Re: [uknof] BT DNS block/redirect help
On 11 July 2017 at 14:30, Oliver Stirling wrote: > Hi, > > I wonder if there is someone that can help, for our BT customers (and > possibly TalkTalk) any DNS lookup for hosting.cloudnext.net is returning a > different IP (92.242.132.15) instead of the correct IP (79.170.44.8) I have had a poke of the hosting.cloudnext.net domain from a few different locations, and it seems that the nameservers reply quickly most of the time, but very occasionally just don't respond at all before the timeout hits. I also note that the domain is non-delegating and isn't split into its own zone. There are no SOA records. If your nameservers are heavily loaded and therefore not responding in every instance, you might want to start breaking out into separate zones, especially if you have a lot of subdomains that share the same parent nameservers. Creating separate zones reduces the load on your parent nameservers. You also only have two nameservers even though RFC2182 recommends a minimum of three (with RFC1912 recommending a maximum of 7). To create separate zones you must assign this subdomain it's own nameservers responsible for this domain and remove these records from your parent zone. An SOA record must also be published that refers queries to the newly created primary nameserver. Worth a shot? Alex
Re: [uknof] BT Outage?
On 20 July 2016 at 13:42, Adrian Farrel wrote: > > Any news on today's BT outage? > > My ISP is heartily blaming this for all sorts of ills. Telecity Harbour Exchange 8/9 has been having some power issues - a UPS decided to fall over, kit all over the shop has had a power cut with some power subsequently being restored and kit rebooted. It would appear that BT's kit there has been affected most significantly. If I had to guess, it might have something to do with the ongoing upgrade work there to increase power capacity, but then again it could just be too hot. In theory, Telehouse has the power back up again now, so these are supposedly all residual problems caused by the initial power loss. Even if you are a network operator who is lucky enough to have a backup PoP you can route everything through, you have still got the old problems of actually rerouting things and getting everyone else to converge on the new route. Alex
Re: [uknof] reliably detecting a bridge over ethernet?
On 15 December 2015 at 13:27, Nick Hilliard wrote: > On 15/12/2015 13:21, Alex Brooks wrote: >> I know that Bradford Networks will sell you a system that does this >> automatically with HP and Cisco gear. I don't know how it actually >> 'works' under the hood in detail, but know that it involves an LDAP >> directory and an SNMP trap. > > that probably works by either 802.1x or else locking down the mac address > and issuing traps when different mac addresses are seen on the port. This > is a different problem set to detecting whether a point-to-point link has > intermediate bridges. > Doh! You're right. The question wasn't about detecting unknown bridges hanging off the edge of your own network was it? Should have read the email more carefully. Sorry!
Re: [uknof] reliably detecting a bridge over ethernet?
Hi, On 15 December 2015 at 09:49, Dave Taht wrote: > I am curious if there is some sort of igmp or other form of message > that would reliably detect if a switch had a bridge on it. How could > deviceA and B detect deviceC was a bridge in this case? > > deviceA -> ethernet switch -> deviceB > ethernet switch -> deviceC -> with bridged wifi and > ethernet > > question came up in the context of: > > http://lists.alioth.debian.org/pipermail/babel-users/2015-December/002231.html > > __ The best people to ask about this would be staff in universities. Most unis I know of have systems in place to detect when students are trying to connect multiple devices in an unauthorised manner using network bridging and either shut off the switch port or move the port to an isolated VLAN when this is detected. Do you know anyone in a university networking team you could ask? I know that Bradford Networks will sell you a system that does this automatically with HP and Cisco gear. I don't know how it actually 'works' under the hood in detail, but know that it involves an LDAP directory and an SNMP trap. Alex
Re: [uknof] More Telecity woes?
