More of same, involving back-to-back NOTIFY traffic about mpaoli.net,
allegedly originating from master nameserver 96.86.170.226 . Michael, I
greatly doubt your nameserver is doing this. mpaoli.net's zonefile is
pretty unchanging. I suspect Comcast middleman fsckery. Thoughts?
----- Forwarded message from logcheck system account <logcheck(a)linuxmafia.com> -----
Date: Tue, 04 Jun 2024 02:02:01 -0700
From: logcheck system account <logcheck(a)linuxmafia.com>
To: root(a)linuxmafia.com
Subject: linuxmafia.com 2024-06-04 02:02 System Events
System Events
=-=-=-=-=-=-=
Jun 4 01:47:15 linuxmafia named[15622]: zone mpaoli.net/IN: Transfer started.
Jun 4 01:47:15 linuxmafia named[15622]: transfer of 'mpaoli.net/IN' from 96.86.170.226#53: connected using 96.95.217.99#52012
Jun 4 01:47:15 linuxmafia named[15622]: zone mpaoli.net/IN: transferred serial 1717468800
Jun 4 01:47:15 linuxmafia named[15622]: transfer of 'mpaoli.net/IN' from 96.86.170.226#53: Transfer completed: 1 messages, 6 records, 546 bytes, 0.064 secs (8531 bytes/sec)
Jun 4 02:00:09 linuxmafia named[15622]: zone mpaoli.net/IN: Transfer started.
Jun 4 02:00:09 linuxmafia named[15622]: transfer of 'mpaoli.net/IN' from 96.86.170.226#53: connected using 96.95.217.99#57758
Jun 4 02:00:09 linuxmafia named[15622]: zone mpaoli.net/IN: transferred serial 1717491608
Jun 4 02:00:09 linuxmafia named[15622]: transfer of 'mpaoli.net/IN' from 96.86.170.226#53: Transfer completed: 1 messages, 15 records, 1266 bytes, 0.072 secs (17583 bytes/sec)
----- End forwarded message -----
Ah ... sounds good.
So ... I'm guessing soon...ish, you'll have
2603:3024:180d:f100:50:242:105:34 (nsx.sunnyside.com.)
operational again (no extreme rush) ... or at least nsx.sunnyside.com.
regaining an operational AAAA that also works for DNS.
I noticed earlier it wasn't working ... then subsequently
you apparently dropped the AAAA record for it
(perfectly fine thing to do while it's not working!)
... I did try the IP directly - still no DNS response,
but I note also that that AAAA record hasn't been
restored yet either ... or any AAAA record for that domain.
$ eval dig @ns0.sunnysidex.com. +noall +answer +norecurse
nsx.sunnyside.com.\ A{,AAA}
nsx.sunnyside.com. 600 IN A 50.242.105.52
$
https://dnsviz.net/d/balug.org/Zl6vNw/responses/https://dnsviz.net/d/balug.org/ZmGAnw/responses/https://dnsviz.net/d/balug.org/ZmHuow/responses/
> 19 tickets closed almost immediately without comment
Let's see, if we have a ticketing system, and highly
incentivized folks to close tickets quickly, we get ...
lots of tickets closed quickly ... doesn't mean anything
gets fixed. And yes, have seen this before ... alas, even
in some departments/areas at some employers I've
worked at.
"Be careful what you measure." (And how one uses it).
Same employer, a much more astute manager with a
much better functioning department ... how did they
do it? They surveyed the customers, and used that
as a large measure of determining how well the technicians were
doing at getting issues solved ... not how quickly
the techs closed tickets. Alas, that highly well
performing department stuck out like a sore
thumb ... so ... eventually management "fixed"
that issue ... by subsuming that department into
the other, thus ensuring there wouldn't be such
a good standout to embarrass the rest.
Anyway, glad your Comcast issue finally got resolved.
< From: Michael Paoli <michael.paoli(a)berkeley.edu>
< Date: Tue, Jun 4, 2024 at 4:21\xe2\x80\xafPM
< Subject: Re: [BALUG-Admin] (forw) linuxmafia.com 2024-06-04 02:02
System Events
< To: Rick Moen <rick(a)linuxmafia.com>
< Cc: BALUG-Admin <balug-admin(a)lists.balug.org>, Al <aw009(a)sunnyside.com>
<
< And thirdly - relatively minor issue. Al's got
< (at least last I checked, yesterday or so) issues with
< 2603:3024:180d:f100:50:242:105:34 (nsx.sunnyside.com.)
