget to take care of your body. You've probably heard that for IT workers, it's a good idea to get up and stretch every 15-30 minutes. This is doubly important when you're working outside of your normal working hours; your body is more susceptible to fatigue, and your muscles really need the break. Get up, walk around, and shake out the kinks; you'll think and work better for it.
  • Ensure proper hydration and food. I'm still feeling the pain on this one, because I let myself get totally dehydrated. I know we all think we need lots of caffeine, but it will actually start fogging your thought processes when you get tired. Instead, try alternating decent water (I prefer bottled or filtered water[1]) and your favorite sports drink such as Gatorade.
  • Take a minute to look at your calendar for the next day or two, and keep an eye on the clock. It's far too easy to get locked into focusing on the current problem and completely forgetting about other obligations. Don't forget to extend this discipline to the couple days following your all-nighter until you get fully settled back into your routine. It can take a couple of days to recover fully from the physical effects of staying up too late, and while missing a 9:30 conference call might be understandable the morning after a heroic all-nighter, it's much less so the next day.

[1] Away from the laptop, of course.

posted @ Wednesday, December 20, 2006 3:27 PM | Feedback (0)
Using PowerShell to find the average size in a group of files

Today I wanted to find out the average size of a group of files. To make it more challenging, I wanted to find the average size of a group of files that existed co-mingled in a directory with several other files I didn't care about. PowerShell to the rescue!

In my examples, we'll say I wanted to average the size of all .CSV files in the C:\temp directory. I define the $target variable to contain a string that defines which files you want to work with. There's no magic here; it's the same string I'd type on a command line, but you can do much more complicated expressions using wildcards and such. Here's how I defined it:

Here's the script I came up with:

$myfile = $(dir $target | select-object Name,Length)
for ($($myfilesize = 0; $i=0); $i -lt $myfile.count; $i++) {$myfilesize += $myfile[$i].Length}
$myfileavg = "{0:N2}" -f $($myfilesize / $myfile.count / 1024)
Write-Output ("Average size of selected files: " + $myfileavg + "KB")

Here's how the script works.

  • The script performs the dir command against the target (really an alias to Get-ChildItem cmdlet)and pipes the output through the Select-Object cmdlet so we can specify which attributes we care about -- in this case only Name and Length. It then stores the results in the $myfile variable.
  • Now we can use a for loop to iterate through all the elements of the $myfile and add up the total number of bytes.
  • Simple arithmetic -- total number of bytes divided by the number of files (which is the Count property of the $myfile variable) -- gives us our answer in bytes. We divide it by 1,024 to convert to kilobytes, and use the .NET string formatting functions (the {0:N2} bit) to tell PowerShell to round the result to two decimal places.
  • We then print the output out. Done!

I'm sure there are easier and cleaner ways to do this under PowerShell, but my point is to show how a task that would take a lot more work under VBScript or conventional Windows command-line scripting can be done quickly in PowerShell.

Extra credit: say you just wanted to import the files and sizes into Excel? This one-liner creates the CSV file:

Note that you need to use Select-Object here to preserve the object information of the original objects you collected. If you use Format-Table as I first did, it won't work; your CSV file will contain the object information of the output lines of the table, not the objects used to create the table. The -NoTypeInformation suppresses the inclusion of the #TYPE header, an additional line that documents what object type Export-CSV detected.

dir $target | Select-Object Name,Length | export-csv csv.csv -NoTypeInformation
$target = "c:\temp\*.csv"
posted @ Monday, December 18, 2006 6:10 PM | Feedback (0)
Made it through the storm

Although Redmond (and the 3Sharp offices) lost power last Thursday night, we had power again by Saturday and were able to get back up and running Saturday afternoon, with only one minor glitch that was straightened out this morning. To celebrate, here are a couple of quick links:

  • Visual Studio 2005 SP1 is released. It includes the Web Application Projects, so if you've installed the stand-alone download from last May, uninstall it before running SP1 setup.
  • ASP.NET AJAX RC1 is released. Big change: the server-side components have changed namespaces into the System namespace, breaking existing server-side code (client-side JavaScript code should be fine).
  • Exchange 2007 RTM evaluation builds are released. Remember, the 32-bit version is only for evaulation, training, and testing; you must run 64-bit in production (where "production" is generally understood to be "a real mailbox that someone actually uses"; no setting up a 32-bit "test lab" for a pseudo-dogfood testing group as an end-run!)
posted @ Monday, December 18, 2006 12:52 PM | Feedback (0)
Virtual Labs from Microsoft

Okay, now this is a great idea: create a series of hands-on labs for people to use to get familiar with your product offerings, with a special focus on upcoming versions and new, cool functionality. Like, oh, say, Exchange 2007.

