[ZWeb] statistical nonsense
Lennart Regebro said: Say that a server fails one day per month in average (which is way more than we really will have). One backup server located on anotehr continent then means that we will statistically have DNS outage only one day in 900. Thats one day every three years. Two backups located on different continents will give us a failure rate of one day per 27000 days. That's one day every seventy-fifth year. WHAT!?!? The internet hasn't even been around for seventy five years, and sites are down all the time. shut the fuck up. I hope you all curl up and die. I'm going to use TurboGears, since apparently noone in the Zope community will fucking talk to me anymore. You are the most childish fucks I have ever worked with. Way to show a guy thanks. ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] statistical nonsense
On 10/13/06, Chris Withers [EMAIL PROTECTED] wrote: Justizin wrote: I hope you all curl up and die. I'm going to use TurboGears, since apparently noone in the Zope community will fucking talk to me anymore. I'm sure you will be sorely missed ;-) Seriously, you seemed like a well meaning, fairly clued up, if slightly arrogant guy when you offered to help, but these tirades of abuse are making you look like a clown - and I should know; Google can testify to several of my own clownish tirades... I am the one being abused here. I offered over 20 hours of my time as a volunteer and in exchange my name has been drug through the mud. FUCK YOU. Arrogant? It's easy to call anyone arrogant who says: Please, trust me, I know what I'm talking about, we should be careful to avoid a problem. The fact is that you guys are continually accusing me of making a mistake that was not really part of the problem. You want a post-mortem? here it is: http://justizin.blogspot.com/2006/10/zopeorg-dns-post-mortem.html Justin, good luck with TurboGears, I hope none too many of your customers stumble across your postings here... My customers work with me because of my track record. They seek my sort of help. Heck, at my age, I could just go join a fucking band instead of spending most of my time volunteering to work with open-source software on behalf of non-profit foundations. I'll probably show this discussion to some of my customers when they ask me to rush on something. I am not afraid to be myself. Whatever, dude. This is the most disgusting display I've ever seen to someone who has volunteered to help with something complex. You can all rot in hell and die. I hope my customers will see that, while I went out of my way to help a community which we depend on, I did not hang onto this responsibility so tightly that I will let their projects fall on the floor. In fact, I will talk to the Association for Computing Machinery IS team about this entire incident as an example of a community who needs our resources, but will never accept them. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] DNS still fishy?
On 10/12/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12 Oct 2006, at 08:57, Justizin wrote: Anyway, everything except these hosts need to be removed from the rotation: ns1.zoneedit.com ns7.zoneedit.com ns.qutang.net ns*.zope.com Then I suggest you do that and end the current confusion in regards to which server does what (and which server even has the correct data). (a) I don't control the actual registrar records (b) Yes, these were listed in the zone itself as the NS, but noone should be doing lookups via these servers, because ZoneEdit is not authoritative for the NS records of this zone, the registrar is. I've removed them, but I politely request that you stop being an asshole unless you want to wear this hat yourself. I'm sick, I was stranded in the middle of nowhere when this change took place, and I was rushed. It's all of our fault. Don't make me come over there. I'd love to see more backups once they have copies of the zone. If you want to grab a copy of the zone, you'll have to transfer manually from ns1.zoneedit.com or ns7.zoneedit.com, from one of these IP addresses: No you don't. Setting a machine up as a slave, in that terrible bind- centric world, will cause it to pull the data automatically. ZoneEdit apparently does not run BIND, or at least does not send NOTIFY requests. I don't know what you want me to do. Three nameservers is fine for now. Eight would be far better. I still don't understand why we would need that many... but I don't want to discuss this any further. Matter of fact, since zoneedit does not support NOTIFY it is probably a bad thing to even have my server on the list. I suggest you limit the official servers to the ones you mentioned, the zoneedit/qutang/zope.com hosts until NOTIFY is working. jens You don't understand because you're an idiot, Jens, and you've never guaranteed 100% uptime. I was basically shut up by your whining when I tried to explain all of the precautions we should take in order to avoid what happened to zope.org this week. I won't respond to demands that I rush ever again. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] DNS still fishy?