< not responding.
On Thu, Jun 6, 2024 at 7:45 AM Al <aw009(a)sunnyside.com> wrote:
>
> The manager that took one of my tickets and refused to let it be closed has helped me to finally get my case resolved.
> I have tested access from AWS successfully, and the modem does in fact seem to have my /56 back in it instead of what
> looked very much like a dynamic /64.
> It's also amazing that anyone talked to me at all. I had 19 tickets closed almost immediately without comment.
>
>
> -------- Forwarded Message --------
> Subject: Comcast Service Ticket CR144883981
> Date: Thu, 6 Jun 2024 14:12:18 +0000
> From:
> To: awcomcast(a)sunnyside.com <awcomcast(a)sunnyside.com>
>
>
> Good morning,
>
>
>
> I am reaching out to you in regards to ticket CR144883981. This was in regards to reclaiming your original IPv6 prefix. I worked with our device support, and we were able to reclaim 2603:3024:180d:f100 for you. As of this morning, the IPv6 has been restored onto your modem.
>
>
>
>
>
> Thank you for using Comcast,
>
>
>
> Shana Rich
>
> Tech 4, CSSA (ABS)
>
> Complex & Strategic Service Assurance
>
> Avail Hours Mon-Fri, 8:00am – 4:30pm MST
>
> Comcast Business Services
----- Forwarded message from Al <awbalug(a)sunnyside.com> -----
Date: Tue, 4 Jun 2024 16:29:04 -0700
From: Al <awbalug(a)sunnyside.com>
To: Rick Moen <rick(a)linuxmafia.com>
Subject: Re: [BALUG-Admin] Comcast Business apparently blocking 5353 UDP Re:
linuxmafia.com "retry limit exceeded"
Rick, you're at the right place - that gear icon and right side panel
on business.comcast.com is just the right thing.
And I think the situation as you're outlining it is right to me. So
the answer to your question, broadly, is yes I think you have it
right.
If you end up at securityedge.comcast.com, IMHO you've gone too far.
My sense is that all that stuff is disabled back at the right side
panel...
Once SE (security edge) is disabled I think everything is. That
said, you're being smart about it - if symptoms persist, drill down
and look into individual
settings for various elements of SE and just make sure they're all off
- in case Comcast can't quite sort out how to actually disable stuff.
AFAIK however your nets (yours and Michaels) are unrestricted.
My tests from here are that access to both 96.86.170.229 and
96.95.217.99 on port 53 is not blocked (and not just those /32s but
the entire subnet in each case).
I am looking back over email from the last few days trying to sort out
where 73.189.65.18 crept into the conversation.
As I mentioned I have been unable to focus sufficiently on this the
last few days, and missed where that came from.
I also haven't looked closely enough at the discussion to see if what
I am trying to reproduce isn't exactly where you're having trouble.
I'll go back over the notes and see if I can pay more attention to the
details and whether I can actually add any insight to the discussion.
Al
----- End forwarded message -----
To clarify, I noticed "73.189.65.18" as the source of NOTIFYs for
Michael's domains, which can legitimately come _only_ from Michael's
authoritative nameserver, IP 96.86.170.229.
And 73.189.65.18 is Comcast's _own_ IP, not Michael's.
:r! dig -x 73.189.65.18 +short
c-73-189-65-18.hsd1.ca.comcast.net.
So, something is rotten, there. I'm immediately inclined to suspect
that Comcast is playing man-in-the-middle games with DNS traffic.
Which, if true, suggest Comcast acting like a rogue state security
agency or one operating on behalf of a totalitarian state. Not a good
look.
FYI, there's new root hints file as of 2024-05-28:
https://www.internic.net/domain/named.root
see also:
https://www.iana.org/domains/root/files
Also, Debian stable isn't quite caught up to that yet (though
I expect it will likely be with upcoming stable update).
And yes, "newer" (/non-ancient) BIND versions
are "smart" enough to catch this, notice, and complain
(the bit in the logs was what first caught my attention on it).
times UTC / GMT0:
# cat /etc/debian_version; sed -ne '3,4p;4q'
/etc/bind/named.conf.default-zones && dpkg -S
/usr/share/dns/root.hints && dpkg -l dns-root-data | grep '^ii '; diff
-U0 /usr/share/dns/root.hints <(su - test -c 'curl -s
https://www.internic.net/domain/named.root')
12.5
type hint;
file "/usr/share/dns/root.hints";
dns-root-data: /usr/share/dns/root.hints
ii dns-root-data 2023010101 all DNS root data including
root zone and DNSSEC key
--- /usr/share/dns/root.hints 2023-01-11 07:22:00.000000000 +0000
+++ /dev/fd/63 2024-06-05 05:57:26.860941086 +0000
@@ -12,2 +12,2 @@
-; last update: January 01, 2023
-; related version of root zone: 2023010101
+; last update: May 28, 2024
+; related version of root zone: 2024052801
@@ -24,2 +24,2 @@
-B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
-B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
+B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
+B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
#
May 12 20:45:20 tigger named[3452]: checkhints: b.root-servers.net/A
(170.247.170.2) missing from hints
May 12 20:45:20 tigger named[3452]: checkhints: b.root-servers.net/A
(199.9.14.201) extra record in hints
May 12 20:45:20 tigger named[3452]: checkhints:
b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
May 12 20:45:20 tigger named[3452]: checkhints:
b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Quoting Al Whaley (aw009(a)sunnyside.com):
> That security edge feature is no longer optional on Comcast business
> accounts. However you can log into your Comcast business website
> portal as yourself and look at your options and very quickly turn
> security edge off.
Guys, I've moved this back to balug-admin, because I like the record
that keeps, and we're not talking about anything that dannot be public.
Is that alright?
Good idea about that accursed SecurityEdge "feature". I've now disabled
that blasted thing in the Comcast Business account to the extent they
permit, I think?
Initial login takes me to
https://business.comcast.com/account/dashboard/accounts/689906011127102015C…
where I see Subscribed Services described as "Business Internet
Essential 150 Mbps / 25 Mbps" and below that "SecurityEdgeTM", which is
a link, following which goes to https://securityedge.comcast.com/#home ,
showing tab Dashboard, which has nothing adjustable, but move on to tab
Settings, page https://securityedge.comcast.com/#settings/profiles .
Here, "Web Filters" had a predefined "protection level" of "Light", but
one can select "None", which I did.
Scrolling down the page, everything settable is Off, except that section
Internet Security has "Malware & Phishing Protection" set to "On", which
slide control is greyed out (unchangeable). Subtitle is "Keeps user
from compromising the network or their personal data if they
accidentally or intentionally access infected web [sic] pages or click
on phishing emails." Select Save at the page bottom to implement.
Slide control "Web Filters" at the top of the page now shows Off.
The other tabs, "Block & Allow Lists", "Block Page Construction",
"Domain Lookup", and "Scheduled Reports" don't appear to have anything
useful for my purposes.
Orange banner at the very top of the page now says: "Web Filter
Protection is now off. To safeguarg your network, Malware, Phishing,
and Botnet Protection remains on. Learn More [link]."
Following link goes to
https://securityedge.comcast.com/#help/turning-web-filters-on-and-off ,
which is a long documentation page including justifying preventing
turning that part off:
Malware, phishing and botnet traffic is generated by malicious
software. Protection against this traffic is critical. This is why we do
not recommend disabling the Malware and Phishing setting for any user
profile. The setting remains enabled even if you turn off Web Filters.
Also notable:
To turn Web Filters on or off, log in to Comcast Business SecurityEdge.
On the top right of any page, click the Web Filters toggle switch: from
On to Off to deactivate the Protection Level, Block & Allow Lists and
Off-Hours Internet Schedule, or from Off to On to activate them. The
^^^
change is applied immediately.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Noting that final sentence, I now attempt another smoke test, to see if
the problem is gone:
$ dig -p 5353 @96.86.170.229 balug.org
;; connection timed out; no servers could be reached
$
Nope.
Noting Al's wording "look at your options and very quickly turn
security edge off", I try to see if there's another entry point into the
account to do so. What about "My Account" over on the far side of the
navbar for
https://business.comcast.com/account/account-details/689906011127102015Comc…
?
I see:
SUBSCRIBED SERVICES:
Business Internet
- SecurityEdge
Clicking "Business Internt" takes me to
https://business.comcast.com/connectivity/internetdashboard/ , Where
Item
SECURITYEDGEtm
Cybersecurity
is shown as "Disabled".
At some point, I tried toggling the "Web Filters" toggle from the Off to
the On position, and then back to Off. This resulted in my losing
connectivity to my server for a few minutes, getting Network Unreachable
on my ssh reconnection. I infer that the "modem" device was resetting.
I continute to get...
$ dig -p 5353 @96.86.170.229 balug.org
;; connection timed out; no servers could be reached
$
Al, Michael, am I missing a trick, here?
--
Cheers, "Mastodon: owned by nobody and/or everybody!
Rick Moen Seize the memes of production!" -- jwz
rick(a)linuxmafia.com https://www.jwz.org/blog/2023/11/mastoversary/
McQ! (4x80)
Probably redundant to an earlier forward of mine, making this same
point, but, I note:
$ dig -x 73.189.65.18 +short
c-73-189-65-18.hsd1.ca.comcast.net.
$
----- Forwarded message from logcheck system account <logcheck(a)linuxmafia.com> -----
Date: Mon, 03 Jun 2024 15:02:02 -0700
From: logcheck system account <logcheck(a)linuxmafia.com>
To: root(a)linuxmafia.com
Subject: linuxmafia.com 2024-06-03 15:02 System Events
System Events
=-=-=-=-=-=-=
Jun 3 14:48:39 linuxmafia named[15622]: client 73.189.65.18#16833: received notify for zone 'mpaoli.net'
Jun 3 14:48:39 linuxmafia named[15622]: zone mpaoli.net/IN: refused notify from non-master: 73.189.65.18#16833
Jun 3 14:48:44 linuxmafia named[15622]: client 73.189.65.18#16833: received notify for zone 'mpaoli.net'
Jun 3 14:48:44 linuxmafia named[15622]: zone mpaoli.net/IN: refused notify from non-master: 73.189.65.18#16833
----- End forwarded message -----
Pursuant to my earlier point. More.
----- Forwarded message from logcheck system account <logcheck(a)linuxmafia.com> -----
Date: Mon, 03 Jun 2024 23:02:01 -0700
From: logcheck system account <logcheck(a)linuxmafia.com>
To: root(a)linuxmafia.com
Subject: linuxmafia.com 2024-06-03 23:02 System Events
System Events
=-=-=-=-=-=-=
Jun 3 22:51:33 linuxmafia named[15622]: client 96.86.170.229#16069: received notify for zone 'balug.org'
Jun 3 22:51:33 linuxmafia named[15622]: zone balug.org/IN: Transfer started.
Jun 3 22:51:33 linuxmafia named[15622]: transfer of 'balug.org/IN' from 96.86.170.229#53: connected using 96.95.217.99#45488
Jun 3 22:51:34 linuxmafia named[15622]: zone balug.org/IN: transferred serial 1717480293
Jun 3 22:51:34 linuxmafia named[15622]: transfer of 'balug.org/IN' from 96.86.170.229#53: Transfer completed: 1 messages, 12 records, 1564 bytes, 0.095 secs (16463 bytes/sec)
Jun 3 22:51:34 linuxmafia named[15622]: client 96.86.170.229#16069: received notify for zone 'balug.org'
Jun 3 22:51:34 linuxmafia named[15622]: zone balug.org/IN: notify from 96.86.170.229#16069: zone is up to date
Jun 3 23:00:26 linuxmafia named[15622]: client 96.86.170.229#35064: received notify for zone 'berkeleylug.com'
Jun 3 23:00:26 linuxmafia named[15622]: zone berkeleylug.com/IN: Transfer started.
Jun 3 23:00:26 linuxmafia named[15622]: transfer of 'berkeleylug.com/IN' from 96.86.170.229#53: connected using 96.95.217.99#48645
Jun 3 23:00:26 linuxmafia named[15622]: zone berkeleylug.com/IN: transferred serial 1717480825
Jun 3 23:00:26 linuxmafia named[15622]: transfer of 'berkeleylug.com/IN' from 96.86.170.229#53: Transfer completed: 1 messages, 8 records, 915 bytes, 0.078 secs (11730 bytes/sec)
----- End forwarded message -----
----- Forwarded message from Michael Paoli <michael.paoli(a)berkeley.edu> -----
Date: Tue, 4 Jun 2024 07:41:23 -0700
From: Michael Paoli <michael.paoli(a)berkeley.edu>
To: Rick Moen <rick(a)linuxmafia.com>
Cc: Al <aw009(a)sunnyside.com>
Subject: Fwd: [EXTERNAL] Re: Comcast ticket#CR145359298
X-Spam-Status: No, score=-2.7 required=4.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,T_SCC_BODY_TEXT_LINE
autolearn=ham version=3.3.1
---------- Forwarded message ---------
From: Oquin, Summer <Summer_Oquin(a)comcast.com>
Date: Tue, Jun 4, 2024 at 7:06 AM
Subject: RE: [EXTERNAL] Re: Comcast ticket#CR145359298
To: Michael Paoli <michael.paoli(a)berkeley.edu>
Hello Michael,
Thank you for clarifying this information I will get it noted on both
accounts and yes if that customer can reach out to us at 800-391-3000
to fully authenticate, we can absolutely take a further look at that
account and escalate a ticket if needed.
