Re: F.ROOT-SERVERS.NET moved to Beijing?
On 3 okt 2011, at 16:30, Todd Underwood wrote: ignoring randy (and others) off-topic comments about hypocrisy, this situation is fundamentally a situation of bad (or different) network policy being applied outside of its scope. i would prefer that china not censor the internet, sure. but i really require that china not censor *my* internet when i'm not in china. Most if not all European operators today force rewrite or blocking of DNS lookups. Belgium added a fairly large site today. There is virtually no way that this can be contained just inside a country. This problem is wy beyond root-servers, China etc. Filtering on the net is becoming common, and was pushed quite hard for at Interent Governance Forum last week. By Interpol and MPAA. Best regards, - kurtis - signature.asc Description: Message signed with OpenPGP using GPGMail
Re: The i-root china reroute finally makes fox news. And congress.
On 16 nov 2010, at 18.08, Suresh Ramasubramanian wrote: http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ I can detect from the report that this has anything to do with i.root? Can you explain that? Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information? Best regards, - kurtis - PGP.sig Description: This is a digitally signed message part
Re: The i-root china reroute finally makes fox news. And congress.
On 17 nov 2010, at 07.17, Fred Baker wrote: On Nov 17, 2010, at 1:08 AM, Suresh Ramasubramanian wrote: http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. As a result, traffic intended to go place A went to place B if the TLD lookup happened to go to the particular root server in question. How did an instance of the root server find itself serving changed records? While there is no obvious indication of who made the change or for what reason, it's unlikely it was accidental. Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response? Sounds to me like one of the arguments for DNSSEC deployment... Before the rumor mill get's going based on the Renesys work again, the article doesn't mention DNS, it mentions re-routing of traffic. I would like to repreat what we have said in the past. As best as we can tell - no i.root-servers.net instance operated by us has answered incorrectly - ever. We serve the data exactly as we receive it from IANA. When I read the article I assumed it referred to the routing leaks of April 8th that was also discussed on Nanog. But I haven't read the report, nor has anyone contacted us regarding it. Renesys has though, a few weeks ago contacted us to get some data from us on what happened in March. Best regards, - kurtis - PGP.sig Description: This is a digitally signed message part
Re: The i-root china reroute finally makes fox news. And congress.
On 17 nov 2010, at 15.37, Lindqvist Kurt Erik wrote: On 16 nov 2010, at 18.08, Suresh Ramasubramanian wrote: http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ I can detect from the report that this has anything to do with i.root? Can you explain that? Apparently typing fast is not a good idea :-( I meant to say I cannot deduct... Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information? Best regards, - kurtis - Best regards, - kurtis - PGP.sig Description: This is a digitally signed message part
Re: Feds disable movie piracy websites in raids
On 1 jul 2010, at 15.20, Patrick W. Gilmore wrote: n Jul 1, 2010, at 9:03 AM, Franck Martin wrote: The question is because gTLDs operations are in the USA, does it mean that the USA have control over all those domain names? Can we trust solely the USA for such control? This will come back with a vengeance in the JPA negotiations, ICANN, etc... JPA discussions are concluded and replaced with the AoC. The discussion on the renewal of the IANA contract I suspect will be a recurring theme in IGF in Villnius. Yeah, because if the domains were housed in another country than the USofA, that country's court system law enforcement surely wouldn't feel any sort of authority over the machines on their sovereign soil. It's just the evil USA that would dare to think in such a fashion. Oh, wait If you look at the . level i.e ICANN my understanding is that if it was a treaty or UN organization that does not apply. However as we are talking gTLD level you are indeed right. Is it possible the law enforcement officers went through the standard due process for the country in which they operate, Just Like Any Other Law Enforcement Agency Would? Nahh, no way we could consider that. It wouldn't allow us to bang on the US and make hollow threats about future negotiations. It's fun to bang on the US, but let's try to keep even a hint of reality perspective in our rants. Please? Best regards, - kurtis - PGP.sig Description: This is a digitally signed message part
AAAA being added for i.root-servers.net
All, This is to inform you that, we (Netnod/Autonomica, operators of i.root-servers.net) have been notified by IANA that on our request an record will be added to the root-zone with serial number 2010061700. Best regards, - kurtis - --- Kurt Erik Lindqvist, CEO kur...@netnod.se, Direct: +46-8-562 860 11, Switch: +46-8-562 860 00 Please note our new address: Franzéngatan 5 | SE-112 51 Stockholm | Sweden PGP.sig Description: This is a digitally signed message part
Please report issues with i.root-servers.net
All, Renesys has since a few days had a blog post at http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml. On the 9th I urged them to provide us with any data if they are seeing incorrect responses from NAY i.root-servers.net instance, and share that with n...@netnod.se. I have so far received a single email from Renesys on friday morning CET time. That email did not contain any data or further information. I asked to share that email with the Nanog list as Renesys will apparently share some results on studies of the i.root-servers.net in Beijing. I have no insight into what these findings, and Renesys did not respond to my request to see them before hand. As of today Renesys have updated their blog post with data that seems to indicate that they have seen incorrect responses from an i.root-servers.net instance. This is the first report of such responses since we re-activated our anycast node in Beijing, and we only saw this by monitoring the comments field to he blog post. At the time of re-activating the node we did test from all locations we could find and queried the i.root-servers.net node in Beijing, and we did not see any incorrect responses. Now, I would request that you all *please* report operational issues with i.root-servers.netm or in case you see any behavior you do not expect to n...@netnod.se. Unfortunately noone from us will attend the upcoming Nanog meeting, and I can't from the agenda see when the presentation is due. I am happy to answer any questions directly though, and I will try and read Renesys results as soon as they are published. In the mean time, as we are dealing what is potentially an operational problem, please report any issues to us. To provide some background, I will share some of my responses to the Renesys email on friday - although I admit they are taken out of context I think they do provide some general background information that might be worth sharing. --- As I wrote in my response to your blogpost, the node in China has ALWAYS been globally reachable (what ever that means. In our terminology it means we are not exporting the prefixes with no-export, so the prefixes propagates as far as our peers advertise them). --- As to the above, many countries tamper with DNS responses so I have no way of assuring anyone that a packet that traverses many countries, many regulations and many networks owners are ever tampered with. In the case where queries to our node in Beijing was seen to respond with incorrect responses, we have obviously been in discussions with our hosts for the node in Beijing and they have as we understand it been in discussions with many of the networks in China. What we understand from these discussions, the occurrence of these incorrect responses for queries sent to i.root-servers.net was a mistake. I have no insight into why or how the mistake happened, but we have been assured it won't be possible for it to happen again. That said - let me again stress that neither we nor anyone else, can assure that packets on the Internet does not get tampered with along the path. What we can do is to deploy mechanisms that will detect this tampering at the application layer, for example DNSSEC. --- Kurt Erik Lindqvist CEO Netnod PGP.sig Description: This is a digitally signed message part
