Hey, can anyone answer a couple of fast questions from a prospective tiny customer here?
spacey: best not to ask to ask, just ask :)
tiny customer is tiny?
tiny customer is indeed looking for one tiny instance that does very little
spacey: what will it do?
I'm interested in running a relatively small vm that will do dns (tinydns, dnscache for itself) and be listed with whosoever is the internic these days as the nameserver for a few zones
ah, authoritative name server
As well as some mail serving - for me, by me, with me as the only user.  Maybe some web pages in the future.
I'm mainly interested in making sure that the IP addresses are relatively fixed for the life of the service.
so...whats the question?
haha
o
yes
I'm used to dealing with AWS at work, where those things are "buy an IP address, and get spam-bucketed"
well, i do get lots of ssh connection attempts on my ip
my auth logs are long
This is running on a server that's about 15 years old, whose disks are about 10 years old, and one of the raid 1 disks just died yesterday after the ancient version of my openssl-linked couriertls got turned into a consistent segfault due, I assume, to yesterday's vuln announcement
I'd like to move it
spacey: you can be confident that your IP will not change.  i can't remember *ever* changing an IP on a customer ever since I got my own IP space (7 years ago or so)
OK, I'll notify the guy I'm secondarying for then, and deal with the signup this weekend.
cool
Thanks.
spacey: so AWS IPs are spam targets, or ... ?
milki ssh connections hardly seem worth running fail2ban/etc. for anymore.  They just keep happening and I don't want to lock myself out when I'm drinking
heh
i lcok myself out all the time when using git >.>
i make fast connections
but theres out-of-band
up_the_irons I think that since AWS advertises their netblocks they're counted as untrusworthy because there is no accountability.  Best pratcies there is to pay for someone to do authenticated relay
so its never a real concern
Sorry, cause+effect is that since aws is dynamic, people can run instant-spam bots there.
Effect is that since their netblocks are published, it's easy to give them a -5 on SA and continue with life
I guess it's really more nuanced than that, but you get the idea
spacey: ah, roger that
spacey: well, i can definitely understand the "instant-ness" of it creates a haven for spammers
not sure if anyone is officially giving negative scores to AWS IPs b/c of that, but that would be interesting.  there's definitely a lot of *legit* stuff on AWS, so that would suck for AWS users to get .. umm... what would be the "racial profiling" version of hosting?   host profiling?
up_the_irons, you can always use AWS SES.. for a fee ;) Though it's pretty solid for me since switching a few projects to it
spacey: fyi, all ISPs have to publish their IP space
pjs: ah cool
up_the_irons I mean aside from e.g. getting it from a looking glass, it's on their website
spacey: yeah
spacey: you can just get it from ARIN's WHOIS
True, but for a lot of ISPs that means actual work, like decuding which ASN that was at one point BBN is now part of e.g. google or ATT or whatever, doesn't it?
spacey: well, you can get it programatically from route objects, instead of manually from their site.  seems the automatic part would be less work :)
spacey: but sure, i suppose if they don't have a lot of IP blocks, then copy & paste might be the most straight forward solution :)
wow, lots of IP blocks:
http://www.cidr-report.org/cgi-bin/as-report?as=AS16509&v=4&view=2.0
up_the_irons: Amazon deaggregate their prefixes heavily for traffic engineering purposes
plett: yeah, i can imagine
hey up_the_irons I wasn't paying attention to my admin@ email - can you please get the billing system to rety my card? It is likely that there was no money in the account when it tried to bill.
s/rety/re-try/