Re: [AFMUG] afmug.com DNS

2016-10-07 Thread Eric Kuhnke 
This is a good reminder for everyone else on the list (not Paul) that
geographic diversity is useful. Two thoughts;

1) Follow best practices of separation of authoritative and recursive DNS.
The IP addresses you hand out to your customers for "NS1" and "NS2" to
resolve things, your recursive resolvers that have an ACL that allow
queries from your netblocks should *not* also be your authoritative DNS
servers. Put your authoritative ns1/ns2 slave/ns3 slave elsewhere.

2) Have geographic diversity in the location of your ns2 and ns3
authoritative slaves for your zone files. Even on a minuscule budget, it
takes a tiny amount of resources to run bind9 for authoritative only, you
can have an ns3 that is a $5/month VM hosted in a state 1500 miles away.
Or we can all mutually swap slave nameservers. If anyone wants NS2 and NS3
slave services for free I have a set of nameservers that are currently
averaging six nines availability over a year.

3) Consider what other things you can have off site for geographic
diversity. If you do your own mail servers, make a second SMTP server (
mail2.domain.com) with appropriate MX records in your DNS, and host it on a
small dedicated machine or VM that is thousands of miles away from you.
Your local mail server in your core POP goes down?  Mail will still arrive
and be queued in a spool if things are set up right.



On Fri, Oct 7, 2016 at 12:39 PM, Paul McCall <pa...@pdmnet.net> wrote:

> A BIG thanks to Josh for stepping up real quickly to help keep AFMUG
> online.
>
>
>
> Gotta get that 3rd DNS server OFFSITE !  Too many things on “the list”
>
>
>
> We sustained some damage, but it could have been a LOT worse.  Got blessed
> by a last minute jog to the East keeping the Cat4 winds in the ocean where
> they belong
>
>
>
> Paul
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *George Skorup
> *Sent:* Friday, October 7, 2016 2:18 PM
>
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> Looks like Paul got his network back online. Lets all hope he has a speedy
> recovery.
>
> But anyway, I don't know exactly when his network/name servers went
> offline, but when I started this thread last night, I was already getting
> NXDOMAIN. And as Eric pointed out, your NS record wasn't added to the zone,
> so that explains why. Your name server was definitely answering... with
> Paul's three NS records, which were all offline, thus brokedid.
>
> I wouldn't have a problem being a secondary for the zone either. My ns1,
> ns2 and ns3 machines share an anycast address. Which would be a little
> tricky to set up. The anycast address would be the NS record, but the zone
> config on the master would need also-notify statements. I know Paul isn't
> running BIND, so not sure if that would work.
>
> But I can't imagine afmug.com being a large zone. We're a Tucows/OpenSRS
> reseller too. And I have many domains using their DNS. And it's the right
> price... free. That might be the easier solution to this problem in the
> future. Or Amazon's DNS since the list is there anyway.
>
> On 10/7/2016 6:51 AM, Josh Baird wrote:
>
> I'm hosting DNS on NS1.KYWIMAX.COM.  It looks like Paul did forget to
> update the NS RRSet to make my server authoritative (give him a break, he's
> dealing with a hurricane), but as long as I'm answering queries things
> should be fine for the next 9 days (when the expire SOA reaches zero).  I
> could always flip the slave into a master zone and update the NS RRSet
> myself.
>
>
>
> Josh
>
>
>
> On Fri, Oct 7, 2016 at 12:41 AM, Ken Hohhof <af...@kwisp.com> wrote:
>
> So a lame delegation.  But if it is answering queries, maybe things won’t
> break?
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Eric Kuhnke
> *Sent:* Thursday, October 6, 2016 11:27 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> I am seeing ns1.kywimax.com as a 3rd nameserver in the whois record for
> afmug.com
>
> It seems to be answering
>
> But the zone file itself was not updated to list ns1.kywimax.com as
> authoritative, so stuff will probably break.
>
>
> dig mail.afmug.com @ns1.kywimax.com
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com @ns1.kywimax.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.afmug.com.INA
>
> ;; ANSWER SECTION:
> mail.afmug.com.600INA54.

Re: [AFMUG] afmug.com DNS

2016-10-07 Thread Josh Luthman 
Glad you guys are all OK!


