Re: AOL Postmaster
I sent your email to their team. -Dennis On Jun 1, 2009, at June 1,9:04 PM, Aaron Wendel wrote: Yes. For the last 2 months I've been getting the nice auto reply/ ticket number but no other contact. Aaron -Original Message- From: Mike Walter [mailto:mwal...@3z.net] Sent: Monday, June 01, 2009 12:23 PM To: nanog@nanog.org Subject: RE: AOL Postmaster Have you been through http://postmaster.aol.com/? Mike -Original Message- From: Aaron Wendel [mailto:aa...@wholesaleinternet.com] Sent: Monday, June 01, 2009 12:48 PM To: nanog@nanog.org Subject: AOL Postmaster Is anyone from AOL lurking on the list that could contact me of-list? I'm having some issues with mail being rejected because AOL believes our IPs are dynamic. Aaron
Re: Fiber cut - response in seconds?
Joel Jaeggli wrote: Given the location the guys in the blacks suvs likely have at least situational awareness of all of the contruction projects in their immediate vicinity. This has to be the most backwards way of dealing with this problem. They know exactly where the construction is taking place - the plans are filed with the local municipality and all the relevant agencies have access. Why do they "watch" and "monitor" rather than proactively go out and say "watch out, there's an unmarked cable here" and keep them from cutting the cable in the first place? If these cables are THAT important, I'd think it would be critical to keep them from getting cut in the first place, rather than rushing out to fix them "within 24 hours". They could send guys out in white jumpsuits and hard hats and the backhoe operators would just assume it was normal bureaucracy at work (oops, we forgot to mark those cables on your map) rather than sooper sekrit black fiber that no one is supposed to know about - until they cut into it and the black SUVs show up and then they DO know about it - more than they need to know. jc
Re: How to measure network equipment usage effectiveness?
On Tue, 02 Jun 2009 03:29:16 -, "Lee, Steven (NSG Malaysia)" said: > Hi all, may I know how you guys measure the network equipment usage > effectiveness? (...) Is there any tools other there can measure this? Step 0: Define "effectiveness". The problem is that quite often, decisions on whether to buy now or later are driven by non-network issues like budget and cash flow, which can't be measured by any network monitoring tools. For instance, I have a high-visibility project that demonstrated the ability to fully saturate a 1GigE port (if you can't design a file server that can flood a 1Gig port, you're in the wrong business :). The design called for multiple 10GigE. But when I'll actually *get* the ports depends on a different internal group, and they have to trade off things like "Do we spend Fiscal 2008 money we're low on to get this project going *now*, or wait a few weeks and spend Fiscal 2009 money?" and "Do we buy a very limited amount of 10GigE gear for piloting this project but possibly find it doesn't fit in our long-term 10Gig plans, or delay the port provisioning until we know what we're doing long term?". If anybody has a tool that handles *those* questions, feel free to let me know. ;) pgpkKzIkN7295.pgp Description: PGP signature
How to measure network equipment usage effectiveness?
Hi all, may I know how you guys measure the network equipment usage effectiveness? In what situation you will buy new network equipment instead of using the existing equipment? Any clue to share? Should we only upgrade/replace the equipment once the max PPS is reached? Is there any tools other there can measure this? Regards, Steven Lee
Re: Fiber cut - response in seconds?
On Mon, 1 Jun 2009, Charles Wyble wrote: Right. So why the "near instant" response time. Extra budgets, job creation. Knowing ahead of time where and when work is going to be done (easily found out), have someone around the corner at a Starbucks so they can jump into action if/when something goes down. Just because you have a redundant path doesn't mean you shouldn't get the broken path repaired ASAP. Maybe there are only two paths. If the other goes down, and something happens and the Gov't can't mobilize in time, something bad happens. It's a perfect storm to be sure, but when you have the lives of 300 million people at stake, I appreciate the diligence. --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: Fiber cut - response in seconds?
Its all a sham. The construction was done by the cubans.. They're good at fiber taps - Original Message - From: Charles Wyble To: nanog@nanog.org Sent: Mon Jun 01 16:17:08 2009 Subject: Re: Fiber cut - response in seconds? I do feel this might be the last post from Mr Pooser. :) Your on to them it seems. ;) A very interesting idea. I imagine it wouldn't be hard for foreign actors to get access to the data feed of construction, observe for signs of a cut and then splice in a tap. Though wouldn't that tap be found via the real response team? Dave Pooser wrote: >> Right. So why the "near instant" response time. If it's a diverse path, >> one would imagine that they could respond in a few hours or a day and >> not have any impact. > > Just a guess, but: A cut cable is one thing. A cut cable in which people > wearing different suits and driving a different brand of SUV might splice in > a fiber tap is something altogether different.
Re: Fiber cut - response in seconds?
