Notices by sahilister (sahil@toots.sahilister.in)

@njoseph from the mirror admin:
> electrical failure of the switchboard..while I am away
> will be fixed on next Saturday ouch

@LineageOS

@njoseph also, ideally in next Mirrorbit scan, the mirror should be marked out of rotation. Don't know how frequently Lineage check. Let's see.

@LineageOS

@njoseph just pinged the mirror admin regarding the issue.
Will update.

@LineageOS

@pmevzek I'm strongly leaning on PowerDNS (with BIND backend) because of some experience with that.

> ... different OS and nameservers software
for security reasons that is? Can you elaborate a bit here.

Also, If I understand correctly IXFR/AXFR should flow fine across different name server software primary-secondary combinations (?)

@jtk what're your thoughts on having a hidden primary? Is that a common occurrence in the wild?

I'm thinking of adding some secondaries (off net, not managed by me as well), so in case my systems go down, updates can still be pushed via this "hidden" primary to everywhere as well.

How good (or a bad) idea is to run ones own authoritative nameservers?

Any tips/tricks/suggestions or gotyas to remember?

#dns #authoritative #nameservers

Using Hetzner vSwitch (https://docs.hetzner.com/robot/dedicated-server/network/vswitch/) one can connect nodes across locations and internal traffic (across locations) between them is "free of charge".

Theoretically, one can bootstrap a CDN (with a Hetzner origin) with POPs in SG, FI, US and DE and save quite a bit of transit cost for origin fetchs.

#hetzner #vswitch #cdn

Wrote about Prosody Certificate Management With Nginx and Certbot - https://blog.sahilister.in/2025/01/prosody-certificate-management-with-nginx-and-certbot/

#xmpp #prosody #certbot

@yurnidiot caturday without a caturday, is a good caturday!

another TIL, one can request complete gTLD zone (from participating TLDs) at ICANN's Centralized Zone Data Service (CZDS) at https://czds.icann.org

I just downloaded the complete .gmail zone (which only has bunch of of NSs etc. only)

#icann #dns #tld

TIL that .gmail is a valid top level domain https://www.iana.org/domains/root/db/gmail.html

#DNS #TLD #domains

@hiway Just by the password policy, if I'm guessing the bank name - it's name starts with the same alphabet as your name?

Am I right?

Putting it out - `dig txt locations.publicdns.goog.`

Details at https://developers.google.com/speed/public-dns/faq

#dns

Both, Hetzner (https://www.hetzner.com/de/unternehmen/rechenzentrum/) and OVH cloud (http://weathermap.ovh.net/) has multiple direct peering links with Meta/Facebook.

I always wonder what kind of traffic traverse between these networks and Meta.

One is of course VPN traffic, what else am I missing here?

#peering #Hetzner #OVH #Meta #Facebook #Internet

@jtk with "actual NS domain" I meant the authoritative NS in this case, *.awsdns* domains.

As mentioned https://framapiaf.org/@pmevzek/113759344972541770 (in thread), one can't have NS for a CNAME (which looks right now that I think of it).

@pmevzek ah! that explains it, thank you!

@ricci If your NIC winds up with a sufficiently long interface name, like enp8s0f0npf0vf1, and your vlan id is high enough, you'll be unable to bring up a vlan interface like enp8s0f0npf0vf1.1024 because that exceeds the maximum interface name length (IFNAMSIZ = 16)

@jing seems to work fine without -t as well.

IG dig understands it's a query type.

The query I ran was `dig ns aws.amazon.com`

Okay a DNS question, while checking name server for aws.amazon.com, I get:

```
aws.amazon.com. 4092 IN CNAME tp.8e49140c2-frontier.amazon.com.
tp.8e49140c2-frontier.amazon.com. 46 IN CNAME dr49lng3n1n2s.cloudfront.net.
dr49lng3n1n2s.cloudfront.net. 12 IN A 108.158.61.79
...

```

If I understand correctly, NS for aws.amazon.com is a chain of CNAME(s) to actual NS domain?

#dns #amazon #aws