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Fri, Oct 7, 2016 at 3:39 PM, Paul McCall <pa...@pdmnet.net> wrote:

> A BIG thanks to Josh for stepping up real quickly to help keep AFMUG
> online.
>
>
>
> Gotta get that 3rd DNS server OFFSITE !  Too many things on “the list”
>
>
>
> We sustained some damage, but it could have been a LOT worse.  Got blessed
> by a last minute jog to the East keeping the Cat4 winds in the ocean where
> they belong
>
>
>
> Paul
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *George Skorup
> *Sent:* Friday, October 7, 2016 2:18 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> Looks like Paul got his network back online. Lets all hope he has a speedy
> recovery.
>
> But anyway, I don't know exactly when his network/name servers went
> offline, but when I started this thread last night, I was already getting
> NXDOMAIN. And as Eric pointed out, your NS record wasn't added to the zone,
> so that explains why. Your name server was definitely answering... with
> Paul's three NS records, which were all offline, thus brokedid.
>
> I wouldn't have a problem being a secondary for the zone either. My ns1,
> ns2 and ns3 machines share an anycast address. Which would be a little
> tricky to set up. The anycast address would be the NS record, but the zone
> config on the master would need also-notify statements. I know Paul isn't
> running BIND, so not sure if that would work.
>
> But I can't imagine afmug.com being a large zone. We're a Tucows/OpenSRS
> reseller too. And I have many domains using their DNS. And it's the right
> price... free. That might be the easier solution to this problem in the
> future. Or Amazon's DNS since the list is there anyway.
>
> On 10/7/2016 6:51 AM, Josh Baird wrote:
>
> I'm hosting DNS on NS1.KYWIMAX.COM.  It looks like Paul did forget to
> update the NS RRSet to make my server authoritative (give him a break, he's
> dealing with a hurricane), but as long as I'm answering queries things
> should be fine for the next 9 days (when the expire SOA reaches zero).  I
> could always flip the slave into a master zone and update the NS RRSet
> myself.
>
>
>
> Josh
>
>
>
> On Fri, Oct 7, 2016 at 12:41 AM, Ken Hohhof <af...@kwisp.com> wrote:
>
> So a lame delegation.  But if it is answering queries, maybe things won’t
> break?
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Eric Kuhnke
> *Sent:* Thursday, October 6, 2016 11:27 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> I am seeing ns1.kywimax.com as a 3rd nameserver in the whois record for
> afmug.com
>
> It seems to be answering
>
> But the zone file itself was not updated to list ns1.kywimax.com as
> authoritative, so stuff will probably break.
>
>
> dig mail.afmug.com @ns1.kywimax.com
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com @ns1.kywimax.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.afmug.com.INA
>
> ;; ANSWER SECTION:
> mail.afmug.com.600INA54.210.210.89
>
> ;; AUTHORITY SECTION:
> afmug.com.10800INNSns0.pdmnet.com.
> afmug.com.10800INNSns.pdmnet.com.
> afmug.com.10800INNSns1.pdmnet.com.
>
> ;; Query time: 93 msec
> ;; SERVER: 100.42.32.200#53(100.42.32.200)
> ;; WHEN: Thu Oct 06 21:25:11 PDT 2016
> ;; MSG SIZE  rcvd: 119
>
>
>
> On Thu, Oct 6, 2016 at 9:09 PM, George Skorup <geo...@cbcast.com> wrote:
>
> Looks like Paul's network is offline. Did the secondary DNS for afmug.com
> get set up? Doesn't look like it. I'm still seeing ns, ns0 and
> ns1.pdmnet.net as the name servers. And all three are obviously down. So
> the list is going to break once everyone's DNS caches expire.
>
>
>
>
>
>
>

Re: [AFMUG] afmug.com DNS

2016-10-07 Thread Jaime Solorza 
Keep vigilant... Might whip back around... Thank „God you are okay

On Oct 7, 2016 1:39 PM, "Paul McCall" <pa...@pdmnet.net> wrote:

> A BIG thanks to Josh for stepping up real quickly to help keep AFMUG
> online.
>
>
>
> Gotta get that 3rd DNS server OFFSITE !  Too many things on “the list”
>
>
>
> We sustained some damage, but it could have been a LOT worse.  Got blessed
> by a last minute jog to the East keeping the Cat4 winds in the ocean where
> they belong
>
>
>
> Paul
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *George Skorup
> *Sent:* Friday, October 7, 2016 2:18 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> Looks like Paul got his network back online. Lets all hope he has a speedy
> recovery.
>
> But anyway, I don't know exactly when his network/name servers went
> offline, but when I started this thread last night, I was already getting
> NXDOMAIN. And as Eric pointed out, your NS record wasn't added to the zone,
> so that explains why. Your name server was definitely answering... with
> Paul's three NS records, which were all offline, thus brokedid.
>
> I wouldn't have a problem being a secondary for the zone either. My ns1,
> ns2 and ns3 machines share an anycast address. Which would be a little
> tricky to set up. The anycast address would be the NS record, but the zone
> config on the master would need also-notify statements. I know Paul isn't
> running BIND, so not sure if that would work.
>
> But I can't imagine afmug.com being a large zone. We're a Tucows/OpenSRS
> reseller too. And I have many domains using their DNS. And it's the right
> price... free. That might be the easier solution to this problem in the
> future. Or Amazon's DNS since the list is there anyway.
>
> On 10/7/2016 6:51 AM, Josh Baird wrote:
>
> I'm hosting DNS on NS1.KYWIMAX.COM.  It looks like Paul did forget to
> update the NS RRSet to make my server authoritative (give him a break, he's
> dealing with a hurricane), but as long as I'm answering queries things
> should be fine for the next 9 days (when the expire SOA reaches zero).  I
> could always flip the slave into a master zone and update the NS RRSet
> myself.
>
>
>
> Josh
>
>
>
> On Fri, Oct 7, 2016 at 12:41 AM, Ken Hohhof <af...@kwisp.com> wrote:
>
> So a lame delegation.  But if it is answering queries, maybe things won’t
> break?
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Eric Kuhnke
> *Sent:* Thursday, October 6, 2016 11:27 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> I am seeing ns1.kywimax.com as a 3rd nameserver in the whois record for
> afmug.com
>
> It seems to be answering
>
> But the zone file itself was not updated to list ns1.kywimax.com as
> authoritative, so stuff will probably break.
>
>
> dig mail.afmug.com @ns1.kywimax.com
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com @ns1.kywimax.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.afmug.com.INA
>
> ;; ANSWER SECTION:
> mail.afmug.com.600INA54.210.210.89
>
> ;; AUTHORITY SECTION:
> afmug.com.10800INNSns0.pdmnet.com.
> afmug.com.10800INNSns.pdmnet.com.
> afmug.com.10800INNSns1.pdmnet.com.
>
> ;; Query time: 93 msec
> ;; SERVER: 100.42.32.200#53(100.42.32.200)
> ;; WHEN: Thu Oct 06 21:25:11 PDT 2016
> ;; MSG SIZE  rcvd: 119
>
>
>
> On Thu, Oct 6, 2016 at 9:09 PM, George Skorup <geo...@cbcast.com> wrote:
>
> Looks like Paul's network is offline. Did the secondary DNS for afmug.com
> get set up? Doesn't look like it. I'm still seeing ns, ns0 and
> ns1.pdmnet.net as the name servers. And all three are obviously down. So
> the list is going to break once everyone's DNS caches expire.
>
>
>
>
>
>
>

Re: [AFMUG] afmug.com DNS

2016-10-07 Thread Paul McCall 
A BIG thanks to Josh for stepping up real quickly to help keep AFMUG online.

Gotta get that 3rd DNS server OFFSITE !  Too many things on “the list”

We sustained some damage, but it could have been a LOT worse.  Got blessed by a 
last minute jog to the East keeping the Cat4 winds in the ocean where they 
belong

Paul

From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup
Sent: Friday, October 7, 2016 2:18 PM
To: af@afmug.com
Subject: Re: [AFMUG] afmug.com DNS

Looks like Paul got his network back online. Lets all hope he has a speedy 
recovery.

But anyway, I don't know exactly when his network/name servers went offline, 
but when I started this thread last night, I was already getting NXDOMAIN. And 
as Eric pointed out, your NS record wasn't added to the zone, so that explains 
why. Your name server was definitely answering... with Paul's three NS records, 
which were all offline, thus brokedid.

