One thing you might consider is putting together a script to harvest email
addresses from whois records that correspond to the PTR for the querying
IPs. Add to that list abuse, postmaster, webmaster, hostmaster, etc @ the
poorly run domain. Then fire off a message explaining the situation
How long before we rediscover the smokestack? After all, a colo is an
industrial facility. A cellar beneath, a tall stack on top, and let physics
do the rest.
odd that you should say that. when building out in a warehouse with 28 foot
ceilings, i've just spec'd raised floor (which i usually
, unless Eneco's chip works out
in which case all bets are off in a whole lotta ways.
--
Paul Vixie
over three years? spread out over 50 network owners that's ~$3K
a month. i don't see that happening in a consolidation cycle like this one,
but hope springs eternal. give randy and hank the money, they'll take care
of this for us once and for all.
--
Paul Vixie
all ears.)
--
Paul Vixie
If you have water for the racks:
we've all gotta have water for the chillers. (compressors pull too much power,
gotta use cooling towers outside.)
http://www.knuerr.com/web/en/index_e.html?products/miracel/cooltherm/cooltherm.html~mainFrame
i love knuerr's stuff. and with mainframes or
% of all
queries it receives? and i say, um, no, why do you ask? and the answer
is always that's what the ultradns salesman told me. i can't argue with
their success, but i guess i am ready to quibble over their manners.
--
Paul Vixie
Hi Paul, just curious, someone over at UltraDNS called and told me my own
bind server is dropping 20% of queries. Can you please explain to me how did
they log into my systems?
:-)
been spamming. and it may also be that they
are out of compliance with RFC 2182. but that would be like catching al
capone for income tax evasion just because you couldn't pin murder on him.
(OPNs = Other People's Networks)
--
Paul Vixie
16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email [EMAIL PROTECTED]
--
Paul Vixie
remove the ISC training ad from my .signature for this post, since i've
gone way over my NANOG quota here -- three messages in 24 hours, oops.)
--
Paul Vixie
fyi:
---BeginMessage---
EARLY KEY ROLLOVER
---
In light of the recently announced OpenSSL security advisory: RSA Signature
Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key
Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use the DLV
KSK published on
[EMAIL PROTECTED] (Paul Vixie) writes:
EARLY KEY ROLLOVER
---
In light of the recently announced OpenSSL security advisory: RSA Signature
Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key
Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use
Francisco Bay Area,
covering topics from DNS to DHCP. Email [EMAIL PROTECTED]
--
Paul Vixie
unbudgeted expense and as a secondary burn it will make real
network problems harder to report.
--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email [EMAIL PROTECTED]
--
Paul Vixie
in the world is urgent to somebody somewhere.
not everything that happens on the internet is urgent to everybody on nanog.
there are too many topics (and too many botnets) for nanog to cover them all.
--
Paul Vixie
not become one. nanog has other useful purposes.
--
Paul Vixie
want to read. Spam is manageable problem
without the self appointed censors. Get over it and move on.
damn. i've been trolled. sorry everybody.
--
Paul Vixie
*do*.
--
Paul Vixie
[EMAIL PROTECTED] (Scott Weeks) writes:
From: Paul Vixie [EMAIL PROTECTED]
http://fm.vix.com/internet/security/superbugs.html
... I'd like to see ...jackbooted [US is implied in the text]
government thugs...kicking in a door somewhere ...
i apologize for writing so sloppily that you
.
see http://fm.vix.com/internet/security/superbugs.html for details.
--
Paul Vixie
http://news.bbc.co.uk/2/hi/technology/5209496.stm
-party:
Dinner, hosted by the ISC.
this is pizza and beer in the warehouse but it'll allow cross-pollination.
--
Paul Vixie
There is a new player on the block that I see more and more
http://www.infoblox.com/company/
infoblox isn't new. i'm familiar with them since they use BIND as their
DNS protocol engine, and are long time members of the ISC BIND Forum. i
recently did colour commentary for an
of abnormally low DNS TTL?
i'm not as much interested in whether a technology causes no problems for its
operator as whether its cost:benefit is worthwhile to the internet community.
--
Paul Vixie
. pundits please note that
the fancy thing i'm recommending sit perfectly on top of the non-fancy
thing i'm recommending.
--
Paul Vixie
akamai's or ultradns's DNS GSLB services,
that's for sure.
