[sf-lug] SFLUG.org Re: Domain administration (broken WHOIS)

Michael Paoli Michael.Paoli at cal.berkeley.edu
Sun Apr 7 21:02:19 PDT 2019


> From: Al <awsflug at sunnyside.com>
> Subject: Re: [sf-lug] Domain administration (broken WHOIS)
> Date: Sat, 6 Apr 2019 15:43:43 -0700

> sflug.org - Rick mentioned that it was available so I grabbed it.  
> I've learned not to wait on those things - it often doesn't end well.
> Now I'll just sit back and listen to the conversation and wait and  
> see if anyone actually wants to use it.  I don't need to own it.  I  
> can
> also "point" it somewhere.  Doesn't seem yet that there's a definite

SFLUG.org ... "Of course" ...
$ dig +noall +answer +nottl sf-lug.org. A www.sf-lug.org. A  
sf-lug.org. AAAA www.sf-lug.org. AAAA sf-lug.com. A www.sf-lug.com. A  
sf-lug.com. AAAA www.sf-lug.com. AAAA | sort -k 3b -k 1,1
sf-lug.com.             IN      A       198.144.194.238
sf-lug.org.             IN      A       198.144.194.238
www.sf-lug.com.         IN      A       198.144.194.238
www.sf-lug.org.         IN      A       198.144.194.238
sf-lug.com.             IN      AAAA    2001:470:1f05:19e::3
sf-lug.org.             IN      AAAA    2001:470:1f05:19e::3
www.sf-lug.com.         IN      AAAA    2001:470:1f05:19e::3
www.sf-lug.org.         IN      AAAA    2001:470:1f05:19e::3
$

It's not merely as simple as "just point DNS at ..."
$ curl -s -I --resolve sflug.org:80:198.144.194.238 http://sflug.org/  
| egrep -i '^(HTTP/|Location: )'
HTTP/1.1 302 Found
Location: http://www.balug.org/
$ curl -6 -s -I --resolve sflug.org:80:2001:470:1f05:19e::3  
http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
HTTP/1.1 302 Found
Location: http://www.balug.org/
$

$ dig +noall +answer +nottl balug.org. A www.balug.org. A
balug.org.              IN      A       198.144.194.238
www.balug.org.          IN      A       198.144.194.238
$
Note that many domains go to that same IPv4 IP - even multiple go to the
same IPv6 IP.

"Of course" sometimes folks forget that with email too.  8-O

Not to mention certs.
$ curl -I --resolve sflug.org:443:198.144.194.238 https://sflug.org/
curl: (51) SSL: no alternative certificate subject name matches target  
host name 'sflug.org'
$ curl -I --resolve sflug.org:443:2001:470:1f05:19e::3 https://sflug.org/
curl: (51) SSL: no alternative certificate subject name matches target  
host name 'sflug.org'
$

$ nmap -Pn -r -sT -p 443 --script=ssl-cert www.sf-lug.org | egrep '^\|  
(Subject Alternative Name|Not valid after):'
| Subject Alternative Name: DNS:*.ipv4.sf-lug.org,  
DNS:*.ipv6.sf-lug.org, DNS:*.sf-lug.com, DNS:*.sf-lug.org,  
DNS:sf-lug.com, DNS:sf-lug.org
| Not valid after:  2019-05-22T10:05:40
$

I generally do letsencrypt.org issued certs.  For wildcard certs on
that, effectively need control of DNS (need to put specific records in
at challenge time).

"Of course" y'all could always set up your own site with redirection and
certs 'n all.  ;-)

Jim Stockford - and a handful of others (myself, Grant Bowman,
Kim Davalos, Todd Hawley) have access to edit the www.sf-lug.org site.
So, "of course", there are, at least potentially, question(s) of who's
got access/control of domain(s), avoiding single points of failure (at
least as feasible), who's got access to edit site, how is it backed
up, etc.  Some folks (myself, Jim Stockford, Grant Bowman) also all have
access to edit the sf-lug.org (& sf-lug.com) master DNS data (and
Jim and myself have access to update registrant
DNS (authority/delegation, glue, DNSSEC, ...) with the registrar).

Anyway, ... maybe I'll wait a bit 'till the dust settles.  :-)





More information about the sf-lug mailing list