Re: UltraDNS - are there any brain cells left?
Hell Matt, On 10/14/05 1:50 PM, "Matt Ghali" <matt@snark.net> wrote:
I understand that since secondary.com operations were picked up by UltraDNS, there's been a signifigant brain drain within UDNS operations, and from what I've heard, there isn't a lot of smarts left there.
As one of the remaining idiots, allow me to respond to you initially here on NANOG - albeit 2 weeks later after being on the road at NANOG and ARIN. You're obviously hoping that posting an inflamatory note in a public forum will get you more action from UltraDNS, or will help show the world how clueful you are. Either way, so be it. If you want to follow up to this, do so by emailing me privately. The list already has way too much noise from home cable and dsl users with zero responsibility for real networks of any significance.
This anecdotal theory is borne out by empirical evidence- they seem unable to come up with the TSIG key they use when slaving my zones.
Perhaps you could provide a snippet of this empirical evidence - perhaps logs of any successful zone transfers from your master to any UltraDNS slave that was achieved via use of TSIG? There have been 3,900 transfers so far into UltraDNS from your various masters that have occurred successfully without the benefit of a TSIG key, starting on the day (October 9, 2002) that UltraDNS voluntarily took responsibility for the 5,000 odd free accounts that the original Nominum provided under secondary.com, and that UltraDNS has continued to provide at no charge. On that day, a large number of secondary.com users (many of them on NANOG) responded properly to the UltraDNS emailed instructions, and they have successfully been doing zone transfers using TSIG. You seem adamant that you were using TSIG until your server failed a few months ago, at which time you began allowing zone transfers in the clear. When asked by our support staff what ip address you had configured within the UltraDNS UI, you indicated that it was another of your hostname/ip addresses. This validated my findings - and the responses you have continued to receive from our support staff - you have never transferred your zone to UltraDNS using TSIG. That's because you cannot configure TSIG zone transfers within the UltraDNS UI - TSIG transfers occur to a dedicated set of TSIG servers within UltraDNS, and as all users of TSIG within UltraDNS know, the UltraDNS UI then shows the IP address for transfers as the dedicated UltraDNS TSIG axfr servers, *not* those of the user's. I think that you have us confused with some other provider of yours. Our logs and system confirm that your free secondary.com domains (such as snark.net) have *never* been transferred to UltraDNS using TSIG, but have always been done using normal axfr.
Secondary.com used a TSIG key, and UltraDNS continued using the same key (for my account, at least).
Uh, you obviously mean someone else. UltraDNS has never used your TSIG key to do transfers for snark.net, as far as I can tell. Once again, do you have any records of any TSIG transfers to us?
Earlier this year, I lost the key when my nameserver had a nasty double-disk failure.
H'mmmm. Forgive me for being confused - this was whose stupidity and lack of brain cells? The lack of backups of critical data like TSIG keys, etc?
Since then, I've been allowing axfr based on IP address, which is less preferable for many reasons.
Our TSIG servers (they are different machines to our normal axfr machines) have audit trails back to October 9, 2002. There is no record of your zone having ever been configured within them.
I've recently had a chance to try setting up TSIG based transfer authentication again, but UltraDNS now claims no knowledge of such a key.
Nope. We have never transferred data from you to our TSIG servers. So we have never had a key for that domain, or the zone it is in.
Are there any other secondary.com/UltraDNS customers out there who have TSIG transfers configured? Perhaps you could contact UltraDNS support and let them know which key they are using.
And that would help you precisely how? Unless you think that the same key is used for more than one customer? In which case I am now almost positive that you have UltraDNS confused with some other DNS service provider.
thanks, and sorry for the rant.