I wouldn't have a problem being a secondary for the zone either. My ns1, ns2 
and ns3 machines share an anycast address. Which would be a little tricky to 
set up. The anycast address would be the NS record, but the zone config on the 
master would need also-notify statements. I know Paul isn't running BIND, so 
not sure if that would work.

But I can't imagine afmug.com being a large zone. We're a Tucows/OpenSRS 
reseller too. And I have many domains using their DNS. And it's the right 
price... free. That might be the easier solution to this problem in the future. 
Or Amazon's DNS since the list is there anyway.
On 10/7/2016 6:51 AM, Josh Baird wrote:
I'm hosting DNS on NS1.KYWIMAX.COM<http://NS1.KYWIMAX.COM>.  It looks like Paul 
did forget to update the NS RRSet to make my server authoritative (give him a 
break, he's dealing with a hurricane), but as long as I'm answering queries 
things should be fine for the next 9 days (when the expire SOA reaches zero).  
I could always flip the slave into a master zone and update the NS RRSet myself.

Josh

On Fri, Oct 7, 2016 at 12:41 AM, Ken Hohhof 
<af...@kwisp.com<mailto:af...@kwisp.com>> wrote:
So a lame delegation.  But if it is answering queries, maybe things won’t break?

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of Eric Kuhnke
Sent: Thursday, October 6, 2016 11:27 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] afmug.com<http://afmug.com> DNS

I am seeing ns1.kywimax.com<http://ns1.kywimax.com> as a 3rd nameserver in the 
whois record for afmug.com<http://afmug.com>
It seems to be answering
But the zone file itself was not updated to list 
ns1.kywimax.com<http://ns1.kywimax.com> as authoritative, so stuff will 
probably break.


dig mail.afmug.com<http://mail.afmug.com> 
@ns1.kywimax.com<http://ns1.kywimax.com>

; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com<http://mail.afmug.com> 
@ns1.kywimax.com<http://ns1.kywimax.com>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.afmug.com<http://mail.afmug.com>.INA

;; ANSWER SECTION:
mail.afmug.com<http://mail.afmug.com>.600INA54.210.210.89

;; AUTHORITY SECTION:
afmug.com<http://afmug.com>.10800INNS
ns0.pdmnet.com<http://ns0.pdmnet.com>.
afmug.com<http://afmug.com>.10800INNS
ns.pdmnet.com<http://ns.pdmnet.com>.
afmug.com<http://afmug.com>.10800INNS
ns1.pdmnet.com<http://ns1.pdmnet.com>.

;; Query time: 93 msec
;; SERVER: 100.42.32.200#53(100.42.32.200)
;; WHEN: Thu Oct 06 21:25:11 PDT 2016
;; MSG SIZE  rcvd: 119


On Thu, Oct 6, 2016 at 9:09 PM, George Skorup 
<geo...@cbcast.com<mailto:geo...@cbcast.com>> wrote:
Looks like Paul's network is offline. Did the secondary DNS for 
afmug.com<http://afmug.com> get set up? Doesn't look like it. I'm still seeing 
ns, ns0 and ns1.pdmnet.net<http://ns1.pdmnet.net> as the name servers. And all 
three are obviously down. So the list is going to break once everyone's DNS 
caches expire.

Re: [AFMUG] afmug.com DNS

2016-10-07 Thread George Skorup 
Looks like Paul got his network back online. Lets all hope he has a 
speedy recovery.


But anyway, I don't know exactly when his network/name servers went 
offline, but when I started this thread last night, I was already 
getting NXDOMAIN. And as Eric pointed out, your NS record wasn't added 
to the zone, so that explains why. Your name server was definitely 
answering... with Paul's three NS records, which were all offline, thus 
brokedid.


I wouldn't have a problem being a secondary for the zone either. My ns1, 
ns2 and ns3 machines share an anycast address. Which would be a little 
tricky to set up. The anycast address would be the NS record, but the 
zone config on the master would need also-notify statements. I know Paul 
isn't running BIND, so not sure if that would work.


