Re: public open resolver list?

[Christopher Morrow]

Curious! (wkipedia random page look):
  Comodo -> 8.26.56.26 && 8.20.247.20

as-path for those both:
174 23393 23393 16589
6762 3257 23393 23393 16589

$ whois AS16589
No match found for a 16589.

(https://bgp.he.net/AS16589#_whois)

So, sending your DNS queries into what sure looks like hijacked ip
space and asn ... seems bad.

On Mon, Feb 1, 2021 at 8:14 PM Mel Beckman  wrote:
>
> Oh, Bill. If you’d use Wikipedia to check out Wikipedia, you’d be allergic 
> too! :)
>
> https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_is_not_a_reliable_source
>
>  -mel
>
> On Feb 1, 2021, at 3:32 PM, Bill Woodcock  wrote:
>
> Are all y’all allergic to Wikipedia or something?
>
> https://en.wikipedia.org/wiki/Public_recursive_name_server
>
>-Bill
>

Re: public open resolver list?

[Mel Beckman]

Oh, Bill. If you’d use Wikipedia to check out Wikipedia, you’d be allergic too! 
:)

https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_is_not_a_reliable_source

 -mel

On Feb 1, 2021, at 3:32 PM, Bill Woodcock  wrote:

Are all y’all allergic to Wikipedia or something?

https://en.wikipedia.org/wiki/Public_recursive_name_server

   -Bill

Re: public open resolver list?

[Chris Boyd]

> On Feb 1, 2021, at 5:26 PM, Kevin McCormick  wrote:
> 
> Nearly all of those seem to error out.
> 
> Is that a wishful thinking list?

Those that do answer to anyone who asks are flagged "recursion-yes,” but I 
don’t know how often it’s updated.

—Chris

Re: RTBH and Flowspec Measurements - Stop guessing when the attack will over

[Dobbins, Roland]

On Feb 2, 2021, at 00:34, Douglas Fischer  wrote:

Or even know if already there is a solution to that and I'm trying to invent 
the wheel.

Many flow telemetry export implementations on routers/layer3 switches report 
both passed & dropped traffic on a continuous basis for DDoS 
detection/classification/traceback.

It's also possible to combine the detection/classification/traceback & flowspec 
trigger functions.

[Full disclosure: I work for a vendor of such systems.]




Roland Dobbins 

Re: public open resolver list?

[Bill Woodcock]

Are all y’all allergic to Wikipedia or something?

https://en.wikipedia.org/wiki/Public_recursive_name_server

-Bill



signature.asc
Description: Message signed with OpenPGP

RE: public open resolver list?

[Kevin McCormick]

Nearly all of those seem to error out.

Is that a wishful thinking list?

Thank you,

Kevin McCormick

-Original Message-
From: NANOG  On Behalf Of Chris 
Boyd
Sent: Monday, February 1, 2021 4:17 PM
To: North American Network Operators' Group 
Subject: Re: public open resolver list?



> On Feb 1, 2021, at 12:19 PM, Nick Hilliard  wrote:
> 
> Randy Bush wrote on 01/02/2021 18:16:
>> is there a list of public resolvers?  e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8, 
>> etc.?
> 
> https://public-dns.info/

There’s also a list of interesting resolvers at
https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1

—Chris

Re: public open resolver list?

[Chris Boyd]

> On Feb 1, 2021, at 12:19 PM, Nick Hilliard  wrote:
> 
> Randy Bush wrote on 01/02/2021 18:16:
>> is there a list of public resolvers?  e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
>> etc.?
> 
> https://public-dns.info/

There’s also a list of interesting resolvers at
https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1

—Chris

Re: public open resolver list?

[Hugo Salgado]

On 10:49 01/02, Randy Bush wrote:
> >> is there a list of public resolvers?  e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
> >> etc.?
> > 
> > https://public-dns.info/
> 
> interesting, but probably too broad.
> 
> but i suspect my question was too broad.
> 
> >> we have a measurement set which contains resolvers, some of which we
> >> suspect are intentionally open, some unintentionally open, and some
> >> not open.  we are trying to filter that first set, the intentionally
> >> open.
> 
> i suspect it hinges on what one thinks of as 'public'.  i.e. dtag's
> servers for its customers is not what i think of as public.  maybe
> i mean globally public or something.
> 
> randy, who clearly needs to think a bit more
> 

I don't know of an exhaustive list, but a while ago I collected these:

cloudflare 1.1.1.1 1.0.0.1 2606:4700:4700:: 2606:4700:4700::1001
comodo: 8.26.56.26 8.20.247.20
dyn: 216.146.35.35 216.146.36.36
google: 8.8.8.8 8.8.4.4 2001:4860:4860:: 2001:4860:4860::8844
level3: 4.2.2.2 4.2.2.1
norton: 199.85.126.10 199.85.127.10
opendns: 208.67.222.222 208.67.220.220
quad9: 9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9
ultradns: 156.154.71.1 156.154.70.1

Hugo



signature.asc
Description: PGP signature

Re: public open resolver list?

[Randy Bush]

>> is there a list of public resolvers?  e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
>> etc.?
> 
> https://public-dns.info/

interesting, but probably too broad.

but i suspect my question was too broad.

>> we have a measurement set which contains resolvers, some of which we
>> suspect are intentionally open, some unintentionally open, and some
>> not open.  we are trying to filter that first set, the intentionally
>> open.

i suspect it hinges on what one thinks of as 'public'.  i.e. dtag's
servers for its customers is not what i think of as public.  maybe
i mean globally public or something.

randy, who clearly needs to think a bit more

RE: public open resolver list?

[Spencer Coplin]

There are several good articles about the different ones out there and the 
level of filtering and response they can offer. I personally have been happy 
with Quad9's free DNS server (9.9.9.9) and the basic anti-bad stuff filtering 
it does. You get no reporting on what it blocks, but there are services 
(OpenDNS for example) out there you can pay for that offer reporting if needed.

Thank you,
Spencer


-Original Message-
From: NANOG  On Behalf Of Nick 
Hilliard
Sent: Monday, February 1, 2021 12:20 PM
To: Randy Bush 
Cc: North American Network Operators' Group 
Subject: Re: public open resolver list?

CAUTION: This email originated from an external source. Verify the sender 
before taking any actions.



Randy Bush wrote on 01/02/2021 18:16:
> is there a list of public resolvers?  e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8, 
> etc.?

https://public-dns.info/

?

Nick

Re: public open resolver list?

[Nick Hilliard]

Randy Bush wrote on 01/02/2021 18:16:

is there a list of public resolvers?  e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
etc.?


https://public-dns.info/

?

Nick

public open resolver list?

[Randy Bush]

is there a list of public resolvers?  e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
etc.?

we have a measurement set which contains a list of resolvers, some of
which we suspect are intentionally open, some unintentionally open,
and some not open.  we are trying to filter that first set, the
intentionally open.

the open resolver finders would seem not to meet our need.  but, yes, it
would be nice if they documented the intentional public open resolvers.

randy

Re: Any2 Los Angeles down again

[Siyuan Miao]

It went down again today and last Sunday.

And yes, we can see 206.72.210.143 with heavy packet loss too. They said
that they will send us a RFO last Friday but I haven't got one.

On Tue, Feb 2, 2021 at 1:59 AM Seth Mattinen  wrote:

> On 1/26/21 3:51 AM, Siyuan Miao wrote:
> > Does anybody know if there's an alternative to Any2 Los Angeles
> > with predictable uptime and enough members in LA?
> >
> > It's the second outage this month and we've observed at least 7 outages
> > in the past year and we didn't even receive any maintenance notice or
> RFO.
> >
>
>
> Anyone else seeing problems with Any2 LAX right now (9:50 Pacific time)?
> I'm seeing packet loss to Microsoft AS8075 through 206.72.210.143 but
> not 206.72.211.94. Unsure if this is yet another repeat of recent Any2
> issues or limited to AS8075.
>

Re: Any2 Los Angeles down again

[Seth Mattinen]

On 1/26/21 3:51 AM, Siyuan Miao wrote:
Does anybody know if there's an alternative to Any2 Los Angeles 
with predictable uptime and enough members in LA?


