Skip to main content

Hello, Kossacks!

Everyday Magic is a new diary series that seeks to explain many of the computing concepts we use on a regular basis in a way that non-techies can understand, and introduce them to the lingo we techies use in the process so that people know what tech types are talking about (and how technology changes in the news will actually affect you).  I'm hoping to make it a regular series, both as an educational service to the Daily Kos community, and to improve my own knowledge of topics I'll be presenting on.

So before I dive right into our first topic, I'll answer a few questions I expect to get up front, then we'll get into our first Everyday Magic article.

Why is the new series called Everyday Magic when it's about computing and technology?

The series name (and my username) are derived from a quote from Arthur C. Clarke that is known as Clarke's Third Law: "Any sufficiently advanced technology is indistinguishable from magic."  It's also based off of a lingo term in tech circles called automagically, which refers to an automated process that works, but nobody's dug deep enough to find out exactly why it works.  I'm hoping to reduce the amount of computing topics that seem like magic to everyone!

What topics will you be covering?

My professional background is systems administration and the development of software that automates systems administration, so there are the topics I have content ready to go for.  However, if you have a request, please drop it in the comments as a reply to the tip jar replacement, and I'll add it to the list of topics to get to.

Why are you doing this?

A few reasons.  One, it's a way I can give back to the community and the 'Net as a whole.  I've made a career off of computing, and I make a fine living off of it.  The least I can do is give knowledge back to the culture that spawned me.  

Secondly, I also believe that one's mastery of a topic is directly reflected by how wide of an audience they can explain the topic to, and that the inability to explain a concept to someone reflects on a lack of subject mastery on the part of the explainer.  If I can't explain something, it lets me know where my own knowledge is lacking.  

Finally, I'm on the autism spectrum, in the range formerly referred to as Asperger's Syndrome.  I'm blessed with enough brain processing power to learn what comes naturally to many insofar as social interaction is concerned, but I need practice to continue to get better at social interaction and communication.

Who are you, and why/how are you qualified to teach to on this topic?

I'm a 32 year old tech worker that lives in the San Francisco Bay Area.  I've been doing this stuff professionally for 15 years for companies you've heard of and companies you probably haven't, and I've been using computers since before I was potty trained.  I'm also Red Hat Certified Engineer (for Red Hat Enterprise Linux 5).

However, like with any other information -- go verify it yourself!  And if you find that I'm not correct about something, please correct me!  I'm not a fan of being wrong.  Do note that sometimes there will be a bit of hand-waving (jargon for skipping over details) going on to stop from making these any longer than they already are.

What's with the bolded words or phrases?

Bolded words or phrases indicate key terms and jargon that are used when describing topics.  It's also stuff you may or may not hear on a daily basis, so now when you hear these terms, you know what the geek you're talking to means!

Well, with that out of the way, let's dive into our first topic:  How your computer knows where DailyKos and other sites are on the Internet when you tell it to come here!

IP Addresses and the Domain Name System, as far as a computer is concerned, means nothing on its own. is there for humans to remember, because it's easier to remember something that like than the strings of numbers that represent an IP address, which is the method computers use to find each other (at a high level, at least).

The Domain Name System (DNS) is what keeps track of the mappings of those human-readable names and the IP addresses the computer cares about.  Nearly Internet service providers (ISPs) provide DNS servers for their customers to use as part of delivering Internet service.  There are also public ones out there as well (Google, OpenDNS, etc), and paid services for consumers and businesses that provide additional services tacked on to standard DNS service.

So, how does a DNS server work?

A DNS server works by telling other DNS servers about the domains it's responsible for if they ask, and by asking the DNS servers for records about domains they control if a user tries to ask the DNS server about an address it doesn't know about yet.

The main DNS record that determines what IP address a domain like maps to is called an address record, commonly referred to as an A record.  This type of record directly maps a name like to an IP address or set of IP addresses.  I can use a program called dig to ask my DNS server what that mapping is:

$ dig a +short
There's also another type of record called a canonical name record, commonly called a CNAME record that points to another DNS address.  It basically acts as a forwarder.  If I'm the owner of the domain, and I want and to go to the same IP address, I can either make an A record for both of those addresses and point them at the same IP address, or I can make an A record for that points to the IP address, and then make a CNAME record for that tells a DNS server that points to  This is useful because if my IP address changes for some reason, I only need to update the A record for, and changes right along with it!  Saves a lot of work.

There's a few other records in DNS, like those that say what server handles email for a domain, or ones that describe other properties of the domain, but for our purposes, these are the main ones.

Well, except for two more...

How does the DNS server I use know which DNS server to ask where is if it doesn't already know?

Each top level domain (or TLD), like .com, .net, .mil, .uk, etc., has a server (or set of servers) that is considered authoritative, or the source of truth, for that TLD.  These servers are kept track of by what's known as the root DNS servers, which manage the entirety of the domain name service.

A DNS record called a start of authority record (SOA record) lets other DNS servers know which servers should be trusted to provide the correct information for a DNS zone, such as com, net, org, or a subset of those, like,, and on up the portions of a DNS address.  However, in most cases, the actual answer is provided by other servers identified by name server records (NS records) that handle the DNS requests for those domain.  

So, if the DNS server that I'm using to resolve a DNS address, which is the term for figuring out what IP address a DNS address points to, like say, hasn't looked it up before, the process to find it out would go like this...if computers could talk, anyway:

Me:  Take me to, dude.  I've got diaries to comment on.

This is what you're doing when you type in your browser.  Well, that does more than that, for today's purposes, that's all we care about.

My computer:  I have no idea where that is.  Hey, DNS server that this dude told me to use when he set me up to use the Internet, where's

Unless you've filled out a hosts file on your computer that tells it explicitly what IP address it should go to when you give it, it needs to find out the IP address where those servers live.  So it's going to contact the DNS server assigned to you by your ISP (or that you configured yourself) and ask for the IP address(es) where can be found.

DNS server:  Hell if I know.  I'm new around here.  But, I know that I can find a root server at, which is what humans call those servers over at  Root server, who can I trust to give me the right info about .com domain names?

In order to reduce the amount of traffic other DNS servers have to handle, once they've looked a place up, they'll cache or store that record for as long as the time-to-live (or TTL) setting on that record is.  The domain administrator sets that record, so other DNS servers know how often to check back in to see if the IP address changed.

But, we have a new DNS server here that has nothing cached yet.  And to show how many lookups caching saves, we'll show a few of those interactions --- even here, I'm skipping steps in the interest of not wanting to make this a 3 hour long read.

When a DNS server is configured, the administrator lets it know which servers are the root servers.  That's all it needs to start its search.  So it's going to ask the root server for an SOA record for .com, so it can ask that which servers are authoritative for, so it can ask that server where is.

Root server: There's a server over at that can tell you.  You can store that for 900 seconds before checking back in with me.

The root server here is responding with the SOA record for .com, and the TTL for that record.

DNS server: Yeah, about that.  I'm kinda new here...

Doesn't help our DNS server that much, since it has no idea what IP address that maps to.  So it's going to ask for the A record for that server so it knows where to go.

