https://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842019-11-17T11:25:18ZopenSUSE Project Management ToolopenSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2578872019-11-17T11:25:18Zkbabiochkarol@babioch.de
<ul></ul><p>More than happy (and personally interested) to help out here.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2578902019-11-17T11:28:17Zstroedermichael@stroeder.com
<ul><li><strong>Start date</strong> changed from <i>2019-11-17</i> to <i>2020-01-01</i></li></ul> openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2608762019-11-30T10:24:21Zlrupp
<ul><li><b>Checklist item</b> changed from to [ ] Setup test machines, [ ] Adjust/ check deployment, [ ] Salting setup, [ ] Run tests with test domain, [ ] Request change at Regiatrar, [ ] Sent announcements, [ ] Bring systems in production</li><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>lrupp</i></li><li><strong>Priority</strong> changed from <i>Low</i> to <i>Normal</i></li><li><strong>Private</strong> changed from <i>Yes</i> to <i>No</i></li></ul><p>Please note that I assigned this to me as project leader/ contact person. But I definitely need some help here. Feel free to ping me directly or enhance this issue with your information.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2674952019-12-28T23:10:15Zlrupp
<ul></ul><p>First test machine is setup and running in Provo: provo-ns.infra.opensuse.org</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2677182020-01-02T09:52:17Zlrupp
<ul><li><strong>Category</strong> set to <i>Project work</i></li></ul> openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2686212020-01-06T20:26:22Zlrupp
<ul><li><b>Checklist item</b> changed from [ ] Setup test machines, [ ] Adjust/ check deployment, [ ] Salting setup, [ ] Run tests with test domain, [ ] Request change at Regiatrar, [ ] Sent announcements, [ ] Bring systems in production to </li></ul><p>nue-ns1.infra.opensuse.org is prepared as well.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2686242020-01-06T20:27:04Zlrupp
<ul><li><strong>% Done</strong> changed from <i>0</i> to <i>20</i></li></ul> openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2708122020-01-13T22:56:37Zlrupp
<ul><li><strong>% Done</strong> changed from <i>20</i> to <i>60</i></li></ul><p>ns1.opensuse.org and ns2.opensuse.org are online and answer queries for the opensuse.org domain.</p>
<p>left TODO: </p>
<ul>
<li>define a machine outside the Nuremberg network as DNS</li>
<li>saltify the setup</li>
</ul>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2711302020-01-14T13:02:31Zpjessenper@computer.org
<ul></ul><p>lrupp wrote:</p>
<blockquote>
<p>ns1.opensuse.org and ns2.opensuse.org are online and answer queries for the opensuse.org domain.</p>
</blockquote>
<p>Cool!</p>
<blockquote>
<p>left TODO: </p>
<ul>
<li>define a machine outside the Nuremberg network as DNS</li>
</ul>
</blockquote>
<p>I guess widehat might be a good choice? otherwise I'll be happy to run a VM here. </p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2711752020-01-14T14:48:52Zlrupp
<ul></ul><p>pjessen wrote:</p>
<blockquote>
<blockquote>
<p>left TODO: </p>
<ul>
<li>define a machine outside the Nuremberg network as DNS</li>
</ul>
</blockquote>
<p>I guess widehat might be a good choice? otherwise I'll be happy to run a VM here.</p>
</blockquote>
<p>I'm currently thinking more about slimhat, but the idea is the same, yes. ;-)</p>
<p>Thanks for the offer! - Maybe we can combine this with your idea for remote monitoring?</p>
<p>Just one note: the hosts currently run bind (as I know bind), but I'm also happy if someone takes over and deploys (and maintains!) his favorite $DNS server on the machines.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2720062020-01-16T23:25:07Zlrupp
<ul></ul><p>JFYI: Primary security scan succeded without any issues.<br>
Deeper application analysis still running - but I expect no real issues here as well.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2724712020-01-19T00:44:43Zlrupp
<ul><li><strong>Tracker</strong> changed from <i>communication</i> to <i>tickets</i></li></ul> openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2732932020-01-22T06:35:37Zlrupp
<ul></ul><p>The 2 machines are now listed as official primary DNS servers beside the old ones. Traffic shows no irregularities.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2745682020-01-26T20:20:49Zcboltzsuse-beta@cboltz.de
<ul></ul><p>lrupp wrote:</p>
<blockquote>
<p>The 2 machines are now listed as official primary DNS servers beside the old ones. Traffic shows no irregularities.</p>
</blockquote>
<p>Can you please re-check this? Both <code>whois opensuse.org</code> and <code>dig +trace opensuse.org</code> still shows me only 3 <code>*.NOVELL.COM</code> nameservers :-(</p>
