Differences

This shows you the differences between two versions of the page.

--- berkeleylug:digital_resources [2019-03-29T07:31:30+0000] – updated DNS for redirector (should be fully effective within an hour) michael_paoli
+++ berkeleylug:digital_resources [2019-05-07T10:51:57+0000] – DNS information michael_paoli
@@ Line 8: / Line 8: @@
 DNS:
-$ TZ=GMT0 date -Iseconds && (for d in berkeleylug.com. berkeleylug.org.; do NS=$(dig +short "$d" NS | sort -R | head -n 1); n=$(dig +short "$NS" A "$NS" AAAA | sort -R | head -n 1); for s in '' '*.' calendar. docs. mail. sites. temp. www.; do for t in A AAAA CNAME SOA NS MX TXT SPF ANY; do dig @"$n" +norecurse +noall +answer "$s$d" "$t"; done; done; done) | grep '^[^       ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.' | sort -u
+berkeleylug.com (canonical) and berkelelylug.org - data is publicly accessible via AXFR from one or more of the public authoritative nameservers.
--03-29T07:27:36+00:00
-*.berkeleylug.com.      14400   IN      CNAME   berkeleylug.com.
-berkeleylug.com.        14400   IN      MX      10 aspmx.l.google.com.
-berkeleylug.com.        14400   IN      MX      20 alt1.aspmx.l.google.com.
-berkeleylug.com.        14400   IN      MX      30 alt2.aspmx.l.google.com.
-berkeleylug.com.        14400   IN      MX      40 aspmx2.googlemail.com.
-berkeleylug.com.        14400   IN      MX      50 aspmx3.googlemail.com.
-berkeleylug.com.        21600   IN      NS      ns-cloud-a1.googledomains.com.
-berkeleylug.com.        21600   IN      NS      ns-cloud-a2.googledomains.com.
-berkeleylug.com.        21600   IN      NS      ns-cloud-a3.googledomains.com.
-berkeleylug.com.        21600   IN      NS      ns-cloud-a4.googledomains.com.
-berkeleylug.com.        21600   IN      SOA     ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 6 21600 3600 1209600 300
-berkeleylug.com.        300     IN      A       192.0.78.24
-berkeleylug.com.        300     IN      A       192.0.78.25
-berkeleylug.org.        21600   IN      NS      ns-cloud-b1.googledomains.com.
-berkeleylug.org.        21600   IN      NS      ns-cloud-b2.googledomains.com.
-berkeleylug.org.        21600   IN      NS      ns-cloud-b3.googledomains.com.
-berkeleylug.org.        21600   IN      NS      ns-cloud-b4.googledomains.com.
-berkeleylug.org.        21600   IN      SOA     ns-cloud-b1.googledomains.com. dns-admin.google.com. 15 21600 3600 1209600 300
-berkeleylug.org.        3600    IN      A       198.144.194.238
-berkeleylug.org.        3600    IN      AAAA    2001:470:1f05:19e::4
-calendar.berkeleylug.com. 3600  IN      CNAME   ghs.googlehosted.com.
-docs.berkeleylug.com.   3600    IN      CNAME   ghs.googlehosted.com.
-mail.berkeleylug.com.   3600    IN      CNAME   ghs.googlehosted.com.
-sites.berkeleylug.com.  3600    IN      CNAME   ghs.googlehosted.com.
-temp.berkeleylug.com.   300     IN      A       198.144.194.238
-temp.berkeleylug.com.   300     IN      AAAA    2001:470:1f05:19e::4
-www.berkeleylug.com.    14400   IN      CNAME   berkeleylug.com.