Even better: put it online for free, with both 30 minute or 90 minute versions. Make it so all the users have to do is have a Windows Live! (Passport) account and be willing to register.

Best yet: Let users take any lab from TechNet or MSDN, submit a completed evaluation, and then give away an Xbox 360.

That's just cool, and a great step for promoting training and certification.

posted @ Thursday, December 14, 2006 10:15 PM | Feedback (1)
CAL 9000^H^H^H^H2007

There's a lot of flap and confusion over the changes to Exchange 2007 and Outlook 2007 licensing. Although I am not a Microsoft Licensing specialist, let me attempt to condense together all of the information floating around various sources and see if we can't distill out some sort of understanding. There are three types of licenses that concern us here: the Exchange server license for the actual server software, the Exchange 2007 Client Access License (CAL), and the Oulook 2007 license:

  • The Exchange 2007 server software license comes in two flavors, explained in How to Buy Exchange Server 2007:
    • The Standard Edition server license gives you a maximum of five (5) databases and storage groups. You can use LCR, but not SCC or CCR.
    • The Enterprise Edition server license gives you a maximum of fifty (50) databases and storage groups. You can use LCR, SCC, and CCR.
  • The Exchange 2007 CAL also comes in two flavors, which are completely independent of the license flavor you bought for the server software license. The two CAL flavors (plus a CAL bundle that contains both flavors) control what Exchange 2007 features your users have access to. See Exchange Server 2007 Editions and Client Access Licenses for more details:
    • The Standard CAL gives the user permission to access the by-now standard features of Exchange: email, shared calendars, OWA, EAS, contacts, tasks, and management actions. If your user is in any way accessing their mailbox, as I understand it, they have to have a Standard CAL. You can perform per-database Message Journalling.
    • The Enterprise CAL is required if the user is going to access Unified Messaging, per-user/per-DL Message Journalling, and Managed E-mail Folders. Also, if you're on a volume license program such as Software Assurance, you can use this CAL for Exchange Hosted filtering and Forefront Security for Exchange Server.
    • The Standard + Enterprise CAL bundles both together. Note that you can't buy the Enterprise CAL without the Standard CAL, so this is in reality what you're going to buy if you need the Enterprise CAL features.
  • The Outlook 2007 license is generating a lot of heat and light out on the net. Historically, Exchange CALs have included an Outlook license with them, allowing organizations to roll out Exchange and Outlook paired together, without having to coordinate a full Office deployment at the same time. This has generally been viewed as a good thing, because there have always been a few spiff features that work best (or only work) when you're using paired versions of Exchange and Outlook. This changes with Exchange 2007; the CAL no longer includes an Outlook license, yet the Standard CAL costs the same as the Exchange 2003 CAL does. While this at first seems like it's a bad thing, that may not be the case, and here's what I've been able to glean about it:
    1. In Microsoft's experience, the vast majority of Exchange shops ended up deploying Office at some point. Thus, the vast majority of their customers ended up paying for Outlook twice (effectively). Ed: I think people have a hard time swallowing this one, because it's not like the Standard CAL has dropped in price any to reflect this implicit cost savings. However, I really doubt Microsoft is flat-out lying about this as some people think. If they want to justify a price increase, they've got lots of good reasons to do so. I don't understand their math at this time, but that doesn't meant it isn't valid. Anyone from Microsoft care to illuminate this?
    2. You can still use Outlook 2003 in all its glory against Exchange 2007, and you'll even get the benefit of some (but nowhere near all) of the new features present. You won't lose any functionality. Outlook 2007, on the other hand, is much more tightly coupled with the rest of the Office suite than previous versions of Outlook, enough so that Microsoft feels you will see significant value in deploying Office 2007 all at once. Ed: After hearing about a large number of shops that have are still running Office 2000 with the addition of Outlook 2003 (to get cached mode against Exchange 2003), I suspect that there's a noteworthy faction of folks forming Microsoft's business strategy that hopes the new can't-miss functionality in Outlook 2007 will be the impetus for a lot of Office suite upgrades.
    3. You can now get Volume License deals for as few as five licenses. Volume licensing and SA can be a major way to cut down on the cost of rolling out Office and other Microsoft software, and once people are willing to take a closer look at SA to get their Outlook fix, they may in fact find that SA will be a good fit for them overall. See the Exchange Server Product Use Rights page for more info. Ed: I have no comment on this one, other than to note that Microsoft has not been shy in its desire to push SA. On the other hand, customers have not been shy about being unimpressed with a "get your updates included" licensing model that is coupled with server software offerings that always seem to update just past the 3-year SA term.
    4. From what I hear on the net, large and enterprise businesses think this is a good move, while small and medium businesses don't. In particular, the Small Business Server community seems to be particularly upset. So is Microsoft betting that this license restructuring will bring in enough new large/enterprise customers to generate enough revenue to offset small/medium defections, are they betting that the small/medium customers won't defect in enough numbers to warrant concern, or is there some other factor at play here?

