Google's security.txt

[Marco Davids (Private) via NANOG]

Anyone from Google,

You might want to fix a tiny typo in your security.txt.

RFC9116 uses American spelling, not British spelling, like you did.

Check here:

https://www.uriports.com/tools?method=securitytxt=google.com

It's only a small issue, but it might spread when people start using 
Google's security.txt for inspiration.


--
퓜퓪퓻퓬퓸

IPv6 connectivity to mx[1-4].smtp.goog.

[Marco Davids (Private) via NANOG]

Hi,

At https://internet.nl we're seeing IPv6 connection issues on TCP port 
25 (SMTP) to mx[1-4].smtp.goog.


Either 100% DROP (so no TCP connection) or ⅔ failure to setup connection.

Further testing seems to confirm the problem is bigger and on Google's side.

So, this fails:

echo 'quit' | nc -6 -w 3 mx1.smtp.goog. 25

and this works:

echo 'quit' | nc -4 -w 3 mx1.smtp.goog. 25

(on MacOS use -G instead of -w)

Is anyone else seeing this? Any idea what is causing this?

--
Marco

Re: starlink ixp peering progress

[Marco Davids (Private) via NANOG]

Or this?

https://bgp.he.net/AS14593#_peers6

Op 27/02/2024 om 13:17 schreef b...@uu3.net:

Well, for some basic overview you can use CAIDA AS rank.

You can use it directly, or you may try my (more user friendly)
frontend for it: http://as-rank.uu3.net/?as=14593


-- Original message --

From: Dave Taht 
To: NANOG 
Subject: starlink ixp peering progress
Date: Tue, 27 Feb 2024 02:54:44 -0500

One of the things I learned today was that starlink has published an
extensive guide as to how existing BGP AS holders can peer with them
to get better service.

https://starlink-enterprise-guide.readme.io/docs/peering-with-starlink

I am curious if there is a way to see how many have peered already,
how many they could actually peer with?, and progress over time since
inception what would be the right tools for that? This is pretty
impressive for peering so far:

https://www.peeringdb.com/net/18747

Is there a better email list to discuss ixp stuff?




--
Marco

Re: junos config commit question

[Marco Davids via NANOG]

rollback 0

Op 11-02-22 om 23:18 schreef Lyndon Nerenberg (VE7TFX/VE6BBM):

On an EX4300 switch running JunOS 14.1 let's imagine I typed

config
delete interfaces

before coming to my senses.  How am I supposed to back out of that
mess?  For the life of me, after a week of reading the 3000 page
reference manual, and endless DuckDuckGoing, I cannot see a simple
way of just abandoning the commit.  I've got to be missing something
stunningly obvious here because it's unthinkable that this functionality
doesn't exist.  Help?!?

The only way out I can see is to drop into the shell, make an
uncompressed copy of juniper.conf.gz, then pop back into the config
editor and load that over top of the editor's config view.  Surely
there's a saner way of dealing with this.

--lyndon



--
Marco Davids

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

[Marco Davids (Private) via NANOG]

Hi Laura,

Something seems the matter, indeed:

https://dnsviz.net/d/european-union.europa.eu/YbCzrQ/dnssec/

It's weird; 1.1.1.1 resolves, 8.8.8.8 and 9.9.9.9 return SERVFAIL.

--
Marco


Op 08-12-2021 om 14:27 schreef Laura Smith via NANOG:


Bit of a long stretch given the US audience, but I'm seeing lots of things like 
this at the moment:

info: validation failure : key for validation 
european-union.europa.eu. is marked as invalid because of a previous validation failure 
: DS got unsigned CNAME answer from 
2600:9000:5301:a200::1 and 34.255.155.194 for DS european-union.europa.eu. while building 
chain of trust

info: validation failure : DS got unsigned 
CNAME answer from 2600:9000:5302:9a00::1 and 34.255.155.194 for DS 
european-union.europa.eu. while building chain of trust

validation failure : signatures from unknown keys from 
147.67.12.3

info: validation failure : signatures from unknown keys 
from 147.67.12.3

Re: IPv6 and CDN's

[Marco Davids via NANOG]

Hi again,

Op 22-10-21 om 17:13 schreef Job Snijders:


Tl;DR


Not at all. This was a very interesting read! Thank you.

While pondering over it, I noticed that the ns[1234].fastly.net servers 
are nicely anycasted throughout the globe. If anyone could turn on IPv6 
on their authoritatives without therisk of loosing too much performance, 
I reckon it would be them... our Cloudflare. But they already did it. ;-).


