Unable to update nameservers: Nameserver [ns2.example.co.uk] doesn’t exist at the registry.

Especially if you’ve recently set a new glue up.

In the OpenSRS domain manager it says:

** IMPORTANT: Before adding additional name servers to your configuration, you should be sure that the name server has setup correctly. 24 – 48 hours after you submit a request for an additional name server, it will be in the rotation for authoritative lookups and if it is not setup correctly, your site will take a long time to resolve when visitors try to find you.

You can ignore this for now, here’s what you need to do first…

You, or your admin who has access to the OpenSRS reseller interface needs to find the page in there entitled “Add Nameserver to All Foreign Registries” as per these instructions:

Add Nameserver to All Foreign Registries
This interface allows you to add Registered Nameservers to all of the Registries to which the OpenSRS system is connected. If you want to use a COM/NET/ORG nameserver (default.opensrs.net) on a .BIZ domain, you have to first add it to the “foreign” .BIZ Registry using this option. The reason for this is because each Registry keeps a database of “registered nameservers”, and new nameservers at “foreign” registries need to be explicitly added before they can be used to resolve domains in that TLD. Use this interface when you get the error “Unable to add nameservers: Command failed: unable to verify existence of nameserver” when trying to add a foreign nameserver to a domain.

To add a nameserver to all foreign registries

1. In the Domain Management section of the RWI, click Add Nameserver to All Foreign Registries.
2. In the Nameserver text box, enter the nameserver.
3. Click Add Nameserver.

Once you do that you should see a message that says:

.com registry: Successfully added
.asia registry: Successfully added
.xxx registry: Successfully added
.com.au registry: Successfully added
.biz registry: Successfully added
.bz registry: Successfully added
.ca registry: Successfully added
.cc registry: Successfully added
.com.cn registry: Successfully added
.co registry: Successfully added
.in registry: Successfully added
.info registry: Successfully added
.es registry: Successfully added
.me registry: Successfully added
.mobi registry: Successfully added
.name registry: Successfully added
.nl registry: Successfully added
.org registry: Successfully added
.tv registry: Successfully added
.us registry: Successfully added
.ws registry: Successfully added
.pro registry: Successfully added

Or similar.

Now we give it 24-48 hours, then you can set custom name servers on your domain via the OpenSRS manage interface.

They need to setup their email on the go and configure some forwarders. Their issue was that they were never given access to the control panel by the account holder and have since lost touch.

This unfortunately left them in a situation where they had no control over their hosting, they asked me to help them out.

My task was to migrate their existing IMAP mailboxes to their hosting account on one of our cPanel servers…

The first thing I did was get their UK domain onto our TAG giving us control over that for a small cost of £10+VAT, which the customer was only happy to pay.

There are other ways to get control of the domain without the cost, such as dealing with the host directly but in this case, fasthosts refuses to communicate with you unless you’re a customer. Ridiculous.

From here on inward, you’ll need root access to cPanel WHM on your server, or know someone who has.

At this point you need to start to create your mailboxes on the new server that match up to the existing ones.

The only issue with this is that you may find you can’t add “Remote Domains” (domains hosted elsewhere).

This item lets you allow cPanel users to create parked and addon domains that resolve to other servers. To make your selection, click the button corresponding to the option you wish to use. This value defaults to Off.

Warning: Enabling this option can cause major security issues. We strongly recommend that you do not enable this option.

You’ll need to “Allow Remote Domains” (Under “Tweak Settings” in WHM) so you’re able to add the domain. Once added, you can turn it off again.

As I said, once the domain is added you can create your mailboxes in cPanel to match what you already have.

I then went ahead and added them to the customer’s email client (Outlook 2007) to make sure everything was working as expected (it was).

They should have two sets of accounts added for each email address, the only difference between them should be the servers they use.

Migrating

This is where the fun starts.

If you’ve tried moving messages before in Outlook you’ll know it’s pretty slow. The issue is that, you’re downloading the message from the existing server, copying it to your computer, then uploading it to the other server.

This is a slow process, especially if you’re on regular UK broadband. In addition to that, you’ll find that Outlook will lock up while it waits for the server to respond.

I tested moving a few thousand messages: it took 8 hours. At this rate it would take around a week to do all of the accounts which isn’t feasible in a live environment.

Thunderbird isn’t much better. There had to be a better solution…

I got in touch with cPanel, as they have a dedicated “migration” team, however they were asking for shell, ftp or control panel access, none of which the customer had.

