<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Arial">Michael,<br>
Well, I got my part done, but there is a problem at
ns.primate.net.<br>
It doesn't know sflug.com or sflug.net; it only knows sflug.org.<br>
Also a problem with mismatched IPv6 address record, which only
shows with sflug.net IIRC - curious since those domains are not
even available at primate.<br>
</font>I didn't investigate that, just reported the problems in my
earlier email.<br>
<br>
Al<br>
<br>
<div class="moz-cite-prefix">On 5/18/2019 10:56, Michael Paoli
wrote:<br>
</div>
<blockquote
cite="mid:20190518105639.18274w78xj2k81s0@webmail.rawbw.com"
type="cite">Al Whaley,
<br>
<br>
Thanks, looks like you (I presume) got it in there and it's
<br>
operational* now:
<br>
$ delv sflug.org SOA
<br>
; fully validated
<br>
sflug.org. 85700 IN SOA ns1.sflug.org.
jim.well.com. 1557834269 10800 3600 1209600 86400
<br>
sflug.org. 85700 IN RRSIG SOA 8 2 86400
20190613114720 20190514104720 36426 sflug.org.
Xn4qLyqaM6AJkGQDsRi5ydq+AE7I0Xvlv/zPCzrFd8DyTZzTnH2nC65m
LFOuuU8dg8OM1nIMocrrXJeaNtYhUlKHoW0i/m82gdwW28JzyBa3jrVo
BXVpexl2Mnuay18snX5m5tTuqIkeUBORRMx+wzGyR7cY+8rDKR4Rxor+ UD4=
<br>
$ delv sflug.com SOA
<br>
; fully validated
<br>
sflug.com. 85704 IN SOA ns1.sflug.com.
jim.well.com. 1557834269 10800 3600 1209600 86400
<br>
sflug.com. 85704 IN RRSIG SOA 8 2 86400
20190613114720 20190514104720 20055 sflug.com.
MABcUqmMhFnUt+rM+XBsXTOeSc8MbnMA3L3pPjInubY0lvyNRZCxVtY/
pdDDqN+taaJmMQTA5EQQLAcV0TZvv2zwwjh9KeAWVPVL8Q1pSNg7y/Dv
cEkWi3CVICMyDWVEl3f3LqUqNZWj/7wMYaPKQRv/KEhfzowberf+7ye7 qF8=
<br>
$ delv sflug.net SOA
<br>
; fully validated
<br>
sflug.net. 86400 IN SOA ns1.sflug.net.
jim.well.com. 1557834269 10800 3600 1209600 86400
<br>
sflug.net. 86400 IN RRSIG SOA 8 2 86400
20190613114720 20190514104720 9573 sflug.net.
cgWlEUAZG0nO/ljeBj7buNxWE7Uuqr6MqRa6QDYMWcmSQgj95h+55tWL
p5aPAOKdiJD0B+o5teGcOwnDzIaJX2CPQ5i1VusK9SkGqnJTqHddEO1s
GynQbINnCf/DqyfcLVdKhRhFrc2CiLjmPM+9edoo8Fs3aQa1BEC353qR oGg=
<br>
$
<br>
<br>
*or will fully be, Internet-wide, notwithstanding TTLs up to 2
days.
<br>
<br>
<blockquote type="cite">From: "Michael Paoli"
<a class="moz-txt-link-rfc2396E" href="mailto:Michael.Paoli@cal.berkeley.edu"><Michael.Paoli@cal.berkeley.edu></a>
<br>
Subject: DNSSEC for SFLUG.{org,com,net}
<br>
Date: Thu, 16 May 2019 21:11:54 -0700
<br>
</blockquote>
<br>
<blockquote type="cite">Al Whaley,
<br>
<br>
We're ready to add DNSSEC for the sflug.{org,com,net} domains,
at your
<br>
earliest convenience. Or if you want to set up so myself and/or
some
<br>
select other(s) have access, we can put that in there.
<br>
<br>
Note also the procedure/interface varies among registrars.
Also, some
<br>
don't take all/both types of DS records, but will take at least
one
<br>
of the two. Some also automagically get that information for
the
<br>
domain, based upon the NS server(s), and mostly just have one
confirm
<br>
it.
