DO NOT REPLY ALL! (*unless* you're a member of **both** lists)
Just an FYI mostly, but temporarily we have a bit of reduced redundancy on DNS for balug.org/sf-lug.org/sf-lug.com
Expecting this to be relatively temporary (at least once AT&T finally gets their sh*t together ... at least for a little bit).
Anyway, in case anyone wonders or notices. Hopefully it will be *all better soon* ... at least **relatively** soon.
Impacts should mostly be pretty minimal - some initial queries might occasionally take a bit longer (possibly timing out on first (randomly selected) authoritative nameserver), but should otherwise generally have almost zero impact (due to TTLs, data will generally be cached for a while once successfully resolved).
$ (for d in balug.org sf-lug.org sf-lug.com; do dig +noall +answer +nottl "$d". NS | sed -e 's/[ ]{1,}/ /g'; done) | fgrep linuxmafia.com balug.org. IN NS ns1.linuxmafia.com. sf-lug.org. IN NS ns1.linuxmafia.com. sf-lug.com. IN NS ns1.linuxmafia.com. $
----- Forwarded message from rickmoen@gmail.com ----- Date: Wed, 24 Oct 2018 01:59:36 -0700 From: "Rick Moen" rickmoen@gmail.com Reply-To: rick@deirdre.net Subject: ns1.linuxmafia.com downtime To: "Michael Paoli" Michael.Paoli@cal.berkeley.edu
Greetings! This is an advisory about current downtime of my ns1.linuxmafia.com DNS nameserver, starting about 8am on Tuesday, Oct. 23rd. Near and I and Mike Durkin, proprietor of Raw Bandwidth Communications ('RBC', my ISP) have been able to determine, AT&T somehow sabotaged my household ASDL, and thus took my entire household including the server online. Mike is now trying to get them to fix they screw-up. Meantime, ns1.linuxmafia.com is _not_ doing auth. nameservice, as arranged, for the following domains of yours:
balug.org (slave) sf-lug.com (slave) sf-lug.org (slave)
I'm advising everyone I'm doing auth. DNS for of the ongoing outage, so this is your notice. Hope to give better news soon.
----- End forwarded message -----
Michael wrote:
On Wed, Oct 24, 2018 at 7:19 PM Michael Paoli < Michael.Paoli@cal.berkeley.edu> wrote:
DO NOT REPLY ALL! (*unless* you're a member of **both** lists)
I do have that distinction. ;->
(What Michael said. If not on both balug-admin@ and sf-lug@, please trip recipients appropriately.)
Man, that status mail I wrote late last night was only barely coherent. (I hope people could figure out that 'Near and I and Mike Durkin' was supposed to be 'Near _as_ I and Mike Durkin', for example.) What I didn't mention was that I'd had almost no sleep the night before the outage for unrelated causes, so it's a wonder I was able to function let alone do network diagnosis. By the time I got to 2am and sent that mail, I was really running on fumes.
For a fun yet outré experience, I recommend trying to figure out how to import into friggin' Gmail a roster of 287 Mailman mailing list subscribers exported to ASCII by '/var/lib/mailman/bin/list_members -f sf-lug > /tmp/sf-lug', so that you can send subscribers a status mail without needing to copy/past 287 times into the Bcc field. It can be done, but _man_ how pathetically buggy Auntie Goog's code is. And all because of the furshlugginer WebUI, which I could have done without in the first place.
'Easier user interface' my great aunt.
DO NOT REPLY ALL! (*unless* your sending/from email address is a member of **both** lists)
And, as of bit earlier today, this appears to be resolved. $ (for d in balug.org sf-lug.org sf-lug.com; do dig +short @ns1.linuxmafia.com. "$d". SOA; done) ns1.balug.org. hostmaster.balug.org. 1539410478 9000 1800 1814400 86400 ns1.sf-lug.org. jim.well.com. 1539414019 10800 3600 1209600 86400 ns1.sf-lug.com. jim.well.com. 1539912794 10800 3600 1209600 86400 $
See also: http://linuxmafia.com/pipermail/sf-lug/2018q4/date.html
From: "Michael Paoli" Michael.Paoli@cal.berkeley.edu Subject: [DO NOT REPLY ALL! ...] reduced DNS redundancy: balug.org/sf-lug.org/sf-lug.com: Fwd: ns1.linuxmafia.com downtime Date: Wed, 24 Oct 2018 19:19:31 -0700
DO NOT REPLY ALL! (*unless* you're a member of **both** lists)
Just an FYI mostly, but temporarily we have a bit of reduced redundancy on DNS for balug.org/sf-lug.org/sf-lug.com
Expecting this to be relatively temporary (at least once AT&T finally gets their sh*t together ... at least for a little bit).
Anyway, in case anyone wonders or notices. Hopefully it will be *all better soon* ... at least **relatively** soon.
Impacts should mostly be pretty minimal - some initial queries might occasionally take a bit longer (possibly timing out on first (randomly selected) authoritative nameserver), but should otherwise generally have almost zero impact (due to TTLs, data will generally be cached for a while once successfully resolved).
$ (for d in balug.org sf-lug.org sf-lug.com; do dig +noall +answer +nottl "$d". NS | sed -e 's/[ ]{1,}/ /g'; done) | fgrep linuxmafia.com balug.org. IN NS ns1.linuxmafia.com. sf-lug.org. IN NS ns1.linuxmafia.com. sf-lug.com. IN NS ns1.linuxmafia.com. $
----- Forwarded message from rickmoen@gmail.com ----- Date: Wed, 24 Oct 2018 01:59:36 -0700 From: "Rick Moen" rickmoen@gmail.com Reply-To: rick@deirdre.net Subject: ns1.linuxmafia.com downtime To: "Michael Paoli" Michael.Paoli@cal.berkeley.edu
Greetings! This is an advisory about current downtime of my ns1.linuxmafia.com DNS nameserver, starting about 8am on Tuesday, Oct. 23rd. Near and I and Mike Durkin, proprietor of Raw Bandwidth Communications ('RBC', my ISP) have been able to determine, AT&T somehow sabotaged my household ASDL, and thus took my entire household including the server online. Mike is now trying to get them to fix they screw-up. Meantime, ns1.linuxmafia.com is _not_ doing auth. nameservice, as arranged, for the following domains of yours:
balug.org (slave) sf-lug.com (slave) sf-lug.org (slave)
I'm advising everyone I'm doing auth. DNS for of the ongoing outage, so this is your notice. Hope to give better news soon.
----- End forwarded message -----
Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
Impacts should mostly be pretty minimal
Yay for DNS secondaries. (My domains have _four_ secondaries with diverse locations, server software, and management, in addition to ns1.linuxmafia.com.)
Yay for SMTP robustness. Downtime was about 2 days and 7 hours; SMTP retries are supposed to continue at least 4-5 days according to RFC 5321 section 4.5.4.1. So, I don't expect _any_ mail en-route to linuxmafia.com to fail, unless the sending MTA is extremely standards-incompliant.
It should be noted that the second robustness (SMTP retries) really works only if the first one also does (authoritative DNS fallback). Which is why, as a domain operator, one wants to have diverse secondaries and set DNS timeout values carefully.
Let's see how long the secondaries' zones would have continued to be valid if ns1.linuxmafia.com had remained offline (and I didn't otherwise fix the situation):
$ more linuxmafia.com.zone ;called as ORIGIN linuxmafia.com. $TTL 86400 @ IN SOA ns1.linuxmafia.com. rick.deirdre.net. ( 2018101400 ; serial 7200 ; refresh 2 hours 3600 ; retry 1 hour 2419200 ; expire 28 days 900 ; negative TTL 15 mins ) ; [...]
So, the DNS secondaries would have had me covered for almost a month (but SMTP mail would have started bouncing in a couple of days).