On 7/6/2005 1:32 AM, Pekka Savola wrote:
Make your secondary mx aware of all the valid recipient addresses.
Are there mechanisms in postfix or sendmail to do this automatically,
or should this be done out-of-band? I've tried looking for this
feature, but found nothing; maybe I don't
Hi Nanog people,
The PowerDNS recursor has hit a snag resolving www.kde-look.org. It
appears Worldnic has implemented 'TCP-before-UDP' on ns{9,10}.worldnic.com,
whereby it sends out answers with the truncated bit set, and without an
actual answer. Once the client has re-asked the query over TCP,
--On Tuesday, July 5, 2005 12:02 -1000 Randy Bush [EMAIL PROTECTED] wrote:
The principle purpose of the secondary mx, in this case, is to accept
email for the primary mx during periods where the primary is down
and the sending smtp server has no spool. i.e. no useful
purpose.
today, the
So, if you're a content provider, why would you use anything other than
a
real ICANN-recognized domain?
An example was given earlier of a site using xn-- encoding to
use a non-Latin script in the TLD and domain name. If you are
a business in a country which uses non-latin scripts then
it is
The reverse problem is more difficult to deal with -- that of
people wanting to access Chinese (or whatever) sites that can only be
found in the Chinese-owned alternative root.
There was a time when email service was almost universally
bundled with Internet access service. Nowadays it is
On Wed, 6 Jul 2005, Brad Knowles wrote:
There's not much we can do to stop the alternate roots. They already
exist, and at least two are currently in operation. However, I think we can
look at what it is that they're offering in terms of i18n and see what we can
do to address those
On Wed, 6 Jul 2005 [EMAIL PROTECTED] wrote:
There is no reason why DNS resolution could not similarly be unbundled
from access. Yes, there would be some latency issues to deal with, but
they are not insurmountable.
There are security problems too.
Tony.
--
f.a.n.finch [EMAIL PROTECTED]
On Tue, 5 Jul 2005, Jim Popovitch wrote:
Presumably sending smtp servers do have spools, however given the range
of things that send email these days... who really knows?
Things that send email without having a spool cannot route email
according to RFC 974, so they are not a problem for MXs.
On Wed, 6 Jul 2005, Pekka Savola wrote:
On Tue, 5 Jul 2005, Adi Linden wrote:
Make your secondary mx aware of all the valid recipient addresses.
Are there mechanisms in postfix or sendmail to do this automatically, or
should this be done out-of-band? I've tried looking for this feature,
At 1:27 AM -0400 2005-07-06, [EMAIL PROTECTED] wrote:
And in fact, given that most link hiccups *are* transitory, the chances
are *good* that if our attempts at the first MX fail, the link will be
back before we finish running through the MX's - at which point we find
ourselves talking to
On Wed, 6 Jul 2005, [EMAIL PROTECTED] wrote:
The reverse problem is more difficult to deal with -- that of
people wanting to access Chinese (or whatever) sites that can only be
found in the Chinese-owned alternative root.
There was a time when email service was almost universally
1. Security (man-in-the-middle).
VPNs, SSH tunnels, etc. There are ways to solve
this problem.
2. Common interoperability.
We do not currently have common interoperability for a
whole range of protocols. The most obvious examples are
instant messaging and P2P file transfer but there are many
Does anyone know of an easier way to remove IP blocks from a blacklist?
We received a /16 from ARIN in May and have been trying to get SORB's to
remove the blacklist association on these addresses. They seem to take
forever to remove the blacklist association.
Thanks
Ted
On 06/07/05, Sanfilippo, Ted [EMAIL PROTECTED] wrote:
Does anyone know of an easier way to remove IP blocks from a blacklist?
We received a /16 from ARIN in May and have been trying to get SORB's to
remove the blacklist association on these addresses. They seem to take
forever to remove the
We have been asking them to fix it for over a month now.
-Original Message-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 06, 2005 9:51 AM
To: Sanfilippo, Ted
Cc: nanog@merit.edu
Subject: Re: SORBs
On 06/07/05, Sanfilippo, Ted [EMAIL PROTECTED] wrote:
On Wed, 6 Jul 2005, Sanfilippo, Ted wrote:
Does anyone know of an easier way to remove IP blocks from a blacklist?
We received a /16 from ARIN in May and have been trying to get SORB's to
remove the blacklist association on these addresses. They seem to take
forever to remove the blacklist
We are already behind in innovation as most networks these days are run by
accountants instead of people with an entrepaneur's sprit. We need good
business practices so that the network will stay afloat financially I do
not miss the 'dot.com' days.
But what we have now is an overemphasis on
It belonged to some Canadian ISP, I believe it was a cable company.
