User Tools

Site Tools


berkeleylug:digital_resources

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
berkeleylug:digital_resources [2019-03-29T05:11:12+0000]
michael_paoli fresh capture of DNS data
berkeleylug:digital_resources [2019-08-30T12:53:40+0000]
michael_paoli www.berkeleylug.com redirect
Line 5: Line 5:
 Domains: Domains:
 berkeleylug.com (primary) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04) Registry Expiry Date: 2020-01-20T05:​05:​36Z berkeleylug.com (primary) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04) Registry Expiry Date: 2020-01-20T05:​05:​36Z
-berkeleylug.org (alternate - redirects(?) to primary ​- we may let this one expire, etc. Registry Expiry Date: 2019-05-17T04:​39:​28) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04)+berkeleylug.org (alternate ​(& non-essential ​- redirects to primary) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04) ​Registry Expiry Date: 2020-05-17T04:​39:​28Z
  
 DNS: DNS:
-$ TZ=GMT0 date -Iseconds && (for d in berkeleylug.com. berkeleylug.org.;​ do NS=$(dig +short "​$d"​ NS | sort -R | head -n 1); n=$(dig +short "​$NS"​ A "​$NS"​ AAAA | sort -R | head -n 1); for s in ''​ '​*.'​ calendar. docs. mail. sites. temp. www.; do for t in A AAAA CNAME SOA NS MX TXT SPF ANY; do dig @"​$n"​ +norecurse +noall +answer "​$s$d"​ "​$t";​ done; done; done) | grep '​^[^ ​      ​]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.'​ | sort -u +berkeleylug.com (canonicaland berkelelylug.org - data is publicly accessible via AXFR from one or more of the public authoritative nameservers.
-2019-03-29T05:​09:​35+00:​00 +
-*.berkeleylug.com. ​     14400   ​IN ​     CNAME   ​berkeleylug.com. +
-berkeleylug.com. ​       14400   ​IN ​     MX      10 aspmx.l.google.com. +
-berkeleylug.com. ​       14400   ​IN ​     MX      20 alt1.aspmx.l.google.com. +
-berkeleylug.com. ​       14400   ​IN ​     MX      30 alt2.aspmx.l.google.com. +
-berkeleylug.com. ​       14400   ​IN ​     MX      40 aspmx2.googlemail.com. +
-berkeleylug.com. ​       14400   ​IN ​     MX      50 aspmx3.googlemail.com. +
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a1.googledomains.com. +
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a2.googledomains.com. +
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a3.googledomains.com. +
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a4.googledomains.com. +
-berkeleylug.com. ​       21600   ​IN ​     SOA     ​ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 6 21600 3600 1209600 300 +
-berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.24 +
-berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.25 +
-berkeleylug.org.        21600   ​IN ​     NS      ns-cloud-b1.googledomains.com. +
-berkeleylug.org. ​       21600   ​IN ​     NS      ns-cloud-b2.googledomains.com. +
-berkeleylug.org. ​       21600   ​IN ​     NS      ns-cloud-b3.googledomains.com. +
-berkeleylug.org. ​       21600   ​IN ​     NS      ns-cloud-b4.googledomains.com. +
-berkeleylug.org. ​       21600   ​IN ​     SOA     ​ns-cloud-b1.googledomains.com. dns-admin.google.com. 10 21600 3600 1209600 300 +
-berkeleylug.org. ​       3600    IN      A       ​216.239.32.21 +
-berkeleylug.org. ​       3600    IN      A       ​216.239.34.21 +
-berkeleylug.org. ​       3600    IN      A       ​216.239.36.21 +
-berkeleylug.org. ​       3600    IN      A       ​216.239.38.21 +
-berkeleylug.org. ​       3600    IN      AAAA    2001:​4860:​4802:​32::​15 +
-berkeleylug.org. ​       3600    IN      AAAA    2001:​4860:​4802:​34::​15 +
-berkeleylug.org. ​       3600    IN      AAAA    2001:​4860:​4802:​36::​15 +
-berkeleylug.org. ​       3600    IN      AAAA    2001:​4860:​4802:​38::​15 +
-calendar.berkeleylug.com. 3600  IN      CNAME   ​ghs.googlehosted.com. +
-docs.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com. +
-mail.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com. +
-sites.berkeleylug.com. ​ 3600    IN      CNAME   ​ghs.googlehosted.com. +
-temp.berkeleylug.com. ​  ​300 ​    ​IN ​     A       ​198.144.194.238 +
-temp.berkeleylug.com. ​  ​300 ​    ​IN ​     AAAA    2001:​470:​1f05:​19e::​4 +
-www.berkeleylug.com. ​   14400   ​IN ​     CNAME   ​berkeleylug.com. +
-www.berkeleylug.org. ​   3600    IN      CNAME   ​ghs.googlehosted.com. +
-+
  
-.org not primary+WordPress.com hosted - per earlier communcations,​ intending to migrate of the WordPress.com hosted by 2019-08-27T09:53:17Z (that would be 6 months after Michael Paoli was notified of having been granted admin access for the BerkeleyLUG site on its WordPress.com hosting). 
-curl -s -I http://​berkeleylug.org/​ | sed -ne '/^HTTP/p;/^[Ll]ocation:​/p'+ 
 +https://​berkeleylug.com/​ WordPress export/​import migration outline: 
 +o create export(s) as (partial) backups 
 +o import looses mtimes from media ("​upload"​) files - may want to snag those, e.g. via curl for potential restoration 
 +o the one unattached media: https://​berkeleylug.files.wordpress.com/​2015/​05/​cropped-stroll5.jpg 
 +  o snag and save the above 
 +  o after import, add it to the uploads 
 +o set up new/target site infrastructure (suitable for import, hosting, etc.) 
 +o drop DNS TTLs suitably in advance to ease transition and speed thereof 
 +o the following (at least) twice, once from "​old"​ to temporary, and once from temporary to new; excepting "only once" steps: 
 +o only once steps: 
 +  o set up web server redirect for http[s]:/​www.berkeleylug.com(/​.*)?​ 
 +  o only "​just"​ prior to move/import to final new: change DNS 
 +  o change wordpress.com hosted primary domain to: berkeleylug.wordpress.com 
 +  o wait suitable TTL period 
 +  o configure site sending email 
 +  o set (local) timezone 
 +  o Users: set email addresses & names (where applicable) as before, reset passwords & send (or send reset links) 
 +  o post migration to final new, optionally(?​):​ Plugin: Akismet Anti-Spam - update and/or activate 
 +  o disable temporary(/​ies) once no longer needed(web server, DNS, clear out content) 
 +o (re)initialize target location 
 +  o reinitialized database 
 +  o edit config file for proper directory location for site name 
 +  o wipe any relevant content (empty uploads) 
 +  o set up only one user, and as Administrator,​ and not conflicting with users (login name) of export site 
 +  o delete any default content created there (e.g. sample page, post, comment 
 +  o import 
 +  o for all authors from export, create users on import, with same login name and assigning authorship to same login names 
 +  o check box to download media 
 +  o as feasible, match configuration/appearance to export site 
 +    o theme --> Nucleare 
 +      o Special Color --> #3f6d6e 
 +      o Site Title: BerkeleyLUG 
 +      o Tagline: Berkeley Linux Users Group 
 +      o Site Icon: Tux: uploads/2009/​02/​penguin1.png 
 +    o Customizing:​ 
 +      o Menus: Menu Options: (select/​yes):​ Automatically add new top-level pages to this menu 
 +      o Add Widget: Text, and move to top with content: Note - Blog posts are written by BerkeleyLUG members of various backgrounds,​ experience level etc... The views and opinions in each blog post do not represent the views of the group as a whole or the founders. 
 +      o Other Widgets and (otherwise default) probably fine: Text (added above), Search, Recent Posts, Recent Comments, Archives, Categories, Meta 
 +    o Discussion:​ 
 +      o Disable (uncheck):​ 
 +        o Attempt to notify any blogs linked to from the article 
 +        o Allow link notifications from other blogs (pingbacks and trackbacks) on new articles 
 +        o Comment author must fill out name and email 
 +      o Enable (check): 
 +        o Users must be registered and logged in to comment 
 +        o Break comments into pages with 50 top level comments per page and the last page displayed by default 
 + 
 +.org not primary, redirector in place: 
 +$ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port;​ protocol="​$1";​ port="​$2";​ for host in www.berkeleylug.org ​berkeleylug.org;​ do for path in '' ​/// /​foo/​bar/​baz;​ do t="​$protocol://​$host$path";​ echo "​$t";​ curl -s -I "​$t" ​grep -'​^HTTP/​' -e '^[Ll]ocation:​ '; done; done done) 
 +http://​www.berkeleylug.org
 HTTP/1.1 301 Moved Permanently HTTP/1.1 301 Moved Permanently
-Location: ​http://​berkeleylug.com/​ +Location: ​https://​berkeleylug.com/​ 
-$ curl -s -I http://​www.berkeleylug.org/ ​| sed -ne '/​^HTTP/​p;/​^[Ll]ocation:/​p'​+http://​www.berkeleylug.org/​
 HTTP/1.1 301 Moved Permanently HTTP/1.1 301 Moved Permanently
-Location: http://​berkeleylug.com/​ +Location: ​https://​berkeleylug.com/​ 
-$ curl -s -I https://​berkeleylug.org/ ​| sed -ne '/^HTTP/p;/^[Ll]ocation:/p' +http://​www.berkeleylug.org///​ 
-HTTP/301  +HTTP/1.1 301 Moved Permanently 
-location: http://​berkeleylug.com/​ +Location: https://​berkeleylug.com/​ 
-$ curl -s -I https://​www.berkeleylug.org/ ​| sed -ne '/^HTTP/p;/^[Ll]ocation:/p' +http://​www.berkeleylug.org/​foo/​bar/​baz 
-HTTP/301  +HTTP/1.1 301 Moved Permanently 
-locationhttp://​berkeleylug.com/​+Location: ​https://​berkeleylug.com/​foo/​bar/​baz 
 +http://​berkeleylug.org 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​berkeleylug.org/​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​berkeleylug.org///​ 
 +HTTP/1.1 301 Moved Permanently 
 +Locationhttps://​berkeleylug.com/​ 
 +http://​berkeleylug.org/​foo/​bar/​baz 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​foo/bar/baz 
 +https://​www.berkeleylug.org 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​www.berkeleylug.org/​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​www.berkeleylug.org///​ 
 +HTTP/1.1 301 Moved Permanently 
 +Locationhttps://​berkeleylug.com/​ 
 +https://​www.berkeleylug.org/​foo/​bar/​baz 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​foo/​bar/​baz 
 +https://​berkeleylug.org 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​berkeleylug.org/​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​berkeleylug.org///​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​berkeleylug.org/​foo/​bar/​baz 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​foo/​bar/​baz
  
