The Men & Mice Blog

Network Outages, Human Error and What You Can Do About It

Posted by Men & Mice on 12/18/17 7:14 PM

When your route leaks 

Human error. As far as mainstream reporting on network outages goes, it’s the less flamboyant sidekick to DDoS and other cyber attacks. But in terms of consequences, it’s just as effective.

Once again, beginning of November, large parts of the US found themselves unable to access the internet due to one small error: a misconfiguration at Level 3, an ISP (Internet Service Provider) that underpins other, bigger networks.

According to reports the outage was the result of what is known as a “route leak”. In short, a route leak occurs when internet traffic is routed into inefficient, or simply wrong, directions due to incorrect information provided by one, or multiple, Autonomous Systems (ASes). ASes are generally used by ISPs to keep track of IP addresses and their network locations. Packets of data are routed between ASes, which use the Border Gateway Patrol (BGP) to establish and communicate the most efficient routes so you can browse the whole internet, and not just the IP addresses on your particular ISPs network.

Route leaks can be malicious, in which case they’re referred to as “route hijacks” or “BGP hijacks”. But in this case, it seems the cause of the outage was nothing more spectacular than a simple employee blunder, when (as speculation goes) a Level 3/Century Link engineer made a policy change which was, in error, implemented to a single router while trying to configure an individual customer BGP. This particular incident constitutes what the IETF defines as a Type 6 route leak,  generally occurring when “an offending AS simply leaks its internal prefixes to one or more of its transit-provider ASes and/or ISP peers.”

Route leaks, small and large, are regular occurrences – it’s part and parcel of the internet’s dependency on the basic BGP routing protocol, which is known to be insecure. Other recent high impact route leaks include the so-called Google/Hathway leak in March 2015 and a misconfiguration at Telekom Malaysia in June 2015 which had a debilitating roll-on effect around the world.

To minimize the possibility of route leaks, ISPs use route filters that are supposed to catch any problems with the IP routes that peers and customers intend to use for the sending and receiving of packets of data.

Other ways of combating route leaks include origin validation, NTT’s peer locking and commercial solutions. Additionally, the IETF is in the process of drafting proposals on route leaks.

Factoring in the human element

Tools and solutions aside, Level 3’s unfortunate misconfiguration once again highlights the fact that, despite keeping a low profile in the news, human error still rules when it comes to causing common network outages.

In an industry focused on how to design, build and maintain machines and systems that enable interconnected entities to send and receive millions of packets of data efficiently every second of every day, it’s maybe not all that odd that the humans behind all of this activity become of secondary importance. Though, as technology advances and systems become more automated, small human errors such as misconfiguring a server prefix are likely to have ever larger knock-on effects. At increasing rates, such incidents will roll out like digital tsunamis across oceans, instead of only flooding a couple of small, inflatable IP pools in your backyard.

Boost IT best practices - focus on humans

So outside of general IT best practices, what can you do to help the humans on your team to avoid human error?

Just as with any network, human interaction is based on established relationships. And just as in any network, a weak link, or a breakdown in the lines of communication, can lead to an outage. Humans who have to operate in an atmosphere of unclear instructions, tasks, responsibilities and communication, can become ineffective and anxious. This eats away at employee morale and workflow efficiency and lays the groundwork for institutional inertia and the stalling of progress. At other times, a lack of defined task-setting and clear boundaries may resort to employees showing initiative in the wrong places and at the wrong times.

To limit outages due to human error, just distributing a general set of best practices or relying on informally communicated guidelines amongst staff are simply not enough. While networking best practices always apply, the following four steps can be very effective in establishing the kind of human relationships needed to strengthen your network and optimize network availability.

 

Define DDI-1.png

1. Define

Draw up, and keep updated, a diagram not only of your network architecture (you do have one, don’t you?), but also make sure you have a workflow diagram for your teams: who is tasked with which responsibility and where does their action fit into the overall process? What are the expected outcomes? And what alternative plans and processes are in place if something goes awry? Most importantly, match tasks and responsibilities with well-defined role-based access management.

2. Communicate

Does everyone on your team, and collaborating teams, know who is responsible for what, when and where, and how the processes flow? Is this information centrally accessible and kept up to date? Clarity, structure and effective communication empower your team members to accept responsibility and show initiative within bounds.

3. Train

Does everyone on your team know what’s expected of them, and did they receive appropriate training to complete their assignments properly and responsibly? Do they have the appropriate resources available to do what they need to do efficiently? Without training and tools in place, unintentional accidents are simply so much more likely to occur.

4. Refresh

Don’t wait until team members run into trouble or run out of steam. Check in with each other regularly, and encourage a culture of knowledge sharing where individuals with different skill sets can have ample opportunity to develop new skills and understanding.

Refresh DDI.png

Finally

The saying goes, a chain is only as strong as its weakest link. The same goes for networks.

At a time in history when we have more technological checks and balances available than ever before, it turns out the weakest networking link is, too often, a human. While we’re running systems for humans by humans, we may as well put in the extra effort to help humans do what they do, better. Our networking systems will be so much stronger for it.

 

New Call-to-action

 

Topics: DDI, DDoS, network outages, IT best practices, IP address management

Men & Mice Suite Version 8.1 – Loving you long time

Posted by Men & Mice on 1/24/17 10:10 AM

It’s January, so it must be time for the annual Men & Mice Suite LTS release, aka long term support release.

A version upgrade of the Men & Mice Suite is scheduled for release three times a year. The versions are differentiated as Long Term Support (LTS) releases, and feature releases.

The first release in January of every year is an LTS release. By LTS we mean this version will be supported for two years after its initial release date. The two feature releases have a shorter LTS.pngsupport cycle.

While the primary focus of the feature releases is to introduce new functionality and features, the primary focus of the LTS releases is to fine-tune and improve newly introduced features, as well as to improve the stability and performance of the Men & Mice Suite in general. We like to see our annual LTS release as the prime example of our commitment to quality, superior functionality and keeping our solution as fast, simple and stable as our customers have become accustomed to.

To have a peek at what good features found their way into the Suite in 2016 and are fine-tuned in Version 8.1, check out details on our Windows Server 2016 support, REST API and VMware plug-in here. If you want to sink your teeth into the REST API, read our detailed article on the subject. And if you’re curious about support for ISC Kea DHCP and Windows Server 2016 Response Rate Limiting, look no further than here.

Finally, read more on how Men & Mice also made inroads into the cloud in 2016 with support for Azure DNS, developed in close cooperation with the Microsoft Azure Team.

One brand new tidbit added to 8.1. is a beautiful new look to the console. A new, fresher font and some easy-to-follow icons are sure to make the superior Men & Mice Suite ergonomic experience all that much more visually pleasing. Enjoy!

All further information on Men & Mice Suite Version 8.1 is obtainable from the Documentation Release Notes.

New Call-to-action


If you’d like to meet up with Men & Mice in person, please come and visit us at Booth E54 at Cisco Live Berlin at the end of February.

If you can’t make it to Berlin, let Men & Mice come to you - sign up for the Bind 9 Logging Best Practices webinar on February 2nd!

Happy January all the way from a not-so-chilly Iceland,

The Men & Mice Team

 

Topics: Men & Mice Suite, DDI

Men & Mice Suite Version 7.3 – Plugging into VMware while having a REST

Posted by Men & Mice on 11/10/16 9:12 AM

Men & Mice Suite Version 7.3 has arrived - and not a minute too soon! Yet considering that it’s jam-packed with goodies such as a brand-new REST API, VMware vRealize Orchestrator plug-in and further support for Windows Server 2016, it was definitely worth the wait.

Let’s take a quick peek at what Version 7.3 has in store for our customers.

Taking a break with the REST API

API.png

API. In the world of the Internet, it means Application Programming Interface. In the world of the Icelandic language (where Men & Mice has its roots) it means … monkey. Literally. And maybe just as well – a good API, with or without hair, really does seem to make life so much better.

Monkey business or no monkey business, the Men & Mice REST API is sure to offer customers a very welcome extra set of hands - and feet, so to speak – with which to create workflows and write handy scripts for the import and export of data, amongst other things.

Used by browsers, REST (Representational State Transfer) is often considered to be the language of the internet. By using HTTP requests to GET, POST, PUT and DELETE data, REST paves the way for two computers to communicate over the internet by one acting as a web server and the other as a web browser. Making use of a stateless protocol, RESTful services exhibit particularly fast performance, reliability and scalability.

The Men & Mice REST API includes all the functionality of the existing Men & Mice SOAP API and JSON-RPC, but delivers the added advantages of ease of use, combined with a rich set of tools and support libraries. Additionally REST, as a resource-based instead of a standards-based API, means users gain considerably greater operational flexibility.

More information on how to get the most out of REST can be found in the Men & Mice REST API article.

Plugging in where it matters – VMware vRealize Orchestrator Plug-In

Men & Mice takes a further step towards simplifying virtualization by introducing the VMware vRealize Orchestrator plug-in. Designed to integrate seamlessly within the VMware Orchestrator framework, the Men & Mice Suite VMware plug-in allows for fast and efficient provisioning of virtual machines.

 

vmware_plugin.png

 

When a Men & Mice Suite user puts in a request for a new virtual machine (VM), the vRealize Orchestrator receives the next available IP address from the requested subnet, together with other essential configuration information. vCenter creates the VM and communicates the changes back to the Men & Mice Suite, which then updates DNS infrastructure accordingly. Additionally:

  • the Men & Mice Suite’s custom properties allow further customization of the VM’s visibility and status.
  • VM information retained in the Men & Mice Suite enables VM tracking, synchronization and updates, including the release of IP addresses after a virtual server is taken down.
  • the Men & Mice Suite talks to DNS servers and registers DNS entries and other changes, such as updates to DNS policies, thereby consolidating DNS data required by the vRealize Orchestrator.

By plugging into the vRealize Orchestrator, the Men & Mice Suite enables integrated functionality that not only saves time, but also strengthens security, eliminates errors of configuration and ensures improved and continuously synchronized network manageability.

Windows Server 2016 Support Released in Tandem with General Availability

Men & Mice Suite support for primary Windows Server 2016 DNS and DHCP features was already included in Version 7.2, released in May 2016. A stand-out feature was support for Response Rate Limiting, which significantly reduces the impact of a Denial of Service (DoS) attack on servers.

With Windows Server 2016 achieving General Availability in September 2016, Men & Mice expands its support for the following additional Windows Server 2016 features:

DNS policies

DNS policies grant a user control over how queries are handled based on specific criteria. These criteria can, for example, be used in the following scenarios:

  • High availability of DNS services
  • Traffic management
  • Split brain DNS 
  • Filtering
  • Forensics
  • Redirection based on date/time

Specific types of policies are:

  • Zone transfer policies
    Essentially used to define how zone transfers take place, zone transfer policies control zone transfer permission on the server level or the zone level. 
  • Recursion policies
    Control how the DNS server performs recursion for a query. 
  • DNS query resolution policies
    Used to specify how incoming DNS queries are handled by the DNS server. 

IPv6 root hints

The IPv6 root servers can now be used for performing name resolution. 

DANE TLSA records

DANE, or DNS-based Authentication of Named Entities, allows a domain owner to specify in a particular DNS record which certificates authorities are allowed to issue for the domain.

The Men & Mice Suite Release Notes provide more detail on other minor improvements and fixes that form part of the Version 7.3 Release.

That wraps it up for a quick round-up of all things new and shiny that the Men & Mice Suite Version 7.3 has to offer. If you’d like to jump right in and try out these new features, treat yourself to a Version 7.3 free trial. 

Men & Mice Suite trial

 

Coming up in December is the last in our 2016 series of webinars, this time focusing on DNS high availability tools. Don’t forget to sign up!

 

Topics: Men & Mice Suite, DDI, API, VMware

Winter is coming ... time to Go & go DDI

Posted by Men & Mice on 9/12/16 10:56 AM

OK, that may be jumping the gun - it’s only September, some might say. But seriously, this is Iceland. Once the darkness sets in early enough to put on a dazzling display of Northern Lights, as it has done the last few nights, we know it’s game over for summer.go.jpg

But perhaps the peace that comes with a blanket of darkness and the silence of snow is not a bad thing. We at Men & Mice need the time to turn inwards after being out and about all summer doing tradeshows, webinars and, outside of catching the midnight sun, indulging in a strong dose of R&D (as always).

So what have we been up to this summer?

A number of industry trade shows saw Men & Mice on-site, spinning up demos on great demand and dishing out opportunities to win a free trip to Iceland. If you happened to miss us in Las Vegas or New York, don’t forget to drop by to meet with us at booth #1960 at Microsoft Ignite in Atlanta end of September!

Speaking of which. Microsoft is planning the official release of its Windows Server 2016 for Microsoft Ignite. As it happens, Carsten Strotmann from Men & Mice Professional services presented a webinar on Windows Server 2016 (based on Technical Preview 5) in May. For those who’d like to dig a little deeper into what’s on offer in Windows Server 2016, the webinar covers things such as DNS policies, application load-distribution with DNS, IPv6 root-hints, and possibly one of the most exciting features of the new Windows Server 2016, Response Rate Limiting. Carsten’s webinar recording and slides are available on our website.

Outside of dabbling in Windows Server 2016 features, Carsten spent some time in June to roll out a deeper understanding of experiments at the root of DNS in the form of a webinar on the Yeti-DNS project. Yeti-DNS is an international research project with the purpose of testing new technologies and procedures in running the Internet root zone. The Yeti-DNS webinar also includes an interview with Shane Kerr, a coordinator for the Yeti-DNS project, in which he divulges all kinds of fascinating information straight from the horse’s mouth, so to speak.

Two more webinars followed in August, this time focused on new features in the popular BIND Version 9.11 DNS server, as well as best practices for a secure BIND 9. For people curious about catalog zones, new *rndc* functions, “chroot” vs “container” or BIND 9 configuration hardening, don’t miss the opportunity to check out these webinars at your earliest convenience.

Though the Men & Mice R&D crew spent a large part of the summer working hard on, amongst other things, new features for Men & Mice Suite Version 7.3 that is scheduled for release this fall, one of our programmers dashed off to go and, well Go, in Russia. For those who don’t know, ‘Go’ is the ancient Chinese board game which has more recently posed a seemingly insurmountable challenge in the field of artificial intelligence: building a computer that can beat a human at Go. Whereas the renowned chess Grandmaster Gary Kasparov already suffered defeat at the ‘hands’ of the IBM supercomputer Deep Blue in 1997, no computer could manage to beat a human at Go. That is, until March this year, when Google DeepMind’s AlphaGo computer defeated the best Go player in the world over the last decade, Lee Sedol. 

Interestingly, just as with any human, AlphaGo has had to spend years learning, training and playing literally millions of matches to emerge the victor at this level of Go. To some, AlphaGo’s victory signifies a watershed moment in the supposed battle of man versus machine. This, they believe, will inevitably lead man to a dark, dystopian future. To others, the match paves the way to greater understanding of the infinity of potential contained in a future forged by the power of teaming man and machine, instead of thinking of it as a death race of one against the other.

Either way, AlphaGo or no-go, humans still very avidly compete amongst each other in Go (as they do, for that matter, in chess). To this end, our very own Hallbjörn Guðmundsson, managed no small feat by finishing 87th out of 601 participants during the European Go Championships held recently in St Petersburg. Way to Go, Hallbjörn!

So what next is in stall here at Men & Mice? Webinars, trade shows, the release of Men & Mice Suite Version 7.3 and perhaps a volcanic eruption courtesy of Iceland’s biggest volcano, Katla (this webcam allows you to keep an eye on her). Katla, being a force of nature and all, isn’t really under our control, but everything that is under our control at Men & Mice is taking place with a brand new CEO at the helm. Magnús E. Björnsson, formerly Senior Director of Engineering at Oracle, brings fresh blood and fresh perspectives into the Men & Mice stable. We bid him a happy welcome - and welcome back to Iceland!

Wishing all of you a happy shoulder season (a.k.a. fall/autumn)!

The Men & Mice Team

 

Topics: DDI, Webinars

Do great network teams need great DDI solutions?

Posted by Men & Mice on 7/22/16 8:59 AM

Did you have a look in the mirror this morning? Hair, face, teeth, lips, cheeks, clothes and other observable bits of body. Everything in the right place, relatively clean and looking as it should?

Regardless of what we see (or want to see), most of us spend quite a bit of time checking our appearance in a mirror. Few of us, however, get to shine a daily mirror on the parts of the body we don’t see. Our brains, hearts, lungs, intestines, bones, kidneys, veins and all those other critical bits and pieces remain largely unobserved under the human camouflage of skin and hair. Yet, much more than the appeal (or not) of our outer appearances, it is our insides that determine how well our bodies really function.

In many ways, networks and network activity are just like the inner workings of the human body: unseen and, unless something goes wrong, most often unnoticed. Billions of people use computer networks and the legion of devices connected to it in the same way we use our bodies. Few have any awareness of what’s inside or how it all functions. Fewer still consider the three critical components underlying network connectivity - the triad of DNS, DHCP and IP Address Management (DDI).