-www.berkeleylug.org.    3600    IN      A       198.144.194.238
-www.berkeleylug.org.    3600    IN      AAAA    2001:470:1f05:19e::4
-$
-.org not primary:
-$ curl -s -I http://berkeleylug.org/ | sed -ne '/^HTTP/p;/^[Ll]ocation:/p'
-HTTP/1.1 301 Moved Permanently
-Location: http://berkeleylug.com/
-$ curl -s -I http://www.berkeleylug.org/ | sed -ne '/^HTTP/p;/^[Ll]ocation:/p'
-HTTP/1.1 301 Moved Permanently
-Location: http://berkeleylug.com/
-$ curl -s -I https://berkeleylug.org/ | sed -ne '/^HTTP/p;/^[Ll]ocation:/p'
-HTTP/2 301
-location: http://berkeleylug.com/
-$ curl -s -I https://www.berkeleylug.org/ | sed -ne '/^HTTP/p;/^[Ll]ocation:/p'
-HTTP/2 301
-location: http://berkeleylug.com/
-$
-@berkeleylug.org does not accept email (no MX, A/AAAA times out on TCP port 25 even from known good email sender IP)
-------------------------------------------------------------------------
+.org not primary, redirector in place:
-[www.]berkeleylug.org - set up redirector - but still need to repoint DNS:
+$ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port; protocol="$1"; port="$2"; for host in www.berkeleylug.org berkeleylug.org; do for path in '' / /// /foo/bar/baz; do t="$protocol://$host$path"; echo "$t"; curl -s -I "$t" | grep -e '^HTTP/' -e '^[Ll]ocation: '; done; done done)
-$ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port; protocol="$1"; port="$2"; for host in www.berkeleylug.org berkeleylug.org; do for path in '' / /// /foo/bar/baz; do t="$protocol://$host$path"; echo "$t"; curl -s -I --resolve "$host":"$port":198.144.194.238 "$t" | grep -e '^HTTP/' -e '^Location: '; done; done done)
 http://www.berkeleylug.org
 HTTP/1.1 301 Moved Permanently
@@ Line 109: / Line 61: @@
 Location: https://berkeleylug.com/foo/bar/baz
 $
-------------------------------------------------------------------------
+@berkeleylug.org neither accepts nor sends email (no MX, A/AAAA on TCP port 25 rejects connection or rejects SMTP attempts to domain, SPF - none sends, hard fail all:
+berkeleylug.org. IN SPF "v=spf1 -all"
+berkeleylug.org. IN TXT "v=spf1 -all"
+)
 canonical/primary is: https://berkeleylug.com/
@@ Line 126: / Line 81: @@
 TLS(/"SSL") - Web - handful of (separate) Web certs only*:
-$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com berkeleylug.org www.berkeleylug.org | perl -e 'while(<>){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/DNS:(?:(?i)(?![^, ]*berkeleylug\.))[^, ]+(?:, |$)//go; s/, ?$//o; print "$_\n";};};'
+$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com  perl -e 'while(<>){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/DNS:(?:(?i)(?![^, ]*berkeleylug\.))[^, ]+(?:, |$)//go; s/, ?$//o; print "$_\n";};};'
 | Subject Alternative Name: DNS:berkeleylug.com
 | Not valid after:  2019-04-28T02:29:40
 | Subject Alternative Name: DNS:www.berkeleylug.com
 | Not valid after:  2019-06-01T14:37:18
-| Subject Alternative Name: DNS:berkeleylug.org
-| Not valid after:  2019-06-03T05:26:39
-| Subject Alternative Name: DNS:www.berkeleylug.org
-| Not valid after:  2019-06-03T05:22:56
 $
 *ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG
@@ Line 140: / Line 91: @@
 ########################################################################
 various bits to test on temp.berkeleylug.com - to presumably later be
-berkeleylug.com
+berkeleylug.com, cert also for [www.]berkeleylug.org
 Created key and obtained (non-Google) CA signed cert also covering:
 *.berkeleylug.com,berkeleylug.com,*.berkeleylug.org,berkeleylug.org expires: 2019-06-07T02:07:58Z
-$ dig +noall +answer +nottl temp.berkeleylug.com. A temp.berkeleylug.com. AAAA
-temp.berkeleylug.com.   IN      A       198.144.194.238
-temp.berkeleylug.com.   IN      AAAA    2001:470:1f05:19e::4
-$ </dev/null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:25 2>>/dev/null | sed -ne '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/{N;p;q;}'
-            Not After : May 22 11:41:24 2019 GMT
-            X509v3 Subject Alternative Name:
-                DNS:*.balug.org, DNS:*.lists.balug.org, DNS:balug.org
-$
 ... install the newer cert for SMTP (will likely end up needed for at
 least postmaster@berkeleylug.com, for WordPress site to, e.g. send
@@ Line 171: / Line 114: @@
                 DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
 $
+Also installed on https://[www.]berkeleylug.org/:
+$ (TZ=GMT0 export TZ; hosts='www.berkeleylug.org berkeleylug.org'; { nmap -Pn -r -sT -p 443 --script=ssl-cert $hosts; nmap -6 -Pn -r -sT -p 443 --script=ssl-cert $hosts; } | grep -e '^Nmap scan report for ' -e '^PORT ' -e '^[0-9]*/tcp open' -e '^| Subject Alternative Name: ' -e '^| Not valid after: ')
+Nmap scan report for www.berkeleylug.org (198.144.194.238)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+Nmap scan report for berkeleylug.org (198.144.194.238)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+Nmap scan report for www.berkeleylug.org (2001:470:1f05:19e::4)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+Nmap scan report for berkeleylug.org (2001:470:1f05:19e::4)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+$
 ########################################################################