Re: [swinog] DNS maintenance ns1.tiscali.ch / ns2.tiscali.ch
On Wed, 2004-12-15 at 14:01 +0100, Matthias Hertzog wrote: Hello! Can please someone responsible for the above DNS servers contact me off-list? Unfortunatly, the e-mail addresses in the TEC-C records of the switch database do no longer exist and the phone is answered by an answering machine. Did you try: $ dig +short tiscali.ch soa ns1.tiscali.ch. hostmaster.ch.tiscali.com. 2004121302 10800 3600 604800 86400 That one too ? Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [swinog] Experiences with Foundry Bigiron-gear
On Thu, 2004-12-02 at 10:45 +0100, Simon Leinen wrote: Gunther Stammwitz asks a very reasonable question: At the moment we're using Cisco 12000 gear in our network and now I'd like to buy another But here he makes a big mistake: router What about replacing this with the word box? :-) As in big box with nothing in it kind of box? :) SNIP My second take is: Buy a NetIron rather than a BigIron - probably the same hardware but it's marketed as a router. Just keep telling everybody that you have a GSR, so that your colleagues still take you seriously. If you are desperatly still wanting anything from Foundry then indeed go for a NetIron, this is what AMS-IX uses. But do note, they don't do routing. Also review the tech-l list of the last year to see that these boxes have stabilized a bit, with a lot of effort from Foundry, over the last year. Before that they where not much good ... If you want Routing get a Juniper. Oh and also keep in mind that one day you might want to do IPv6 ;) And guess what Foundry doesn't and Cisco does kind-of and Juniper does quite well... Greets, Jeroen signature.asc Description: This is a digitally signed message part
RE: [swinog] Experiences with Foundry Bigiron-gear
On Thu, 2004-12-02 at 11:09 +0100, Kuster, Christian wrote: If you want Routing get a Juniper. But only if you don't need else anything besides that... MPLS is a big hassle athough it works somehow, QoS is quite unusable on Junipers... So yes, just plain routing with no features, then Juniper is ok... Oh and also keep in mind that one day you might want to do IPv6 ;) And guess what Foundry doesn't and Cisco does kind-of and Juniper does quite well... ??? Cisco kind-of Works very very well... Tell that to the folks at SURFnet ;) Also, not related to the many issues they have see CSCeg41277 Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [swinog] Experiences with Foundry Bigiron-gear
On Thu, 2004-12-02 at 13:11 +0100, Simon Leinen wrote: Jeroen Massar adds to the unfounded router/switch FUD: If you are desperatly still wanting anything from Foundry then indeed go for a NetIron, this is what AMS-IX uses. But do note, they don't do routing. What do you mean they don't do routing? I already conceded that Real Men don't call them a router. If you get over this, it's quite hard to say they don't route. OK, hopefully the AMS-IX one doesn't route, because the AMS-IX should be a layer-2 affair. I should have written: That AMS-IX an IX and that they use it solely for l2 ;) Thus indeed. Our old NI400s did OSPF, BGP-4, PIM-SM quite nicely. Took them a while to implement MP-BGP (for IPv4 Multicast) but eventually they added that too. The indeed respond quite well to feature requests and bugfixes as can be seen on AMS-IX, which is, imho, quite stable since a couple of months. Also review the tech-l list of the last year to see that these boxes have stabilized a bit, with a lot of effort from Foundry, over the last year. Before that they where not much good ... If you want Routing get a Juniper. Oh and also keep in mind that one day you might want to do IPv6 ;) And guess what Foundry doesn't and Cisco does kind-of and Juniper does quite well... Have you checked out http://www.foundrynet.com/products/routers/netiron/ni40g.html?referrer=stupid-simon-still-arguing-with-real-men grin I think: http://www.foundrynet.com/products/routers/netiron/ni40g.html? referrer=simon-says-stop-arguing-with-stupid-men is the better url ;) ? It talks very clearly about hardware forwarding for IPv6 packets. It even states how many entries the forwarding tables on the line cards can take (512k IPv4 or 128k IPv6 - the or hints at the fact that they have TCAM-based forwarding, so hopefully they can also support combinations in-between, like 384k IPv6+32k IPv6 prefixes). Ah, neat, /me learned something. Haven't seen a Foundry doing IPv6 yet though and I guess that is because the Big Iron's don't support it. And as with Big Iron's, first I would like to see some nice performance tests on these boxes in a good lab setup before I would come close to them. The advert above does look nice indeed. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [swinog] Solving the Zombie Problem, was [NANOG] Re: is reverse dns required? (policy question)
On Thu, 2004-12-02 at 19:31 +0100, Andre Oppermann wrote: Have a look at what I wrote on NANOG. It applies perfectly well to Switzerland too. If all ISP's in Switzerland (or at least the large ones) would put MTAMARK (default) records into their reverse zones we would have solved the entire SMTP zombie problem. What do you think? I quite like it, I might say. They could even double it up; check the IP for this DNS mark record but also have a: _send._smtp._srv.smtp-out.example.org. IN TXT 1 _send._smtp._srv.*.example.org. IN TXT 0 Then _send._smtp.ip.in-addr.arpa/ip6.arpa must be 1 _and_ the EHLO name must be 1 too, otherwise this hostname should not be used for sending mail either There is one minor problem though for folks who get a DSL line etc, but no control over the reverse though... as they are then locked-in by the ISP that controls their reverse. Then again, submission helps out here. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [swinog] expected mailing list interruption
On Mon, 2004-11-29 at 09:48 +0100, Fredy Kuenzler wrote: Dear all, please note that we expect an outage of the mailing list, as the hard disk of the list server is about to die. We need to replace it asap. ... hda: read_intr: status=0x59 { DriveReady SeekComplete DataRequest Error } hda: read_intr: error=0x40 { UncorrectableError }, LBAsect=18477623, sector=1836 5160 end_request: I/O error, dev 03:02 (hda), sector 18365160 hda: read_intr: status=0x59 { DriveReady SeekComplete DataRequest Error } hda: read_intr: error=0x40 { UncorrectableError }, LBAsect=18477624, sector=1836 5168 ... Don't forget to check the PSU and the cabling. I have had a couple of times that especially the PSU was the problem and not the disk itself... (Which reminds me that I have to get a new PSU for one of my older boxes...) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [swinog] Bluewin SMTP proxy?
On Wed, 2004-11-10 at 10:22 +0100, Beat Rubischon wrote: Hello! Am 10.11.04 schrieb Jeroen Massar: SNIP Both, ?all and ~all means the same as no SPF-Record. Is it worth to enter such a bullshit into a DNS? Is it a good advertising for SPF to show such records? I think not. So much for that advertisement from AOL/hotmail etc ;) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [swinog] Bluewin SMTP proxy?
On Tue, 2004-11-09 at 16:15 +0100, Philipp Morger wrote: On Tue, Nov 09, 2004 at 13:19:48 +0100, Jeroen Massar wrote: been logged from the same host and signed by the same PGP key. If somebody sends a silly message sounding to be from me (yes, this sadly has happened by some sick persons) I can quite easily claim it was not well, you sound like a candidate for propagating SPF in your DNS :) Which I have intended to do for a number of times but still have not done for the simple fact that SPF does not support IPv6. At least I have contacted the mailinglist a couple of times already and tried to give them my input (ip6:[2001:db8::/32]) but: http://spf.pobox.com/mechanisms.html#ip6 8--- ip6 Could someone with IPv6 experience please provide some input? ---8 Says 'nuff... fortunately SA and especially Clam weed out most of the crap that would want to enter my mailbox, as for the sending part, as long as the receivers don't implement it, it still doesn't make sense. For that matter PGP signing emails is *way* better than SPF. One can, with SPF, still spoof anybody else in the same domain, not that I trust the few other folks that do have an account in that domain but still ;) Also it is so handy when mailing [EMAIL PROTECTED], don't have to tag that sign button, just mail and fire away, where ever one is. I guess that having a requirement of signed emails on mailinglists, thus that every mail intended to be distributed onto the mailinglist is pgp- signed by some address that is also subscribed to the list, could quite well be a way out against virusses that harvest addresses and simply use pairs of these addresses to correctly bypass subscription filters, eg: http://www1.ietf.org/mail-archive/web/magma/current/msg00653.html I guess most people who know the name Margaret knows that she doesn't have the virus, nor anything wanting to spam... Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [swinog] Scenic route of the day ...
On Thu, 2004-10-07 at 11:37, Fredy Kuenzler wrote: http://www.ip-plus.net/tools/traceroute_internal_set.en.html to www.init7.net (hello AS3303? Maybe we should peer?): Tsk, doesn't even pass any cool mountains ;) Greets, Jeroen signature.asc Description: This is a digitally signed message part