Well news.uu.net in the USA has moved to distriuted NNTP distribution
and what their customers to move to 198.6.0.0/24 .

I got a news0905.news.uu.net and news0906.news.uu.net .

This fix is needed right away as some ofthe big distributors
can move in that direction.

IF we can only get incoming.conf to adjust accordingly.
--
Member - Liberal International
This is ***@nl2k.ab.ca Ici ***@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising!
Voting Canadians vote anyone but Harper Cronies!!

That is a bit much and I have to say I am disappointed that news.uu.net
has chosen the path of distributed servers which makes it a bit complicated
for devleopped ( I am certain other news manufactureres are not going to
laugh.)

IS there any way to adjust incoming.conf so that
we can use

peer *.distributed.incoming {
hostname: *.distributed.incoming
max-connections: >0
}


IT was bad enough MCI Canada forgot to mention about the DNS server
changes which caused the initial failures in innfeed
and I thank Mr. Vinocur for that.
--
Member - Liberal International
This is ***@nl2k.ab.ca Ici ***@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising!
Voting Canadians vote anyone but Harper Cronies!!

Right let me put some perspective on this.

I am a MCI Canada customer and the only customer using their NNTP server
for push/push services.


I also use their DNS servers upstream.

The big problem was that MCI Cnada did forget to tell me
about changing my nameservers according and I still
like to thank Jeff Vinocur for pointing out the DNS issue.

Add one more issue:

MCI Canada is phasing out the NNTP Server as its use has dwindled
so more me onto the USA server(S).

SO from the USA I get:

1)

At Verizon, news is received via NNTP on the host <custID>.inbound.news.uu.net.
This is the only system that will accept incoming NNTP traffic. Only Verizon
customers with active newsfeeds may feed to this host. In order to send a
feed to <custID>.inbound.news.uu.net, Verizon must have the fully qualified
domain name of the host that will be feeding us. You may specify up to six (6)
hosts. All servers feeding to <custID>.inbound.news.uu.net must be directly
administered by the customer.

When sending news to <custID>.inbound.news.uu.net, please send only articles
with less than 3 hops in the path, i.e. articles which have passed through a
maximum of three news servers (excluding your own). This option should be
configurable for the news software you are using. Please refer to your
software documentation. For those using INN, specifying H3 in field 3 of
the newsfeed entry in the newsfeeds file will do this. This is what it
would look like:

If your newsfeeds entry for your feed to Verizon was:

uunet:*:Tf,Wmn:innfeed
To hop-limit the feed to a maximum of 3 hops, change the entry to:

uunet:*:Tf,Wmn,H3:innfeed

We have a number of systems providing NNTP feeds to customers. Your
server(s)/firewall(s) must be configured to allow ICMP and NNTP access to
port 119 on your server from all of our servers including: nntp-out1.uu.net
thru nntp-out15.uu.net, each of which expands to approximately 17 servers.

Your server(s)/firewall(s) must also allow (and expect) periodic ICMP ping
and traceroutes from Verizon on port 119. We actively monitor our connections
to customers and, if we are unable to contact your server(s) by these
means, your newsfeed may be discontinued. We also monitor connectivity to
customer servers by opening an NNTP connection; your servers must expect
this activity periodically.

Our news servers are known as "uunet" in path entries.

Verizon always feeds each customer with at least two separate newsfeeds, and
on occasion, we may triple feed. This is done to improve the service
quality. In this context, a 'newsfeed' is a single flow of news articles
which may consist of one, two, or more separate TCP connections per
newsfeed (typically a minimum of one and a maximum of five). Your
server(s)/firewall(s) must allow for this. If you choose not to accept
multiple newsfeeds, the quality of your service is likely to be degraded.

end of 1)

Is INN STABLE capable of this?

2)

What we are seeing is that your servers (and/or Foirewall) are denying
+connections on Port 119.

newsping 204.209.81.3 news0804
Running nntpping on news0804.news.uu.net for 204.209.81.3 (204.209.81.3)

kshd: Permission denied.


newsping 204.209.81.3 news0805
Running nntpping on news0805.news.uu.net for 204.209.81.3 (204.209.81.3)

kshd: Permission denied.
Nov 5 14:30:21 sosrv10.sac1.maint.ops.us.uu.net newslink[28774]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/Huca516916!.S00539 connect: 502 You
+have no permission to talk. Goodbye.
Nov 5 14:30:21 sosrv10.sac1.maint.ops.us.uu.net newslink[28775]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/uca516916!.S01391 connect: 502 You
+have no permission to talk. Goodbye.
Nov 5 14:35:22 sosrv10.sac1.maint.ops.us.uu.net newslink[28841]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/uca516916!.S01392 connect: 502 You
+have no permission to talk. Goodbye.
Nov 5 14:35:22 sosrv10.sac1.maint.ops.us.uu.net newslink[28840]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/Huca516916!.S00540 connect: 502 You
+have no permission to talk. Goodbye.


Nov 5 14:35:22 sosrv11.sac1.maint.ops.us.uu.net newslink[14969]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/Huca516916!.S00166 connect: 502 You
+have no permission to talk. Goodbye.
Nov 5 14:35:22 sosrv11.sac1.maint.ops.us.uu.net newslink[14970]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/uca516916!.S01366 connect: 502 You
+have no permission to talk. Goodbye.
Nov 5 14:40:21 sosrv11.sac1.maint.ops.us.uu.net newslink[15011]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/Huca516916!.S00166 connect: 502 You
+have no permission to talk. Goodbye.
Nov 5 14:40:22 sosrv11.sac1.maint.ops.us.uu.net newslink[15012]: [ID 702911
+news.notice] ns2.nk.ca:/prod/news/dqueue/uca516916!.S01367 connect: 502 You
+have no permission to talk. Goodbye.

End of 2)

Supposed this is fixed.

3)

You should be using "news.uu.net".

Name: news.uu.net
Addresses: 198.6.0.5, 198.6.0.6, 198.6.0.12, 198.6.0.13


end of 3)

Now you know why I say supposedly.

4)


For outbound (posting) you should use <customerID>.inbound.news.uu.net as in
"!@#$%^&*(.inbound.news.uu.net". Thjis is better than using thje generic term
+"news.uu.net".

For receiving feeds please allow Port 119 connections from any server in the IP
+Netblock
198.6.0.0/24. All Verizon Business news servers are in this IP netlbock.


end of 4)

I must be really be giving news.uu.net a bit of a time.

Point: This is the first time I have seen this model.
Has anyone else had to deal with this?

Can INN be up to the job to do this??
--
Member - Liberal International
This is ***@nl2k.ab.ca Ici ***@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising!
Voting Canadians vote anyone but Harper Cronies!!

STOP. You have given the best answer already. ;-)
Whenever you get tricky you risk making something which is unreliable,
or doesn't do quite what you think it does, or at minimum means having
someone else take over the work of administration is difficult at best.
See my comment on how it should work below.
I believe that what you want is to be able to do an expression match and
just say "news*.news.uu.net" and be done with it. The logic to support
that is (a) match the explicit IP if given by number, (b) match the IP
from a lookup of a name, and finally (c) do reverse DNS, match the name
to a pattern, and on match do a forward DNS lookup to verify that the
name and IP match, then put the IP in cache for future connections.

This adds a little overhead to the first lookup, but unless you reload
cache often (reread incoming.conf) this really is down in the noise. It
also avoids problems when a machine is suddenly moved to another CIDR block.