User Tools

Site Tools


berkeleylug:digital_resources

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
berkeleylug:digital_resources [2019-01-09T06:52:58-0800]
michael_paoli calendars info
berkeleylug:digital_resources [2019-03-29T07:13:04-0700] (current)
michael_paoli various updated information (mostly) on DNS & certs
Line 3: Line 3:
 [[https://​berkeleylug.com/​|BerkeleyLUG]]\\ [[https://​berkeleylug.com/​|BerkeleyLUG]]\\
 <​file>​ <​file>​
-Domain: berkeleylug.com +Domains: 
-registrant/​owner: ​Jack Deslippe +berkeleylug.com ​(primary) ​registrant/​owner: ​Michael Paoli - (transferred 2019-03-04) Registry Expiry Date: 2020-01-20T05:​05:​36Z 
-DNS (authorityas of 2018-11-12): +berkeleylug.org ​(alternate - redirects(?​) to primary - we may let this one expireetc. Registry Expiry Date: 2019-05-17T04:39:28registrant/​owner:​ Michael Paoli - (transferred 2019-03-04) 
-$ dig @g.gtld-servers.net. +noall +authority ​berkeleylug.com. NS   + 
-berkeleylug.com. ​       ​172800  ​IN      NS      ns-cloud-a1.googledomains.com. +DNS
-berkeleylug.com. ​       ​172800  ​IN      NS      ns-cloud-a2.googledomains.com. +TZ=GMT0 date -Iseconds && (dig @ns0.berkeleylug.org. +noall +norecurse +answer berkeleylug.org. AXFR; for d in berkeleylug.com. ​; do NS=$(dig +short "​$d"​ NS | sort -R | head -n 1); n=$(dig +short "​$NS"​ A "​$NS"​ AAAA | sort -R | head -n 1); for s in ''​ '​*.'​ calendar. docs. mail. sites. temp. www.; do for t in A AAAA CAA CNAME SOA NS MX TXT SPF ANY; do dig @"​$n"​ +norecurse +noall +answer "​$s$d"​ "​$t";​ done; done; done) | grep '​^[^ ​       ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.'​ | sort -u 
-berkeleylug.com. ​       ​172800  ​IN      NS      ns-cloud-a3.googledomains.com. +2019-03-29T13:​42:​45+00:​00 
-berkeleylug.com. ​       ​172800  ​IN      NS      ns-cloud-a4.googledomains.com.+*.berkeleylug.com. ​     14400   ​IN ​     CNAME   ​berkeleylug.com. 
 +berkeleylug.com. ​       ​14400   ​IN ​     MX      10 aspmx.l.google.com. 
 +berkeleylug.com. ​       14400   ​IN ​     MX      20 alt1.aspmx.l.google.com. 
 +berkeleylug.com. ​       14400   ​IN ​     MX      30 alt2.aspmx.l.google.com. 
 +berkeleylug.com. ​       14400   ​IN ​     MX      40 aspmx2.googlemail.com. 
 +berkeleylug.com. ​       14400   ​IN ​     MX      50 aspmx3.googlemail.com. 
 +berkeleylug.com. ​       21600   IN      NS      ns-cloud-a1.googledomains.com. 
 +berkeleylug.com. ​       ​21600   IN      NS      ns-cloud-a2.googledomains.com. 
 +berkeleylug.com. ​       ​21600   IN      NS      ns-cloud-a3.googledomains.com. 
 +berkeleylug.com. ​       ​21600   IN      NS      ns-cloud-a4.googledomains.com. 
 +berkeleylug.com. ​       21600   ​IN ​     SOA     ​ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 6 21600 3600 1209600 300 
 +berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.24 
 +berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.25 
 +berkeleylug.org. ​       172800 ​ IN      NS      ns0.berkeleylug.org. 
 +berkeleylug.org. ​       172800 ​ IN      NS      puck.nether.net. 
 +berkeleylug.org. ​       172800 ​ IN      SOA     ​ns0.berkeleylug.org. Michael\.Paoli.cal.berkeley.edu.berkeleylug.org. 1553849364 10800 3600 1209600 86400 
 +berkeleylug.org. ​       3600    IN      A       ​198.144.194.238 
 +berkeleylug.org. ​       3600    IN      AAAA    2001:​470:​1f05:​19e::​4 
 +berkeleylug.org. ​       86400   ​IN ​     CAA     0 iodef "​mailto:​Michael.Paoli@cal.berkeley.edu"​ 
 +berkeleylug.org. ​       86400   ​IN ​     CAA     128 issue "​letsencrypt.org"​ 
 +berkeleylug.org. ​       86400   ​IN ​     CAA     128 issuewild "​letsencrypt.org"​ 
 +berkeleylug.org. ​       86400   ​IN ​     SPF     "​v=spf1 -all"​ 
 +berkeleylug.org. ​       86400   ​IN ​     TXT     "​v=spf1 -all"​ 
 +calendar.berkeleylug.com. 3600  IN      CNAME   ​ghs.googlehosted.com. 
 +docs.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com. 
 +mail.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com. 
 +ns0.berkeleylug.org. ​   172800 ​ IN      A       ​198.144.194.238 
 +ns0.berkeleylug.org. ​   172800 ​ IN      AAAA    2001:​470:​1f05:​19e::​4 
 +sites.berkeleylug.com. ​ 3600    IN      CNAME   ​ghs.googlehosted.com. 
 +temp.berkeleylug.com. ​  ​300 ​    ​IN ​     A       ​198.144.194.238 
 +temp.berkeleylug.com. ​  ​300 ​    ​IN ​     AAAA    2001:​470:​1f05:​19e::​4 
 +www.berkeleylug.com. ​   14400   ​IN ​     CNAME   ​berkeleylug.com. 
 +www.berkeleylug.org. ​   3600    IN      A       ​198.144.194.238 
 +www.berkeleylug.org. ​   3600    IN      AAAA    2001:​470:​1f05:​19e::​4
  