I do feel this might be the last post from Mr Pooser. :) Your on to them it seems. ;) A very interesting idea. I imagine it wouldn't be hard for foreign actors to get access to the data feed of construction, observe for signs of a cut and then splice in a tap. Though wouldn't that tap be found via the real response team? Dave Pooser wrote: Right. So why the "near instant" response time. If it's a diverse path, one would imagine that they could respond in a few hours or a day and not have any impact. Just a guess, but: A cut cable is one thing. A cut cable in which people wearing different suits and driving a different brand of SUV might splice in a fiber tap is something altogether different.
Re: Fiber cut - response in seconds?
> Right. So why the "near instant" response time. If it's a diverse path, > one would imagine that they could respond in a few hours or a day and > not have any impact. Just a guess, but: A cut cable is one thing. A cut cable in which people wearing different suits and driving a different brand of SUV might splice in a fiber tap is something altogether different. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Fiber cut - response in seconds?
The fact that they are so closely monitoring the construction and wanting to fix it that fast seems a bit over the top for redundant systems. Even despite what we saw recently in the SF bay area? If black helicopters are involved, I suspect this is about par on the paranoia scale.
Re: Fiber cut - response in seconds?
Joel Jaeggli wrote: Charles Wyble wrote: Joel Jaeggli wrote: It's pretty trivial if know where all the construction projects on your path are... How so? Setup OTDR traces and watch them? When you lose link on every pair in a bundle, but don't lose any of the buildings you're serving via diverse paths, you have a pretty good idea what happened. Knowing which of the three construction projects on that path is likely to be digging a trench is a facilities issue. Right. So why the "near instant" response time. If it's a diverse path, one would imagine that they could respond in a few hours or a day and not have any impact. The fact that they are so closely monitoring the construction and wanting to fix it that fast seems a bit over the top for redundant systems. I've seen this happen on a university campus several times. no black helicopters were involved. Care to expand on the methodology used? A campus network is a lot different then a major metro area. Given the location the guys in the blacks suvs likely have at least situational awareness of all of the contruction projects in their immediate vicinity. One would hope. Though given the archaic nature of many govt systems, that could involve a lot of manual paper pulling... or are the bid/reward/permit systems all automated on the east coast? :) they don't have to monitor everyone's cable, just their own and near instantaneous response implies proximity so it may well be more akin to a campus network. True.
Re: Fiber cut - response in seconds?
In a message written on Mon, Jun 01, 2009 at 03:40:31PM -0700, Charles Wyble wrote: > http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR2009053002114_pf.html > > Not sure if I fully believe the article. Responding to a fiber cut in > seconds? Folks who dig call "Miss Utility" (in Virginia, anyway) befor they dig to have folks come out and spray paint where everything is lcoated. On the back end, folks with cables in the ground subscribe to a feed of address information to know if they should go out and mark cables. I have no doubt the men in black SUV's have a feed of this data, and thus know when someone is going to be digging near their cable. Indeed, I can think of at least two instances where I was out surveying fiber digs where black SUV's seemed to be across the street the entire time. With the location having features like a metro tunnel under a US Army "classified" microwave tower it would not surprise me that they have someone in the area watching. I suspect they were waiting nearby, and when it went down went in not to tell folks they cut something, but rather to tell them that they cut nothing. Wink wink. Nudge nudge. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgp7k2dO2yawl.pgp Description: PGP signature
Re: Fiber cut - response in seconds?
Charles Wyble wrote: > > > Joel Jaeggli wrote: >> It's pretty trivial if know where all the construction projects on your >> path are... > > How so? Setup OTDR traces and watch them? When you lose link on every pair in a bundle, but don't lose any of the buildings you're serving via diverse paths, you have a pretty good idea what happened. Knowing which of the three construction projects on that path is likely to be digging a trench is a facilities issue. >> >> I've seen this happen on a university campus several times. no black >> helicopters were involved. > > Care to expand on the methodology used? A campus network is a lot > different then a major metro area. Given the location the guys in the blacks suvs likely have at least situational awareness of all of the contruction projects in their immediate vicinity. they don't have to monitor everyone's cable, just their own and near instantaneous response implies proximity so it may well be more akin to a campus network. >
Re: Fiber cut - response in seconds?
