<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Arial">Michael,<br>
      Well, I got my part done, but there is a problem at
      ns.primate.net.<br>
      It doesn't know sflug.com or sflug.net; it only knows sflug.org.<br>
      Also a problem with mismatched IPv6 address record, which only
      shows with sflug.net IIRC - curious since those domains are not
      even available at primate.<br>
    </font>I didn't investigate that, just reported the problems in my
    earlier email.<br>
    <br>
    Al<br>
    <br>
    <div class="moz-cite-prefix">On 5/18/2019 10:56, Michael Paoli
      wrote:<br>
    </div>
    <blockquote
      cite="mid:20190518105639.18274w78xj2k81s0@webmail.rawbw.com"
      type="cite">Al Whaley,
      <br>
      <br>
      Thanks, looks like you (I presume) got it in there and it's
      <br>
      operational* now:
      <br>
      $ delv sflug.org SOA
      <br>
      ; fully validated
      <br>
      sflug.org.              85700   IN      SOA     ns1.sflug.org.
      jim.well.com. 1557834269 10800 3600 1209600 86400
      <br>
      sflug.org.              85700   IN      RRSIG   SOA 8 2 86400
      20190613114720 20190514104720 36426 sflug.org.
      Xn4qLyqaM6AJkGQDsRi5ydq+AE7I0Xvlv/zPCzrFd8DyTZzTnH2nC65m
      LFOuuU8dg8OM1nIMocrrXJeaNtYhUlKHoW0i/m82gdwW28JzyBa3jrVo
      BXVpexl2Mnuay18snX5m5tTuqIkeUBORRMx+wzGyR7cY+8rDKR4Rxor+ UD4=
      <br>
      $ delv sflug.com SOA
      <br>
      ; fully validated
      <br>
      sflug.com.              85704   IN      SOA     ns1.sflug.com.
      jim.well.com. 1557834269 10800 3600 1209600 86400
      <br>
      sflug.com.              85704   IN      RRSIG   SOA 8 2 86400
      20190613114720 20190514104720 20055 sflug.com.
      MABcUqmMhFnUt+rM+XBsXTOeSc8MbnMA3L3pPjInubY0lvyNRZCxVtY/
      pdDDqN+taaJmMQTA5EQQLAcV0TZvv2zwwjh9KeAWVPVL8Q1pSNg7y/Dv
      cEkWi3CVICMyDWVEl3f3LqUqNZWj/7wMYaPKQRv/KEhfzowberf+7ye7 qF8=
      <br>
      $ delv sflug.net SOA
      <br>
      ; fully validated
      <br>
      sflug.net.              86400   IN      SOA     ns1.sflug.net.
      jim.well.com. 1557834269 10800 3600 1209600 86400
      <br>
      sflug.net.              86400   IN      RRSIG   SOA 8 2 86400
      20190613114720 20190514104720 9573 sflug.net.
      cgWlEUAZG0nO/ljeBj7buNxWE7Uuqr6MqRa6QDYMWcmSQgj95h+55tWL
      p5aPAOKdiJD0B+o5teGcOwnDzIaJX2CPQ5i1VusK9SkGqnJTqHddEO1s
      GynQbINnCf/DqyfcLVdKhRhFrc2CiLjmPM+9edoo8Fs3aQa1BEC353qR oGg=
      <br>
      $
      <br>
      <br>
      *or will fully be, Internet-wide, notwithstanding TTLs up to 2
      days.
      <br>
      <br>
      <blockquote type="cite">From: "Michael Paoli"
        <a class="moz-txt-link-rfc2396E" href="mailto:Michael.Paoli@cal.berkeley.edu"><Michael.Paoli@cal.berkeley.edu></a>
        <br>
        Subject: DNSSEC for SFLUG.{org,com,net}
        <br>
        Date: Thu, 16 May 2019 21:11:54 -0700
        <br>
      </blockquote>
      <br>
      <blockquote type="cite">Al Whaley,
        <br>
        <br>
        We're ready to add DNSSEC for the sflug.{org,com,net} domains,
        at your
        <br>
        earliest convenience.  Or if you want to set up so myself and/or
        some
        <br>
        select other(s) have access, we can put that in there.
        <br>
        <br>
        Note also the procedure/interface varies among registrars. 
        Also, some
        <br>
        don't take all/both types of DS records, but will take at least
        one
        <br>
        of the two.  Some also automagically get that information for
        the
        <br>
        domain, based upon the NS server(s), and mostly just have one
        confirm
        <br>
        it.
        <br>
        <br>
        Once in, should be fully effective for the domain in 1 or 2
        days,
        <br>
        depending upon the relevant TTLs for the domain.
