Subject: Offering secondary nameservice (was: no from AOL DNS)
From: Rick Moen <>
Date: Tue, 23 Aug 2011 13:23:48 -0700

Posting back to the mailing list, at Karl's suggestion, so that this 
will be on-record.

 Date: Tue, 23 Aug 2011 13:11:28 -0700
 From: Rick Moen <>
 To: Karl Fogel <>
 Cc: Russ Nelson <>
 Subject: Offering secondary nameservice (was: no from AOL DNS)


Quoting Karl Fogel ( -- and waving to Russ (CC'd):

> There was indeed a DNS problem.  It's now fixed, by Russ Nelson.
> (However we should probably add some more nameservers, for better
> resiliency in the face of a double failure like we just had!)

Can help.

I see has these two authoritative nameservers:

$ dig -t ns +nocmd +nocomments         86400   IN      NS         86400   IN      NS   86400   IN      A 86400 IN      A
$ master[0] nameserver's DNS daemon at currently cannot be reached, though the host
responds to ping:

$ dig -t soa +nocmd +nocomments
;; connection timed out; no servers could be reached

So, important:  The domain is currently operating on a
single authoritative nameserver.

I will be glad to offer two additional slave DNS daemons, both under my
administrative control:, IP, IP

The former is my main Web/mail/shell/ftp/rsync/etc. server on static-IP 
aDSL in my garage.  It houses my permanent Internet presence, so it's a
point of pride to me to keep it running well.  Neither machines nor
owners are immortal, of course, but the machine in question will persist
if I have anything to do with it.

It runs BIND9 (**cringe** **yuck**).  Yeah, I know.  

The latter is a small Linode virthost housing most of Silicon Valley
Linux User Group's (SVLUG's) Internet presence.  It runs NSD, an
authoritative-only nameserver package developed by the same NL Labs
people who run the .nl TLD and who released Unbound as a companion
recursive-only daemon.

I am not an SVLUG officer, but I am the volunteer pretty much solely
looking after that group's technical operations.

Am well aware of arguments[1] for using other propagation transports
besides AXFR/IXFR for zone propagation to slave nameservers, such as
rsync over ssh or scp, and can accomodate any such as are desired;
AXFR/IXFR, out of the box, others after necessary setup.

(I notice that offers AXFR zone transfer of the domain to the public.)

I've not yet bothered to implement TSIG, DNSSEC/DLV, GSS-TSIG, TKEY,
DNSCurve, etc.

My out-of-band contact data:  Rick Moen, tel. 1-650-283-7902 cellular.
(This is always findable on my Web pages, and is deliberately public

[0] The zone SOA record declares to be master.
    (That datum does not, of course, automatically dictate zone 
    sourcing to DNS slaves.)
[1] E.g.,