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Mon Jun 1 18:30:48 > 2009 > Date: Mon, 01 Jun 2009 15:40:31 -0700 > From: Charles Wyble > To: "nanog@nanog.org" > Subject: Fiber cut - response in seconds? > > http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR2009053002114_pf.html > > Not sure if I fully believe the article. Responding to a fiber cut in > seconds? I *don't* believe it, _as_written_. If one takes 'in seconds' to mean single-digit quantities, they had to be: in the vehicle, with the engine running transmission in gear, starting from within a few hundred feet, with no interfering traffic AND no opposing traffic light. Now, change the 'facts' of the scenario "slightly", and it becomes a bunch more believable. Allow 'double-digit' numbers of seconds, from the time the crew _noticed_ the cut, and it gets a bit less fantastic. Postulate some form of 'damage' to the cable -- maybe a kink, that stretched, but did not sever the cable, or more likely, a pressure rupture in an enclosing safety guard, -- such as a 'near miss' by a back-hoe might cause a few scoops before the cable was completely severed, plus allow for a little time between actual cable severance, and the cut cable becomes _visible_; now you're looking at 5-10 minutes from 'first warning' of a problem at the NOC (with TDR type gear giving approximate location) and the 'rapid response' team on site. They'd have to be on an alert status comparable to the old SAC first alert bomber crews, and probably based within 3-5 miles, but things are now within the realm of beleivability. Not saying I _do_ believe it, but we're into the range of "might, maybe, possibly, happen that way", without having to postulate a TARDUS. I would have expected such a crew to be eqipped with, and need to _use_, 'lights and sirens', and *big* air horns, in dealing with traffic on the roadway -- *AND* I would have expected that 'minor detal' to have been noted by the work crew. As for the last part -- about the billing issue -- assuming that the construction contractor had called JULIE (The undergournd utilities marking service) and gotten the sign-off from all the carriers, they _were_ 'home free'. The carrier who 'failed to mark' their cable gets to pay the cost of replacement.
Re: Fiber cut - response in seconds?
I'm not sure why this sounds so surprising or impressive... given g$vt budgets. Monitoring software using a pair of fibers in your bundle. OTDR or similar digital diagnostics. You detect a loss, you figure out how many feet away it is. You look at your map. A simpler way to do it (if you don't mind burning lots of fiber pairs) would be to loop up a pair of fibers (or add a reflectance source every 1000 ft or so -- spliced into the cable). You can figure out to within a thousand feet once you know WHICH set of loops has died. Given it almost always involved construction crews, you drive until you see backhoes for your final approximation. If I were the gov't I'd have originally opted for #2, and then moved to #1. "Seconds" is just a function of how far away the responding agency's personnel ( monitoring the loop ) were from the cut. Obviously we are talking about a few miles tops. Plenty of people used to have a single pair in each bundle for "testing". Its relatively trivial to make that a test pair live. This is all predicated on you actually keeping your toplogy up-to-date. Deepak Jain AiNET Charles Wyble wrote: Joel Jaeggli wrote: It's pretty trivial if know where all the construction projects on your path are... How so? Setup OTDR traces and watch them? I've seen this happen on a university campus several times. no black helicopters were involved. Care to expand on the methodology used? A campus network is a lot different then a major metro area.
Re: Fiber cut - response in seconds?
Joel Jaeggli wrote: It's pretty trivial if know where all the construction projects on your path are... How so? Setup OTDR traces and watch them? I've seen this happen on a university campus several times. no black helicopters were involved. Care to expand on the methodology used? A campus network is a lot different then a major metro area.
Re: Fiber cut - response in seconds?
It's pretty trivial if know where all the construction projects on your path are... I've seen this happen on a university campus several times. no black helicopters were involved. joel Charles Wyble wrote: > http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR2009053002114_pf.html > > > Not sure if I fully believe the article. Responding to a fiber cut in > seconds? > > I suppose it's possible if $TLA had people monitoring the construction > from across the street, and they were in communication with the NOC. >
RE: Fiber cut - response in seconds?
I sent this to all of our transport people to.. Was quite curious as to what they'd use for this. However, they are the federal government - so anything is possible. -Original Message- From: Charles Wyble [mailto:char...@thewybles.com] Sent: Monday, June 01, 2009 2:41 PM To: nanog@nanog.org Subject: Fiber cut - response in seconds? http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR200905 3002114_pf.html Not sure if I fully believe the article. Responding to a fiber cut in seconds? I suppose it's possible if $TLA had people monitoring the construction from across the street, and they were in communication with the NOC.
Fiber cut - response in seconds?
http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR2009053002114_pf.html Not sure if I fully believe the article. Responding to a fiber cut in seconds? I suppose it's possible if $TLA had people monitoring the construction from across the street, and they were in communication with the NOC.
Re: In a bit of bind...
On Jun 1, 2009, at 2:37 PM, Curtis Maurand wrote: I've been using powerdns for quite a while and I've found it to be solid and stable. It'll use quite a few different backends includeing BIND zone files, but its claim to fame is that it uses mysql. a list of different backends can be found at: http://en.wikipedia.org/wiki/PowerDNS#Backends I saw bind and bind2, db2, geo, gmysql, gpgsql, goracle, gsqlite, ldap, odbc, opendbx, pipe and xdb. Pipe is interesting because you can write a backend in anything that talks to anything. There is documentation and examples on the website. The "g" stands for generic. I've been using poweradmin for management. We've been using it as well in what I would consider a very small setup: 150 domains, most with almost no traffic to speak of, but 3 or 4 with decent traffic (the high traffic ones serving over 50k end-user CPE for VoIP traffic with very short TTLs ). The MySQL back-end really is a claim to fame - it makes administration really easy to integrate into whatever you want. We have also been using poweradmin for basic management for things not under programmatic MySQL management. It's basic and a bit kludgy, but definitely adequate, and easy enough to hack into your own idea of what it should be. Daryl
RE: AOL Postmaster
Yes. For the last 2 months I've been getting the nice auto reply/ticket number but no other contact. Aaron -Original Message- From: Mike Walter [mailto:mwal...@3z.net] Sent: Monday, June 01, 2009 12:23 PM To: nanog@nanog.org Subject: RE: AOL Postmaster Have you been through http://postmaster.aol.com/? Mike -Original Message- From: Aaron Wendel [mailto:aa...@wholesaleinternet.com] Sent: Monday, June 01, 2009 12:48 PM To: nanog@nanog.org Subject: AOL Postmaster Is anyone from AOL lurking on the list that could contact me of-list? I'm having some issues with mail being rejected because AOL believes our IPs are dynamic. Aaron
Re: In a bit of bind...
I've been using powerdns for quite a while and I've found it to be solid and stable. It'll use quite a few different backends includeing BIND zone files, but its claim to fame is that it uses mysql. a list of different backends can be found at: http://en.wikipedia.org/wiki/PowerDNS#Backends I saw bind and bind2, db2, geo, gmysql, gpgsql, goracle, gsqlite, ldap, odbc, opendbx, pipe and xdb. Pipe is interesting because you can write a backend in anything that talks to anything. There is documentation and examples on the website. The "g" stands for generic. I've been using poweradmin for management. register.com and tucows both use it. Cheers, Curtis Ben Matthew wrote: Thanks very much for the various responses to my question; both on and off-list. I'm very much liking the idea of only letting the outside world see bind and then AXFR'ing the data from an easier-to-manage internal database backed solution. Whether that be myDNS, Microsoft or whatever. Bit of initial config work and then, in theory, an easy job to administer. Actually feel a bit dumb for not considering that in the first place. Cheers again, Ben -Original Message- From: Peter Hicks [mailto:peter.hi...@poggs.co.uk] Sent: 01 June 2009 12:42 To: Ben Matthew Cc: nanog@nanog.org Subject: Re: In a bit of bind... Ben, Ben Matthew wrote: I have six servers in total, two multi-homed servers for ordinary DNS and four servers running an Anycast network (2 x master and slave). For DNS, you may find it easier to outsource hosting to another provider who has geographically diverse DNS services. This doesn't necessarily mean loss of control. It also separates your nameserver hosting from your servers - suppose your network were to be under attack, or a configuration error dropped you offline. If DNS were somewhere else, you could log in, change A records, point somewhere else. Anyway I've recently been investigating other options for DNS as, like many companies currently, we've laid off a bunch of staff and the overhead for maintaining BIND is quite high if done, like us, unassisted and you are editing zone files in a text editor. Revision control systems - CVS, Subversion - are your friend here. What about wrapping up your DNS change procedure through perl or shell scripts which automatically roll back if bind doesn't reload, or some critical hosts suddenly disappear from the file. Also, ask yourself what the cost of operating the service without changes is, and what the cost of each change is. How often are you making changes? How often do you need to make a change in an absolute emergency? If changes are being done frequently, a technical or semi-technical member of staff will get to know the procedure. If changes are being made rarely, can the changes wait for you to apply them if you don't feel comfortable with others doing it? Ultimately for our simple zones (non-Anycast, basic web forwarders) I want to create a web-app to do this for me, probably in PHP. I could create something that... Herein lies a problem - you want to create a web front-end to a DNS server. You're going to have to do a lot of testing to make this play nicely, and you could introduce your own security holes or gotchas. What is the cost of creating something yourself? How about one of the following? * Outsource DNS hosting, use another provider's interface to manage * BIND9 slaves, Windows-based master (hidden) which already has a GUI and it isn't difficult to change zones * Stick to what you have and document it, wrapping the 'apply' process in some simple shell or perl Peter DISCLAIMER This e-mail message, including any attachments, is intended solely for the use of the addressee and may contain confidential information. If it is not intended for you, please inform the sender and delete the e-mail and any attachments immediately. Any review, retransmission, disclosure, copying or modification of it is strictly forbidden. Please be advised that the views and opinions expressed in this e-mail may not reflect the views and opinions of TIML Radio Limited or any of its parent and subsidiary companies. Whilst we take reasonable precautions to ensure that our emails are free from viruses, we cannot be responsible for any viruses transmitted with this e-mail and recommend that you subject any incoming e-mail to your own virus checking procedures. Use of this or any other e-mail facility signifies consent to any interception we might lawfully carry out to prevent abuse of these facilities. TIML Radio Limited (trading as Absolute Radio) Registered office: One Golden Square, London. W1F 9DJ Registered in England No 02674136 VAT No 927 2572 11
RE: US Based Server host on v6
(not that I am self promoting but...) Softlayer (www.softlayer.com) has been offering ipv6 on dedicated servers for 6 months now on a dual stack network. Thanks. Ric. -Original Message- From: Skeeve Stevens [mailto:ske...@skeeve.org] Sent: Monday, June 01, 2009 8:42 AM To: nanog@nanog.org Subject: US Based Server host on v6 Hey guys, I mostly use Ezzi.net and a couple of others for server hosting. I am looking for the same, but with dual-stack traffic and ipv6 addresses. in theory it should be the same cost. Anyone know any companies doing this yet? .Skeeve -- Skeeve Stevens - ske...@skeeve.org www.skeeve.org / Cell +61 (0)414 753 383 msn://ske...@skeeve.org ; skype://skeeve twitter://skeevestevens ; Also facebook (ske...@skeeve.org) and LinkedIn (ske...@eintellego.net) eintellego - ske...@eintellego.net - www.eintellego.net -- I'm a groove licked love child king of the verse Si vis pacem, para bellum The contents of this email message and any attachments are confidential and are intended solely for the addressee. The information may also be legally privileged. This transmission is sent in trust for the sole purpose of delivery to the intended recipient. If you have received this transmission in error; any use, reproduction or dissemination of this transmission is strictly prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and delete this message and all associated attachments.
RE: AOL Postmaster
Have you been through http://postmaster.aol.com/? Mike -Original Message- From: Aaron Wendel [mailto:aa...@wholesaleinternet.com] Sent: Monday, June 01, 2009 12:48 PM To: nanog@nanog.org Subject: AOL Postmaster Is anyone from AOL lurking on the list that could contact me of-list? I'm having some issues with mail being rejected because AOL believes our IPs are dynamic. Aaron
AOL Postmaster
Is anyone from AOL lurking on the list that could contact me of-list? I'm having some issues with mail being rejected because AOL believes our IPs are dynamic. Aaron
Re: US Based Server host on v6
On Mon, Jun 1, 2009 at 9:42 AM, Skeeve Stevens wrote: > Hey guys, > I mostly use Ezzi.net and a couple of others for server hosting. > > I am looking for the same, but with dual-stack traffic and ipv6 addresses. > in theory it should be the same cost. > > Anyone know any companies doing this yet? > http://he.net/
RE: In a bit of bind...
Thanks very much for the various responses to my question; both on and off-list. I'm very much liking the idea of only letting the outside world see bind and then AXFR'ing the data from an easier-to-manage internal database backed solution. Whether that be myDNS, Microsoft or whatever. Bit of initial config work and then, in theory, an easy job to administer. Actually feel a bit dumb for not considering that in the first place. Cheers again, Ben -Original Message- From: Peter Hicks [mailto:peter.hi...@poggs.co.uk] Sent: 01 June 2009 12:42 To: Ben Matthew Cc: nanog@nanog.org Subject: Re: In a bit of bind... Ben, Ben Matthew wrote: > I have six servers in total, two multi-homed servers for ordinary DNS and > four servers running an Anycast network (2 x master and slave). > For DNS, you may find it easier to outsource hosting to another provider who has geographically diverse DNS services. This doesn't necessarily mean loss of control. It also separates your nameserver hosting from your servers - suppose your network were to be under attack, or a configuration error dropped you offline. If DNS were somewhere else, you could log in, change A records, point somewhere else. > Anyway I've recently been investigating other options for DNS as, like many > companies currently, we've laid off a bunch of staff and the overhead for > maintaining BIND is quite high if done, like us, unassisted and you are > editing zone files in a text editor. > Revision control systems - CVS, Subversion - are your friend here. What about wrapping up your DNS change procedure through perl or shell scripts which automatically roll back if bind doesn't reload, or some critical hosts suddenly disappear from the file. Also, ask yourself what the cost of operating the service without changes is, and what the cost of each change is. How often are you making changes? How often do you need to make a change in an absolute emergency? If changes are being done frequently, a technical or semi-technical member of staff will get to know the procedure. If changes are being made rarely, can the changes wait for you to apply them if you don't feel comfortable with others doing it? > Ultimately for our simple zones (non-Anycast, basic web forwarders) I want to > create a web-app to do this for me, probably in PHP. I could create > something that... Herein lies a problem - you want to create a web front-end to a DNS server. You're going to have to do a lot of testing to make this play nicely, and you could introduce your own security holes or gotchas. What is the cost of creating something yourself? How about one of the following? * Outsource DNS hosting, use another provider's interface to