Subject: Offering secondary nameservice (was: no www.opensource.org from AOL DNS)
From: Rick Moen <rick@linuxmafia.com>
Date: Tue, 23 Aug 2011 13:23:48 -0700

Posting back to the mailing list, at Karl's suggestion, so that this 
will be on-record.

 Date: Tue, 23 Aug 2011 13:11:28 -0700
 From: Rick Moen <rick@linuxmafia.com>
 To: Karl Fogel <kfogel@QuestionCopyright.org>
 Cc: Russ Nelson <nelson@crynwr.com>
 Subject: Offering secondary nameservice (was: no www.opensource.org from AOL DNS)

[offlist:]

Quoting Karl Fogel (kfogel@gmail.com) -- and waving to Russ (CC'd):

> There was indeed a DNS problem.  It's now fixed, by Russ Nelson.
> (However we should probably add some more nameservers, for better
> resiliency in the face of a double failure like we just had!)

Can help.

I see opensource.org has these two authoritative nameservers:

$ dig -t ns opensource.org. @a0.org.afilias-nst.info. +nocmd +nocomments
opensource.org.         86400   IN      NS      us.ns.opensource.org.
opensource.org.         86400   IN      NS      crynwr.ns.opensource.org.
us.ns.opensource.org.   86400   IN      A       74.50.54.60
crynwr.ns.opensource.org. 86400 IN      A       192.203.178.2
$

opensource.org-domain master[0] nameserver's DNS daemon at
us.ns.opensource.org currently cannot be reached, though the host
responds to ping:

$ dig -t soa opensource.org. @us.ns.opensource.org. +nocmd +nocomments
;; connection timed out; no servers could be reached
$

So, important:  The opensource.org domain is currently operating on a
single authoritative nameserver.


I will be glad to offer two additional slave DNS daemons, both under my
administrative control:

ns1.linuxmafia.com, IP 198.144.195.186
ns1.svlug.org, IP 64.62.190.98

The former is my main Web/mail/shell/ftp/rsync/etc. server on static-IP 
aDSL in my garage.  It houses my permanent Internet presence, so it's a
point of pride to me to keep it running well.  Neither machines nor
owners are immortal, of course, but the machine in question will persist
if I have anything to do with it.

It runs BIND9 (**cringe** **yuck**).  Yeah, I know.  

The latter is a small Linode virthost housing most of Silicon Valley
Linux User Group's (SVLUG's) Internet presence.  It runs NSD, an
authoritative-only nameserver package developed by the same NL Labs
people who run the .nl TLD and who released Unbound as a companion
recursive-only daemon.

I am not an SVLUG officer, but I am the volunteer pretty much solely
looking after that group's technical operations.


Am well aware of arguments[1] for using other propagation transports
besides AXFR/IXFR for zone propagation to slave nameservers, such as
rsync over ssh or scp, and can accomodate any such as are desired;
AXFR/IXFR, out of the box, others after necessary setup.

(I notice that crynwr.ns.opensource.org offers AXFR zone transfer of the
opensource.org domain to the public.)


I've not yet bothered to implement TSIG, DNSSEC/DLV, GSS-TSIG, TKEY,
DNSCurve, etc.

My out-of-band contact data:  Rick Moen, tel. 1-650-283-7902 cellular.
(This is always findable on my Web pages, and is deliberately public
data.)


[0] The zone SOA record declares us.ns.opensource.org to be master.
    (That datum does not, of course, automatically dictate zone 
    sourcing to DNS slaves.)
[1] E.g., http://cr.yp.to/djbdns/tcp.html