<br>
<br>
Once in, should be fully effective for the domain in 1 or 2
days,
<br>
depending upon the relevant TTLs for the domain.
<br>
<br>
Can add these records for the respective domains:
<br>
$ (for d in sflug.org sflug.com sflug.net; do dig @127.0.0.1
"$d". DNSKEY | dnssec-dsfromkey -f - "$d"; done)
<br>
sflug.org. IN DS 55585 8 1
98A75CFA42FD409525BB4ED7341C80FA9808B342
<br>
sflug.org. IN DS 55585 8 2
D50AA68F2A9A19651E46070FA0A5C504F6B396FD28A1CFD97F95D6202A703D80
<br>
sflug.com. IN DS 53530 8 1
5751BD013715760110ECEC4E7443CD32596C097D
<br>
sflug.com. IN DS 53530 8 2
355263CAA896A885617AE9D6744852DEE77759878271136E3BD894A1765CA821
<br>
sflug.net. IN DS 21535 8 1
91CB453D67DDBEE00F9E327C202EA2EB18C7FFF5
<br>
sflug.net. IN DS 21535 8 2
C6BF88090E6E43369180CBC3B1BABEDC27D3822E708F00F23F83D6595265692C
<br>
$
<br>
<br>
If you're not familiar, for DNSSEC, those are essentially
<br>
delegation records from parent - effectively analog of
delegating
<br>
NS authority records.
<br>
<br>
Also quite handy for quick visual fairly detailed overview of
<br>
situation and basic troubleshooting:
<br>
<a class="moz-txt-link-freetext" href="http://dnsviz.net/">http://dnsviz.net/</a>
<br>
<br>
Anyway, please let me/us know when it's in place ... or I/we
<br>
have access to put it in place.
<br>
<br>
Thanks.
<br>
<br>
<blockquote type="cite">From: "Michael Paoli"
<a class="moz-txt-link-rfc2396E" href="mailto:Michael.Paoli@cal.berkeley.edu"><Michael.Paoli@cal.berkeley.edu></a>
<br>
Subject: SF-LUG.INFO: Re: [sf-lug] And then there were 5:
SFLUG.NET, SFLUG.COM, SFLUG, ORG, SF-LUG.COM, SF-LUG.ORG: Re:
SFLUG.COM Re: SFLUG.[...] Re: SFLUG.org
<br>
Date: Thu, 18 Apr 2019 05:59:21 -0700
<br>
</blockquote>
<br>
<blockquote type="cite">Once upon a time, at least for a while,
we even had
<br>
SF-LUG.INFO 8-O
<br>
<br>
$ sed -ne '/^From
/,/^$/{/^[Dd][Aa][Tt][Ee]:/H;/^[Ss][Uu][Bb][Jj][Ee][Cc][Tt]:
.*[Ss][Ff]-[Ll][Uu][Gg].[Ii][Nn][Ff][Oo]/H;/^$/{x;/[Ss][Ff]-[Ll][Uu][Gg].[Ii][Nn][Ff][Oo]/p;s/.*//;x;};}'
sf-lug.mbox
<br>
<br>
Date: Sat, 02 Jan 2016 20:22:38 -0800
<br>
Subject: [sf-lug] How sf-lug.info ended up on the Network
Solutions /
<br>
<br>
Date: Sat, 2 Jan 2016 22:16:26 -0800
<br>
Subject: Re: [sf-lug] How sf-lug.info ended up on the Network
Solutions /
<br>
<br>
Date: Wed, 28 Sep 2016 23:39:21 -0700
<br>
Subject: [sf-lug] Bye-bye sf-lug.info.,
<br>
<br>
Date: Thu, 29 Sep 2016 08:35:05 -0700
<br>
Subject: Re: [sf-lug] Bye-bye sf-lug.info.,
<br>
<br>
Date: Fri, 30 Sep 2016 12:12:16 -0700
<br>
Subject: Re: [sf-lug] Bye-bye sf-lug.info.,
<br>
<br>
Date: Tue, 11 Oct 2016 22:55:46 -0700
<br>
Subject: Re: [sf-lug] Bye-bye sf-lug.info.,
<br>
$
<br>
<br>
So ... we had SF-LUG.INFO over range of about:
<br>
2015-09-28T20:01:47Z--2016-09-28T20:01:47Z
<br>
