Andrew Latham
  1. Name servers have glue records[a] setup via the registrar
  2. Base (apex) domain (@) and www point to the same IP(s)
  3. mail.example.com, nameservers.example.com return all the mail and name servers respectively
  4. SOA[b] email address works and is read by a human daily
  5. Name servers are on more than one subnet
  6. SOA serial is not date based
  7. Wildcard and or Generated answers for undefined PTR[c] records
  8. Registrar offers API to update glue records for mitigating DDOS[d]
  9. Documentation is easy to find
  10. Disaster recovery is tested on a schedule
a. https://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records
b. Start of Authority
c. https://en.wikipedia.org/wiki/Reverse_DNS_lookup
d. distributed denial-of-service attack
Andrew Latham

Easy start with Ansible

Example from a local ansible source tree without using any install to run adhoc commands

Setup

Download or checkout the software, unpack and change into the base directory. We will then run a script to setup the environment. This can and should be done as a user and not root. Note you may need to install packages like python3-paramiko, python-paramiko, python3-jinja2, python-jinja2, python3-yaml, python-yaml and others to use Ansible.

cat hacking/README.md
source hacking/env-setup

Assume key works

./bin/ansible all -i 192.168.15.11, -a "uname -a"
192.168.15.11 | SUCCESS | rc=0 >>
Linux nodeone 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1 (2016-12-30) x86_64 GNU/Linux

Set key

 ./bin/ansible all -i 192.168.15.11, -a "uname -a" --private-key=~/.ssh/id_rsa
192.168.15.11 | SUCCESS | rc=0 >>
Linux nodeone 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1 (2016-12-30) x86_64 GNU/Linux

whoami

./bin/ansible all -i 192.168.15.11, -a "whoami" --private-key=~/.ssh/id_rsa
192.168.15.11 | SUCCESS | rc=0 >>
lathama

become root via su

./bin/ansible all -i 192.168.15.11, --private-key=~/.ssh/id_rsa -b --become-method=su -K -a "whoami"
SU password: 
192.168.15.11 | SUCCESS | rc=0 >>
root
Andrew Latham

Using tools like libvirt, virt-manager to network boot (PXE) systems.

TL;DR;

mkdir -p /srv/tftp
cp -r your_pxelinux_stuffs /srv/tftp/
virsh net-edit default

replace

<dhcp>

with

<tftp root='/srv/tftp'/>
<dhcp>
  <bootp file='pxelinux.0'/>

then

virsh net-destroy default && virsh net-start default

Profit

Andrew Latham

http://lathama.com/ip/ To find your external IP or how the world sees you I setup the simple tool at http://lathama.com/ip/:

curl http://lathama.com/ip/

If you want to make your own then here is what the source of mine is. You can do all sorts of fun hacks but simple is best some times.

$ ssh lathama.com "cat public_html/lathama.com/ip/index.php"
<?php print $_SERVER["REMOTE_ADDR"];