User Tools

Site Tools


berkeleylug:digital_resources

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
berkeleylug:digital_resources [2019-03-29T00:31:30-0700]
michael_paoli updated DNS for redirector (should be fully effective within an hour)
berkeleylug:digital_resources [2019-03-29T07:13:04-0700] (current)
michael_paoli various updated information (mostly) on DNS & certs
Line 8: Line 8:
  
 DNS: DNS:
-$ TZ=GMT0 date -Iseconds && (for d in berkeleylug.com. berkeleylug.org.;​ do NS=$(dig +short "​$d"​ NS | sort -R | head -n 1); n=$(dig +short "​$NS"​ A "​$NS"​ AAAA | sort -R | head -n 1); for s in ''​ '​*.'​ calendar. docs. mail. sites. temp. www.; do for t in A AAAA CNAME SOA NS MX TXT SPF ANY; do dig @"​$n"​ +norecurse +noall +answer "​$s$d"​ "​$t";​ done; done; done) | grep '​^[^ ​      ​]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.'​ | sort -u +$ TZ=GMT0 date -Iseconds && (dig @ns0.berkeleylug.org+noall +norecurse +answer ​berkeleylug.org. AXFR; for d in berkeleylug.com. ; do NS=$(dig +short "​$d"​ NS | sort -R | head -n 1); n=$(dig +short "​$NS"​ A "​$NS"​ AAAA | sort -R | head -n 1); for s in ''​ '​*.'​ calendar. docs. mail. sites. temp. www.; do for t in A AAAA CAA CNAME SOA NS MX TXT SPF ANY; do dig @"​$n"​ +norecurse +noall +answer "​$s$d"​ "​$t";​ done; done; done) | grep '​^[^ ​       ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.'​ | sort -u 
-2019-03-29T07:27:36+00:00+2019-03-29T13:42:45+00:00
 *.berkeleylug.com. ​     14400   ​IN ​     CNAME   ​berkeleylug.com. *.berkeleylug.com. ​     14400   ​IN ​     CNAME   ​berkeleylug.com.
 berkeleylug.com. ​       14400   ​IN ​     MX      10 aspmx.l.google.com. berkeleylug.com. ​       14400   ​IN ​     MX      10 aspmx.l.google.com.
Line 23: Line 23:
 berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.24 berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.24
 berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.25 berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.25
-berkeleylug.org. ​       ​21600   IN      NS      ​ns-cloud-b1.googledomains.com. +berkeleylug.org. ​       ​172800  ​IN      NS      ​ns0.berkeleylug.org. 
-berkeleylug.org.        21600   ​IN ​     NS      ns-cloud-b2.googledomains.com+berkeleylug.org. ​       ​172800  ​IN      NS      ​puck.nether.net
-berkeleylug.org. ​       ​21600   IN      NS      ​ns-cloud-b3.googledomains.com+berkeleylug.org. ​       ​172800  ​IN      ​SOA     ns0.berkeleylug.org. ​Michael\.Paoli.cal.berkeley.edu.berkeleylug.org1553849364 10800 3600 1209600 ​86400
-berkeleylug.org. ​       ​21600   IN      ​NS      ns-cloud-b4.googledomains.com. +
-berkeleylug.org. ​       ​21600 ​  ​IN ​     SOA     ​ns-cloud-b1.googledomains.comdns-admin.google.com15 21600 3600 1209600 ​300+
 berkeleylug.org. ​       3600    IN      A       ​198.144.194.238 berkeleylug.org. ​       3600    IN      A       ​198.144.194.238
 berkeleylug.org. ​       3600    IN      AAAA    2001:​470:​1f05:​19e::​4 berkeleylug.org. ​       3600    IN      AAAA    2001:​470:​1f05:​19e::​4
 +berkeleylug.org. ​       86400   ​IN ​     CAA     0 iodef "​mailto:​Michael.Paoli@cal.berkeley.edu"​
 +berkeleylug.org. ​       86400   ​IN ​     CAA     128 issue "​letsencrypt.org"​
 +berkeleylug.org. ​       86400   ​IN ​     CAA     128 issuewild "​letsencrypt.org"​
 +berkeleylug.org. ​       86400   ​IN ​     SPF     "​v=spf1 -all"
 +berkeleylug.org. ​       86400   ​IN ​     TXT     "​v=spf1 -all"
 calendar.berkeleylug.com. 3600  IN      CNAME   ​ghs.googlehosted.com. calendar.berkeleylug.com. 3600  IN      CNAME   ​ghs.googlehosted.com.
 docs.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com. docs.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com.
 mail.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com. mail.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com.
 +ns0.berkeleylug.org. ​   172800 ​ IN      A       ​198.144.194.238
 +ns0.berkeleylug.org. ​   172800 ​ IN      AAAA    2001:​470:​1f05:​19e::​4
 sites.berkeleylug.com. ​ 3600    IN      CNAME   ​ghs.googlehosted.com. sites.berkeleylug.com. ​ 3600    IN      CNAME   ​ghs.googlehosted.com.
 temp.berkeleylug.com. ​  ​300 ​    ​IN ​     A       ​198.144.194.238 temp.berkeleylug.com. ​  ​300 ​    ​IN ​     A       ​198.144.194.238
Line 41: Line 46:
  