Just like doctors of internal medicine manage the unseen, but crucial, inner health of our bodies, network teams manage this unseen, but crucial, inner DDI health of a successful modern organization’s network. As a result, smart investments in a great network team can play a decisive role in business success.

But what does a great network team need to run a great network? In this new white paper, DDI specialists Men & Mice delve into how a comprehensive DNS, DHCP and IP Address Management solution can boost a network team’s productivity, performance and general well-being, thereby greatly enhancing network security and elevating business efficiency.

Topics explored include;

  • network administrators' DDI pain points
  • DDI solutions and network security
  • DDI solutions and network efficiency
  • DDI solutions and DDI teams
  • how to choose a DDI solution
  • the ups and downs of DDI

To find out whether great network teams need great DDI solutions, download your free copy of this Men & Mice white paper today.

DOWNLOAD_DDI.png 

Topics: DDI, IPAM

Men & Mice Suite Version 7.2 Released

Posted by Men & Mice on 5/19/16 10:38 AM

Flying High with Kea DHCP and Windows RRL

Men & Mice celebrates the arrival of the long, arctic summer nights with the release of Version 7.2 of the Men & Mice Suite.

This blog post offers a quick round-up of what’s new in Version 7.2.

Versatile simplicity, as always, forms our bottom line. Version 7.2 is no exception. This time around, support for the new ISC Kea DHCP server and a dedicated UI for Windows 2016 Response Rate Limiting (RRL) should warm the hearts of network administrators far and wide. At least, that’s what it’s been doing for us here in the North!

Let’s run through what major highlights Version 7.2 contains.

Taking flight with the new ISC Kea DHCP server

Men & Mice introduces support for the brand new ISC Kea DHCP server, the natural successor to the ISC DHCP server.

Like its namesake, the uniquely strong and intelligent New Zealand kea parrot, the brand new ISC Kea DHCP server is a powerful beast that reaches more than 1000 leases/second, allowing for clean and fast implementation of both DHCPv4 and DHCPv6.

Kea DHCP also boasts PXE Boot Support, DHCPv6 prefix delegation, dynamic reconfiguration and dynamic DNS updates.

As with other servers supported by the Men & Mice Suite, the Kea DHCP server functionality is fully controlled through the Men & Mice Management Console. This includes the effortless migration of IP subnets (scopes), including options, from ISC DHCP to Kea DHCP.

In the spirit of open source, Kea DHCP is released under the widely used Mozilla Public License 2.0, paving the way for collaborative improvements to the source code for many years to come. 

A taste of the Kea DHCP and how it integrates with the Men & Mice Suite, can be enjoyed in this recent webinar presented by Mr Carsten Strotmann.

For those interested in plunging into the Kea DHCP full force, Men & Mice, in cooperation with ISC, is offering intensive two-day hands-on training courses in Europe and the USA in the fall of 2016. The courses are aimed at small groups, so don’t forget to sign up in time! 


Scaling up with Windows Server 2016 support

The Men & Mice Suite’s architecture as an overlay solution exhibits a singular synergy with Windows Servers, making it the logical solution for any Microsoft-based network. Consequently, the Men & Mice Team is developing and releasing support for specific new Windows 2016 features as and when they are made available by Microsoft.

From Version 7.2, the Men & Mice Suite supports all of the primary Windows DNS and DHCP Server 2016 features.

Support for other new Microsoft Server 2016 features, such as DNS Zone Scopes and DNS policies, is scheduled for the Men & Mice Suite Version 7.3 release later this year.


Reinforcing DNS Security with Windows 2016 RRL

Security only works if you work it, and the more tools you have to work your security, the better. Adding to your menu of security options, the Men & Mice Suite Version 7.2 introduces a dedicated UI for the Windows 2016 Response Rate Limiting (RRL) feature.

Response Rate Limiting can make all the difference in the event of a Denial of Service (DoS) attack on DNS servers. During a DoS attack, the IP number of a victim computer is used to send high volumes of forged DNS queries to multiple DNS servers. DNS servers tricked into sending replies to these queries can push the number of DNS requests and replies over a manageable threshold and disable targeted networks. Restricting DNS servers’ response rate with Response Rate Limiting helps to control a suspicious volume of malicious enquiries and minimize the impact on the affected servers.

Microsoft sheds more light on Response Rate Limiting and how it works on their TechNet blog.

