Remove traces of nameservers ns-aws, ns-azure

- ns-aws & ns-azure have been replaced by ns-hetzner & ns-ovh
- ns-azure has been completely destroyed (`terraform apply -destroy`);
  the elastic IP has been released, so there's no hope of bringing it
  back.
- ns-aws has been renamed to "blocked.sslip.io". It no longer answers
  DNS queries, but lives on as the website we point "blocked" queries to
  that warns about phishing.
- Some of the Markdown files' changes were mere reformatting changes

README.md

@@ -1,11 +1,11 @@
 # sslip.io
 
 | Test Type              | Status                                                                                                                                 |
-|------------------------|----------------------------------------------------------------------------------------------------------------------------------------|
+| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
 | Production Nameservers | [![ci.nono.io](https://ci.nono.io/api/v1/pipelines/sslip.io/jobs/dns-servers/badge)](https://ci.nono.io/teams/main/pipelines/sslip.io) |
 | DNS Server Unit Tests  | [![ci.nono.io](https://ci.nono.io/api/v1/pipelines/sslip.io/jobs/unit/badge)](https://ci.nono.io/teams/main/pipelines/sslip.io)        |
 
-*sslip.io* is a DNS server that maps specially-crafted DNS A records to IP
+_sslip.io_ is a DNS server that maps specially-crafted DNS A records to IP
 addresses (e.g. "127-0-0-1.sslip.io" maps to 127.0.0.1). It is similar to, and
 inspired by, [xip.io](http://xip.io/).
 
@@ -118,29 +118,29 @@ as ARM64 (AWS Graviton, Apple M1/M2).
 ## Command-line Flags
 
 - `-port` overrides the default port, 53, which the server binds to. This can
-be especially useful when running as a non-privileged user, unable to bind to
-privileged ports (<1024) ("`listen udp :53: bind: permission denied`"). For
-example, to run the server on port 9553: `go run main.go -port 9553`. To query,
-`dig @localhost 127.0.0.1.sslip.io -p 9553`
-- `-nameservers` overrides the default NS records `ns-azure.sslip.io`,
-`ns-gce.sslip.io`, and `ns-ovh.sslip.io`; flag, e.g. `go run main.go
--nameservers ns1.example.com,ns2.example.com`). If you're running your own
-nameservers, you probably want to set this. Don't forget to set address records
-for the new name servers with the `-addresses` flag (see below). Exception:
-`_acme-challenge` records are handled differently to accommodate the
-procurement of Let's Encrypt wildcard certificates; you can read more about
-that procedure [here](docs/wildcard.md)
+  be especially useful when running as a non-privileged user, unable to bind to
+  privileged ports (<1024) ("`listen udp :53: bind: permission denied`"). For
+  example, to run the server on port 9553: `go run main.go -port 9553`. To query,
+  `dig @localhost 127.0.0.1.sslip.io -p 9553`
+- `-nameservers` overrides the default NS records
+  `ns-gce.sslip.io`, `ns-hetzner.sslip.io`, and `ns-ovh.sslip.io`; flag, e.g. `go run main.go
+  -nameservers ns1.example.com,ns2.example.com`). If you're running your own
+  nameservers, you probably want to set this. Don't forget to set address records
+  for the new name servers with the `-addresses` flag (see below). Exception:
+  `_acme-challenge` records are handled differently to accommodate the
+  procurement of Let's Encrypt wildcard certificates; you can read more about
+  that procedure [here](docs/wildcard.md)
 - `-addresses` overrides the default A/AAAA (IPv4/IPv6) address records. For
-example, here's how we set the IPv4 record & IPv6 record for our nameserver (in
-the `-nameservers` example above), ns1.example.com: `-addresses
-ns1.example.com=10.8.8.8,ns1.example.com=fc::8888`. Note that you can set many
-addresses for a single host, e.g.
-`ns1.example.com=1.1.1.1,ns1.example.com=8.8.8.8,ns1.example.com=9.9.9.9`
+  example, here's how we set the IPv4 record & IPv6 record for our nameserver (in
+  the `-nameservers` example above), ns1.example.com: `-addresses
+  ns1.example.com=10.8.8.8,ns1.example.com=fc::8888`. Note that you can set many
+  addresses for a single host, e.g.
+  `ns1.example.com=1.1.1.1,ns1.example.com=8.8.8.8,ns1.example.com=9.9.9.9`
 - `-blocklistURL` overrides the default block list,
-(<https://raw.githubusercontent.com/cunnie/sslip.io/main/etc/blocklist.txt>).
-It's not necessary to override this if you're in an internetless environment:
-if the DNS server can't download the blocklist, it prints out a message and
-continues to serve DNS queries
+  (<https://raw.githubusercontent.com/cunnie/sslip.io/main/etc/blocklist.txt>).
+  It's not necessary to override this if you're in an internetless environment:
+  if the DNS server can't download the blocklist, it prints out a message and
+  continues to serve DNS queries
 
 ## DNS Server Miscellany
 

docs/DEVELOPER.md

@@ -18,12 +18,12 @@ sed -i '' "s~/$OLD_VERSION/~/$VERSION/~g" \
   k8s/Dockerfile-sslip.io-dns-server
 ```
 
-Optional: Update the version for the ns-aws, ns-azure, ns-gce, ns-ovh install scripts
+Optional: Update the version for the ns-gce, ns-hetzner, and ns-ovh install scripts
 
 ```bash
 pushd ~/bin
 sed -i '' "s~/$OLD_VERSION/~/$VERSION/~g" \
-  ~/bin/install_ns-{aws,azure,gce,hetzner,ovh}.sh
+  ~/bin/install_ns-{gce,hetzner,ovh}.sh
 git add -p
 git ci -m"Update sslip.io DNS server $OLD_VERSION → $VERSION"
 git push
@@ -85,19 +85,9 @@ git ci -vm"$VERSION: Minor bugfixes, tweaks"
 git tag $VERSION
 git push
 git push --tags
-scp bin/sslip.io-dns-server-linux-arm64 ns-aws:
-scp bin/sslip.io-dns-server-linux-amd64 ns-azure:
 scp bin/sslip.io-dns-server-linux-amd64 ns-gce:
 scp bin/sslip.io-dns-server-linux-amd64 ns-hetzner:
 scp bin/sslip.io-dns-server-linux-amd64 ns-ovh:
-ssh ns-aws sudo install sslip.io-dns-server-linux-arm64 /usr/bin/sslip.io-dns-server
-ssh ns-aws sudo shutdown -r now
- # check version number:
-sleep 10; while ! dig txt @ns-aws.sslip.io version.status.sslip.io +short; do sleep 5; done # wait until it's back up before rebooting ns-azure
-ssh ns-azure sudo install sslip.io-dns-server-linux-amd64 /usr/bin/sslip.io-dns-server
-ssh ns-azure sudo shutdown -r now
- # check version number:
-sleep 10; while ! dig txt @ns-azure.sslip.io version.status.sslip.io +short; do sleep 5; done # wait until it's back up before rebooting ns-gce
 ssh ns-gce sudo install sslip.io-dns-server-linux-amd64 /usr/bin/sslip.io-dns-server
 ssh ns-gce sudo shutdown -r now
  # check version number:
@@ -124,7 +114,7 @@ Update the webservers with the HTML with new versions:
 
 ```bash
 ssh nono.io curl -L -o /www/sslip.io/document_root/index.html https://raw.githubusercontent.com/cunnie/sslip.io/main/k8s/document_root_sslip.io/index.html
-for HOST in ns-{aws,azure,gce,hetzner,ovh}.sslip.io; do
+for HOST in {blocked,ns-gce,ns-hetzner,ns-ovh}.sslip.io; do
   ssh $HOST curl -L -o /var/nginx/sslip.io/index.html https://raw.githubusercontent.com/cunnie/sslip.io/main/k8s/document_root_sslip.io/index.html
 done
 ```

docs/wildcard.md

@@ -14,7 +14,7 @@ Let's Encrypt DNS-01 challenge process.
 Let's Encrypt will query your name servers for the TXT record
 `_acme-challenge.xip.example.com`, then your DNS server will respond with the
 TXT record _that should have been created on Route53 as part of the challenge_,
-otherwise it'll return the delegated nameservers (ns-azure.sslip.io and so on).
+otherwise it'll return the delegated nameservers (ns-gce.sslip.io and so on).
 