Whatever. I get the feeling that NANOG (from 11 or 12 years of participation) is not the best place for folks to work out their personal issues that require rants. Rodney Joffe Apparent Brainless Dolt UltraDNS
On Mon, 31 Oct 2005, Rodney Joffe wrote: As one of the remaining idiots, allow me to respond to you initially here on NANOG - albeit 2 weeks later after being on the road at NANOG and ARIN. Thank you for acknowledging my presence as a customer. I had a brief bout of (mis)communication with your support staff, but communication abruptly ended two weeks ago. Oddly enough, I sent in a ping to them this afternoon. You're obviously hoping that posting an inflamatory note in a public forum will get you more action from UltraDNS, or will help show the world how clueful you are. Inflamatory? Wow. Have you met Mr. Kettle, Dr. Pot? I am thrilled that UltraDNS is fine with you disclosing customer data in public. Having lost all hope in getting a useful response from support, nanog was my last hope of getting the attention of someone clueful down there at UltraDNS. Unfortunately, it seems, I got your attention instead. Either way, so be it. If you want to follow up to this, do so by emailing me privately. The list already has way too much noise from home cable and dsl users with zero responsibility for real networks of any significance. I agree! Your representation of UDNS is much better reading than all those darn kiddies. You _are_ representing UDNS, right? You do seem to have access to proprietary customer data. Perhaps you could provide a snippet of this empirical evidence - perhaps logs of any successful zone transfers from your master to any UltraDNS slave that was achieved via use of TSIG? The boat I'm in was caused by a double-disk failure. Not surprisingly, I lost logs as well as config. There have been 3,900 transfers so far into UltraDNS from your various masters that have occurred successfully without the benefit of a TSIG key, starting on the day (October 9, 2002) that Well, that's surprising. From the day I obtained service from Secondary.com, I configured both the tsig key they provided me, as well as covering allow-transfer address ranges "just in case". UltraDNS voluntarily took responsibility for the 5,000 odd free accounts that the original Nominum provided under secondary.com, and that UltraDNS has continued to provide at no charge. On that day, a large number of secondary.com users (many of them on NANOG) responded properly to the UltraDNS emailed instructions, and they have successfully been doing zone transfers using TSIG. Are you suggesting that I am not a paying UDNS customer? You don't come out and say it, since that would be a lie- but you do a great job of casting aspersions. That's because you cannot configure TSIG zone transfers within the UltraDNS UI - TSIG transfers occur to a dedicated set of TSIG servers within UltraDNS, and as all users of TSIG within UltraDNS know, the UltraDNS UI then shows the IP address for transfers as the dedicated UltraDNS TSIG axfr servers, *not* those of the user's. That's great- but you know as well as I do that the keys were from Secondary.com (Nominum) and not UDNS. Thanks for the hand-waving, though. I think that you have us confused with some other provider of yours. Our logs and system confirm that your free secondary.com domains (such as snark.net) have *never* been transferred to UltraDNS using TSIG, but have always been done using normal axfr. What about my paid-for domains, Rodney? I think you have me confused with another customer. Uh, you obviously mean someone else. UltraDNS has never used your TSIG key to do transfers for snark.net, as far as I can tell. Once again, do you have any records of any TSIG transfers to us?
Earlier this year, I lost the key when my nameserver had a nasty double-disk failure.
H'mmmm. Forgive me for being confused - this was whose stupidity and lack of brain cells? The lack of backups of critical data like TSIG keys, etc? Could you take a break from publically insulting your customers, and confirm that you have a grasp of what happens when both sides of a mirrored pair of disks die within 3 hours of each other? Our TSIG servers (they are different machines to our normal axfr machines) have audit trails back to October 9, 2002. There is no record of your zone having ever been configured within them. It is surprising to me, and quite dissapointing, that UDNS did not continue authenticating zone transfers via TSIG, like Secondary.com did. Nope. We have never transferred data from you to our TSIG servers. So we have never had a key for that domain, or the zone it is in. Sorry, you're plain wrong. I had a tsig key from Nominum. If UDNS lost them in the transition, then it really isn't my bad. What part of UDNS blowing it is my fault? Whatever. I get the feeling that NANOG (from 11 or 12 years of participation) is not the best place for folks to work out their personal issues that require rants. Rodney Joffe Apparent Brainless Dolt UltraDNS I get the feeling a lot of folks have a vastly different opinion of your employer, as well. Thanks for the assistance! matt ghali --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Matt, stop trolling. And do real backups, man. HTH. HAND. Alexander
On Mon, 31 Oct 2005, Matt Ghali wrote:
Could you take a break from publically insulting your customers, and confirm that you have a grasp of what happens when both sides of a mirrored pair of disks die within 3 hours of each other?
One replaces the disks and restores from one's backup tapes? What if you accidentally rm a critical file? Mirrored disks won't be of much help there. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
participants (4)
-
Alexander Koch
-
Jay Hennigan
-
Matt Ghali
-
Rodney Joffe