It's the second outage this month and we've observed at least 7 outages 
in the past year and we didn't even receive any maintenance notice or RFO.





Anyone else seeing problems with Any2 LAX right now (9:50 Pacific time)? 
I'm seeing packet loss to Microsoft AS8075 through 206.72.210.143 but 
not 206.72.211.94. Unsure if this is yet another repeat of recent Any2 
issues or limited to AS8075.

RTBH and Flowspec Measurements - Stop guessing when the attack will over

[Douglas Fischer]

I think most here know (way better than me) the concepts of DDoS, anomaly
detection, and reactions.

Some of the reactions that can be implemented to reduce the impact of an
attack are Remote-Triggered BlackHole and FlowSpec Filtering.

In theory, using FlowSpec would be possible to de source the trigger of
that FlowSpec announcement receives the measurements of the
Flowspec-Enforcer-Box the measurements of those rules.
But in fact, considering FlowSpec-Enforcement as-a-service, I've never seen
that happens between FlowSpec-RulesGenerator-Box and FlowSpec-Enforcer-Box
that are operated by different organizations.
(If some company does, please let me know.)


So, in practical actions, the FlowSpec-RulesGenerator-Box needs to play a
guessing game of how long will take until the attack ceases.
- First, send that FlowSpec Filtering for 3 minutes.
- After that initial timer expires and removing the FlowSpec Filtering,
measure the Flows of his own equipment.
- If the attack is still there, re-announce the FlowSpec Filter Rule for
more 15 minutes.
- Wait to expire again, if the attack is still there re-announce for more
30 minutes, and keep this on an eternal loop.

The same occurs with Remote-Triggered-Blackhole.
I need to remove it and feel it is still there.
And every time I do that, small partial outages occur at the destination
network.


Have you already imagined if those who implemented the RTBH or FlowSpec
could give you some feedback of how is the usage of that BH or FlowSpecDrop?

I really still don't know how to do this...
Or even know if already there is a solution to that and I'm trying to
invent the wheel.

What do you think about that?
Any Ideas?



-- 
Douglas Fernando Fischer
Engº de Controle e Automação

Re: Question About Marea Cable

[Ilissa Miller]

Rod,
I received the information you requested of the NANOG listserv from Telxius



   - Ashburn DC2 to CLS Sopelana RTD = 69.5ms
   - Ashburn DC2 to Derio POP = 71ms


Hope this helps!
-Ilissa



On Mon, Feb 1, 2021 at 9:22 AM Rod Beck 
wrote:

> Off list, please. Anyone know the RTD of this cable from its Ashburn POP
> to its Bilboa cable landing station. A 2018 press release brags it is one
> of the lowest latency Trans-Atlantic cables.
>
> Regards,
>
> Roderick.
>
> Roderick Beck
> VP of Business Development
>
> United Cable Company
>
> www.unitedcablecompany.com
>
> New York City & Budapest
>
> rod.b...@unitedcablecompany.com
>
> Budapest: 36-70-605-5144
>
> NJ: 908-452-8183
>
>
> [image: 1467221477350_image005.png]
>


-- 
*Ilissa Miller*

CEO, iMiller Public Relations

President, NEDAS

Founder, Independent Data Center Alliance

Office:  (914) 315-6424

Mobile: (917) 743-0931

@iMillerPR | @ilissanyc

iMiller Public Relations

www.imillerpr.com

*NEDAS*

www.nedas.com

Explore the NANOG 81 Virtual Expo 👉 Doors are now open!

[NANOG News]

*The latest technology, all in one space*
Be sure to visit the NANOG 81 Virtual Expo throughout the conference to
learn about the latest technologies, and connect with reps from North
American companies and beyond! Plus, you'll have the chance to win a
variety of swag + prizes, and pick up clues for our daily Scavenger Hunts.
Expo doors are open today through Friday, 2/19! Scroll on to learn more
about each of our exhibitors.