At first I had considered a server side, IMAP compatible email client such as Mutt or PINE, but I felt this may be a bit cumbersome.

Enter imapsync…

imapsync

After a quick search I came across imapsync which appears to be the solution I was looking for.

It’s written in Perl and is open source so there’s no reason it shouldn’t run on a CentOS server.

To install imapsync on CentOS (with cPanel) you’ll need to do the following:

First of all, imapsync isn’t in any of the official CentOS repositories so you need to install the RPMForge repository.

So, for example, on a CentOS 4 i386 install I would do:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el4.rf.i386.rpm

rpm -i rpmforge-release-0.5.2-2.el4.rf.i386.rpm

Now it’s installed, you can utilise it by using yum combined with “–enablerepo=rpmforge” to install imapsync.

However, before you go ahead and do that, you need to realise that because cPanel has it’s own set of perl modules and blocks the OS ones, you need to disable the “exclude” line in the yum configuration file.

nano -w /etc/yum.conf

Note: Use whatever editor you prefer, I’m using nano. The -w is for no word wrap as this file contains long lines.

In this file, you need to comment out the following like:

#exclude=apache* bind-chroot courier* dovecot* exim* filesystem httpd* mod_ssl* mysql* nsd* perl* php* pr$

The hash (#) at the beginning means it’ll no longer be parsed, so nothing is excluded.

Now you can go ahead and install imapsync trouble free:

yum install imapsync –enablerepo=rpmforge

This should install imapsync and any dependencies (such as the required perl modules).

The only advice that cPanel gave me when doing this is:

It is possible this could break some components of cPanel, but it should be generally repairable as long as you run “/scripts/checkperlmodules –full –force” afterwards to rebuild/reinstall the cPanel versions of the various modules.

I suggest you also do that once imapsync is installed to ensure you don’t break anything in cPanel.

Migration

Now we have imapsync installed we can actually use it…

imapsync \
       --host1 mail.example.co.uk --authmech1 PLAIN --user1 [email protected] --password1 12345678 \
       --host2 lemon.phurix.com --authmech2 PLAIN --user2 [email protected] --password2 99999999

This should be enough to get you going, but do be aware of the SECURITY issues outlined in the imapsync README.

Once this is done, all you need to do is get the name servers (or just the MX) changed on the domain to new hosting and after about 4 hours you should be good to go.

A decision had to be made.

You see, the context of the HM2K blog has always had a subtle undertone of my business and the work I do online. That business is Phurix web hosting.

Phurix has always supported me and the blog, but unfortunately, because of other commitments I have less and less time to write and publish.

At first I thought the best solution would be to shut down the blog and call it a day, while a colleague said he thinks I should keep it online.

I’ve been thinking about a solution for a long time but then, while I was on holiday, it hit me.

Merge it into the Phurix brand and it made sense too:

• HM2K.com was a hard concept to explain
• Easier concept: Phurix Labs:”Where we experiment with ideas and findings”
• HM2K.com had no context, it would often seem random
• Makes more sense in the context of the business
• HM2K.com had no real focus or agenda
• Focus on what is important: the business
• HM2K.com was a burden on one person
• Shared with Phurix
• HM2K.com was not making money
• By improving brand awareness business will increase

A proposal was put forward and it went better than expected, it all seemed to fit together nicely. Perfect!

The decision was made and I have no regrets.

Today, we started by introducing a new “Phurix Labs” theme to HM2K.com, so that’s phase one is done.

Over the next few days, the website will be migrated from here to “labs.phurix.net” (where it now belongs). That’s phaze two.

Thanks for reading and I hope you continue to support the new Phurix Labs project.

These are exciting times, watch this space!

About Phurix

Since 2004, Phurix has offered affordable and reliable hosting services with a no nonsense approach. Phurix will continue to provide a high quality of service and engage with customers to ensure its future and growth.

Authorised cPanel Partner and OpenSRS partner.

About Phurix Labs

Phurix Labs is where we experiment with ideas and findings. You’ll find all sorts of useful tools and information.

fastest_cvsup is a system utility written in Perl that finds fastest CVSup mirror server for FreeBSD, OpenBSD or NetBSD.

Here I’m going to tell you how to get started…

Install

First of all you need to install it, there are a number of ways to do this, but on FreeBSD you probably want to install from ports:

cd /usr/ports/sysutils/fastest_cvsup/ && make install clean

Note: You MUST be root to install ports

Get help

Once installed you are able to read more information about fastest_cvsup by issuing the following commands:

fastest_cvsup -h

This will display the general help.

man fastest_cvsup

This will display the more detailed manual page.

