Categories
Q&A

File Into Folders with Hosted Mail Extensions

A question came across the forums last week about address extensions (user+ext@example.com) not working because it wasn’t filing into folders automatically based on the extension part. They do work, but that anticipated behavior is actually a modified one rather than standard, but such a thing can be accomplished with Roller Network hosted mail boxes and a quick Sieve script:

require ["fileinto", "variables"];

if header :matches "Delivered-To" "user+*@example.com" {
  fileinto "${1}";
  stop;
}
else {
  keep;
}

Add this using the managesieve online interface (or managesieve plugin that allows direct entry), replacing “user” and “example.com” with entries appropriate to your hosted mail box. This script will automatically file anything with an extension into a folder of the same name or default to INBOX if there wasn’t an extension.

We have been considering adding this functionality as a per-mailbox account control center option, but a Sieve script will quickly do the job just the same without having to wait for us.

Categories
Q&A

Yes, We Have a Whole Facility UPS

We’ve given a surprising number of tours lately for colocation where one of the questions brought up was whether or not we provide UPS power to the racks. The simple answer is yes: Roller Network maintains and provides facility-wide UPS power. There is no requirement for a colocaiton customer to provide their own UPS. It’s actually our site policy that all switchgear, batteries, and UPS systems must be isolated in the electrical room separate from other equipment.

Apparently the motivation behind this question is that many of our local competitors do not provide UPS power for colocation. Well, we do, and we see it as part of our job in providing colocation services. If you have to maintain your own UPS and batteries, why colocate in the first place?

Categories
Q&A

Primary DNS and Zone Transfers

We’ve received a couple questions about zone transfer (AXFR) support for our Primary DNS service. Currently we do not have AXFR enabled on the DNS servers that answer requests for Primary DNS zones.

The AXFR limitation is not intentional; unfortunately it’s supported by the DNS server. Primary DNS is served using PowerDNS authoritative server version 2.9.22. It does not support per-zone AXFR ACLs like BIND9 does.

The only option we have would be to allow AXFR to anyone, but for security reasons we don’t want to do that. We can’t globally allow our Secondary DNS to AXFR because that creates a backdoor where anyone with an account could use it as an intermediate AXFR host. (Security aside, most of our customers don’t want AXFR open to the world or IP addresses they don’t control.)

PowerDNS authoritative 3.0 is currently in RC2 stage. This version does have per-zone AXFR capability and we will support it in the control center as soon as possible. It also has other features we’d like to add like DNSSEC and long TXT records.

We’re working on changes to the control center required to support these features but ultimately it requires the servers themselves to be upgraded to either the release candidate or the 3.0 release to support them.

Categories
Q&A

Where we are with DNSSEC

From time to time we get questions on DNSSEC support. There are many parts to DNSSEC, but here’s we we stand as of this post:

Our Secondary DNS service (which is based on BIND9) has supported DNSSEC for several years and we have received confirmed reports from some of our customers that use the secondary service that it does work. The Primary DNS service does not support it at this time since it’s based on a version of PowerDNS that lacks DNSSEC support. However, the next release version of PowerDNS will have it, at which point we can work on integrating it into our control center.

On the network side we do not employ any type of mechanisims that try to be “smart” with manipulating DNS traffic incorrectly. Further to that, both UDP and TCP are open for DNS traffic. Contrary to popular belief, DNS queries can use TCP for queries other than AXFR if the UDP query failed, so we allow both.

Categories
Q&A

Generator Test Run: UPS View

Just over a month ago we posted a video of our generator and transfer switch running through the self test process. These two videos show what happens in the UPS room when the transfer switch does its thing. But what happens with the UPS? The first video shows the corresponding UPS actions when the transfer switch moves from utility to generator.

The UPS will go to battery briefly as the transfer (although we don’t see any effect in the room lights) is enough to be momentarily out of tolerance. This is good: the transfer switch will reconnect under minimal load, extending its life and reducing the risk of a contact becoming fused. The generator test runs for an hour, so after that hour is up the transfer switch moves back to utility power from generator. This second video shows the actions of the UPS during the second half of this process.

As you can see, we perform a true test of our emergency power systems with confidence in its operation since a utility outage is identical to our test procedure. During a real utility outage the only major difference is that the UPS would run on battery from 10 to 20 seconds longer while the generator goes through its self start procedures before a transfer.