On 18.10 10:48, Adrian Chadd wrote:
Asking the whole internet to support 240/4 is going to tie up
valuable resources that would be far better off working on IPv6. Keep
in mind that it's not just software patches. Software vendors don't do
stuff for free. I doubt ISPs are going to
On 01.09 13:47, Martin Hannigan wrote:
I can't get a TLD zone? But back to the root servers. Are you
agreering with me that if I announce F and I root's netblocks
inside of my own network that everyone would be ok with that?
C'mon Joe, straight answer on that one. :)
Straight answer: No.
On 16.11 21:33, Bubba Parker wrote:
Seems to be back up now.
At this time I got
Linux Journal Is Currently Unavailable Due to a Denial of Service (DoS) Attack
Sorry for any inconvenience.
Interesting. At first sight I though that was why Randy
posted the URL under future of the net ;-) ;-)
On 15.11 07:38, Mark Smith wrote:
RFC1627, Network 10 Considered Harmful (Some Practices Shouldn't be
Codified) and RFC3879, Deprecating Site Local Addresses provide some
good examples of where duplicate or overlapping address spaces cause
problems, which is what happens when different
We have considered the options carefully and decided to announce a
covering /23 to get around the problem spotted by Randy and the folks in
Oregon. We considered the /24+/25 soloution but decided against that
because it makes little sense when we are considering to eventually
remove as much of
Randy's description of the issue with NO_EXPORT is correct.
It has never appeared to be particularly widespread.
It is not specific to anycast.
You also describe the rationale correctly by saying it would be good if
a server in Kenya did not take load from nyc. I'll expand a little
more on
On 01.11 05:41, Randy Bush wrote:
mornin' daniel:
ev'nin randy:
Of course the NCC takes resposibility for the K anycast deployment
including the way we announce BGP routes to K. We also clearly describe
and announce what we do. We cannot take responsibility for what others
do with that
On 16.10 16:04, Simon Leinen wrote:
Kevin Loch writes:
Does anyone have reachability data for c-root during this episode?
The RIPE NCC DNSMON service has some:
http://dnsmon.ripe.net/dns-servmon/server/plot?server=c.root-servers.nettype=dropststart=1128246543tstop=1128972253
If there
On 31.07 17:20, [EMAIL PROTECTED] wrote:
we did that (move a root) in the CIDR /8 experiment.
we could do it for this too :)
one root name server: yes
the root name servers: no, definitely not
Daniel
PS: Ony as soon as implementations are available of course ! ;-(
On 29.07 09:59, Henk Uijterwaal wrote:
I'd think that 30 days is too low. What we see (*) is that after 30 days,
only half of the assigned ASN have appeared on the Internet. Some 75%
of the assigned ASN appear on the net in the first 6 months after
assignment, 80-85% after a year.
On 25.07 07:59, Simon Lockhart wrote:
There are two methods that are obvious to terminate calls into mobile
(GSM) networks in North America:
Just to give you a .uk experience, I don't know the technical details of how
this is implemented
These are pretty common plans over here
On 23.05 22:13, Tony Li wrote:
... We,
as responsible operators/architects/vendors/coders need to pick a
solution and field it. It may well be an interim solution, but we MUST
act, and soon. We are already seeing the stress patterns, without
reinforcement it is only a matter of time before
On 03.05 16:06, Rodney Joffe wrote:
...
See y'all in Seattle. Daniel Karrenberg and others will be providing loads
of fuel to spark debate amongst non-kooks about the efficacy of anycast DNS
;-)
Sneak preview:
http://rosie.ripe.net/ripe/meetings/ripe-50/presentations/uploads/Tuesday
On 05.05 16:56, Daniel Karrenberg wrote:
Sneak preview:
http://rosie.ripe.net/ripe/meetings/ripe-50/presentations/uploads/Tuesday/karrenberg-bgp_anycast_stability.pdf
Sorry, correct URL is:
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-anycast.pdf
On 16.01 10:25, Lou Katz wrote:
Is there anything that us folks out in the peanut gallery can
do to help, other than locally serving the panix.net zone
for panix.com?
Avoid being caught by an IPR lawyer while helping; ;-)
Then organise operators to insert operational clue
into the
On 14.12 09:39, Todd Vierling wrote:
That's definitely true, though it can be used successfully -- if there's a
very reliable kill-switch to withdraw the advertisement in a moment, or some
kind of fallback mechanism in place to handle gross failures.
