[sf-lug] (forw) SF-LUG pages

jim jim at well.com
Thu Jan 19 17:30:15 PST 2012 


    More thanks, Rick. I'll attack this within the 
next few days and report progress (or its lack). 



On Thu, 2012-01-19 at 17:11 -0800, Rick Moen wrote:
> Quoting jim (jim at systemateka.com):
> 
> >     I guess I'll have to move the sf-lug.org web 
> > site to a new host and repoint the domain name. 
> > The current host system is not under my control. 
> 
> 
> 
> Sorry to hear about that.  It's a bit of a pain in the neck, when that
> happens.
> 
> Let's see where hte autoritative DNS is:
> 
> $ whois sf-lug.org | grep 'Name Server'
> Name Server:NS41.WORLDNIC.COM
> Name Server:NS42.WORLDNIC.COM
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> $
> 
> POINT1:  Whoever controls the LUG's domain has elected to have only two
> nameservers.  This is a serious mistake.  It makes your domain fragile.
> RFC recommendation is minimum 3, maximum 7 authoritative nameservers.
> 
> POINT2:  It's disapointing that SF-LUG has completely outsourced DNS
> and isn't even running its master nameserver.  It's not difficult, and I
> can handhold you to get you going.
> 
> Let's check where the master serivce is, and verify that the two servers
> are at least serving the same zonefile S/N:
> 
> $ dig -t soa sf-lug.org. @NS41.WORLDNIC.COM. +short
> NS41.WORLDNIC.COM. namehost.WORLDNIC.COM. 111062022 10800 3600 604800 3600
> $ dig -t soa sf-lug.org. @NS42.WORLDNIC.COM. +short
> NS41.WORLDNIC.COM. namehost.WORLDNIC.COM. 111062022 10800 3600 604800 3600
> $
> 
> Good:  They are serving the same S/N (sufficient proof that they're
> providing the same version of the data), and the master copy's claimed
> to be the one at NS41.WORLDNIC.COM.
> 
> 
> POINT3:  Contact names/mailboxes in sf-lug.org's public domain records
> are a total train wreck -- completely broken.
> 
> The public 'whois' records are the official method for reaching domain
> officials and owners, e.g., to say 'Dude, your DNS is broken' or many
> other things -- including warning notices about upcoming domain
> expirations.  The sf-lug.org domain is (wisely) registered out to the
> middle of next year, so it's not going to expire soon, but it's a very
> bad idea for lots of other reasons to have your public contact
> information be broken.
> 
> Public points of contact are:  Registrant, Admin Contact, Technical
> Contact.  SF-LUG's domain data _fail_ to specify a named person for any
> of those roles, and (worse) shows 'no.valid.email at worldnic.com' as the
> contact mailbox for all three roles.
> 
> These are serious problems.
> 
> 
> 
> FYI, I continue to offer SF-LUG and similar groups slave (secondary) DNS
> nameservice at two highly reliable nameservers over which I have
> administrative control:
> 
> NS1.LINUXMAFIA.COM   IP address 198.144.195.186
> NS1.SVLUG.ORG        IP address 64.62.190.98
> 
> Groups wishing to take up that offer should make sure my IPs are
> permitted to do AXFR/IXFR zone transfer requests of your zone(s), then 
> tell me you'd like me to do slave nameservice (and for what zones,
> served by what master nameserver IPs).  I will let you know when that's
> set up and tested, and you _then_ add my nameservers to the
> authoritative list in your domain, plus add 'NS' lines pointing to them
> in your zonefile.  (Don't try to do the above in a different order, or
> you may break your DNS and waste your time.)
> 
> 
> 
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> Information about SF-LUG is at http://www.sf-lug.org/

More information about the sf-lug mailing list