Differences

This shows you the differences between two versions of the page.

--- berkeleylug:digital_resources [2019-01-09T06:52:58-0800]
michael_paoli calendars info
+++ berkeleylug:digital_resources [2019-03-29T07:13:04-0700] (current)
michael_paoli various updated information (mostly) on DNS & certs
@@ Line 3: / Line 3: @@
 [[https://berkeleylug.com/|BerkeleyLUG]]\\
 <file>
-Domain: berkeleylug.com
+Domains:
-registrant/owner: Jack Deslippe
+berkeleylug.com (primary) registrant/owner: Michael Paoli - (transferred 2019-03-04) Registry Expiry Date: 2020-01-20T05:05:36Z
-DNS (authority, as of 2018-11-12):
+berkeleylug.org (alternate - redirects(?) to primary - we may let this one expire, etc. Registry Expiry Date: 2019-05-17T04:39:28) registrant/owner: Michael Paoli - (transferred 2019-03-04)
-$ dig @g.gtld-servers.net. +noall +authority berkeleylug.com. NS
-berkeleylug.com.        172800  IN      NS      ns-cloud-a1.googledomains.com.
+DNS:
-berkeleylug.com.        172800  IN      NS      ns-cloud-a2.googledomains.com.
+$ TZ=GMT0 date -Iseconds && (dig @ns0.berkeleylug.org. +noall +norecurse +answer berkeleylug.org. AXFR; for d in berkeleylug.com. ; do NS=$(dig +short "$d" NS | sort -R | head -n 1); n=$(dig +short "$NS" A "$NS" AAAA | sort -R | head -n 1); for s in '' '*.' calendar. docs. mail. sites. temp. www.; do for t in A AAAA CAA CNAME SOA NS MX TXT SPF ANY; do dig @"$n" +norecurse +noall +answer "$s$d" "$t"; done; done; done) | grep '^[^        ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.' | sort -u
-berkeleylug.com.        172800  IN      NS      ns-cloud-a3.googledomains.com.
+-03-29T13:42:45+00:00
-berkeleylug.com.        172800  IN      NS      ns-cloud-a4.googledomains.com.
+*.berkeleylug.com.      14400   IN      CNAME   berkeleylug.com.
+berkeleylug.com.        14400   IN      MX      10 aspmx.l.google.com.
+berkeleylug.com.        14400   IN      MX      20 alt1.aspmx.l.google.com.
+berkeleylug.com.        14400   IN      MX      30 alt2.aspmx.l.google.com.
+berkeleylug.com.        14400   IN      MX      40 aspmx2.googlemail.com.
+berkeleylug.com.        14400   IN      MX      50 aspmx3.googlemail.com.
+berkeleylug.com.        21600   IN      NS      ns-cloud-a1.googledomains.com.
+berkeleylug.com.        21600   IN      NS      ns-cloud-a2.googledomains.com.
+berkeleylug.com.        21600   IN      NS      ns-cloud-a3.googledomains.com.
+berkeleylug.com.        21600   IN      NS      ns-cloud-a4.googledomains.com.
+berkeleylug.com.        21600   IN      SOA     ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 6 21600 3600 1209600 300
+berkeleylug.com.        300     IN      A       192.0.78.24
+berkeleylug.com.        300     IN      A       192.0.78.25
+berkeleylug.org.        172800  IN      NS      ns0.berkeleylug.org.
+berkeleylug.org.        172800  IN      NS      puck.nether.net.
+berkeleylug.org.        172800  IN      SOA     ns0.berkeleylug.org. Michael\.Paoli.cal.berkeley.edu.berkeleylug.org. 1553849364 10800 3600 1209600 86400
+berkeleylug.org.        3600    IN      A       198.144.194.238
+berkeleylug.org.        3600    IN      AAAA    2001:470:1f05:19e::4
+berkeleylug.org.        86400   IN      CAA     0 iodef "mailto:Michael.Paoli@cal.berkeley.edu"
+berkeleylug.org.        86400   IN      CAA     128 issue "letsencrypt.org"
+berkeleylug.org.        86400   IN      CAA     128 issuewild "letsencrypt.org"
+berkeleylug.org.        86400   IN      SPF     "v=spf1 -all"
+berkeleylug.org.        86400   IN      TXT     "v=spf1 -all"
+calendar.berkeleylug.com. 3600  IN      CNAME   ghs.googlehosted.com.
+docs.berkeleylug.com.   3600    IN      CNAME   ghs.googlehosted.com.
+mail.berkeleylug.com.   3600    IN      CNAME   ghs.googlehosted.com.
+ns0.berkeleylug.org.    172800  IN      A       198.144.194.238
+ns0.berkeleylug.org.    172800  IN      AAAA    2001:470:1f05:19e::4
+sites.berkeleylug.com.  3600    IN      CNAME   ghs.googlehosted.com.
+temp.berkeleylug.com.   300     IN      A       198.144.194.238