On 10/12/06, Chris Withers [EMAIL PROTECTED] wrote: Justizin wrote: I'd love to see more backups once they have copies of the zone. Why? zope.org has happily lived off two nameservers for years and years... All of a sudden, we need to have more backups, the upshot of which has been people in europe getting served bad dns from ns.qutang.net :-( This is a logical fallacy. Services were not unavailable because we have more than two nameservers, services were unavailable because we rushed. ns.qutang.net did not serve any bad dns that ns*.zoneedit.com were not serving. The errors were in ZoneEdit's copy of the Zone. I was thinking just now over a smoke about someone I used to work with at Rackspace, the datacenter engineer. Bob was a member of the NASA Challenge Safety Team. He personally recommended against launching the Challenger, which exploded, killing some astronauts. I learned from working with him that you should never tell someone with more experience to be less cautious. What's wrong with just having ns1.zoneedit.com and ns7.zoneedit.com (could we also use ns(2-6).zoneedit.com?) and be done with it? We can only use the nameservers that zoneedit allocates us. Yanno, people used to pay $75 per half hour for this expertise. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Re: [Zope-dev] svn.zope.org down?
Wichert - Use /etc/hosts. Clear local DNS caches if you can. 63.240.213.173 cvs.zope.org It resolves fine from the ten or so machines I can check it on, but that's only 0.1% or so of the internet. If you see something other than hosts which point at 63.240.213.1, please provide details. On 10/12/06, Chris Withers [EMAIL PROTECTED] wrote: There still appear to be some outstanding dns issues... Chris Wichert Akkerman wrote: Is something happening with svn.zope.org? I haven't been able to use anonymous or authorized svn for two days. Wichert. -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Re: [Zope-dev] svn.zope.org down?
That record comes from zoneedit.com, noone should be using those servers for lookups AFAIK because zoneedit.com is not authoritative for the NS records. These are slaves which have not coordinated with me to pull zones. I told Rob not to put them in the registrar update, but neglected to remove them from ZoneEdit. Look at a WHOIS and check those nameservers, they should all be kosher. On 10/12/06, Wichert Akkerman [EMAIL PROTECTED] wrote: I did a bit of checking: zope.org has a crazy number of DNS servers and they are not all in sync. Particularly seconly.rackspace.com (69.20.0.180) and cabana.palladion.com (64.34.177.88) are not authorative for the zope.org domain and will just refer back to the root servers. This shows some obvious DNS problems: [levante;~]-26 for i in 216.122.7.155 8.7.96.28 69.20.0.180 64.34.177.88 63.240.213.250 70.168.181.3 70.84.6.50 207.234.248.200 ; do dig zope.org soa @$i ; done | grep SOA | grep -v '^;' zope.org. 7200IN SOA ns1.zoneedit.com. soacontact.zoneedit.com. 1159817268 14400 7200 950400 7200 zope.org. 7200IN SOA ns1.zoneedit.com. soacontact.zoneedit.com. 1159817265 14400 7200 950400 7200 zope.org. 300 IN SOA ns2.zope.com. postmaster.zope.com. 2006092901 300 300 300 150 zope.org. 300 IN SOA ns2.zope.com. postmaster.zope.com. 2006092901 300 300 300 150 zope.org. 7200IN SOA ns1.zoneedit.com. soacontact.zoneedit.com. 1159817261 14400 7200 950400 7200 zope.org. 7200IN SOA ns1.zoneedit.com. soacontact.zoneedit.com. 1159817268 14400 7200 950400 7200 note how those answers differ wildly: there are four different versions of the zope.org domain going around. This will not clear up automatically: the domain registration, nameserver configuration and zone files seem to be need some updating. Wichert. Previously Justizin wrote: Wichert - Use /etc/hosts. Clear local DNS caches if you can. 63.240.213.173 cvs.zope.org It resolves fine from the ten or so machines I can check it on, but that's only 0.1% or so of the internet. If you see something other than hosts which point at 63.240.213.1, please provide details. On 10/12/06, Chris Withers [EMAIL PROTECTED] wrote: There still appear to be some outstanding dns issues... Chris Wichert Akkerman wrote: Is something happening with svn.zope.org? I haven't been able to use anonymous or authorized svn for two days. Wichert. -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ -- Wichert Akkerman [EMAIL PROTECTED]It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] DNS still fishy?