RRL.png


Men & Mice Suite Console Enhanced

Spring cleaning at the Men & Mice headquarters has resulted in a Management Console with a cleaner, and ultimately more manageable, look. From Version 7.2, windows in the Management Console are dockable, making it both simpler to manage and easier to navigate for the user.

MC.png

 

The Men & Mice Suite Release Notes provide more detail on other minor improvements and fixes that form part of the Version 7.2 Release.

That wraps it up for a quick round-up of what Men & Mice Suite Version 7.2 has to offer. In the next months, Men & Mice will publish further blogs and webinars on installing and managing Kea DHCP, Windows 2016, Docker containers and Yeti. Watch this space! Or better yet, just watch Men & Mice.

Free Trial of Suite

 

Topics: Men & Mice Suite, DDI, IPAM

Dipping into Azure DNS with Men & Mice DDI solutions

Posted by Men & Mice on 3/8/16 10:13 AM

Cloud.jpg

It’s snowing. Still. One could be excused for dreaming of azure blue skies scattered across azure blue oceans. Instead, the Men & Mice team is making do with a whole other Azure - Microsoft’s nifty cloud platform.

Though Microsoft’s Azure doesn’t come with cocktails on the beach, it definitely brings another dimension to the world of IT. And who are we to say no to that?

Not everyone is ready to ‘go’ cloud. Some organizations that host specifically sensitive data, such as in healthcare, for instance, are somewhat more reluctant to take the leap. Many others dive in wholeheartedly, making large parts of their operations, or even their entire enterprise, -aaS compatible by adopting platform as a service (PaaS), software as a service (SaaS) or transforming their servers, storage and networking into infrastructure as a service (IaaS). 

The saying goes that there’s more than one way to skin a cat, and there’s certainly more than one way to go cloud. The most basic division is private and public, basically meaning you want to keep yourself to yourself in a private cloud (on-premise, hosted or both) or you don’t mind sharing infrastructure in a public cloud. And for those who don’t want to limit themselves to one or the other and prefer to use a mix of on-premise, virtual private and public options, there’s the hybrid cloud, straddling the best of both worlds. 

Under all the private, public, virtual and on-premise versions of all the -aaS, there is a vast variety of applications, services, software and hardware offered by a large number of vendors. If you were to put your computing snorkel on and break the surface of this world of the cloud, there’s sure to be an array of IT wonders to be tried, tested and discovered – if you are that way inclined.

Even so, not everyone is blown away by the cloud – its beginnings can best be described as rather tentative – and not everyone is ready to jump on board. Yet there’s no denying that both business operations and IT business solutions are drifting towards the cloud at great speed. IDC, the market research company, projects growth in public and private cloud storage to go from 29% of the total market in 2014 to 60% by 2019. Carla Arend, IDC’s Program Director for European Storage and Cloud Research, was recently quoted as saying that “85% of new enterprise applications are developed for the cloud, while legacy applications are gradually migrating to cloud-hosted virtual machines and/or containers.”

We at Men & Mice are not here to tell our customers whether they should go cloud, or, if they do, which degree or combination of cloud-hosting they should choose. We do, however, feel our customers should have the freedom to explore cloud computing safe in the knowledge that the Men & Mice Suite will serve as their dedicated DDI sidekick during their cloud adventures.

To simplify our customers’ freedom of choice, the latest version of the Men & Mice Suite, Version 7.1 (released in January 2016), includes full support for Microsoft Azure DNS. This next step in cloud dexterity comes on top of support for AWS Amazon Route 53, which was already added to the Suite in 2014. Follow this link for instructions on how to configure an Azure DNS connector through the Men & Mice Suite. More information on Azure DNS can be obtained here.

So there you have it. Snow or no snow, cloud or no cloud, blue skies or no skies, at least we can safely say that the Men & Mice Suite is seeing in the virtual realties of 2016 completely Azure-sure.

Cheers to that!

 Request more info on  Men & Mice and Azure

 

Topics: DDI, CLOUD

DDI dreaming with Candle Stealer

Posted by Men & Mice on 12/24/15 1:00 AM

kertasnikir.jpg

Last to arrive, Candle Stealer (Kertasníkir) follows children in order to steal their candles, which, in former times, were made of tallow and therefore edible.

It’s beyond me why Mother had so many children.  Some say there are 80 of us living in the mountains. I don’t know. I’ve long lost count. Besides, she only seems to trust the 13 of us to go down to the humans AND find our way back, so who cares about the others.