> work in progress!

I have good hopes. Rumour has it that Fastly employs some very smart 
people. I'm sure we'll see nice things happening when the time is right.


--
Marco

Re: IPv6 and CDN's

[Marco Davids via NANOG]

On second thoughts...

I seem to have been confused by the 'no  records for fastly.net' (as 
a DNS-purist: that should have said "ns[1234].fastly.net" instead, to 
make it relevant). ;-)


I ran into this some time ago with deb.debian.org 


Right.

So please ignore:


Just for the record; your issue is slightly different:

You wrote:

"deb.debian.org is a CNAME for debian.map.fastly.net. There are no  
records for fastly.net so any DNS querys from an IPv6 only resolver will 
not work."



--
Marco

Re: IPv6 and CDN's

[Marco Davids via NANOG]

Hi Jens,

Op 22-10-21 om 14:03 schreef Jens Link:


I ran into this some time ago with deb.debian.org on an IPv6 only Debian
VM with a locally installed resolver. I opened a ticket which was closed
in record time: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961296


Just for the record; your issue is slightly different:

You wrote:

"deb.debian.org is a CNAME for debian.map.fastly.net. There are no  
records for fastly.net so any DNS querys from an IPv6 only resolver will 
not work."


At the moment debian.map.fastly.net has an -record though.

The thing is; the authoritative name servers of fastly.net are only 
willing to hand out that -record via IPv4. So it still doesn't work 
with the (locally installed) IPv6-only resolver ;-)


Cheers,

--
Marco

IPv6 and CDN's

[Marco Davids via NANOG]

Hi!

We currently live in times where is actually fun to go IPv6-only. In my 
case, as in: running a FreeBSD kernel compiled without the IPv4-stack.


A few years back doing such thing was mostly disappointing, but nowadays 
is actually quite doable and entertaining.


So, the other day I decided to take this experiment to the next level by 
disconnecting my local resolver from IPv4 as well.


Then things started to break. LinkedIn, Bing, Openstreetmap... Although 
they all work great on IPv6-only, now they no longer did.


It turns out that there underlying CDN's with domain names such as 
‘l-msedge.net’ and ‘trafficmanager.net’ (Microsoft) or 'fastly.net', 
that reside on authoritative name servers that *only* have an IPv4 address.


I guess my question is simple: Why?

Are there good architectural reason for this? Or is it just something 
that is overlooked and forgotten about?


I would love to find out!

Thank you.

--
Marco

This is also fun by the way. Look at that nice banner on 
https://clintonwhitehouse2.archives.gov/ :-)

Trying to get in touch: ntp.org sites broken

[Marco Davids (Private) via NANOG]

Hello,

I'm trying to get in touch with webmas...@ntp.org. But so far without 
luck. Maybe this route will help.


I noticed that quit a number of pages you mention on 
https://www.ntp.org/ are no longer functioning.


Like http://lists.ntp.org/ and http://support.ntp.org/.

If anyone knows a way to get this fixed, please help.

Thank you.

--
Marco

Re: cloud automation BGP

[Marco Davids via NANOG]

Op 29-09-20 om 00:08 schreef Randy Bush:

> have folk looked at https://github.com/nttgin/BGPalerter

Yes.

It does the job. And it's easy to install and run.

-- 
Marco

Re: Update to BCP-38?

[Marco Davids (Private) via NANOG]

On 03/10/2019 15:51, Stephen Satchell wrote:

> For a start, *add* IPv6 examples in parallel with the IPv4 examples.

1000 times +1

We need (much) more IPv6 examples!

--
Marco
(pushing for IPv6 examples since 2007 or so
 like in: https://youtu.be/OLEizGPoB5w?t=30)

Re: any interesting/useful resources available to IPv6 only?

[Marco Davids via NANOG]

Op 03-05-19 om 17:14 schreef Brian J. Murrell:


I wonder if anyone has any references to interesting/useful/otherwise
resources on are only available to IPv6 users that they can forward to
me.


Most of my personals websites are IPv6-only, but they are neither 
interesting nor useful.


Although, perhaps https://dnslabs.nl/ is of any use, because I made 
every attempt to make it entirely IPv6-only, including it's 
authoritative name servers. That sometimes leads to interesting results.


