Re: Anyone from Verisign J root on the list?

[Peter Losher]

On Sat, Mar 7, 2020 at 7:33 AM Anurag Bhatia  wrote:
>
>
> Was wondering if there's anyone from Verisign managing the J root? Can you 
> please contact me offlist.
> I am facing issue with consistent ICMP filtering on "rootns-lcy3" since last 
> couple of weeks.

Note that contact information for the root server operators can always
be found at https://root-servers.org/.

In Verisign's case, have you tried root...@verisign.com?

Best Wishes - Peter
-- 
[ “There is nothing more permanent than a temporary solution“ ]

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Peter Losher]

That's true - I had one of the SMC routers for many years when I had static
Business HSI service, and switched earlier this year to using a off the
shelf Arris (ex Motorola) Surfboard modems and dynamic IP on my BHSI
service... my IPv6 service has never been better. :)

Unless you have a static IP configuration - As long as it's on Comcast's
approved modem list they don't care what modem you use even if it's on
their business class service.

Best Wishes - Peter

On Tue, Nov 29, 2016 at 1:18 PM,  wrote:

> To clarify, you cannot rent AND have static IP's.
>
> You can rent your own modem ofr business service when using dynamic IP's.
>
> Robert Webb
>
>
> On Tue, 29 Nov 2016 15:07:52 -0500
>  Jared Mauch  wrote:
>
>> Can't do that with the business service. Oh well, to have choices.
>> Jared Mauch
>>
>>> On Nov 29, 2016, at 2:40 PM, Randy Bush  wrote:
>>>
>>> i am running my own (why rent at silly costs) dpc3008 and wfm.
>>>
>>> randy
>>>
>>
>


-- 
[ http://blog.plosh.net ] - "Earth Halted: Please reboot to continue"

Re: Circuit of the americas aka COTA

[Peter Losher]

On Aug 29, 2012, at 5:00 PM, Chris McDonald copraph...@gmail.com wrote:

 Trendy name for the new racetrack/event venue outside austin.
 
 Does anyone know how one might get connectivity there? I figure there
 must be a few folks here prepping the place for the upcoming formula
 1.
 
 The place seems to be a black hole to all the usual suspects.


Since AS6453 is the official connectivity/technology sponsor for FOM, I suspect 
they will be leasing some dark fiber to COTA for the F1 race.  Some of the F1 
teams have their own telecom sponsors (Vodafone McLaren, etc) which will be 
doing the same.  Don't know who would be pulling the actual fiber though...

BTW - I will be there for the race as well (went to all the USGP races at IMS) 
- perhaps a NANOG meetup may be in order?

Best Wishes - Peter
-- 
[ plos...@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ]

Re: Concern about gTLD servers in India

[Peter Losher]

On Mar 9, 2012, at 10:19 PM, Anurag Bhatia wrote:

 I can see India has 3 root servers hosting root zone - i, j  k in India
 which is good. So we can resolve the root zone i.e dot within India.


One correction to that; F has been operating in India from NIXI Chennai's PoP 
since 2005.  The reason you may not see it from your location in India is that 
it's a local node, so we advertise F's prefixes with the NO_EXPORT community 
string to limit it's reach to networks directly connected to the local 
IX/routeserver @NIXI Chennai.

And even with that restriction as noted at APNIC 33 in Dehli, the node is one 
of our (F's) busiest in Asia...

-Peter
-- 
[ plos...@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ]

Re: Concern about gTLD servers in India

[Peter Losher]

On Mar 11, 2012, at 4:01 AM, Anurag Bhatia wrote:

 Thanks for info Peter
 
 
 I missed that because firstly no routes from major Indian backbones

I can assure you that we get a good chunk of traffic from at least one of the 
major Indian Backbones.  The Chennai PoP is smaller than NIXI's other 
locations in Mumbai/Dehli/Kolkata, but it has a couple of the major players...

 and second it is not even mentioned on official site of root servers - 
 http://www.root-servers.org under F root.

Umm, but it is... search for Chennai, IN and also look the F bubble on 
Chennai on the Google Map that is on the page.