Usage examples

Here’s a few practical examples to get you started.

This example will check to see which United Kingdom (uk) based servers are quickest:

# fastest_cvsup -c uk
>> Querying servers in countries: uk
--> Connecting to cvsup.uk.freebsd.org [131.111.8.41]...
- server replied: OK 17 0 SNAP_16_1h CVSup server ready
- time taken: 136.71 ms
--> Connecting to cvsup2.uk.freebsd.org [131.111.8.41]...
- server replied: OK 17 0 SNAP_16_1h CVSup server ready
- time taken: 139.81 ms
--> Connecting to cvsup3.uk.freebsd.org [131.111.8.41]...
- server replied: OK 17 0 SNAP_16_1h CVSup server ready
- time taken: 134.28 ms
--> Connecting to cvsup4.uk.freebsd.org [195.40.6.45]...
- server replied: OK 17 0 SNAP_16_1h CVSup server ready
- time taken: 129.03 ms

>> Speed Daemons:
- 1st: cvsup4.uk.freebsd.org 129.03 ms
- 2st: cvsup3.uk.freebsd.org 134.28 ms
- 3st: cvsup.uk.freebsd.org 136.71 ms

To find the fastest server in Europe you would use something like this:

# fastest_cvsup -q -c uk,ie,fr,de,fi,no,nl,ch

Go nuts, test them all:

# fastest_cvsup -Q -r -c all

This example will give you the times of just OpenBSD and NetBSD servers:

# fastest_cvsup -c openbsd,netbsd

In this example we will use fastest_cvsup with the cvup command to update the ports using the fastest server in the United States (us):

# csup -g -L 2 -h `fastest_cvsup -Q -c us` /root/ports-supfile

Note: “-Q” is used to make it super quiet which is useful when using in scripts or in-line commands.

Find out more

Visit the fastest_cvsup website to find out more.

Nope. You get this error message:

Error: Missing Dependency: perl(URI) >= 1.17 is needed by package

It’s not a problem in CentOS, no, it’s a restriction created by cPanel to control what is installed using yum.

Here’s what you do:

• Edit your “/etc/yum.conf” file.
• Remove “perl*” from the “exclude” line.
• Run your “yum install subversion”
• Add the “perl*” back to the “exclude” line in the yum file.

That’s it! It will install as expected.

Update

If you’re using CentOS4 you may get the following error when exporting:

[user@server ~]$ svn export http://server/svn/project/directory/filename
svn: REPORT request failed on '/svn/project/!svn/vcc/default'
svn:
Cannot replace a directory from within

This is caused by a bug which was fixed and released in subversion version 1.2.0, however, RHEL4 (Redhat Enterprise Linux 4) and CentOS 4 use Subversion 1.1.4 from 2005 which doesn’t have this fix.

The solution is to install the latest version of SVN from a third party repository such as RPMForge:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el4.rf.i386.rpm

rpm -Uhv rpmforge-release-0.5.2-2.el4.rf.i386.rpm

Once RPMForge (and RPMForge extras) is setup, simply run:

yum install –enablerepo=rpmforge-extras subversion

That’s it!

[root@coffee ~]# yum install mod_python

Loaded plugins: fastestmirror

error: no dbpath has been set

error: cannot open Packages database in /%{_dbpath}

Traceback (most recent call last):

File “/usr/bin/yum”, line 29, in ?

yummain.user_main(sys.argv[1:], exit_code=True)

File “/usr/share/yum-cli/yummain.py”, line 309, in user_main

errcode = main(args)

File “/usr/share/yum-cli/yummain.py”, line 157, in main

base.getOptionsConfig(args)

File “/usr/share/yum-cli/cli.py”, line 187, in getOptionsConfig

self.conf

File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 664, in <lambda>

conf = property(fget=lambda self: self._getConfig(),

File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 239, in _getConfig

self._conf = config.readMainConfig(startupconf)

File “/usr/lib/python2.4/site-packages/yum/config.py”, line 804, in readMainConfig

yumvars[‘releasever’] = _getsysver(startupconf.installroot, startupconf.distroverpkg)

File “/usr/lib/python2.4/site-packages/yum/config.py”, line 877, in _getsysver

idx = ts.dbMatch(‘provides’, distroverpkg)

TypeError: rpmdb open failed

[root@coffee ~]# rm /dev/urandom

rm: remove regular file `/dev/urandom’? y

[root@coffee ~]# mknod -m 644 /dev/urandom c 1 9

Nothing else seems to work, but this does indeed seem to solve the problem.

