communication #59920

New DNS infrastructure for openSUSE domains

Added by stroeder 2 months ago. Updated about 18 hours ago.

Status:In ProgressStart date:01/01/2020
Priority:NormalDue date:
Assignee:lrupp% Done:

60%

Category:Project work
Target version:-
Duration:

Description

As discussed at opensuse-heroes meeting on 2019-11-16 a new independent DNS infrastructure will be setup for openSUSE domains like opensuse.org, opensuse.de, etc.

Overall goals:
* Project independence
* Improve security
* More control

History

#1 Updated by kbabioch 2 months ago

More than happy (and personally interested) to help out here.

#2 Updated by stroeder 2 months ago

  • Start date changed from 17/11/2019 to 01/01/2020

#3 Updated by lrupp about 1 month ago

  • Checklist set to [ ] Setup test machines, [ ] Adjust/ check deployment, [ ] Salting setup, [ ] Run tests with test domain, [ ] Request change at Regiatrar, [ ] Sent announcements, [ ] Bring systems in production
  • Status changed from New to In Progress
  • Assignee set to lrupp
  • Priority changed from Low to Normal
  • Private changed from Yes to No

Please note that I assigned this to me as project leader/ contact person. But I definitely need some help here. Feel free to ping me directly or enhance this issue with your information.

#4 Updated by lrupp 20 days ago

First test machine is setup and running in Provo: provo-ns.infra.opensuse.org

#5 Updated by lrupp 15 days ago

  • Category set to Project work

#6 Updated by lrupp 11 days ago

  • Checklist deleted ([ ] Setup test machines, [ ] Adjust/ check deployment, [ ] Salting setup, [ ] Run tests with test domain, [ ] Request change at Regiatrar, [ ] Sent announcements, [ ] Bring systems in production)

nue-ns1.infra.opensuse.org is prepared as well.

#7 Updated by lrupp 11 days ago

  • % Done changed from 0 to 20

#8 Updated by lrupp 4 days ago

  • % Done changed from 20 to 60

ns1.opensuse.org and ns2.opensuse.org are online and answer queries for the opensuse.org domain.

left TODO:
* define a machine outside the Nuremberg network as DNS
* saltify the setup

#9 Updated by pjessen 3 days ago

lrupp wrote:

ns1.opensuse.org and ns2.opensuse.org are online and answer queries for the opensuse.org domain.

Cool!

left TODO:

* define a machine outside the Nuremberg network as DNS

I guess widehat might be a good choice? otherwise I'll be happy to run a VM here.

#10 Updated by lrupp 3 days ago

pjessen wrote:

left TODO:

* define a machine outside the Nuremberg network as DNS


I guess widehat might be a good choice? otherwise I'll be happy to run a VM here.

I'm currently thinking more about slimhat, but the idea is the same, yes. ;-)

Thanks for the offer! - Maybe we can combine this with your idea for remote monitoring?

Just one note: the hosts currently run bind (as I know bind), but I'm also happy if someone takes over and deploys (and maintains!) his favorite $DNS server on the machines.

#11 Updated by lrupp about 18 hours ago

JFYI: Primary security scan succeded without any issues.
Deeper application analysis still running - but I expect no real issues here as well.

Also available in: Atom PDF