Visit Expo 


*ADVA*
*Open networking solutions for cloud interconnect, cloud access and network
synchronization with scalability, programmability and ease of use.*

ADVA is a company founded on innovation and focused on helping our
customers succeed. Our technology forms the building blocks of a shared
digital future and empowers networks across the globe. We’re continually
developing breakthrough hardware and software that leads the networking
industry and creates new business opportunities. It’s these open
connectivity solutions that enable our customers to deliver the cloud and
mobile services that are vital to today’s society and for imagining new
tomorrows. Together, we're building a truly connected and sustainable
future. Learn more: adva.com

Visit Expo Booth



*Amazon*
*Interconnect with the Amazon global network.*

Amazon operates a global network covering more than 80 cities and over 200
Points of Presence (POPs). Learn more: peering.aws

Visit Expo Booth



*Charter Communications*
*America's fastest-growing TV, Internet and Voice provider.*

At Charter Communications, we connect our customers to innovation. From
Spectrum Internet Gig and our path to 10G, to the Spectrum TV App and
Spectrum Mobile, our blazing fast and secure broadband network powers the
future. Learn more: spectrum.com

Visit Expo Booth



*Clearcable*
*Building Better Broadband for Communities of All Sizes*

Clearcable™ is a specialized telecommunications technical consulting firm
focused on the needs of service providers by developing new business
revenue streams, maintaining existing infrastructure, and proposing new
advancements in telecommunications sectors globally. Clearcable™ provides
assessment and strategy consulting, complex network architecture and
high-level design, logical and physical design, implementation and network
deployments, cabling, project management, training and ongoing network
management and support services. Learn more: clearcable.ca

Visit Expo Booth



*Comcast Technology Solutions*
*Our media and entertainment technology redefines digital experiences and
delivers the future of media to global audiences*

Comcast Technology Solutions offers a portfolio of technology solutions,
the CTSuite, that provides the industry with the technology, scale and
expertise to expand and navigate the rapidly-changing media and
entertainment technology landscape. We invent technology that solves
industry challenges, reimagines what is possible, and transforms businesses
for an ever-changing world. Built on Comcast’s know-how, proven facilities,
scalable platforms, and infrastructure, Comcast Technology Solutions offers
more than 20 years of reliable real-world broadcast and digital experience.
We partner with customers to redefine expectations and deliver the future
to global audiences. Learn more: comcasttechnologysolutions.com

Visit Expo Booth



*Corero Network Security*
*Real-Time DDoS Protection*

Corero is a global leader in real-time, high-performance, automatic DDoS
defense solutions. Both Service and Hosting providers, alongside digital
enterprises across the globe rely on Corero’s award winning cybersecurity
technology to eliminate the threat of Distributed Denial of Service (DDoS)
to their digital environment through automatic attack detection and
mitigation, coupled with network visibility, analytics and reporting.

Corero’s industry leading SmartWall and SecureWatch technology provides
scalable protection capabilities against external DDoS attackers and
internal DDoS botnets in the most complex edge and subscriber environments,
while enabling a more cost-effective economic model than previously
available. Corero’s key operational centers located in Marlborough,
Massachusetts, USA and Edinburgh, UK, with the Company’s headquarters in
Amersham, UK. The Company is also listed on the London Stock Exchange’s AIM
market under the ticker CNS. Learn more: corero.com

Visit Expo Booth



*Fastmetrics, Inc.*
*THE B2B ISP*

Fastmetrics is a dedicated B2B ISP. We manage the connectivity,

Re: New High Fiber Count Deep Sea Cables

[Rod Beck]

I think that report is a summary of the thinking that led to the new higher 
count cables. In fact, those researchers work for the companies that laid those 
cables.

The new cables are based on the ideas outlined in that paper? spacing regen 
farther apart, putting fewer waves on each fiber pair so nonlinearities can be 
avoided, etc.

-R.


From: NANOG  on behalf 
of Mark Tinka 
Sent: Monday, February 1, 2021 3:22 PM
To: nanog@nanog.org 
Subject: Re: New High Fiber Count Deep Sea Cables



On 2/1/21 12:30, Rod Beck wrote:
Here is the intellectual foundation or underpinnings of the  new deep sea 
design which are enabling fiber pair counts as high as 24.