And furthermore I'd like to recommend a site that is not mine, but that 
I appreciate a lot: https://42.be/


--
Marco

Re: NTP question

[Marco Davids via NANOG]

Op 02-05-19 om 02:00 schreef Ask Bjørn Hansen:


Though, on the topic of unusual requirements there are a bunch of
contributors to the NTP Pool using this curious device 


It continues to surprise me that there is still hardware being sold that 
doesn't even support IPv6.


--
Marco

Re: Purchasing IPv4 space - due diligence homework

[Marco Davids via NANOG]

Op 04-04-19 om 01:14 schreef Mike Hammett:

Do you have sources for the ~90% T-Mobile IPv6? Not arguing, but to use 
that as a source myself when spreading the IPv6 good word.




https://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/T-MobileUSA.png

https://stats.labs.apnic.net/ipv6/US (a bit slow, but informative)

--
Marco

Re: Spectrum residential IPv6 rDNS - thank you !

[Marco Davids via NANOG]

Op 10-10-18 om 00:42 schreef Brandon Applegate:


I’m guessing synthesized.  There are a couple of dns servers out there that can 
do this.  An interesting one I just found:

https://all-knowing-dns.zekjur.net


Or, if you prefer DNSSEC capable alternatives, try:

https://github.com/cmouse/pdns-v6-autorev
https://www.knot-dns.cz/docs/2.4/html/modules.html

--
Marco





signature.asc
Description: OpenPGP digital signature

Re: Buying IPv4 blocks

[Marco Davids via NANOG]

Op 04-10-18 om 22:07 schreef John Levine:


Even if you do have v6, some things like DNSSEC don't work very well
if you can't do them over v4.


Is that so?

--
Marco



signature.asc
Description: OpenPGP digital signature

Question to Google

[Marco Davids (Private)]

Hi,

Anyone knows why coogle.com only have IPv4-adresses on their
authoritative DNS?

https://ip6.nl/#!google.com

Are there any plans to fix this?

-- 
Marco



smime.p7s
Description: S/MIME Cryptographic Signature

Re: DNSSEC and ISPs faking DNS responses

[Marco Davids]

On 13/11/15 23:01, Stephane Bortzmeyer wrote:
> On Fri, Nov 13, 2015 at 09:54:28AM +,
>  a.l.m.bu...@lboro.ac.uk  wrote 
>
>> well, in EU I dont think that would ever fly.
> 
> It is done in France, for a long time

And it is common practice in Belgium as well.

http://networkmsg.telenet.be/blocked/fccu/
http://networkmsg.telenet.be/blocked/ksc/

-- 
Marco



smime.p7s
Description: S/MIME Cryptographic Signature

Re: How to force rapid ipv6 adoption

[Marco Davids]

Op 29-09-15 om 22:37 schreef David Hubbard:

> Had an idea the other day; we just need someone with a lot of cash
> (google, apple, etc) to buy Netflix and then make all new releases
> v6-only for the first 48 hours.  I bet my lame Brighthouse and Fios
> service would be v6-enabled before the end of the following week lol.

Sounds like a plan, let's do it.

-- 
Marco



smime.p7s
Description: S/MIME-cryptografische ondertekening

Gmail contact?

[Marco Davids]

Hi,

Is there anyone on this list that can get me in touch with someone at 
Google/Gmail?


I would like to discuss a suggested improvement with them in regard to 
RFC-compliance of DKIM/DMARC.


Please contact me off-list.

Thanks.

--
Marco



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Remember Internet-In-A-Box?

[Marco Davids]

Mark is right and I couldn't agree more with him.

On 15/07/15 08:22, Mark Andrews wrote:

 Yet I can take a Windows XP box.  Tell it to enable IPv6 and it
 just works.  Everything that a node needed existed when Windows XP
 was released.  The last 15 years has been waiting for ISP's and CPE
 vendors to deliver IPv6 as a product.  This is not to say that every
 vendor deployed all the parts of the protocol properly but they
 existed.
 
 Most of the noise was people saying We don't need IPv6 and second
 guessing the design decisions because they still had IPv4 think.
 If you look at the protocol it basically hasn't changed in the last
 15 years. There has been minor tweak but what was there was complete
 enough to deploy.
 


-- 
Marco



smime.p7s
Description: S/MIME Cryptographic Signature

Youtube / IPv6 / Netherlands

[Marco Davids]

Hi,

Would anyone from Google care to explain to me off-list why certain
Youtube-content is blocked in the Netherlands while using IPv6 when it
is working fine via IPv4?

Geolocation imperfections perhaps?