You might also want to check out the Exchange Server 2007 Licensing FAQ for other answers to specific questions.

Disclaimer: I do not work for Microsoft and have no training in the specifics of the Exchange and Outlook licensing. This information is meant as my best guess at unifying the licensing information and providing some rationale for the license breakdowns, not as a definitive answer. You must check this information with your Microsoft sales representative. Having said that, if anyone has any real-world experience that confirms or debunks this in part or in whole, I'd definitely like to hear about it so I can update the information.

posted @ Thursday, December 14, 2006 8:52 PM | Feedback (0)
GRYNX Greylist redux

Back in November, I posted about a free greylist transport sink that works with Exchange 2003, Exchange 2000, and the IIS SMTP service. I've been using it steadily at home and have continued to be impressed by it, especially when my Exchange server went offline just before I went out of town and I was forced to put up a quick workaround of IIS SMTP + the greylist service. With greylisting as my anti-spam defense, we were still knocking down the majority of incoming spam attempts.

Here at 3Sharp, we recently changed our anti-spam strategy and I went to the GRYNX greylist site to grab the latest version (1.2.4) available at the time. Man, did I receive a pleasant surprise: it now supported storing the triplet database in a Microsoft SQL Server database! Just a few short minutes later, I had a database created, configured, and up and running. Using this in conjunction with the IMF, we've once again knocked our spam down to "minor irritation" levels.

This version will work against SQL Server 2000 or SQL Server 2005, hosted either on the same machine or a remote machine (so you can use a central database server to store a shared triplet database for multiple bridgehead servers -- how enterprise!)

Thanks, Chris!

Updated 11 Sep 2007: The author has just let me know that the product is now called JEP(S) and is available from a new website. Link updated accordingly.

posted @ Thursday, December 14, 2006 7:44 PM | Feedback (0)
Software IP PBX for Windows

The other day I noticed an interesting ad in my latest issue of Windows IT Pro magazine: a free Windows IP PBX. It can work with a SIP-based VoIP service, or use a PSTN-to-VoIP gateway to interact with traditional phone lines. These gateways are usually relatively inexpensive; the PBX is the most expensive part of the bundle.

Naturally, I was immediately curious as to whether it would interoperate with Exchange 2007.

I've got the software and manual downloaded, and I'm in the process of sending off a query to 3CX to find out more details. I'll let you know what I find.

posted @ Wednesday, December 13, 2006 4:47 PM | Feedback (1)
Am I Exchange 2007 compatible or not?

This post is directly prompted by an email I received from Paul letting me know about a utility he'd learned about from other Exchange MVPs. So thanks to Paul, Jim, and Jeff!

When Microsoft first announced that Exchange 2007 would run on 64-bit hardware only, lots of people immediately started to point out (with varying amounts of glee, depending on who they worked for) that this would inevitably make Exchange 2007 a horribly expensive upgrade. Microsoft's counter-argument can be summed up as, "Relax. If you've been buying hardware at all recently, you're already buying 64-bit capable hardware." Now, in all fairness, this is probably true, but the question then becomes, "How can I be sure this hardware is 64-bit capable?" The answer is: that depends.

