From: Rodney Joffe (no email)
Date: Tue Nov 01 2005 - 00:14:23 EST
Hell Matt,
On 10/14/05 1:50 PM, "Matt Ghali" <> wrote:
>
>
> I understand that since secondary.com operations were picked up by
> UltraDNS, there's been a signifigant brain drain within UDNS
> operations, and from what I've heard, there isn't a lot of smarts
> left there.
>
As one of the remaining idiots, allow me to respond to you initially
here on NANOG - albeit 2 weeks later after being on the road at NANOG
and ARIN. You're obviously hoping that posting an inflamatory note
in a public forum will get you more action from UltraDNS, or will
help show the world how clueful you are. Either way, so be it. If you
want to follow up to this, do so by emailing me privately. The list
already has way too much noise from home cable and dsl users with
zero responsibility for real networks of any significance.
>
> This anecdotal theory is borne out by empirical evidence- they seem
> unable to come up with the TSIG key they use when slaving my zones.
>
Perhaps you could provide a snippet of this empirical evidence -
perhaps logs of any successful zone transfers from your master to any
UltraDNS slave that was achieved via use of TSIG? There have been
3,900 transfers so far into UltraDNS from your various masters that
have occurred successfully without the benefit of a TSIG key,
starting on the day (October 9, 2002) that UltraDNS voluntarily took
responsibility for the 5,000 odd free accounts that the original
Nominum provided under secondary.com, and that UltraDNS has continued
to provide at no charge. On that day, a large number of secondary.com
users (many of them on NANOG) responded properly to the UltraDNS
emailed instructions, and they have successfully been doing zone
transfers using TSIG.
You seem adamant that you were using TSIG until your server failed a
few months ago, at which time you began allowing zone transfers in
the clear. When asked by our support staff what ip address you had
configured within the UltraDNS UI, you indicated that it was another
of your hostname/ip addresses. This validated my findings - and the
responses you have continued to receive from our support staff - you
have never transferred your zone to UltraDNS using TSIG. That's
because you cannot configure TSIG zone transfers within the UltraDNS
UI - TSIG transfers occur to a dedicated set of TSIG servers within
UltraDNS, and as all users of TSIG within UltraDNS know, the UltraDNS
UI then shows the IP address for transfers as the dedicated UltraDNS
TSIG axfr servers, *not* those of the user's.
I think that you have us confused with some other provider of yours.
Our logs and system confirm that your free secondary.com domains
(such as snark.net) have *never* been transferred to UltraDNS using
TSIG, but have always been done using normal axfr.
>
> Secondary.com used a TSIG key, and UltraDNS continued using the same
> key (for my account, at least).
Uh, you obviously mean someone else. UltraDNS has never used your
TSIG key to do transfers for snark.net, as far as I can tell. Once
again, do you have any records of any TSIG transfers to us?
> Earlier this year, I lost the key
> when my nameserver had a nasty double-disk failure.
>
H'mmmm. Forgive me for being confused - this was whose stupidity and
lack of brain cells? The lack of backups of critical data like TSIG
keys, etc?
> Since then, I've
> been allowing axfr based on IP address, which is less preferable for
> many reasons.
>
Our TSIG servers (they are different machines to our normal axfr
machines) have audit trails back to October 9, 2002. There is no
record of your zone having ever been configured within them.
>
> I've recently had a chance to try setting up TSIG based transfer
> authentication again, but UltraDNS now claims no knowledge of such a
> key.
Nope. We have never transferred data from you to our TSIG servers. So
we have never had a key for that domain, or the zone it is in.
>
> Are there any other secondary.com/UltraDNS customers out there who
> have TSIG transfers configured? Perhaps you could contact UltraDNS
> support and let them know which key they are using.
And that would help you precisely how? Unless you think that the same
key is used for more than one customer? In which case I am now almost
positive that you have UltraDNS confused with some other DNS service
provider.
>
> thanks, and sorry for the rant.
Whatever. I get the feeling that NANOG (from 11 or 12 years of
participation) is not the best place for folks to work out their
personal issues that require rants.
Rodney Joffe
Apparent Brainless Dolt
UltraDNS
|
|
|