<p>OTOH, <code>dig opensuse.org NS</code> includes <code>ns[12].o.o</code>.</p>
<p>I'm not a DNS expert, but I'd expect the same result for all methods I tried ;-)</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2745712020-01-26T20:41:31Zlrupp
<ul></ul><p>cboltz wrote:</p>
<blockquote>
<p>Can you please re-check this? Both <code>whois opensuse.org</code> and <code>dig +trace opensuse.org</code> still shows me only 3 <code>*.NOVELL.COM</code> nameservers :-(</p>
</blockquote>
<p>You query the registrar - and this is indeed the (more or less only) open topic. The registrar for the domain needs to change the DNS entries that are listed at IANA. </p>
<pre><code>~> whois opensuse.org
Domain Name: OPENSUSE.ORG
Registry Domain ID: D106812357-LROR
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2019-08-15T18:09:34Z
Creation Date: 2005-07-05T18:49:38Z
Registry Expiry Date: 2020-07-05T18:49:38Z
Registrar Registration Expiration Date:
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: SUSE Software Solutions Germany GmbH
Registrant State/Province: Bavaria
Registrant Country: DE
Name Server: NSPRV2.NOVELL.COM
Name Server: NSPRV1.NOVELL.COM
Name Server: NSHOU1.NOVELL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
</code></pre>
<blockquote>
<p>OTOH, <code>dig opensuse.org NS</code> includes <code>ns[12].o.o</code>.</p>
</blockquote>
<p>This is what the zone file of the opensuse.org contains:</p>
<pre><code>~> dig @nsprv1.novell.com opensuse.org NS
;; ANSWER SECTION:
opensuse.org. 300 IN NS ns1.opensuse.org.
opensuse.org. 300 IN NS nsprv1.novell.com.
opensuse.org. 300 IN NS nsprv2.novell.com.
opensuse.org. 300 IN NS ns2.opensuse.org.
opensuse.org. 300 IN NS nshou1.novell.com.
</code></pre>
<p>So we need "someone", who drives the changes on the registration side now.<br>
I hope, this answers your question?</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2745832020-01-26T21:20:22Zcboltzsuse-beta@cboltz.de
<ul></ul><p>Thanks! Yes, that answers my questions - I only wonder who this "someone" could be ;-)</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2765692020-02-04T19:37:23Zlrupp
<ul><li><strong>% Done</strong> changed from <i>60</i> to <i>80</i></li></ul><p>JFYI: Now we have ns4.opensuse.org up and running as well.</p>
<p><a href="https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/DNS" class="external">https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/DNS</a> has a graphical overview.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2781762020-02-15T13:14:38Zlrupp
<ul></ul><p>ns3.opensuse.org is ready, but a firewall in front currently prevents the internet from accessing it.</p>
<p>Ticket is open....</p>
<p>I also started a discussion to replace the registrar's DNS entries with openSUSE ones. Meeting about this will hopefully happen this month.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2797152020-02-21T20:43:05Zlrupp
<ul></ul><p>As it looks like MF-IT needs again some ages to react, I decided not to wait and instead work on the DNS at QSC. After some conversation, I can happily say that we got an IPv6 submit for all servers at QSC!</p>
<p>So I decided to do some renaming (for consistency) and renamed qsc-ns4.infra.opensuse.org to qsc-ns3.infra.opensuse.org and finally we have now:</p>
<ul>
<li>ns3.opensuse.org => ns4.opensuse.org (the Provo machine)</li>
<li><p>ns4.opensuse.org => ns3.opensuse.org (the machine at QSC)</p>
<p>~> host ns3.opensuse.org<br>
ns3.opensuse.org has address 62.146.92.204<br>
ns3.opensuse.org has IPv6 address 2a01:138:a004::204</p></li>
</ul>
<p>While this means that we will probably not have a DNS server in USA, we now have at least 3 DNS server in Europe - all dual-stacked with IPv4 and IPv6 addresses.</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2827872020-03-04T08:55:27Zlrupp
<ul><li><strong>% Done</strong> changed from <i>80</i> to <i>90</i></li></ul><p>OK: ns4.opensuse.org is also online and answering queries.</p>
<p>Next switch (this time including glue records) for opensuse.org, opensuse.de and opensuse.fr domains is scheduled for today in the European afternoon...</p>
<p>(we are very, very close... :-)</p>
openSUSE admin - tickets #59920: New DNS infrastructure for openSUSE domainshttps://progress.opensuse.org/issues/59920?journal_id=2839362020-03-06T16:05:08Zlrupp
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Closed</i></li><li><strong>% Done</strong> changed from <i>90</i> to <i>100</i></li></ul><p>Closing here: Registrar entries have been moved, ns{1,2,3}.opensuse.org are masters for opensuse.org, opensuse.de and opensuse.fr. <br>
DNS Management is done in the openSUSE Heroes FreeIPA instance. Technical details are described in the admin-wiki here in Redmine. </p>