But I can't imagine afmug.com being a large zone. We're a Tucows/OpenSRS 
reseller too. And I have many domains using their DNS. And it's the 
right price... free. That might be the easier solution to this problem 
in the future. Or Amazon's DNS since the list is there anyway.


On 10/7/2016 6:51 AM, Josh Baird wrote:
I'm hosting DNS on NS1.KYWIMAX.COM .  It looks 
like Paul did forget to update the NS RRSet to make my server 
authoritative (give him a break, he's dealing with a hurricane), but 
as long as I'm answering queries things should be fine for the next 9 
days (when the expire SOA reaches zero).  I could always flip the 
slave into a master zone and update the NS RRSet myself.


Josh

On Fri, Oct 7, 2016 at 12:41 AM, Ken Hohhof > wrote:


So a lame delegation.  But if it is answering queries, maybe
things won’t break?

*From:*Af [mailto:af-boun...@afmug.com
] *On Behalf Of *Eric Kuhnke
*Sent:* Thursday, October 6, 2016 11:27 PM
*To:* af@afmug.com 
*Subject:* Re: [AFMUG] afmug.com  DNS

I am seeing ns1.kywimax.com  as a 3rd
nameserver in the whois record for afmug.com 

It seems to be answering

But the zone file itself was not updated to list ns1.kywimax.com
 as authoritative, so stuff will probably
break.


dig mail.afmug.com  @ns1.kywimax.com


; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com
 @ns1.kywimax.com 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.afmug.com . INA

;; ANSWER SECTION:
mail.afmug.com . 600INA   
54.210.210.89


;; AUTHORITY SECTION:
afmug.com . 10800INNS ns0.pdmnet.com
.
afmug.com . 10800INNS ns.pdmnet.com
.
afmug.com . 10800INNS ns1.pdmnet.com
.

;; Query time: 93 msec
;; SERVER: 100.42.32.200#53(100.42.32.200)
;; WHEN: Thu Oct 06 21:25:11 PDT 2016
;; MSG SIZE  rcvd: 119


On Thu, Oct 6, 2016 at 9:09 PM, George Skorup > wrote:

Looks like Paul's network is offline. Did the secondary DNS
for afmug.com  get set up? Doesn't look like
it. I'm still seeing ns, ns0 and ns1.pdmnet.net
 as the name servers. And all three are
obviously down. So the list is going to break once everyone's
DNS caches expire.

Re: [AFMUG] afmug.com DNS

2016-10-07 Thread Josh Baird 
I'm hosting DNS on NS1.KYWIMAX.COM.  It looks like Paul did forget to
update the NS RRSet to make my server authoritative (give him a break, he's
dealing with a hurricane), but as long as I'm answering queries things
should be fine for the next 9 days (when the expire SOA reaches zero).  I
could always flip the slave into a master zone and update the NS RRSet
myself.

Josh

On Fri, Oct 7, 2016 at 12:41 AM, Ken Hohhof <af...@kwisp.com> wrote:

> So a lame delegation.  But if it is answering queries, maybe things won’t
> break?
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Eric Kuhnke
> *Sent:* Thursday, October 6, 2016 11:27 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> I am seeing ns1.kywimax.com as a 3rd nameserver in the whois record for
> afmug.com
>
> It seems to be answering
>
> But the zone file itself was not updated to list ns1.kywimax.com as
> authoritative, so stuff will probably break.
>
>
> dig mail.afmug.com @ns1.kywimax.com
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com @ns1.kywimax.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.afmug.com.INA
>
> ;; ANSWER SECTION:
> mail.afmug.com.600INA54.210.210.89
>
> ;; AUTHORITY SECTION:
> afmug.com.10800INNSns0.pdmnet.com.
> afmug.com.10800INNSns.pdmnet.com.
> afmug.com.10800INNSns1.pdmnet.com.
>
> ;; Query time: 93 msec
> ;; SERVER: 100.42.32.200#53(100.42.32.200)
> ;; WHEN: Thu Oct 06 21:25:11 PDT 2016
> ;; MSG SIZE  rcvd: 119
>
>
>
>
> On Thu, Oct 6, 2016 at 9:09 PM, George Skorup <geo...@cbcast.com> wrote:
>
> Looks like Paul's network is offline. Did the secondary DNS for afmug.com
> get set up? Doesn't look like it. I'm still seeing ns, ns0 and
> ns1.pdmnet.net as the name servers. And all three are obviously down. So
> the list is going to break once everyone's DNS caches expire.
>
>
>

