From: Matt Ghali (no email)
Date: Tue Nov 01 2005 - 01:53:26 EST
On Mon, 31 Oct 2005, Rodney Joffe wrote:
As one of the remaining idiots, allow me to respond to you
initially here on NANOG - albeit 2 weeks later after being on the
road at NANOG and ARIN.
Thank you for acknowledging my presence as a customer. I had a brief
bout of (mis)communication with your support staff, but
communication abruptly ended two weeks ago. Oddly enough, I sent in
a ping to them this afternoon.
You're obviously hoping that posting an inflamatory note in a
public forum will get you more action from UltraDNS, or will help
show the world how clueful you are.
Inflamatory? Wow. Have you met Mr. Kettle, Dr. Pot? I am thrilled
that UltraDNS is fine with you disclosing customer data in public.
Having lost all hope in getting a useful response from support,
nanog was my last hope of getting the attention of someone clueful
down there at UltraDNS. Unfortunately, it seems, I got your
attention instead.
Either way, so be it. If you want to follow up to this, do so by
emailing me privately. The list already has way too much noise
from home cable and dsl users with zero responsibility for real
networks of any significance.
I agree! Your representation of UDNS is much better reading than all
those darn kiddies. You _are_ representing UDNS, right? You do seem
to have access to proprietary customer data.
Perhaps you could provide a snippet of this empirical evidence -
perhaps logs of any successful zone transfers from your master to
any UltraDNS slave that was achieved via use of TSIG?
The boat I'm in was caused by a double-disk failure. Not
surprisingly, I lost logs as well as config.
There have been 3,900 transfers so far into UltraDNS from your
various masters that have occurred successfully without the
benefit of a TSIG key, starting on the day (October 9, 2002) that
Well, that's surprising. From the day I obtained service from
Secondary.com, I configured both the tsig key they provided me, as
well as covering allow-transfer address ranges "just in case".
UltraDNS voluntarily took responsibility for the 5,000 odd free
accounts that the original Nominum provided under secondary.com,
and that UltraDNS has continued to provide at no charge. On that
day, a large number of secondary.com users (many of them on NANOG)
responded properly to the UltraDNS emailed instructions, and they
have successfully been doing zone transfers using TSIG.
Are you suggesting that I am not a paying UDNS customer? You don't
come out and say it, since that would be a lie- but you do a great
job of casting aspersions.
That's because you cannot configure TSIG zone transfers within the
UltraDNS UI - TSIG transfers occur to a dedicated set of TSIG
servers within UltraDNS, and as all users of TSIG within UltraDNS
know, the UltraDNS UI then shows the IP address for transfers as
the dedicated UltraDNS TSIG axfr servers, *not* those of the
user's.
That's great- but you know as well as I do that the keys were from
Secondary.com (Nominum) and not UDNS. Thanks for the hand-waving,
though.
I think that you have us confused with some other provider of
yours. Our logs and system confirm that your free secondary.com
domains (such as snark.net) have *never* been transferred to
UltraDNS using TSIG, but have always been done using normal axfr.
What about my paid-for domains, Rodney? I think you have me confused
with another customer.
Uh, you obviously mean someone else. UltraDNS has never used your
TSIG key to do transfers for snark.net, as far as I can tell. Once
again, do you have any records of any TSIG transfers to us?
> Earlier this year, I lost the key
> when my nameserver had a nasty double-disk failure.
H'mmmm. Forgive me for being confused - this was whose stupidity
and lack of brain cells? The lack of backups of critical data like
TSIG keys, etc?
Could you take a break from publically insulting your customers, and
confirm that you have a grasp of what happens when both sides of a
mirrored pair of disks die within 3 hours of each other?
Our TSIG servers (they are different machines to our normal axfr machines)
have audit trails back to October 9, 2002. There is no record of your zone
having ever been configured within them.
It is surprising to me, and quite dissapointing, that UDNS did not
continue authenticating zone transfers via TSIG, like Secondary.com
did.
Nope. We have never transferred data from you to our TSIG servers.
So we have never had a key for that domain, or the zone it is in.
Sorry, you're plain wrong. I had a tsig key from Nominum. If UDNS
lost them in the transition, then it really isn't my bad. What part
of UDNS blowing it is my fault?
Whatever. I get the feeling that NANOG (from 11 or 12 years of
participation) is not the best place for folks to work out their
personal issues that require rants.
Rodney Joffe
Apparent Brainless Dolt
UltraDNS
I get the feeling a lot of folks have a vastly different opinion of
your employer, as well. Thanks for the assistance!
matt ghali
--------------------------------------------<darwin><
The only thing necessary for the triumph
of evil is for good men to do nothing. - Edmund Burke
|
|
|