Thank you,
Summer
-----Original Message-----
From: Michael Paoli <michael.paoli(a)berkeley.edu>
Sent: Monday, June 3, 2024 6:39 PM
To: Oquin, Summer <Summer_Oquin(a)comcast.com>
Cc: Rick Moen <rick(a)linuxmafia.com>
Subject: [EXTERNAL] Re: Comcast ticket#CR145359298
Hi, thanks for getting back to me on:
Comcast ticket#CR145359298
So, bad news, good news:
Bad news: All appearances and evidence are it is a Comcast Business
issue, Good news: issue not on this account, but on another - on the
client end.
So, please add the following note on the ticket:
CR145359298 - issue appears to be on/towards other end, different
Comcast Business account, address:
1105 ALTSCHUL AVE UNIT HMOFC MENLO PARK CA 94025 issue, client IP:
96.95.217.98/29
communication fails with UDP to server: 96.86.170.229 UDP port 5353
Also observed:
Server receives and responds.
Response packets never make it to client (96.95.217.98).
If target port is changed to 53 or protocol changed to TCP, then
client successfully receives reply packets.
Also able to communicate from other Internet clients to
server: 96.86.170.229 UDP port 5353
Once that note has been added, please feel free to close out
CR145359298 at your convenience.
I expect the other Comcast Business customer (whom I've CCed) will be
contacting Comcast Business support and/or you to work to resolve the
matter.
Thanks!
On Mon, Jun 3, 2024 at 3:02 PM Oquin, Summer <Summer_Oquin(a)comcast.com> wrote:
>
> Hello Michael,
>
> I received your ticket regarding the connectivity issues you were
> experiencing at the business location of 1816 CARLETON ST APT D-HMOFC
>
> BERKELEY CA 94703 and currently I am not seeing anything that would be interfering with your internet connection. I have confirmed there is no dual route with your gateway static 96.86.170.230 and that you do have two devices currently connected on your usable statics 96.86.170.226 and 96.86.170.229. Please let me know if you are still experiencing any issues and what they are by replying to this email directly or by calling me using the number below, and I would be happy to further investigate.
>
>
>
>
>
> Thank you,
>
> Summer
>
> Advanced Tech 4 (ABS)
>
> Comcast Business
>
> Office hours: Mon-Fri 8:00am-4:30pm MST
>
> Direct line: 303-391-3208
>
>
>
> Comcast Business SmartOffice Licenses:
> AL: 001785, 001789; AR: 2536; AZ: ROC 307346, BTR 18286-0; CA: CSLB
> 1028256, ACO 7677; CT: ELC 0189754-C5; DE: SSPS 13-225; FL:
> EF20001118; GA: LVU406354; IL: PACA 127-001555; LA: F2257; MA: 1499A1,
> 7067C, SS-002525; MD: 23PLU-SS23595; ME: LM50017039; MI: 3601206519;
> MN: TS674413; MS: 15030170; NC: 770576-CSA; NJ: Burglar Alarm Business
> Lic. # 34BF00052000; NM: 379095; NY: licensed by the N.Y.S. Department
> of State 12000317423; OR: CCB 199939; SC: BAC-13662; TN: ACL 2006, ACL
> 2002; TX: B18966; UT: 8788186-6501; VA: 2705151177, DCJS 11-15181; VT:
> ES-02366; WA: COMCABS846NU; WASHINGTON, DC: ECS 904217, BBL
> 602517000001; WV: WV051524. Valid 6/1/23. See
> www.business.comcast.com/smartoffice for current list Thank you for
> choosing Comcast Business we are always available 24/7 at
> 1-800-391-3000
>
> THIS EMAIL BOX IS NOT MONITORED
>
>
----- End forwarded message -----
Apologies, Al, but I wasn't able to see that image (because of
inherent limitations on mailing lists). Would you mind just hosting the
image and posting its URL?