I think the engineers might enjoy this.

https://ieeexplore.ieee.org/document/8369356

This is from 2018 - the submarine cable industry has come a long way since then 
:-).

Channel spacing on marine systems has always been the game. Adding intelligence 
into branching units (BU's), as well as improvements in amplifier design has 
been a contributory factor as well.

What is interesting, now, is that in lieu of copper, aluminium is being 
preferred as a conductor, to lower build costs.

Mark.

Re: New High Fiber Count Deep Sea Cables

[Mark Tinka]

On 2/1/21 12:30, Rod Beck wrote:
Here is the intellectual foundation or underpinnings of the  new deep 
sea design which are enabling fiber pair counts as high as 24.


I think the engineers might enjoy this.

https://ieeexplore.ieee.org/document/8369356 



This is from 2018 - the submarine cable industry has come a long way 
since then :-).


Channel spacing on marine systems has always been the game. Adding 
intelligence into branching units (BU's), as well as improvements in 
amplifier design has been a contributory factor as well.


What is interesting, now, is that in lieu of copper, aluminium is being 
preferred as a conductor, to lower build costs.


Mark.

Question About Marea Cable

[Rod Beck]

Off list, please. Anyone know the RTD of this cable from its Ashburn POP to its 
Bilboa cable landing station. A 2018 press release brags it is one of the 
lowest latency Trans-Atlantic cables.

Regards,

Roderick.


Roderick Beck

VP of Business Development

United Cable Company

www.unitedcablecompany.com

New York City & Budapest

rod.b...@unitedcablecompany.com

Budapest: 36-70-605-5144

NJ: 908-452-8183


[1467221477350_image005.png]

New High Fiber Count Deep Sea Cables

[Rod Beck]

Here is the intellectual foundation or underpinnings of the  new deep sea 
design which are enabling fiber pair counts as high as 24.

I think the engineers might enjoy this.

https://ieeexplore.ieee.org/document/8369356
[https://ieeexplore.ieee.org/assets/img/ieee_logo_smedia_200X200.png]
Cost-Optimized Submarine Cables Using Massive Spatial 
Parallelism
ieeexplore.ieee.org



Roderick Beck

VP of Business Development

United Cable Company

www.unitedcablecompany.com

New York City & Budapest

rod.b...@unitedcablecompany.com

Budapest: 36-70-605-5144

NJ: 908-452-8183


[1467221477350_image005.png]

Re: Zurich Data Center

[Fredy Kuenzler]

This one at Aargauerstasse 10 in Zurich is operated by the incumbent Swisscom, 
mainly for their own purpose. It‘s called «Zurich Herdern» with LEX code 
790ZHH, despite it‘s not a LEX in the classical sense. 

There is a similar one in another area of the city called «Zurich Binz» with 
the code 790ZHB.

We (Init7) along with some other carriers are present too in both, mainly for 
interconnection purpose. Strict rules for other carriers unlike in the carrier 
neutral sites of the ususal suspects (Equinix, e-shelter NTT, Interxion, 
green.ch...). For example: expect cross connects delivery times of at least 6 
to 8 weeks to other 3rd party carriers. It is not a regulated product but the 
process feels like.

They also sell space and power to 3rd party customers in 790ZHH (not carriers), 
commonly along with expensive telco services, but I‘m not too familiar with 
details. We have one or two customers there which decided not to buy only from 
the incumbent. Saying this: 790ZHH is somewhat carrier neutral but it‘s 
complicated.

Hope this helps.

--
Fredy Künzler

Init7 (Switzerland) Ltd.
Technoparkstrasse 5
CH-8406 Winterthur
https://www.init7.net/

> Am 01.02.2021 um 08:42 schrieb Rod Beck :
> 
> 
> Off list, what can someone tell me about the data center at 
> 
> Aargauerstrasse 10
> 
> 8048 Zürich
> 
> 
> Regards, 
> 
> Roderick. 
> 
> 
> 
> 
> Roderick Beck
> VP of Business Development
> United Cable Company
> www.unitedcablecompany.com
> New York City & Budapest
> rod.b...@unitedcablecompany.com
> Budapest: 36-70-605-5144
> NJ: 908-452-8183 
> 
>