[tech] UCC DNS delegation
David Adam
zanchey at ucc.gu.uwa.edu.au
Fri Oct 5 12:22:49 WST 2012
On Fri, 5 Oct 2012, Nick Bannon wrote:
> I've lost track of exactly who our contacts are for our upstream forward
> and reverse DNS, I guess we should put those into /home/wheel/docs or
> perhaps mooneye:/etc/bind/named.conf.local .
>
> Probably the secure.ucc.asn.au SSL cert too, [MSH] renewed that with
> http://www.positivessl.com/ until 2015-05-10T23:59:59Z , I think he'll
> get that reminder at <matt at ucc.asn.au> .
[MSH] has been looking after this for at least ten years now I think :-)
> [BOB] - you renewed ucc.asn.au with enetica.com.au for $39/2 years around
> 05-Apr-2012 09:54:40 UTC, I guess that means it expires in 20140701,
> though that's not shown on http://whois.ausregistry.com.au/ . It does
> show that the contacts are at wheel at ucc.gu.uwa.edu.au so I imagine that
> can be recovered by email if you're not available.
You don't actually need a password to renew with Enetica, but I have the
password if anyone wants it.
> IS would be our upstream for gu.uwa.edu.au , ucc.guild.uwa.edu.au ,
> 13.95.130.in-addr.arpa , 2.4.1.0.0.0.0.0.c.3.5.0.4.2.ip6.arpa . Any
> contact person/method in particular?
In the past I've filed a ticket in the IT Service Desk, which usually ends
up on Toivo's desk. They have binned the old DNS management tool (dnszone
or something), not sure what the new one is or how we get access to it.
Incidentally reverse DNS delegation for IPv6 does not work. In fact I
don't think it has ever worked, either with the old address range(see
http://lists.ucc.gu.uwa.edu.au/pipermail/tech/2010-August/003911.html),
or the new range UWA received in November 2010. There is no PTR record for
2405:3c00::/32 (i.e. 0.0.c.3.5.0.4.2.ip6.arpa) from APNIC, and the UWA DNS
thinks it is authoritative for that zone but does not delegate
0.0.2.4.1.0.0.0.0.0.c.3.5.0.4.2.ip6.arpa at all.
> *** The problem is that they all list the nameservers as:
> Name Server mooneye.ucc.gu.uwa.edu.au
> Name Server ns2.bur.st
> Name Server ns4.labyrinthdata.net.au
> (and the only glue they have is ns4.labyrinthdata.net.au = 173.203.117.254 )
dns1.uwa.edu.au has glue for mooneye, I think:
$ dig +norec @dns1.uwa.edu.au ucc.gu.uwa.edu.au
;; ADDITIONAL SECTION:
mooneye.ucc.gu.uwa.edu.au. 3600 IN A 130.95.13.9
which is surely all that is needed - I don't think you need glue records
for NSes that are outside the zone? The servers are returning extra glue
but those are cached values and won't always be there (in fact I think
dns1 is load balanced because repeat queries return different results and
different TTLs!)
> ns2.bur.st / 218.100.43.114 / creep.bur.st refuses all queries.
> [MRD] - is that as it should be and we should delete them? or should we
> be able to get WAIA.asn.au/bur.st secondarying?
I last looked at this in 2010:
http://lists.ucc.gu.uwa.edu.au/pipermail/tech/2010-July/003899.html
bur.st was a great asset for a long time but with the change to WAIA and
the ongoing problems they are having with resources perhaps we should look
elsewhere.
ns4.labyrinthdata.net.au is looked after by Patrick Coleman <blinken at ucc>
et al.
Possibly we should consider freedns.afraid.org or asking [AHC].
David Adam
zanchey at ucc.gu.uwa.edu.au
Ask Me About Our SLA!
More information about the tech
mailing list