The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

>> Hello Paul and Alan,
>>
>> Was there any way we could have known this before the change?
> Probably no one in the OT thought about people whitelisting the CAT 
> website. I guess it was only implied in the announcement as:
> "We'll use this opportunity to move the CAT to the new, dedicated host."
>
> I think it could have been more explicit.

Sure, and we'll know this for future moves.

However: we played by all the rules. We lowered DNS TTL way ahead of the
change to make sure that there are no stale cache IPs anywhere, and that
the change will be propagated near instantly to everyone who resolves
the name cat.eduroam.org.

Systems which were configured with the *hostname* cat.eduroam.org would
only notice a hiccup in the seconds or at worst minutes range.

I configure firewalls and similar myself, and I know how tempting it is
to "just take the IP". I sometimes take that shortcut, too. But one
needs to be aware that this is cutting corners and bound to fail
eventually. The DNS system has TTL timeouts built-in for a reason, and
by ignoring the attached TTL and taking a snapshot of the DNS results at
any one point in time, this definitely means breakage at some point in
the future.

Greetings,

Stefan Winter

>
> Regards,
> Paul
>
>
>
>> Regards,
>> Theo
>>
>>
>>
>>
>> Onderwijsgroep Tilburg
>> Stappegoorweg 183 - 5022 DD  Tilburg
>> Postbus 1330 - 5004 BH  Tilburg
>> Tel.: +31 (0)13 539 71 92
>> Fax: +31 (0)13 539 70 11
>> Gsm: +31 (0)6 133 137 50
>>
>> E-mail: 
>> thoeks AT onderwijsgroeptilburg.nl
>> Web: www.onderwijsgroeptilburg.nl
>>
>> KvK 41097408
>>
>> Disclaimer
>> Dit bericht is alleen bestemd voor de geadresseerden. Aan dit bericht 
>> kunnen
>> geen rechten worden ontleend
>>
>>
>>
>> -----Oorspronkelijk bericht-----
>> Van: Paul Dekkers 
>> [mailto:paul.dekkers AT surfnet.nl]
>> Verzonden: maandag 1 juni 2015 17:00
>> Aan: 
>> A.L.M.Buxey AT lboro.ac.uk;
>>  Theo Hoeks
>> CC: 
>> 'cat-users AT geant.net';
>>  Merijn van de Schoot
>> Onderwerp: Re: [cat-users] Change of the site-address?
>>
>> On 6-1-15 16:27, 
>> A.L.M.Buxey AT lboro.ac.uk
>>  wrote:
>>> Hi,
>>>
>>>>    Last couple of days we had trouble reaching the site 
>>>> `cat.eduroam.org'.
>>>>    The ip-address of the site is embedded in the ACL of our 
>>>> WiFi-controllers
>>>>    and this appearded to be wrong.  Did the ip-address change with the
>>>>    upgrade of the site to version 1.1?
>>> yes - the server is now on 145.100.191.84
>> and if you have IPv6, also whitelist 2001:610:188:450:145:100:191:84 :-)
>>
>> Regards,
>> Paul
>>
>> P.S. CAT isn't using IPv6 just yet, but it will hopefully in the nearby 
>> future.
>>
>>
>>> (it was seperated from monitor.eduroam.org)
>>>
>>> alan

Attachment: signature.asc
Description: OpenPGP digital signature