        <br>
        <br>
        Can add these records for the respective domains:
        <br>
        $ (for d in sflug.org sflug.com sflug.net; do dig @127.0.0.1
        "$d". DNSKEY | dnssec-dsfromkey -f - "$d"; done)
        <br>
        sflug.org. IN DS 55585 8 1
        98A75CFA42FD409525BB4ED7341C80FA9808B342
        <br>
        sflug.org. IN DS 55585 8 2
        D50AA68F2A9A19651E46070FA0A5C504F6B396FD28A1CFD97F95D6202A703D80
        <br>
        sflug.com. IN DS 53530 8 1
        5751BD013715760110ECEC4E7443CD32596C097D
        <br>
        sflug.com. IN DS 53530 8 2
        355263CAA896A885617AE9D6744852DEE77759878271136E3BD894A1765CA821
        <br>
        sflug.net. IN DS 21535 8 1
        91CB453D67DDBEE00F9E327C202EA2EB18C7FFF5
        <br>
        sflug.net. IN DS 21535 8 2
        C6BF88090E6E43369180CBC3B1BABEDC27D3822E708F00F23F83D6595265692C
        <br>
        $
        <br>
        <br>
        If you're not familiar, for DNSSEC, those are essentially
        <br>
        delegation records from parent - effectively analog of
        delegating
        <br>
        NS authority records.
        <br>
        <br>
        Also quite handy for quick visual fairly detailed overview of
        <br>
        situation and basic troubleshooting:
        <br>
        <a class="moz-txt-link-freetext" href="http://dnsviz.net/">http://dnsviz.net/</a>
        <br>
        <br>
        Anyway, please let me/us know when it's in place ... or I/we
        <br>
        have access to put it in place.
        <br>
        <br>
        Thanks.
        <br>
        <br>
        <blockquote type="cite">From: "Michael Paoli"
          <a class="moz-txt-link-rfc2396E" href="mailto:Michael.Paoli@cal.berkeley.edu"><Michael.Paoli@cal.berkeley.edu></a>
          <br>
          Subject: SF-LUG.INFO: Re: [sf-lug] And then there were 5:
          SFLUG.NET, SFLUG.COM, SFLUG, ORG, SF-LUG.COM, SF-LUG.ORG: Re:
          SFLUG.COM Re: SFLUG.[...] Re: SFLUG.org
          <br>
          Date: Thu, 18 Apr 2019 05:59:21 -0700
          <br>
        </blockquote>
        <br>
        <blockquote type="cite">Once upon a time, at least for a while,
          we even had
          <br>
          SF-LUG.INFO 8-O
          <br>
          <br>
          $ sed -ne '/^From
          /,/^$/{/^[Dd][Aa][Tt][Ee]:/H;/^[Ss][Uu][Bb][Jj][Ee][Cc][Tt]:
.*[Ss][Ff]-[Ll][Uu][Gg].[Ii][Nn][Ff][Oo]/H;/^$/{x;/[Ss][Ff]-[Ll][Uu][Gg].[Ii][Nn][Ff][Oo]/p;s/.*//;x;};}'
          sf-lug.mbox
          <br>
          <br>
          Date: Sat, 02 Jan 2016 20:22:38 -0800
          <br>
          Subject: [sf-lug] How sf-lug.info ended up on the Network
          Solutions /
          <br>
          <br>
          Date: Sat, 2 Jan 2016 22:16:26 -0800
          <br>
          Subject: Re: [sf-lug] How sf-lug.info ended up on the Network
          Solutions /
          <br>
          <br>
          Date: Wed, 28 Sep 2016 23:39:21 -0700
          <br>
          Subject: [sf-lug] Bye-bye sf-lug.info.,
          <br>
          <br>
          Date: Thu, 29 Sep 2016 08:35:05 -0700
          <br>
          Subject: Re: [sf-lug] Bye-bye sf-lug.info.,
          <br>
          <br>
          Date: Fri, 30 Sep 2016 12:12:16 -0700
          <br>
          Subject: Re: [sf-lug] Bye-bye sf-lug.info.,
          <br>
          <br>
          Date: Tue, 11 Oct 2016 22:55:46 -0700
          <br>
          Subject: Re: [sf-lug] Bye-bye sf-lug.info.,
          <br>
          $
          <br>
          <br>
          So ... we had SF-LUG.INFO over range of about:
          <br>
          2015-09-28T20:01:47Z--2016-09-28T20:01:47Z
          <br>
          <br>
          <a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q1/011612.html">http://linuxmafia.com/pipermail/sf-lug/2016q1/011612.html</a>
          <br>
          <a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q3/012267.html">http://linuxmafia.com/pipermail/sf-lug/2016q3/012267.html</a>
          <br>
          <a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q3/012268.html">http://linuxmafia.com/pipermail/sf-lug/2016q3/012268.html</a>
          <br>
          <a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q3/012269.html">http://linuxmafia.com/pipermail/sf-lug/2016q3/012269.html</a>
          <br>
          <a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q4/012289.html">http://linuxmafia.com/pipermail/sf-lug/2016q4/012289.html</a>
          <br>
          <br>
          <blockquote type="cite">From: jim <a class="moz-txt-link-rfc2396E" href="mailto:jim@well.com"><jim@well.com></a>
            <br>
            Subject: Re: [sf-lug] And then there were 5: SFLUG.NET,
            SFLUG.COM, SFLUG, ORG, SF-LUG.COM, SF-LUG.ORG: Re: SFLUG.COM
            Re: SFLUG.[...] Re: SFLUG.org
            <br>
            Date: Sat, 13 Apr 2019 18:41:37 -0400
            <br>
          </blockquote>
          <br>
          <blockquote type="cite">
            <br>
            My understanding is that the .NET domain
            <br>
            is for entities that are providing network
            <br>
            services to the internet; if so, then .NET
            <br>
            is inappropriate for a LUG.
            <br>
            <br>
            <br>
            On 4/13/19 6:32 PM, Michael Paoli wrote:
            <br>
            <blockquote type="cite">Okay. :-)
              <br>
              That sounds like a "no" to SF-LUG.NET.
              <br>
              I'd generally think 5 is (more than) adequate.
              <br>
              We have, in I believe reverse chronological:
              <br>
              SFLUG.NET
              <br>
              SFLUG.COM
              <br>
              SFLUG.ORG
              <br>
              SF-LUG.COM
              <br>
              SF-LUG.ORG
              <br>
              <br>
              <blockquote type="cite">From: jim <a class="moz-txt-link-rfc2396E" href="mailto:jim@well.com"><jim@well.com></a>
                <br>
                Subject: Re: [sf-lug] And then there were 5: SFLUG.NET,
                SFLUG.COM, SFLUG, ORG, SF-LUG.COM, SF-LUG.ORG: Re:
                SFLUG.COM Re: SFLUG.[...] Re: SFLUG.org
                <br>
                Date: Sat, 13 Apr 2019 18:16:17 -0400
                <br>
              </blockquote>
              <br>
              <blockquote type="cite">
                <br>
                "we" used to own SF-LUG.NET but later
                <br>
                (several years ago) tho't better of it.
                <br>
                <br>
                <br>
                On 4/13/19 3:31 AM, Michael Paoli wrote:
                <br>
                <blockquote type="cite">Uhm, are we done adding domains
                  for a while now, or ... are we gonna pick up
                  <br>
                  yet more?  SF-LUG.NET also seems available, but I
                  don't know that Jim
                  <br>
                  specifically suggested that ... nor up to how many
                  domains he's willing
                  <br>
                  to be reimbursing folks for.
                  <br>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2019q2/013999.html">http://linuxmafia.com/pipermail/sf-lug/2019q2/013999.html</a>
                  <br>
                  Sounds like we've already (slightly) more than covered
                  the domains Jim was
                  <br>
                  specifically referencing.
                  <br>
                  <br>
                  Anyway, master now available for not only sflug.org.
                  <br>
                  but also now sflug.com. and sflug.net.:
                  <br>
                  ns1.sf-lug.org.:
                  <br>
                  198.144.194.238
                  <br>
                  2001:470:1f04:19e::2
                  <br>
                  Not sure where the slaves may be in the process.
                  <br>
                  Rick - if you want to coordinate with Al, you do also
                  have access to
                  <br>
                  edit those zone masters:
                  <br>
                  balug-sf-lug-v2.balug.org
                  <br>
                  User rick may run the following commands on
                  balug-sf-lug-v2:
                  <br>
                      (root) sudoedit /etc/bind/master/sflug.org
                  <br>
                      (root) /usr/sbin/rndc reload sflug.org
                  <br>
                      (root) /usr/sbin/rndc notify sflug.org
                  <br>
                      (root) sudoedit /etc/bind/master/sflug.com
                  <br>
                      (root) /usr/sbin/rndc reload sflug.com
                  <br>
                      (root) /usr/sbin/rndc notify sflug.com
                  <br>
                      (root) sudoedit /etc/bind/master/sflug.net
                  <br>
                      (root) /usr/sbin/rndc reload sflug.net
                  <br>
                      (root) /usr/sbin/rndc notify sflug.net
                  <br>
                  E.g. if Al wants to provide additional slave(s) - and
                  maybe we don't
                  <br>
                  want to "pester" Aaron to add slave(s) for yet 2 more
                  domains.
