we have a domain name example.org which is used in our headquter.

example.org resolves to the headquaters external ip (dynamic DNS) and the subdomains to hosts/servers.

now we got a second buero connected via VPN to the headquater. In order to be able to resolve those hosts/servers without adding the main-dns-server (which is only reachable via vpn) as the new bueros primary DNS I would like to sync the headquaters zone-files to the bueros DNS (bind) server.

This works but i have the problem, that once I'm using this zone "example.org" is resolved to an internal address so I'm no longer able to establish my VPN-connection.

any hints what I'm doing wrong ?

I've read about subzone forwarding and tried to forward "ext.example.org" to an external DNS-server and make the VPN use ext.example.org instead of example.org (ext.example.org is CNAME for example.org) but I could not get it to work...

Is this the right direction or are there better solutions ?

Thanks.

performance of my setup is quite good (geekbench, how it 'feels', ...) even disc throughput (libvirt on raw lvm-partition) is very close to the raw performance on the server) but IOP/s are as low as 100-200 guestside (compared to ~1000 hostside) on both linux and windows-guests.
Is this a thing to live with (kvm just can't do it better) or am i doing something completely wrong ?

The interesting thing is that i was able to impact the throughput by changing the setup (qcow2 vs raw-image vs raw-partition) or the configuration (caching or io-scheduling) and variations but IOPs stayed at the same low point over all those combinations.

hardware#

• supermicro dual xeon E5520 with 24GB RAM
• 2x seagate constellation 1TB (RAID1 on Adaptec 3405)
• 2x seagate cheetah (RAID1 on Adaptec 6405).

software

• ubuntu 11.10 3.0.0-13-server
• kvm/QEMU emulator version 0.14.1 (qemu-kvm-0.14.1)
• benchmarking the disks (bonnie++, hdparm) from the hosts and guests (bonnie++, hdparm, hdtune on windows)

config

i tested several disc-configurations, the current setup is:

linux hosts

(They just don't "need" hight IO-Performance so i keep the more comfortable discfiles)
• qcow2 disc files on lvm on my constellations
• qemu/ide

<disk type='file' device='disk'>
  <driver name='qemu' type='qcow2'/>
  <source file='/media/vm/images/mex/mex_root.qcow2'/>
  <target dev='hda' bus='ide'/>
  <address type='drive' controller='0' bus='0' unit='0'/>
</disk>

windows hosts###

(Running SQL-Server and Remote-Desktop-Services, so here I definitely need a good IO-Performance)
• raw lvm partitions on my cheetahs
• virtio

<emulator>/usr/bin/kvm</emulator>
<disk type='block' device='disk'>
  <driver name='qemu' type='raw' cache='none'/>
  <source dev='/dev/Cheetah/mts'/>
  <target dev='vda' bus='virtio'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</disk>

is there a way to let terminal services make some kind of 'abstraction' over the physical network interfaces of the server so they can be managed via gpo to grant or prohibit access for different users?

the basic idea is to have 2 network interfaces (user and server/management) and not letting users within terminal sessions access the server/management network.

or is this just impossible ? what would be a better way to do this ?

I'm running some Xen-servers and started migrating to KVM.

Currently my guests are either running on raw-images or LVMs.

I found libvirt providing some very nice snapshot features (virsh snapshot-create, ...) so I decided to use qcow2 instead of raw/lvm.

And here is my question: libvirt creates the same sort of snapshots on the qcow2 image as if I use qemu-img - is it possible to mount them ? I read something about qemu-nbd and the possibility of mounting qcow but I could not find a word about snapshots.