Regarding the aggregation/deaggregation mess. This is due to the fact
that ARIN is rather strict with IP assignements and how we route
internally.
Because ARIN wants us to use 80% of our ip blocks, before we can request
new
Sanfilippo, Ted would like to recall the message, SORBs.
Sanfilippo, Ted wrote:
It belonged to some Canadian ISP, I believe it was a cable company.
Regarding the aggregation/deaggregation mess. This is due to the fact
that ARIN is rather strict with IP assignements and how we route
internally.
Because ARIN wants us to use 80% of our ip blocks,
On Wed, 6 Jul 2005, Sanfilippo, Ted wrote:
Regarding the aggregation/deaggregation mess. This is due to the fact
that ARIN is rather strict with IP assignements and how we route
internally.
Because ARIN wants us to use 80% of our ip blocks, before we can request
new assignments from them we
On Wed, 6 Jul 2005, Sanfilippo, Ted wrote:
Sanfilippo, Ted would like to recall the message, SORBs.
What is scarier --
a) microsoft providing this feature
b) someone with the ability to type conf t, router bgp,
connected to the global internet, and
On Jul 6, 2005, at 7:57 AM, Scott McGrath wrote:
IPv6 would have been adopted much sooner if the protocol had been
written
as an extension of IPv4 and in this case it could have slid in
under the
accounting departments radar since new equipment and applications
would
not be needed.
IPv6
Perhaps the networks are disconnected? Perhaps there is insufficient
bandwidth between the cities to carry inter-city traffic?
Sounds somewhat familiar to
http://www.arin.net/policy/proposals/2004_5.html
On Wed, 6 Jul 2005, Andre Oppermann wrote:
Sanfilippo, Ted wrote:
It
You do make some good points as IPv6 does not address routing scalability
or multi-homing which would indeed make a contribution to lower OPEX and
be easier to 'sell' to the financial people.
As I read the spec it makes multi-homing more difficult since you are
expected to receive space only
On 06/07/05, Alex Rubenstein [EMAIL PROTECTED] wrote:
What is scarier --
a) microsoft providing this feature
b) someone with the ability to type conf t, router bgp,
connected to the global internet, and thinking
that recalling a message
There is an element of fear-mongering in this discussion - that's why many
of us react poorly to the idea of IPv6. How so?
- We are running out of IPv4 space!
- We are falling behind #insert scary group to reinforce fear of Other!
- We are not on the technical cutting edge!
Fear is a
At 10:57 -0400 7/6/05, Scott McGrath wrote:
IPv6 would have been adopted much sooner if the protocol had been written
as an extension of IPv4 and in this case it could have slid in under the
accounting departments radar since new equipment and applications would
not be needed.
Sliding
Netcraft reports that:
[snip]
A power outage at an Advance Internet hosting facility
has hobbled the web sites for the company's chain of
more than 30 newspapers, including many large metropolitan
dailies. The Advance newspapers have switched to text-based
sites to continue publishing, but are
This leads us to the old fact that several ISPs and hosting providers protect
their servers with every network perimeter security resource (firewalls, IPSs,
virus-and-spam-appliances etc) but forget that availability as a security
principle requires adequate physical and utility safeguards
Date: Wed, 6 Jul 2005 21:20:10 +0530
From: Suresh Ramasubramanian [EMAIL PROTECTED]
On 06/07/05, Alex Rubenstein [EMAIL PROTECTED] wrote:
What is scarier --
a) microsoft providing this feature
b) someone with the ability to type conf t, router bgp,
MARLON BORBA wrote:
This leads us to the old fact that several ISPs and hosting providers protect their servers
with every network perimeter security resource (firewalls, IPSs, virus-and-spam-appliances etc)
but forget that availability as a security principle requires adequate physical and
At 9:33 AM -0700 2005-07-06, Gregory Hicks wrote:
Yeah BUT! A message can only be recalled if it has NOT been read.
By a compatible Microsoft client.
If the message goes to a 'list' of people, the ones that have NOT read
the message will not see it.
If they use a compatible
-BEGIN PGP SIGNED MESSAGE-
[ Apologies to those of you who receive this note in multiple forums. ]
Hi, team.
The numerous Team Cymru bogon projects have been updated as of 30 JUN 2005 to
reflect the following IANA allocation made on 30 JUN 2005:
089/8 Jun 05 RIPE NCC
On Wed, Jul 06, 2005 at 07:23:01PM +0200, Iljitsch van Beijnum wrote:
In any event, in the year 2020 we're NOT going to run IPv4 as we know
it today. It's possible that the packets that travel over the wires
still look like regular IPv4/TCP/UDP packets and all the complexity
is pushed
At 19:23 +0200 7/6/05, Iljitsch van Beijnum wrote:
With the chicken little-ing again...