                  <br>
                  I was also thinking we might want to (also) use
                  puck.nether.net.
                  <br>
                  for slave services on some of these domains.
                  <br>
                  <br>
                  Note also: Webserver knows about sflug.org, but thus
                  far knows nothing
                  <br>
                  about sflug.com nor sflug.net.
                  <br>
                  Also DNSSEC ... the zones are set up for that ... for
                  the newer ones,
                  <br>
                  notably sflug.com and sflug.net - we'll want to wait a
                  bit before
                  <br>
                  putting in the (DS) delegation data for that - notably
                  TTLs - want any
                  <br>
                  negative caching, etc. to first expire, lest we bust
                  DNSSEC by putting
                  <br>
                  it in "too fast".
                  <br>
                  Anyway, it's set up with BIND9's in-line signing - so
                  serials served by
                  <br>
                  DNS may be slightly ahead of what's in master zone
                  files,
                  <br>
                  and one should use seconds since the epoch - that's
                  how I have bind
                  <br>
                  configured to sign 'em.  The masters also generally
                  have handy bit 'o
                  <br>
                  comment around that: date +%s
                  <br>
                  With GNU date, that'll get 'ya seconds since the
                  epoch.
                  <br>
                  <br>
                  <blockquote type="cite">From: Al
                    <a class="moz-txt-link-rfc2396E" href="mailto:awsflug@sunnyside.com"><awsflug@sunnyside.com></a>
                    <br>
                    Subject: Re: [sf-lug] SFLUG.COM Re: SFLUG.[...] Re:
                    SFLUG.org
                    <br>
                    Date: Fri, 12 Apr 2019 08:00:22 -0700
                    <br>
                  </blockquote>
                  <br>
                  <blockquote type="cite">FYI I've set
                    sflug.{org,net,com} into a group.
                    <br>
                    <br>
                    On 4/12/2019 07:47, Michael Paoli wrote:
                    <br>
                    <blockquote type="cite">Rick - thanks on the offers.
                      <br>
                      <br>
                      Added to the "queue" ... but my queue overfloweth,
                      and it will never
                      <br>
                      /all/ get done.  I'll likely pick it up sometime
                      after SFLUG.ORG
                      <br>
                      has actually been delegated and/or after when I've
                      gotten some
                      <br>
                      higher priority BerkeleyLUG.com tasks moved
                      further along.
                      <br>
                      <br>
                      In the meantime, I don't see any particular need
                      to rush on SFLUG.COM ...
                      <br>
                      it's not like something used significantly - or
                      even at all - by
                      <br>
                      SF-LUG suddenly broke and needs fixin', or there's
                      been some great
                      <br>
                      need to SFLUG.COM operational for SF-LUG.  Anyway,
                      shall get around
                      <br>
                      to it, ... just may take a bit (later this month? 
                      next month?).
                      <br>
                      <br>
                      <blockquote type="cite">From: "Rick Moen"
                        <a class="moz-txt-link-rfc2396E" href="mailto:rick@linuxmafia.com"><rick@linuxmafia.com></a>
                        <br>
                        Subject: Re: [sf-lug] SFLUG.COM Re: SFLUG.[...]
                        Re: SFLUG.org
                        <br>
                        Date: Thu, 11 Apr 2019 23:23:50 -0700
                        <br>
                      </blockquote>
                      <br>
                      <blockquote type="cite">Quoting Michael Paoli
                        (<a class="moz-txt-link-abbreviated" href="mailto:Michael.Paoli@cal.berkeley.edu">Michael.Paoli@cal.berkeley.edu</a>):
                        <br>
                        <br>
                        <blockquote type="cite">And ... I'm guestimating
                          Al has snapped up SFLUG.COM.
                          <br>
                        </blockquote>
                        [...]
                        <br>
                        <blockquote type="cite">Yep:
                          <br>
                          Registrant Name: Al Whaley
                          <br>
                        </blockquote>
                        <br>
                        Well, same secondary DNS offer is on the plate: 
                        Let me know when/if
                        <br>
                        ns1.linuxmafia.com and ns1.svlug.org can AXFR
                        it, and I'll set that up
                        <br>
                        in a flash.  Assuming you want.
                        <br>
                      </blockquote>
                    </blockquote>
                  </blockquote>
                </blockquote>
              </blockquote>
            </blockquote>
          </blockquote>
        </blockquote>
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>