Using this as the *only* remedy for
The RIPE NCC dnsmon (http://dnsmon.ripe.net) has collected such data for
all root servers from dozens of places for about two years already. You
are welcome to the raw data. NB: The further back in time the more work
it will be for us to dig out raw data.
Differences to your set-up:
- most
On 14.09 13:23, Roland Perry wrote:
...
more to the point, who decided meeting content? essentially daniel
karrenberg does.
I thought it was a committee of the Workgroup chairs (apart perhaps from
the first day).
Roland,
you are almost right.
From http://www.ripe.net/ripe
Some facts:
RIPE is an operator forum, comparable to NANOG, APRICOT, AFNOG,
(Strictly speaking RIPE pre-dates all of the others if one disregards
that NANOG started as the NSFnet regional network meetings. ;-)
RIPE NCC is a Regional Internet Registry, comparable to ARIN, APNIC, LACNIC,
On 23.07 22:30, Simon Waters wrote:
The abstract doesn't mention that the TTL on NS records is found to be
important for scalability of the DNS.
Sic!
And it is the *child* TTL that counts for most implementations.
On 22.07 14:46, Randy Bush wrote:
... the TTL issue is almost entirely NS RRs, ...
of course, almost all date in the gtlds are NS RRs, so the worry about
TTL crank-down holds, though just for silly gtld servers. then again,
they're paid to serve.
This assumes rational behavior of a lot of
Matt, others,
I am a quite concerned about these zone update speed improvements
because they are likely to result in considerable pressure to reduce
TTLs **throughout the DNS** for little to no good reason.
It will not be long before the marketeers will discover that they do not
deliver what
On 22.07 12:26, Stephen J. Wilcox wrote:
I dont see any reference to adjusting the TTL in the verisign announcement.
Correct.
They say they will update the zones every 5 minutes from the registry data.
These are not the same things (or did I miss that bit?)
Correct.
Also, isnt a lot
On 22.07 17:08, Paul Vixie wrote:
therefore if there were a drop in TTL for root-zone data, it would
only be a multiplier against 2.1% of f-root's present volume.
I am not worried so much about the root servers here because of the
reasons you cite. The root server system is engineered
On 22.07 21:05, an alter ego of Daniel Karrenberg wrote:
I am worried about all the other root servers that have to deal with
much lesser query loads and might feel the impact of lowered TTLs
much more.
Of course I meant all the other DNS servers.
Daniel
a connectivity problem shortly. We also suggest that you
check any packet filters you may be responsible for.
Regards
Daniel Karrenberg
RIPE NCC
--
Notes:
This address space has been allocated by the IANA on April 4th 2003,
almost a month ago. The fact has been widely announced then.
Routing
[apologies for duplicates, hint: they have the same message-id]
Hi Network Operations Folk,
NOW is the time to consider making a presentation at the European Operators
Forum (EOF) to be held during the 48th RIPE meeting in Amsterdam on
Monday 3rd and Tuesday 4th of May 2004.
We would like to
On 16.03 11:22, Geo. wrote:
Can anyone point me at any papers that talk about security issues raised by
private networks passing dns requests for RFC 1918 private address space out
to their ISP's dns servers?
RFC1918
any packet filters you may be responsible for.
Regards
Daniel Karrenberg
RIPE NCC
--
Notes:
84/8 has been allocated by the IANA on November 17th 2003,
almost 4 months ago. The fact has been announced on this list
a couple of times since.
Routing decisions are fully within
On 10.03 20:55, Steven M. Bellovin wrote:
The phrase seriously bad idea comes to mind. Other phrases include
illegal, collateral damage, and stupid.
Those plus escalation of agression and uncontrollable feedback loop.
Daniel Karrenberg
PS: I will spare you the re-run of a recent
On 24.02 23:20, Randy Bush wrote:
BGP routing table entry for 168.0.0.0/6, version 7688303
...
3277 13062 20485 20485 20485 8437 3303
194.85.4.249 from 194.85.4.249 (194.85.4.249)
Origin IGP, localpref 100, valid, external, best
ripe is being overgenerous to the swiss!
Not
[Apologies for duplicate messages]
This is of interet to all operators worldwide. Operators
who do not participate in RIPE are invited to send comments
and suggestions directly to the author.