<br>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q1/011612.html">http://linuxmafia.com/pipermail/sf-lug/2016q1/011612.html</a>
<br>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q3/012267.html">http://linuxmafia.com/pipermail/sf-lug/2016q3/012267.html</a>
<br>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q3/012268.html">http://linuxmafia.com/pipermail/sf-lug/2016q3/012268.html</a>
<br>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q3/012269.html">http://linuxmafia.com/pipermail/sf-lug/2016q3/012269.html</a>
<br>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2016q4/012289.html">http://linuxmafia.com/pipermail/sf-lug/2016q4/012289.html</a>
<br>
<br>
<blockquote type="cite">From: jim <a class="moz-txt-link-rfc2396E" href="mailto:jim@well.com"><jim@well.com></a>
<br>
Subject: Re: [sf-lug] And then there were 5: SFLUG.NET,
SFLUG.COM, SFLUG, ORG, SF-LUG.COM, SF-LUG.ORG: Re: SFLUG.COM
Re: SFLUG.[...] Re: SFLUG.org
<br>
Date: Sat, 13 Apr 2019 18:41:37 -0400
<br>
</blockquote>
<br>
<blockquote type="cite">
<br>
My understanding is that the .NET domain
<br>
is for entities that are providing network
<br>
services to the internet; if so, then .NET
<br>
is inappropriate for a LUG.
<br>
<br>
<br>
On 4/13/19 6:32 PM, Michael Paoli wrote:
<br>
<blockquote type="cite">Okay. :-)
<br>
That sounds like a "no" to SF-LUG.NET.
<br>
I'd generally think 5 is (more than) adequate.
<br>
We have, in I believe reverse chronological:
<br>
SFLUG.NET
<br>
SFLUG.COM
<br>
SFLUG.ORG
<br>
SF-LUG.COM
<br>
SF-LUG.ORG
<br>
<br>
<blockquote type="cite">From: jim <a class="moz-txt-link-rfc2396E" href="mailto:jim@well.com"><jim@well.com></a>
<br>
Subject: Re: [sf-lug] And then there were 5: SFLUG.NET,
SFLUG.COM, SFLUG, ORG, SF-LUG.COM, SF-LUG.ORG: Re:
SFLUG.COM Re: SFLUG.[...] Re: SFLUG.org
<br>
Date: Sat, 13 Apr 2019 18:16:17 -0400
<br>
</blockquote>
<br>
<blockquote type="cite">
<br>
"we" used to own SF-LUG.NET but later
<br>
(several years ago) tho't better of it.
<br>
<br>
<br>
On 4/13/19 3:31 AM, Michael Paoli wrote:
<br>
<blockquote type="cite">Uhm, are we done adding domains
for a while now, or ... are we gonna pick up
<br>
yet more? SF-LUG.NET also seems available, but I
don't know that Jim
<br>
specifically suggested that ... nor up to how many
domains he's willing
<br>
to be reimbursing folks for.
<br>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/pipermail/sf-lug/2019q2/013999.html">http://linuxmafia.com/pipermail/sf-lug/2019q2/013999.html</a>
<br>
Sounds like we've already (slightly) more than covered
the domains Jim was
<br>
specifically referencing.
<br>
<br>
Anyway, master now available for not only sflug.org.
<br>
but also now sflug.com. and sflug.net.:
<br>
ns1.sf-lug.org.:
<br>
198.144.194.238
<br>
2001:470:1f04:19e::2
<br>
Not sure where the slaves may be in the process.
