Re: macomnet weird dns record
perfectly legal… the octal records confuse me more than the hex. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 14April2015Tuesday, at 5:36, Colin Johnston col...@gt86car.org.uk wrote: never saw hex in host dns records before. host-242.strgz.87.118.199.240.0xfff0.macomnet.net range is blocked non the less since bad traffic from Russia network ranges. Colin
Re: Searching for a quote
it is true that the risk profile has changed in the last 30 years. his core belief in interconnecting things in an open way, enabling _anyone_ to create,build, and deploy is the core of ISOCs “permission less innovation” thrust. crypto/security folks are green with envy … it is somewhat “sour grapes” no? I count my time working for him as one of the highlights of my life. In some respects, I still do… :) /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 12March2015Thursday, at 17:31, Michael Thomas m...@mtcc.com wrote: Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else. Mike On 3/12/15 5:24 PM, Tom Paseka wrote: Be conservative in what you send, be liberal in what you accept ^http://en.wikipedia.org/wiki/Robustness_principle On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone jason.iann...@gmail.com wrote: There was once a fairly common saying attributed to an early networking pioneer that went something like, be generous in what you accept, and send only the stuff that should be sent. Does anyone know what I'm talking about or who said it?
Re: Verizon Policy Statement on Net Neutrality
Frank was the most vocal… the biggest cidr deployment issue was hardware vendors with “baked-in” assumptions about addressing. IPv6 is doing the same thing with its /64 nonsense. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 1March2015Sunday, at 13:37, David Conrad d...@virtualized.org wrote: On Mar 1, 2015, at 4:26 PM, Owen DeLong o...@delong.com wrote: It was the combination of asymmetric, no or few IPs (and NAT), and bandwidth caps. let's not rewrite history here: IPv4 address scarcity has been a thing since the very early 1990s. Otherwise why would cidr have been created? CIDR had nothing to do with address scarcity. Untrue. CIDR was created in response to the proliferation of class Cs being allocated instead of class Bs. The reason class Cs were being allocated instead of class Bs was due to projections (I believe by Frank Solensky and/or Noel Chiappa) that showed we would exhaust the Class B pool by 1990 or somesuch. This led to the ALE (Address Lifetime Extensions) and CIDRD working groups that pushed for the allocation of blocks of class Cs instead of Class Bs. CIDR also allowed for more appropriately sized blocks to be allocated instead of one-size-fits-most of class Bs. This increased address utilization which likely extended the life of the IPv4 free pool. Regards, -drc
Re: v6 deagg
and then there are the loons who will locally push /64 or longer, some of which may leak. even if things were sane nothing longer than a /32 were to be in the table, are we not looking at the functional equivalent of v4 host routes? /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 19February2015Thursday, at 19:07, Randy Bush ra...@psg.com wrote: in a discussion with some fellow researchers, the subject of ipv6 deaggregation arose; will it be less or more than we see in ipv4? in http://archive.psg.com/jsac-deagg.pdf it was thought that multi-homing, traffic engineering, and the /24 pollution disease were the drivers. multi-homing seems to be increasing, while the other two were stable as a relative measure to total growth. so, at first blush, we thought v6 would be about the same as v4. but then we considered that v6 allocations seem to be /32s, and the longest propagating route seems to be /48, leaving 16 bits with which the deaggregators can play. while in v4 it was /24s out of a /19 or /20, four or five bits. this does not bode well. randy
Re: Reporting DDOS reflection attacks
On 9November2014Sunday, at 11:40, Doug Barton do...@dougbarton.us wrote: On 11/8/14 6:33 PM, Roland Dobbins wrote: this is incorrect and harmful, and should be removed: iii.Consider dropping any DNS reply packets which are larger than 512 Bytes – these are commonly found in DNS DoS Amplification attacks. This *breaks the Internet*. Don't do it. +1 actually, if you think this will help you, by all means drop any DNS packets which are gt. 512bytes, not UDP, and not IPv4. /bill
Fwd: Survey on Smart Data Pricing for Affordable Internet access
The IRTF is looking for data… /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 Begin forwarded message: From: Arjuna Sathiaseelan arjuna.sathiasee...@cl.cam.ac.uk Subject: Survey on Smart Data Pricing for Affordable Internet access Date: November 3, 2014 at 1:56:30 PST To: irtf-disc...@irtf.org Cc: i...@ietf.org All, As part of the newly formed IRTF GAIA RG, we are conducting a research study to better understand how innovative pricing models for data can help bring Internet access to the millions of people in the world who have so far been left disconnected. We wish to ask several questions about how pricing models for data would be most attractive to network operators, as well as the challenges that might come with them. We would appreciate if this can be filled by the network operators, VNOs, the community wireless network operators etc in the mailing list. Incase you know of any other NOs, could you please forward this to them. The deadline for filling the form is November 12th. It will be great to get the survey done by many NOs as possible for us to decipher the benefits of SDP on enabling affordable Internet access. The questionnaire should take no longer than 10 minutes, and all data will be anonymous, private and exclusively used for non-commercial purposes. The survey is here: https://docs.google.com/forms/d/1B-Vtl3mYJ2TJMWiFXxHySMrKSqxrhy0EzVNDlXKhPew/viewform Regards -- Arjuna Sathiaseelan | http://www.cl.cam.ac.uk/~as2330/
Re: Why is .gov only for US government agencies?