Perhaps I’ll finally get Trac installed…

[root@server ~]# vzctl stop 104
Container already locked

Here’s how to fix it:

• Delete the lock file

[root@server ~]# rm /vz/lock/104.lck
rm: remove regular file `/vz/lock/104.lck'? y

• Kill the checkpoint

[root@server ~]# vzctl chkpnt 104 --kill
Killing...

I also submitted this article onto the OpenVZ Wiki entitled “Container already locked“.

I did this because, there was nothing found on the OpenVZ website with regards to this before now:

Your search – site:openvz.org “Container already locked” – did not match any documents.

Hope this helps!

The only issue then was that they couldn’t send email on port 25 through the Three mobile network.

The solution is to change the outgoing SMTP from port 25 to port 587.

Because I keep forgetting myself, here’s how you do it on cPanel:

You can run Exim on another port by going to the Service Manager in WebHost Manager and then enabling exim on another port and choosing the port number.

If it’s still not working, your firewall (iptables) is probably blocking it, so here’s what you need to do:

First find the iptables for port 25:

root@server [/]# iptables-save | grep “port 25”
-A INPUT -i venet0 -p tcp -m tcp –dport 25 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp –sport 25 -j ACCEPT
-A OUTPUT -o venet0 -p tcp -m tcp –sport 25 -j ACCEPT
-A OUTPUT -o venet0 -p tcp -m tcp –dport 25 -j ACCEPT

Once you have that, copy each line and replace 25 with 587 and enter those in, like so:

iptables -A INPUT -i venet0 -p tcp -m tcp –dport 587 -j ACCEPT
iptables -A INPUT -i venet0 -p tcp -m tcp –sport 587 -j ACCEPT
iptables -A OUTPUT -o venet0 -p tcp -m tcp –sport 587 -j ACCEPT
iptables -A OUTPUT -o venet0 -p tcp -m tcp –dport 587 -j ACCEPT

Finally, you should check it works by using telnet from another machine:

[user@server2~]$ telnet mail.server.example.com 587
Trying 1.2.3.4…
Connected to mail.server.example.com (1.2.3.4).
Escape character is ‘^]’.
220-server.example.com ESMTP Exim 4.69 #1 Fri, 26 Nov 2010 16:54:07 +0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

If you see a message similar to the above it has worked, so now you can save iptables and restart the service:

• iptables-save
• service iptables restart

Done!

Error Copying File or Folder

Cannot copy xxx: The specified network name is no longer available.

Why?

Well, I’m trying to copy a folder from my Windows XP SP2 Pro workstation onto my network share drive, which in fact is a samba (smb) server running on my “CentOS release 4.6 (Final)” box.

First thing to do is to check the error logs (generally) at “/var/log/samba”…

Sep  8 16:26:13 blade smbd[5913]: [2008/09/08 16:26:13, 0] lib/util_sock.c:read_data(534)
Sep  8 16:26:13 blade smbd[5913]:   read_data: read failure for 4 bytes to client 192.168.0.3. Error = Connection reset by peer
Sep  8 16:26:14 blade smbd[5914]: [2008/09/08 16:26:14, 0] lib/util_sock.c:set_socket_options(237)
Sep  8 16:26:14 blade smbd[5914]:   Unknown socket option TCP_NODELAY_SO_RCVBUF
Sep  8 16:26:14 blade smbd[5914]: [2008/09/08 16:26:14, 0] lib/util_sock.c:set_socket_options(237)
Sep  8 16:26:14 blade smbd[5914]:   Unknown socket option SO_SNBUF

Doesn’t seem very helpful…

I can’t work out why I’m getting these errors, why is the peer being reset?

I learned that the peer is the client machine that the server is peering to, which means the problem is that my workstation is disconnecting me.

I checked my Event Viewer (%SystemRoot%\system32\eventvwr.msc), which said:

NetBT failed to process a request because it encountered OutOfResources exception(s) in the last 1 hour. Event ID: 4322

I might have known that the problem would be with windows and not linux.

