Hi Mike, On Fri, May 06, 2022 at 04:42:03PM +0100, Mike Zanker via users wrote: At the moment transfers only happen from a.authns.bitfolk.com and those addresses haven't changed, but if you want to add them all there is no harm. $ for h in a b c; do host ${h}.authns.bitfolk.com; done a.authns.bitfolk.com has address 85.119.80.222 a.authns.bitfolk.com has IPv6 address 2001:ba8:1f1:f085::53 b.authns.bitfolk.com has address 45.33.107.124 b.authns.bitfolk.com has IPv6 address 2600:3c01:e000:259::53 c.authns.bitfolk.com has address 172.104.29.216 c.authns.bitfolk.com has IPv6 address 2600:3c03:e000:432::53 Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

Hi, Thanks Andy! It looks like I had incorrect v4 and v6 addresses for both b. and c. in my bind acl. I also had an old v6 entry for a. and an even older pair of addresses for c. that had been commented out and annotate with "Expires 19th March 2012" so I guess I have the addresses from approximately that era. Is it possible (and if so, advisable) to use hostnames in the ACLs? Otherwise, what's the best way to keep this information up-to-date? Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF

Hi, Thanks! Ah right. ...but the zones I host know that b. and c. are secondaries as well so I think my server sends them NOTIFYs at the appropriate times. Therefore, it seems consistent to allow them to receive it if they want to. I'd prefer to not have a custom notify list for domains as that's another thing to get inconsistent over time; I prefer it to come straight out of the canonical zone file if possible. I guess a. also NOTIFYs b. and c. and then they do their transfer from there? I haven't updated any zones in a while so a quick check of my logs doesn't give me anything to analyze right now. If it's of interest I can force a change and see what happens. Until this evening my ACL was: ----- 85.119.80.222; 2001:ba8:1f1:f019::53; // a.authns.bitfolk.com 209.237.247.198; 2001:4978:f:f2::2; // b.authns.bitfolk.com //209.20.91.73; 2001:4978:f:392::2; // c.authns.bitfolk.com - Expires 19th March 2012 173.255.227.192; 2600:3c03::31:2053; // c.authns.bitfolk.com ----- (Note the expired c. one is commented out but I left it in there for posterity!) Now the ACL is: ----- 85.119.80.222; 2001:ba8:1f1:f085::53; // a.authns.bitfolk.com 45.33.107.124; 2600:3c01:e000:259::53; // b.authns.bitfolk.com 172.104.29.216; 2600:3c03:e000:432::53; // c.authns.bitfolk.com ----- wrt. a. the v6 address used to have :f019: and now has :f085:. Perhaps that was a mistake on my part? I never tested it because I (still!) don't have any v6 interfaces configured on my VPS. That sounds useful but I am happy to be told that monitoring the up-to-date-ness of secondary servers for my domains is my responsibility! :-) Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF

Hi Mike, Andy, On Sat, May 07, 2022 at 06:07:25AM +0100, Mike Zanker via users wrote: […] Ah, OK. The v6 address did change, yes. It was at a time when no zone transfers took place over v6 (it was changed specifically to allow this) so I don't think I bothered to notify people of that change. In future for both v4 and v6 addresses we would go to great efforts to let people know about any changes in the addresses of a.authns.bitfolk.com but the best we can do is mention it on the announce@ list plus contact anyone whose AXFRs began to fail. Have added that as this feature request: https://tools.bitfolk.com/redmine/issues/209 If there's any thoughts or comments on how you would like that to work, they are best added there. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting