Server Team Meeting, 2018-04-24

Attendees: Andreas Beutel, Andri Steiner, Bastian Bringenberg, Michael Stucki, Steffen Gebert, Stephan GroƟberndt

Beginning of the meeting: 17:00 CEST.

Open Issues from last meetings

DNS migration

  • by now, we're using our own DNS master managed by Chef. This allows us to insert records for servers and services dynamically into the typo3.org zones
  • secondary servers are located at Punkt (1 in Germany) and snowflake Ops (1 each in Switzerland and Germany)
  • snowflake Ops will move its secondary servers from own systems to https://www.cloudns.net
  • only required changes are already done in https://review.typo3.org/#/c/56647/
  • ranto into a problem with our serial values during the migration, fixed in https://github.com/TYPO3-cookbooks/t3-pdns/pull/4
  • [TODO] Andri will fix the serial in the Chef cookbook
  • [TODO] Bastian will implement named-checkzone into the Chef cookbook

possible further changes

  • move all domains besides of typo3.org/typo3.com directly into the web based DNS management * those domains have records to our incoming proxy and will redirect HTTP to typo3.org only * not adding those domains to Chef anymore will reduce complexity * through the integration of the web based DNS management with clouDNS, no additional changes are required when we add new domains
  • there are 4 dns servers in 23 anycast locations available * we could use all 4 of them with our own brand (e.g. ns.typo3.org, ns.typo3.com, ns.typo3.de, ns.typo3.fr) * we could remove nameserver1.pluspunkthosting.de * we could remove our own DNS server from the public records and use it solely as a shadow master
  • [INFO] we decided to leave DNS server names like this by now
  • [TODO] move all domains besides of typo3.org/typo3.com to the web based management

mailserver migration

status

  • [INFO] typo3.org was deactivated on the old system on Monday, April 16th
  • [INFO] we will remove all data on the old system altogether after a months grace period on Tuesday, May 15th
  • [INFO] we're looking for configuration improvements, especially in the area of spam prevention, on a regular basis
  • [TODO] remove data on old mailserver on May 15th

enable fail on SPF record

  • [INFO] according to our weekly DMARC report from dmarc.postmarkapp.com, our SPF alignment varies between 99-100%
  • [INFO] we therefore propose to change our SPF record from softfail to fail
  • [TODO] change SPF from softfail to fail

Requests to the T3A board

Next meeting

  • The next meeting will take place on Tuesday, May 08, 2018 17:00 CEST

End of the meeting: 17:40 CEST.