Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

I actually have some new code in the works which provides a LOT more testing of the various servers, including making sure that they are maintaining reasonably recent versions of all zones.  There is a sample of the data pulled that you can view at http://report.opennicproject.org/srvtest/

Clicking on server names and various tests opens up deeper levels of information.  I tried to make this version provide as much information as possible, so for example if it were used to test a new server you could see specifically what tests are failing and what answers were expected.  The test process itself works, but to make it useful I still have to write code to add this information to the database and generate various support files, and I simply haven't had a chance to work on that.

The new code also makes it very easy to add new tests as needed, without having to re-code the whole thing, so we can keep up with any new problems as they develop.  And best of all, the coding allows this test to run in 1/5 of the time as the previous test, with lower CPU usage, so it's a huge difference all around.

We already have procedures in place to automatically fail out servers that don't pass the current testing, so we just have to apply that to the new code and situations like this will automatically resolve themselves.  We just simply won't allow servers to be listed that cannot pass the full set of tests.

On 06/06/2015 07:59 PM, Mikhail Elias wrote:

So, what's the governance process here? 

How do we ensure OpenNIC remains a trustworthy resource when its affiliate seem to willfully disregard common-sense DNS policy for >9 months. 

Is it time to think about developing better policy enforcement network management infrastructure?

If the goal is to establish some kind of foundation to sustain this effort for the long-term, it will be important to get this right at the policy level.




On Sat, 06 Jun 2015 18:26:40 -0600, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

I have marked ns1.md.es (87.216.170.85) and ns2.md.es (185.16.40.143) to 
be deleted from the list of tier-2 public DNS servers.  Alejandro has 
been warned numerous times that his server is not maintaining an 
up-to-date root zone, and thus will not provide access to the latest 
opennic or ICANN TLDs.  If you are using these servers, please remove 
them immediately!

Alejandro --
I have personally told you in the past that you MUST slave the root zone 
from your tier2 servers.  This zone is updated several times a day to 
provide our users with the latest information.  Your root zone on both 
servers is 9 months out of date -- this is completely unacceptable!  
OpenNic users expect to have the most recent, up to date information, 
not something from last year.

If you wish to have your servers added back to the official list of 
OpenNic public servers, you need to set up the root zone as a slave so 
that it will continuously be updated.  The file is only 1.3MB in size -- 
if these updates create too much traffic for your server (as you stated 
in the past), then you shouldn't be trying to run a public DNS server 
because you would typically be seeing that much regular traffic every 10 
seconds through the day.


--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org