FNC “reserved” .gov and .mil for the US. And Postel was right… there was/is near zero reason to technically extend/expand the number of TLDs. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 20October2014Monday, at 12:19, Sandra Murphy sa...@tislabs.com wrote: By the time of RFC1591, March 1994, authored by Jon Postel, said: GOV - This domain was originally intended for any kind of government office or agency. More recently a decision was taken to register only agencies of the US Federal government in this domain. No reference as to who, when, or how. That same RFC says: In the Domain Name System (DNS) naming of computers there is a hierarchy of names. The root of system is unnamed. There are a set of what are called top-level domain names (TLDs). These are the generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two letter country codes from ISO-3166. It is extremely unlikely that any other TLDs will be created. Gotta love that last sentence, yes? --Sandy On Oct 20, 2014, at 12:50 PM, Fred Baker (fred) f...@cisco.com wrote: On Oct 19, 2014, at 5:05 AM, Matthew Petach mpet...@netflight.com wrote: Wondering if some of the long-time list members can shed some light on the question--why is the .gov top level domain only for use by US government agencies? Where do other world powers put their government agency domains? With the exception of the cctlds, shouldn't the top-level gtlds be generically open to anyone regardless of borders? Would love to get any info about the history of the decision to make it US-only. Thanks! Matt The short version is that that names were a process. In the beginning, hosts simply had names. When DNS came into being, names were transformed from “some-name” to “some-name.ARPA”. A few of what we now all gTLDs then came into being - .com, .net, .int, .mil, .gov, .edu - and the older .arpa names quickly fell into disuse. ccTLDs came later. I’ve been told that the reason God was able to create the earth in seven days was that He had no installed base. We do. The funny thing is that you’ll see a reflection of the gTLDs underneath the ccTLDs of a number of countries - .ac, .ed, and the like.
Re: IPv6 Default Allocation - What size allocation are you giving out
yes! by ALL means, hand out /48s. There is huge benefit to announcing all that dark space, esp. when virtually no one practices BCP-38, esp in IPv6 land. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 8October2014Wednesday, at 18:31, Mark Andrews ma...@isc.org wrote: Give them a /48. This is IPv6 not IPv4. Take the IPv4 glasses off and put on the IPv6 glasses. Stop constraining your customers because you feel that it is a waste. It is not a waste It will also reduce the number of exceptions you need to process and make over all administration easier. As for only two subnets, I expect lots of equipment to request prefixes in the future not just traditional routers. It will have descrete internal components which communicate using IPv6 and those components need to talk to each other and the world. In a IPv4 world they would be NAT'd. In a IPv6 world the router requests a prefix. Mark In message 495d0934da46854a9ca758393724d5906da...@ni-mail02.nii.ads, Erik Sun dberg writes: I am planning out our IPv6 deployment right now and I am trying to figure o= ut our default allocation for customer LAN blocks. So what is everyone givi= ng for a default LAN allocation for IPv6 Customers. I guess the idea of ha= nding a customer /56 (256 /64s) or a /48 (65,536 /64s) just makes me cring= e at the waste. Especially when you know 90% of customers will never have m= ore than 2 or 3 subnets. As I see it the customer can always ask for more I= Pv6 Space. /64 /60 /56 /48 Small Customer? Medium Customer? Large Customer? Thanks Erik CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files = or previous e-mail messages attached to it may contain confidential informa= tion that is legally privileged. If you are not the intended recipient, or = a person responsible for delivering it to the intended recipient, you are h= ereby notified that any disclosure, copying, distribution or use of any of = the information contained in or attached to this transmission is STRICTLY P= ROHIBITED. If you have received this transmission in error please notify th= e sender immediately by replying to this e-mail. You must destroy the origi= nal transmission and its attachments without reading or saving in any manne= r. Thank you. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Scotland ccTLD? - armchair quarterbacking
Perhaps a dose of factual information may temper this thread. If we are talking about ISO-3166-2 - the basis for the CCTLD delegations, then: 1_ Scotland has no say in the country code selected. 2_ ICANN has no say in the country code selected. 3_ The choice is up to an ISO committee. See: http://www.iso.org/iso/country_codes.htm /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 16September2014Tuesday, at 18:15, Larry Sheldon larryshel...@cox.net wrote: On 9/16/2014 18:57, Masataka Ohta wrote: What will happen to .uk if England is left alone? Masataka Ohta There are still at least 3 countries left in the UK if Scotland splits. The name change is that in that event, Great Britain (.gb country-code Reserved Domain - IANA) will refer only to the land mass (which it should any way, but if often used to refer to the three kingdoms on it. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes.
Re: [ PRIVACY Forum ] An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia
so Internet in the US is safe… /bill Neca eos omnes. Deus suos agnoscet. On 31August2014Sunday, at 22:35, Jay Ashworth j...@baylink.com wrote: Cause it's a long weekend, and why shouldn't it be whackier than normal. - Forwarded Message - From: PRIVACY Forum mailing list priv...@vortex.com To: privacy-l...@vortex.com Sent: Sunday, August 31, 2014 11:34:16 PM Subject: [ PRIVACY Forum ] An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia (Iran Human Rights): http://www.iranhumanrights.org/2014/08/makarem-internet/ A Grand Ayatollah in Iran has determined that access to high-speed and 3G Internet is against Sharia and against moral standards. In answer to a question published on his website, Grand Ayatollah Nasser Makarem Shirazi, one of the country's highest clerical authorities, issued a fatwa, stating All third generation [3G] and high-speed internet services, prior to realization of the required conditions for the National Information Network [Iran's government-controlled and censored Internet which is under development], is against Sharia [and] against moral and human standards. - - - Comcast, Verizon, ATT, Time Warner Cable, and other dominant ISPs are now in a bidding war to hire him as a consultant and board member. RUN AWAY!!! Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: So Philip Smith / Geoff Huston's CIDR report becomes worth a good hard look today
Sprint used to proxy aggregate… I remember 128.0.0.0/3 the real question, imho, is if folks are going to look into their crystal balls and roadmap where the default offered is a /32 (either v4 or v6) and plan accordingly, or just slap another bandaid on the oozing wound... /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 13August2014Wednesday, at 21:15, Patrick W. Gilmore patr...@ianai.net wrote: Composed on a virtual keyboard, please forgive typos. On Aug 13, 2014, at 22:59, Suresh Ramasubramanian ops.li...@gmail.com wrote: Swisscom or some other European SP has / used to have a limit where they would not accept more specific routes than say a /22 from provider x, so if you wanted to take a /24 and announce it you were SOL sending packets to them from that /24 over provider y. Still, for elderly and capacity limited routers, that might work. And Sprint used to filter on /19s outside swamp space. (See NANOG 1999 archives for my [wrong then corrected] interpretation of ACL112.) Etc., etc. For stub networks, especially ones who are not as performance sensitive, this can help extend the life of their routers. But not everyone can make AGS+s work for years past their useful life or get -doran IOS builds. The 6500 was first sold in 1999. I'm impressed it has lasted this long, even with new sups. Time to start thinking about upgrading. As for networks providing transit, those were highly unsound policies, IMHO. I specifically did not buy from Sprint then or Verio later when they did it, and I was not alone. Giving your customers less than full routes has lots of bad side effects, such as less revenue when they don't pick you because you don't have the route. -- TTFN, patrick On Thursday, August 14, 2014, Brett Frankenberger rbf+na...@panix.com wrote: On Wed, Aug 13, 2014 at 07:53:45PM -0400, Patrick W. Gilmore wrote: you mean your vendor won't give you the knobs to do it smartly ([j]tac tickets open for five years)? wonder why. Might be useful if you mentioned what you considered a smart way to trim the fib. But then you couldn't bitch and moan about people not understanding you, which is the real reason you post to NANOG. Optimization #1 -- elimination of more specifics where there's a less specific that has the same next hop (obviously only in cases where the less specific is the one that would be used if the more specific were left out). Example: if 10.10.4.0/22 has the same next hop as 10.10.7.0/24, the latter can be left out of TCAM (assuming there's not a 10.10.6.0/23 with a different next hop). Optimization #2 -- concatenation of adjacent routes when they have the same next hop Example: If 10.10.12.0/15 and 10.10.14.0/15 have the same next hop, leave them both out of TCAM and install 10.10.14.0/14 Optimization #3 -- elimination of routes that have more specifics for their entire range. Example: Don't program 10.10.4.0/22 in TCAM is 10.10.4.0/23, 10.10.6.0/24 an 10.10.7.0/24 all exist Some additional points: -- This isn't that hard to implement. Once you have a FIB and primitives for manipulating it, it's not especially difficult to extend them to also maintain a minimal-size-FIB. -- The key is that aggregation need not be limited to identical routes. Any two routes *that have the same next hop from the perspective of the router doing the aggregating* can be aggregated in TCAM. DFZ routers have half a million routes, but comparatively few direct adjacencies. So lots of opportunity to aggregate. -- What I've described above gives forwarding behavior *identical* to unaggregated forwarding behavior, but with fewer TCAM entries. Obviously, you can get further reductions if you're willing to accept different behavior (for example, igoring more specifics when there's a less specific, even if the less specific has a different next hop). (This might or might not be what Randy was talking about. Maybe he's looking for knobs to allow some routes to be excluded from TCAM at the expense of changing forwarding behavior. But even without any such things, there's still opportunity to meaningfully reduce usage just by handling the cases where forwarding behavior will not change.) -- Brett -- --srs (iPad)
