[sf-lug] SFLUG.org
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Mon Apr 8 22:19:26 PDT 2019
> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
> Subject: SFLUG.org
> Date: Mon, 08 Apr 2019 21:04:40 -0700
>> From: "Rick Moen" <rick at linuxmafia.com>
>> Subject: Re: [sf-lug] Domain administration (broken WHOIS)
>> Date: Sun, 7 Apr 2019 22:44:09 -0700
>
>> Quoting Al (awsflug at sunnyside.com):
>>
>> Al, here's what I recommend to move this along:
>>
>> Go into Web-based administration for your new domain at GoDaddy, and
>> redefine what DNS nameservers are authoritative. Currently, those are
>> four of your nameservers:
>>
>> $ whois sflug.org | grep 'Name Server'
>
>> Please change that to this set:
>>
>> $ whois sf-lug.org | grep 'Name Server'
>> Name Server: NS1.LINUXMAFIA.COM
>> Name Server: NS.PRIMATE.NET
>> Name Server: NS1.SVLUG.ORG
>> Name Server: NS1.SF-LUG.ORG
>> $
>
> $ dig +noall +answer +nottl ns1.sf-lug.org. A ns1.sf-lug.org. AAAA
> ns1.sf-lug.org. IN A 198.144.194.238
> ns1.sf-lug.org. IN AAAA 2001:470:1f04:19e::2
> $ dig @198.144.194.238 +norecurse +noall +answer +nottl sflug.org. SOA
> sflug.org. IN SOA ns1.sflug.org. jim.well.com.
> 1554781309 10800 3600 1209600 86400
> $ dig @2001:470:1f04:19e::2 +norecurse +noall +answer +nottl sflug.org. SOA
> sflug.org. IN SOA ns1.sflug.org. jim.well.com.
> 1554781309 10800 3600 1209600 86400
> $
>
> The basics are there ... presuming slave(s) want to use
> 198.144.194.238 and/or 2001:470:1f04:19e::2
> as master, and authority wants to so delegate.
>
> We should tweak things further later
> (e.g. ns1.sf-lug.org. --> ns1.sflug.org.)
> but "good enough" for the moment.
> For those that bother to peek, yes, there are A and AAAA records.
> Most might not be of a whole lot 'o use to sflug.org ... at least
> yet. Most notably the multi-domain (virtual) domain hosting
> web server doesn't particularly know anything yet about [www.]sflug.org,
> etc.
> Also, no DNSSEC, etc. yet - as that also takes various coordination
> (notably in delegating).
>
> The sflug.org zone (at least at ns1.sf-lug.org.) was mostly patterned
> after sf-lug.org (with various stuff thrown out, and some modest changes).
> Depending who will/might do certs from where, may want to change CAA,
> but again, probably "good enough" for now.
Let's see ...
# hostname && pwd -P && fgrep -i -e sudoedit -e reload -e rndc *
balug-sf-lug-v2.balug.org
/etc/sudoers.d
grantbow:grantbow ALL=(root) sudoedit /etc/bind/master/sf-lug.org
grantbow:grantbow ALL=(root) sudoedit /etc/bind/master/sf-lug.com
grantbow:grantbow ALL=(root) /bin/systemctl reload bind9
jstockford:jstockford ALL=(root) sudoedit /etc/bind/master/sf-lug.org
jstockford:jstockford ALL=(root) sudoedit /etc/bind/master/sf-lug.com
jstockford:jstockford ALL=(root) /bin/systemctl reload bind9
#
Let's change that up a bit:
# VISUAL=/usr/bin/ex EDITOR=/usr/bin/ex visudo -f /etc/sudoers.d/grantbow
/etc/sudoers.d/grantbow.tmp: unmodified: line 7
:g/reload/d
:%s/^\(.*\)sudoedit.*\/\(.*\)$/&^M\1\/usr\/sbin\/rndc reload
\2^M\1\/usr\/sbin\/rndc notify \2
4 lines added; 2 lines changed
grantbow ALL=(root) sudoedit /etc/bind/master/sf-lug.com
:wq
/etc/sudoers.d/grantbow.tmp: 10 lines, 465 characters
# VISUAL=/usr/bin/ex EDITOR=/usr/bin/ex visudo -f /etc/sudoers.d/jstockford
/etc/sudoers.d/jstockford.tmp: unmodified: line 7
:g/reload/d
:%s/^\(.*\)sudoedit.*\/\(.*\)$/&^M\1\/usr\/sbin\/rndc reload
\2^M\1\/usr\/sbin\/rndc notify \2
4 lines added; 2 lines changed
jstockford ALL=(root) sudoedit /etc/bind/master/sf-lug.com
:wq
/etc/sudoers.d/jstockford.tmp: 10 lines, 470 characters
# VISUAL=/usr/bin/ex EDITOR=/usr/bin/ex visudo -f /etc/sudoers.d/rick
/etc/sudoers.d/rick.tmp: unmodified: line 1
:0a
rick ALL=(root) sudoedit /etc/bind/master/sflug.org
.
:%s/^\(.*\)sudoedit.*\/\(.*\)$/&^M\1\/usr\/sbin\/rndc reload
\2^M\1\/usr\/sbin\/rndc notify \2
rick ALL=(root) sudoedit /etc/bind/master/sflug.org
:wq
/etc/sudoers.d/rick.tmp: 3 lines, 148 characters
# hostname && pwd -P && (for U in $(fgrep -l -i -e sudoedit -e reload
-e rndc *); do sudo -l -U "$U" | grep -e '^User [^ ]* may run ' -e
sudoedit -e rndc; done)
balug-sf-lug-v2.balug.org
/etc/sudoers.d
User grantbow may run the following commands on balug-sf-lug-v2:
(root) sudoedit /etc/bind/master/sf-lug.org
(root) /usr/sbin/rndc reload sf-lug.org
(root) /usr/sbin/rndc notify sf-lug.org
(root) sudoedit /etc/bind/master/sf-lug.com
(root) /usr/sbin/rndc reload sf-lug.com
(root) /usr/sbin/rndc notify sf-lug.com
User jstockford may run the following commands on balug-sf-lug-v2:
(root) sudoedit /etc/bind/master/sf-lug.org
(root) /usr/sbin/rndc reload sf-lug.org
(root) /usr/sbin/rndc notify sf-lug.org
(root) sudoedit /etc/bind/master/sf-lug.com
(root) /usr/sbin/rndc reload sf-lug.com
(root) /usr/sbin/rndc notify sf-lug.com
User rick may run the following commands on balug-sf-lug-v2:
(root) sudoedit /etc/bind/master/sflug.org
(root) /usr/sbin/rndc reload sflug.org
(root) /usr/sbin/rndc notify sflug.org
#
So, Jim Stockford's & Grant Bowman's access remains effectively as it
was (haven't heard a "Yes, SFLUG.org" from Jim Stockford yet, nor
consensus or apparent plurality ... at least yet - let alone same on
what ought be canonical, etc.).
In the meantime, myself and Rick Moen can alter the basic zone master
data for SFLUG.org - at least once it's duly delegated. TLD delegation,
authority, glue, DNSSEC, etc., however still requires action(s) by the
registrant(s) and those controlling that data.
Oh, and in case folks were wondering ...
$ hostname && (for i in $(dig +short ns1.sf-lug.org. A ns1.sf-lug.org.
AAAA); do ip a s | fgrep inet | fgrep "$i"; done)
balug-sf-lug-v2.balug.org
inet 198.144.194.238/29 brd 198.144.194.239 scope global eth0
inet6 2001:470:1f04:19e::2/64 scope global
$
More information about the sf-lug
mailing list