[svlug] ISSUE: SVLUG's continued status with SBAY

[Rick Moen]

Quoting Robert Hajime Lanning (lanning at lanning.cc):

> And my point was that these threats were from Ian.

In his capacity as SBAY President.

> They were not from SBAY.

If a written threat from the President speaking in that capacity -- one
made twice, in writing, in two different contexts on two different
occasions -- isn't "from SBAY", then I don't know what is.

> The SBAY board told Ian to back off.

Yet, curiously, the SBAY Board hasn't met in just about exactly a month.
Its next meeting is this Saturday.  And, anyway, the main point is that
this whole thing was simply not acceptable.  At the point where Ian
confirmed Paul's revelation -- even while frantic spin control from
Chris and others was underway at the same time -- I changed my mind
about SBAY affiliation on that basis.  It's more than enough to say
"Sorry, this isn't going to work."

That's aside from the fact that all the supposed benefits have turned
out to be pretty much imaginary.  Except the one that nobody's
mentioned, that of a corporate legal-liability shield against creditors
and litigation, and if we really need that, maybe we should ask LUGOD,
which is likewise incorporated and probably more in line with our
mission.


> Why take on 20x more work and infinite times in cost (exaggerated
> for the point) in incorporating ourselves.

Why, indeed?  May I join you in beating up on that (rather blatant)
straw man?


> DNS for one

Ah, a technical and administrative issue.  I can help with that!
Here's a note I sent offlist to some SVLUG volunteers:



I might as well get a start on specific recommendations, in anticipating
of the group eventually having the ability to address this:


> o  Ownership ("Registrant") should be someone neutral and reliable.

As Paul knows, I recommend either Rob Walker <rob at ladle.net> or 
Chris di Bona <chris at dibona.com>.  Both have a very long history in 
SVLUG affairs, are neutral in current/recent SVLUG matters, and are
quite reliable (in my view).


> o  As Paul Reed says:
>    > We should get primary DNS moved to svlug.org/216.218.255.178. 
> o  Having only a single functional nameserver is a critical problem.
> o  Two nameservers are fewer than recommended (even aside from the
>    problem of one of them not responding).  3-7 is recommended.  

With primary _on_ SVLUG's own host and its zonefile _and_ domain 
ownership under the elected offers' control, then 4-5 secondaries should
be easy to find.  Lots of people in SVLUG run nameservers, and
fortunately doing _secondary_ DNS correctly is dead-simple and almost
impossible to screw up.

The svlug.org.zone file on the authoritative nameserver would gain lines
like this for the primary:

@
[...]
                               IN       A      216.218.255.178
                               IN       NS     ns1.svlug.org.
[...]
ns1                            IN       A      216.218.255.178


(A corresponding change to the master-namserver hostname in the SOA 
record would also be needed.)


> o  No glue record in parent .ORG zone for the one functional nameserver.  
>    This results in needlessly slow response to queries.

Recommendation:  

(a) In the primary DNS server's svlug.org.zone file, have alias-named
"A" and "NS" lines for any nameserver that's not in ORG.  E.g., if you
decided to use NS1.LINUXMAFIA.COM (IP 198.144.195.186) as a secondary,
include lines like this in svlug.org.zone:

@
[...]
                               IN       NS     ns2.svlug.org.
[...]
ns2                            IN       A      198.144.195.186

(b) Now, for each NS entry in the primary nameserver's zonefile, make
sure there is a nameserver entry in the svlug.org domain record:  There
_must_ be a one-to-one correspondence.  Because you have ensured (via
aliases) that all nameservers are referred to by names within the .ORG
namespace, they will all automatically get glue records within the .ORG
parent zone, courtesy of the nameserver edits one makes at the
registrar.


> o  No MX (mail exchanger) record.

@
[...]
                               IN       A      216.218.255.178
                               IN       NS     ns1.svlug.org.
                               IN       MX     svlug.org.



> o  Reverse DNS is slightly wrong (resolves to svlug.svlug.org; should
>    probably resolve to svlug.org)

It appears that Hurricane Electric would have to do this in the
reverse-DNS zone for zone subnet160.255.218.216.in-addr.arpa.  This 
request might have to be funnelled through Drew Bertola
<drew at drewb.com>, who apparently is footing our hosting bill at
Hurricane Electric at the moment.

Anyhow, here's the reverse DNS, so you can observe for yourself that
it's wrong:

$ dig -t ptr 178.255.218.216.in-addr.arpa +short
178.subnet160.255.218.216.in-addr.arpa.
svlug.svlug.org.


> o  Domain's Technical and Administrative contacts should be different
>    people with different e-mail addressees/phone numbers (to avoid 
>    single point of failure).

You can use basically any two parties for this.  Please note that
neither has functional control of the domain, that being the Registrant
(the party regarded by all DNS registrars as the legal owner), which is
currently set to "Domain Administration, Thunder.Net Communications, PO
BOX 611311, San Jose, CA 95161-1311, +1.4087293733".