I've found that it's a lot easier to tell whether your server hardware is 64-bit capable or not if it's running AMD processors. Both the Opteron and Athlon 64 lines will self-identify to Windows, which means that a simple check of the Property sheet of My Computer will tell you:

image
My Computer on an Athlon 64 processor -- ready for Exchange 2007

Intel processors are a different story. If it's an Itanium, of course, you know it's 64-bit, but you also know it's not compatible with Exchange 2007. That leaves the Xeon and Pentium lines. Instead of clearly labelling the specific processor models as being 64-bit, Intel merely added the Extended Memory 64 Technology (EM64T) extensions to them. The presence (or absence) of these extensions doesn't show up in My Computer:

image
My Computer on an Intel 32-bit processor -- and still in the dark

image
My Computer on an Intel 64-bit processor -- and still in the dark

Instead, you can use the free utility CPU-Z, which will tell you all sorts of information about your CPU. Most importantly, though, it will let you easily see whether you're running a 64-bit system:

image
CPU-Z on an Athlon 64 processor -- ready for Exchange 2007!

image
CPU-Z on an Intel 32-bit processor -- no Exchange 2007 for you!
image
CPU-Z on an Intel 64-bit processor -- ready for Exchange 2007!
posted @ Wednesday, December 13, 2006 3:44 PM | Feedback (0)
$true-thiness

Microsoft's Evan Dodds has a post on why you need to use the tokens $true and $false in PowerShell scripts instead of the strings "true" and "false".

posted @ Wednesday, December 13, 2006 11:17 AM | Feedback (0)
Microsoft-Novell and the IP risk factor

ZDnet's John Carroll posts what I think is the most cogent analysis of the Microsoft-Novell deal I've seen yet. I don't normally read ZDnet blogs for their thoughtful analysis -- most of the time, they strike me as unabashed rabble-rousing merely to justify confrontational headlines -- but if this is an example of John's work, I'll be reading him more in the future.

Case in point: one of John's fellow ZDnet bloggers, , appears to go out of his way to miss John's point. Ed is claiming that Vista is just as liable and that therefore Windows customers just as vulnerable. Well, duh -- John points out that any sufficiently complex software is arguably as risk (but respects the reader's intellect enough to point this out). What Ed seems to miss is the fact that John's analysis of the Microsoft-Novell deal is pointing precisely at the kind of steps that Microsoft can take to help reduce that risk for their customers -- a step that open source projects can't take unless they've got someone like Novell behind them. Pay attention, Ed, and quit arguing the premises.

posted @ Tuesday, December 12, 2006 6:38 PM | Feedback (0)
A grab bag of small goodies

Exchange MVP Jim McBee gives some tips on tuning the Exchange 2003 IMF.

Doug points out some tools for mounting .ISO images (and includes ones that work under Vista).

Finally, the Exchange team blog is giving the standard Exchange 2007 transport rules demo by creating an ethical wall. Now, this is great functionality, but the demo itself is somewhat boring. The last time I did this demo, I spiced it up by eschewing brokers and analysts in favor of putting an ethical firewall in between the military and civilian leadership in Battlestar Galactica. "So sorry, Captain Adama, but you're no longer allowed to foment revolution with President Roslyn." Now that's a demo.

posted @ Tuesday, December 12, 2006 6:36 PM | Feedback (0)
Another PowerShell one-liner

Today I needed to evenly split 40,000 files between 5 directories. The math is simple -- 8,000 files in each directory -- but the way I'd have normally handled a one-off task like this is by using Windows Explorer to go in, manually select the first 8,000 files, drag them into the first target directory, lather, rinse, repeat. However, Explorer decided to be unstable, and I decided to play with PowerShell for a few minutes and see how easy it would be to do it from the shell.

Here's the one-liner I came up with:

for ($($filelist = dir; $i=0); $i -lt 8000; $i++) {Move-Item $filelist[$i] targetdir}

It's a simple for loop that shows off a couple of the nice features of PowerShell:

  • I used the filelist variable to hold the return value of the dir cmdlet (which is really just an alias for the Get-ChildItem cmdlet). This cmdlet passes back the child items found in the specified location (or the current directory if none is specified) as a collection, which is stored in the variable.
  • I used the for loop to access each individual item in the filelist collection.

