Offering secondary nameservice (was: no www.opensource.org from AOL DNS)

Rick Moen rick at linuxmafia.com
Tue Aug 23 20:23:48 UTC 2011


Posting back to the mailing list, at Karl's suggestion, so that this 
will be on-record.

 Date: Tue, 23 Aug 2011 13:11:28 -0700
 From: Rick Moen <rick at linuxmafia.com>
 To: Karl Fogel <kfogel at QuestionCopyright.org>
 Cc: Russ Nelson <nelson at crynwr.com>
 Subject: Offering secondary nameservice (was: no www.opensource.org from AOL DNS)

[offlist:]

Quoting Karl Fogel (kfogel at gmail.com) -- and waving to Russ (CC'd):

> There was indeed a DNS problem.  It's now fixed, by Russ Nelson.
> (However we should probably add some more nameservers, for better
> resiliency in the face of a double failure like we just had!)

Can help.

I see opensource.org has these two authoritative nameservers:

$ dig -t ns opensource.org. @a0.org.afilias-nst.info. +nocmd +nocomments
opensource.org.         86400   IN      NS      us.ns.opensource.org.
opensource.org.         86400   IN      NS      crynwr.ns.opensource.org.
us.ns.opensource.org.   86400   IN      A       74.50.54.60
crynwr.ns.opensource.org. 86400 IN      A       192.203.178.2
$

opensource.org-domain master[0] nameserver's DNS daemon at
us.ns.opensource.org currently cannot be reached, though the host
responds to ping:

$ dig -t soa opensource.org. @us.ns.opensource.org. +nocmd +nocomments
;; connection timed out; no servers could be reached
$

So, important:  The opensource.org domain is currently operating on a
single authoritative nameserver.


I will be glad to offer two additional slave DNS daemons, both under my
administrative control:

ns1.linuxmafia.com, IP 198.144.195.186
ns1.svlug.org, IP 64.62.190.98

The former is my main Web/mail/shell/ftp/rsync/etc. server on static-IP 
aDSL in my garage.  It houses my permanent Internet presence, so it's a
point of pride to me to keep it running well.  Neither machines nor
owners are immortal, of course, but the machine in question will persist
if I have anything to do with it.

It runs BIND9 (**cringe** **yuck**).  Yeah, I know.  

The latter is a small Linode virthost housing most of Silicon Valley
Linux User Group's (SVLUG's) Internet presence.  It runs NSD, an
authoritative-only nameserver package developed by the same NL Labs
people who run the .nl TLD and who released Unbound as a companion
recursive-only daemon.

I am not an SVLUG officer, but I am the volunteer pretty much solely
looking after that group's technical operations.


Am well aware of arguments[1] for using other propagation transports
besides AXFR/IXFR for zone propagation to slave nameservers, such as
rsync over ssh or scp, and can accomodate any such as are desired;
AXFR/IXFR, out of the box, others after necessary setup.

(I notice that crynwr.ns.opensource.org offers AXFR zone transfer of the
opensource.org domain to the public.)


I've not yet bothered to implement TSIG, DNSSEC/DLV, GSS-TSIG, TKEY,
DNSCurve, etc.

My out-of-band contact data:  Rick Moen, tel. 1-650-283-7902 cellular.
(This is always findable on my Web pages, and is deliberately public
data.)


[0] The zone SOA record declares us.ns.opensource.org to be master.
    (That datum does not, of course, automatically dictate zone 
    sourcing to DNS slaves.)
[1] E.g., http://cr.yp.to/djbdns/tcp.html




More information about the License-discuss mailing list