Re: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Bryan Fields 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/25/23 8:24 PM, Greg Dickinson wrote:
> He didn’t, I was just referencing Mimecast to indicate it was probably
> larger than Charter’s DNS.  Given the reports that someone else gave from
> Virustotal, it seems it’s more widespread than first reported.

Is there a link where this can be looked up?  I've not seen anything on
their website .

If you're going to quote me, please don't alter what I wrote, and please
trim the relevant parts of it.

Thanks,
- -- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEaESdNosUjpjcN/JhYTmgYVLGkUAFAmU5twEACgkQYTmgYVLG
kUDrcA/+MxVAPG4lHhbcsRkKBHKelmnZmM3hmBaLtenn6wOmFJ1TrehBTVBi3+qy
5tREfH8HQ5E/V5iZe/yAkVWETjptYjbpnDS73D6XPTlZzzEs5Py6uv1TMdgGzZf5
twV00M4kfYmzwffKs0hAXuQ8VkKo9x3S9c3jE6MJhqlxtWFMKEVdJX5xlUid0HqQ
wt9KZxO4WVLdRKTfL9XWBh92Mccdo4rcwVFk4jvQDEnJvUg55TMhXNfQL/3a3PSG
Pc/fGgnS+qEM9XxkMHBpilPHb0CB4YRJ7aldSkOZgL/7LVmQ0JyTd+clDSVCKeck
FjHsWf/PRuBRMJHb3fT8mFDEQUltlTIfJr8gbOrV/GkFd0o9gmTYWLkvnUh70uhj
S8ZXlzZoEue1OW5L4KkiFKP1i878aYhyn+OWbl8iW0P3WxmpNP9ZHOEMzAOLajIE
WMK6DJpKBKl8DEsh4diSOPODySC4+mWnle1ZskGsPjTrLCAY+ukzI0k0idZRrFdV
ywaK6nFKGvXkLMJM00s7ibLwAtnn30epGoWHHErKOBFfaZ12oPERoCaFArdNbLZi
dxITHkYFaF70M+Jav/Jh4bf2baHwU/zTNdmDvgp8CjLgVF19439wgj8IeXrvqFQ+
VWLhlCj5D1GvblWi+GejK2dYLSfIWtIWL2CRCuGhHA1CpCdZvtI=
=Esxb
-END PGP SIGNATURE-

Re: [EXTERNAL] Re: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Bryan Fields 
On 10/25/23 4:58 PM, Compton, Rich A wrote:
> Charter uses threat intel from Akamai to block certain "malicious" domains.

Does charter do this on signed domains too?
-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

RE: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Greg Dickinson 
He didn’t, I was just referencing Mimecast to indicate it was probably larger 
than Charter’s DNS.  Given the reports that someone else gave from Virustotal, 
it seems it’s more widespread than first reported.

Greg Dickinson, CCNA
Network Engineer

[mid:ac0798f5d04aec2c4c40f9c44056646c8ba72bfb332f7f64d451d99665886...@getboxer.com/image001.png@01D2DDE3.06E76B70]

From: NANOG  On Behalf 
Of Bryan Fields
Sent: Wednesday, October 25, 2023 2:51 PM
To: nanog@nanog.org
Subject: Re: Charter DNS servers returning invalid IP addresses




This Message originates from outside Bryant Bank.   Please use caution when 
opening this correspondence, attachments or hyperlinks (URLs).  If you have 
questions, please contact IT Support.  Thank you.

On 10/25/23 2:41 PM, Greg Dickinson wrote:
> If it helps troubleshooting, when I click the domain in the email Mimecast
> tells me:
>
> “We checked the website you are trying to access for malicious and
> spear-phishing content and found it likely to be unsafe.”

I saw nothing referencing Mimecast in the original email. Where did you see 
this?

bonesinjars.com
 is not signed with DNSSEC. This is trivial to setup and might
prevent some of this.

Probably not a good idea for your customers to rely on $BIGCABLE DNS servers.
--
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net


NOTICE: This electronic mail message and any files transmitted with it are 
intended exclusively for the individual or entity to which it is addressed. The 
message, together with any attachment, may contain confidential and/or 
privileged information. Any unauthorized review, use, print, save, copy, 
disclosure or distribution is strictly prohibited. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete copies.  Thank you.

Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Sylvain BAYA 

Dear NANOG-er,

Hope this email finds you in good health!

Please see my comments below, inline...

Thanks,


Le 25/10/2023 à 18:50, Jason J. Gullickson via NANOG a écrit :


I've been working for a week or so to solve a problem with DNS 
resolution for Charter customers for our domain bonesinjars.com.  I've 
reached-out to Charter directly but since I'm not a customer I 
couldn't get any help from them.  I was directed by a friend to this 
list in hopes that there may be able to reach a Charter/Spectrum 
engineer who might be able to explain and/or resolve this one.


A dig against Google's DNS servers correctly returns 4 A records:


dig bonesinjars.com 8.8.8.8



...instead of the above, you could try the following command:

`dig bonesinjars.com. @9.9.9.9 +nsid +edns=0 +all +short`

Please, do note the sign `@` and the trailing dot `.`




[...]
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26879
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;8.8.8.8.   IN  A



...this is unexpected! given what you said.



;; Query time: 35 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Oct 23 10:26:32 CDT 2023
;; MSG SIZE  rcvd: 36


Verizon, AT, Comcast and all other DNS servers we tested return the 
same 4 A records.  However the same dig against a Charter DNS 
(24.196.64.53) returns only 127.0.0.54:



dig bonesinjars.com 24.196.64.53




`dig cmnog.cm. @24.196.64.53 +nsid +edns=0 +all`

or

dig cmnog.cm. @`dig -x 24.196.64.53 +short` +nsid +edns=0 +all



; <<>> DiG 9.16.1-Ubuntu <<>> bonesinjars.com 24.196.64.53
[...]
;; QUESTION SECTION:
;bonesinjars.com.        IN    A

;; ANSWER SECTION:
bonesinjars.com.    60    IN    A    127.0.0.54

[...]

;; QUESTION SECTION:
;24.196.64.53.            IN    A




...it's not what you wanted to test!
`dig` understood it otherwise.

...associating the @ sign with the above IPv4 address
would have corrected the behavior of `dig`:
*@24.196.64.53*




;; ANSWER SECTION:
24.196.64.53.        86400    IN    A    24.196.64.53

;; Query time: 27 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
[...]


Any help understanding and addressing this is greatly appreciated!





Hi Jason,

Thanks for your email, brother.

...you should note that:

n#1. each of the command you shared above is not
producing the expected behavior. Please replace
it by the one i suggested, and observe the diff.

n#2. the DNS resolver you try to use appears to not
being, actually, available for any request.
Just try: `dig @24.196.64.53 cm.` or even:
`dig @24.196.64.53 ns1.charter.com.`

Maybe you should, first clarify what you needed to
achieve.

That said! maybe it's a simple matter of changing
a DNS resolver? have you ask to someone within
Charter's network to try with quad9, for example?
...or any other public DNS resolver, to be fair.

Hope this helps!

Shalom,
--sb.




Jason



--
Best Regards !

baya.sylvain [AT cmNOG DOT cm]
|cmNOG's Structure |cmNOG's 
Surveys |Subscribe to cmNOG's Mailing List 
|

__
#‎LASAINTEBIBLE‬|‪#‎Romains15‬:33«*Que LE ‪#‎DIEU‬ de ‪#‎Paix‬ soit avec 
vous tous! ‪#‎Amen‬!*» #‎MaPrière‬ est que tu naisses de 
nouveau.#Chrétiennement‬
«*Comme une biche soupire après des courants d’eau, ainsi mon âme 
soupire après TOI, ô DIEU!*» (#Psaumes42:2)


OpenPGP_0x0387408365AC8594.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [EXTERNAL] Re: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Compton, Rich A 
VirusTotal and other domain reputation sites say the domain is malicious.  
Specifically there have been multiple malware samples that were scanned (latest 
was 10-09-2023) that had this domain hard coded in it. 
https://www.virustotal.com/gui/domain/bonesinjars.com
You may want to get a new domain.  Other option is to contact Akamai and see if 
they can whitelist this domain.  Charter uses threat intel from Akamai to block 
certain "malicious" domains.