Best Wishes - Peter
-- 
[ plos...@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ]

Re: Concern about gTLD servers in India

[Peter Losher]

On Mar 11, 2012, at 4:11 AM, Anurag Bhatia wrote:

 Btw coming back to original question - can you put some light on gTLDs in 
 India? Are there any instances? Just to clarify - with gTLD I am refering to 
 .com/net/org primarily. 

You would have to ask Verisign as operators of the com/net gTLD servers and 
Afilias for .org about their DNS deployments.  I can only speak for ISC as we 
operate F.ROOT-SERVERS.NET.

Best Wishes - Peter
-- 
[ plos...@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ]

[ISC Security Advisory] BIND 9 Resolver crashes after logging an error in query.c

[Peter Losher]

BIND 9 Resolver crashes after logging an error in query.c

Summary: Organizations across the Internet reported crashes interrupting 
service on BIND 9 nameservers performing recursive queries. Affected servers 
crashed after logging an error in query.c with the following message: INSIST(! 
dns_rdataset_isassociated(sigrdataset)) Multiple versions were reported being 
affected, including all currently supported release versions of ISC BIND 9. ISC 
is actively investigating the root cause and has produced patches which prevent 
the crash. Further information will be made available soon.

CVE: CVE-2011-4313
Document Version: 1.1
Document URL: http://www.isc.org/software/bind/advisories/cve-2011-4313 
Posting date: 16 Nov 2011
Program Impacted: BIND
Versions affected: All currently supported versions of BIND, 9.4-ESV, 9.6-ESV, 
9.7.x, 9.8.x
Severity: Serious
Exploitable: Remotely

Description: 
An as-yet unidentified network event caused BIND 9 resolvers to cache an 
invalid record, subsequent queries for which could crash the resolvers with an 
assertion failure. ISC is working on determining the ultimate cause by which a 
record with this particular inconsistency is cached.At this time we are making 
available a patch which makes named recover gracefully from the inconsistency, 
preventing the abnormal exit. 

The patch has two components. When a client query is handled, the code which 
processes the response to the client has to ask the cache for the records for 
the name that is being queried. The first component of the patch prevents the 
cache from returning the inconsistent data. The second component prevents named 
from crashing if it detects that it has been given an inconsistent answer of 
this nature.
 
CVSS Score: 7.8

CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C) 

Workarounds: 
No workarounds are known. The solution is to upgrade. Upgrade BIND to one of 
the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 
9.4-ESV-R5-P1

Active exploits: 
Under investigation

Solution: 
Patches mitigating the issue are available at: 
https://www.isc.org/software/bind/981-p1
https://www.isc.org/software/bind/974-p1
https://www.isc.org/software/bind/96-esv-r5-p1
https://www.isc.org/software/bind/94-esv-r5-p1

ISC is receiving multiple reports and working with multiple customers on this 
issue. Please E-mail all questions, packet captures, and details to 
security-offi...@isc.org

We very much appreciate all reports received on this issue.

Related Documents: 
Do you have Questions? Questions regarding this advisory should go to 
security-offi...@isc.org.

ISC Security Vulnerability Disclosure Policy: Details of our current security 
advisory policy and practice can be found here: 
https://www.isc.org/security-vulnerability-disclosure-policy

Legal Disclaimer: 
Internet Systems Consortium (ISC) is providing this notice on an AS IS basis. 
No warranty or guarantee of any kind is expressed in this notice and none 
should be implied. ISC expressly excludes and disclaims any warranties 
regarding this notice or materials referred to in this notice, including, 
without limitation, any implied warranty of merchantability, fitness for a 
particular purpose, absence of hidden defects, or of non-infringement. Your use 
or reliance on this notice or materials referred to in this notice is at your 
own risk. ISC may change this notice at any time.
 
A stand-alone copy or paraphrase of the text of this document that omits the 
document URL is an uncontrolled copy. Uncontrolled copies may lack important 
information, be out of date, or contain factual errors.

-- 
[ plos...@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ]