openSUSE admin

More than happy (and personally interested) to help out here.

First test machine is setup and running in Provo: provo-ns.infra.opensuse.org

lrupp wrote:

ns1.opensuse.org and ns2.opensuse.org are online and answer queries for the opensuse.org domain.

Cool!

left TODO:

• define a machine outside the Nuremberg network as DNS

I guess widehat might be a good choice? otherwise I'll be happy to run a VM here.

pjessen wrote:

left TODO:

• define a machine outside the Nuremberg network as DNS

I guess widehat might be a good choice? otherwise I'll be happy to run a VM here.

I'm currently thinking more about slimhat, but the idea is the same, yes. ;-)

Thanks for the offer! - Maybe we can combine this with your idea for remote monitoring?

Just one note: the hosts currently run bind (as I know bind), but I'm also happy if someone takes over and deploys (and maintains!) his favorite $DNS server on the machines.

JFYI: Primary security scan succeded without any issues.
Deeper application analysis still running - but I expect no real issues here as well.

The 2 machines are now listed as official primary DNS servers beside the old ones. Traffic shows no irregularities.

lrupp wrote:

The 2 machines are now listed as official primary DNS servers beside the old ones. Traffic shows no irregularities.

Can you please re-check this? Both whois opensuse.org and dig +trace opensuse.org still shows me only 3 *.NOVELL.COM nameservers :-(

OTOH, dig opensuse.org NS includes ns[12].o.o.

I'm not a DNS expert, but I'd expect the same result for all methods I tried ;-)

cboltz wrote:

Can you please re-check this? Both whois opensuse.org and dig +trace opensuse.org still shows me only 3 *.NOVELL.COM nameservers :-(

You query the registrar - and this is indeed the (more or less only) open topic. The registrar for the domain needs to change the DNS entries that are listed at IANA.

~> whois opensuse.org

Domain Name: OPENSUSE.ORG
Registry Domain ID: D106812357-LROR
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2019-08-15T18:09:34Z
Creation Date: 2005-07-05T18:49:38Z
Registry Expiry Date: 2020-07-05T18:49:38Z
Registrar Registration Expiration Date:
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: SUSE Software Solutions Germany GmbH
Registrant State/Province: Bavaria
Registrant Country: DE
Name Server: NSPRV2.NOVELL.COM
Name Server: NSPRV1.NOVELL.COM
Name Server: NSHOU1.NOVELL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)

OTOH, dig opensuse.org NS includes ns[12].o.o.

This is what the zone file of the opensuse.org contains:

~> dig @nsprv1.novell.com opensuse.org NS 

;; ANSWER SECTION:
opensuse.org.           300     IN      NS      ns1.opensuse.org.
opensuse.org.           300     IN      NS      nsprv1.novell.com.
opensuse.org.           300     IN      NS      nsprv2.novell.com.
opensuse.org.           300     IN      NS      ns2.opensuse.org.
opensuse.org.           300     IN      NS      nshou1.novell.com.

So we need "someone", who drives the changes on the registration side now.
I hope, this answers your question?

Thanks! Yes, that answers my questions - I only wonder who this "someone" could be ;-)

ns3.opensuse.org is ready, but a firewall in front currently prevents the internet from accessing it.

Ticket is open....

I also started a discussion to replace the registrar's DNS entries with openSUSE ones. Meeting about this will hopefully happen this month.

As it looks like MF-IT needs again some ages to react, I decided not to wait and instead work on the DNS at QSC. After some conversation, I can happily say that we got an IPv6 submit for all servers at QSC!

So I decided to do some renaming (for consistency) and renamed qsc-ns4.infra.opensuse.org to qsc-ns3.infra.opensuse.org and finally we have now:

• ns3.opensuse.org => ns4.opensuse.org (the Provo machine)

• ns4.opensuse.org => ns3.opensuse.org (the machine at QSC)

  ~> host ns3.opensuse.org
  ns3.opensuse.org has address 62.146.92.204
  ns3.opensuse.org has IPv6 address 2a01:138:a004::204

While this means that we will probably not have a DNS server in USA, we now have at least 3 DNS server in Europe - all dual-stacked with IPv4 and IPv6 addresses.