-Rich


On 10/25/23, 1:54 PM, "NANOG on behalf of Bryan Fields" 
mailto:charter@nanog.org> on behalf of br...@bryanfields.net 
> wrote:


CAUTION: The e-mail below is from an external source. Please exercise caution 
before opening attachments, clicking links, or following guidance.


On 10/25/23 2:41 PM, Greg Dickinson wrote:
> If it helps troubleshooting, when I click the domain in the email Mimecast
> tells me:
> 
> “We checked the website you are trying to access for malicious and
> spear-phishing content and found it likely to be unsafe.”


I saw nothing referencing Mimecast in the original email. Where did you see 
this?


bonesinjars.com is not signed with DNSSEC. This is trivial to setup and might 
prevent some of this.


Probably not a good idea for your customers to rely on $BIGCABLE DNS servers.
-- 
Bryan Fields


727-409-1194 - Voice
http://bryanfields.net 





E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Bryan Fields 

On 10/25/23 2:41 PM, Greg Dickinson wrote:

If it helps troubleshooting, when I click the domain in the email Mimecast
tells me:

“We checked the website you are trying to access for malicious and
spear-phishing content and found it likely to be unsafe.”


I saw nothing referencing Mimecast in the original email.  Where did you see 
this?

bonesinjars.com is not signed with DNSSEC.  This is trivial to setup and might 
prevent some of this.


Probably not a good idea for your customers to rely on $BIGCABLE DNS servers.
--
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Jason J. Gullickson via NANOG 



That does help Greg.

I've heard from a few other folks on the list that the domain is 
considered suspicious by a few different providers like this.  It's a 
turnkey Squarespace gallery/ecommerce site so I'm not sure why it would 
be classified as a threat, but perhaps a previous domain holder was 
doing something that could have been and these reports are just 
outdated?


- Jason

On 2023-10-25 1:41 pm, Greg Dickinson wrote:

If it helps troubleshooting, when I click the domain in the email 
Mimecast tells me:


"We checked the website you are trying to access for malicious and 
spear-phishing content and found it likely to be unsafe."


Greg Dickinson, CCNA

Network Engineer

From: NANOG  On 
Behalf Of Mark Andrews

Sent: Wednesday, October 25, 2023 1:27 PM
To: Jason J. Gullickson 
Cc: nanog@nanog.org
Subject: Re: Charter DNS servers returning invalid IP addresses

This Message originates from outside Bryant Bank.   Please use caution 
when opening this correspondence, attachments or hyperlinks (URLs).  If 
you have questions, please contact IT Support.  Thank you.


It's being filtered. Only Charter can tell you why.

--

Mark Andrews

On 26 Oct 2023, at 05:07, Jason J. Gullickson via NANOG 
 wrote:


I've been working for a week or so to solve a problem with DNS 
resolution for Charter customers for our domain bonesinjars.com [1].  
I've reached-out to Charter directly but since I'm not a customer I 
couldn't get any help from them.  I was directed by a friend to this 
list in hopes that there may be able to reach a Charter/Spectrum 
engineer who might be able to explain and/or resolve this one.


A dig against Google's DNS servers correctly returns 4 A records:

dig bonesinjars.com [1] 8.8.8.8 [2]

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> bonesinjars.com [1] 
8.8.8.8 [2]

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31383
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bonesinjars.com [1].   IN  A

;; ANSWER SECTION:
bonesinjars.com [1].60  IN  A   198.49.23.145 [3]
bonesinjars.com [1].60  IN  A   198.185.159.145 
[4]

bonesinjars.com [1].60  IN  A   198.49.23.144 [5]
bonesinjars.com [1].60  IN  A   198.185.159.144 
[6]


;; Query time: 1039 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) [7] (UDP)
;; WHEN: Mon Oct 23 10:26:32 CDT 2023
;; MSG SIZE  rcvd: 108

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26879
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;8.8.8.8 [2].   IN  A

;; Query time: 35 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) [7] (UDP)
;; WHEN: Mon Oct 23 10:26:32 CDT 2023
;; MSG SIZE  rcvd: 36

Verizon, AT, Comcast and all other DNS servers we tested return the 
same 4 A records.  However the same dig against a Charter DNS 
(24.196.64.53 [8]) returns only 127.0.0.54 [9]


dig bonesinjars.com [1] 24.196.64.53 [8]

