Categories
Changes Status

System Updates 2020 Edition

Over the next several weeks are are going to try to get all of our systems updated to Debian 9 (oldstable) or ideally Debian 10 (stable) wherever possible. Many systems are still running Debian 8 LTS for which security support ends in June.

We will do our best to minimize disruptions. Any work that’s unavoidably disruptive will be performed during our weekly maintenance window every Saturday between 10:00 and 22:00. An example of a system that’s disruptive would be the account control center, webmail, or IMAP/POP3 hosted mail. To completely update a system there are required reboots, and in some cases (most notably IMAP/POP3 hosted mail), forced switches between active/standby pairs to verify functionality. Updates on our in-office system will cause interruptions to our phone and hotline number (which run on Asterisk) while we perform its upgrades. Email us if you don’t hear the voice prompts answer since someone will be watching for emails when we know voice is being worked on. Work to non-interactive systems like ns1/ns2 may be performed at any time since our supported configuration is that customers configure both on their domain, not just one. We may also decide to migrate older hardware based systems to a virtual machine on a case-by-case basis.

If you have any questions please contact support.

Categories
Changes IPv6

IPv6 Public NTP Servers Discontinued

Almost 9 years ago we set up some publicly accessible IPv6 time servers. At the time there were few to no options for NTP over IPv6.

However, it’s time to retire those servers. They’ve run faithfully for almost 10 years and their watch is over. We don’t have a replacement for this service, but NIST has IPv6 NTP servers in their pool: https://tf.nist.gov/tf-cgi/servers.cgi

Categories
Changes Status

IP Address Change for Mail Forwarding Servers

The IP addresses of our mail forwarding servers will be changing:

mxfwd1.rollernet.us

  • Old IPv4 Address: 208.79.241.114
  • Old IPv6 Address: 2607:fe70:0:16::a
  • NEW IPv4 Address: 208.79.240.12
  • NEW IPv6 Address: 2607:fe70:0:3::f
  • NEW Name: mxfwd-a.rollernet.us

mxfwd2.rollernet.us

  • Old IPv4 Address: 208.79.241.115
  • Old IPv6 Address: 2607:fe70:0:16::b
  • NEW IPv4 Address: 208.79.241.12
  • NEW IPv6 Address: 2607:fe70:0:4::f
  • NEW Name: mxfwd-b.rollernet.us

If you have created whitelists or used these servers in SPF records (we will update include:m._spf.rollernet.us accordingly) please make sure to add the new addresses alongside the old addresses while this transition is in progress. Once completed, the old IP addresses will no longer be used for any mail-related functions.

CNAME records will be added pointing the legacy names to the new names, so it will be safe to continue referencing the old names.

If you are not using the Mail Forwarding functions in the account control center you will not be affected by this change. Log in to your account and see https://acc.rollernet.us/mail/mapping.php to check if you have mail forwarding configured.

The physical servers are being retired and their mail-related functions replaced with virtual machines. We’ll be repurposing the subnet for timing services since the forwarding servers were also used for NTP (ntp.rollernet.us) and installing Rubidium-based timing systems. This will ensure that functions that are more DNS friendly SMTP functions will transition smoothly, and NTP configurations which are normally configured by IP or only resolved in DNS once will continue with no impact.

UPDATE: All changes were completed successfully.

Categories
Changes Status

Rejecting BGP RPKI “Invalid” Prefixes

Roller Network AS11170 will be updating our routing policy to reject any IPv4 or IPv6 prefix with a BGP RPKI validation result of “invalid” on both the peering and transit borders of our network. We’ve been running RPKI validation internally for a while with the “bgp bestpath prefix-validate allow-invalid” setting configured. This routing policy change will simply remove this line from our BGP address family configurations.

Categories
Announcements Changes

Mail Services: Whitelist Behavior Change

We’re changing the behavior of the whitelist for the “All Filters” entry type to now include the Antivirus filter when whitelisting.

The original behavior for the last decade or so has been to continue applying the antivirus filter while whitelisting everything else unless a second whitelist entry was added explicitly for the antivirus filter. Lately we’ve spent too much time explaining this, so we’ve decided the time has come to change the behavior so that an “All Filters” whitelist entry now truly means all filters (including antivirus).