Re: [AFMUG] afmug.com DNS

2016-10-06 Thread Josh Luthman 
Soon a lot of us will be in Vegas and won't care.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Oct 7, 2016 12:41 AM, "Ken Hohhof" <af...@kwisp.com> wrote:

> So a lame delegation.  But if it is answering queries, maybe things won’t
> break?
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Eric Kuhnke
> *Sent:* Thursday, October 6, 2016 11:27 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] afmug.com DNS
>
>
>
> I am seeing ns1.kywimax.com as a 3rd nameserver in the whois record for
> afmug.com
>
> It seems to be answering
>
> But the zone file itself was not updated to list ns1.kywimax.com as
> authoritative, so stuff will probably break.
>
>
> dig mail.afmug.com @ns1.kywimax.com
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com @ns1.kywimax.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.afmug.com.INA
>
> ;; ANSWER SECTION:
> mail.afmug.com.600INA54.210.210.89
>
> ;; AUTHORITY SECTION:
> afmug.com.10800INNSns0.pdmnet.com.
> afmug.com.10800INNSns.pdmnet.com.
> afmug.com.10800INNSns1.pdmnet.com.
>
> ;; Query time: 93 msec
> ;; SERVER: 100.42.32.200#53(100.42.32.200)
> ;; WHEN: Thu Oct 06 21:25:11 PDT 2016
> ;; MSG SIZE  rcvd: 119
>
>
>
>
> On Thu, Oct 6, 2016 at 9:09 PM, George Skorup <geo...@cbcast.com> wrote:
>
> Looks like Paul's network is offline. Did the secondary DNS for afmug.com
> get set up? Doesn't look like it. I'm still seeing ns, ns0 and
> ns1.pdmnet.net as the name servers. And all three are obviously down. So
> the list is going to break once everyone's DNS caches expire.
>
>
>

Re: [AFMUG] afmug.com DNS

2016-10-06 Thread Ken Hohhof 
So a lame delegation.  But if it is answering queries, maybe things won’t break?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Eric Kuhnke
Sent: Thursday, October 6, 2016 11:27 PM
To: af@afmug.com
Subject: Re: [AFMUG] afmug.com DNS

 

I am seeing ns1.kywimax.com <http://ns1.kywimax.com>  as a 3rd nameserver in 
the whois record for afmug.com <http://afmug.com> 

It seems to be answering

But the zone file itself was not updated to list ns1.kywimax.com 
<http://ns1.kywimax.com>  as authoritative, so stuff will probably break.


dig mail.afmug.com <http://mail.afmug.com>  @ns1.kywimax.com 
<http://ns1.kywimax.com> 

; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com <http://mail.afmug.com>  
@ns1.kywimax.com <http://ns1.kywimax.com> 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.afmug.com <http://mail.afmug.com> .INA

;; ANSWER SECTION:
mail.afmug.com <http://mail.afmug.com> .600INA54.210.210.89

;; AUTHORITY SECTION:
afmug.com <http://afmug.com> .10800INNSns0.pdmnet.com 
<http://ns0.pdmnet.com> .
afmug.com <http://afmug.com> .10800INNSns.pdmnet.com 
<http://ns.pdmnet.com> .
afmug.com <http://afmug.com> .10800INNSns1.pdmnet.com 
<http://ns1.pdmnet.com> .

;; Query time: 93 msec
;; SERVER: 100.42.32.200#53(100.42.32.200)
;; WHEN: Thu Oct 06 21:25:11 PDT 2016
;; MSG SIZE  rcvd: 119




 

On Thu, Oct 6, 2016 at 9:09 PM, George Skorup <geo...@cbcast.com 
<mailto:geo...@cbcast.com> > wrote:

Looks like Paul's network is offline. Did the secondary DNS for afmug.com 
<http://afmug.com>  get set up? Doesn't look like it. I'm still seeing ns, ns0 
and ns1.pdmnet.net <http://ns1.pdmnet.net>  as the name servers. And all three 
are obviously down. So the list is going to break once everyone's DNS caches 
expire.

Re: [AFMUG] afmug.com DNS

2016-10-06 Thread Ken Hohhof 
Earlier I was seeing ns1.kywimax.com in the list but not now.  I think maybe he 
changed the nameservers at tucows but didn't change the NS records on his own 
DNS servers, so other DNS servers around the net have the stale information 
cached.  Once they expire that data, they should query the root servers.

Luckily as long as the stale NS records are cached, the other records should 
also be cached.

I used to run into this when customers would switch to a new hosting company 
without telling the old hosting company, whose nameservers still thought they 
were authoritative for the domain.  Forgetting that if a caching nameserver 
knows the authoritative nameserver, it will just keep asking it are you 
authoritative, and if it answers yes, there is no need to ever go  back to the 
root servers.

In this case though, I think everything will work out OK.


-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup
Sent: Thursday, October 6, 2016 11:10 PM
To: af@afmug.com
Subject: [AFMUG] afmug.com DNS

Looks like Paul's network is offline. Did the secondary DNS for afmug.com get 
set up? Doesn't look like it. I'm still seeing ns, ns0 and ns1.pdmnet.net as 
the name servers. And all three are obviously down. So the list is going to 
break once everyone's DNS caches expire.

Re: [AFMUG] afmug.com DNS

2016-10-06 Thread Eric Kuhnke 
I am seeing ns1.kywimax.com as a 3rd nameserver in the whois record for
afmug.com

It seems to be answering

But the zone file itself was not updated to list ns1.kywimax.com as
authoritative, so stuff will probably break.


dig mail.afmug.com @ns1.kywimax.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail.afmug.com @ns1.kywimax.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17959
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.afmug.com.INA

;; ANSWER SECTION:
mail.afmug.com.600INA54.210.210.89

;; AUTHORITY SECTION:
afmug.com.10800INNSns0.pdmnet.com.
afmug.com.10800INNSns.pdmnet.com.
afmug.com.10800INNSns1.pdmnet.com.

;; Query time: 93 msec
;; SERVER: 100.42.32.200#53(100.42.32.200)
;; WHEN: Thu Oct 06 21:25:11 PDT 2016
;; MSG SIZE  rcvd: 119




On Thu, Oct 6, 2016 at 9:09 PM, George Skorup  wrote:

> Looks like Paul's network is offline. Did the secondary DNS for afmug.com
> get set up? Doesn't look like it. I'm still seeing ns, ns0 and
> ns1.pdmnet.net as the name servers. And all three are obviously down. So
> the list is going to break once everyone's DNS caches expire.
>

Re: [AFMUG] afmug.com DNS

2016-10-06 Thread CBB - Jay Fuller 

We can probably survive a few days without a list can't we?
ok, maybe not...

Not looking good for Paul's area


  - Original Message - 
  From: George Skorup 
  To: af@afmug.com 
  Sent: Thursday, October 06, 2016 11:09 PM
  Subject: [AFMUG] afmug.com DNS


  Looks like Paul's network is offline. Did the secondary DNS for 
  afmug.com get set up? Doesn't look like it. I'm still seeing ns, ns0 and 
  ns1.pdmnet.net as the name servers. And all three are obviously down. So 
  the list is going to break once everyone's DNS caches expire.

Re: [AFMUG] afmug.com DNS

2016-10-06 Thread Eric Kuhnke 
I offered via direct email but he never replied...  Could have set up zone
transfers to my ns2 or ns3 authoritative slave bind9 machines which support
several large mission critical things.

On Thu, Oct 6, 2016 at 9:09 PM, George Skorup  wrote:

> Looks like Paul's network is offline. Did the secondary DNS for afmug.com
> get set up? Doesn't look like it. I'm still seeing ns, ns0 and
> ns1.pdmnet.net as the name servers. And all three are obviously down. So
> the list is going to break once everyone's DNS caches expire.
>

[AFMUG] afmug.com DNS

2016-10-06 Thread George Skorup 
Looks like Paul's network is offline. Did the secondary DNS for 
afmug.com get set up? Doesn't look like it. I'm still seeing ns, ns0 and 
ns1.pdmnet.net as the name servers. And all three are obviously down. So 
the list is going to break once everyone's DNS caches expire.