  
-.org not primary+.org not primary, redirector ​in place
-$ curl -s -I http://​berkeleylug.org/​ | sed -ne '/​^HTTP/​p;/​^[Ll]ocation:/​p'​ +$ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port;​ protocol="​$1";​ port="​$2";​ for host in www.berkeleylug.org berkeleylug.org;​ do for path in ''​ / /// /​foo/​bar/​baz;​ do t="​$protocol://​$host$path";​ echo "​$t";​ curl -s -I "​$t"​ | grep -e '​^HTTP/'​ -e '^[Ll]ocation: '; done; done done)
-HTTP/1.1 301 Moved Permanently +
-Location: http://​berkeleylug.com/​ +
-$ curl -s -I http://​www.berkeleylug.org/​ | sed -ne '/​^HTTP/​p;/​^[Ll]ocation:/​p'​ +
-HTTP/1.1 301 Moved Permanently +
-Location: http://​berkeleylug.com/​ +
-$ curl -s -I https://​berkeleylug.org/​ | sed -ne '/​^HTTP/​p;/​^[Ll]ocation:/​p'​ +
-HTTP/2 301  +
-location: http://​berkeleylug.com/​ +
-$ curl -s -I https://​www.berkeleylug.org/​ | sed -ne '/​^HTTP/​p;/​^[Ll]ocation:/​p'​ +
-HTTP/2 301  +
-location: http://​berkeleylug.com/​ +
-$  +
-@berkeleylug.org does not accept email (no MXA/AAAA times out on TCP port 25 even from known good email sender IP) +
- +
------------------------------------------------------------------------- +
-[www.]berkeleylug.org - set up redirector ​- but still need to repoint DNS+
-$ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port;​ protocol="​$1";​ port="​$2";​ for host in www.berkeleylug.org berkeleylug.org;​ do for path in ''​ / /// /​foo/​bar/​baz;​ do t="​$protocol://​$host$path";​ echo "​$t";​ curl -s -I --resolve "​$host":"​$port":​198.144.194.238 ​"​$t"​ | grep -e '​^HTTP/'​ -e '^Location: '; done; done done)+
 http://​www.berkeleylug.org http://​www.berkeleylug.org
 HTTP/1.1 301 Moved Permanently HTTP/1.1 301 Moved Permanently
Line 109: Line 97:
 Location: https://​berkeleylug.com/​foo/​bar/​baz Location: https://​berkeleylug.com/​foo/​bar/​baz
  
-------------------------------------------------------------------------+@berkeleylug.org neither accepts nor sends email (no MX, A/AAAA on TCP port 25 rejects connection or rejects SMTP attempts to domain, SPF none sends, hard fail all: 
 +berkeleylug.org. IN SPF "​v=spf1 ​-all" 
 +berkeleylug.org. IN TXT "​v=spf1 ​-all" 
 +)
  
 canonical/​primary is: https://​berkeleylug.com/​ canonical/​primary is: https://​berkeleylug.com/​
Line 126: Line 117:
  
