Writing

Feed Software, technology, sysadmin war stories, and more.

Wednesday, August 17, 2011

When I routed around techno-weenies with datapipe

There was a point when my high school had its own student-run BSD/OS box. It originally wasn't student-run, but it turned into that after the originator left for greener pastures. Unfortunately, that was not to last. The bigger school district in which it was part started tightening its grasp around all things networking, and this environment was no exception. They did some stupid things, and I had to work around them. This is just one such hack.

For several years, we had control of our own DNS destiny. We were the primary nameservers for our particular chunk of K12 space, and life was good. When the district came along, they started usurping things, and that chunk of DNS was one of them. They went over our heads to the people higher up in the hierarchy and got it delegated to them. We were okay with this at first because they were advertising the same data, so things kept working. Where this story begins is when they screwed it up.

So, keep in mind these guys didn't even understand how a zone serial number worked, and they were trying to run authoritative DNS for an entire district. That should tell you about the level of cluelessness which was present. One day, they dropped our MX record.

This was after the point in which our Unix box had been moved onto their network. Initially, we had a PPP dialup and a /22 worth of space routed down to a little machine parked at the local university. As part of our agreement with the district, our box at the school was disconnected from that PPP and put on their network. They never routed our IPs, so we had to join their IP space. Our old IP space and that old dialup host box just sat there, doing very little.

When they pulled our MXs, they re-published the old A record. Hosts which were attempting to send us mail started falling back to that A record. It would get to our old machine out at that university and would die, since at that point, the PPP was down and was never coming back. But then, I got clever.

First, I added that old A record's IP address as an alias to the former dialup host. I figured it would pretend to be that machine. Then I started up a datapipe process, hacked it to be able to bind to a specific local address, bound it to port 25 on that specific IP address, and pointed it at the school district's mail exchanger. That made incoming connections land on the right host even though DNS was totally screwed up.

All of this worked! Our five-year-old e-mail addresses started working again. It was clear that the idiots at the district had no idea how to take care of users, but it didn't matter much, since I had a whole bag of tricks and could route around them in my sleep.

There are many stories of stupidity from that era of their takeover. This is just the first.