--
Paul Vixie
as an option,
but they all describe session-level redirection and most recommend that (as i
do) and some even say using dns for this is bad (as i do, but for different
reasons.)
--
Paul Vixie
://www.tenereillo.com/GSLBPageOfShameII.htm.
the references sections of those last three are particularly informative.
--
Paul Vixie
/current/msg00671.html
--
Paul Vixie
jargon.
that's just bitterness, though.
--
Paul Vixie
The effect of Nanog is remarkable. All the hybrid cells became fully
converted to embryonic stem cells, said Jose Silva of the University of
Edinburgh, Scotland, who reported the findings in the journal Nature.
can you say does not scale?
Indeed.
this is why we're trying to sign up some registrars, starting with alice's,
who can send us blocks of keys based on their pre-existing trust
relationships.
--
Paul Vixie
touch with the Real World!) to keep myself entertained.
You may flame when ready, Gridley.
isc depends on a lot of volunteers, i'm happy to hear of your availability
and i assume that joao will also be happy to hear it when he catches up on
[EMAIL PROTECTED]
--
Paul Vixie
... we're trying to sign up some registrars, starting with alice's,
who can send us blocks of keys based on their pre-existing trust
relationships.
so a key roll or change of delegation requires two levels of human
intervention to work?
no.
in the normal, non-DLV DNSSEC-bis
thanks for actual technalia.
i've also been warned that this isn't ops-related and told to move elsewhere.
( first, i suspect much of the confusion could come from your
thinking that the place up on skyline is *the* alice's restaurant.
*the* alice's restaurants are the ones in our own
If Paul is present specifically and only for QA that pertains to subject
matter with which he is knowledgeable, his presence helps the ops community.
I have not seen any writings that indicate that Paul was at bg or bofs or
other portions of the conference.
i was at the BG, having first
Is there a better way to have handled the situation? Perhaps.
indeed, i should have registered as a speaker and sat behind joao while
he spoke.
The positive outcome of this issue is that we are discussing how to handle
drop-ins (freebie conference attenders?).
agreed, there's a salient
Paul may be special ...
nope. we're all just bozos on this bus.
is http://www.isc.org/ops/dlv/.
--
Paul Vixie
dilute as to be powerless and
therefore trustworthy, but still barely potent enough to operate a DLV
zone.
--
Paul Vixie
i intended to be present for the QA after joao's DLV talk but i was told
that being there without having registered was rude. as i was exiting the
room, i heard sam weiler at the QA mic repeating his prior comments as to
how ISC should not be a DLV registry, and i saw mark kosters in line at
i intended to be present for the QA after joao's DLV talk but
i was told that being there without having registered was rude.
you were attending nanog without registering and paying? that is
rude. have you offered to pay retroactively? that would be the
honorable thing to do.
the web site and whois info are just about as completely anonymous as can be.
to allege that your intentional actions cost them money.
(as opposed to your deliberate inaction, as in the case of denying service.)
note, IANAL. but i've been sued by experts, and even stupid lawsuits cost a
lot to answer/defend, and not all stupid lawsuits are provably frivolous.
--
Paul Vixie
.
--
Paul Vixie
aren't subscribed and want to be. (There are
about 50 folks on that list, which I'm calling critical mass for the
purpose of starting the first real discussion over there.)
--
Paul Vixie
[EMAIL PROTECTED] (Paul Vixie) (hey, that's me!) writes:
http://lists.oarci.net/mailman/listinfo/ ... (There are
about 50 folks on that list, which I'm calling critical mass for the
purpose of starting the first real discussion over there.)
oops. 154 as of this morning, i guess i wasn't
/2006-February/author.html
--
Paul Vixie
i'd writ:
# speaking of which, f-root has about 35 nodes world wide, and about a third
# to a half of them aren't reachable by udp/161, and the blockage is not in
# our immediate neighbors but rather on transit paths. this is due to the
# cisco snmp vulnerability five years or so ago.
# hum... i subscribed to this dns-operations@ list some days back
as what?