You are approaching the problem at the wrong end by asking what's in it for
me to adopt IPv6 now. The real question is is IPv6 inevitable in the long
run.
Pardon my skepticism, but I recall hearing about
Fergie writes:
A power outage at an Advance Internet hosting facility
has hobbled the web sites for the company's chain of
more than 30 newspapers, including many large metropolitan
dailies. The Advance newspapers have switched to text-based
sites to continue publishing, but are currently
Hello All.
I'm having trouble with Cracking Attempts and DoS attacks from a lot of
places in China :)
My client doesn't do any business in that region so they don't mind If I
block the entire sub-continent :)
Does anyone have a bad-guy list (or part of one) that I can use to get
started?
You might start with blacklists. There's
a lot of them out there.
http://ahbl.org is one of them.
Geoff White [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
07/06/2005 02:49 PM
To
nanog@merit.edu
cc
Subject
Need BOGIES list
Hello All.
I'm having trouble with Cracking
On Wed, 6 Jul 2005, Geoff White wrote:
Hello All.
I'm having trouble with Cracking Attempts and DoS attacks from a lot of
places in China :)
My client doesn't do any business in that region so they don't mind If I
block the entire sub-continent :)
Does anyone have a bad-guy list (or part
On 7/6/05, Geoff White [EMAIL PROTECTED] wrote:
Hello All.
I'm having trouble with Cracking Attempts and DoS attacks from a lot of
places in China :)
My client doesn't do any business in that region so they don't mind If I
block the entire sub-continent :)
Does anyone have a bad-guy list
On Wed, 6 Jul 2005, Geoff White wrote:
Hello All.
I'm having trouble with Cracking Attempts and DoS attacks from a lot of
places in China :)
My client doesn't do any business in that region so they don't mind If I
block the entire sub-continent :)
Does anyone have a bad-guy list (or part
I went to http://www.iana.org/assignments/ipv4-address-space and grep-ed
for APNIC (Asia-Pacific Network Information Center) to get the following
list. For the church email site that I support I block wholesale /8 IP
address ranges. I assume that for our church we will never get email
from an
[late followup, sorry]
On Thu, Jun 23, 2005 at 05:42:17AM -0700, Dave Crocker wrote:
The real fight is to find ANY techniques that have long-term, global
benefit in reducing spam.
We've already got them -- we've always had them. What we lack is
the guts to *use* them.
As we've seen over
On 7/6/05, Rich Kulawiec [EMAIL PROTECTED] wrote:
I grow rather tired of people whining about the spam (and abuse) problem
on the one hand...while refusing to take simple, well-known, and proven
steps to push the consequences back on those responsible for it. While we
may no longer be in a
On 6-jul-2005, at 19:55, Edward Lewis wrote:
At 19:23 +0200 7/6/05, Iljitsch van Beijnum wrote:
With the chicken little-ing again...
?
You are approaching the problem at the wrong end by asking what's
in it for
me to adopt IPv6 now. The real question is is IPv6 inevitable in
As we've seen over and over again, the one and only technique that
has
ever worked (and that I think ever *will* work) is the boycott --
whether enforced via the use of DNSBLs or RHSBLs or local blacklists
or
firewalls or whatever mechanism. It works for a simple reason:
it makes
the spam
On Wed, 2005-07-06 at 15:23 -0400, Rich Kulawiec wrote:
[late followup, sorry]
On Thu, Jun 23, 2005 at 05:42:17AM -0700, Dave Crocker wrote:
The real fight is to find ANY techniques that have long-term, global
benefit in reducing spam.
We've already got them -- we've always had them.
On Mon, Jul 04, 2005 at 05:21:47PM +, Paul Vixie wrote:
Every public root experiment that I have seen has always
operated as a superset of the ICANN root zone.
not www.orsn.net.
Well, their website looks a lot better than the equivalent one. :-)
But note that their site does *not*
On 6 Jul 2005, at 11:41, Scott McGrath wrote:
You do make some good points as IPv6 does not address routing
scalability
or multi-homing which would indeed make a contribution to lower OPEX
and
be easier to 'sell' to the financial people.
As I read the spec it makes multi-homing more
On 7-jul-2005, at 0:18, Joe Abley wrote:
With great hindsight it would have been nice if the multi6/shim6
design exercise had come *during* the IPv6 design exercise, rather
than afterwards: we might have ended up with a protocol/addressing
model that accommodated both the address size
On Thu, Jul 07, 2005 at 12:34:53AM +0200, Iljitsch van Beijnum wrote:
But it certainly looks like a small DFZ table and portable address
space are fundamentally incompatible.