manage * BIND9 slaves, Windows-based master (hidden) which already has a GUI and it isn't difficult to change zones * Stick to what you have and document it, wrapping the 'apply' process in some simple shell or perl Peter DISCLAIMER This e-mail message, including any attachments, is intended solely for the use of the addressee and may contain confidential information. If it is not intended for you, please inform the sender and delete the e-mail and any attachments immediately. Any review, retransmission, disclosure, copying or modification of it is strictly forbidden. Please be advised that the views and opinions expressed in this e-mail may not reflect the views and opinions of TIML Radio Limited or any of its parent and subsidiary companies. Whilst we take reasonable precautions to ensure that our emails are free from viruses, we cannot be responsible for any viruses transmitted with this e-mail and recommend that you subject any incoming e-mail to your own virus checking procedures. Use of this or any other e-mail facility signifies consent to any interception we might lawfully carry out to prevent abuse of these facilities. TIML Radio Limited (trading as Absolute Radio) Registered office: One Golden Square, London. W1F 9DJ Registered in England No 02674136 VAT No 927 2572 11
US Based Server host on v6
Hey guys, I mostly use Ezzi.net and a couple of others for server hosting. I am looking for the same, but with dual-stack traffic and ipv6 addresses. in theory it should be the same cost. Anyone know any companies doing this yet? .Skeeve -- Skeeve Stevens - ske...@skeeve.org www.skeeve.org / Cell +61 (0)414 753 383 msn://ske...@skeeve.org ; skype://skeeve twitter://skeevestevens ; Also facebook (ske...@skeeve.org) and LinkedIn (ske...@eintellego.net) eintellego - ske...@eintellego.net - www.eintellego.net -- I'm a groove licked love child king of the verse Si vis pacem, para bellum
Re: White House net security paper
On Jun 1, 2009, at 8:32 AM, Sean Donelan wrote: If people think that support for R&E programs should be cut instead, I guess that is also a useful data point. It would be noteworthy that any group advocated a cut in their own funding. "The Federal government, with the participation of all departments and agencies, should expand support for key education programs and research and development to ensure the Nation~Rs continued ability to compete in the information age economy. Existing programs should be evaluated and possibly expanded, and other activities could serve as models for additional programs." Jared's message earlier had the information about how you could participate if you have suggestions. There have been numerous recommendations over the years to improve education and training of IT/Security professionals directed at either DHS, EOP and other agencies. I see a critical gap in this space myself. There are not enough people that are truly skilled in this space. Perhaps this need will never be met, but with the consistent threat of compromise facing any network connected organization, there need to be people who are trained to respond. There just are not enough skilled network & security engineers out there. US-CERT (as an example) is always hiring, and I have heard stories of people going from fast-food to trying to decipher intrusion data because they could get their TS/SCI. I'm certain that anyone who can combine two skills (computers, computer networks or data forensics) with some criminal justice could help fight the bad guys. There is a severe lack of talent here. - Jared
Re: White House net security paper
If people think that support for R&E programs should be cut instead, I guess that is also a useful data point. It would be noteworthy that any group advocated a cut in their own funding. "The Federal government, with the participation of all departments and agencies, should expand support for key education programs and research and development to ensure the Nation~Rs continued ability to compete in the information age economy. Existing programs should be evaluated and possibly expanded, and other activities could serve as models for additional programs." Jared's message earlier had the information about how you could participate if you have suggestions.
Re: In a bit of bind...
On Mon, Jun 1, 2009 at 12:59 PM, Ben Matthew wrote: > Anyway my company currently uses BIND for our DNS requirements (9.6.0). > I'm always pretty keen on updating, when advised to, in order to patch > vulnerabilities and so forth as we have a fairly popular website and I'm > sure there's lots of nasty little tykes out there ready to try and take us > down. I have six servers in total, two multi-homed servers for ordinary DNS > and four servers running an Anycast network (2 x master and slave). > > Anyway I've recently been investigating other options for DNS as, like many > companies currently, we've laid off a bunch of staff and the overhead for > maintaining BIND is quite high if done, like us, unassisted and you are > editing zone files in a text editor. > > You don't necessarily need to move away from Bind but what you do need is a better backend. Certainly you should avoid Webmin and trying to automate changes to BIND zone files as this gets really messy and unmaintainable very quickly. You can use Bind9 DLZ and MySQL or LDAP. I didn't find this all that easy to package or manage though. Personally, for scalable authoritative DNS I think PowerDNS is far better especially with an LDAP backend as LDAP is trivial to replicate over large numbers of slaves. An interface to LDAP for DNS was also a trivial project for us. If you don't need so much scalability there are existing web interfaces for PowerDNS using the MySQL backend. https://webdns.bountysource.com/ https://www.poweradmin.org/trac/
Re: In a bit of bind...