On 10/12/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12 Oct 2006, at 09:15, Justizin wrote: (a) I don't control the actual registrar records (b) Yes, these were listed in the zone itself as the NS, but noone should be doing lookups via these servers, because ZoneEdit is not authoritative for the NS records of this zone, the registrar is. To stay strictly on technical issues, I think you're constantly implying that the DNS servers for the zope.org zone that are listed by the registrar are not the same as the DNS servers the zone data itself contains. Can you explain why this discrepancy exists, or why it makes sense? I prepared a copy of the zone in ZoneEdit with small changes to reflect the plans for a new configuration, including new nameservers. I pulled the zone into ns.qutang.net early last week and sent out an e-mail which, surely, was just lost in the white noise. oh well. so, because we wanted to start modifying the zone really soon, i told rob page to change the registrar to point at: ns1.zoneedit.com ns7.zoneedit.com ns.qutang.net These nameservers all had the same data, including the same incorrect records. FWIW, three records with the same IP address went sour: www.zope.org cvs.zope.org zope.org This is curious, because I recall making an effort to individually copy each record from the zone file that Rob sent me, to avoid just this sort of mistake. whatever, these records pointed at .1 instead of .171 Nothing. I am describing the situation where you have a bind slave and you are configuring a slave zone for the first time. At that moment you don't have to manually pull the zone data, bind will magically fetch it. This was a hint for people who might want to set up a slave. Handy. I am writing a how-to for making djbdns comply with both ends of the NOTIFY chain. There are a bunch of tools for this, very simple djb-ish stuff, but nothing is part of the package. If someone running BIND wants to pull from zoneedit and send the rest of us NOTIFY requests when a change is detected, we can pretty much do that now. I should be set up to respond to NOTIFY. I have to add something into the tinydns-data chain which enacts changes to live configuration so that it spurs a NOTIFY to slaves. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] DNS still fishy?
On 10/12/06, Lennart Regebro [EMAIL PROTECTED] wrote: Just a couple of notes here. Although zoneedit has been running fine for me for years without a single problem, obviously it would be nice with some backup. Preferably something with another ISP and located on like another continent or something. Two of these backups would be even better. But honestly, compare the likelyhood that all three of these would fail at one time, together with the increasing likelyhood than one server of them is misconfigured and starts disturbing the usage for a minor part of the users, then we will quickly realize that the more backups and failsafes we have the larger the likelyhood that something of this will go wrong. the worst that happens is that some changes fail to propogate. changes to DNS should always be approached with the assumption that this will happen. What's worse is for there to be no copy of a zone available. It should never be necessary for an A record to change immediately, because this cannot be relied upon. The best defense to this is, however, to set TTLs at 300s, or 5 minutes, about a week in advance. 8 servers seems to be to be a complete overkill, and it will only cause problems. I will change my mind on this the time all zone-edit servers stop working at the same time as two of the backups fail. It could cause problems, and that's why we aren't really using eight servers right now, but it should not cause problems. It is a challenge, also, that our DNS is not hosted in the same location as the website. So, it's possible that DNS will be unreachable when an outage occurs, i.e. a fibre being cut in the middle of the ocean, and this outage may not actually affect our site. I bet ten bucks if we rely entirely on zoneedit's nameservers that this will happen once for at least twelve hours for some significant region of the world within the next year. Don't overcomplicate things. It just makes them fail. This assumption really has nothing to do with what happened this week. What happened this week was either: (a) a typo (b) an erroneously truncated string If there were only two nameservers, they would have pointed at the wrong IP, and the site would have been perceptually unavailable for a few hours to two days for various people. If there were eight, the same would happen, for about the same time frame. So, if you want to only use two nameservers, that's okay with me. Remember to wake me up when the zone is unreachable for someone and we want to run more. :) I always assume, if anything, that some machines, network connections, disk drives, etc.. will invariably fail, and that you can never have too many if they are available. I like the idea of a group of zope community members collectively providing DNS service. Maybe we should even talk about running multiple copies of the flat content in different places. If my site goes down, esp if one of my machines fail, I much prefer to feel comfortable that I can reach zope.org than rely on the possibility that i might have copies of recent releases in another location. if i'm going to keep copies of the releases around for myself, might as well mirror them, eh? While having a set of servers configured by various people sounds as if it would be overcomplicated, with proper planning and coordination, we should be able to keep it simple. When making changes to DNS, always assume that for 48 hours there will be between a 90-10 and 10-90 split between people who have your new records and people who have old records. When changing nameservers, double or triple this, because some people will have cached records from the old nameserver *and* more recently cached NS records, so they may continue querying the old nameserver until the cached NS record itself expires. When something critical like svn/cvs or the main website need to be changed, again, it is necessary to drop the TTL, on the entire zone, even, to something really short like 300s about a week in advance. This ensures that everyone in the world has a copy of the zone which says: no copy of this zone and no records in this zone are good for longer than five minutes.. Just before a switch is made, you can proxy the old front-end apache server to the new host explicitly, and then update records. for five or ten minutes some people's requests will be slow because they are possibly doubling-back across the internet, but at least they can't really tell what's going on, just that for a few minutes it is a 'little bit slow'. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] DNS still fishy?
On 10/12/06, Lennart Regebro [EMAIL PROTECTED] wrote: On 10/12/06, Justizin [EMAIL PROTECTED] wrote: It could cause problems, and that's why we aren't really using eight servers right now, but it should not cause problems. Servers should not fail. This should not cause problems. But in reality, it will. Servers failing will not cause problems, the only real risk would be tampering. The reason for having many servers is to protect against failure. It is a challenge, also, that our DNS is not hosted in the same location as the website. So, it's possible that DNS will be unreachable when an outage occurs, i.e. a fibre being cut in the middle of the ocean, and this outage may not actually affect our site. Which is why one or two backups on another continent is nice to have. Three or more is best. Don't overcomplicate things. It just makes them fail. This assumption really has nothing to do with what happened this week. I'm not convinced. Then take over, Lennart. I do not care. You don't have to be convinced. Explain to me how this problem is related to the outage, which was as simple as this: records served by three of five nameservers were incorrect. the other two were zope.com nameservers, and they don't delegate to zoneedit afaik. So, if you want to only use two nameservers, that's okay with me. Please respons to what I write, and argue against what I argue, instead of making up arguments against things I have never said. I, explicitly in my last mail, said that one or two backups on other continents would be necssary, but that the previously mentioned *eight* backups would cause more problems than they solve. You said you don't understand why we don't just use zoneedit. What makes four servers less failure prone than eight, so long as they all agree that zoneedit is in charge. If you don't agree with this, you are welcome to explain to me why. But do NOT argue against me by implying that I have said something stupid, which I never said. Oh whatever. Look, I'm sick of this conversation. I did a better job than anyone else in the conversation would have, and problems happened because we spent a week on something that we should have spent 2-4 weeks on. We learned something. I think the real issue is that we ran into a problem, which I tried hard to avoid, and people are still arguing that I am proposing to take too many precautions. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Fwd: zope.org DNS screwed up
Yes. I'll forward you both the ZFoundation welcome mail. The biggest mistake I made was not asking Rob to double-check a few records before making the switch. I checked that all of our new NS were resolving records, but didn't test them against the correct records. Okay I'm going to peek at the rest of this thread. On 10/10/06, Andrew Sawyers [EMAIL PROTECTED] wrote: Can we get the access info spread to a larger group please. I believe jens and myself are good candidates. Andrew On 10/10/06 12:00 PM, Justizin [EMAIL PROTECTED] wrote: whups. -- Forwarded message -- From: Justin Ryan [EMAIL PROTECTED] Date: Oct 10, 2006 10:58 AM Subject: Re: zope.org DNS screwed up To: Martijn Faassen [EMAIL PROTECTED] Cc: Zope Web zope-web@zope.org Crap. I don't know what's up, it seems to be resolving OK, but I concur that it is not loading. I'm checking in ZoneEdit now. Somehow the IP is wrong. Sorry, just woke up, worst road trip ever last night. I'm on it. On 10/10/06, Martijn Faassen [EMAIL PROTECTED] wrote: Hi there, I know you already got some messages in your inbox, but I figure I'd summarize it: * we think zope.org DNS got screwed up somewhere * please fix it if you can? Regards, Martijn -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] serving up static files from www.zope.org
On 9/28/06, Martijn Faassen [EMAIL PROTECTED] wrote: Chris Withers wrote: Justizin wrote: I don't want to take all the cookies, but like I said, I already own a bunch of apaches, including siggraph.org and turing.acm.org, as a volunteer. I'd prefer the stuff we're talking about to live ideally on ZC's hardware... I don't think Justizin was suggesting we run this stuff off other hardware. Nah, I simply meant that I don't mind being responsible for another Apache installation / configuration. On the medium to long term, I *would* like to pull in other hardware besides ZC's, by the way. Of course that would need to be on the basis of a well-supported machine. Eventually the ZF will want to take over the zope.org hosting, and probably not from within the context of ZC's hosting environment. I will take the next opportunity I have to bring this up with ACM HQ. We have about fifty servers in Verizon / NYC, and this might be a good way for us to begin contributing to the community at an organizational level. :) -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] http://namespaces.zope.org/zope