Of course, I used the -whatif switch with the Move-Item cmdlet to verify it was going to do what I wanted before actually trying to move the files.

posted @ Tuesday, December 12, 2006 12:46 AM | Feedback (0)
The Federal Excise Tax is dead

For the past 108 years, American telephone owners have been paying the Federal Excise Tax, meant to help finance the Spanish-American War.

That's right. A tax enacted in 1898 is still on your phone bill, but not for much longer. Although word began to spread about this tax in February this year, it's taken Congress until now to repeal the tax. Luckily, you can get a refund for the last three years' worth of taxes when you file your 2006 tax return. The followup article at The Motley Fool gives more details, along with a roundup of resources on how to get -- and maximize -- the refund.

posted @ Sunday, December 10, 2006 9:03 PM | Feedback (0)
Farewell, OS/2 (and a look back at BBSes, FidoNet, and Window NT 3.1)

IBM's OS/2 operating system is heading rapidly for the end of its standard support lifetime at Deceber 31, 2006. IBM is urging customers to transition to the WebSphere platform. I take a stroll down memory lane through OS/2, Desqview, the BBS and FidoNet community, Windows NT 3.1, and SLIP/PPP dialup accounts.

posted @ Sunday, December 10, 2006 8:40 PM | Feedback (0)
SPF Wizard due for an overhaul

The folks over at openspf.org have been working on a revamp of their website. This afternoon, they flipped the switch to move to the new version of the site. All of the previous content is now found at http://old.openspf.org/. This includes the SPF Wizard, which is a web-based tool for creating SPF records to insert in your DNS. For now, there seems to be a redirect in place, but there is supposed to be a new version of the wizard coming soon.

If for some reason your current bookmarks don't work through the redirect, now you know why. That shouldn't be the case, but you can always manually replace the www.openspf.org with old.openspf.org to get to the content.

You can, of course, use the Microsoft Sender ID Wizard to create your SPF and Sender ID records. However, you need to be aware of the fact that Microsoft's Sender ID standard, while remaining mostly compatible with SPF, has been deliberately written to break the SPF standard in what Microsoft considers to be a minor way; I'll explain that in a later post. In the meantime, if you just want an SPF record, you can use Microsoft's Sender ID Wizard and just tell it you want to work with the v=spf1 record only.

posted @ Sunday, December 10, 2006 8:03 PM | Feedback (0)
Exchange 2007 and Forefront Security for Exchange Server RTM

Both Exchange Server 2007 and Forefront Security for Exchange Server have been released to manufacturing. This is excellent news; I'm very much looking forward to getting my hands on the release bits.

posted @ Friday, December 08, 2006 12:35 PM | Feedback (0)
Community Server 2.1 SP2 is now available

Wow! Telligent is on a roll!

Community Server 2.1 Service Pack 2 is now available for download. This SP fixes bugs, increases security, and provides feature enhancements.

Some of the notable fixes include:

  • UI and help text fixes and improvements
  • Support for the MetaWeblog API newMediaObject method, allowing you (with a MetaWeblog-compliant blogging client) to allow images & files to be saved to your blog
  • Security and performance improvements

If you're using CS 2.1, Telligent recommends that you download and apply this SP.

posted @ Friday, December 08, 2006 12:31 PM | Feedback (0)
Watched logs never update

As a former UNIX admin, there are definitely days where I miss some of the simple but powerful tools I had available to do my day-to-day jobs. One of those jobs, troubleshooting, usually involves a lot of logfile watching. On Windows, log watching becomes more complicated, because you usually have to sneak peeks at the Event Log as well as a particular text logfile (such as the ones produced by IIS).

With UNIX, I'd use the tail utility, which simply opens a text file and shows you the last X lines (where X can be specified). I'd use the tail -f filename.log option, which allows you to "follow" the given text file; that is, tail will keep the file open and automatically display new lines to the end of the window as they are added to the log file. Follow mode is very handy for troubleshooting.

Although PowerShell allows you to examine event log entries from the command line, as well as display the contents of various text files, it doesn't seem to have a "follow" mode. So, I went looking around and found Tail for Win32. It seems to be just what the doctor ordered, as it will follow multiple files (if necessary), and offers a quick way to pause and restart following.

posted @ Thursday, December 07, 2006 4:07 PM | Feedback (0)
DNS gotchas and tips

This recent post by Exchange MVP Bharat Suneja talks about the proper relationship between MX records and CNAME records in DNS. His post kicked off related thoughts on the subject of DNS which come from my years working as a systems administrator at an ISP. At one time I was responsible for the care and feeding of nearly 500 domains, and made my share of mistakes (and saw the corresponding problems that could result).

