Bandwidth and Statistics
IP and DNS
- Does OARnet have a standard list of ports or IPs to block?
- How do you request a port or IP be blocked?
- Why do you keep sending me Spam/Copyright/Security/Bot complaints?
- What's a forward DNS?
- What's a reverse DNS?
- Why do forward and reverse DNS need to match up? What happens if they don't?
- Can a zone file consist of more than one MX or A record?
- Is it possible for me to keep OARnet as my primary DNS and someone else as my secondary? Will OARnet be my secondary?
- Will you sub-delegate my IPs so I can handle reverse on my nameservers?
- Does OARnet provide DNSsec?
- Does OARnet provide Emergency Web Hosting?
- How do I access the Gateway?
- What is the difference between a User and a Gateway Editor?
- What is the difference between a User and a Contact?
- What is the difference between a Gateway Editor and an Administrative Contact?
- Why is the Gateway for authorized users only?
- Why is the contact list separate from roles?
- How do I update my contact list?
- How do I apply contacts to roles?
- How do I add an optional role? (i.e. DNS)
- How do I see our users and Gateway Editors?
- How do I remove a User?
- How do I change who is a Gateway Editor?
- My co-worker doesn’t appear in the User list.
Listed Contacts on Gateway
- What is a contact?
- What is a contact role?
- What is an Administrative Contact?
- Why do I need manage my own contacts?
- What information is required of each contact?
- Why does the Support Center only accept change requests and trouble reports from Gateway Listed Contacts?
- What roles can initiate and/or authorize change?
Yes, please tell us! We will open a ticket in our tracking system so that staff is aware of your maintenance and schedule downtime in our monitoring system if you give us a specific timeframe. Otherwise, our monitoring system marks your circuits down, we call you and possibly the Telco under the assumption there is an outage.
- IntraOhio bandwidth . Network traffic that stays within the State of Ohio.
- Internet (also called Internet1). General public connection.
- Internet2. Non-profit, national network dedicated to research and education. OARnet is Ohio's access point to Internet2.
3) How do I see my statistics?
Visit www.oar.net/support/statistics to learn how to view statistics.
5) How do you request a port or IP be blocked?
A member school can request for a port or list of ports to be blocked by sending a request to the Service Desk at email@example.com. The request must come from a listed contact at the school. In the case of an emergency you may call the Service Desk at 1-800-627-6420; we will need to verify your authority to request changes, however.
6) Why do you keep sending me spam/copyright/security/bot complaints?
OARnet is listed as the owner and contact for IP space that we have leased to our clients. We receive many types of security complaints, which we forward to the OARnet client currently responsible for that IP.
7) What's a forward DNS?
It is mapping a domain name to an IP address. We use "A" records to set these up in a zone file. CNAMES may be added to create "shortcuts" to existing A records. You must register forward domain zones.
Example: example.edu. IN A 192.168.10.1
www.example.edu. IN CNAME example.edu
A special PTR-record type stores reverse DNS entries. The name of a PTR-record is the IP address with the segments reversed + ".in-addr.arpa." For example, the reverse DNS entry for IP 188.8.131.52 would be stored as a PTR-record for "184.108.40.206.in-addr.arpa".
Reverse DNS is different from forward DNS in who points (delegates) the zone to your DNS server. With reverse DNS, your Internet connection provider (ISP) must point the zone ("....in-addr.arpa") to your DNS server. Without this delegation from your ISP, your reverse zone will not work.
9) Do we need reverse DNS? What happens if they don't match up?
We need reverse DNS for many purposes, especially mail delivery. Most ISP's mailservers require reverse lookup of a host sending mail, for validation purposes. This reduces IP spoofing and spam emails. If the ISPs don't find the reverse DNS for the IP, then the mail will be discarded or returned.
Reverse DNS is mostly used to track website visitors, email message origination, etc. This tracking is important because some machines require authentication of IPs. Forward and reverse zones are two separate zones whose files not necessarily hosted on the same nameservers. Typically, for every A record there should be a corresponding PTR record, but this is not always the case.
10) Can a zone file consist of more than one MX or A record?
Yes. Zone files can get really large mostly due to A records that are the most popular records in a zone. MX records are names of host that act as mail exchanger for the domain. MX records cannot point to an IP but only other names.
Example: if you have a mail exchanger with mail.example.edu as the name and 192.168.10.1 as the IP, then mail.example.edu must have an A record such as:
mail.example.edu IN A 192.168.10.1
and an MX record such as:
example.edu IN MX 10 mail.example.edu.