; <<>> DiG 9.16.1-Ubuntu <<>> bonesinjars.com [1] 24.196.64.53 [8]
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17691
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bonesinjars.com [1].INA

;; ANSWER SECTION:
bonesinjars.com [1].60INA127.0.0.54 [9]

;; Query time: 55 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) [7]
;; WHEN: Tue Oct 24 13:28:36 CDT 2023
;; MSG SIZE  rcvd: 60

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4658
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;24.196.64.53 [8].INA

;; ANSWER SECTION:
24.196.64.53 [8].86400INA24.196.64.53 [8]

;; Query time: 27 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) [7]
;; WHEN: Tue Oct 24 13:28:36 CDT 2023
;; MSG SIZE  rcvd: 57

Any help understanding and addressing this is greatly appreciated!

Jason


NOTICE: This electronic mail message and any files transmitted with it 
are intended exclusively for the individual or entity to which it is 
addressed. The message, together with any attachment, may contain 
confidential and/or privileged information. Any unauthorized review, 
use, print, save, copy, disclosure or distribution is strictly 
prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete copies.  Thank 
you.



Links:
--
[1]

Re: XGS-PON & "Dedicated" Service

2023-10-25 Thread Sven Schade 
Hi,

Another way could be the splitting factor.
If you work with 1:8 you have an excellent 1G connection.

Best

Svens

 Am 25.10.2023 um 06:19 schrieb Mark Tinka:


On 10/25/23 01:56, Neader, Brent wrote:

Hello!

Interested in getting the larger community’s thought on this.

The primary question being does XGS-PON have a place in providing a dedicated 
enterprise level service (at least sold as one) in the marketplace?  Delivered 
via a residential (per the data sheet description) CPE, Nokia XS-010X-Q for a 
1gb/1gb dedicated symmetrical service.

Background, ive dealt with 30+ providers over the last 18 years, primarily last 
mile based.  Typically we seek out an Enterprise/Dedicated service, with an 
SLA, typically delivered via DWDM, CWDM, or AE, or equivalent.  We have also 
had a site or two delivered via a PON variant, typically with less of an SLA, 
typically maybe half to quarter of the price of a dedicated service.  Price & 
SLA sets the expectation of the service, CPE provided, underlying technology, 
etc.

Dealing with a large over-builder right now who has an “elite” enterprise 
product (highest of 3 tiers) advertised as the following.


-100% dedicated bandwidth so you never have to compete for speed


-Mission Critical Reliability with 99.999% guaranteed uptime


-Financially backed SLA with the most stringent performance objectives


-Enterprise-level customer service and technical support

Now I understand with XGS, you can have various QOS in place (WRR/SP, etc), but 
inherently there are still shared splits involved, that just aren’t a thing in 
other truly dedicated technologies.  Expectations were set with the provider’s 
sales team around what was to be delivered and how it was to be delivered that 
seemingly haven’t been met by the product and service team.

That aside, from an SP perspective, is it capable to wrap enough layers around 
service to be “dedicated” even when delivered via a conflicting underlying 
technology?  Or could that be considered disingenuous for those that want to 
know and understand the difference?  Im hoping the service itself and support 
team make up for the difference, but obviously a little concerned.

Regular GPON is already being used to deliver Enterprise services, purely 
because it "passes by the office complex" on its way to the residential 
neighborhood. Even when the Sales team are told not to use GPON for Enterprise 
services, they end up doing so... first as a "temporary, we have told the 
customer all the pitfalls" solution, which eventually becomes permanent, and 
then it grows like wildfire.

You can expect that XG-PON will go the same way.

Mark.