Root server:  You are new, aren't you.  Freshly hatched from the server farm, eh?  I remember when I was your age... oh, right.  Anyway, that dude's over at for at least 74,440 more seconds.  Ask him which of his buddies can tell you where is at.  Talk to you later, dude.

The root server responds with the A record for the authoritative server, along with the TTL.

DNS server: Hey, server in charge of .com, which of your buddies can tell me where is at?

.com's authoritative server:  Those dudes over there: A2, C2, D2, E2, F2, G2, H2, and  My list tells me that A2 is up next to answer this sort of thing since he's first on this list, and he's right next door at

Our brave DNS server sent off an NS record request to, which responded with that list of servers.  When there's multiple servers like that in charge of providing records, the list will rotate (this is known as round-robin DNS load-balancing) to try to spread the load out.  The first server provided in the list is where the next question goes.

DNS server:  Thanks, boss.  Hey, can you tell me your counterpart over at

A2@GTLD:  Yeah.  I've got that around here somewhere.  It's  He's got 3 siblings named ns2, ns3, and ns4 if ns1 is busy.

This would be the response to an NS record request for

DNS server:  Where's that, and out of curiosity, who's the boss over there?

Here we're requesting the A record for, and for teaching purposes, the SOA record.

A2@GTLD:  NS1@Dyn's over at for at least 86400 more seconds.  Oh, and the boss is the same guy.  Pulling double duty.  Just ask for the NS servers though, let that root server worry about the authoritative record from now on -- just ask for the NS records.

A2 saves us some time and helps us out by giving us the A record it has cached. The SOA record for is also, but really, to find things, all we care about is the NS record unless we have reason to believe a DNS hijacking is happening and someone's intentionally misdirecting us.

DNS server: Finally, almost done.  Hey, NS1 over at Dynect, I got told you know where is.  Mind helping a classy chassis like me out?

Our intrepid explorer is now asking for the A record for from one of the NS record-listed servers for the domain.

NS1@Dyn: Yeah, The Great Orange Satan's over at and for at least 1800 seconds.'s ready for you.

This is the A record response for with TTL.

DNS Server: Thanks! Hey, Technomancer's computer, go talk to so you can show that human

My computer: Thanks!  Hey Technomancer, here's orange!

Me:  Yay Great Orange Satan!

There are, of course, steps the browser needs to take and servers the browser need to talk to for this site to actually display, but that's another topic for another Everyday Magic.  But that, my friends, is a high-level overview of how DNS resolution can be done recursively, or by starting from the root server on up!

Thanks for reading!  Feedback is always appreciated.

-- The Technomancer

Want to request a topic for a future Everyday Magic?  Drop your requests as responses to the first comment.  Feel free to ask questions and otherwise use this diary as a computer/internet/technology related open thread as well!

Originally posted to Tales From The Technomancer on Thu Feb 06, 2014 at 02:08 PM PST.

Also republished by Everyday Magic and Community Spotlight.

Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags


More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Requests go here! (19+ / 0-)

    Got a topic you'd like Everyday Magic to cover?  Ask for it here!

    Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

    by The Technomancer on Thu Feb 06, 2014 at 02:10:42 PM PST

    •  You don't really appreciate the water company (22+ / 0-)

      until you run your house off a well. That's when you learn that it's not actually done by magic!  :-)

      Well done, and thanks for this.

      Fry, don't be a hero! It's not covered by our health plan!

      by elfling on Thu Feb 06, 2014 at 03:00:02 PM PST

      [ Parent ]

    •  Thanks - enjoy this kind of stuff (8+ / 0-)

      Request - I am flummoxed by networking - running a web business with a home office - and a family - I have about 18-20 devices all connected to a wireless hub, plus a few connected by ethernet - that connects to a router which does all the dns name server functions

      but how does the printer, the various computers, back up storage systems, printers, scanner, the wireless scale, the tivo, the various phones and ipads plus the apple base station etc. all communicate and keep track of each other - and more importantly - which things can slow things down, or help them go faster.

      whenever i set up one of these networks or change routers or base stations i am on the edge of my seat kind of using trial and error to see what works.  Anything you could do to clarify home networking would be appreciated.


      All radicals are optimists. If we did not believe things could get better, we would not try.

      by tsackton on Thu Feb 06, 2014 at 06:15:30 PM PST

      [ Parent ]

      •  That's definitely a topic deep enough... (8+ / 0-)

        ...for a diary of it's own.  I'll add it to the list and try to kick that out this weekend.

        In the meantime, here's a few quick answers and pointers that you can start with to do more research on, if you're so inclined.

        Nowadays, those devices all communicate with each other (the ones that show up automatically, anyways) using a protocol called Universal Plug and Play (uPNP, UPnP).  When you hook up a UPnP-compliant device to your network and it powers up and has network connectivity, a secondary service known as Simple Service Discovery Protocol broadcasts to the network that it's service (media player, printer, whatever) is available.  

        These devices, once they discover each other, can communicate with each other using standard protocols like HyperText Transfer Protocol (HTTP, same as websites use), application programming interfaces (APIs) like SOAP and REST, using standard markup languages or data formats like XML or JSON.

        As far as speed goes, most consumer-grade routers don't let you tweak your quality of service (QoS) settings to the extent needed to actually shape your traffic and give certain devices or data types (like your streaming video from Netflix) without installing custom firmware like DD-WRT or Tomato on them, but that's the setting group that controls which devices and data types get priority.

        Making things faster is nearly always going to require fiddling with your QoS settings unless you have an obviously chatty device that's clogging things up.  More often that not though, the bottleneck on a home internet connection is going to be the connection coming into the house -- consumer grade wireless routers will generally give you a theoretical max of 150-600Mbps, consumer grade wired routers are almost all 1Gbps, and unless you've got Google Fiber or a dedicated line straight of a service provider for business class service, you're likely not getting anything faster than 105mbps, with most people getting 20mbps or below if they have broadband.

        Hope that helps!

        Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

        by The Technomancer on Thu Feb 06, 2014 at 06:41:49 PM PST

        [ Parent ]

        •  There's another black box op in play here (3+ / 0-)

          It sounds like tsackton is relying on another technology for his home office that, so far, has worked by default (i.e., magic) -- DHCP, or Dynamic Host Control Protocol. This is a method for assigning unique IP addresses to devices on a network. I believe it deserves a mention here.

          When a device (PC, network printer, smartphone, etc.) "wakes up" on a network, it can request and receive an IP address from a DHCP server -- that address is dynamically assigned. Alternatively, a device (if it has the option) can have its address assigned statically, or manually in the lingo of some devices, by the person setting it up on the network.

          Assuming that one generally relies on DHCP for assigning addresses, there is no guarantee that every conglomeration of various networked devices will result in a fully functional LAN (Local Area Network). Here's a couple of things that can cause problems: 1) having on the network more than one device that functions as a DHCP server, and 2) setting devices with static IP addresses that also reside in the pool of assignable addresses of an attached DHCP server. In the case of either 1 or 2, you could have devices that try to operate on the LAN using the same IP address, at which point you will have a failure to communicate.

          Anyway, there's another topic to cover in more detail.

          Great to see a fellow SFBay nerd getting his geek on here. Keep 'em coming.