On 01.06.2009, at 12:59, Ben Matthew wrote: Finally I've managed to successfully configure BIND 9 as a slave to a myDNS server and the AXFR transfers seem to be working fine. This strikes me as being quite a nice balance of ease of use and reliability in case myDNS fails on me. Ok I appreciate it doesn't get around security concerns but hey ho. As far as as security, why have myDNS world-reachable at all? You can have bind feed off of myDNS without having anyone on the outside ever talk to the myDNS backend. Chris
Re: In a bit of bind...
May seem a little simplistic, but how about Webmin. :) Runs on most linux-type systems over SSL/https and allows you to administer your DNS (and other services) without issues and provide the things you listed below. Oh, and it's free. And it's already done. Scott Ben Matthew wrote: Firstly... I apologise for the atrocious pun in the subject; just can't seem to help myself. Anyway my company currently uses BIND for our DNS requirements (9.6.0). I'm always pretty keen on updating, when advised to, in order to patch vulnerabilities and so forth as we have a fairly popular website and I'm sure there's lots of nasty little tykes out there ready to try and take us down. I have six servers in total, two multi-homed servers for ordinary DNS and four servers running an Anycast network (2 x master and slave). Anyway I've recently been investigating other options for DNS as, like many companies currently, we've laid off a bunch of staff and the overhead for maintaining BIND is quite high if done, like us, unassisted and you are editing zone files in a text editor. Ultimately for our simple zones (non-Anycast, basic web forwarders) I want to create a web-app to do this for me, probably in PHP. I could create something that: 1)Creates a zone file for "mydomain.com" and fills in defaults; overrides with options from the web-app if needed. 2)Updates the existing named.conf file 3)Opens a secure connection to the master, and uploads new config files 4)Runs a remote process to restart BIND 5)Opens a secure connection to slave, updates named.conf 6)Runs a remote process to restart BIND But I've had a play with "myDNS" (http://mydns.bboy.net) which is capable of serving DNS requests directly from a mySQL database. And it seems pretty good. All my web-app now needs to do is adjust some database records and everything else updates automatically. All very cool. However, my question is this... Has anyone yet experienced any major problems with myDNS - either security or reliability? Frankly, I'm a little scared of daring to shift away from a well-established system. Perhaps you've had the chance to poke about in the code... Is it based on the BIND codebase? Does it get security updates when exploits are revealed? Finally I've managed to successfully configure BIND 9 as a slave to a myDNS server and the AXFR transfers seem to be working fine. This strikes me as being quite a nice balance of ease of use and reliability in case myDNS fails on me. Ok I appreciate it doesn't get around security concerns but hey ho. Opinions much appreciated. Cheers, Ben -- Ben Matthew, Senior Network Engineer Absolute Radio, One Golden Square, London W1F 9DJ Tel: 020 7432 3457 Mobile: 07817464623 http://www.absoluteradio.co.uk Absolute Radio, winner of four Sony Radio Awards in 2009 DISCLAIMER This e-mail message, including any attachments, is intended solely for the use of the addressee and may contain confidential information. If it is not intended for you, please inform the sender and delete the e-mail and any attachments immediately. Any review, retransmission, disclosure, copying or modification of it is strictly forbidden. Please be advised that the views and opinions expressed in this e-mail may not reflect the views and opinions of TIML Radio Limited or any of its parent and subsidiary companies. Whilst we take reasonable precautions to ensure that our emails are free from viruses, we cannot be responsible for any viruses transmitted with this e-mail and recommend that you subject any incoming e-mail to your own virus checking procedures. Use of this or any other e-mail facility signifies consent to any interception we might lawfully carry out to prevent abuse of these facilities. TIML Radio Limited (trading as Absolute Radio) Registered office: One Golden Square, London. W1F 9DJ Registered in England No 02674136 VAT No 927 2572 11
In a bit of bind...