On Thu, Nov 26, 2015 at 3:34 PM, Gavin Henry wrote: > Hi all, > > What's the latest? > To be honest the best public information seems to be coming out of The Register: http://www.theregister.co.uk/2015/11/25/telecity_fix_fails_again/ http://www.theregister.co.uk/2015/11/25/telecity_sovereign_house_thursday_third_fix_shot/ http://search.theregister.co.uk/?q=telecity&advanced=1&psite=0&author=&date=m&site=0&results_per_page=100 Most information that Telecity is directly releasing to affected customers is covered by various confidentiality warnings. In summary though: "not properly fixed yet, still a bit bodged". If anyone has specific information that they can release publicly though I stand to be corrected. Alex
Re: [uknof] Virgin media
On Wed, Nov 4, 2015 at 9:03 PM, Panny Malialis wrote: > Hi, > > Is anyone with a clue from Virgin media (broadband) on this list by any > chance please? > > I'm at my wits end with their tech support and losing the will to live. This > is my last ditch attempt to resolve it before an ofcom complaint goes in. Hi, Ofcom do not investigate individual complaints; that's the job of the ADR scheme (Ombudsman Services or CISAS). Virgin are in CISAS. The process is documented at http://consumers.ofcom.org.uk/phone/problems-and-complaints/resolving-problems-with-your-landline-or-home-internet/. However, as Virgin Media are members of the ISPA, you can also complain to them. Their procedure is at http://www.ispa.org.uk/consumers/complaints-procedure/. The main advantage of the ISPA scheme is that you only have to wait 10 days after making a complaint before you can contact ISPA, whereas you have to give the CP eight weeks if you use the ADR scheme. The ISPA scheme will also escalate to the ADR if necessary anyway. I can see that Hotlinks is also a member of the ISPA and CISAS. Is this not a consumer or small business complaint? If this is not a consumer or small business issue, you can use your ISPA membership to engage their discounted dispute resolution scheme. Good luck, Alex
Re: [uknof] getting BT to update a postcode DB
Hi, On Mon, Oct 5, 2015 at 9:43 PM, Tom Bird wrote: > Evening, > > To set the scene, my parents live in a village. It's sort of an L shape, > and has just gained a shiny new BT FTTC box, somewhere around the corner of > the L. > > Houses down one leg of the L seem able to order this service, but from > playing with the BT service checker widget, nobody on the other half of the > L can, the checker just comes up with the old services, even when the house > is right next to the box. > > Since they're stuck with 2 meg on a good day right now, it'd be nice to get > them on at least a 40/10 service. Does anyone know how many chickens I need > to sacrifice to make this happen? We could go as far as a goat if needed. > You may be able to fudge a bit more information out of Openreach by ringing 0800 023 2023 and selecting Option 5, say you are going to have your driveway redone and moved (including moving the dropped kerb outside) and you want the cable maps for the property and surrounding area. They should email them to you. You can normally use these to tell which cabinet you are connected to. The other thing you can do is submit a written complaint about incorrect information being stored, and when that is rejected, chuck it up to the Ombudsman. It'll probably still get rejected but there is a chance someone might actually look at the problem, and if not at least BT will have to pay the fee for the Ombudsman's time. I am assuming you have already checked on http://www.superfast-openreach.co.uk/where-and-when/ and that you don't have the dreaded "Under Review" coming up for the relevant address? If you are under review, you are SOL. Regardless, complete the expression of interest form at http://www.superfast-openreach.co.uk/expression-gen.aspx Good luck, Alex
Re: [uknof] Penetration Testing
Hello, On Mon, Sep 28, 2015 at 8:43 PM, Rich Lewis wrote: > I wondered if anyone on the list could recommend an organisation to do > some penetration testing for us. We've used Pen Test Partners in the > past, and they seemed pretty good to me, but for reasons unknown the > auditors want us to use someone else this time round. Sometimes, when an ISP reaches a certain public sector customer base (or becomes so big it forms part of the CNI), the ISP may end up needing to use an HMG accredited pen tester. However, others can engage these companies services. These accredited providers, as well as being approved to pen test systems handling OFFICIAL and (under supervision) SECRET information, also get access to specialist briefings covering things like GovCERT alerts, respected vulnerabilities sources and other support material. Even if you only have private sector customers, it is quite easy to end up transmitting or processing sensitive public sector data; for example if you provide an encrypted link between two sites for a company managing payroll for a public sector body. A similar scheme accrediting pen tests for the private sector, CREST, exists and some pen testers are on both lists, including some mentioned in this thread. Although you don't need this level of paper assurance, if you have a choice of providers and are having difficulty picking, you may wish to consider using the one on the CHECK list at https://www.cesg.gov.uk/finda/Pages/CHECKResults.aspx?post=1&sort=name and the CREST list at http://www.crest-approved.org/crest-member-companies/members-supplying-penetration-testing-services/index.html rather than the one that isn't listed on either. It should certainly help keep the auditors happy. HTH, Alex
Re: [uknof] Ofcom proposals to force BT OpenReach forced to allow access to dark fibre?
