Archive for November, 2008

Querying the health of your domain and DNS


I run a lot of domains for clients, Open Source projects and my own pet projects… and keeping them all registered, updated and proper zone files for forward and reverse DNS can be complicated. I run my own DNS, and would never trust a third-party to do it again. I used to use a third-party to manage my DNS, but their web-based system was clunky and wasn’t as fast as I needed it to be.

But checking the quality of your DNS records is another matter entirely. For example, there’s a huge difference between writing HTML, and writing valid HTML. This is why HTML validation exists.

Likewise, there is also a need for “DNS validation”. Enter DNS health and checking tools.

Previously, I used a free service called “DNS Report” from DNS Stuff, and it worked great… but decided to go non-free, and requires subscription to get to the same report data that they used to provide gratis. Seems that whenever someone feels they can charge for something, they do.

I’ve been seeking out another alternative, something free and full-featured. There are quite a few, and some are shady… but here’s the list I’ve found, along with my personal review of their “quality”:


This is a no-frills DNS checking service. It basically gives you a quick rundown of your domain through the root servers, your local nameservers, the version correlation (making sure the serial in your zone file matches), your webserver and your mail server.

Pros: It just works, plain-jane simple. I wish it had more detail like the ability to check reverse DNS, traceroute, check route status, rate the speed to resolve DNS queries and so on.

Cons: No suggestions for resolving anything marked as an issue or conflict. If you know DNS inside and out, the errors are obvious, but if you don’t… it can be cryptic. For example, my mailserver is greylisting all incoming connections, so it will return a 421 response instead of the expected 250 response. Their incoming probe looks like the following to my DNS server:

Nov 30 15:53:15 neptune sm-mta[11904]: mAUKrEPP011904: Milter: from=, reject=421 4.3.2 graylisted - please try again later


Pros: Simple and fast. The results it returns are very similar and almost identical to the ones provided by DNSReport. Here is one example against one of my most heavily-hit domains;

Cons: No real details on how to fix the issues it reports. It may report that your SOA refresh is not correct, but lacks any recommendations on how to fix it (i.e. increase/decrease the timeout, etc.)


Pros: Fast, clean and tests a lot of various bits about your DNS: SOA, coherence, serial, illegal characters, ip-to-ns matching and so on. Very thorough.

Cons: While it is powerful, the resulting report isn’t exactly the most user-friendly, and the initial interface is… well, clunky as well.

Here’s a sample of the output from one of my domains:

     Testing: misused '@' characters in SOA contact name (IP=
     Testing: illegal characters in SOA contact name (IP=
     Testing: serial number of the form YYYYMMDDnn (IP=
     Testing: SOA 'expire' between 1W and 6W (IP=
     Testing: SOA 'minimum' between 3M and 1W (IP=
     Testing: SOA 'refresh' between 1H and 2D (IP=
     Testing: SOA 'retry' between 15M and 1D (IP=
     Testing: SOA 'retry' lower than 'refresh' (IP=
     Testing: SOA 'expire' at least 7 times 'refresh' (IP=
     Testing: SOA master is not an alias (IP=
     Testing: behaviour against AAAA query (IP=
     Testing: coherence between SOA and ANY records (IP=
     Testing: SOA record present (IP=
     Testing: SOA authoritative answer (IP=
     Testing: coherence of serial number with primary nameserver (IP=
     Testing: coherence of administrative contact with primary nameserver (IP=
     Testing: coherence of master with primary nameserver (IP=
     Testing: coherence of SOA with primary nameserver (IP=
     Testing: NS record present (IP=
     Testing: NS authoritative answer (IP=
     Testing: given primary nameserver is primary (IP=

And the results from that:

Test results
  ---- warning ----
   w: Reverse for the nameserver IP address doesn't match

   w: [TEST delegated domain is not an open relay]: Mail error (Unexpected closing of connection)
     * generic

   w: [TEST can deliver email to 'postmaster']: Mail error (Unexpected closing of connection)
     * generic

   w: [TEST domain of the hostmaster email is not an open relay]: Mail error (Unexpected closing of connection)
     * generic

  ---- fatal ----

   f: [TEST can deliver email to hostmaster]: Mail error (Unexpected closing of connection)
     * generic

Final status

   FAILURE (and 5 warning(s))

Network Tools

Pros: You get what you get. Just information, in a raw, unstructured way.