Will they slave a zone these days? ;) On 9/27/06, Chris Withers [EMAIL PROTECTED] wrote: Jens Vagelpohl wrote: If DNS is a bottleneck I volunteer to host the zope.org zone on my colocated servers (ns1.dataflake.org as primary, ns1.zetwork.com as secondary). The data center they are in (in Richmond/VA) has redundant internet connectivity and a sterling uptime record for their network. I can do the same using rackspace's DNS servers... cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] http://namespaces.zope.org/zope
On 9/27/06, Chris Withers [EMAIL PROTECTED] wrote: Justizin wrote: Perhaps I am making a wild and sweeping assumption here, but I think that Chris is talking about the DNS servers which are controlled by software the team I worked on at Rackspace was responsible for, and look like ns.rackspace.com. ;) Yep, so you're responsible for that crappy ui? Dotster's wins for ease of use so far... Not personally, but I will take the hit. ;) Actually, the UI that I worked on was AJAX before AJAX had a name, and was primarily directed toward employees. The tools were all written when the company was very young, and, eh, yeh, they have not been rewritten. Let's simply say that I felt rather strongly that we should have moved to Zope, and we didn't, so I don't work on that PHP anymore. It was an interesting project, however. So, I'm actually curious if they have implemented a feature which was not high priority when I worked there, and that is the ability to configure their nameservers as slaves. Don't think so, it's just that I can host dns there for stuff that isn't hosted on their servers. I'd hope their nameservers are also pretty robust? When I left, I believe NS and NS2 were both load balanced clusters of three large machines, which probably sit behind PrevenTier, a patented DoS-aversion system, now. They may also have moved onto geographic load balancing. I wouldn't really know. Tom - do you know if Rackspace's nameservers are capable of serving up a slave copy of a zone which is managed at ZoneEdit.com? When I wrote that email, I was actually proposing hosting the masters there. I don't mind being DNS boy for zope.org and I'd hope rackspace's nameservers would scale to the challenge... If you want to do that, I don't object to losing Czar status. ;) I am concerned that we can't easily allow a team of people who aren't on your private customer account access to do this. I'm already concerned that with my ZoneEdit account I can't give anyone else access, and was going to propose opening a Zope Foundation account which several people could have access to. That said, concern raised, what do Martijin and others think? We could still slave to Rack's nameservers. We'd like to de-centralize the zope.org zone so that no one individual or organization such as Zope Corp are responsible for / in control of it. If I ever did stop doing Zope stuff (hahahaha) then I'd happilly hand the records on to someone else. But of course, or the foundation would steal them back. :-P If I dropped dead (or got taken out by that hitman Jens keeps on promising), the DNS could similarly be moved elsewhere... I presume one of our volunteers is a Rackspace customer, and is thus offering to host our domain as part of their account. That'd be me ;-) cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] http://namespaces.zope.org/zope
I'm taking this offline with Chris. I agree with the concerns about hosting in an individual personal account, although we are doing no better at ZoneEdit right now with JRyan36 or whatever the heck I am called. On 9/27/06, Andrew Sawyers [EMAIL PROTECTED] wrote: On 9/27/06 11:57 AM, Chris Withers [EMAIL PROTECTED] wrote: Justizin wrote: Perhaps I am making a wild and sweeping assumption here, but I think that Chris is talking about the DNS servers which are controlled by software the team I worked on at Rackspace was responsible for, and look like ns.rackspace.com. ;) Yep, so you're responsible for that crappy ui? Dotster's wins for ease of use so far... So, I'm actually curious if they have implemented a feature which was not high priority when I worked there, and that is the ability to configure their nameservers as slaves. Don't think so, it's just that I can host dns there for stuff that isn't hosted on their servers. I'd hope their nameservers are also pretty robust? Tom - do you know if Rackspace's nameservers are capable of serving up a slave copy of a zone which is managed at ZoneEdit.com? When I wrote that email, I was actually proposing hosting the masters there. I don't mind being DNS boy for zope.org and I'd hope rackspace's nameservers would scale to the challenge... This is why I proposed using zoneedit We'd like to de-centralize the zope.org zone so that no