[sf-lug] (forw) SF-LUG pages
Rick Moen
rick at linuxmafia.com
Thu Jan 19 17:11:18 PST 2012
Quoting jim (jim at systemateka.com):
> I guess I'll have to move the sf-lug.org web
> site to a new host and repoint the domain name.
> The current host system is not under my control.
Sorry to hear about that. It's a bit of a pain in the neck, when that
happens.
Let's see where hte autoritative DNS is:
$ whois sf-lug.org | grep 'Name Server'
Name Server:NS41.WORLDNIC.COM
Name Server:NS42.WORLDNIC.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
$
POINT1: Whoever controls the LUG's domain has elected to have only two
nameservers. This is a serious mistake. It makes your domain fragile.
RFC recommendation is minimum 3, maximum 7 authoritative nameservers.
POINT2: It's disapointing that SF-LUG has completely outsourced DNS
and isn't even running its master nameserver. It's not difficult, and I
can handhold you to get you going.
Let's check where the master serivce is, and verify that the two servers
are at least serving the same zonefile S/N:
$ dig -t soa sf-lug.org. @NS41.WORLDNIC.COM. +short
NS41.WORLDNIC.COM. namehost.WORLDNIC.COM. 111062022 10800 3600 604800 3600
$ dig -t soa sf-lug.org. @NS42.WORLDNIC.COM. +short
NS41.WORLDNIC.COM. namehost.WORLDNIC.COM. 111062022 10800 3600 604800 3600
$
Good: They are serving the same S/N (sufficient proof that they're
providing the same version of the data), and the master copy's claimed
to be the one at NS41.WORLDNIC.COM.
POINT3: Contact names/mailboxes in sf-lug.org's public domain records
are a total train wreck -- completely broken.
The public 'whois' records are the official method for reaching domain
officials and owners, e.g., to say 'Dude, your DNS is broken' or many
other things -- including warning notices about upcoming domain
expirations. The sf-lug.org domain is (wisely) registered out to the
middle of next year, so it's not going to expire soon, but it's a very
bad idea for lots of other reasons to have your public contact
information be broken.
Public points of contact are: Registrant, Admin Contact, Technical
Contact. SF-LUG's domain data _fail_ to specify a named person for any
of those roles, and (worse) shows 'no.valid.email at worldnic.com' as the
contact mailbox for all three roles.
These are serious problems.
FYI, I continue to offer SF-LUG and similar groups slave (secondary) DNS
nameservice at two highly reliable nameservers over which I have
administrative control:
NS1.LINUXMAFIA.COM IP address 198.144.195.186
NS1.SVLUG.ORG IP address 64.62.190.98
Groups wishing to take up that offer should make sure my IPs are
permitted to do AXFR/IXFR zone transfer requests of your zone(s), then
tell me you'd like me to do slave nameservice (and for what zones,
served by what master nameserver IPs). I will let you know when that's
set up and tested, and you _then_ add my nameservers to the
authoritative list in your domain, plus add 'NS' lines pointing to them
in your zonefile. (Don't try to do the above in a different order, or
you may break your DNS and waste your time.)
More information about the sf-lug
mailing list