Cons: Clunky, inconsistent GUI, information returned is returned haphazardly, in a very unstructured and unintuitive way.


Pros: Lots of tools to check the health of your domain, dns, dns records, IP, routing and so on.

Cons: Bad colors and an unstructured user experience.

The UI could use a bit of work and the blue and white is a bit painful on the eyes, but you get what you get. They’re basically using OSS and other tools under the hood to make this work (dig, in at least one case). This could leave them subject to some interesting exploits.

DNS Tools from Domain Tools

Pros: It is what it is, another plain-jane DNS query service. It allows you to ping, traceroute and report on the zone records for the domain you enter.

Cons: Too basic, not very useful above and beyond what I can do on my own from my own server.

This one, like some of the others, just wraps common OSS tools to query DNS records, and presents them in an unstructured, “raw” format. No attempts to make any suggestions or recommendations to any issues that are reported.

Free DNS Report

This looks suspiciously-similar to DNS Report’s older UI. Some have suggested that this is a scam site, harvesting domains for parking or hijacking by poisoning the DNS of misconfigured domains. Mine domains are fine and secured, so I don’t mind testing them through this.

Pros: They actually do provide some basic recommendations to help resolve issues that are reported.

Cons: Not enough detail or depth on the DNS, zone, MX or domain itself. It is about 1/4 of what dnsreport was.

You Get Signal

Pros: Positive marks for the most-unique and humorous domain name. You can do ping, visual traceroute, reverse domain lookups, port-forwarding tester and so on. Not as full-featured as some of the others, but the information provided is somewhat structured in nature.

Cons: They made some good attempts at structure and visual appeal. They could use a bit more polish and more tools to round out the “suite” they provide, but it is what it is. The interface does “overlap” in places, tucking the output underneath other bits of the HTML and the maps, but you can select the text in your browser and paste it elsewhere to read it if you want.


While a lot of the tools make attempts to provide what you need to make sure your domains, MX, IP, routing and so on is correct, none of them really match what dnsreport used to provide for free. If I had to choose one out of the list above, I would choose intoDNS for First Place and CheckDNS for a close Second Place.

Ultimately, I may just write my own to do this, and make it spiffy. That’s the worst part about being in “First Place” (as dnsreport was): It’s easy to see where you missed the market, and open up a field for competition to dive in and take it from you.

I did something similar for my SEO keyword analysis tool. I was so frustrated with the inferior, broken alternatives out there… that I just wrote my own. Free, gratis, go play and have fun. It works for me and that’s why I wrote it.

Convert your Ogg Vorbis files to mp3


First, I know you’re going to ask why you’d want to go from a high-quality VBR format like Ogg Vorbis to the paltry, low-quality mp3 format… and to that I have one word: Apple.

Apple saw fit in their infinite wisdom to NOT support the freely-available and license/patent free Ogg Vorbis audio format in their iPod and iPhone devices. Instead, they support the proprietary, licensed, restrictive mp3 formats instead.

The near-sightedness of commercial companies never ceases to amaze me.

To solve that, you can convert your oggs to mp3 (obviously, keeping the original .ogg files for your personal library), using the following one-liner (separated into multiple lines for ease of explanation):

for i in *.ogg; do 
[[ ! -a "${i%ogg}mp3" ]] && 
oggdec "$i" -o - | lame --preset standard - "${i%ogg}mp3" ; 

Now you can drag those mp3 files onto iTunes and sync them to your iPod or iPhone device. I much prefer SongBird on Windows and amaroK on Linux over iTunes, but… some may not have that option.

Easter Eggs in

Easter Eggs in

Have you ever wanted to play Space Invaders while working on your spreadsheet? Well now you can… with Calc! Simply put the following function in any Calc cell to play your own game:


Voila! Now waste more time inside your office suite, just like the 3D virtual fly-over built into Microsoft Excel.

VMware fix for USB Palm connectivity

Tags: ,

If you’re like me, you use VMware Workstation heavily. I use it for testing, development, cloning and all manner of other things. One thing that has nagged me since upgrading to the 6.x series of Workstation is that native USB Palm synchronization stopped working.

I can sync over Bluetooth to Windows XP running inside the VM, but I can’t sync natively using the USB cable itself. Windows sees the device as a “Palm Handheld”, VMware connects it, all looks good… but it never actually wakes up the Palm HotSync applet in the System Tray.

