Andrew Latham
  1. Name servers have glue records[a] setup via the registrar
  2. Base (apex) domain (@) and www point to the same IP(s)
  3., return all the mail and name servers respectively
  4. SOA[b] email address works and is read by a human daily
  5. Name servers are on more than one subnet
  6. SOA serial is not date based
  7. Wildcard and or Generated answers for undefined PTR[c] records
  8. Registrar offers API to update glue records for mitigating DDOS[d]
  9. Documentation is easy to find
  10. Disaster recovery is tested on a schedule
b. Start of Authority
d. distributed denial-of-service attack
Andrew Latham

Easy start with Ansible

Example from a local ansible source tree without using any install to run adhoc commands


Download or checkout the software, unpack and change into the base directory. We will then run a script to setup the environment. This can and should be done as a user and not root. Note you may need to install packages like python3-paramiko, python-paramiko, python3-jinja2, python-jinja2, python3-yaml, python-yaml and others to use Ansible.

cat hacking/
source hacking/env-setup

Assume key works

./bin/ansible all -i, -a "uname -a" | SUCCESS | rc=0 >>
Linux nodeone 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1 (2016-12-30) x86_64 GNU/Linux

Set key

 ./bin/ansible all -i, -a "uname -a" --private-key=~/.ssh/id_rsa | SUCCESS | rc=0 >>
Linux nodeone 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1 (2016-12-30) x86_64 GNU/Linux


./bin/ansible all -i, -a "whoami" --private-key=~/.ssh/id_rsa | SUCCESS | rc=0 >>

become root via su

./bin/ansible all -i, --private-key=~/.ssh/id_rsa -b --become-method=su -K -a "whoami"
SU password: | SUCCESS | rc=0 >>
Andrew Latham

Using tools like libvirt, virt-manager to network boot (PXE) systems.


mkdir -p /srv/tftp
cp -r your_pxelinux_stuffs /srv/tftp/
virsh net-edit default




<tftp root='/srv/tftp'/>
  <bootp file='pxelinux.0'/>


virsh net-destroy default && virsh net-start default


Andrew Latham To find your external IP or how the world sees you I setup the simple tool at


If you want to make your own then here is what the source of mine is. You can do all sorts of fun hacks but simple is best some times.

$ ssh "cat public_html/"
<?php print $_SERVER["REMOTE_ADDR"];