 ### Using the sslip.io domain
 

etc/blocklist.txt

@@ -3,7 +3,7 @@
 # This is a list of forbidden names and CIDRs that are often used in phishing
 # attacks. We won't resolve these hostnames to their embedded IP address (e.g.
 # we won't resolve "raiffeisen.94.228.116.140.sslip.io" to 94.228.116.140);
-# instead, we'll resolve it to one of our server's, ns-aws.sslip.io's, IP
+# instead, we'll resolve it to one of our server's, blocked.sslip.io's, IP
 # addresses, 52.0.56.137 or 2600:1f18:aaf:6900::a.  Similarly, we won't resolve
 # nf-43-134-66-67.sslip.io to 43.134.66.67 because it falls within one of our
 # blocked CIDRs (43.134.66.67/24).

integration_speed_test.go

@@ -63,7 +63,7 @@ var _ = Describe("speed", func() {
 			// The queries/second is conservative, realistically should be higher
 			// - queries are done sequentially, not in parallel
 			// - each query includes an overhead of 4 Expect()
-			// current max queries is 132/second (ns-aws.sslip.io.)
+			// current max queries is 2047/second (ns-ovh.sslip.io.)
 			// ~19k Apple M2
 			// ~8k vSphere Xeon D-1736 2.7GHz
 			// ~6k AWS Graviton T2

k8s/document_root_sslip.io/index.html

@@ -241,7 +241,7 @@ <h4 id="whatismyip">Determining Your External IP Address via DNS Lookup</h4>
         </li>
       </ul>
       <p>A big advantage of using DNS queries instead of HTTP queries is bandwidth: querying
-        <code>ns-azure.sslip.io</code> requires a mere 594 bytes spread over 2 packets; Querying <a
+        <code>ns-ovh.sslip.io</code> requires a mere 594 bytes spread over 2 packets; Querying <a
           href="https://icanhazip.com/">https://icanhazip.com/</a> requires 8692 bytes spread out over 34 packets—over
         14 times
         as much! Admittedly bandwidth usage is a bigger concern for the one hosting the service than the one using the
@@ -262,7 +262,7 @@ <h4 id="version">Determining The Server Version of Software</h4>You can determin
       <h4 id="metrics">Server Metrics</h4>You can retrieve metrics from a given server by querying the TXT records of
       <code>metrics.status.sslip.io</code>
       <pre>
-dig @ns-azure.sslip.io metrics.status.sslip.io txt +short
+dig @ns-ovh.sslip.io metrics.status.sslip.io txt +short
   "Uptime: 165655"
   "Blocklist: 2023-10-04 07:37:50-07 3,6"
   "Queries: 14295231 (86.3/s)"
@@ -316,7 +316,7 @@ <h5>Explanation of Metrics</h5>
           (e.g. "dig @ns.sslip.io ip.sslip.io txt")</dd>
         <dt>TXT Version</dt>
         <dd>The number of responses which included a TXT record of the DNS's servers version since starting operation
-          (e.g. "dig @ns-azure.sslip.io version.status.sslip.io txt")</dd>
+          (e.g. "dig @ns-hetzner.sslip.io version.status.sslip.io txt")</dd>
         <dt>PTR IPv4/IPv6</dt>
         <dd>This consists of two numbers; the first is the number of responses to IPv4 PTR queries
           (<code>1.0.0.127.in-addr.arpa.</code> → <code>127-0-0-1.sslip.io.</code>), the second, IPv6 PTR queries</dd>

main.go

@@ -28,9 +28,8 @@ func main() {
 			"ns.sslip.io=2a01:4ff:1f0:c920::,"+
 			"ns.sslip.io=51.75.53.19,"+
 			"ns.sslip.io=2001:41d0:602:2313::1,"+
-			"ns-aws.sslip.io=52.0.56.137,"+
-			"ns-aws.sslip.io=2600:1f18:aaf:6900::a,"+
-			"ns-azure.sslip.io=52.187.42.158,"+
+			"blocked.sslip.io=52.0.56.137,"+
+			"blocked.sslip.io=2600:1f18:aaf:6900::a,"+
 			"ns-gce.sslip.io=104.155.144.4,"+
 			"ns-gce.sslip.io=2600:1900:4000:4d12::,"+
 			"ns-hetzner.sslip.io=5.78.115.44,"+