Apparently VMware added “port reset forwarding” to the host for Workstation 6.5 but Palm devices (most, if not all) don’t work with this change. To offset that, they’ve added a way to control this, including a new way to control the “skipsetconfig” parameters on a per-device basis.

First, you’ll need to find the vendor id (vid) and product id (pid) of the Palm device you’re trying to connect to. You can usually snarf this out of the vmware.log for that VM session. Mine reported something like this:

Nov 23 13:56:52.371: vmx| USB: Found device [name:Palm\ Handheld vid:0830 pid:0061 path:5/1 speed:full family:vendor]

This means the Treo 680 was: vid:0830 pid:0061

You’ll also note that these are identical to the vendor_id and product_id that we use in pilot-link and other projects on the Linux side.

Then, you add a usb.quirks.deviceX line with the vid:pid pair, followed by the quirk. The two known “quirks” that help USB Palm devices are skip-setconfig and skip-reset. Here is the quirk entry to add to your VM’s vmx config file for the above example:

usb.quirks.device0 = "0x0830:0x0061 skip-setconfig, skip-reset"

Note that you need to use a 0x to denote that the number is hex, which is different from the vid:(hex number) used in log line and autoconnect lines. If you don’t put a 0x, it assumes a decimal number.

From the original thread in the VMware forums:

“This also acts differently than the usb.generic.skipsetconfig setting in that the skip-setconfig is only activated for a specifc device using a quirk versus having it turned on for all devices with the global usb.generic.skipsetconfig. Most devices can tolerate receiving multiple setconfigs and most devices don’t use anything but the first config. There are some devices that may need to set a second or third config, so using a skip-setconfig quirk for only those devices that need it and not using the global usb.generic.skipsetconfig is preferred.”

After setting this, uninstalling Palm Desktop, shutting down VMware entirely, rebooting and reinstalling Palm Desktop + HotSync, everything started working again.

My new favorite female vocalist

I’ve always been a fan of female vocalists, from Lisa Loeb, Deanna from Accidental Groove (met her back at “Billy Wilson’s” when she was still doing gigs in local bars), Loreena McKennitt, Kerry Lauder (who seems to have vanished from the planet, other than her albums on Amazon), Seryn Potter from the band “Seryn” (where my daughter got her name) now at Flirt Brooklyn and others… If they’ve got a Celtic accent, they’ll turn my head even more. I’ve met some of these beautiful artists in person and have created some great friendships as a result…

But recently I’ve been turned onto a new, up-and-coming singer/artist… Marié Digby. Her voice, her lyrics and the depth and power just seems to come through in so many ways. I also like that she’s constantly trying to find new ways to express herself, through the acoustics of her own bathroom to a wooden schoolhouse room during a video shoot.

Here are some samples so you can judge for yourself:

Can you speak g-speak? Oblong can!

g-speak by Oblong Industries is a new way of data input and manipulation using a spatial context. The g-speak operating system is “gestural I/O, recombinant networking, and real-world pixels,” to deliver what the creators call “the first major step in computer interface since 1984.” This may sound confusing, so give the video a watch and see for yourself.

Just watching the video gave me dozens of ideas where this could be used, from real-time video surveillance and tracking to traffic monitoring to gps and mapping applications to collaborative design and art and desktop publishing.

The possibilities for this are endless…

g-speak overview 1828121108 from john underkoffler on Vimeo.

The financial problem creeps deeper into the system

It seems that the financial problem plaguing many in the US is further along than we are being publicly told. I just received an email that included:

“You recently may have received a rebate check from BJ’s Wholesale Club. Please do not deposit or cash this check if you have not done so already.

We apologize for the inconvenience of this unusual request. Our rebate processor, Continental Promotion Group, Inc. (CPG), informed us that they do not have sufficient funds to cover the checks they have issued under BJ’s name.”

Is this a precursor of things to come?

I dread the Christmas retail season… Many retailers rely on the busy holiday shopping season to float their profits through to the new year and into 1Q09. With people losing their jobs at an ever-increasing rate and the price of gas and fuel oil on everyone’s mind, there probably won’t be a lot of free money floating around to spend at these retailers. Less money spent means less money earned. Many retailers may just close up shop forever after the new year begins.

So it begins…

Bad Behavior has blocked 2878 access attempts in the last 7 days.