Re: BGP Session
whats not to love… its DKIM’d everything /bill Neca eos omnes. Deus suos agnoscet. On 16July2014Wednesday, at 1:12, Stephane Bortzmeyer bortzme...@nic.fr wrote: I love the From: field :-)
Re: Verizon Public Policy on Netflix
On 14July2014Monday, at 9:52, Barry Shein b...@world.std.com wrote: On July 14, 2014 at 08:17 d...@dcrocker.net (Dave Crocker) wrote: On 7/12/2014 3:19 PM, Barry Shein wrote: On July 12, 2014 at 12:08 ra...@psg.com (Randy Bush) wrote: or are you equating shell access with isp? that would be novel. unix shell != internet. You mean when you sat at a unix shell using a dumb terminal on a machine attached to the internet in, say, 1986 you didn't think you were on the internet? An question with more nuance than most folk tend to realize: To Be On the Internet March, 1995 http://tools.ietf.org/html/rfc1775 How about Vicarious Access: No physical connection but people keep coming into your office to tell about some dopey thing they just read or saw on the internet. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo* Therein lies the fallacy of the “air-gap” … sometimes 3meters is not wide enough. /bill
Re: short, two part question ICANN Vs. The World
On 23June2014Monday, at 22:55, Keith Medcalf kmedc...@dessus.com wrote: The question at hand is.. Do countries/businesses have to affiliate or utilize any of those services provided by ICANN other than the assignment of an IP address? No. except for RFC 1918 and ULA space, which require no coordination whatsoever And can you get away with LAN/CAN/MAN stand-alone systems [instead of utilizing DNS-via-ICANN]?? Yes. Example: Is it legal to cut off those DNS systems and loop in backwards? (instead of bidirectional). ** I don't want my city/schools/other systems hooked into the World Wide Web. // someone let me know when you get a chance. Yes. Sounds like you want private (discontiguous) network space. There is no need to be a part of the internet if you don't want to be, but that desire does not prevent you in any way from utilizing internet technology discontiguously (ie, separate and apart from the Internet). what does “loop in backwards” mean? it is possible (and there are production systems) to “tap” the Internet and load/fill/examine DNS caches of Internet DNS traffic. NSA and its industrial partners (like Farsight Security) do this for a living. there are many corporations that have built/use enclaved or walled garden networks for internal use that have no visibility to the Internet or its applications (like WWW). Its not that hard to do… folks have been doing it for decades. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102
Re: Credit to Digital Ocean for ipv6 offering
announce them so folks can use the space as darknets… /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 17June2014Tuesday, at 15:39, John Levine jo...@iecc.com wrote: In article CABL6YZT7sSFxdBL1_UDVc2_t3X1drW0_AToHE51o2Pd=obd...@mail.gmail.com you write: +1+1+1 re living room My cable company assigns my home network a /50. I can figure out what to do with two of the /64s (wired and wireless networks), but I'm currently stumped on the other 16,382 of them. R's, John On Jun 17, 2014 12:32 PM, rw...@ropeguru.com rw...@ropeguru.com wrote: On Tue, 17 Jun 2014 13:25:37 -0400 valdis.kletni...@vt.edu wrote: On Tue, 17 Jun 2014 13:14:04 -0400, rw...@ropeguru.com said: No, 8 individual IPv6 addresses. Wow. Harsh. I burn more than that just in my living room. I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
Re: NTIA cedes root zone control
er… this is no longer news… back in -MAY-… it was: http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions /bill Neca eos omnes. Deus suos agnoscet. On 6June2014Friday, at 14:31, Jay Ashworth j...@baylink.com wrote: In one of the worst written stories I've ever seen in Ars, it's announced that -- in one of the best take-out-the-trash moments in Internet history (make the announcement not only on a Friday, but *during a NANOG*) -- NTIA is ceding control of the root DNS zone. The article very carefully does not say *to whom*; though it implies that it's ICANN. If that's the case, then I'm not sure there's actually, y'know, *news* here. But... http://arstechnica.com/tech-policy/2014/03/in-sudden-announcement-us-to-give-up-control-of-dns-root-zone/ Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Does anyone know Jared's birthday?
