Server Team Meeting, 2018-04-24

Attendees: Andreas Beutel, Andri Steiner, Bastian Bringenberg, Michael Stucki, Steffen Gebert, Stephan GroƟberndt

Beginning of the meeting: 17:00 CEST.

Open Issues from last meetings

DNS migration

  • by now, we're using our own DNS master managed by Chef. This allows us to insert records for servers and services dynamically into the zones
  • secondary servers are located at Punkt (1 in Germany) and snowflake Ops (1 each in Switzerland and Germany)
  • snowflake Ops will move its secondary servers from own systems to
  • only required changes are already done in
  • ranto into a problem with our serial values during the migration, fixed in
  • [TODO] Andri will fix the serial in the Chef cookbook
  • [TODO] Bastian will implement named-checkzone into the Chef cookbook

possible further changes

  • move all domains besides of directly into the web based DNS management * those domains have records to our incoming proxy and will redirect HTTP to only * not adding those domains to Chef anymore will reduce complexity * through the integration of the web based DNS management with clouDNS, no additional changes are required when we add new domains
  • there are 4 dns servers in 23 anycast locations available * we could use all 4 of them with our own brand (e.g.,,, * we could remove * we could remove our own DNS server from the public records and use it solely as a shadow master
  • [INFO] we decided to leave DNS server names like this by now
  • [TODO] move all domains besides of to the web based management

mailserver migration


  • [INFO] was deactivated on the old system on Monday, April 16th
  • [INFO] we will remove all data on the old system altogether after a months grace period on Tuesday, May 15th
  • [INFO] we're looking for configuration improvements, especially in the area of spam prevention, on a regular basis
  • [TODO] remove data on old mailserver on May 15th

enable fail on SPF record

  • [INFO] according to our weekly DMARC report from, our SPF alignment varies between 99-100%
  • [INFO] we therefore propose to change our SPF record from softfail to fail
  • [TODO] change SPF from softfail to fail

Requests to the T3A board

Next meeting

  • The next meeting will take place on Tuesday, May 08, 2018 17:00 CEST

End of the meeting: 17:40 CEST.