xip/xip.go

@@ -1155,13 +1155,13 @@ func (x *Xip) nameToAwithBlocklist(q dnsmessage.Question, response Response, log
 					Class:  dnsmessage.ClassINET,
 					TTL:    604800, // 60 * 60 * 24 * 7 == 1 week; long TTL, these IP addrs don't change
 					Length: 0,
-				}, Customizations["ns-aws.sslip.io."].A[0])
+				}, Customizations["blocked.sslip.io."].A[0])
 				if err != nil {
 					return err
 				}
 				return nil
 			})
-		return response, logMessage + net.IP(Customizations["ns-aws.sslip.io."].A[0].A[:]).String(), nil
+		return response, logMessage + net.IP(Customizations["blocked.sslip.io."].A[0].A[:]).String(), nil
 	}
 	x.Metrics.AnsweredQueries++
 	x.Metrics.AnsweredAQueries++
@@ -1267,13 +1267,13 @@ func (x *Xip) nameToAAAAwithBlocklist(q dnsmessage.Question, response Response,
 					Class:  dnsmessage.ClassINET,
 					TTL:    604800, // 60 * 60 * 24 * 7 == 1 week; long TTL, these IP addrs don't change
 					Length: 0,
-				}, Customizations["ns-aws.sslip.io."].AAAA[0])
+				}, Customizations["blocked.sslip.io."].AAAA[0])
 				if err != nil {
 					return err
 				}
 				return nil
 			})
-		return response, logMessage + net.IP(Customizations["ns-aws.sslip.io."].AAAA[0].AAAA[:]).String(), nil
+		return response, logMessage + net.IP(Customizations["blocked.sslip.io."].AAAA[0].AAAA[:]).String(), nil
 	}
 	x.Metrics.AnsweredQueries++
 	x.Metrics.AnsweredAAAAQueries++

xip/xip_test.go

@@ -79,13 +79,13 @@ var _ = Describe("Xip", func() {
 
 	Describe("NSResources()", func() {
 		When("we use the default nameservers", func() {
-			var x, _ = xip.NewXip("file:///", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{})
+			var x, _ = xip.NewXip("file:///", []string{"ns-gce.sslip.io.", "ns-hetzner.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{})
 			It("returns the name servers", func() {
 				randomDomain := testhelper.Random8ByteString() + ".com."
 				ns := x.NSResources(randomDomain)
 				Expect(len(ns)).To(Equal(3))
-				Expect(ns[0].NS.String()).To(Equal("ns-azure.sslip.io."))
-				Expect(ns[1].NS.String()).To(Equal("ns-gce.sslip.io."))
+				Expect(ns[0].NS.String()).To(Equal("ns-gce.sslip.io."))
+				Expect(ns[1].NS.String()).To(Equal("ns-hetzner.sslip.io."))
 				Expect(ns[2].NS.String()).To(Equal("ns-ovh.sslip.io."))
 			})
 			When(`the domain name contains "_acme-challenge."`, func() {
@@ -112,13 +112,13 @@ var _ = Describe("Xip", func() {
 			When("we delegate domains to other nameservers", func() {
 				When(`we don't use the "=" in the arguments`, func() {
 					It("returns an informative log message", func() {
-						var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"noEquals"})
+						var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-gce.sslip.io.", "ns-hetzner.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"noEquals"})
 						Expect(strings.Join(logs, "")).To(MatchRegexp(`"-delegates: arguments should be in the format "delegatedDomain=nameserver", not "noEquals"`))
 					})
 				})
 				When(`there's no "." at the end of the delegated domain or nameserver`, func() {
 					It(`helpfully adds the "."`, func() {
-						var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"a=b"})
+						var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-gce.sslip.io.", "ns-hetzner.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"a=b"})
 						Expect(strings.Join(logs, "")).To(MatchRegexp(`Adding delegated NS record "a\.=b\."`))
 						ns := x.NSResources("a.")
 						Expect(len(ns)).To(Equal(1))
@@ -228,8 +228,8 @@ var _ = Describe("Xip", func() {
 			Entry("www", "www.sslip.io"),
 			Entry("a lone number", "538.sslip.io"),
 			Entry("too big", "256.254.253.252"),
-			Entry("NS but no dot", "ns-azure.sslip.io"),
-			Entry("NS + cruft at beginning", "p-ns-azure.sslip.io"),
+			Entry("NS but no dot", "ns-hetzner.sslip.io"),
+			Entry("NS + cruft at beginning", "p-ns-hetzner.sslip.io"),
 			Entry("test-net address with dots-and-dashes mixed", "www-192.0-2.3.example-me.com"),
 		)
 		When("There is more than one A record", func() {