Firstly... I apologise for the atrocious pun in the subject; just can't seem to help myself. Anyway my company currently uses BIND for our DNS requirements (9.6.0). I'm always pretty keen on updating, when advised to, in order to patch vulnerabilities and so forth as we have a fairly popular website and I'm sure there's lots of nasty little tykes out there ready to try and take us down. I have six servers in total, two multi-homed servers for ordinary DNS and four servers running an Anycast network (2 x master and slave). Anyway I've recently been investigating other options for DNS as, like many companies currently, we've laid off a bunch of staff and the overhead for maintaining BIND is quite high if done, like us, unassisted and you are editing zone files in a text editor. Ultimately for our simple zones (non-Anycast, basic web forwarders) I want to create a web-app to do this for me, probably in PHP. I could create something that: 1)Creates a zone file for "mydomain.com" and fills in defaults; overrides with options from the web-app if needed. 2)Updates the existing named.conf file 3)Opens a secure connection to the master, and uploads new config files 4)Runs a remote process to restart BIND 5)Opens a secure connection to slave, updates named.conf 6)Runs a remote process to restart BIND But I've had a play with "myDNS" (http://mydns.bboy.net) which is capable of serving DNS requests directly from a mySQL database. And it seems pretty good. All my web-app now needs to do is adjust some database records and everything else updates automatically. All very cool. However, my question is this... Has anyone yet experienced any major problems with myDNS - either security or reliability? Frankly, I'm a little scared of daring to shift away from a well-established system. Perhaps you've had the chance to poke about in the code... Is it based on the BIND codebase? Does it get security updates when exploits are revealed? Finally I've managed to successfully configure BIND 9 as a slave to a myDNS server and the AXFR transfers seem to be working fine. This strikes me as being quite a nice balance of ease of use and reliability in case myDNS fails on me. Ok I appreciate it doesn't get around security concerns but hey ho. Opinions much appreciated. Cheers, Ben -- Ben Matthew, Senior Network Engineer Absolute Radio, One Golden Square, London W1F 9DJ Tel: 020 7432 3457 Mobile: 07817464623 http://www.absoluteradio.co.uk Absolute Radio, winner of four Sony Radio Awards in 2009 DISCLAIMER This e-mail message, including any attachments, is intended solely for the use of the addressee and may contain confidential information. If it is not intended for you, please inform the sender and delete the e-mail and any attachments immediately. Any review, retransmission, disclosure, copying or modification of it is strictly forbidden. Please be advised that the views and opinions expressed in this e-mail may not reflect the views and opinions of TIML Radio Limited or any of its parent and subsidiary companies. Whilst we take reasonable precautions to ensure that our emails are free from viruses, we cannot be responsible for any viruses transmitted with this e-mail and recommend that you subject any incoming e-mail to your own virus checking procedures. Use of this or any other e-mail facility signifies consent to any interception we might lawfully carry out to prevent abuse of these facilities. TIML Radio Limited (trading as Absolute Radio) Registered office: One Golden Square, London. W1F 9DJ Registered in England No 02674136 VAT No 927 2572 11
Re: White House net security paper
>>> network security is a "loss center". not just a cost center, a >>> *loss* center. non-bankrupt ISP's whose investors will make good >>> multiples only staff their *profit* centers. >> this glib statement may have been true at the isps where you worked. it >> is not true for the ones where i work(ed). > It is true at every ISP I have ever encountered. I do not consider the > statement glib. well, i guess some of us are pickier than others, and have the luck of having choices. randy
Re: White House net security paper
At 04:43 PM 01-06-09 +0900, Randy Bush wrote: > network security is a "loss center". not just a cost center, a *loss* center. > non-bankrupt ISP's whose investors will make good multiples only staff their > *profit* centers. this glib statement may have been true at the isps where you worked. it is not true for the ones where i work(ed). It is true at every ISP I have ever encountered. I do not consider the statement glib. -Hank
Re: DNS ed.gov translations
> ROTFL what an honour ;-), as we are in to weekend mood anyway I share > the reason for this. When I joined Colt my signature did look like this: > > --- > ___ ___ ___ ___ Ralf Weber t: +49 (0)69 56606 2780 > \C/ \O/ \L/ \T/ System Administrator > V V V VCOLT Telecom GmbHf: +49 (0)69 56606 6280 > IP Services e: r...@colt.net As did everyone's, I think - it's great that we had such an ASCII-art-friendly logo :) > That was used until our lawyers decided that as with real letters it > was their duty to design the fine print on email also. This lead to > what you see now below. I don't like it but am bound to use it. In the > signatur select box of my email program the signatur below is named > "r...@colt.net > violating RFC1855". I moved all my work-related mailing-list subscriptions to personal email when the legal departments started getting hold of .sigs. It seems pretty much impossible these days to post from a work address to any external email at all without looking like an idiot. (Of course, just removing the legal boilerplate doesn't, in itself, *prevent* me from looking an idiot, before anyone goes for the obvious...) Regards, Tim.
Re: White House net security paper
> network security is a "loss center". not just a cost center, a *loss* center. > non-bankrupt ISP's whose investors will make good multiples only staff their > *profit* centers. this glib statement may have been true at the isps where you worked. it is not true for the ones where i work(ed). randy
Re: White House net security paper
>> As hire As. Bs hire Cs. Lots of Cs. >> this problem needs neurons, not battalions. > this problem needs round-tuits, which Good Guys are consistently short > of, but which Bad Guys always have as many of as they can find use > for. a few battalions of B's and C's, if wisely deployed, could > bridge that gap. there is a reason Bs and Cs have spare round-tuits. fred brooks was no fool. os/360 taught some of us some lessons. batallions work in the infantry, or so i am told. this is rocket science. randy