          My δόγμα ate my Σ

          by jubal8 on Fri Feb 07, 2014 at 12:33:58 AM PST

          [ Parent ]

    •  I can help out with these if needed (3+ / 0-)

      I was fluent in CP/M by the time I was 7.

      Which camp are you in, upstart or systemd?

      Praxis: Bold as Love

      by VelvetElvis on Thu Feb 06, 2014 at 09:30:37 PM PST

      [ Parent ]

      •  Not particularly a fan of either... (3+ / 0-)
        Recommended by:
        Tonedevil, Oh Mary Oh, pvasileff

        ...but if I had to choose, upstart.

        Mainly, I dislike how both of them are trying to be the end-all-be-all of system management.  systemd's particularly bad about wanting to do everything for you, but upstart has all of that crap on it's project roadmap anyway.

        I like my computing to be modular for professional purposes.  I like each program to have a single purpose when possible.  It cuts down on feature creep and code bloat, and lets me maximize available resources for the application that's actually paying my salary.  You're front-loading the work to get it all set up since there's no nice bundles, but once it's configured, you can squeeze a lot more performance out of your CPU/compute cycles.

        For small scale or home computing, I won't waste the time.  But for web-scale applications and clusters, needing 3% fewer machines to do the same job is a massive cost savings.

        Init sucks, and it really needs to an update to do things async.  But at least it's not trying to be init, and cron, and syslogd, and see what I'm getting at.

        The help's welcome, by the way.  I'll be getting a group set up this weekend.  Would be nice if we could have a few of these a week from different members of the community!

        Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

        by The Technomancer on Thu Feb 06, 2014 at 09:42:45 PM PST

        [ Parent ]

    •  also, email routing (3+ / 0-)

      If there's anything in the basic sysadmin tookit that drives me batty, it's configuring mail servers.  

      I gave up and started using google.  I use postfix for outgoing mail from the server but completely threw in the towel on POP and IMAP due to spam.

      I do sysadmin work for my own medium sized mental health support forum and a couple non-profits.

      Praxis: Bold as Love

      by VelvetElvis on Thu Feb 06, 2014 at 09:40:58 PM PST

      [ Parent ]

      •  I use courier to handle IMAP. (3+ / 0-)
        Recommended by:
        VelvetElvis, Tonedevil, Oh Mary Oh

        Postfix for SMTP.
        spamd/spamassassin and RBLs to handle spam.
        I pass authentication off to pam auth'ing against a MySQL database.

        But I definitely agree.  It's a pain in the ass.  Mail at work's outsourced to hosted Exchange at Rackspace.

        I just like to keep the skills up on my own kit, ya know?

        Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

        by The Technomancer on Thu Feb 06, 2014 at 09:52:37 PM PST

        [ Parent ]

    •  Technonancer: Thanks very much for this effort! (2+ / 0-)
      Recommended by:
      KBS666, The Technomancer

      Your entries re: networking, however, have already ranged way beyond my tech knowledge, and, more to the point, interest in learning.  My eyes glaze over when tech talk goes beyond a certain, relatively primitive, level.  I've never had any kind of cell phone, or iPod or iPad, if that helps you understand my tech stance and knowledge.  I only want to be able to surf the net easily, efficiently and to the extent possible, without being burdened by constant software updates.  I normally use FireFox, sometimes Safari.

      My quick background: Altho I was an early Apple employee (No. 254), I am in no way a techie -- I was employed in operations (international distribution).  So I've been a computer user since 1979, but have not ever been interested in learning about why things happen when I click "Return"…

      Here's my system description:

      Imac 7,1 desktop
      Mac OS X version 10.6.8 (upgraded in 2009 from Leopard to Snow Leopard by previous owner, a network-oriented techie)
      Processor - 2 GHz Intel Core 2 Duo
      Memory - 1 GB 667 MHz DDR2 SDRAM

      I have a DSL which I ordered and had installed from/by ISP PacBell in 2004 or so (before they acquired AT&T and later changed their name to AT&T) when my home system was a desk top PC (IBM clone).  I got my first iMac in 2005; my current one was acquired in 2010.  The DSL line MAY have been updated to some extent by AT&T since then, but as far as I know it's basically a plain old DSL, and has none of the attributes (add-ons, upgrades, or whatever) that, for example, enable iPhones and iPads to download very large files much more quickly than I can… in my observation.  I don't use wifi really at all (as far as I know).  My email moves on iCloud, whatever that is.  The connection to my ISP account is by PPPoE, whatever that means.

      My question is: I understand that I can personally install by hand an additional gigabyte of RAM into my iMac, and I've seen photos of how to do it.  Would doing so significantly improve my download time?  Is this an appropriate question for this thread?

      I'm not  that interested in videos, etc.  I AM interested in improving my download and/or general internet operation speed if it could be done by the above RAM update, since I believe my computer's operation is generally quite a bit slower than the current norm…


      "There's always room for cello." Yo Yo Ma

      by ceebee7 on Fri Feb 07, 2014 at 02:44:12 PM PST

      [ Parent ]

      •  Probably not much (0+ / 0-)

        Your computer's memory would only be a bottleneck in downloading material if it was somehow filling up all of your RAM while trying to write to the hard disk while saving a file. I'd guess that the bottleneck is the DSL not the computer.

      •  RAM usually doesn't help. (0+ / 0-)

        Your best bet, for now, is to head over to and run a speed test on your line, and come let me know what speed shows up.

        It's very possible, given how long ago your DSL was installed, that you've got a 1.5mbit (or slower) connection, which isn't even really broadband nowadays.

        Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

        by The Technomancer on Fri Feb 07, 2014 at 07:57:45 PM PST

        [ Parent ]

  •  Hamsters (11+ / 0-)

    Hamsters, extremely well trained.

    How they update zone tables is A Miracle of Science.

    Quote of the week: "They call themselves bipartisan because they're able to buy members of both parties," (R. Eskow, Campaign for America's Future.)

    by mbayrob on Thu Feb 06, 2014 at 02:20:02 PM PST

  •  I sometimes have intermittent problems with (8+ / 0-)

    having a live DSL internet connection, but my machine cannot connect with ATT's DNS server.   What is happening in that circumstance?

    •  That depends. (19+ / 0-)

      There's a few stops along the way whenever you make a DNS request.  For example, in my case, if I were to use my ISP's DNS servers, each DNS request has to make the following stops:

      * My home router
      * The network gateway assigned to the block of IP addresses my IP address belongs to
      * The core router for my ISPs network
      * The DNS server itself

      Any one of those could be responding slow or not at all.  You can check which ones are slow with a tool called traceroute.

      If you're able to connect to all points along that path, other issues could be:

      * DNS server outage
      * Overloaded DNS server (which is often the case with ISP DNS servers)
      * An issue with DNS caching on your computer itself

      Personally, I recommend using a public DNS server from a provider you trust -- DNS is a public service and technically you can use any DNS server that'll answer your request.  I use Google's public DNS servers at and, but you can also use ones from providers like OpenDNS, or ones belonging to backbone carriers like Level3 (at

      If you run into a situation where you think it's AT&T's DNS server causing the problem, you can manually configure your connection to use a different DNS server and see if that resolves it.  If it does, contact AT&T's support and tell them that you're having trouble connecting to their DNS servers but can connect to other DNS servers.