one individual or organization such as Zope Corp are responsible for / in control of it. If I ever did stop doing Zope stuff (hahahaha) then I'd happilly hand the records on to someone else. Easily done at zoneedit (change pasword) and no pain in migrating. Bad idead IMNSHO putting this into a single persons control. If I dropped dead (or got taken out by that hitman Jens keeps on promising), the DNS could similarly be moved elsewhere... No need to be moved if it's on zoneedit. I presume one of our volunteers is a Rackspace customer, and is thus offering to host our domain as part of their account. That'd be me ;-) cheers, Chris This solution is already started, lets just put it to bed? Andrew -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] http://namespaces.zope.org/zope
On 9/27/06, tweeks [EMAIL PROTECTED] wrote: On Wednesday 27 September 2006 10:37 am, Justizin wrote: Tom - do you know if Rackspace's nameservers are capable of serving up a slave copy of a zone which is managed at ZoneEdit.com? We don't do that any longer on our main geo-load balanced ns and ns2 nameservers. We do have a sec-only name server that we will slave off a customer's master. But a) it's not tied in with myrackspace/DNS tool (big deal).. and b) it is HA, but it's not geo-HA. That would benefit us, I think. We'd like to de-centralize the zope.org zone so that no one individual or organization such as Zope Corp are responsible for / in control of it. Well I can't help you on the people side... zero to n individuals are always going to be responsible... But yes.. we can hook you guys up with our sec-only name service. Here's a KB article on the topic: Can Rackspace provide secondary DNS and let me control my own master server? https://my.rackspace.com/direct?view_kb_docref_no=050803-0001submit=view_article (requires a valid MyRS login) As the KB article states... our seconly DNS service - is legacy only offering.. but we do make acceptions. :) What account is this on? Who's the official PoC? Chris is the POC - Chris, you should be able to log in and view the link above. Slave to ns10/12.zoneedit.com -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
Thanks to both of you. On 9/27/06, Andrew Sawyers [EMAIL PROTECTED] wrote: You didn't cc tres - but I'm sitting next to him, and informed him *we* volunteered cabana if we want it.Tres actually doesn't use cabana as a nameserver - mainly me (unless the other guys have changed how the have their domains setup). A On 9/27/06 3:52 AM, Chris Withers [EMAIL PROTECTED] wrote: Justizin wrote: I haven't even got my responder up yet, to be honest. I'll be moving my domains to zoneedit at the same time as zope.org. I assume one of these is yours, and one of them jens' ? cabana.palladion.com 69.44.155.17 That'll be Tres (cc'ed in 'cos I don't know if he's on this list) ns1.dataflake.org 8.7.96.28 That'll be Jens. cheers, Chris -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I believe a single DNS query over UDP can handle around 20-25 entries, depending on their size. Should be no problem for an 'NS' query for zope.org to point at ten or more hosts which run slave. The question is, does this tool allow that? I imagine so. I know that we set up a local slave in the convention center for SIGGRAPH in Boston this year from our cheapo DNS provider. I'm not sure what you're trying to explain or ask here. Do you think there would be any problem in propagating updates? Well, there won't. And I don't see any need for more than 3 DNS servers (including the master). DNS is not resource-intensive in any way. Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. All I'm saying is, I assume, hopefully, that this provider will allow us to specify hosts which are allowed to perform AXFR. They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. IIRC, we had about 100,000 zones, but still, let's think about this for a moment. Imagine: * I have www.stupidwebsiteforjerks.com * Someone hates my stupid website, because it's for jerks * My DNS records are in the same server as yours * Someone decides to launch an 8MB/s or so DDoS against my NS records and my webserver IP. * Your site starts failing to load for 30-60% of visitors after a few hours. ;) -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Martijn Faassen [EMAIL PROTECTED] wrote: Andrew Sawyers wrote: Yeah, definitely. And if we go with that tool I volunteer to be hooked up as a secondary. As do I . All this DNS volunteering is great! Unfortunately, I'm a bit at a loss on how to proceed, as I'm not very familiar with DNS issues. So, what I need: * a single contact person for DNS issues that I can contact whenever something DNS related is needed, can advise me on these issues should I have questions, and who will arrange DNS matters among the three of you. I