29 September 2015

Pelikan M805 Blue/Black

There are few brands that I drool over more than Pelikan.  So it was very exciting when I received this pen in the mail from Rolfe at Missing-Pen.de.  First, I have to say, if you are looking for a Pelikan, I can not recommend Missing Pen enough.  Rolfe is a joy to work with and his service is prompt and thorough.  I was also treated with some of his store exclusive Diamine Ink "Racing Green"  More on that later.

I have had this pen long enough now to get my thoughts together about it.  I would have posted sooner, but we have had a lot going on.  I guess the first thing to answer is "Why the M805 in Blue?"  I can not afford a M1000 at this point, and I was nearly about to go for the M800 in red several years ago when I first started looking at getting one of these, but the blue just.... strikes my fancy.

My understanding is that the Pelican with its Baby has often been used as a symbol of Christianity because the Pelican will pierce it's own chest and feed its young blood if food is in short supply, which can be referenced to Christ, having His side pierced for all of us. For more reading on that: The Symbolism of the Pelican.

Engraving on the front of a Catholic Alter

I don't know if that was the intention of Pelikan, but I like the idea that it was.  There are plenty of luxury fountain pen companies, so the idea that one might be a bit more noble, impresses me.  I may just be coming up with excuses to like Pelikan more, but I think it's nice to be able to put my finger on some of the intangibles.... and I already like the brand.

And, seriously, there are plenty of reasons to like the brand.  I enjoy all the details.  The motif of the pelican moves on to the clip where the eye and bill are represented.  That slight swoop at the end makes it a very functional clip too.

The pattern is also very interesting.  I like the Stresemann pattern.  It is different and interesting.  There are very small imperfections in some of the blue strips, but I like it, it makes mine unique.  The Pelikan website has a better explanation of the history of the man behind the pattern:

The foreign minister of the Weimar Republic, Gustav Stresemann (1879- 1929), was honored with the Nobel Prize for Peace in 1926: Together with his French colleague Aristide Briand, he was acknowleged for his reconciliatory work between the nations after World War I. Besides his impressive political career, Stresemann also became famous for the creation of a new kind of suit that was still sufficiently formal for official presentations and yet comfortable enough for his work at the office. Stresemann liked to wear suits with thin stripes, and, as life sometimes goes, a legend developed … and suddenly, people called the striped fountain pens from Pelikan -- that were just then starting their global tour of success around the world -- by the name of "Stresemann“.
Both the suits and the pens still carry that name to this day. 

Being part of the Souverän series of pens, the 805 has a piston filling system.  The differential screw piston filler is really one of the things that made Pelikan famous. 

From: http://www.gentlemansgazette.com/pelikan-fountain-pen-guide/
Pelikan’s fountain pen was revolutionary in the sense that it had a piston mechanism that consisted of  differential threads. This mechanism was invented by the Hungarian engineer Theodor Kovács and filed in 1921 and patented in 1923. Using two threads with different telescope thread leads, the piston moves much faster than with a single thread. This not only allowed for a quicker charging by simply turning a knob, but it also increased the capacity considerably. On top of that, the use of cork prevented the fountain pen from leaking. Pelikan bought the patent for this invention in 1927 from Kovács since he failed to create a working fountain pen with his Croatian business partners. Pelikan later substituted the cork with plastic as seen below, because cork dries out over time and decreases in volume, causing the fountain pen to leak.

That is a beautiful nib.  I realize I am gushing about this pen, so it may be surprising that I had a small, short lived disappointment.  I am not sure if mine just needed some break in time, or it had slight baby's bottom, or what, but I did have some skipping and hard starts until I had ran about 2 fills through it.  I have heard that Pelikans sometimes need breaking in, so I was not too stressed... but I still think it should have written perfect out of the gate.

Other than that small hiccup, it has been a wonderful nib.  It is a European Medium.  I have found it true to my idea of medium.  It is, of course, wider than a Pilot, or Sailor, etc.  It does not really seem any wider than my Montblanc M, or my Lamy M.

It is an 18k gold nib, plated with rhodium.  It is not a particularly soft nib, but it certainly is not a nail.  It's nice.

I have other German pens, but these three are my German Knights.  If I put the Lamy 2000 right next to the Montblanc 149 they would seem in more stark comparison; the Pelikan M805 is a nice balance between the two.

I do realize it would be more appropriate to compare the Pelikan M805 to the Montblanc 146, but I don't have a MB 146, I DO have a MB 149.  I really want a Pelikan M1000 now, but it will have to wait, besides the M805 is really the perfect size for daily use.  The two companies have a history together, too.   There was even a time that Pelikan made the ink for Montblanc and Montblanc made the nibs for Pelikan.

This is not my best handwriting, but someone had commented that the Pelikan sizes run a bit broad compared to others.  I can agree with this.

As I was taking the pictures for this post, my 7 year old reminded me that we had gotten TWO new pens.  It is true, I also purchased a new pen for my wife.  Neon Coral Lamy Safari, the limited edition color for 2014.

In conclusion, I am smitten.  I love the pen. I love the nib, the size, the color, the whole brand.  If you have ever been on the fence about Pelikan... come on in, the water is fine.  I can also recommend Rolfe Thiel with Missing-Pen (http://stores.ebay.com/missing-pen)  He is a joy to work with, has excellent service, and phenomenal prices.

My expectations have been exceeded, and that is a rarity.  I am not often blown away.

28 September 2015

The Day the DNS Died / BIND Triage Server Array

(Credit Jon Watson)

DNS is such a pivotal, central, important part of not just internet browsing, but of everyone's IT infrastructure.... and yet, when it died, I was left to eulagize, alone, at its funeral.  I don't mean to be melodramatic, and I am not going to start singing any Don McLean songs, but I do want to complain.  I AM the IT department, so when something like this breaks and I come up with a great solution, I can't share with anyone.

The best I ever get to do is give analogies... and I usually send them before lunch so it usually has something to do with food or cars, or both:

Our internet is running slow... Technically, our name resolution is running slow.  The internet is now running much faster.  It’s kind of like a pizza delivery guy who drives an Austin Martin DB9 with a super charged V8, but doesn’t know the area, doesn’t have a phone book and has a GPS device from the 90’s whose batteries have run out.  We have been having collisions on the network, and our DNS (internet phone book) is trying to resolve every one of them.  I am loading up a second DNS server right now, and separating internal and external traffic so we can get through testing, and you all can take advantage of our faster internet.  Please be patient this morning and I will keep you all up to date.  
- Tom
We should probably start at the beginning.  I am the sys admin for an "Urban-Ring" School in the midwest. We have a fairly standard setup. We have fiber running from every rack and between every building.  We have a standard AD Windows Domain setup with backup DCs. Our DHCP is also one of the Domain Controllers (DCs).  It feeds both the primary Windows DNS Server and the slave.  Because of the continual need for both internal and external resolution of names and addresses, our Windows machines serve up everything, and are the only DNS servers our clients see.  We have a SonicWall with content filter, firewall, etc... for a gateway.  All very standard.

I am very happy with our Windows servers.  They are easy to manage, they are scale-able, and they have always done exactly what I wanted them to.    We have several virtual networks on our one physical network.  We are in the process of running more fiber so that we have 2 more physical networks.  The problem entered in when we doubled the clients on the network.  We are in the middle of switching our security cameras to IP cameras, and we just added 55 IPads to the system.  We have the IP addresses, and we have the outgoing bandwidth.  But one afternoon, everything screeched to a halt.

I was frantic.  Running every test I know to run, I ruled out anything obvious.  In the end I found an overworked primary DNS server and a useless secondary, and lots of collisions on the network.  I needed a fast solution so that we could get through some standardized testing, and keep our IT services going until I could finish our expansion and put things right.

My solution was a BIND Triage Server Array.  You will not find anything on google about a BIND TSA, but is seemed like a good name for what I was doing.  Essentially, I needed a few forward only DNS servers to seperate out our internal traffic and outgoing traffic, and get it to the right place.   I wanted to continue using my DHCP and AD DCs for internal resolution because it is more efficient and verbose for Windows machines.  All of our IPads and such  were not going to be authenticated by the firewall and content filter at the sonic wall.  BIND is a fast, easy solution.

Here is how I did it:

Spin up CentOS 7, minimal install, headless.

Give the machine a static IP during install.  The DNS server is going to be changed latter, at this point use your standard DNS, or so that it can download additional programs.

Once you are up, install BIND and its utilities, nano (text editor), wget (to update your root fowards), and tcdump (to monitor things).

$ sudo yum install bind bind-utils
$ sudo yum install nano
$ sudo yum install wget
$ sudo yum install tcpdump

OR the quick and clean method of installing them all:

$ sudo yum install -y bind bind-utils nano wget tcpdump

The first thing I do, before I start editing my config file, is make sure my root fowards are up to date.

$ sudo wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /var/named/named.root

Now, we can edit.

$ sudo nano /etc/named.conf

I changed a few things to make it simple.  This is for a test network, we use different subnetting, but that is for another day, is simple.  Change the IPs to match your network.

The listen-on port is the internal and static IP of the DNS server.
Change your allow-query to your network
Set your forwarders as your ISPs DNS servers
Change the name of the root fowards file
The two other zones are for your internal network.  In this case is the test networks AD DC, DHCP, and DNS server.

// named.conf
options {
        listen-on port 53 {;;};
        listen-on-v6 port 53 { ::1; };
        forwarders {;;
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost;;};
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
zone "." IN {
        type hint;
        file "named.root";
zone "myschool.edu" {
  type forward;
    forward only;
    forwarders {; };
zone "0.168.192.in-addr.arpa" {
    type forward;
    forward only;
    forwarders {; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Make sure you didn't jack it up....

$ sudo named-checkconf

Make sure clients can connect through your firewall.

$ sudo firewall-cmd --permanent --add-port=53/tcp
$ sudo firewall-cmd --permanent --add-port=53/udp
$ sudo firewall-cmd --reload

And, we want it to start on boot.

$ sudo systemctl enable named

and GO.....

$ sudo systemctl start named

Now we want to change our DNS server's DNS server, first check what the name of your NIC is.

$ sudo nmcli connection show

This DNS server's connection was p3p1.... so ...

$ sudo nmcli con mod p3p1 ipv4.dns ""

At this point, change the DNS servers for your clients to the DNS servers static IP, and we can test the system.  The following command will let you log all the queries going to the new DNS server.

$ sudo rndc querylog

To actually see the logs....

$ sudo tail -f /var/log/messages

or get fancy with perl .... do install perl

$ sudo tail -f /var/log/messages | perl -pe 's/.*named.*/\e[1;31m$&\e[0m/g'

If you want more information, use tcpdump.  Note that you use the name of the NIC connection, in this case p3p1.

$ sudo tcpdump -n -s 1500 -i p3p1 port 53

Spin up a second one to make sure you are redundant.  I actually found that this works really well, and may leave it like this for a while.  It is easy, peasey, and quick to change.