      If DNS doesn't work with an alternate address, there's a problem with the connection between you and AT&T's gateway. most likely -- their technical support should be able to walk you through the troubleshooting steps.  Before calling, be sure to power cycle your DSL modem, your computer. and any routers (wired or wireless) between the two -- the DSL modem and routers have very limited memory, and the memory can fill up after long periods of time due to logs or programming bugs in the router's software or firmware, causing slowness or outright failure until the memory is cleared.

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 02:57:40 PM PST

      [ Parent ]

    •  also consider openDNS (3+ / 0-)

      Praxis: Bold as Love

      by VelvetElvis on Thu Feb 06, 2014 at 09:32:54 PM PST

      [ Parent ]

  •  My question... (6+ / 0-)

    Why was nslookup depreciated?  Was the code for it just subsumed by dig?

    I'm also curious about dynamic DNS, which I'm guessing (but don't know) operates a client that broadcasts itself back up to the DDNS servers, to let them know what pool-based IP a given server is using atm.  But then what?  Is all traffic still routed through the DDNS servers before being redirected?  Or do they also broadcast out the new address as it changes?  It seems that would leave a lot of lagged downtime each time that end server is assigned a new IP from a pool.

    •  nslookup... (7+ / 0-)

      ...has a few flaws that make it an untrustworthy tool -- flaws that dig doesn't have.

      One, it uses it's own internal domain name resolver, rather than the one your operating system is configured to use, so you may get different responses from it than your computer would get through other usage.

      Two, it has bugs that make it unreliable when used logically -- like using --type=soa and specifying a DNS server to check, rather than just using --type=soa and having it use it's own resolver.

      Three, it does not provide raw lookup output, meaning you have to trust the code isn't buggy to trust the response.

      Four, it does a PTR record lookup (reverse DNS) to show you the name of the server it's querying...and if that fails, the whole query fails.

      Finally, it doesn't play nice with non-recursive DNS servers like tinydns.

      Dynamic DNS works by running a client on the computer/server that's using a dynamic IP address that updates the DNS server in charge of that domain's zone every minute or so with the computer's current IP address.

      Couple this with a short TTL on the DNS server side (usually the same time frame that the dynamic DNS client software sends its updates), and now you have dynamic DNS!  It's not really dynamic -- it's just software that allows computers/servers that don't have a static IP to update the DNS server's A record for the client computer/server's DNS address coupled with a time-to-live short enough that anyone trying to reach the server will very likely have to do a new DNS lookup and get the new address if it changed.

      Traffic to a server using dynamic DNS doesn't get routed through the dynamic DNS server -- all the DNS server does is point where to send the actual traffic, at which point the computer connects to that IP address and does it's thing.

      Let me know if that wasn't clear.  :)

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 03:16:49 PM PST

      [ Parent ]

      •  Thank you for the detailed response :) (5+ / 0-)

        And I see I made my frequent error of using 'depreciated' instead of 'deprecated'.   I tend to do that when I'm thinking ahead of what I'm writing.  I've still got a version with nslookup on it, I guess I'll finally start using dig instead.

        And you're clear enough.  I'm used to really long TTL's, since otherwise you're likely to get a lot of lag if the cache expires so quickly.  I worked with third party credit card processing software that had frequent DNS issues that drove me up the wall.  It seemed like the internal cache was waaay too short, so that if you went 20 minutes or so without a charge, the processor would invariably have to look up the DNS again, and far too often it was so slow about doing so that my initial charge attempt would fail if there were suddenly other charges in the pipeline.  The client had a habit of making extremely popular events go on sale at specific times, and the damn credit card processing turned into the bottleneck every time we had a surge of people fighting over a limited number of tickets.

        •  Gotcha. (4+ / 0-)

          I'd actually be pissed off if a developer wrote a DNS cache directly into their software rather than relying on the OS to handle it.  I mean, this is one of the reasons why nslookup sucks -- it doesn't rely on the OS and cowboys up to do its own thing.

          Then again, I usually turn of domain name caching at the OS level on production servers, especially on ones that are only going to communicate to other servers in my fleet.  Less overhead from DNS lookups (which when milliseconds matter in real-time applications, really adds up), nscd's a steaming pile anyways that shits itself on a whim, and I prefer having the control of telling my servers where I want them to do by using Puppet (or Chef, or Salt, or $yourFavoriteConfigMgmtToolHere) to maintain and distribute a hosts file.

          Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

          by The Technomancer on Thu Feb 06, 2014 at 03:43:55 PM PST

          [ Parent ]

  •  Great idea for a series (11+ / 0-)

    I'm looking forward to the next installment.

    Fry, don't be a hero! It's not covered by our health plan!

    by elfling on Thu Feb 06, 2014 at 03:02:13 PM PST

    •  Cool! (5+ / 0-)

      And hey, if you ever need an extra set of hands on the systems side of things or a consult, it'd be my pleasure to help Daily Kos out.

      Heck, I'd love to see a diary by whoever does your systems engineering on DK's infrastructure.  I geek out over stuff like that big time.

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 03:33:23 PM PST

      [ Parent ]

      •  I've done diaries like that in the past. (7+ / 0-)

        Not real recently though. In the meantime, you might find this thing I recently finished interesting, although it's not DK related, and if you have any burning questions I'll do my best to answer them (unless it's something like asking for the passwords or somesuch).

        /* You are not expected to understand this. */

        by ct on Thu Feb 06, 2014 at 05:17:10 PM PST

        [ Parent ]

        •  Oooooh, shiny. (2+ / 0-)
          Recommended by:
          3rock, Tonedevil

          Been a while since I've played with filesystems and tuning them.  One of the things I miss with my current gig putting everything up in AWS is spending time tuning the OS and the related moving parts to my hardware choice and making things scream.

          I don't have any questions that are too particularly burning, but after giving your blog a quick peek, I would be interested in knowing the following

          What made you decide to use Chef over Puppet?

          How are you liking Go?  I'm finding it pretty fun to play with, and APIs written with it chew through requests at an alarming rate.  I still think the language needs a few more years before it's ready for primetime, but I'm glad I'm starting to pick it up for the jobs where Python's not fast enough and Java's too much of a pain in the ass.

          What's the peak requests per second your front end cluster for DK handles?

          SQL or NoSQL?

          Want to write an Everyday Magic diary?  :D

          What's your interview question you throw at people?  I'm a fan of "Explain how a recursive DNS lookup works" because there's so many levels of right that it gives you a good idea of both the breadth and depth of the sysop's knowledge, and "If I ran /bin/chmod -x /bin/chmod as root, how can I recover from that without reinstalling chmod from a package or grabbing a copy from another server?"

          Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

          by The Technomancer on Thu Feb 06, 2014 at 05:33:46 PM PST

          [ Parent ]

          •  Some answers: (4+ / 0-)

            1. I heard about Chef first.
            2. Go is awesome. It's like C, but without quite as much bookkeeping or opportunities to shoot yourself in the foot.
            3. A lot, although sadly I don't have the numbers in front of me (I'm cleaning my office and everything is chaos).
            4. SQL.
            5. Sure, sometime.
            6. Mercifully I don't have to do much in the way of interviewing - we have Jason for that. I get to stay down in the boiler room. I like that chmod question, though; beyond doing it with perl or somesuch I think you might also be able to save your bacon by mounting a FAT partition and copying it there and back - it should then be 0755 again.

            /* You are not expected to understand this. */

            by ct on Thu Feb 06, 2014 at 06:09:59 PM PST

            [ Parent ]

            •  google-fu (2+ / 0-)
              Recommended by:
              3rock, Tonedevil

              6. /lib64/ /bin/chmod a+x /bin/chmod

              strikes me as just esoteric trivia.

              •  Not really. (3+ / 0-)
                Recommended by:
                3rock, elfling, Tonedevil

                The reason I ask that question is that it lets me see what tools a candidate likes to reach for first when presented with a problem.

                OS rockstars will directly invoke the ld-linux library as root to bypass filesystem permissions...which is your Googled example.

                Filesystem geeks will go into inode editing and leveraging alternate filesystems like ct did.

                Programmers or heavy scripters are going to mention a language like Perl that has a built-in chmod that doesn't rely on the OS version.

                RHCEs will inevitably mention setfacl.

                Dudes like me who learned it as we went along will suggesting making a copy of an already executable file (using the flag to preserve permissions), using cat to clobber the contents of that copy and replace it with chmod's (cat /bin/chmod > /path/to/copied/executable), then run that to fix chmod's permissions.

                People who aren't listening or don't pay attention to detail will say they can grab it from a package or off of another machine on the network.

                You'll never see /bin/chmod -x /bin/chmod being run in a real world scenario (barring an extremely drunk, high, or incompetent operator), but because it's a question that has so many right answers, it gives you insight into the candidate, and lets you call bullshit on resume polishing.

                Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

                by The Technomancer on Thu Feb 06, 2014 at 06:51:41 PM PST

                [ Parent ]

            •  Reactions: (2+ / 0-)
              Recommended by:
              3rock, Tonedevil

              1.  Same with me and Puppet. I did a stint at Apple, and they use it there.  They taught it to me, and I've used it ever since!

              Plus, Eric Sorenson at Puppet Labs plays a mean game of Words With Friends.

              2.  Noticed that.

              3.  If you remember to check sometime, I'm interested.  That's my current focus at work right now -- we handle upwards of 150k req/sec during peak right now, a vast majority of those responses have to be transmitted out within 75ms of the request (which is difficult if you're trying to do programmatic real time bidding, one of the reasons I've fallen in love with Redis), and I have to deal with the fact that I'm in AWS and therefore have fuck-all control over my network and hardware.  I'm always interested to hear what other engineers see and what tricks they have to make processing faster.

              4.  I still like SQL for transactions that have to be correct the first time and can't be done in a lazy manner, like recording financial transactions or the like.  For anything that can be easily represented with a key-value pair or a document, NoSQLs like Redis and Mongo have really grown on me -- especially Mongo for web applications since you can leverage GridFS and write map/reduce functions in JavaScript to do data analysis on one of your read slaves without having to ship everything off to a Hadoop cluster or other data warehouse and write separate jobs.

              5.  I'd love to see you do one on a filesystem.

              6.  It should tell you something about the level of geek that I work with that they send the Aspie in to interview people because he has the best social skills.  :D

              And hey, if you've got any questions for me, I love talking shop (if you haven't noticed!).  Hit me up.

              Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

              by The Technomancer on Thu Feb 06, 2014 at 07:06:32 PM PST

              [ Parent ]

              •  I understand the NoSQL thing well enough. (2+ / 0-)
                Recommended by:
                The Technomancer, Tonedevil

                Whenever I think about it, though, I always think of the many different ways that SQL functionality would be handy for things like joins.

                Oddly enough one project I want to do is write a series on what I've learned about filesystem hacking (and if it goes well maybe flip it into a little book, who knows) because it's such an interesting area with not a lot written on it. I partly suspect, though, that the reason that there's not a lot on it out there is that there may not be that much interest. It's kind of hard to say though.

                I noticed somewhere in here you mentioned using Slackware back in the day. I did too for many years (woo), until I got tired of the lack of much in the way of package management. I then had a sojourn in FreeBSD until I bought a video card that was too nice for it, used Gentoo for a couple of weeks until I decided I had better things to do than compile things constantly, then Debian for a while until Ubuntu came along as a less hostile Debian, and finally ditched Ubuntu for OS X as my desktop when I got sick of how Ubuntu was becoming all hand-holdy, but bad at it.

                For actual Linux work though I'm still Debian all the way.

                /* You are not expected to understand this. */

                by ct on Thu Feb 06, 2014 at 10:05:57 PM PST

                [ Parent ]

                •  Well... (1+ / 0-)
                  Recommended by:

                  I am intrigued by your ideas, and would like to subscribe to your newsletter.  

                  Filesystems are something I don't know enough about, mainly because I stopped playing with them when half the industry moved to virtual kit anyway and everything I needed to run did fine on ext4 or XFS.  I'd definitely like to learn more about them.  You're absolutely right that there's not a lot of documentation and writing about them.  I'd toss money at a Kickstarter to fund a book on that.

                  I got my start on Slack because a friend and I built the earlier-referenced spare parts box and were too poor to get a copy of Windows, and not savvy enough to know where to...acquire...copies for less than full freight.  His brother was attending UC Berkeley on scholarship, and brought a Slackware CD home with him.  Since that was the only OS we had access to, Slack it was.

                  Never have I been in such dependency hell as my time using Slackware.  On the other hand, I doubt I'd be as good with the internals of the OS as I am today if I hadn't had to learn Linux the hard way.

                  Moved on to Red Hat, then CentOS.  I run Ubuntu on my personal server -- I was working professionally on RHEL-based OSes at the time, so I use my personal server to keep up with the one I'm not using between Debian-based distros and RHEL-based distros.  Speaking of which, I really need to re-kick it with CentOS since we use Ubuntu at the new gig.

                  My gaming rig is Windows.  About once a year or so, I get pissed off at it and throw Fedora or Mint on it to see how far Linux gaming (and Wine) have come, and the last time I did it, I managed to go a month before getting tired of OpenGL errors getting passed through to the emulated DirectX layer and basically blowing up X from there and went back to Windows.  I long for the day that all games released through Steam are Linux compatible.

                  Not that Windows is particularly terrible anymore nowadays, but I don't trust code I don't get to read, you know?

                  I use OSX for my work laptop. makes everything easier, and it's so slick.

                  I tried Gentoo for a bit too. Then I realized why that was a bad idea.

                  Last time I looked at the hobbyist distros, it looked like Arch was the new up and comer, and pacman wasn't too bad for package management.

                  Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

                  by The Technomancer on Thu Feb 06, 2014 at 10:25:23 PM PST

                  [ Parent ]

  •! (6+ / 0-)

    also, adorable storytelling :-)

    I work in tech at the retail level, but am not a natural techie at this level, and this is exactly the kind of explanation I need to start to grok this stuff.

    funnily enough, I was just looking at the OSX Pro Training for Mavericks Server Essentials...taking a deep breath before diving in...

    tipped, recced, followed, bookmarked, and will read again at leisure...

    Join us on the Black Kos front porch to review news and views written from a black pov—everyone is welcome.

    by Terri on Thu Feb 06, 2014 at 06:12:36 PM PST

  •  Hey, thanks for this. (3+ / 0-)
    Recommended by:
    The Technomancer, 3rock, Tonedevil

    My questions arise from a problem I'd like to solve soon. 1. Who owns an email address? 2. Are email addresses portable? 3. Can you shut down a website, but still use the email address associated with that website?

    For example, I want to terminate my website, But, I want to maintain my email address,


    A conservative is a scab for the oligarchy.

    by NBBooks on Thu Feb 06, 2014 at 07:01:42 PM PST

    •  To answer your questions as numbered: (3+ / 0-)
      Recommended by:
      3rock, NBBooks, Tonedevil

      1.  The owner of the domain owns the email addresses attached to said domains.  However, the data resides on the server acting as the mail server for the domain, and while it's good business for them to export that data for you, they're under no obligation to do so.  You can download your mail and archive it yourself, too.

      2 & 3.  As portable as anything else on the 'Net.  If you move to a new host or shut down a website, but keep paying for the domain and someone to host your mail for you, you can use any web host or mail provider you want, or do like I do and run my own mail server for practice.

      Basically, when someone wants to send you email, the mail server that's sending the mail to your mail server does another DNS lookup like the ones I talked about in the diary, except it looks up the mail exchange record, commonly referred to as the MX record to find out which server is assigned the duties of handling mail for that domain.  To change which server gets email for a domain, change the MX record in DNS.

      Hope that helps!  If it's not clear, let me know and I'll try again.  :)

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 07:13:30 PM PST

      [ Parent ]

  •  As a person who's worked in IT for 30 years (6+ / 0-)

    I have to say, Kudos.   Sometimes you take things like DNS for granted when you've worked with everything from early DNS sets in the late 80s to better BIND in the 90s and on.

    This is a solid explanation for those that need it.  :)  Hmm.  Makes me think of all the goofy tech stuff rattling around upstairs that I should write up sometime just for fun.

    Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

    by Chris Reeves on Thu Feb 06, 2014 at 07:23:00 PM PST

    •  I appreciate that. (5+ / 0-)
      Recommended by:
      jessical, side pocket, 3rock, Tonedevil, jubal8

      And hey, if there's interest from other IT folks like you and me in writing diaries like this, I'm A-OK with running Everyday Magic as a group effort.

      Besides, it'd be especially fun when we disagree on something.  We might break ct's comment limits.

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 07:26:20 PM PST

      [ Parent ]

      •  In a Reddit forum years ago (2+ / 0-)
        Recommended by:
        The Technomancer, Tonedevil

        There was a HUGE pie fight over MySQL front end data usage.. I'd have to find it.   I don't think that'd draw a lot of interest here, but I occasionally blog technology.   We really should start a technology group.  I'd be totally in.

        Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

        by Chris Reeves on Thu Feb 06, 2014 at 09:17:24 PM PST

        [ Parent ]

        •  I didn't think an overly long essay... (3+ / 0-)
          Recommended by:
          tmservo433, elfling, Tonedevil

          ...on the intricacies of DNS would go over well either, but it's on the Rescued list!

          Tell people a story and you can teach anything.

          I agree on the tech group.  I'd love to make Everyday Magic a community series rather than just my baby.

          Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

          by The Technomancer on Thu Feb 06, 2014 at 09:19:49 PM PST

          [ Parent ]

  •  That's very generous of you to do this series (4+ / 0-)

    1994-5 I ran a Linux server and tried to learn a little bit, but by 1998 I gave it up. Your comments remind me a bit of that time. Would have been great to have someone make it easy to understand in the blog format we have here.

    Looking forward to your series and the questions asked and answered.

    •  Give it another shot! (1+ / 0-)
      Recommended by:

      Linux is still pretty arcane compared to the polished desktop operating systems like Windows and OSX and the slick mobile operating systems, but it's a hell of a lot better than when it was back then.  I was just starting to pick up Linux at that time as well -- I could go on for hours about trying to bootstrap a spare-parts rig using my wits and the on-disk documentation....

      ...for Slackware.  Which was, at the time, probably the hardest distro of Linux to get running.

      After a week, I finally got a windowing environment up, learned my way around it, then tried to get on the 'Net via dialup.

      No dice.

      Piece of crap had an onboard Winmodem (remember those steaming piles), and there was no such thing as a Linux driver for those.

      But I digress.

      Amazon offers a free tier of servers with Linux installed for year.  There's 20 years of documentation on the Web now (the Linux Documentation Project is the shit, go here NOW if you're interested), sites like Ubuntu's community forums, the StackExchange network of sites, and Google's ability to find answers for damn near anything make it easier than ever to learn Linux.

      There's not enough of us out there, and there's a never-ending stream of startups that need Linux geeks.  Plus, a good portion of us never did do college (myself included), and tech's one of the few white collar jobs left where crippling debt, I mean college, isn't a requirement to get an entry level gig, despite what the job listings would like you to think.

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 08:19:55 PM PST

      [ Parent ]

      •  oh, thanks, you are kind, but there is a time (1+ / 0-)
        Recommended by:
        The Technomancer

        for everything, and for me this is not the time where I want to pick it up again. It was just something I did in my past. But if for any chance should do it again ... then I know where to find you. :)

    •  If you use debian, bookmark this (3+ / 0-)
      Recommended by:
      The Technomancer, Tonedevil, mimi

      Praxis: Bold as Love

      by VelvetElvis on Thu Feb 06, 2014 at 09:42:46 PM PST

      [ Parent ]

  •  Wow! (2+ / 0-)
    Recommended by:
    The Technomancer, Tonedevil

    I'm a major nerd, but never wander too far into geekland.  This is a great idea for a series.  I'm gonna have to re-read it since I have so little background in this area, but I'm happy to have this opportunity to learn and look forward to your continuing writes.  Thanks.

    If I have any spit left after I've licked my own wounds, I'll be glad to consider licking yours. Peace.

    by nancyjones on Thu Feb 06, 2014 at 08:13:26 PM PST

  •  I understood fully 20%. Keep of the good work. (3+ / 0-)
    Recommended by:
    The Technomancer, Tonedevil, jubal8

    Onward to 30%.

    Rivers are horses and kayaks are their saddles

    by River Rover on Thu Feb 06, 2014 at 08:19:00 PM PST

    •  What parts do you feel I could explain better? (2+ / 0-)
      Recommended by:
      Tonedevil, jubal8

      And what parts do you feel you have a good grasp on?  I'd appreciate the feedback for future installments.

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 08:23:00 PM PST

      [ Parent ]

      •  The problem isn't in your well written and (3+ / 0-)
        Recommended by:
        The Technomancer, Tonedevil, jubal8

        pleasantly humorous diary.  It's in my mind where all of my life a war between a fierce curiosity and an overpowering lack of discipline has raged.  Your excellent essay gave curiosity the upper hand for a while.
        Looking forward to your next effort.