--
__

Sven Schade, Geschäftsführer

TNG Stadtnetz GmbH
Gerhard-Fröhler-Str. 12
24106 Kiel · Deutschland

T +49 431/7097-400
F +49 431/7097-555
mailto:ssch...@tng.de

https://www.tng.de

Executive board (Geschäftsführer):
Dr. Sven Willert (CEO/Vorsitz),
Gunnar Peter, Sven Schade,
Carsten Tolkmit

Amtsgericht Kiel HRB 6002 KI
USt-ID: DE225201428
Die Information über die Verarbeitung Ihrer Daten
gemäß Artikel 12 DSGVO können Sie unter https://www.tng.de/datenschutz/ abrufen.
__


smime.p7s
Description: S/MIME cryptographic signature

RE: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Greg Dickinson 
If it helps troubleshooting, when I click the domain in the email Mimecast 
tells me:

“We checked the website you are trying to access for malicious and 
spear-phishing content and found it likely to be unsafe.”



Greg Dickinson, CCNA
Network Engineer

[mid:ac0798f5d04aec2c4c40f9c44056646c8ba72bfb332f7f64d451d99665886...@getboxer.com/image001.png@01D2DDE3.06E76B70]

From: NANOG  On Behalf 
Of Mark Andrews
Sent: Wednesday, October 25, 2023 1:27 PM
To: Jason J. Gullickson 
Cc: nanog@nanog.org
Subject: Re: Charter DNS servers returning invalid IP addresses




This Message originates from outside Bryant Bank.   Please use caution when 
opening this correspondence, attachments or hyperlinks (URLs).  If you have 
questions, please contact IT Support.  Thank you.

It’s being filtered. Only Charter can tell you why.
--
Mark Andrews


On 26 Oct 2023, at 05:07, Jason J. Gullickson via NANOG 
mailto:nanog@nanog.org>> wrote:

I've been working for a week or so to solve a problem with DNS resolution for 
Charter customers for our domain 
bonesinjars.com.
  I've reached-out to Charter directly but since I'm not a customer I couldn't 
get any help from them.  I was directed by a friend to this list in hopes that 
there may be able to reach a Charter/Spectrum engineer who might be able to 
explain and/or resolve this one.

A dig against Google's DNS servers correctly returns 4 A records:

dig 
bonesinjars.com
 
8.8.8.8

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> 
bonesinjars.com
 
8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31383
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bonesinjars.com.
   IN  A

;; ANSWER SECTION:
bonesinjars.com.
60  IN  A

Re: Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Mark Andrews 
It’s being filtered. Only Charter can tell you why. 

-- 
Mark Andrews

> On 26 Oct 2023, at 05:07, Jason J. Gullickson via NANOG  
> wrote:
> 
> 
> I've been working for a week or so to solve a problem with DNS resolution for 
> Charter customers for our domain bonesinjars.com.  I've reached-out to 
> Charter directly but since I'm not a customer I couldn't get any help from 
> them.  I was directed by a friend to this list in hopes that there may be 
> able to reach a Charter/Spectrum engineer who might be able to explain and/or 
> resolve this one.
> 
> A dig against Google's DNS servers correctly returns 4 A records:
> 
> 
> dig bonesinjars.com 8.8.8.8 
> 
> ; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> bonesinjars.com 8.8.8.8 
> ;; global options: +cmd 
> ;; Got answer: 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31383 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 
> 
> ;; OPT PSEUDOSECTION: 
> ; EDNS: version: 0, flags:; udp: 65494 
> ;; QUESTION SECTION: 
> ;bonesinjars.com.   IN  A 
> 
> ;; ANSWER SECTION: 
> bonesinjars.com.60  IN  A   198.49.23.145 
> bonesinjars.com.60  IN  A   198.185.159.145 
> bonesinjars.com.60  IN  A   198.49.23.144 
> bonesinjars.com.60  IN  A   198.185.159.144 
> 
> ;; Query time: 1039 msec 
> ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) 
> ;; WHEN: Mon Oct 23 10:26:32 CDT 2023 
> ;; MSG SIZE  rcvd: 108 
> 
> ;; Got answer: 
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26879 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 
> 
> ;; OPT PSEUDOSECTION: 
> ; EDNS: version: 0, flags:; udp: 65494 
> ;; QUESTION SECTION: 
> ;8.8.8.8.   IN  A 
> 
> ;; Query time: 35 msec 
> ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) 
> ;; WHEN: Mon Oct 23 10:26:32 CDT 2023 
> ;; MSG SIZE  rcvd: 36
> 
> 
> 
> Verizon, AT, Comcast and all other DNS servers we tested return the same 4 
> A records.  However the same dig against a Charter DNS (24.196.64.53) returns 
> only 127.0.0.54:
> 
> 
> 
> dig bonesinjars.com 24.196.64.53
> 
> ; <<>> DiG 9.16.1-Ubuntu <<>> bonesinjars.com 24.196.64.53
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17691
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 65494
> ;; QUESTION SECTION:
> ;bonesinjars.com.INA
> 
> ;; ANSWER SECTION:
> bonesinjars.com.60INA127.0.0.54
> 
> ;; Query time: 55 msec
> ;; SERVER: 127.0.0.53#53(127.0.0.53)
> ;; WHEN: Tue Oct 24 13:28:36 CDT 2023
> ;; MSG SIZE  rcvd: 60
> 
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4658
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 65494
> ;; QUESTION SECTION:
> ;24.196.64.53.INA
> 
> ;; ANSWER SECTION:
> 24.196.64.53.86400INA24.196.64.53
> 
> ;; Query time: 27 msec
> ;; SERVER: 127.0.0.53#53(127.0.0.53)
> ;; WHEN: Tue Oct 24 13:28:36 CDT 2023
> ;; MSG SIZE  rcvd: 57
> 
> 
> 
> Any help understanding and addressing this is greatly appreciated!
> 
> 
> 
> Jason