The IPv6-address is within 2a02:a47f:e000::/36
(actually, it is: 2a02:a444:443b:0::::)

Thank you.


-- 
Marco



smime.p7s
Description: S/MIME Cryptographic Signature

Re: 192.0.1.0/24?

[Marco Davids]

Wasn't (part) of this space assigned to RFC6333? Carrier Grade NAT and
stuff...

https://tools.ietf.org/html/rfc6333 ?

--
Marco


manning schreef op 17-04-15 om 22:45:
 nothing that is authoritative (anymore)…   1996-2000
 
 last century, 192.0.0.0/24 and 192.0.1.0/24 were identified as usable address 
 blocks, post-CIDR testing/evaluation.
 they were both earmarked for use in the (then) four new root servers (which 
 became J, K, L, and M)…  they were
 then supposed to be used as the blocks for the root zone distribution masters.
 
 ICANN emerged and claimed them for itself, at one point using them for 
 internal ICANN networking.
 I lost interest/control at that point and don;t know what happened after that.
 
 
 manning
 bmann...@karoshi.com
 PO Box 12317
 Marina del Rey, CA 90295
 310.322.8102
 
 
 
 On 17April2015Friday, at 13:26, Harley H bobb.har...@gmail.com wrote:
 
 It is mentioned in RFC 1166 as BBN-TEST-C. I suppose it's still not
 publicly allocated.

 On Fri, Apr 17, 2015 at 4:18 PM, Josh Luthman j...@imaginenetworksllc.com
 wrote:

 No one?

 http://whois.arin.net/rest/net/NET-192-0-0-0-0/pft


 http://www.dslreports.com/forum/r28692406-Outgoing-traffic-to-192.0.1.0-port-1000-


 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373

 On Fri, Apr 17, 2015 at 4:14 PM, Harley H bobb.har...@gmail.com wrote:

 Does anyone know the status of this netblock? I've come across a malware
 sample configured to callback to an IP in that range but it does not
 appear
 to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any
 whois information.

 Thanks,
 Harley



 





smime.p7s
Description: S/MIME-cryptografische ondertekening

Re: 192.0.1.0/24?

[Marco Davids]

Marco Davids schreef op 17-04-15 om 23:08:

 https://tools.ietf.org/html/rfc6333 ?

Oh wait, that's 192.0.0.0/29, not 192.0.1.0/24...

--
Marco






smime.p7s
Description: S/MIME-cryptografische ondertekening

Re: 192.0.1.0/24?

[Marco Davids]

Doug Barton schreef op 18-04-15 om 01:52:

 Harley is correct that 192.0.1/24 is mentioned in 1166, but AFAICS after
 cursory examination it has fallen through the cracks since then.

It has been seen in the wild a few times though (for whatever reason...)

https://stat.ripe.net/192.0.1.0%2F24#tabId=routing

--
Marco




smime.p7s
Description: S/MIME-cryptografische ondertekening

Re: Seeking IPv6 Security Resources

[Marco Davids]

Hi,

Perhaps https://tools.ietf.org/html/rfc7217 might also fit in the list.

--
Marco

Arturo Servin schreef op 26-11-14 om 10:28:
 Chris
 
 Some that come to my mind:
 
 draft-ietf-v6ops-balanced-ipv6-security and (not sure how up to date is
 this one) RFC 6092 Recommended Simple Security Capabilities in Customer
 Premises Equipment (CPE) for Providing Residential IPv6 Internet Service
 RFC 5157 IPv6 Implications for Network Scanning and
 draft-ietf-opsec-ipv6-host-scanning
 RFC 6104, 6105, 7113 All about Router Advertisement Guard (RA-Guard)
 draft-ietf-opsec-v6
 RFC 6583 Operational Neighbor Discovery Problems
 
 Regards
 as
 
 On Tue Nov 25 2014 at 8:34:16 PM Chris Grundemann cgrundem...@gmail.com
 wrote:
 
 Hail NANOG!

 I am looking for IPv6 security resources to add to:
 http://www.internetsociety.org/deploy360/ipv6/security/

 These could be best current practice documents, case-studies,
 lessons-learned/issues-found, research/evaluations, RFCs, or anything else
 focused on IPv6 security really.

 I'm not requesting that anyone do any new work, just that you point me to
 solid public documents that already exist. Feel free to share on-list or
 privately, both documents you may have authored and those you have found
 helpful.

 Thanks!
 ~Chris

 Note: Not every document shared will get posted to the Deploy360 site.

 --
 @ChrisGrundemann
 http://chrisgrundemann.com



-- 
Marco Davids



smime.p7s
Description: S/MIME-cryptografische ondertekening

Re: abha ahuja

[Marco Davids]

Op 20-10-13 00:36, Randy Bush schreef:
 abha ahuja, researcher and operator, died this day in 2001
All these dear people that have passed away... Makes you think about
your own mortality, doesn't it?

And the list isn't going to get shorter, I am afraid. Kinda depressing...

Perhaps we should create a special remembrance day, once a year, where
we remember all of them?
And carry on with joy on all other days.

-- 
Marco




smime.p7s
Description: S/MIME-cryptografische ondertekening

Re: DNS Reliability

[Marco Davids (Prive)]

On 09/13/13 03:53, Larry Sheldon wrote:
 On 9/12/2013 3:25 PM, Phil Fagan wrote:
 Its a good point about the anycast; 99.999% should be expected.
 A small choice of attitude-reflecting language.

 I expect 100.000%

 I'll accept 99.999% or better.


It depends... define 'lost queries'. For example; is RRL included here
or not (sometimes you want to deliberatly 'loose' queries).

--
Marco

Re: Open Resolver Problems

[Marco Davids]

Op 27-03-13 16:54, Owen DeLong schreef:
 It's been available in linux for a long time, just not in BIND…

Not entirely true:

http://www.redbarn.org/dns/ratelimits

 Here is a working ip6tales example:

Tricky...

There is also the 'hashlimit' module (at least for v4, not sure about
v6), that may be a better approach, because it works on a 'per ip
address'-basis.

See https://lists.isc.org/pipermail/bind-users/2012-July/088223.html for
some inspiration of how it may be of value.

--
Marco

On Mar 27, 2013, at 6:47 AM, William Herrin b...@herrin.us wrote:
 On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka t...@cloudflare.com wrote:
 Authoritative DNS servers need to implement rate limiting. (a client
 shouldn't query you twice for the same thing within its TTL).
 Right now that's a complaint for the mainstream software authors, not
 for the system operators. When the version of Bind in Debian Stable
 implements this feature, I'll surely turn it on.

 Regards,
 Bill Herrin


 -- 
 William D. Herrin  her...@dirtside.com  b...@herrin.us
 3005 Crane Dr. .. Web: http://bill.herrin.us/
 Falls Church, VA 22042-3004



-- 
Marco Davids




smime.p7s
Description: S/MIME-cryptografische ondertekening

Re: GeoDNS

[Marco Davids]

Op 21-03-13 15:48, kg9020 schreef:
 Hello 

 Have you tried

 https://github.com/blblack/gdnsd
Or maybe https://github.com/miekg/geodns, if you are into Go.

Here it an be seen 'in action':

http://dns-status.ntppool.org/#

--
Marco




smime.p7s
Description: S/MIME-cryptografische ondertekening

Google's Public DNS does DNSSEC validation

[Marco Davids]

This is interesting news; it seems that Google's Public DNS is
performing DNSSEC validation (when the DO-bit is set):

dig +dnssec +multi www.dnssec.nl @8.8.8.8

;  DiG 9.9.1-vjs163.18-P1  +dnssec +multi www.dnssec.nl @8.8.8.8
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 51937
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;www.dnssec.nl.IN A

;; ANSWER SECTION:
www.dnssec.nl.21580 IN A 213.154.228.160
www.dnssec.nl.21580 IN RRSIG A 8 3 86400 (
20130227071505 20130128071505 33084 dnssec.nl.
J9MzudQJHT7UEFZDxioAeOSARqvN87stHIiXLdl1f6ZB
I3UGSqKIOlYpuaM7a6jk8k8oajUkGEHGOxa9ypJQHvlv
mAE6noaI5sZh6R6lnkd48zGs/xPg4BNODG2zNb3I/lQ3
2ojQtcs9AIMDEtH5+XISuwvPre5hhYkneM6mtUc= )

;; Query time: 28 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jan 29 08:03:53 2013
;; MSG SIZE  rcvd: 227

-- 
Marco Davids




smime.p7s
Description: S/MIME-cryptografische ondertekening

Re: Big day for IPv6 - 1% native penetration

[Marco Davids (Prive)]

On 11/26/12 15:53, sth...@nethelp.no wrote:
 Again, where're the compelling IPv6-only content/apps/services?