        Rivers are horses and kayaks are their saddles

        by River Rover on Thu Feb 06, 2014 at 08:38:44 PM PST

        [ Parent ]

        •  I'm right beside you on that one. (3+ / 0-)
          Recommended by:
          Tonedevil, jubal8, River Rover

          Besides the autism, I've also got a nice case of ADD.

          Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

          by The Technomancer on Thu Feb 06, 2014 at 09:14:22 PM PST

          [ Parent ]

          •  1 + 1 = 10 (2+ / 0-)
            Recommended by:
            The Technomancer, River Rover

            Haven't been diagnosed with such, but the symptom charts ring a few bells. I have long thought that what attracts me to IT is the binary nature of it. Most technical issues, especially with computers and networks, really do come down to true or false, yes or no, up or down, one or zero. Early in my career when I was working with analog electronics I often felt overwhelmed trying to understand the cascading waves of interactions among the constantly varying voltages, currents, and impedances; but, digital electronics -- what a revelation! It wasn't just that it was easy to understand; it was that working towards resolving problems within that framework became almost like a meditation, focusing my mind on the process of ignoring the flack and discerning what was relevant to the issue at hand. And that, my friend, seemed an antidote to much of my experience in daily life, which I feel is most properly categorized as analog.

            My δόγμα ate my Σ

            by jubal8 on Fri Feb 07, 2014 at 01:29:09 AM PST

            [ Parent ]

  •  Thanks! (2+ / 0-)
    Recommended by:
    The Technomancer, Tonedevil

         Just a few years younger than you and too embarrassed to ask someone to explain this stuff to me so thanks for starting the series! I hope this is a successful venture for you.
               Also, I like your writing.

    •  I hope it's useful to the community. (1+ / 0-)
      Recommended by:

      That's the biggest measure of success for this series.  If there's a topic you'd like me to write about, don't hesitate to request it! Everyone starts somewhere.  I sure as hell wasn't born knowing this stuff.

      And thank you for the compliment on my writing.  I went and read the diary you posted a while back.  You're pretty good at it yourself!

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 08:27:22 PM PST

      [ Parent ]

  •  Thank You (4+ / 0-)

       Spent some time googling...
        I'm 63. I don't know very much about computers or the internet but it fascinates me. The only thing I'm geek at is dancing and very geek at that, actually the only thing I know how to do.
       I skimmed the diary but read all the comments. I like to take things in subconsciously. I compliment you because I thought all the comments and replies were quite a nice flow. I then read the diary a couple times. I had to google Asperger's Syndrome. I'm not real bright :) Knowledge is so diverse nowadays on what to me is the size of snowflakes. Interesting. I wouldn't of known by reading your replies that you have "autism," because how you answered replies was so smooth & cool. I don't think I'd recognize it to start with, when I'm in a crowd of snowflakes...
       Here's the thing I found interesting, I think it's because of the comp culture that

    However, like with any other information -- go verify it yourself!  And if you find that I'm not correct about something, please correct me!  I'm not a fan of being wrong.
      It took me a few reads of this to understand. I first picked up the vibe of "open to critique" (myself as an artist critique) I myself would have said verify it (.) and left out the other words. please correct me(!) period
        The really interesting thing to me is it took me like 4 reads for
    I'm not a fan of being wrong.
    I had already assumed because it was all presented so well that you like to learn also. My brain just automatically skimmed...
                 If I may :)
       It is very cool this series. It's fun to learn about younger gens and hopefully it will draw them to this site.
       P.S. Read profile... you're 32, YOUNG. You will accomplish your goals. It's a like learning something new of which you are VERY good at.
       Thank You Again

    March AGAINST monsatanOHagentorange 3/25/13 a time warp

    by 3rock on Thu Feb 06, 2014 at 08:45:17 PM PST

    •  Thank you very much... (2+ / 0-)
      Recommended by:
      3rock, Tonedevil

      ...for your kind words.

      The autism doesn't show up as much over text.  I'm not nearly as articulate in person -- too many distractions, no time for the brain-to-mouth filter to kick in.  It's much easier to ordered my scrambled thoughts when I put them on paper or on a screen.

      I'm glad you learned something, and I hope I have the opportunity to teach you and others more!

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Thu Feb 06, 2014 at 09:04:10 PM PST

      [ Parent ]

  •  Automatically is my favorite term to use when (2+ / 0-)
    Recommended by:
    The Technomancer, Tonedevil

    Someone asks how something works, and their eyes glaze over halfway through the explanation.

    Any questions regarding networking or enterprise voice over IP, hit me up. I've spent the last two years doing both, with an emphasis on HP switches.

  •  So, where's the point (1+ / 0-)
    Recommended by:
    The Technomancer

    when the NSA taps in?

    The thing about quotes on the internet is you cannot confirm their validity. ~Abraham Lincoln

    by raboof on Fri Feb 07, 2014 at 04:56:25 AM PST

    •  There are a great many places where they (2+ / 0-)
      Recommended by:
      raboof, The Technomancer

      can tap in.

      If they control the DNS servers, they can direct you to their websites, which man-in-the-middle your connection, intercepting what you send to a site, and then passing your traffic on to its real destination.

      Alternatively, they can literally man-in-the-middle your traffic, if they can make sure it innocently passes through one of their servers on its way to its destination (Possibly be having some servers at your ISP's location...Or, as in the case of Google, tapping into the server you're talking to, without it's knowledge.  Or, in some cases, with it's knowledge).

      That doesn't work for https traffic, however.  For SSL, someone basically needs to vouch that you are who you say you are ("who you say you are" is basically your DNS address, so I guess it's more "you are who someone else is saying you are").

      So who does the vouching?  There are a bunch of "root" servers that are hard-coded as being trusted, either in the OS or the browser (Along with information that lets them prove who they are when you talk to them, as well).

      Without breaking the encryption or hijacking either you or their servers you're talking to, there are two ways around this:  The NSA can either try and get one of these root servers to issue a bogus certificate (France was recently caught doing this).  Another way is to make your system trust a new NSA-controlled root server, that no one else trusts (This is how businesses and schools spy on their employees' / students' SSL traffic on corp machines).

      Of course, they still have to man-in-the-middle your traffic somehow.  Schools and corporations generally use configured proxies for this, rather than the more subversive methods of the NSA.

  •  vpn (1+ / 0-)
    Recommended by:
    The Technomancer

    I'd love to see an article about VPN.

    Instructions a for someone like me who just doesn't get it.  VPN for Dummies, I suppose.  

    The legality of using it to view sites blocked for your viewing.  Is it illegal in some countries to use VPN to view sites that are blocked in your country.  

    Installing what you might need.  How to set it up once it is installed.  Etc.

    VPN and security.  Read that using VPN in WiFi spots increases security.  Is this true?  How does that work?

    Saw where someone mentioned home networking.  Love to see an article about that as well.  

    Thank you for this.

    •  VPN and Proxy services (1+ / 0-)
      Recommended by:

      ...are already on my list.  I thought they;d be particularly relevant given how often these services get used for both professional and political purposes.