+temp.berkeleylug.com.   300     IN      AAAA    2001:470:1f05:19e::4
+www.berkeleylug.com.    14400   IN      CNAME   berkeleylug.com.
+www.berkeleylug.org.    3600    IN      A       198.144.194.238
+www.berkeleylug.org.    3600    IN      AAAA    2001:470:1f05:19e::4
 $
-Looks like that DNS is Google hosted.
-IRC: freenode.net:6697 #berkeleylug ChanServ: grantbow (Grant Bowman)
+.org not primary, redirector in place:
+$ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port; protocol="$1"; port="$2"; for host in www.berkeleylug.org berkeleylug.org; do for path in '' / /// /foo/bar/baz; do t="$protocol://$host$path"; echo "$t"; curl -s -I "$t" | grep -e '^HTTP/' -e '^[Ll]ocation: '; done; done done)
+http://www.berkeleylug.org
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+http://www.berkeleylug.org/
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+http://www.berkeleylug.org///
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+http://www.berkeleylug.org/foo/bar/baz
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/foo/bar/baz
+http://berkeleylug.org
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+http://berkeleylug.org/
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+http://berkeleylug.org///
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+http://berkeleylug.org/foo/bar/baz
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/foo/bar/baz
+https://www.berkeleylug.org
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+https://www.berkeleylug.org/
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+https://www.berkeleylug.org///
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+https://www.berkeleylug.org/foo/bar/baz
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/foo/bar/baz
+https://berkeleylug.org
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+https://berkeleylug.org/
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+https://berkeleylug.org///
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+https://berkeleylug.org/foo/bar/baz
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/foo/bar/baz
+$
+@berkeleylug.org neither accepts nor sends email (no MX, A/AAAA on TCP port 25 rejects connection or rejects SMTP attempts to domain, SPF - none sends, hard fail all:
+berkeleylug.org. IN SPF "v=spf1 -all"
+berkeleylug.org. IN TXT "v=spf1 -all"
+)
+canonical/primary is: https://berkeleylug.com/
+$ curl -I http://berkeleylug.com/ 2>&1 | grep -i -e '^HTTP/' -e '^Location: ' -e '^curl:'
+HTTP/1.1 301 Moved Permanently
+Location: https://berkeleylug.com/
+$ curl -I http://www.berkeleylug.com/ 2>&1 | grep -i -e '^HTTP/' -e '^Location: ' -e '^curl:'
+HTTP/1.1 301 Moved Permanently
+Location: https://www.berkeleylug.com/
+$ curl -I https://www.berkeleylug.com/ 2>&1 | grep -i -e '^HTTP/' -e '^Location: ' -e '^curl:'
+HTTP/2 301
+location: https://berkeleylug.com/
+$ curl -I https://berkeleylug.com/ 2>&1 | grep -i -e '^HTTP/' -e '^Location: ' -e '^curl:'
+HTTP/2 200
+$
+TLS(/"SSL") - Web - handful of (separate) Web certs only*:
+$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com  perl -e 'while(<>){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/DNS:(?:(?i)(?![^, ]*berkeleylug\.))[^, ]+(?:, |$)//go; s/, ?$//o; print "$_\n";};};'
+| Subject Alternative Name: DNS:berkeleylug.com
+| Not valid after:  2019-04-28T02:29:40
+| Subject Alternative Name: DNS:www.berkeleylug.com
+| Not valid after:  2019-06-01T14:37:18
+$
+*ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG
+########################################################################
+various bits to test on temp.berkeleylug.com - to presumably later be
+berkeleylug.com, cert also for [www.]berkeleylug.org
+Created key and obtained (non-Google) CA signed cert also covering:
+*.berkeleylug.com,berkeleylug.com,*.berkeleylug.org,berkeleylug.org expires: 2019-06-07T02:07:58Z
+... install the newer cert for SMTP (will likely end up needed for at
+least postmaster@berkeleylug.com, for WordPress site to, e.g. send
+user password resets, etc.
+# pwd -P
+/etc/exim4/eximconfig/config