 TLS(/"​SSL"​) - Web - handful of (separate) Web certs only*: TLS(/"​SSL"​) - Web - handful of (separate) Web certs only*:
-$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com ​berkeleylug.org www.berkeleylug.org | perl -e '​while(<>​){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/​DNS:​(?:​(?​i)(?​![^,​ ]*berkeleylug\.))[^,​ ]+(?:, |$)//go; s/, ?$//o; print "​$_\n";​};​};'​+$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com ​ perl -e '​while(<>​){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/​DNS:​(?:​(?​i)(?​![^,​ ]*berkeleylug\.))[^,​ ]+(?:, |$)//go; s/, ?$//o; print "​$_\n";​};​};'​
 | Subject Alternative Name: DNS:​berkeleylug.com | Subject Alternative Name: DNS:​berkeleylug.com
 | Not valid after: ​ 2019-04-28T02:​29:​40 | Not valid after: ​ 2019-04-28T02:​29:​40
 | Subject Alternative Name: DNS:​www.berkeleylug.com | Subject Alternative Name: DNS:​www.berkeleylug.com
 | Not valid after: ​ 2019-06-01T14:​37:​18 | Not valid after: ​ 2019-06-01T14:​37:​18
-| Subject Alternative Name: DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-06-03T05:​26:​39 
-| Subject Alternative Name: DNS:​www.berkeleylug.org 
-| Not valid after: ​ 2019-06-03T05:​22:​56 
  
 *ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG *ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG
Line 140: Line 127:
 ########################################################################​ ########################################################################​
 various bits to test on temp.berkeleylug.com - to presumably later be various bits to test on temp.berkeleylug.com - to presumably later be
-berkeleylug.com+berkeleylug.com, cert also for [www.]berkeleylug.org
 Created key and obtained (non-Google) CA signed cert also covering: Created key and obtained (non-Google) CA signed cert also covering:
 *.berkeleylug.com,​berkeleylug.com,​*.berkeleylug.org,​berkeleylug.org expires: 2019-06-07T02:​07:​58Z *.berkeleylug.com,​berkeleylug.com,​*.berkeleylug.org,​berkeleylug.org expires: 2019-06-07T02:​07:​58Z
-$ dig +noall +answer +nottl temp.berkeleylug.com. A temp.berkeleylug.com. AAAA 
-temp.berkeleylug.com. ​  ​IN ​     A       ​198.144.194.238 
-temp.berkeleylug.com. ​  ​IN ​     AAAA    2001:​470:​1f05:​19e::​4 
-$ </​dev/​null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:​25 2>>/​dev/​null | sed -ne '/​^-----BEGIN CERTIFICATE-----$/,/​^-----END CERTIFICATE-----$/​p'​ | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/​{N;​p;​q;​}'​ 
-            Not After : May 22 11:41:24 2019 GMT 
-            X509v3 Subject Alternative Name: 
-                DNS:​*.balug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org 
- 
 ... install the newer cert for SMTP (will likely end up needed for at ... install the newer cert for SMTP (will likely end up needed for at
 least postmaster@berkeleylug.com,​ for WordPress site to, e.g. send least postmaster@berkeleylug.com,​ for WordPress site to, e.g. send
Line 171: Line 150:
                 DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org                 DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org
  
 +Also installed on https://​[www.]berkeleylug.org/:​ 
 +$ (TZ=GMT0 export TZ; hosts='​www.berkeleylug.org berkeleylug.org';​ { nmap -Pn -r -sT -p 443 --script=ssl-cert $hosts; nmap -6 -Pn -r -sT -p 443 --script=ssl-cert $hosts; } | grep -e '^Nmap scan report for ' -e '^PORT ' -e '​^[0-9]*/​tcp open' -e '^| Subject Alternative Name: ' -e '^| Not valid after: ') 
 +Nmap scan report for www.berkeleylug.org (198.144.194.238) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for berkeleylug.org (198.144.194.238) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for www.berkeleylug.org (2001:​470:​1f05:​19e::​4) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +Nmap scan report for berkeleylug.org (2001:​470:​1f05:​19e::​4) 
 +PORT    STATE SERVICE 
 +443/tcp open  https 
 +| Subject Alternative Name: DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
 +| Not valid after: ​ 2019-06-07T02:​07:​58 
 +
 ########################################################################​ ########################################################################​
  
berkeleylug/digital_resources.txt · Last modified: 2019-03-29T07:13:04-0700 by michael_paoli