[sf-lug] SFLUG.org

Michael Paoli Michael.Paoli at cal.berkeley.edu
Mon Apr 8 22:19:26 PDT 2019


> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
> Subject: SFLUG.org
> Date: Mon, 08 Apr 2019 21:04:40 -0700

>> From: "Rick Moen" <rick at linuxmafia.com>
>> Subject: Re: [sf-lug] Domain administration (broken WHOIS)
>> Date: Sun, 7 Apr 2019 22:44:09 -0700
>
>> Quoting Al (awsflug at sunnyside.com):
>>
>> Al, here's what I recommend to move this along:
>>
>> Go into Web-based administration for your new domain at GoDaddy, and
>> redefine what DNS nameservers are authoritative.  Currently, those are
>> four of your nameservers:
>>
>> $ whois sflug.org | grep 'Name Server'
>
>> Please change that to this set:
>>
>> $ whois sf-lug.org | grep 'Name Server'
>> Name Server: NS1.LINUXMAFIA.COM
>> Name Server: NS.PRIMATE.NET
>> Name Server: NS1.SVLUG.ORG
>> Name Server: NS1.SF-LUG.ORG
>> $
>
> $ dig +noall +answer +nottl ns1.sf-lug.org. A ns1.sf-lug.org. AAAA
> ns1.sf-lug.org.         IN      A       198.144.194.238
> ns1.sf-lug.org.         IN      AAAA    2001:470:1f04:19e::2
> $ dig @198.144.194.238 +norecurse +noall +answer +nottl sflug.org. SOA
> sflug.org.              IN      SOA     ns1.sflug.org. jim.well.com.  
> 1554781309 10800 3600 1209600 86400
> $ dig @2001:470:1f04:19e::2 +norecurse +noall +answer +nottl sflug.org. SOA
> sflug.org.              IN      SOA     ns1.sflug.org. jim.well.com.  
> 1554781309 10800 3600 1209600 86400
> $
>
> The basics are there ... presuming slave(s) want to use
> 198.144.194.238 and/or 2001:470:1f04:19e::2
> as master, and authority wants to so delegate.
>
> We should tweak things further later
> (e.g. ns1.sf-lug.org. --> ns1.sflug.org.)
> but "good enough" for the moment.
> For those that bother to peek, yes, there are A and AAAA records.
> Most might not be of a whole lot 'o use to sflug.org ... at least
> yet.  Most notably the multi-domain (virtual) domain hosting
> web server doesn't particularly know anything yet about [www.]sflug.org,
> etc.
> Also, no DNSSEC, etc. yet - as that also takes various coordination
> (notably in delegating).
>
> The sflug.org zone (at least at ns1.sf-lug.org.) was mostly patterned
> after sf-lug.org (with various stuff thrown out, and some modest changes).
> Depending who will/might do certs from where, may want to change CAA,
> but again, probably "good enough" for now.