This means that any mail destined to say firstname.lastname@example.org must send it to mail.example.com, which has an IP address of 192.168.10.1 and a priority of 10. You can have more than one MX record (more than one mailserver) with different priorities.
11) Is it possible for me to keep OARnet as my primary DNS and someone else as my secondary? Will OARnet be my secondary?
Yes. It's a good networking practice to have two different ISPs as DNS hosts. One should be the primary (which could be the client or OARnet) and the other set as the secondary (which could be OARnet, the client or some other authorized system). Two ISPs are not likely to have outages at the same time, which reduces the risk of a network failure.
13) Does OARnet provide DNSsec?
All of OARnet's nameservers support DNSsec and use it for validating queries where RRSIGs are present. However, we do not currently sign any of the zones that we are SOA for or secondary for. We will set up TSIGs to authenticate zone transfers between servers if requested.
14) Does OARnet provide Emergency Web Hosting?
Yes, OARnet will store and deploy a basic campus web presence on a remote web server. This 24/7 service is hosted on a dedicated server on the network backbone and must be set up prior the emergency. Please contact your client-services representative for details.
- Visit gateway.oar.net to register. Requests are verified by our Service Desk with your Administrative Contact or Client Relationship Manager.
- Connectivity from an OARnet client IP address space is required to access the Gateway. If you are a client without an OARnet internet subscription, please submit your IP Ranges to the Service Desk. Once your IP Ranges have been added to our system, you will be notified, and then you will be able to register.
- A User has view access to the Gateway only.
- A Gateway Editor can make contact changes.
- Users are people who have authorization and have a username and password to view the Gateway.
- Contacts are individuals and their personal information such as name, title, phone & email.
- Contacts are applied to roles.
- A Gateway Editor is a user with edit access and only they can modify contact and role information.
- An Administrative Contact fulfills the duties outlined in the OARnet Contact Policy & Role Definitions.
- We recommend the Gateway Editor and Administrative Contact be the same, but it is not required.
20) Why is the contact list separate from roles?
The contact list gives you the ability to apply a contact to many roles. It also allows you to manage a contact’s personal information in one place. If a contact’s personal information changes (such as name or phone), the information only needs updated in one place, regardless of how many roles the contact is assigned.
- To edit a current contact, click on the edit icon next to the contact.
- To add a new contact, click the “Add Contact” button.
- To remove a contact, click the x icon next to the contact.
- Click on roles in the sub-menu.
- Click on the edit button next to the role.
- Select the Contact you want to fulfill that role.
- Click Save.
- Click on “Add Role”
- Select the Contact you want to fulfill that role.
- Click Save.
- Click “Users” in the menu.
- Your users will be listed in the chart.
- In the column “Gateway Editors” it will say Yes or No indicating if the user is a Gateway Editor.
- Gateway Editors can remove Users.
- Click “Users” in the menu.
- Click the x next to their name.
- The User will no longer have access to the Gateway. Their contact entry will also be removed.
- Please assign a new contact to any newly vacated role.
- Under the column “Gateway Editor”
- To remove edit access: click “Yes.” Uncheck the box. Click save. The individual will still be able to login but they won’t be able to make contact changes.
- To give edit access: click “No.” Check the box. Click save. The individual will now have access to make contact changes.
At least two Gateway Editors are required. There is an unlimited number of additional Gateway Editors you may have.
- The User hasn’t registered yet. Have them register at gateway.oar.net.
- The User has registered but hasn’t been verified. The Support Center verifies registration requests with your Administrative Role Contact. If no contact is assigned to the Administrative Contact role, the Support Center will contact your Business Relationship Manager.
- The user has registered and been verified, but hasn’t logged in yet. Once they login the first time their name will appear.
30) What is an Administrative Contact?
This contact provides authorization for changes to be made to services or to authorize others to request changes to the service or related information. They provide authorization for Gateway view and edit access. This contact oversees your organization’s overall compliance of the Contact Policy. It is recommended the Administrative Contact be a Gateway Editor.
31) Why do I need manage my own contacts?
Reliable and up-to-date client contact information is imperative to OARnet's ability to resolve outages, keep your organization informed of scheduled maintenance events and enable your organization to request service changes. Failure to maintain your contacts may result in various interruptions (including notifications and service requests).
33) Why does the Support Center only accept change requests and trouble reports from Gateway Listed Contacts?
Authorization helps prevent any unauthorized individuals from requesting service changes on your behalf. It helps prevent unauthorized individuals from Interfering with your service and your business.
- Administrative and Technical roles can request configuration changes.
- The Administrative role can authorize changes.
- The DNS role can request DNS changes.