      Thank you for reading!

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Fri Feb 07, 2014 at 08:34:23 AM PST

      [ Parent ]

  •  Getting around the Great Firewall of China? (1+ / 0-)
    Recommended by:
    The Technomancer

    I wonder whether maintaining a hosts file would help much in getting around the GFoC. I read that China is also doing DNS cache poisoning, but would their control of gateways and proxy servers render locally controlled IP addressing ineffective anyway?

    Thanks for the writeup.  I've hesitated to try different DNS servers, but then I haven't had a lot of problems.

    I am become Man, the destroyer of worlds

    by tle on Fri Feb 07, 2014 at 08:49:34 AM PST

    •  They're basically routing all traffic... (1+ / 0-)
      Recommended by:

      ...through their proxies and filtering at that level.  It's less a firewall in the security sense as it is a Squid setup scaled for 1 billion people.

      The only way around it is to find proxy services not yet blocked by the government and using encrypted connections (anything from SSL to Tor) to get there.  Your hosts file isn't going to do squat if something's blocked at the router/gateway level.

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Fri Feb 07, 2014 at 09:01:12 AM PST

      [ Parent ]

      •  I suspected as much, (1+ / 0-)
        Recommended by:
        The Technomancer

        but know very little about internet architecture and processes.  Too bad.  Apparently, we've gone from the concept of a distributed architecture that could survive a nuclear attack, to one with choke points subject to autocratic control.

        I am become Man, the destroyer of worlds

        by tle on Fri Feb 07, 2014 at 11:33:10 AM PST

        [ Parent ]

        •  That risk has always been there. (0+ / 0-)

          Data travels over physical lines through sovereign territory.  What's kept it mostly open is the fact that there's a tangible net benefit from having an Internet rather than a series of splinternets.

          It's one of the main reasons why the NSA fiasco has the potential to be so damaging -- the US controls the majority of the root DNS servers and a majority of internet, so if people both inside and outside of the US can't trust that traffic going through our servers and backbone lines is both secure and private, it can seriously damage both US Internet companies and threatens to splinter the Internet as other countries and organizations build out private, non-interconnecting networks.

          Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

          by The Technomancer on Fri Feb 07, 2014 at 01:06:17 PM PST

          [ Parent ]

  •  Thanks and a suggestion ... (1+ / 0-)
    Recommended by:
    The Technomancer

    Knowing the sandboxes we play in, that's a very good thing. I make a living in IT as well, and agree that making it possible for others to understand how 'confusers' actually work is a part of our profession's social obligation.

    In communicating with technical and non-technical folks over the years, I've found that the right picture is worth a whole lot of words. What are the chances of making (or borrowing, where copyright permits) diagrams to illustrate your verbal descriptions. For example, this HowStuffWorks illustration of a browser to DNS server to desired site is a pretty decent simple diagram, and even though it's copyright protected it could serve as a model for a simple diagram drawn up in your preferred diagram-creating app.

    Thanks for taking on this work!

    •  I have trouble drawing stick figures (1+ / 0-)
      Recommended by:
      Steve Masover

      Music's my artistic outlet, not visual arts.

      But yeah, I can probably get some charts together.  If someone with better visual art skills than I have would like to collaborate, I'd welcome the assistance.

      Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

      by The Technomancer on Fri Feb 07, 2014 at 08:57:17 AM PST

      [ Parent ]

      •  Hmmmm... The DNS Song? ;-) (n/t) (1+ / 0-)
        Recommended by:
        The Technomancer
      •  Great diary; I'd welcome a chance to collaborate (1+ / 0-)
        Recommended by:
        The Technomancer

        Based on your initial diary and the feedback, you've come up with a very nice concept and a great approach, one that can be adapted for discussion on a variety of topics.

        What I like best is that way the format works for those with extensive knowledge on the topic, those with limited or no experience and everyone in between.  Also impressed by the use of "that depends" in a response.

        You recognize the variables that can impact a system/process. A wonderful contrast to the many decision-makers, public and private sector, who get hung up on everything has be a simple "one way or the other" with no real understanding or nuance (yeah, I'm looking at you, GOP)

        (Overall, that's one of the best things about the DK experience; everybody is here because they want to share and learn from others).

        Send me a note, TM, if interested. (20+ years of project analysis, development and documentation)

        •  Will do! (0+ / 0-)

          I'm finishing up the content for this weekend's Everyday Magic.  I'll be creating a group to publish it under when it's done.  I'll be happy to invite you.

          Any sufficiently advanced technology is indistinguishable from magic. -- Clarke's Third Law

          by The Technomancer on Fri Feb 07, 2014 at 06:00:09 PM PST

          [ Parent ]

  •  Can you go back even farther? What does IP (1+ / 0-)
    Recommended by:
    The Technomancer

    stand for?
    Tech has always impressed me.  I think it seems like magic that my washing machine knows when to add water, agitate, dump water, spin, beep, turn off.  Computers are a whole other universe of magic to me.  

    Government works when you elect those who want it to. --askyron (2013)

    by Simul Iustus et Peccator on Fri Feb 07, 2014 at 09:31:52 AM PST

  •  Who Owns It, and Who Said They Could? (2+ / 0-)

    Great diary, and I'll watch for future additions.

    Whenever I read about the internet the same questions always arise: Who owns it, and who said they could?

    TLD, DNS names, A2, the T1 system, and all that stuff that serves as switchers and communicators and inter-country connectors, and on and on.

    Who owns and controls that stuff? How do they make money? I've been assuming that part of everyone's high speed cable connection charge is used by the cable companies to pay for usage of the higher level servers-services, but who are those people, what do they control, and how did they come to control it?

    Who said Bill or Sally could assign-reserve web site names – and charge for it?

    Like so much of what goes on in the world, the internet-IT world seems to have two parts: the one we rather mindlessly use and that is talked about, and the real and far more powerful (and probably lucrative) part that virtually no one has ever heard of. Billion dollar businesses in some anonymous warehouse in New Jersey.

    A Southerner in Yankeeland

    To save your life and our country, read "Pity The Billionaire" by Thomas Frank, and "Winner-Take-All-Politics" by Jacob S. Hacker and Paul Pierson. Then read more books.

    by A Southerner in Yankeeland on Fri Feb 07, 2014 at 09:56:42 AM PST

  •  This is a great idea! Thank-you so much. (1+ / 0-)
    Recommended by:
    The Technomancer
  •  All I want to (0+ / 0-)

    Know is why dailykos crashes more than any other webpage I visit. I mean, it is ludicrous that a website would crash at all, let alone on every single platform I use to access it.

    Sorry Markos, I know you think you have a good idea, but this site really sucks as far as accessing it and enjoying the literature and facts provided. And you wonder why you need to ask us viewers for contributions?

    Please give me a detailed answer, the ones I have explored provide too much depression.

    iPad 1 & 2
    MacOs latest MacOs 10.9
    IPhone 4s
    ... More

  •  I'm going to like this series! (1+ / 0-)
    Recommended by:
    The Technomancer

    No doubt I won't understand it all, but I'll learn some things for sure. Thanks!

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site