Bharat correctly points out that RFC 2181, Clarifications to the DNS Specification, prohibit you from pointing an MX record at a CNAME. That is, the following setup is wrong:

@ORIGIN example.invalid.
mxer    IN        MX      10 cname.example.invalid.
cname   IN        CNAME   host.example.invalid.
host    IN        A       192.168.0.1

Not only does this cause additional DNS lookups and load, as the RFC (and Bharat) point out, but it can actually cause mail loops with certain software under certain situations. However, this kind of configuration appears to be convenient for admins (which is why it keeps coming back up), because it seems to promise the ease of reduced administration: "If I ever have to change my MX host and I have multiple domains, I just have to change the CNAME record and they're all automatically updated." Too bad it doesn't work this way.

What it needs to look like is this:

@ORIGIN example.invalid.
mxer    IN        MX      10 host.example.invalid.
cname   IN        CNAME   host.example.invalid.
host    IN        A       192.168.0.1

If you have multiple MX records to maintain and want to point them to an "alias", then make the "alias" record an additional A record (or corresponding IPv6 record) pointing to the correct IP address:

@ORIGIN example.invalid.
mxer    IN        MX      10 mail.example.invalid.
mail    IN        A       192.168.0.1
host    IN        A       192.168.0.1

"But Devin," I hear some of you say, "This breaks the forward and reverse name mapping for DNS, which you've posted about before!" Well, no. You can easily have multiple PTR resource records for the same domain, just as you can have multiple A records:

@ORIGIN 0.168.192.in-addr.arpa.
1       IN        PTR     host.example.invalid.
1       IN        PTR     mail.example.invalid.

This is perfectly valid and will work pretty much all the time these days with modern DNS resolvers and mail servers.

If you're doing frequent host renaming/IP renumbering and worry about keeping your reverse DNS in sync (and you should), then this trick might help, especially if the ISP that handles your reverse IP addresses takes a while to respond to requests:

C:\>dig 148.179.65.64.in-addr.arpa.

; <<>> DiG 9.2.3 <<>> 148.179.65.64.in-addr.arpa.

;; QUESTION SECTION:
;148.179.65.64.in-addr.arpa.    IN      A

;; ANSWER SECTION:
148.179.65.64.in-addr.arpa. 86400 IN    CNAME   static-64-65-179-148.rev.3sharp.com.

Instead of having our ISP host a PTR record (thus requiring them to update our hostnames), instead we had them put in CNAME records pointing to a special zone under our control. That zone is what holds the actual PTR records -- allowing us to change both the forward and reverse at the same time.

DNS has a lot of complexity, but at its core it is very simple to understand. I didn't really start grokking DNS until I made a fundamental conceptual leap. Once I made that leap, DNS got a lot easier and I was able to fix a host of common configuration errors that plagued my 500 zonefiles. Since you've read down to this point, I'll share the secret with you:

When you're working with DNS, forget the distinction betweens domains and hosts. There is no "host"; there is only "domain."

As systems admins, we have several types of domains we have to juggle:

  • Active Directory domains
  • DNS domains
  • SMTP domains
  • NIS domains (for old-schoool UNIX admins)
  • Windows NT domains (for old-school Windows admins)

The convergence of Active Directory with DNS, combined with the reliance of SMTP on DNS, has helped a lot of us blur the lines of distinction between the different types of domains. It's important to remember that even though Active Directory and SMTP both depend on DNS, the domains they describe -- even though they use the same namespace and much of the same terminology -- are different entities. And in DNS, if you forget the concept of a "host", you'll have a much better understanding of how DNS works.

Confused? Well, let me explain it this way: what we tend to think of as a hostname is in reality just another domain. When I take a hostname like mail.3sharp.com and look at it from a DNS perspective, what I really have is a fully-qualified domain name that consists of four separate domains, arranged in a hierarchical order (left to right, most local to most global):

  • The most-specific domain, corresponding to what we use as the hostname: mail
  • The secondary domain: 3sharp
  • The top-level domain (TLD): com
  • The root domain: .