#in2.oarc:amd64# bin/list_members dns-operations | grep -i manning
#in2.oarc:amd64# bin/list_members dns-operations | grep -i ep.net
#in2.oarc:amd64#
# and have yet to see any postings. i guess i'm not
last week i became unable to send mail to verizon users:
Diagnostic-Code: X-Postfix; host relay.verizon.net[206.46.232.11] said:
550 You are not allowed to send mail:sv18pub.verizon.net
(in reply to MAIL FROM command)
(the above was from me trying to ask [EMAIL
today i saw http://209.59.135.198/threat-center/eset_threat_blog.php.
kids entertainment-level hyperbole any more.
--
Paul Vixie
guess which timescale harvard business school teaches american
executives and politicians to think and act within?)
--
Paul Vixie
proving once again that peering ratios only matter if the other guy's
customers can live without your assymetric content, here are two articles
i saw today via slashdot. what's interesting to me is whether bellsouth
will be sued some time later by some other content provider for de-peering
them
# Admitted, i did not notice the type/class difference. I responded as a knee
# jerk reaction, and that is my mistake.
on nanog@, the tradition is to send knee-jerk flames without having read the
article you're replying to. it's our own little slice of usenet-like culture,
still alive a decade
# Last saturday one of our Web server experienced a TCP SYN attck which make
# the system down for four hours. It seems there is not a good solution which
# could detect defend DoS traffic at any time.
by definition, there will never be a single defense against all attacks.
# So, to the class
toolbox makes us all
unsafe, no matter how much or how little they may be using it this day/year.)
--
Paul Vixie
customers ...
--
Paul Vixie
client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
class ANY has no purpose in the real world, not even for debugging. if
you see it in a query, you can assume malicious intent. if you hear it in
a query, you can safely ignore that query, or at best, map it to class IN.
--
Paul Vixie
# class ANY has no purpose in the real world, not even for debugging. if
# you see it in a query, you can assume malicious intent. if you hear it in
# a query, you can safely ignore that query, or at best, map it to class
# IN.
#
# er... i guess that is true, although the DNS does
at the court is reading any of
it and they sincerely hope they never have to (i.e., that you'll
settle out of court, probably because one side ran out of money.)
s/\$25K/$250K/, but otherwise, yes.
--
Paul Vixie
about all kinds of off-topic CB radio junk. ymmv, but isn't it inevitable?
--
Paul Vixie
# your not the only one...
do you think it's worth complaining, or is this another hey, you put your
contact information out there, we're just using it, and the mail isn't spam,
it's absolutely on-topic? spammer?
actually, no, I could compare a /48 to a class A.
...which makes the /32s-and-shorter that everybody's actually getting
double-plus-As, or what?
no, super *duper* A's.
--
Paul Vixie
will remain open until something bad happens, so feel free to register,
create rooms persistent or otherwise, etc.
--
Paul Vixie
in an unusual fit of effacacy, i brought up an open jabber server today
and created a persistent conference room. i'm not a fan of the monolithic
public jabber.org server.
if you have a jabber account somewhere, you can join the conference room:
[EMAIL PROTECTED]
if you don't have a jabber
, srh, if someone asks a Q on jabber and you're
not logged in, i'll spew it to the microphone (or somebody else will).
--
Paul Vixie
[EMAIL PROTECTED] (Pete Kruckenberg) writes:
Authoritative sources report that Verio coincidentally had major problems
last night also:
we (isc) saw level(3) go away and come back. verio's been normal here though.
--
Paul Vixie
products.
--
Paul Vixie
[EMAIL PROTECTED] (Todd Vierling) writes:
The customer wants redundancy.
That's why SLAs exist.
no. sla's exist because actuarial tables and lawyers and accountants exist.
--
Paul Vixie
# True enough, but unfortunately, it's not done in a way that we can make
# use of the identifier in the routing subsystem or in the transport
# protocols.
#
# The transport protocols, well they generally act on behalf of something
# which can do the lookup and supply transport with right
runway.