did you ask Jared? /bill Neca eos omnes. Deus suos agnoscet. On 4June2014Wednesday, at 12:15, Warren Kumari war...@kumari.net wrote: Yup, I did think it was worth asking the entire list. W
Re: Does anyone know Jared's birthday?
well then. you could just use that date then and it should be alright… /bill Neca eos omnes. Deus suos agnoscet. On 4June2014Wednesday, at 12:24, Warren Kumari war...@kumari.net wrote: On Wednesday, June 4, 2014, manning bill bmann...@isi.edu wrote: did you ask Jared? Yup. And he updated it on Facebook to throw us off the scent... W /bill Neca eos omnes. Deus suos agnoscet. On 4June2014Wednesday, at 12:15, Warren Kumari war...@kumari.net wrote: Yup, I did think it was worth asking the entire list. W
indulgence satiated
Thanks All for taking the time to prod 2001:500:84::b Looks like it is reachable from many places… enough that we will proceed to augment the “B” root server with perhaps the last in a long line of IPv6 addresses that it has had over the last 15 years. Splay will increase over time. /bill /bill Neca eos omnes. Deus suos agnoscet.
crave your indulgence
If you wouldn’t mind a quick tracerooute - Can you confirm reachability to the following: 2001:500:84::b Thanks in advance. /bill Neca eos omnes. Deus suos agnoscet.
Re: [dns-wg] Global Vs local node data in www.root-servers.org
alas, our service predates Joe’s marvelous text. “B” provides its services locally to its upstream ISPs. We don’t play routing tricks, impose routing policy, or attempt to influence prefix announcement. /bill Neca eos omnes. Deus suos agnoscet. On 17March2014Monday, at 7:17, Joe Abley jab...@hopcount.ca wrote: On 17 Mar 2014, at 7:39, John Bond john.b...@icann.org wrote: Global and Local nodes are very loosely defined terms. However general consensus of a local node is one that has a desired routing policy which does not allow the service supernets to propagate globally. As we impose no policy we mark all nodes as global. I think the taxonomy is probably my fault. At least, I thought I invented it when I wrote http://ftp.isc.org/isc/pubs/tn/isc-tn-2003-1.txt the pertinent text of which is this: Two classes of node are described in this document: Global Nodes advertise their service supernets such that they are propagated globally through the routing system (i.e. they advertise them for transit), and hence potentially provide service for the entire Internet. Local Nodes advertise their service supernets such that the radius of propagation in the routing system is limited, and hence provide service for a contained local catchment area. Global Nodes provide a baseline degree of proximity to the entire Internet. Multiple global nodes are deployed to ensure that the general availability of the service does not rely on the availability or reachability of a single global node. Local Nodes provide contained regions of optimisation. Clients within the catchment area of a local node may have their queries serviced by a Local Node, rather than one of the Global Nodes. The operational considerations that you mention would have been great for me to think about when I wrote that text (i.e. it's the intention of the originator of the route that's important, not the practical limit to propagation of the route due to the policies of other networks). We did a slightly better job in RFC 4768 (e.g. in such a way, potentially): Local-Scope Anycast: reachability information for the anycast Service Address is propagated through a routing system in such a way that a particular anycast node is only visible to a subset of the whole routing system. Local Node: an Anycast Node providing service using a Local-Scope Anycast Address. Global-Scope Anycast: reachability information for the anycast Service Address is propagated through a routing system in such a way that a particular anycast node is potentially visible to the whole routing system. Global Node: an Anycast Node providing service using a Global-Scope Anycast Address. Joe