The TLD is a sub-domain of the root domain; the secondary domain is a sub-domain of the secondary domain. Within the secondary domain, we have additional sub-domains that are used for multiple purposes, such as the rev sub-domain we use to hold our reverse DNS PTR records, as well as sub-domains that are used to denote hosts. Depending on how we use these sub-domains, we can use different types of DNS resource records, some of which are mutually exclusive:

  • Domains which are themselves going to have sub-domains need to have a namesrever (NS) recordset[1] defined. This helps support the proper DNS delegation behavior and allows us to split up our DNS zone file on domain boundaries, if needed.
  • Domains which are aliases to other domains have a CNAME recordset. No other record types are allowed for these domains; the CNAME is an absolute referral mechanism that instructs the resolver to use the information found in the specified domain without reservation or reference to the domain the CNAME record is part of.[2] Note that this means you can't have a domain that has both NS and CNAME recordsets; you're either delegating the domain or aliasing it.
  • Domains which are hosts have the A recordset.
  • Domains for which mail exchange is a consideration have the MX recordset.
  • Domains which represent a reverse DNS mapping have the PTR recordset.

These aren't the only kinds of records available, of course, but they're the most common ones.

I know this post has covered a lot of ground quickly, but I hope you've walked away with something that made you say "Aha! That makes this make sense!" If you have any questions or need further clarification, please send me an email.

[1] A recordset is a collection of one or more resource records of the same type. Some record types only allow a single record in the recordset, but others such as A, PTR, and MX allow multiple records to be defined.

[2] This, BTW, is the true technical reasons why you break things by pointing MX records at CNAME records; according to DNS, a CNAME points you to a different domain, which could be in a different zone file, under the control of some other nameserver or admin. It is the responsibility of the domain admin to designate MX hosts for their own domains, and by pointing an MX record to a CNAME you're effectively trying to override that mechanism.

posted @ Thursday, December 07, 2006 11:47 AM | Feedback (0)
Cingular and Windows Mobile drama

Updated 12/5 1817 PST: Happy resolution, read on through below!

Back in September, my wife and I came to the end of our existing AT&T Wireless (now "Cingular Blue") contract. We'd been seeing increasing problems with our service, so we decided to talk to Cingular about upgrading to a native Cingular ("Cingular Orange") account, but we were hesitant to do so; we'd been faithful customers with AT&T for many years and had a resultingly sweet rate plan. It was so sweet, in fact, at one point a Cingular rep had told us that she'd never seen a plan that good and that we should resist switching for as long as possible.

So, after a couple of hours on the phone, and the involvement of the Customer Loyalty department, I scored what was going to be a great deal:

  1. Voice service with a decent amount of minutes -- not the ungodly amount we'd had under AT&T, but more than enough to cover even our highest level of traffic in our previous 24 months (and that's before accounting for the fact that the vast majority of our use is mobile-to-mobile, which is never charged).
  2. A new Cingular 8125 Windows Mobile PocketPC for my wife, at the sweet price of $150. Actually, at the full price of $350 plus immediate credits to our account of $200.
  3. A new free phone for me, so I could get the Cingular Orange SIM card to put in my Qtek 9100 and continue using my Windows Mobile device.
  4. Data coverage for both my wife and I with a plan that gave the same features and benefits to our mobile devices as I had under AT&t, and all for the continued low price of $19.95/line for all-you-can-eat data ($5/month better than the AT&T rate).

The third point was the big sticker: by default, Cingular's all-you-can-eat plan for the PocketPC is either $44.95 or $59.95/line, depending on which group you talk to (they disagree on which plan you need). Accordingly, since Customer Loyalty said so, they agreed to give us the appropriate monthly credit so that we ended up paying $19.95 for the lifetime (24 months) of our new contract.

So far, that's not happened. I've spent over six hours on the phone cumulative since September; my wife has spent at least another 12. Every time we've talked to Cingular, the reps have bounced us around until we found somebody who sounded like they knew what they were talking about. Every time, this person would read the impressively growing log of notes on our account and agree that they would Do The Right Thing and honor their agreement with us to give us the right data plan at an effective price of $19.95/line. And every time, they've been unable to get the system to accept it:

  • We've been told five times now that the previous rep signed us up for the wrong data plan.
  • We've been told at least three times now that the suggested plan was no longer offered -- one time within minutes of being told that was the correct plan.
  • We've been told that the Cingular billing system has no provision for a recurring monthly credit, so that they would have to enter a single mongo credit.
  • Weeks later, we were told the system won't accept that large of a credit and that requests were being made to get it done.
  • Weeks later, after multiple requests, we are now being told that the best we will get is a credit for one year -- not the two years that has been agreed to since September.