-Looks like that DNS is Google hosted. 
  
-IRCfreenode.net:6697 #​berkeleylug ​ChanServgrantbow ​(Grant Bowman)+.org not primary, redirector in place: 
 +$ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port;​ protocol="​$1";​ port="​$2";​ for host in www.berkeleylug.org berkeleylug.org;​ do for path in ''​ / /// /​foo/​bar/​baz;​ do t="​$protocol://​$host$path";​ echo "​$t";​ curl -s -I "​$t"​ | grep -e '​^HTTP/'​ -e '​^[Ll]ocation:​ '; done; done done) 
 +http://​www.berkeleylug.org 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​www.berkeleylug.org/​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​www.berkeleylug.org///​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​www.berkeleylug.org/​foo/​bar/​baz 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​foo/​bar/​baz 
 +http://​berkeleylug.org 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​berkeleylug.org/​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​berkeleylug.org///​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +http://​berkeleylug.org/​foo/​bar/​baz 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​foo/​bar/​baz 
 +https://​www.berkeleylug.org 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​www.berkeleylug.org/​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​www.berkeleylug.org///​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​www.berkeleylug.org/​foo/​bar/​baz 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​foo/​bar/​baz 
 +https://​berkeleylug.org 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​berkeleylug.org/​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​berkeleylug.org///​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +https://​berkeleylug.org/​foo/​bar/​baz 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​foo/​bar/​baz 
 +$  
 +@berkeleylug.org neither accepts nor sends email (no MX, A/AAAA on TCP port 25 rejects connection or rejects SMTP attempts to domain, SPF - none sends, hard fail all: 
 +berkeleylug.org. IN SPF "​v=spf1 -all"​ 
 +berkeleylug.org. IN TXT "​v=spf1 -all"​ 
 +
 + 
 +canonical/​primary is: https://​berkeleylug.com/​ 
 +$ curl -I http://​berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​berkeleylug.com/​ 
 +$ curl -I http://​www.berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​ 
 +HTTP/1.1 301 Moved Permanently 
 +Location: https://​www.berkeleylug.com/​ 
 +$ curl -I https://​www.berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​ 
 +HTTP/2 301  
 +location: https://​berkeleylug.com/​ 
 +$ curl -I https://​berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​ 
 +HTTP/2 200  
 +$  
 + 
 +TLS(/"​SSL"​) - Web - handful of (separate) Web certs only*: 
 +$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com ​ perl -e '​while(<>​){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/​DNS:​(?:​(?​i)(?​![^,​ ]*berkeleylug\.))[^,​ ]+(?:, |$)//go; s/, ?$//o; print "​$_\n";​};​};'​ 
 +| Subject Alternative Name: DNS:​berkeleylug.com 
 +| Not valid after: ​ 2019-04-28T02:​29:​40 
 +| Subject Alternative Name: DNS:​www.berkeleylug.com 
 +| Not valid after: ​ 2019-06-01T14:​37:​18 
 +$  
 +*ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG 
 + 
 +########################################################################​ 
 +various bits to test on temp.berkeleylug.com - to presumably later be 
 +berkeleylug.com,​ cert also for [www.]berkeleylug.org 
 +Created key and obtained (non-Google) CA signed cert also covering: 
 +*.berkeleylug.com,​berkeleylug.com,​*.berkeleylug.org,​berkeleylug.org expires: 2019-06-07T02:​07:​58Z 
 +... install the newer cert for SMTP (will likely end up needed for at 
 +least postmaster@berkeleylug.com,​ for WordPress site to, e.g. send 
 +user password resets, etc. 
 +# pwd -P 
 +/​etc/​exim4/​eximconfig/​config 
 +# ls -ld tls_c*.pem 
 +lrwxrwxrwx 1 root root 53 Sep 17  2017 tls_certificate_private.pem -> ../​../​../​letsencrypt/​live/​lists.balug.org/​privkey.pem 
 +lrwxrwxrwx 1 root root 55 Sep 17  2017 tls_certificate_public.pem -> ../​../​../​letsencrypt/​live/​lists.balug.org/​fullchain.pem 
 +# ln -sf ../​../​../​letsencrypt/​live/​berkeleylug.com/​privkey.pem tls_certificate_private.pem 
 +# ln -sf ../​../​../​letsencrypt/​live/​berkeleylug.com/​fullchain.pem tls_certificate_public.pem 
 +# ls -lLd tls_c*.pem 
 +-r--r----- 1 root Debian-exim 3272 Mar  8 19:03 tls_certificate_private.pem 
 +-r--r--r-- 1 root root        4033 Mar  8 19:08 tls_certificate_public.pem 
 +# systemctl reload exim4.service 
 +#  
 +$ </​dev/​null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:​25 2>>/​dev/​null | sed -ne '/​^-----BEGIN CERTIFICATE-----$/,/​^-----END CERTIFICATE-----$/​p'​ | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/​{N;​p;​q;​}'​ 
 +            Not After : Jun  7 02:07:58 2019 GMT 
 +            X509v3 Subject Alternative Name: 
 +                DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +$  
 +Also installed on https://​[www.]berkeleylug.org/:​ 
 +$ (TZ=GMT0 export TZ; hosts='​www.berkeleylug.org berkeleylug.org';​ { nmap -Pn -r -sT -p 443 --script=ssl-cert $hosts; nmap -6 -Pn -r -sT -p 443 --script=ssl-cert $hosts; } | grep -e '^Nmap scan report for ' -e '^PORT ' -e '​^[0-9]*/​tcp open' -e '^| Subject Alternative Name: ' -e '^| Not valid after: ') 
 +Nmap scan report for www.berkeleylug.org (198.144.194.238) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for berkeleylug.org (198.144.194.238) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for www.berkeleylug.org (2001:​470:​1f05:​19e::​4) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for berkeleylug.org (2001:​470:​1f05:​19e::​4) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +$  
 +########################################################################​ 
 + 
 +robots.txt:​ 
 +$ TZ=GMT0 date -Iseconds && curl -s https://​berkeleylug.com/​robots.txt 
 +2019-03-05T15:​54:​12+00:​00 
 +# If you are regularly crawling WordPress.com sites, please use our firehose to receive real-time push updates instead. 
 +# Please see https://​developer.wordpress.com/​docs/​firehose/​ for more details. 
 + 
 +Sitemap: https://​berkeleylug.com/​sitemap.xml 
 +Sitemap: https://​berkeleylug.com/​news-sitemap.xml 
 + 
 +User-agent: * 
 +Disallow: /​wp-admin/​ 
 +Allow: /​wp-admin/​admin-ajax.php 
 +Disallow: /​wp-login.php 
 +Disallow: /​wp-signup.php 
 +Disallow: /​press-this.php 
 +Disallow: /​remote-login.php 
 +Disallow: /​activate/​ 
 +Disallow: /cgi-bin/ 
 +Disallow: /​mshots/​v1/​ 
 +Disallow: /next/ 
 +Disallow: /​public.api/​ 
 + 
 +# This file was generated on Mon, 19 Nov 2018 07:12:09 +0000 
 +
  
 web site managed via: http://​berkeleylug.wordpress.com/​ web site managed via: http://​berkeleylug.wordpress.com/​
Line 22: Line 206:
 Whereas the free tier doesn'​t include those "​features"​ Whereas the free tier doesn'​t include those "​features"​
 See: https://​wordpress.com/​pricing/​ See: https://​wordpress.com/​pricing/​
-export/​import,​ see: https://​move.wordpress.com/​exportimport-content/​+export/​import,​ see: https://​move.wordpress.com/​exportimport-content/ ​(2019-02-28 - Michael Paoli verified his access to export, and exported and saved (backup!))
  
 "​List"​ / Google Group: https://​groups.google.com/​forum/#​!forum/​berkeleylug "​List"​ / Google Group: https://​groups.google.com/​forum/#​!forum/​berkeleylug
-Owners: Jack Deslippe, admin@berkeleylug.com +Owners: Jack Deslippe, admin@berkeleylug.com, Michael Paoli, Aaron Cohen, Grant Bowman (@gmail.com) 
-Managers: Grant Bowman, Michael Paoli+Managers: Grant Bowman ​(@berkeleylug.com)
  
-@berkeleylug.com email 8-O +IRC: freenode.net:6697 #berkeleylug ​ChanServ: grantbow (Grant Bowman)
-$ dig +noall +answer +nottl ​berkeleylug.com. MX +
-berkeleylug.com. ​       IN      MX      10 aspmx.l.google.com. +
-berkeleylug.com. ​       IN      MX      20 alt1.aspmx.l.google.com. +
-berkeleylug.com. ​       IN      MX      30 alt2.aspmx.l.google.com. +
-berkeleylug.com. ​       IN      MX      50 aspmx3.googlemail.com. +
-berkeleylug.com. ​       IN      MX      40 aspmx2.googlemail.com. +
-+
  
 BerkeleyLUG calendar on Google calendars: BerkeleyLUG calendar on Google calendars:
berkeleylug/digital_resources.1547045578.txt.bz2 · Last modified: 2019-01-09T06:52:58-0800 by michael_paoli