[sf-lug] (forw) SF-LUG pages

Rick Moen rick at linuxmafia.com
Thu Jan 19 17:11:18 PST 2012


Quoting jim (jim at systemateka.com):

>     I guess I'll have to move the sf-lug.org web 
> site to a new host and repoint the domain name. 
> The current host system is not under my control. 



Sorry to hear about that.  It's a bit of a pain in the neck, when that
happens.

Let's see where hte autoritative DNS is:

$ whois sf-lug.org | grep 'Name Server'
Name Server:NS41.WORLDNIC.COM
Name Server:NS42.WORLDNIC.COM
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
$

POINT1:  Whoever controls the LUG's domain has elected to have only two
nameservers.  This is a serious mistake.  It makes your domain fragile.
RFC recommendation is minimum 3, maximum 7 authoritative nameservers.

POINT2:  It's disapointing that SF-LUG has completely outsourced DNS
and isn't even running its master nameserver.  It's not difficult, and I
can handhold you to get you going.

Let's check where the master serivce is, and verify that the two servers
are at least serving the same zonefile S/N:

$ dig -t soa sf-lug.org. @NS41.WORLDNIC.COM. +short
NS41.WORLDNIC.COM. namehost.WORLDNIC.COM. 111062022 10800 3600 604800 3600
$ dig -t soa sf-lug.org. @NS42.WORLDNIC.COM. +short
NS41.WORLDNIC.COM. namehost.WORLDNIC.COM. 111062022 10800 3600 604800 3600
$

Good:  They are serving the same S/N (sufficient proof that they're
providing the same version of the data), and the master copy's claimed
to be the one at NS41.WORLDNIC.COM.


POINT3:  Contact names/mailboxes in sf-lug.org's public domain records
are a total train wreck -- completely broken.

The public 'whois' records are the official method for reaching domain
officials and owners, e.g., to say 'Dude, your DNS is broken' or many
other things -- including warning notices about upcoming domain
expirations.  The sf-lug.org domain is (wisely) registered out to the
middle of next year, so it's not going to expire soon, but it's a very
bad idea for lots of other reasons to have your public contact
information be broken.

Public points of contact are:  Registrant, Admin Contact, Technical
Contact.  SF-LUG's domain data _fail_ to specify a named person for any
of those roles, and (worse) shows 'no.valid.email at worldnic.com' as the
contact mailbox for all three roles.

These are serious problems.



FYI, I continue to offer SF-LUG and similar groups slave (secondary) DNS
nameservice at two highly reliable nameservers over which I have
administrative control:

NS1.LINUXMAFIA.COM   IP address 198.144.195.186
NS1.SVLUG.ORG        IP address 64.62.190.98

Groups wishing to take up that offer should make sure my IPs are
permitted to do AXFR/IXFR zone transfer requests of your zone(s), then 
tell me you'd like me to do slave nameservice (and for what zones,
served by what master nameserver IPs).  I will let you know when that's
set up and tested, and you _then_ add my nameservers to the
authoritative list in your domain, plus add 'NS' lines pointing to them
in your zonefile.  (Don't try to do the above in a different order, or
you may break your DNS and waste your time.)






More information about the sf-lug mailing list