<br>
Rick - if you want to coordinate with Al, you do also
have access to
<br>
edit those zone masters:
<br>
balug-sf-lug-v2.balug.org
<br>
User rick may run the following commands on
balug-sf-lug-v2:
<br>
(root) sudoedit /etc/bind/master/sflug.org
<br>
(root) /usr/sbin/rndc reload sflug.org
<br>
(root) /usr/sbin/rndc notify sflug.org
<br>
(root) sudoedit /etc/bind/master/sflug.com
<br>
(root) /usr/sbin/rndc reload sflug.com
<br>
(root) /usr/sbin/rndc notify sflug.com
<br>
(root) sudoedit /etc/bind/master/sflug.net
<br>
(root) /usr/sbin/rndc reload sflug.net
<br>
(root) /usr/sbin/rndc notify sflug.net
<br>
E.g. if Al wants to provide additional slave(s) - and
maybe we don't
<br>
want to "pester" Aaron to add slave(s) for yet 2 more
domains.
<br>
I was also thinking we might want to (also) use
puck.nether.net.
<br>
for slave services on some of these domains.
<br>
<br>
Note also: Webserver knows about sflug.org, but thus
far knows nothing
<br>
about sflug.com nor sflug.net.
<br>
Also DNSSEC ... the zones are set up for that ... for
the newer ones,
<br>
notably sflug.com and sflug.net - we'll want to wait a
bit before
<br>
putting in the (DS) delegation data for that - notably
TTLs - want any
<br>
negative caching, etc. to first expire, lest we bust
DNSSEC by putting
<br>
it in "too fast".
<br>
Anyway, it's set up with BIND9's in-line signing - so
serials served by
<br>
DNS may be slightly ahead of what's in master zone
files,
<br>
and one should use seconds since the epoch - that's
how I have bind
<br>
configured to sign 'em. The masters also generally
have handy bit 'o
<br>
comment around that: date +%s
<br>
With GNU date, that'll get 'ya seconds since the
epoch.
<br>
<br>
<blockquote type="cite">From: Al
<a class="moz-txt-link-rfc2396E" href="mailto:awsflug@sunnyside.com"><awsflug@sunnyside.com></a>
<br>
Subject: Re: [sf-lug] SFLUG.COM Re: SFLUG.[...] Re:
SFLUG.org
<br>
Date: Fri, 12 Apr 2019 08:00:22 -0700
<br>
</blockquote>
<br>
<blockquote type="cite">FYI I've set
sflug.{org,net,com} into a group.
<br>
<br>
On 4/12/2019 07:47, Michael Paoli wrote:
<br>
<blockquote type="cite">Rick - thanks on the offers.
<br>
<br>
Added to the "queue" ... but my queue overfloweth,
and it will never
<br>
/all/ get done. I'll likely pick it up sometime
after SFLUG.ORG
<br>
has actually been delegated and/or after when I've
gotten some
<br>
higher priority BerkeleyLUG.com tasks moved
further along.
<br>
<br>
In the meantime, I don't see any particular need
to rush on SFLUG.COM ...
<br>
it's not like something used significantly - or
even at all - by
<br>
SF-LUG suddenly broke and needs fixin', or there's
been some great
<br>
need to SFLUG.COM operational for SF-LUG. Anyway,
shall get around
<br>
to it, ... just may take a bit (later this month?
next month?).
<br>
<br>
<blockquote type="cite">From: "Rick Moen"
<a class="moz-txt-link-rfc2396E" href="mailto:rick@linuxmafia.com"><rick@linuxmafia.com></a>
<br>
Subject: Re: [sf-lug] SFLUG.COM Re: SFLUG.[...]
Re: SFLUG.org
<br>
Date: Thu, 11 Apr 2019 23:23:50 -0700
<br>
</blockquote>
<br>
<blockquote type="cite">Quoting Michael Paoli
(<a class="moz-txt-link-abbreviated" href="mailto:Michael.Paoli@cal.berkeley.edu">Michael.Paoli@cal.berkeley.edu</a>):
<br>
<br>
<blockquote type="cite">And ... I'm guestimating
Al has snapped up SFLUG.COM.
<br>
</blockquote>
[...]
<br>
<blockquote type="cite">Yep:
<br>
Registrant Name: Al Whaley
<br>
</blockquote>
<br>
Well, same secondary DNS offer is on the plate:
Let me know when/if
<br>
ns1.linuxmafia.com and ns1.svlug.org can AXFR
it, and I'll set that up
<br>
in a flash. Assuming you want.
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>