--
Paul Vixie
# but when similar things were proposed at other meetings, somebody always
# said no! we have to have end-to- end, and if we'd wanted
# nat-around-every-net we'd've stuck with IPv4.
#
# Is VJ compression considered a violation of the end-to-end principle?
#
# Or perhaps I misunderstand (yet
# The problem with that (and many premises) is that we need to remember these
# arguments and foreseen problems were all dreamed up 10 or so years ago.
# The status of everyone's network, everyone's business needs and everyone's
# network design (and capabilities) were drastically different that
# ...
#
# Obviously, some of the disadvantages of such an approach would be that it
# would require both ends to play and end users wouldn't be able to
# traceroute. I'm sure there are many other disadvantages as well. ...
ok, so here's the problem. we don't have what the iab thinks of as
# ...
#
# You are missing the point.
#
# Currently multihomed sites have multiple path entries in the routing table
# for a specific multihomed prefix.
#
# Instead of having multiple paths, you would have multiple location records
# in DNS. (Which are A records and any possible reordering by
# if all you've got is a hammer, every problem looks like a nail.
#
# I guess the question was what is the problem IPng was supposed to solve?
that depends on who you ask. the pet problem i was dealing with at the time
was the necessary evil called CIDR. necessary because infinite routing
quickly.
What were the reasons for rejection?
i wasn't there for that meeting. but when similar things were proposed
at other meetings, somebody always said no! we have to have end-to-end,
and if we'd wanted nat-around-every-net we'd've stuck with IPv4.
--
Paul Vixie
0.543 -0.017 0.043
+Time10.Stupi.SE .GPS.1 u 12 64 3775.333 -0.471 0.039
--
Paul Vixie
be talking about something else by now. as it
is, the shim6 complexity penalty is even higher, and i don't think we'll
ever get to stop talking about this problem.
--
Paul Vixie
?
--
Paul Vixie
side exceeds their cost.
Yea, verily. But I don't think you'll find a one-cost-fits-all model. When
one person's costs are lower than another and they're doing similar things,
it's often called efficiency or competitiveness. (Just as one example.)
--
Paul Vixie
bgp. see
http://www.google.com/search?client=safarirls=en-usq=vixie+multihoming+without+bgpie=UTF-8oe=UTF-8
if you're wondering how long we've been fiddling around with THAT tune here.
--
Paul Vixie
aspirations. they'll remain connected to the riskier
ISP's no matter what the riskier ISP's are doing to each other this week.
--
Paul Vixie
was a bad idea, and we should push forward with one AS per end-site
and a global routing table of 500 million entries?
--
Paul Vixie
-- my employer has friendly relations with both Level(3) and Cogent.
--
Paul Vixie
isn't.
--
Paul Vixie
and multilateralism. (ain't
it great?)
--
Paul Vixie
other issues being
equal) is one provider in a better position than the other?
If it's still common for one to be billed only for highest of in vs. out
then there's no way to compare the benefits since there's always a shadow
direction and it won't be symmetric among flow endpoints.
--
Paul Vixie
is only getting started.)
--
Paul Vixie
# It is *not* the same as what you've been advocating.
#
# indeed, it is not. ...
#
# I don't get this. You pretend there is a difference between ICANN / VeriSign
# / US-DoC and universal IANA namespace. They are one and the same.
you must have misread me. see http://fm.vix.com/ today.
# you must have misread me. see http://fm.vix.com/ today.
#
# I've read it. Twice now. I'd like some help on what part I've misread ?
i'm indifferent to their reasons, as long as they don't add any new TLD's...
# I don't think the independence argument holds, as explained by my previous
#
# I understood that you're indifferent to _their_ reasons. I'm curious about
# _your_ reasons. Solely to learn and for the stats? I couldn't deduct that
# from fm.vix.com.
internet governance ain't what it will be. anyone who wants to keep name
universality in place as the system evolves, can
# Paul, if we ever get DNSSEC deployed, what will/should OSRN return for
#
# dig ns .
#
# --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
i don't know ORSN's plans. i believe that the standard testbed methodology
(and bill manning would be the one to correct me here,
PS. Is there some sort of secret net.kook cabal which I was not aware of?
i thought this (nanog) was it. maybe i'm not in the loop, though.
--
Paul Vixie
universality would be worse
than lack of naming autonomy.
--
Paul Vixie
things along the way?
Paul Vixie has given very good arguments.
did i? did you read them? did you read the part where i said:
| ... thus there's plenty of money and power ready to back the next
| hair-brained scheme to break the lock, even if (as i expect) lack of
| naming universality would
. and do remember to look at jacco's www.dnssec.net pages;
he (wisely) does not delve into the root zone's political problems or the DLV
controversy, but otherwise his site is a very complete and useful reference.
--
Paul Vixie
101 - 200 of 738 matches
Mail list logo