Subject: Re: Offering secondary nameservice
From: Karl Fogel <kfogel@red-bean.com>
Date: Tue, 23 Aug 2011 16:25:46 -0400

Rick Moen <rick@linuxmafia.com> writes:
>Posting back to the mailing list, at Karl's suggestion, so that this 
>will be on-record.

Whups, should be infrastructure@projects.opensource.org.  Mind doing yet
another repost?  Sorry.  Just trying to get this thread homed correctly
from the start.

-Karl

> Date: Tue, 23 Aug 2011 13:11:28 -0700
> From: Rick Moen <rick@linuxmafia.com>
> To: Karl Fogel <kfogel@QuestionCopyright.org>
> Cc: Russ Nelson <nelson@crynwr.com>
> Subject: Offering secondary nameservice (was: no www.opensource.org
>from AOL DNS)
>
>[offlist:]
>
>Quoting Karl Fogel (kfogel@gmail.com) -- and waving to Russ (CC'd):
>
>> There was indeed a DNS problem.  It's now fixed, by Russ Nelson.
>> (However we should probably add some more nameservers, for better
>> resiliency in the face of a double failure like we just had!)
>
>Can help.
>
>I see opensource.org has these two authoritative nameservers:
>
>$ dig -t ns opensource.org. @a0.org.afilias-nst.info. +nocmd +nocomments
>opensource.org.         86400   IN      NS      us.ns.opensource.org.
>opensource.org.         86400   IN      NS      crynwr.ns.opensource.org.
>us.ns.opensource.org.   86400   IN      A       74.50.54.60
>crynwr.ns.opensource.org. 86400 IN      A       192.203.178.2
>$
>
>opensource.org-domain master[0] nameserver's DNS daemon at
>us.ns.opensource.org currently cannot be reached, though the host
>responds to ping:
>
>$ dig -t soa opensource.org. @us.ns.opensource.org. +nocmd +nocomments
>;; connection timed out; no servers could be reached
>$
>
>So, important:  The opensource.org domain is currently operating on a
>single authoritative nameserver.
>
>
>I will be glad to offer two additional slave DNS daemons, both under my
>administrative control:
>
>ns1.linuxmafia.com, IP 198.144.195.186
>ns1.svlug.org, IP 64.62.190.98
>
>The former is my main Web/mail/shell/ftp/rsync/etc. server on static-IP 
>aDSL in my garage.  It houses my permanent Internet presence, so it's a
>point of pride to me to keep it running well.  Neither machines nor
>owners are immortal, of course, but the machine in question will persist
>if I have anything to do with it.
>
>It runs BIND9 (**cringe** **yuck**).  Yeah, I know.  
>
>The latter is a small Linode virthost housing most of Silicon Valley
>Linux User Group's (SVLUG's) Internet presence.  It runs NSD, an
>authoritative-only nameserver package developed by the same NL Labs
>people who run the .nl TLD and who released Unbound as a companion
>recursive-only daemon.
>
>I am not an SVLUG officer, but I am the volunteer pretty much solely
>looking after that group's technical operations.
>
>
>Am well aware of arguments[1] for using other propagation transports
>besides AXFR/IXFR for zone propagation to slave nameservers, such as
>rsync over ssh or scp, and can accomodate any such as are desired;
>AXFR/IXFR, out of the box, others after necessary setup.
>
>(I notice that crynwr.ns.opensource.org offers AXFR zone transfer of the
>opensource.org domain to the public.)
>
>
>I've not yet bothered to implement TSIG, DNSSEC/DLV, GSS-TSIG, TKEY,
>DNSCurve, etc.
>
>My out-of-band contact data:  Rick Moen, tel. 1-650-283-7902 cellular.
>(This is always findable on my Web pages, and is deliberately public
>data.)
>
>
>[0] The zone SOA record declares us.ns.opensource.org to be master.
>    (That datum does not, of course, automatically dictate zone 
>    sourcing to DNS slaves.)
>[1] E.g., http://cr.yp.to/djbdns/tcp.html