propose it's one of you three (Justizin, Jens, Andrew). Anyone volunteering for that? I'm glad to be the lead, and I'm glad for either of the other guys to be the lead. ;d Whoever you decide to nag, I think the three of us can hammer this out. * A plan of action worked out between the three of you. I basically need to know what needs to be done bureaucratically from the side of Zope Corporation and the Foundation to get this arranged. I'll leave the actual work to you all - I intend to only be there when stuff needs to be expedited somehow. Okay. We will need: * A copy of the existing zope.org zone files * Cooperation from [EMAIL PROTECTED] to change the NS record pointers * A list of people who need access in ZoneEdit -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Re: [Zope] Re: Protocol question about ZopeBook typos
Current ZopeBook version is at http://www.plope.com/Books/2_7Edition Please check http://www.plope.com/Books/zb_signup for contact information. It'd be ral nice to bring the Zope Book back into one place under the zope.org banner somewhere... Following that, has there been any continued interest / development? It still says the pending version is the Zope 2.7 version. With all of what's out in the wild and around the corner now, it seems like there ought to be work in creating accurate documentation for as much of Zope 2.7 - 3.3 as possible. Some people will be tied to these older versions of Zope for a while, whether we like it or not, and may be low on midichlorians[0]. And as much as I enjoy Philipp's book, it would be nice if there were some effort at providing straight up z3 documentation, perhaps with less pizzazz. ;) [0] i.e. don't like hearing UTSL vs. RTFM ;) -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:48, Justizin wrote: Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. Do you know how DNS works? Slaves don't just ask for a transfer willy- nilly. Slaves are known to the primary and they get told when to ask. I'm not sure this is correct. We should investigate before insulting each other's intelligence. I know a great deal about how DNS works, thank you very much. ;) They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. I have no idea what you are talking about. This is not some huge DNS service that we need. We need to serve exactly one zone. This can be done from a Palm Pilot, to be honest. I have run DNS services for years and years and don't share any of your doubts. Okay, let's please not make this an argument. *we* do not have large-scale DNS needs. However, if we use someone like ZoneEdit.com, their nameservers are highly loaded. So, as I said, if someone decides to launch a DNS attack on ns1.zoneedit.com or whatever, it can affect the availability of zope.org, unless there are alternates, which is what we all propose. It's a sad logical fallacy for you to state that because you have never seen this problem, it does not exist. I spent nearly three years as an engineer at one of the world's largest provider of managed internet services, and I can tell you that NS.RACKSPACE.COM and NS2.RACKSPACE.COM are hit multiple times a year by 8MB/s or greater DDoS attack. This was in a datacenter with 9GB/s of bandwidth via multiple OC-48 connections. It's important. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Apache, anyone?
On 9/25/06, Chris Withers [EMAIL PROTECTED] wrote: Lennart Regebro wrote: Personally, I don't care where www.zope.org is currently located, and I also think we should replace it part by part with microsites, like wiki.zope.org, bugs.zope.org, news.zope.org, products.zope.org and so on, Be careful the multiple domain names, it prevents sensible cookie-based auth. For that reason alone, I'd prefer to see zope.org/wiki, zope.org/bugs, zope.org/news, etc instead. Isn't it possible to set a cookie for .zope.org vs, say, www.zope.org ? I'm pretty sure I know some people doing this at: http://linklink.timesys.com + http://builder.timesys.com and also: http://www.fsf.org/ + http://wiki.fsf.org/ It really feels like we need a foundation-admin'ed Apache in front of everything somewhere, just to handle rewriting/static content/etc. Is that a possiblity? I own a lot of Apaches already, I would not mind. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
[ZWeb] http://namespaces.zope.org/zope
So.. I was talking to Philipp the other day on IRC, wondering why http://namespaces.zope.org/zope Doesn't actually exist on on the intarweb. At first I wondered if it was a requirement, like for a DTD, and P says no, so I believe him. We did agree that it would be nice if something lived here talking about ZCML, which is what the w3c does for their namespaces, like: http://www.w3.org/1999/xhtml Of course, I volunteer. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