-@berkeleylug.org ​does not accept ​email (no MX, A/​AAAA ​times out on TCP port 25 even from known good email sender IP)+@berkeleylug.org ​neither accepts nor sends email (no MX, A/AAAA on TCP port 25 rejects connection or rejects SMTP attempts to domain, SPF - none sends, hard fail all: 
 +berkeleylug.org. IN SPF "​v=spf1 -all"​ 
 +berkeleylug.org. IN TXT "​v=spf1 -all"​ 
 +)
  
 canonical/​primary is: https://​berkeleylug.com/​ canonical/​primary is: https://​berkeleylug.com/​
Line 77: Line 130:
  
 TLS(/"​SSL"​) - Web - handful of (separate) Web certs only*: TLS(/"​SSL"​) - Web - handful of (separate) Web certs only*:
-$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com ​berkeleylug.org www.berkeleylug.org | perl -e '​while(<>​){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/​DNS:​(?:​(?​i)(?​![^,​ ]*berkeleylug\.))[^,​ ]+(?:, |$)//go; s/, ?$//o; print "​$_\n";​};​};'​+$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com ​ perl -e '​while(<>​){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/​DNS:​(?:​(?​i)(?​![^,​ ]*berkeleylug\.))[^,​ ]+(?:, |$)//go; s/, ?$//o; print "​$_\n";​};​};'​
 | Subject Alternative Name: DNS:​berkeleylug.com | Subject Alternative Name: DNS:​berkeleylug.com
 | Not valid after: ​ 2019-04-28T02:​29:​40 | Not valid after: ​ 2019-04-28T02:​29:​40
 | Subject Alternative Name: DNS:​www.berkeleylug.com | Subject Alternative Name: DNS:​www.berkeleylug.com
 | Not valid after: ​ 2019-06-01T14:​37:​18 | Not valid after: ​ 2019-06-01T14:​37:​18
-| Subject Alternative Name: DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-06-03T05:​26:​39 
-| Subject Alternative Name: DNS:​www.berkeleylug.org 
-| Not valid after: ​ 2019-06-03T05:​22:​56 
  
 *ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG *ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG
Line 91: Line 140:
 ########################################################################​ ########################################################################​
 various bits to test on temp.berkeleylug.com - to presumably later be various bits to test on temp.berkeleylug.com - to presumably later be
-berkeleylug.com+berkeleylug.com, cert also for [www.]berkeleylug.org
 Created key and obtained (non-Google) CA signed cert also covering: Created key and obtained (non-Google) CA signed cert also covering:
 *.berkeleylug.com,​berkeleylug.com,​*.berkeleylug.org,​berkeleylug.org expires: 2019-06-07T02:​07:​58Z *.berkeleylug.com,​berkeleylug.com,​*.berkeleylug.org,​berkeleylug.org expires: 2019-06-07T02:​07:​58Z
-$ dig +noall +answer +nottl temp.berkeleylug.com. A temp.berkeleylug.com. AAAA 
-temp.berkeleylug.com. ​  ​IN ​     A       ​198.144.194.238 
-temp.berkeleylug.com. ​  ​IN ​     AAAA    2001:​470:​1f05:​19e::​4 
-$ </​dev/​null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:​25 2>>/​dev/​null | sed -ne '/​^-----BEGIN CERTIFICATE-----$/,/​^-----END CERTIFICATE-----$/​p'​ | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/​{N;​p;​q;​}'​ 
-            Not After : May 22 11:41:24 2019 GMT 
-            X509v3 Subject Alternative Name: 
-                DNS:​*.balug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org 
- 
 ... install the newer cert for SMTP (will likely end up needed for at ... install the newer cert for SMTP (will likely end up needed for at
 least postmaster@berkeleylug.com,​ for WordPress site to, e.g. send least postmaster@berkeleylug.com,​ for WordPress site to, e.g. send
Line 122: Line 163:
                 DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org                 DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org
  
 +Also installed on https://​[www.]berkeleylug.org/:​ 
 +$ (TZ=GMT0 export TZ; hosts='​www.berkeleylug.org berkeleylug.org';​ { nmap -Pn -r -sT -p 443 --script=ssl-cert $hosts; nmap -6 -Pn -r -sT -p 443 --script=ssl-cert $hosts; } | grep -e '^Nmap scan report for ' -e '^PORT ' -e '​^[0-9]*/​tcp open' -e '^| Subject Alternative Name: ' -e '^| Not valid after: ') 
 +Nmap scan report for www.berkeleylug.org (198.144.194.238) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for berkeleylug.org (198.144.194.238) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for www.berkeleylug.org (2001:​470:​1f05:​19e::​4) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for berkeleylug.org (2001:​470:​1f05:​19e::​4) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +
 ########################################################################​ ########################################################################​
  
berkeleylug/digital_resources.txt · Last modified: 2020-05-18T11:31:53+0000 by michael_paoli