 To answer your rhetorical question, http://www.kame.net/ has a dancing
 kame.  To my knowledge, that's the most compelling IPv6-only content.
 Don't forget http://loopsofzen.co.uk/ - that's definitely the most
 compelling IPv6-only content I've found.


http:///thepiratebay/.se./ipv6/.sixxs.org was popular for a while, when
major ISP's in the Netherlands where forced to block 'The Piratebay'
overhere in the Netherlands, I believe...

--
Marco

DNS issues with tools.ietf.org

[Marco Davids (Prive)]

Hi,

Something seems wrong with the DNS of 'tools.ietf.org'.

Can anyone conform?

--
Marco

Re: DNS issues with tools.ietf.org

[Marco Davids (Prive)]

On Wed, 4 Apr 2012, Matt Ryanczak wrote:


On 04/04/2012 04:28 PM, Craig Van Tassle wrote:

It works for me.


works for me too but there do appear to be some problems:


And what about this:

dig tools.ietf.org @merlot.levkowetz.com.

;  DiG 9.7.0-P1  tools.ietf.org @merlot.levkowetz.com.
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 33101

Re: DNS issues with tools.ietf.org

[Marco Davids (Prive)]

On Wed, 4 Apr 2012, Stephane Bortzmeyer wrote:


And what about this:


But two name servers, gamay and shiraz still work. So the domain
works


Actually it didn't resolve at all. Even an 'unbound-host -v -d' 
failed.


But... things seem to be working fine again, at least to the extend that I 
can reach the website.


--
Marco

RE: root zone stats

[Marco Davids (Prive)]

On Sun, 11 Mar 2012, Frank Bulk wrote:


Some nice info here, too: http://bgp.he.net/report/dns


Nice, but... not 100% up to date?

.cw seems to be missing.

--
Marco



Frank

-Original Message-
From: Doug Barton [mailto:do...@dougbarton.us]
Sent: Saturday, March 10, 2012 5:14 PM
Cc: APNIC Mailing List; nanog@nanog.org
Subject: root zone stats

Since there was a question about this, some numbers:

Serial: 2012031001

Statistics
==
Number of root servers:   13
Roots with IPv6 glue:  9

Number of gTLDs:  22
Number of ccTLDs:249
Number of IDN TLDs:   42
Total number of TLDs:313

Number of IPv4 hosts:   1176
Number of IPv4 addresses:   1145

Number of IPv6 hosts:427
Number of IPv6 addresses:412
TLDs with IPv6 glue: 258

Total name server hosts:1177
Total NS addresses: 1557

Number of DS records:141
Number of TLDs with DS:   85


Enjoy,

Doug

--
   If you're never wrong, you're not trying hard enough

RE: root zone stats

[Marco Davids (Prive)]

On Mon, 12 Mar 2012, Marco Davids (Prive) wrote:


Some nice info here, too: http://bgp.he.net/report/dns



.cw seems to be missing.


Oops, it isn't... it's just not wehere I expected it.

--
Marco

Paging OpenDNS

[Marco Davids (Prive)]

Hi,

Can someone responsible for 'malware-bl...@opendns.com' please contact me 
offline?


Thank you.

--
Marco

DNSSEC on the resolver-side?

[Marco Davids (Prive)]

Hi,

I wonder... How many people here have activated DNSSEC validation on their 
resolvers?


Please let me know off-list when the page below results in a green tick:

http://dnssectest.sidn.nl/

Additional details are welcome, like:

- The IP-address of the resolver(s) you used (if you know)
- Whether this is an 'official' resolver at an ISP or not
- You current IP-address, or the ISP you are at (http://ip.sidn.nl might be 
helpful).


Maybe some of you DNS-gurus are even able to tell why DNSSEC validation failed, 
even when using DNSSEC-enabled resolvers. For example because of some 
old-school DNS-forwarder in your ADSL modem or something. That would be 
great information also.


The reason for this post is just for me to get a rough understanding of the 
level of DNSSEC adoption on the resolver-side and the problems that 
might still exist with DNSSEC validation.


The NANOG wiki (http://nanog.cluepon.net) has nothing 
about DNSSEC yet. Would it be an idea to add something about DNSSEC? I am more 
than willing to do the kick-off for that.


Regards,

--
Marco

Looking for 'websitewelcome.com' contact

[Marco Davids (Prive)]

Hi,

Could anyone responsible for ns[12].websitewelcome.com please contact me
off-list?

Or, can anyone give me a good pointer on how to contact the technical
staff of websitewelcome.com?

Thank you so much,

--
Marco Davids