At least if you want all the advantages that real BGP multihoming has.
Not surprising. :-)
Best regards,
Daniel
--
--- Alex Rubenstein [EMAIL PROTECTED] wrote:
Perhaps the networks are disconnected? Perhaps there
is insufficient
bandwidth between the cities to carry inter-city
traffic?
So, why would GRE not be a reasonable (temporary)
solution here? If the islands are going to remain
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
David Barak
Sent: Wednesday, July 06, 2005 6:51 PM
To: nanog@merit.edu
Subject: SORBS deaggregation
--- Alex Rubenstein [EMAIL PROTECTED] wrote:
[ SNIP ]
I would've made this a
Sanfilippo, Ted wrote:
We have been asking them to fix it for over a month now.
Got a SORBS Ticket number?
(If you've been asking us you should have)
I suspect it might be related to some wrong ARIN records (I know there
has been an issue with a Canadian ISP that doesn't exist
Perhaps the networks are disconnected? Perhaps there is insufficient
bandwidth between the cities to carry inter-city traffic?
So, why would GRE not be a reasonable (temporary) solution here? If the
islands are going to remain disconnected long term, why not get
additional AS numbers?
On Jul 6, 2005, at 6:51 PM, David Barak wrote:
Perhaps the networks are disconnected? Perhaps there
is insufficient
bandwidth between the cities to carry inter-city
traffic?
So, why would GRE not be a reasonable (temporary)
solution here? If the islands are going to remain
disconnected
On Jul 6, 2005, at 3:34 PM, Iljitsch van Beijnum wrote:
Well, maybe I'm too optimistic here, but I believe that if a real
solution to the DFZ problem presents itself, the IETF will bend
over backwards and then some to shoehorn it into IP.
I'd say yes. You are too optimistic. :-).
But it
I went to http://www.iana.org/assignments/ipv4-address-space and grep-ed
for APNIC (Asia-Pacific Network Information Center) to get the following
list. For the church email site that I support I block wholesale /8 IP
address ranges. I assume that for our church we will never get email
I went to http://www.iana.org/assignments/ipv4-address-space and grep-ed
for APNIC (Asia-Pacific Network Information Center) to get the following
list. For the church email site that I support I block wholesale /8 IP
address ranges. I assume that for our church we will never get email
In message [EMAIL PROTECTED], Iljitsch van Beijn
um writes:
On 7-jul-2005, at 0:18, Joe Abley wrote:
With great hindsight it would have been nice if the multi6/shim6
design exercise had come *during* the IPv6 design exercise, rather
than afterwards: we might have ended up with a
Anyone else having
issues with .US right now (~12AM EST)? NSlookup, etc show various
.us destinations as unknown domains...
Chuck ChurchLead Design EngineerCCIE #8776,
MCNE, MCSENetco Government Services - Design Implementation
Team1210 N. Parker Rd.Greenville, SC 29609Home office:
On 07/07/05, Church, Chuck [EMAIL PROTECTED] wrote:
Anyone else having issues with .US right now (~12AM EST)? NSlookup, etc
show various .us destinations as unknown domains...
nslookup is not the best tool to troubleshoot dns issues
works for me though -
[EMAIL PROTECTED] 10:02:22
Doc-2.2.3: doc -p -w us
Doc-2.2.3: Starting test of us. parent is .
Doc-2.2.3: Test date - Wed Jul 6 18:42:03 HST 2005
Note: Skipping parent domain testing
Found 3 NS and 3 glue records for us. @a.root-servers.net. (non-AUTH)
Using NSlist from parent domain server a.root-servers.net.
NS list
Thanks. Didn't have any *NIX boxes laying around to 'dig' any deeper.
When I checked networksolutions' whois for neosystems.us and state.ny.us
, both returned:
We are unable to process your request at this time. Please try again
later.
Figured something was up. But when I tried nslookup with
IPv6 is an excellent example of _second system_ (do you remember book,
written by Brooks many years ago?) Happu engineers put all their crazy ideas
together into the second version of first 9succesfull) thing, and they
wonder why it do not work properly.
OS/360 is one example, IPv6 will be
Thanks. Didn't have any *NIX boxes laying around to 'dig' any deeper.
i believe even windoze has dig at the command line, though i don't
know in what directory it lies.
randy
Er.
On 7/6/05 10:00 PM, Church, Chuck [EMAIL PROTECTED] wrote:
Thanks. Didn't have any *NIX boxes laying around to 'dig' any deeper.
When I checked networksolutions' whois for neosystems.us and state.ny.us
, both returned:
We are unable to process your request at this time.
68 matches
Mail list logo