However, maybe I spoke too soon, as a quick search lands me on the redhat site, which states:

* when Windows® clients performed file operations on files stored on a
Samba share, various error messages popped-up, and the “Event ID: 4322”
error was logged on the Windows® clients:

NetBT failed to process a request because it encountered OutOfResources
exception(s) in the last 1 hour.

Which does describe the problem I’m having exactly, although i’ve only been experiencing this recently…

On the other hand the Microsoft site suggests I should Disable then Enable the network adapter…

I tried this, and it appeared to work… At least for now…

Low and behold I soon got this error a short time later. Now what?

I decided to take a look into the samba bug mentioned above. Apparently the problem is seen in Samba 3.0.25 and 3.0.25a, but not Samba 3.0.24. I am running 3.0.25b-1.el4_6.5 (smbd –version).

After investigating my yum log (/var/log/yum.log) I see the following…

Jul 08 01:38:04 Updated: samba-common.i386 3.0.25b-1.el4_6.5
Jul 08 01:39:11 Updated: samba.i386 3.0.25b-1.el4_6.5
Jul 08 01:39:17 Updated: samba-client.i386 3.0.25b-1.el4_6.5

This means that it’s not very likely to be that as I’ve been running it for more than two months, and i’ve only recently switched to this workstation (after an uber hardware failure).

I tried from another machine, and I can copy anything without seeing these errors… The plot thickens…

I’m now convinced that the problem is with my workstation and not the server. Now what?

I noticed a thread by a guy who mentioned that his machine (like mine) was up to date, SP2, but did not have IE7, unlike my other machines. This interested me. Maybe his bug isn’t fixed in the version I’m using? I think it is, it’s quite old…

However, it seems his solution was to upgrade to 3.0.25c and/or change the connection from “netbios-ssn” (port 139) to “microsoft-ds” (port 445)… somehow. I checked on both ends, and appears I’m already using “microsoft-ds” on this machine anyway…

Frustration is starting to kick in…

I’m out of ideas, perhaps I should roll back to an older version, see if that helps? My logs report this as been the previous version:

Jun 07 17:01:55 Updated: samba-common.i386 3.0.10-1.4E.12.2
Jun 07 17:04:29 Updated: samba-client.i386 3.0.10-1.4E.12.2
Jun 07 17:07:44 Updated: samba.i386 3.0.10-1.4E.12.2

I had second thoughts about this when reading the samba change log (rpm -q –changelog samba). There seems to be quite a few security fixes that I’d rather keep…

I’m totally out of ideas… “yum remove samba” it is… However, apparently to install an old version I have to first install a plugin called “yum-allowdowngrade”.

This is getting complicated, especially when it probably isn’t a problem with the server.

I decided to try an updated version instead…

yum remove samba
yum remove samba-common
rpm -i http://charliebrady.org/samba/samba-common-3.0.30-0.i386.rpm

rpm -i ftp://ftp.pbone.net/mirror/www.startcom.org/AS-4.0.0/os/i386/StartCom/RPMS/perl-Convert-ASN1-0.18-3.noarch.rpm
rpm -i http://charliebrady.org/samba/samba-3.0.30-0.i386.rpm
service samba start

It’s installed, and it started, however I appear to have lost my settings.

mv /etc/samba/smb.conf /etc/samba/smb.conf.recent
mv /etc/samba/smb.conf.rpmsave /etc/samba/smb.conf
service smb restart

Testing, and so far so good!

In summary, when I was convinced it was the silly windows based client workstation, instead it was the insanely overly complex linux server. This could all be avoided if redhat/centos wasn’t so keen on backporting and I had the latest version in the first place.

I look forward to the updates.

Ident is important on IRC as some servers do not allow you to connect unless you have an ident, while others do, you find yourself with a tide (~) prefix before your username. These are sometimes banned. For example:

[email protected]

#This is an example of a real user with a real ident

[email protected]

#This is an example of a possible exploited system

Generally the ident server (such as oidentd) will return the user’s username as the ident when it is requested, however on my servers, I allow some of my users to spoof their ident.

This means they can change their ident to whatever they like, regardless of their username.

To do this, you need to create the $HOME/.oidentd.conf file, with the following content:

global { reply ‘$ident’}

#Note: Where $ident is, replace with the ident you want.

I know some users find this a bit difficult or confusing, so I created a script to do it for them.

• setident.sh – A script used to set your ident

It’s works fine using the sh unix shell on FreeBSD.

If you are on my shell servers, you should be able to take advantage of this using the “setident” command.

Enjoy!