Charter DNS servers returning invalid IP addresses

2023-10-25 Thread Jason J. Gullickson via NANOG 



I've been working for a week or so to solve a problem with DNS 
resolution for Charter customers for our domain bonesinjars.com.  I've 
reached-out to Charter directly but since I'm not a customer I couldn't 
get any help from them.  I was directed by a friend to this list in 
hopes that there may be able to reach a Charter/Spectrum engineer who 
might be able to explain and/or resolve this one.


A dig against Google's DNS servers correctly returns 4 A records:

dig bonesinjars.com 8.8.8.8

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> bonesinjars.com 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31383
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bonesinjars.com.   IN  A

;; ANSWER SECTION:
bonesinjars.com.60  IN  A   198.49.23.145
bonesinjars.com.60  IN  A   198.185.159.145
bonesinjars.com.60  IN  A   198.49.23.144
bonesinjars.com.60  IN  A   198.185.159.144

;; Query time: 1039 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Oct 23 10:26:32 CDT 2023
;; MSG SIZE  rcvd: 108

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26879
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;8.8.8.8.   IN  A

;; Query time: 35 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Oct 23 10:26:32 CDT 2023
;; MSG SIZE  rcvd: 36

Verizon, AT, Comcast and all other DNS servers we tested return the 
same 4 A records.  However the same dig against a Charter DNS 
(24.196.64.53) returns only 127.0.0.54:


dig bonesinjars.com 24.196.64.53

; <<>> DiG 9.16.1-Ubuntu <<>> bonesinjars.com 24.196.64.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17691
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bonesinjars.com.INA

;; ANSWER SECTION:
bonesinjars.com.60INA127.0.0.54

;; Query time: 55 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Oct 24 13:28:36 CDT 2023
;; MSG SIZE  rcvd: 60

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4658
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;24.196.64.53.INA

;; ANSWER SECTION:
24.196.64.53.86400INA24.196.64.53

;; Query time: 27 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Oct 24 13:28:36 CDT 2023
;; MSG SIZE  rcvd: 57

Any help understanding and addressing this is greatly appreciated!

Jason

Re: RPKI unknown for superprefixes of existing ROA ?

2023-10-25 Thread Owen DeLong via NANOG 
In fairness, however, there is a natural tendency for many of those PNIs to be 
built in locations
in common with IXPs and often they start as IXP connections and with growth of 
traffic end up
migrating to PNIs for further expansion.

Owen


> On Oct 24, 2023, at 18:15, Randy Bush  wrote:
> 
>> Believe it or not, Job, there are parts of the internet that exchange
>> traffic and move packets that are not IXPs.
> 
> in fact, measurements had shown that the majority of inter-domain
> traffic is over pnis
> 
> randy

US Bancorp

2023-10-25 Thread Eric C. Miller 
Is there anyone from USBancorp here that can help me troubleshoot a lossy 
connection from an employee VPN?

Eric