Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
You didn't cc tres - but I'm sitting next to him, and informed him *we* volunteered cabana if we want it.Tres actually doesn't use cabana as a nameserver - mainly me (unless the other guys have changed how the have their domains setup). A On 9/27/06 3:52 AM, Chris Withers [EMAIL PROTECTED] wrote: Justizin wrote: I haven't even got my responder up yet, to be honest. I'll be moving my domains to zoneedit at the same time as zope.org. I assume one of these is yours, and one of them jens' ? cabana.palladion.com 69.44.155.17 That'll be Tres (cc'ed in 'cos I don't know if he's on this list) ns1.dataflake.org 8.7.96.28 That'll be Jens. cheers, Chris ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
Andrew Sawyers wrote: You didn't cc tres Yeah, I know, but since Jens shouted at me shortly afterwards, I didn't think I'd rectify the situation ;-) Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
Thanks to both of you. On 9/27/06, Andrew Sawyers [EMAIL PROTECTED] wrote: You didn't cc tres - but I'm sitting next to him, and informed him *we* volunteered cabana if we want it.Tres actually doesn't use cabana as a nameserver - mainly me (unless the other guys have changed how the have their domains setup). A On 9/27/06 3:52 AM, Chris Withers [EMAIL PROTECTED] wrote: Justizin wrote: I haven't even got my responder up yet, to be honest. I'll be moving my domains to zoneedit at the same time as zope.org. I assume one of these is yours, and one of them jens' ? cabana.palladion.com 69.44.155.17 That'll be Tres (cc'ed in 'cos I don't know if he's on this list) ns1.dataflake.org 8.7.96.28 That'll be Jens. cheers, Chris -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:39, Martijn Faassen wrote: Andrew Sawyers wrote: Yeah, definitely. And if we go with that tool I volunteer to be hooked up as a secondary. As do I . All this DNS volunteering is great! Unfortunately, I'm a bit at a loss on how to proceed, as I'm not very familiar with DNS issues. The way it works is this: - - the owner/admin for the domain changes the domain name servers assigned for this domain through the registrar that holds the domain. This can normally be done using a web interface at the registrar. Someone at ZC must do this, and he needs a IP/hostname for the primary DNS server and IPs/hostnames for secondaries - - The zone data is pulled from the old servers and entered into the new primary. This zone data must reflect the new DNS primary/ secondaries. Whenever the primary is updated, it will contact all the secondaries it knows about automatically and ask them to reload the data. - - The secondaries need to have their configuration changed so that they know they are secondaries for zope.org. They also need to know the IP of the primary. They will then automatically fetch zone data from the primary. Apart from the first step this is quick and easy to do. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGUs7RAx5nvEhZLIRAqnXAJ9DEh9Xwu0lOWz1bnN7wZsfa3YnrACgs7mQ ShgewVqAuoT7G+RE+JFy+UY= =ECBK -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I believe a single DNS query over UDP can handle around 20-25 entries, depending on their size. Should be no problem for an 'NS' query for zope.org to point at ten or more hosts which run slave. The question is, does this tool allow that? I imagine so. I know that we set up a local slave in the convention center for SIGGRAPH in Boston this year from our cheapo DNS provider. I'm not sure what you're trying to explain or ask here. Do you think there would be any problem in propagating updates? Well, there won't. And I don't see any need for more than 3 DNS servers (including the master). DNS is not resource-intensive in any way. Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. All I'm saying is, I assume, hopefully, that this provider will allow us to specify hosts which are allowed to perform AXFR. They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. IIRC, we had about 100,000 zones, but still, let's think about this for a moment. Imagine: * I have www.stupidwebsiteforjerks.com * Someone hates my stupid website, because it's for jerks * My DNS records are in the same server as yours * Someone decides to launch an 8MB/s or so DDoS against my NS records and my webserver IP. * Your site starts failing to load for 30-60% of visitors after a few hours. ;) -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Martijn Faassen [EMAIL PROTECTED] wrote: Andrew Sawyers wrote: Yeah, definitely. And if we go with that tool I volunteer to be hooked up as a secondary. As do I . All this DNS volunteering is great! Unfortunately, I'm a bit at a loss on how to proceed, as I'm not very familiar with DNS issues. So, what I need: * a single contact person for DNS issues that I can contact whenever something DNS related is needed, can advise me on these issues should I have questions, and who will arrange DNS matters among the three of you. I propose it's one of you three (Justizin, Jens, Andrew). Anyone volunteering for that? I'm glad to be the lead, and I'm glad for either of the other guys to be the lead. ;d Whoever you decide to nag, I think the three of us can hammer this out. * A plan of action worked out between the three of you. I basically need to know what needs to be done bureaucratically from the side of Zope Corporation and the Foundation to get this arranged. I'll leave the actual work to you all - I intend to only be there when stuff needs to be expedited somehow. Okay. We will need: * A copy of the existing zope.org zone files * Cooperation from [EMAIL PROTECTED] to change the NS record pointers * A list of people who need access in ZoneEdit -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06 11:10 AM, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:02, Andrew Sawyers wrote: We can use someone like zoneedit.com for the primary, and then have a bunch of secondaries.I'm sure there's lots of us who could do secondary dns for this. I've used zoneedit for several years now - flawlessly. First 5 domains are free - so that shouldn't be a problem. Hey Andrew, learn bottom-posting please! I haven't worked with zoneedit, but would volunteer a secondary DNS setup on one of my boxes. DNS changes should be very tightly regulated and the group of people who can make them should be very small since DNS is a very important wheel in the machinery which can break all other services if not handled correctly. I don't think it is important to have some newbie- friendly tool. jens This has nothing to do with a newbie friendly tool - but a third party to be the primary, so that a single person isn't the 'owner' of this - so those with appropriate access can manage this. I'm sure all of us on the list understand the importance of DNS and it's reliability. Since it's free and been around for years, I thought it was worthy of looking at for the group. Andrew ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:48, Justizin wrote: Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. Do you know how DNS works? Slaves don't just ask for a transfer willy- nilly. Slaves are known to the primary and they get told when to ask. They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. I have no idea what you are talking about. This is not some huge DNS service that we need. We need to serve exactly one zone. This can be done from a Palm Pilot, to be honest. I have run DNS services for years and years and don't share any of your doubts. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGU16RAx5nvEhZLIRAgXmAKCJ9Ll0OvlJoLZ5v6NlblOzDP2VQACgnpwr sIHCUp37OQhySlIiXvke1yU= =qUDs -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:48, Justizin wrote: Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. Do you know how DNS works? Slaves don't just ask for a transfer willy- nilly. Slaves are known to the primary and they get told when to ask. I'm not sure this is correct. We should investigate before insulting each other's intelligence. I know a great deal about how DNS works, thank you very much. ;) They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. I have no idea what you are talking about. This is not some huge DNS service that we need. We need to serve exactly one zone. This can be done from a Palm Pilot, to be honest. I have run DNS services for years and years and don't share any of your doubts. Okay, let's please not make this an argument. *we* do not have large-scale DNS needs. However, if we use someone like ZoneEdit.com, their nameservers are highly loaded. So, as I said, if someone decides to launch a DNS attack on ns1.zoneedit.com or whatever, it can affect the availability of zope.org, unless there are alternates, which is what we all propose. It's a sad logical fallacy for you to state that because you have never seen this problem, it does not exist. I spent nearly three years as an engineer at one of the world's largest provider of managed internet services, and I can tell you that NS.RACKSPACE.COM and NS2.RACKSPACE.COM are hit multiple times a year by 8MB/s or greater DDoS attack. This was in a datacenter with 9GB/s of bandwidth via multiple OC-48 connections. It's important. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 18:17, Lennart Regebro wrote: I don't understand what you are debating, really. Could you clarify? This is about propagating data from the primary DNS server (which would be that service Andrew suggested) to the databases held on the secondary DNS servers. It is a fully automatic process, under normal circumstances. There's also the question how many secondary servers we need, or how much DNS serving capacity. Most normal domains have one primary and one secondary server. I suggest one primary and two secondaries. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGVOVRAx5nvEhZLIRAhWPAJ9R9WrFAiNEcgK3u3F9c+IwnN2tnwCguQ+7 oA/+CTShfimLvPbwaKLMT0s= =V798 -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 18:20, Justizin wrote: (a) ZoneEdit probably has more zones than Rackspace, which is classified in Texas as a Small Business. ZoneEdit is well known enough that a handful of people on this small mailing list know of it. People don't quite always target Rackspace, they often targetted specific Rackspace customers. Someone might target ZoneEdit. I meant specifically zope.org as the target for attack, not ZoneEdit. Even if ZoneEdit is targeted, two secondaries is still enough. (b) None of this matters because three of us offered to host slaves! Why are you arguing against doing something you volunteered to do? I'm not. I'm arguing against the higher number of secondaries that you suggested earlier. Two secondaries is enough. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGVShRAx5nvEhZLIRAv1zAJ4hD5Q9btzrcAlWeBvLm5g8i+5/3QCgkZRD icsUHJw7pgxNqBFmgZu/+5U= =Z6RD -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 18:51, Lennart Regebro wrote: On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: I'm not. I'm arguing against the higher number of secondaries that you suggested earlier. Two secondaries is enough. I'm guessing that's fine too. I haven't had any problems for four years, as mentioned, and i don't have secondaries, cuz I'm too lazy. :-) Now I know where to point *my* DNS DOS scripts ;) jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGVuMRAx5nvEhZLIRAp7lAJ9eU6engpGy0UBg3ede2WUIkcr3MQCfSgSb M+1zd0VvYZ6vX4dTWiINsMA= =WKBe -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
Justizin wrote: On 9/26/06, Martijn Faassen [EMAIL PROTECTED] wrote: [snip] I'm glad to be the lead, and I'm glad for either of the other guys to be the lead. ;d You're the only one volunteering for this right now, as far as I can see, so if you think you and Jens can get along after this DNS initiation rite or whatever you two were having just now, you're now the official lead. :) Great, thanks! Whoever you decide to nag, I think the three of us can hammer this out. Excellent. By the way, are you a Zope Foundation member in any way? I'm not sure whether it matters at this stage, just checking. * A plan of action worked out between the three of you. I basically need to know what needs to be done bureaucratically from the side of Zope Corporation and the Foundation to get this arranged. I'll leave the actual work to you all - I intend to only be there when stuff needs to be expedited somehow. Okay. We will need: * A copy of the existing zope.org zone files * Cooperation from [EMAIL PROTECTED] to change the NS record pointers * A list of people who need access in ZoneEdit I will contact Rob and try to get the ball rolling. I'll pass it back to you guys as soon as possible. Regards, Martijn ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web