Why only 13, I’m sometimes asked. I really can’t say, although I suspect it has something to do with Mother’s obsession with DNS and the DNS root name servers number 13. Perhaps she was hoping they’d rename the servers after her boys. Calling them A, B, C, D, E up to M is really, well, uninspirational, she’s said. Then again, we existed long before DNS. Mother conveniently seems to forget this the moment she switches on her computer.

I’m really, really tired now. Need a break. I told Mother I’ve had enough of snow. Next year, I plan to find my way into some hot countries and dive into an Azure blue ocean. I demand her full support for my adventure. She didn’t answer. She had that far-off look on her face. I like to call it her IPAM expression, the one that makes her look as if she’s stored her consciousness in a Cloud and she’s busy figuring out how to connect all the dots. I think she’s dreaming of a new set of Windows. She may be a bit harsh on naughty children, but she’s very clever at deciphering clues and optimizing network utilization.

Too tired to chase children tonight. Hungry. Need candles but children nowadays only seem to have electrical bed lights and lava lamps. Last year, I ended up eating a scented candle in the washroom. Unpleasant after effects that had.

Maybe it’s time for me to think out of the box and adapt to the times. Up, up and away I go! Merry Christmas All!

Goodbye 2015!

Hello 2016!

Boy, are we going to have a good time together!

 

Topics: Men & Mice Suite, DDI

Updating reverse DNS records with Meat Hook

Posted by Men & Mice on 12/23/15 1:00 AM

kjotkrokur.jpg

Second-last to arrive, Meat Hook (Ketkrókur) stealthily steals meat with a hook.

Sometimes I just don’t know whether I’m going forwards or backwards. This time of year it’s especially bad. So much meat everywhere!

Once I get down to the humans with my sack of presents, the smells just make me go round and round and round and round. Roast turkey here, smoked leg of lamb there, glazed ham, prime rib, stuffed chicken, juicy quail, tender beef, pork crackling! Where to start! I really have to be careful. It’s so mouthwatering, I might just end up slipping on my own saliva.

When I don’t know where to turn, I like to spend a moment syncing before I make any decisions. You know, updating my reverse records and all. I find it’s best to use the Update Reverse Records Wizard in the Men & Mice Suite for this purpose. It allows me to create reverse DNS zones for selected ranges that exist on subnet boundaries and contain 254 or more IP Addresses (/24 or larger).

I only need to access IP Address Ranges on the object list, select the ranges, right-click, select Update Reverse Records from the shortcut menu and take it from there. Dead easy!

Now only if it were that easy to sync some roasted meat straight onto my hook …

 

Click here to get daily  DDI tips and tricks delivered straight to your inbox

Topics: Men & Mice Suite, DDI

Monitoring DNSSEC with Doorway Sniffer

Posted by Men & Mice on 12/22/15 1:00 AM

gattathefur.jpg

Third to last, Doorway Sniffer (Gáttaþefur) uses his abnormally large nose and acute sense of smell to locate Christmas “leaf” bread.

It’s a gift they say. You can do so much with it! Sure, it kind of stands out and it is a somewhat conspicuously grand sniffer nose for a simple Yule Lad, but it’s a talent like no other. Not even trained sniffer dogs can match my ability to detect delicious leaf bread, no matter where it’s hidden. I’m also super good at finding keys and lost toys, but only if you managed to touch it with sticky fingers before losing it. I generally find more keys than toys.

Large sniffers are often also sensitive sniffers. Just like a signed DNSSEC zone is much more vulnerable to software or operational errors, my sniffer is also more vulnerable to bread errors. Sometimes, I think I’m detecting “leaf” bread, but the only thing on offer is gluten free spelt bread. That’s such a disappointing misconfiguration.

In a signed DNSSEC zone, such small misconfigurations can render the whole zone invalid. Therefore it’s always a good idea to monitor a newly signed DNSSEC zone to detect potential DNSSEC validation issues before the zone goes public. Or at least that’s what Leppaludi says, and he sure knows a lot about validation issues, being married to Mother and all. He’s given me a great list of tools to help me monitor DNSSEC signed zones. Who knows, it might even help me with my nose!   I just won’t be the same without it.

Click here to get daily  DDI tips and tricks delivered straight to your inbox

 

Topics: Men & Mice Suite, DDI