+# ls -ld tls_c*.pem
+lrwxrwxrwx 1 root root 53 Sep 17  2017 tls_certificate_private.pem -> ../../../letsencrypt/live/lists.balug.org/privkey.pem
+lrwxrwxrwx 1 root root 55 Sep 17  2017 tls_certificate_public.pem -> ../../../letsencrypt/live/lists.balug.org/fullchain.pem
+# ln -sf ../../../letsencrypt/live/berkeleylug.com/privkey.pem tls_certificate_private.pem
+# ln -sf ../../../letsencrypt/live/berkeleylug.com/fullchain.pem tls_certificate_public.pem
+# ls -lLd tls_c*.pem
+-r--r----- 1 root Debian-exim 3272 Mar  8 19:03 tls_certificate_private.pem
+-r--r--r-- 1 root root        4033 Mar  8 19:08 tls_certificate_public.pem
+# systemctl reload exim4.service
+#
+$ </dev/null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:25 2>>/dev/null | sed -ne '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/{N;p;q;}'
+            Not After : Jun  7 02:07:58 2019 GMT
+            X509v3 Subject Alternative Name:
+                DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+$
+Also installed on https://[www.]berkeleylug.org/:
+$ (TZ=GMT0 export TZ; hosts='www.berkeleylug.org berkeleylug.org'; { nmap -Pn -r -sT -p 443 --script=ssl-cert $hosts; nmap -6 -Pn -r -sT -p 443 --script=ssl-cert $hosts; } | grep -e '^Nmap scan report for ' -e '^PORT ' -e '^[0-9]*/tcp open' -e '^| Subject Alternative Name: ' -e '^| Not valid after: ')
+Nmap scan report for www.berkeleylug.org (198.144.194.238)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+Nmap scan report for berkeleylug.org (198.144.194.238)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+Nmap scan report for www.berkeleylug.org (2001:470:1f05:19e::4)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+Nmap scan report for berkeleylug.org (2001:470:1f05:19e::4)
+PORT    STATE SERVICE
+/tcp open  https
+| Subject Alternative Name: DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org
+| Not valid after:  2019-06-07T02:07:58
+$
+########################################################################
+robots.txt:
+$ TZ=GMT0 date -Iseconds && curl -s https://berkeleylug.com/robots.txt
+-03-05T15:54:12+00:00
+# If you are regularly crawling WordPress.com sites, please use our firehose to receive real-time push updates instead.
+# Please see https://developer.wordpress.com/docs/firehose/ for more details.
+Sitemap: https://berkeleylug.com/sitemap.xml
+Sitemap: https://berkeleylug.com/news-sitemap.xml
+User-agent: *
+Disallow: /wp-admin/
+Allow: /wp-admin/admin-ajax.php
+Disallow: /wp-login.php
+Disallow: /wp-signup.php
+Disallow: /press-this.php
+Disallow: /remote-login.php
+Disallow: /activate/
+Disallow: /cgi-bin/
+Disallow: /mshots/v1/
+Disallow: /next/
+Disallow: /public.api/
+# This file was generated on Mon, 19 Nov 2018 07:12:09 +0000
+$
 web site managed via: http://berkeleylug.wordpress.com/
@@ Line 22: / Line 206: @@
 Whereas the free tier doesn't include those "features"
 See: https://wordpress.com/pricing/
-export/import, see: https://move.wordpress.com/exportimport-content/
+export/import, see: https://move.wordpress.com/exportimport-content/ (2019-02-28 - Michael Paoli verified his access to export, and exported and saved (backup!))
 "List" / Google Group: https://groups.google.com/forum/#!forum/berkeleylug
-Owners: Jack Deslippe, admin@berkeleylug.com
+Owners: Jack Deslippe, admin@berkeleylug.com, Michael Paoli, Aaron Cohen, Grant Bowman (@gmail.com)
-Managers: Grant Bowman, Michael Paoli
+Managers: Grant Bowman (@berkeleylug.com)
-@berkeleylug.com email 8-O
+IRC: freenode.net:6697 #berkeleylug ChanServ: grantbow (Grant Bowman)
-$ dig +noall +answer +nottl berkeleylug.com. MX
-berkeleylug.com.        IN      MX      10 aspmx.l.google.com.
-berkeleylug.com.        IN      MX      20 alt1.aspmx.l.google.com.
-berkeleylug.com.        IN      MX      30 alt2.aspmx.l.google.com.
-berkeleylug.com.        IN      MX      50 aspmx3.googlemail.com.
-berkeleylug.com.        IN      MX      40 aspmx2.googlemail.com.
-$
 BerkeleyLUG calendar on Google calendars:

BALUG Wiki

User Tools

Site Tools

Differences

Page Tools