De-Bogonising New Address Blocks
On 24.02 16:32, [EMAIL PROTECTED] wrote:
That is a misleading title.
I thought it was to the point and rather cute ;-).
The problem is that ISPs cannot react quickly enough
to open filters when new ranges are allocated. The proposed
solution is to provide advance notification. I suppose
On 29.01 15:36, Jess Kitchen wrote:
http://www.root-servers.org/ seems to only have news on I's ASN change, no
mention of B or J or the anycast F/K/I's ... methinks this info should have a
home on this site..
If you folow the link from this site to http://k.root-servers.org/ you will
On 21.01 09:24, Kurt Erik Lindqvist wrote:
From the initial discussions in Sweden around the new electronic
communications act, it seems as if the operators are obliged to provide
tapping free of charge. If this turns out to be the case, I guess it is
pretty much the same all over
On 16.01 13:13, [EMAIL PROTECTED] wrote:
...
Alternatively, the RIRs might consider doing this sort of thing before
allocating IPs from new blocks. I know it's not their job to make sure
IPs are routable (especially not on every remote network), but as holders
of all the IPs, they are in
On 17.12 19:07, Pekka Savola wrote:
How do you do good cabling in dynamic, real environments? :-)
My own 25 years of experience boil down to:
Try to plan for expansion as well as possible when designing,
then periodically start over and completely re-build the messy parts.
On 16.12 07:14, Paul Vixie wrote:
we (i'm speaking for f-root here) have no authority. nobody has to
listen to us, we are the most powerless bunch of folks you'll ever meet.
now if you'd asked where we derive our *relevance*, i'd say the same as
mr. bush and mr. kletnieks -- from all the
On 24.11 18:20, William Allen Simpson wrote:
Brian Bruns wrote:
One thing that many people don't realize (from my personal experience) is
that contrary to popular belief, Win98SE is a good all around desktop OS to
use. It can run most things like productivity apps and games, and with
On 17.10 09:47, Randy Bush wrote:
but one has little assurance that the response is from the same
server as the one from which one had the dns response one is debugging.
That is true. However this only matters if the operator of the server
allows them to be inconsistent *and* routing so
The comittee should realise that the question Verisign poses about
observed adverse effects, while interesting, is not as pertinent as it
seems at first sight. John Klensin put it very well yesterday in
a rigorous way. I'll offer a less rigorous but more graphical analogy:
A contractor drills
On 06.10 23:51, Mark Kosters wrote:
In the interest in gaining more community review and comment, a discussion
list has been setup to discuss factually-based technical issues
and solutions surrounding the operational impact of wildcards in
top-level domains on Internet applications.
On 06.10 10:54, [EMAIL PROTECTED] wrote:
There is no data to indicate the core operation of the domain name
system or the stability of the Internet has been adversely affected,
VeriSign's Galvin said.
This means that there are no papers published or
conference presentations
On 03.10 04:12, Sean Donelan wrote:
Short of turning off their network access, why won't users fix
their computers when the computer is infected or needs a patch?
Hey, it's working! If it ain't broken
Related question for network engineers: When did you have your last
medical
On 03.10 10:36, Erik-Jan Bos wrote:
Hey, it's working! If it ain't broken
I doubt this. Recently, I worked with a couple of people that each had
their PCs infected. Their own virtual neighborhood complained to them,
and they surely were embaressed about the situation, but... They
On 03.10 10:59, Erik-Jan Bos wrote:
Perhaps an auto club for PC-users: You call and within the next 24 or
48 hours, depending on your subscription, an expert would dial in or
come by to get you on the virtual road again.
If this was a viable business proposition, it would exist. My
On 29.09 10:27, James Cowie wrote:
Single-homed /24 through UUNet's 7046 to 701. Withdrawals started at 01:21:38 GMT
(21:21:38 Eastern time), and ARIN flapped severely for about fifteen minutes.
Then they spent another hour and ten minutes inconsistently reachable from half the
world,
On 23.09 06:07, Paul Vixie wrote:
We call on the IAB, the IETF, and the operational community to
examine the specifications for the domain name system and consider
whether additional specifications could improve the stability of
the overall system. Most
On 23.09 14:34, Paul Vixie wrote:
What else does the IETF need to do here?
issue an rfc. iab is not a representative body, and their opinions
are not refereed.
brilliant_draft = rfc-format(relevant(good(iab-statement)) + night_sleep(own-ideas));
suggest(dnsop-wg, brilliant_draft);
On 17.09 00:50, Sean Donelan wrote:
On Tue, 16 Sep 2003, John Brown wrote:
not all the *root-servers* carry .arpa or in-addr.arpa
J (one of verisigns) does not carry this zone, based
on their own internal decision.
Actually, I thought that was one of Jon Postel's decisions when
On 17.09 04:27, Paul Vixie wrote:
speaking for f-root, we won't be cooperating with anything like that.
speaking for k-root we will not either.
... sounds like mob rule to me -- count me out. so, block me first, i guess?
block us second.
Daniel
http://www.ris.ripe.net/cgi-bin/risas.cgi
Select output format graphical. The really nice feature is that you
can do this for any time in the recent past and from multiple view
points because it works off a database of BGP data collected in 9 places
all over the globe. Feedback
On 09.09 17:09, Mehmet Akcin wrote:
hey
are you looking something like that?
http://www.netlantis.org/index.php?menu=2page=gasp
Actually much nicer is now
http://www.netlantis.org/index.html?menu=2page=sagm
This is *really* cool.
Daniel
On 23.07 10:07, Kevin Oberman wrote:
In order to use private address space, an enterprise needs to
determine which hosts do not need to have network layer connectivity
outside the enterprise in the foreseeable future and thus could be
classified as private. Such hosts will use the private
On 10.07 19:56, Randy Bush wrote:
note the 37. address. cute, eh? and i thought omphaloskepsis
was greek!
Someone is going to have fun when tat part of 37/8 gets assigned and used.
as the us military is blocking overseas access to more and more address
space, i guess non-american
presenting below and think about all
those experiences this year that might be interesting to
other operators.
For the EOF Coordination Group.
Daniel Karrenberg
--
The EOF
The European Operators Forum (EOF) exists
On 10.07 12:19, Randy Bush wrote:
...
note the 37. address. cute, eh? and i thought omphaloskepsis
was greek!
Someone is going to have fun when tat part of 37/8 gets assigned and used.
Daniel
From http://www.quinion.com/words/weirdwords/ww-omp1.htm :
OMPHALOSKEPSISI pronunciation
a software package. These could be deloyed
more easily.
Daniel Karrenberg
RIPE NCC
On 03.06 13:44, Dominic J. Eidson wrote:
I'm having a feeling that someone harvested a bunch of adresses, possibly
from NANOG, and is using them as the sender address in pretend-to-be KLEZ
spams.. I have received several bounces lately, several of them appearing
to be KLEZ, all with me as
On 28.02 18:13, Barry Raveendran Greene wrote:
Now - show me an operational environment on the Internet were this authorization
chain is _working_ today. RIRs and RADB do not count. As you mention before,
those databases and keeping them up to date are a pulling teeth exercise.
...
My
On 29.01 03:32, Sean Donelan wrote:
... Multics security. Bell Labs answer: Unix. Who needs all that extra
security junk in Multics. .
[reader warning: diatribe following]
Gee, there once were a handflul of people;
their principle goal was to make an OS for their own use.
They
At 12:59 AM 11/5/2002, Sean Donelan wrote:
Since its been 5 years since the hints/cache boot file has changed,
it may be useful to remind people an immediate change to your
local configuration files is not required. You don't need to
slashdot internic.net tomorrow morning trying to download the
At 07:50 AM 10/23/2002, Jamie C. Pole wrote:
It's a terrible thing when the most competent assessment of an attack
comes from a company spokesperson, rather than someone just a little more
technical...
In my reality the shop floor is not allowed to comment on something
that is seen as vital to
[Longish diatribe. I just use my share of bandwidth here in
larger packets. I hope you will consider S/N large enough]
At 04:51 PM 10/23/2002, Joe Patterson wrote:
would it cause problems, and more importantly would it solve potential
problems, to put some/most/all of the root servers (and maybe
At 07:05 AM 10/24/2002, Alan Hannan wrote:
It worked for airline security.
Oh, did it now?
Just to paraphrase Seans very professional language:
Before the US government proposes to unilaterally
take responsibility for a particular service it should
consider its track record of providing
Speaking for myself too:
I have been wanting an *authoritative* *single* listing of unallocated address space
for at least 6 years. Note that this is at a finer granularity than the IANA
allocations list and it would have much more frequent changes than the IANA list
as address space is
66 matches
Mail list logo