Let's see ...
# hostname && pwd -P && fgrep -i -e sudoedit -e reload -e rndc *
balug-sf-lug-v2.balug.org
/etc/sudoers.d
grantbow:grantbow       ALL=(root) sudoedit /etc/bind/master/sf-lug.org
grantbow:grantbow       ALL=(root) sudoedit /etc/bind/master/sf-lug.com
grantbow:grantbow       ALL=(root) /bin/systemctl reload bind9
jstockford:jstockford   ALL=(root) sudoedit /etc/bind/master/sf-lug.org
jstockford:jstockford   ALL=(root) sudoedit /etc/bind/master/sf-lug.com
jstockford:jstockford   ALL=(root) /bin/systemctl reload bind9
#
Let's change that up a bit:
# VISUAL=/usr/bin/ex EDITOR=/usr/bin/ex visudo -f /etc/sudoers.d/grantbow
/etc/sudoers.d/grantbow.tmp: unmodified: line 7
:g/reload/d
:%s/^\(.*\)sudoedit.*\/\(.*\)$/&^M\1\/usr\/sbin\/rndc reload  
\2^M\1\/usr\/sbin\/rndc notify \2
4 lines added; 2 lines changed
grantbow        ALL=(root) sudoedit /etc/bind/master/sf-lug.com
:wq
/etc/sudoers.d/grantbow.tmp: 10 lines, 465 characters
# VISUAL=/usr/bin/ex EDITOR=/usr/bin/ex visudo -f /etc/sudoers.d/jstockford
/etc/sudoers.d/jstockford.tmp: unmodified: line 7
:g/reload/d
:%s/^\(.*\)sudoedit.*\/\(.*\)$/&^M\1\/usr\/sbin\/rndc reload  
\2^M\1\/usr\/sbin\/rndc notify \2
4 lines added; 2 lines changed
jstockford      ALL=(root) sudoedit /etc/bind/master/sf-lug.com
:wq
/etc/sudoers.d/jstockford.tmp: 10 lines, 470 characters
# VISUAL=/usr/bin/ex EDITOR=/usr/bin/ex visudo -f /etc/sudoers.d/rick
/etc/sudoers.d/rick.tmp: unmodified: line 1
:0a
rick    ALL=(root) sudoedit /etc/bind/master/sflug.org
.
:%s/^\(.*\)sudoedit.*\/\(.*\)$/&^M\1\/usr\/sbin\/rndc reload  
\2^M\1\/usr\/sbin\/rndc notify \2
rick    ALL=(root) sudoedit /etc/bind/master/sflug.org
:wq
/etc/sudoers.d/rick.tmp: 3 lines, 148 characters
# hostname && pwd -P && (for U in $(fgrep -l -i -e sudoedit -e reload  
-e rndc *); do sudo -l -U "$U" | grep -e '^User [^ ]* may run ' -e  
sudoedit -e rndc; done)

balug-sf-lug-v2.balug.org
/etc/sudoers.d
User grantbow may run the following commands on balug-sf-lug-v2:
     (root) sudoedit /etc/bind/master/sf-lug.org
     (root) /usr/sbin/rndc reload sf-lug.org
     (root) /usr/sbin/rndc notify sf-lug.org
     (root) sudoedit /etc/bind/master/sf-lug.com
     (root) /usr/sbin/rndc reload sf-lug.com
     (root) /usr/sbin/rndc notify sf-lug.com
User jstockford may run the following commands on balug-sf-lug-v2:
     (root) sudoedit /etc/bind/master/sf-lug.org
     (root) /usr/sbin/rndc reload sf-lug.org
     (root) /usr/sbin/rndc notify sf-lug.org
     (root) sudoedit /etc/bind/master/sf-lug.com
     (root) /usr/sbin/rndc reload sf-lug.com
     (root) /usr/sbin/rndc notify sf-lug.com
User rick may run the following commands on balug-sf-lug-v2:
     (root) sudoedit /etc/bind/master/sflug.org
     (root) /usr/sbin/rndc reload sflug.org
     (root) /usr/sbin/rndc notify sflug.org
#
So, Jim Stockford's & Grant Bowman's access remains effectively as it
was (haven't heard a "Yes, SFLUG.org" from Jim Stockford yet, nor
consensus or apparent plurality ... at least yet - let alone same on
what ought be canonical, etc.).

In the meantime, myself and Rick Moen can alter the basic zone master
data for SFLUG.org - at least once it's duly delegated.  TLD delegation,
authority, glue, DNSSEC, etc., however still requires action(s) by the
registrant(s) and those controlling that data.

Oh, and in case folks were wondering ...
$ hostname && (for i in $(dig +short ns1.sf-lug.org. A ns1.sf-lug.org.  
AAAA); do ip a s | fgrep inet | fgrep "$i"; done)
balug-sf-lug-v2.balug.org
     inet 198.144.194.238/29 brd 198.144.194.239 scope global eth0
     inet6 2001:470:1f04:19e::2/64 scope global
$




More information about the sf-lug mailing list