[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: booboos?: Re: BerkeleyLUG.ORG - renewed & transferred; slaves? ...: Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z

To: BerkeleyLUG <berkeleylug@googlegroups.com>
Subject: Re: booboos?: Re: BerkeleyLUG.ORG - renewed & transferred; slaves? ...: Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
From: Rick Moen <rick@linuxmafia.com>
Date: Thu, 18 Apr 2019 13:46:55 -0700
Arc-authentication-results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of rick@linuxmafia.com designates 198.144.195.186 as permitted sender) smtp.mailfrom=rick@linuxmafia.com
Arc-authentication-results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of rick@linuxmafia.com designates 198.144.195.186 as permitted sender) smtp.mailfrom=rick@linuxmafia.com
Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:user-agent:organization :in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:sender:dkim-signature; bh=PajjyrqMZ9VZP/wGuQdQdqY3rm22aC/CAoVgXl6BZTQ=; b=NA8XK9bdDbBGGRl59k7yMeQllrzM+ThT0xHi3WVDC46mcylctIQQq81aRiHoniX15V h58f6ylTEUJz48j4rFIaUkZfLFEI3opQJqLoz7yKM16rDnIfjcCR3l37/ZXh/ZBc5HVo E14CMr6L0gBrozVt6ZstYwTMm6gCeGi7nRRUX/lhR7Kx2IQq2wE7ozenQIM5BEXerC9q iObv4mqgslqtIijrWaAZWCuLjc6bKzlhtcfkJNIf5zAPyumLxloddjuPBW7dPmmgGnhv CLIgHuojH/4CjXp+Jcy3sTYoYkhN++kuVZcb3X9fjk138EG2gQYVd+zmQhbpe3nXeXBT pP2w==
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:organization:in-reply-to:content-disposition :mime-version:references:message-id:subject:to:from:date; bh=qY+nE9AnJfoYIQq8kkQ8gFg0PseFgaLuoPscUqhAgoE=; b=WELhTN/4JPMCserFnakU7vM1/qV0AOf6QzeNBSqA4S7Gq1kZ62Lxv+iwZMqVMf0KBL +GKVB2dRAcUd1G0tKQHxkr6VvO9KaAavHh5gOsf0MaoWkvzVkyfVAenxqaxrR9OFI1Os 6C1Ou0BNbpXMzVFz0546ajo4ujnUYi71kc2EEIeeEtrB06QjcDDWfazT0NO3WjOLJy6+ 4UfPqboLYI8BcEVx9tgPGhAZGMZwyweU7iqxryaiVulhyVqNv+51990a+eRexMy/NU4T /7I2dgPh4YP7Gd3uSbLi0q4ozUsNyPkNmI49fnH1ioBoUjUxGhdBT0kjjbh9eUSLiUxz Z/fg==
Arc-seal: i=2; a=rsa-sha256; t=1555620427; cv=pass; d=google.com; s=arc-20160816; b=JpWLB0zx/5/FLWeFE1wyqTudq6yONisLEaHLbQl7IzxNAqs+wl+MQgcgoGO+u3j3KU kIi4Ru90MeyiJpt0Cy0Bvhd+ftVllk1CRoYQqjjjq1vDtXLuOTFO6WHJUCoQra4sFNWd 1GPQoFYzEMPavwfOBngnyyao5ub4/vTao+IjaXeWwBusMAP+mLeQamRIevwi03REM7Cd vBL/NqjE5fnPRhqja39CD8Y7dIYYxpuiLY5JRnJL+/RRwcdiy0Xszf9skpY8mixysnbw Hbrdh8/++49NH4DahZ1eI3kWjyRoUEBfsJflqZQL6+TKilmUwr39PFyoDSS0fQK8C+xR HCUg==
Arc-seal: i=1; a=rsa-sha256; t=1555620426; cv=none; d=google.com; s=arc-20160816; b=eG+Oq7gj1H4TyggVHlL2bleLsFDvtAusGZDzVPFU8bN/qNxGMbctWaxUGWzbokMq9B ceXDqmyTw35sApkQAl3xR9roAwEDmv1j93xfzJbdP27iRyad3IQdeHM37u5g51PXmeqe vx8UnRM2NccNpYuCUhFk/jw6RRieXa9GMBvzMvq9NQrLPXoKFxvKI3ZNN0nRIdcIExYe aE7fkPxr69UmrajGBFovm0tW/jQ31B9axP9Vt0bNRaV+M/W0KpxF71dTwnXJvc0vR7b8 VBfHcD/BQPEDVdq6nPl6iBrM3oFwttR13RXEmy6OraUxay/4/YgrHG5STd0NYoM19Esw 5MKw==
Delivered-to: historian@entropia.netisland.net
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:organization:user-agent :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=PajjyrqMZ9VZP/wGuQdQdqY3rm22aC/CAoVgXl6BZTQ=; b=esAhyiMK/+3NL9QDwIYdkSqoDubtxjdKkoIVneTlQJYiZIRdd454NATFeEIt8YHvS8 AEryBah5rGDf6A8Cxu44n7r8en+Otn3CUCr8IeMQDUn/tecD9SNbY1o96/KZriVOOYYi tLUoBKbkKx4Jm+PNCwbfb+ucGHF5+VmkSeTSZlxi4ZqnEmibftVowU+OXzhMYvYck0qL cAnwZuUEnkDG+FxBU4wdgvsxoprx2hsecq58vgICutjlxQkWzOKaziQmkHBP6HEOJkfm uoi66ox/KRqvIh0jIQgToucDPkniOfCD7Az6kYBAwKqWFUPLlS7tsc0vbnDJbQawyX2y drEg==
In-reply-to: <20190418043730.40015im1j0ma770o@webmail.rawbw.com>
List-archive: <https://groups.google.com/group/berkeleylu>
List-help: <https://groups.google.com/support/>, <mailto:berkeleylug+help@googlegroups.com>
List-id: <berkeleylug.googlegroups.com>
List-post: <https://groups.google.com/group/berkeleylug/post>, <mailto:berkeleylug@googlegroups.com>
List-subscribe: <https://groups.google.com/group/berkeleylug/subscribe>, <mailto:berkeleylug+subscribe@googlegroups.com>
List-unsubscribe: <mailto:googlegroups-manage+61884646931+unsubscribe@googlegroups.com>, <https://groups.google.com/group/berkeleylug/subscribe>
Mailing-list: list berkeleylug@googlegroups.com; contact berkeleylug+owners@googlegroups.com
Organization: If you lived here, you'd be $HOME already.
References: <20190312075346.96331ou2q7p6rgtc@webmail.rawbw.com> <20190328220622.16255adoi9ffbx74@webmail.rawbw.com> <CA+znOQEihqOh=9euG0nQTaGj0jYA6mXGUoi=QSEffu07O-BxVg@mail.gmail.com> <20190402005458.47465t7nqkmda6sc@webmail.rawbw.com> <20190409055847.18533d94j7yqur6s@webmail.rawbw.com> <20190417212540.141772t1lo0lgq04@webmail.rawbw.com> <20190418073856.GU22293@linuxmafia.com> <20190418043730.40015im1j0ma770o@webmail.rawbw.com>
Reply-to: berkeleylug@googlegroups.com
Sender: berkeleylug@googlegroups.com
User-agent: Mutt/1.5.20 (2009-06-14)

Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

> No ... not sure why that shows/showed "double" for you there.

After posting, I realised it must have been two separate sections of
WHOIS return values reporting the same data.  That's a limitation of 
my scripting tactics in use, there.

If it hadn't been way too damned late, and my trying to catch up on
sysadmin tasks while lying in bed before sleep, I'd have figured out
where the apparent doubling came from.  But I just didn't have time to
pursue the matter, so just noted the anomaly so I could complete the
task and go to sleep.

> Nope, that's intentional, and correct.  :-)
> 
> The first . is interpreted as @ to change it into an email address ...
> unless preceded by \, in which case it's literal.

That part everyone who does DNS knows.

The thing is, the reason I'd never seen escaping of periods in anyone 
else's SOA RNAME subfield, even though I've seen a ton of zonefiles, 
is this is the literally the first time I've seen a zone whose zone 
administrator is reached via a firstname.lastname corporate-style e-mail
address.  It's always been like rm@example.com, noc@example.com,
ops@example.com, hostmaster@example.com, root@example.com .  

So, yeah, the need to escape your LHS period makes total sense for parsing
(now that I see that problem arise); I'd just never seen anyone needing
to solve that specific problem before.

And, again, I was on the edge of sleep and lacked time to ponder the
matter, so I noted the anomaly and completed the task so I could nod
off.


> No, that intentionally allows an source IP address to do AXFR.

Fine, as long as it's intentional.

As you almost certainly already know, most DNS admins lock down
AXFR/IXFR to authorised slave nameserver IP addresses only, as policy,
to implement a minor security measure to make the job of intruders doing
resource discovery a little harder.  Presumably you know all about the
arguments for (e.g. 'but I want all of this to be completely public!')
and against, so there's no reason to trot them out.  If not, knock
yourself out arguing with or against US-CERT:
https://www.us-cert.gov/ncas/alerts/TA15-103A

> And, I then further thought, heck, [L]UG(s) - can I think of any
> particularly good reasons to not make AXFR open to all?

There are reasons.  Whether they're good or not is in the eye of the
beholder.  Your system, your policy.

I consider locking down AXFR/IXFR best practices, and that's what I
teach people.  But you do you.

-- 
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To post to this group, send email to berkeleylug@googlegroups.com.
Visit this group at https://groups.google.com/group/berkeleylug.
For more options, visit https://groups.google.com/d/optout.

References:
- BerkeleyLUG domains, "hosting", etc.
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
  - From: ace36 <acohen36@gmail.com>
- Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- BerkeleyLUG.ORG - renewed & transferred; slaves? ...: Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- Re: BerkeleyLUG.ORG - renewed & transferred; slaves? ...: Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
  - From: Rick Moen <rick@linuxmafia.com>
- booboos?: Re: BerkeleyLUG.ORG - renewed & transferred; slaves? ...: Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>

Prev by Date: >=3 (now 4) Name servers: Re: BerkeleyLUG.ORG - renewed & transferred; slaves?
Next by Date: Re: And ... back to 85C Bakery Cafe: Re: BerkeleyLUG meetup this Sunday 2019-04-14, now at Algorithm Coffee!
Previous by thread: booboos?: Re: BerkeleyLUG.ORG - renewed & transferred; slaves? ...: Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z
Next by thread: >=3 (now 4) Name servers: Re: BerkeleyLUG.ORG - renewed & transferred; slaves?
Index(es):
- Date
- Thread