Now, this evening, Cingular has told us that they will give us the one year -- take it or leave it. If we don't like it, then we're free to find a new carrier. Moral: avoid Cingular as a carrier. They seem unable to present a single, consistent set of offerings for their customers. Trying to find out what plans and features you need is so confusing not even the reps can get it right, and they are unwilling to live up to their promises.

Update: Edited to reflect the fact that not only did Cingular offer to match AT&T's all-you-can-eat data price ($24.95), they offered to beat it by $5. Thanks, Steph, for reminding me.

Updated 12/5 1820 PST: I finally called up Cingular and got connected to Customer Service, and talked to some very nice young man I immediately felt sorry for. He was doing his best to follow the saga, but was clearly not able to resolve things to my satisfaction, but kept gamely trying to do so. I finally mentioned the fact that I blog and had already posted the story thus far, and suddenly he was placing me on hold. When he came back, I was talking to Tyler Crews, who over the next while (close to an hour, I believe) sat and patiently talked to me and got the details of the story figured out. Tyler was able to do the following:

  • Find the correct plan that we needed to be on -- a $44.99/line plan.
  • Settle on a price of $25/line -- the old AT&T price, effectively, for the service, netting a $20/line/month discount.
  • Figure out the correct credit to apply to our account to adjust it properly from September through the last bill.
  • Apply the recurring discount so that each future bill would automatically show the effective price of $25/line.

Not to put too fine a point on it, Tyler saved me as a customer. Up until yesterday and today, we've had pretty good experiences with the Cingular support people. Almost all of them have gone out of their way, as did Tyler, to help us get to the bottom of things and figure out the facts of the situation. There were only a couple of people -- usually managers who made off-line decisions without ever talking to us personally -- who seemed to not care about getting things done correctly, but they were the clear minority. While I was happy to talk to Tyler, I'm sad that it took a snafu this entrenched to put me in touch with him, because he was able to cut through the crud and get things fixed.

Cingular, get more people like Tyler, give them the power they need to do their jobs, and stand back. You'll have happy customers as a result. If they make suggestions or pass on feedback on how to simplify the billing and customer support experience, figure out how to make them work. Tyler represents your best asset, because he was able to deftly balance my concerns and your business needs and come up with a solution that didn't put too much undue work on anyone. He gave me the numbers I needed to verify the discounts and credits myself so that we were on the same page as to exactly what effect I'd see on my bills. In short, he was a hero.

I'll be watching my next bill closely to make sure everything works out the way I expect, but for the first time since September I actually have the hope that will happen. Thanks, Tyler.

posted @ Tuesday, December 05, 2006 4:45 PM | Feedback (0)
A new download to brighten your Tuesday

At one point in time, Windows came with the optional Network Monitor component. While it had its quirks and had a bit of a learning curve, it was useful, free, and ubiquitous whenever I needed to perform network traffic captures. (Mind you, this was back in the days when we were still using hubs, not switches, and could listen to everyone's traffic over the wire.) Then came the dumbing down of NetMon; it wasn't included in XP, and if you were using it on a server you could only sniff traffic originating from or destined to that server, unless you had SMS and could use the "full" version of NetMon. If I was just doing a quick one-off investigation, this wasn't bad; if I was trying to monitor a set of related interactions on multiple machines, this restriction became unliveable.

Well, MS has finally released Network Monitor 3.0 as a free download, and they've removed the restrictions. It includes support for 64-bit platforms. I haven't downloaded it yet, but it's in my little list...

posted @ Tuesday, December 05, 2006 4:28 PM | Feedback (0)
News

Devin has moved on
to new adventures.
This blog is preserved
for historical purposes.

Please follow his
personal blog at:
Devin on Earth

Virtual Devin
Article Categories
Archives
Post Categories
Data Protection
DCAR
Exchange
Other
Security
Unified Communications
Windows