Or, I suppose, you could e-mail it to me.
---------- Forwarded message ----------
From: Al <awbalug(a)sunnyside.com>
To: balug-admin(a)lists.balug.org
Cc:
Bcc:
Date: Tue, 4 Jun 2024 07:34:43 -0700
Subject: Re: [BALUG-Admin] Comcast Business apparently blocking 5353 UDP
Re: linuxmafia.com "retry limit exceeded" CR145359298
Look for the arrow in this image, lower left:
---------- END Forwarded message ---------
Just noting more weirdness for the record.
Michael, I haven't yet opened a ticket with Comcast Business. I want to
have a coherent account of what I'm talking about, and simple criteria
to show success conditions. I _strongly fear_ that the root cause will
turn out to be SECURITYEDGEtm, that Comcast will refuse to disable it,
and that they'll say it's now an integral part of the "BUSINESS INTERNET
ESSENTIAL" customer agreement [sic], and that they no longer offer an
alternative plan that omits it and still provides static IPs.
And if _that_ is the case, I'm really not sure what Chez Moen's backup
plan is. (Also, I'm getting a bit exhausted by diagnosing and coping
with technology companies suddenly turning evil and customer-hostile.
First, my domain registrar, and now this! Again!)
So, the weirdness below: Is it really credible that Michael's
nameserver 96.86.170.229 is suddenly sending NOTIFYs for
savingthedolph.in and sf-lug.org? Why? There haven't been zonefile
changes, have there?
I'm starting to think that Comcast's middleman infrastructure is
artificially generating those, forging 96.86.170.229 as alleged source.
I'm not sure why. It could be either a gaffe in implementation _or_
a kludge to ensure that their infrastructure has current cached data
at the expense of the real auth. nameservers.
On another note, 198.144.194.12 is Aaron T. Porter's ns.primate.net,
which is not primary but rather a secondary for sf-lug.org. I have
a faint recollection _either_ that "secondary sends out NOTIFY even
though it shouldn't" is common _or_ that I've seen this with Aaron's
nameservers before and never gotten resolution. Probably I should
just make logcheck ignore those from 198.144.194.12 in its roles as
secondary.
----- Forwarded message from logcheck system account <logcheck(a)linuxmafia.com> -----
Date: Tue, 04 Jun 2024 12:02:01 -0700
From: logcheck system account <logcheck(a)linuxmafia.com>
To: root(a)linuxmafia.com
Subject: linuxmafia.com 2024-06-04 12:02 System Events
System Events
=-=-=-=-=-=-=
Jun 4 11:35:18 linuxmafia named[15622]: client 96.86.170.229#49840: received notify for zone 'savingthedolph.in'
Jun 4 11:35:18 linuxmafia named[15622]: zone savingthedolph.in/IN: Transfer started.
Jun 4 11:35:19 linuxmafia named[15622]: transfer of 'savingthedolph.in/IN' from 96.86.170.229#53: connected using 96.95.217.99#35905
Jun 4 11:35:19 linuxmafia named[15622]: zone savingthedolph.in/IN: transferred serial 1717526118
Jun 4 11:35:19 linuxmafia named[15622]: transfer of 'savingthedolph.in/IN' from 96.86.170.229#53: Transfer completed: 1 messages, 8 records, 1082 bytes, 0.097 secs (11154 bytes/sec)
Jun 4 11:40:48 linuxmafia named[15622]: client 96.86.170.229#7259: received notify for zone 'sf-lug.org'
Jun 4 11:40:48 linuxmafia named[15622]: zone sf-lug.org/IN: Transfer started.
Jun 4 11:40:48 linuxmafia named[15622]: transfer of 'sf-lug.org/IN' from 96.86.170.229#53: connected using 96.95.217.99#59792
Jun 4 11:40:48 linuxmafia named[15622]: zone sf-lug.org/IN: transferred serial 1717526448
Jun 4 11:40:48 linuxmafia named[15622]: transfer of 'sf-lug.org/IN' from 96.86.170.229#53: Transfer completed: 1 messages, 10 records, 1208 bytes, 0.089 secs (13573 bytes/sec)
Jun 4 11:42:49 linuxmafia named[15622]: client 198.144.194.12#50384: received notify for zone 'sf-lug.org'
Jun 4 11:42:49 linuxmafia named[15622]: zone sf-lug.org/IN: refused notify from non-master: 198.144.194.12#50384
----- End forwarded message -----