On Tue, May 19, 2015 at 11:04 AM, Charlie Boisseau wrote: >> good news, possibly. > > Possibly. If they get the regulated regions right. There’s a risk Ofcom > stifle future investment in other/new networks by doing this. If we don’t > want to always just be stuck with BT, other operators need to have an > incentive to build - this could destroy their business case. > Unfortunately, there is still the problem in towns (and cities) that are not London, Manchester or Birmingham that it is almost impossible to actually get fibre laid at any sort of a sensible cost by anyone other than BT – the market hasn’t taken care of this by itself and people have waited long enough! If you are in the North West I suppose you have the remnants of the North West Water Board / NORWEB’s attempt to launch a telco, since taken over by Vodafone, but that’s about it. Alex
Re: [uknof] gov't forcing ISPs to block sites?
Hi, You can see an idea of what has been blocked in the UK at http://www.ukispcourtorders.co.uk/. This is the website that the largest ISP in the UK (BT) redirects the 'blocked' sites to if you try and access them. It isn't some sort of hidden blocklist; it is public who has obtained injunctions and to which sites the injunctions relate. The side effect of this is that if anyone has someway of getting round the blocks they have a specially curated list of known good sites that they may not have heard of. The injunctions themselves have been granted primarily under the provisions in Section 97 of the Copyright, Designs and Patents Act 1988 (http://www.legislation.gov.uk/ukpga/1988/48/section/97A) Alex On Fri, Mar 27, 2015 at 8:34 PM, Scott Weeks wrote: > > > > Thanks everyone. > > scott >
Re: [uknof] The operator's operator
Hi there, On Mon, Mar 23, 2015 at 1:39 PM, Rich Lewis wrote: > I guess a brief list of requirements are: > > FTTC or equivalent speeds (I'm in a London suburb, so Virgin are in the > street and fibre is to the cabinent, but not, alas, to the premises) > Native IPv6 definitely a plus, if not now, then soonest > Not behind a CGN > Whilst I am not recommending their services (their quality varies a lot based on your location; they're good where I am but I know nothing of where you are) Virgin Media are planning to roll out IPv6 over DOCIS3 this year - the equipment in their headends and the CPE they give out already support IPv6, but it is disabled in the firmware at present except for testing lines. There is a UKNOF presentation they gave with the details, but I can't find the link at present. They do traffic management on residential packages though (http://my.virginmedia.com/traffic-management/traffic-management-policy-30Mb-or-higher.html). A number of people round my way use them for home working with success. Virgin are likely to be one of the cheaper options with their current offers if you are particularly price sensitive - IIRC their top end business version is around £60 a month and their residential versions much cheaper. Be aware that although a number of suppliers sublease TTB connectivity to you with IPv6, if you go to TTB directly you will not (currently) get an IPv6 address or transit on their base FTTC products, nor do they have any public plans to roll out IPv6 anytime soon. Alex
Re: [uknof] Plusnet outage - again
On Sat, Oct 11, 2014 at 5:01 PM, Martin Hepworth wrote: > anyone know whats going on with plusnet? > > No one answering the support lines and nothing online other than the usual > 'status monitor' of twitter folks across the uk commenting they are diwn too Hi there, Plusnet are posting some details on their forum and they have details on their service status page at http://usertools.plus.net/status/archive/. Basically it's back now if you reboot your router. Details of what happened will apparently be released this evening. > Had a similar outage a couple of weeks ago Details of what happened with that one were also posted to their community (though I don't have the link right now); it was some sort of BNG/BRAS failure across their estate IIRC. Alex
Re: [uknof] DDoS mitigation appliances
Hi, On Mon, Apr 29, 2013 at 1:30 PM, Stephen Wilcox wrote: > The CDN/"DDoS cleaners" simply do it by having vast amounts of capacity > globally generally distributed into autonomous nodes. Akamai for example has > many terabits of capacity on the Internet plus hundreds of nodes installed > directly into access networks. On top of this they deploy sophisticated DNS > load balancing to shift traffic around as demand / attacks dictate. > > It sounds fancy but in reality if you have a few terabits of traffic the > mitigate options become numerous.. its just an economy of scale, but one > that exists for a limited number of content providers.. > Bingo. An interesting read about 'how' they work is http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet and https://www.cloudflare.com/ddos (though it is a little self congraduatory). Alex
Re: [uknof] IPv6 tunnel brokers that provide BGP other than HE?
Hi, On Fri, Feb 22, 2013 at 4:43 PM, Mike Simkins wrote: > > Try SiXXS (www.sixxs.net) > Unfortunately, as good as SiXXS can be for basic free IPv6 tunnels, they do not do BGP; they explain their reasons at http://www.sixxs.net/faq/connectivity/?faq=bgppeering. However, they do have a rather good list of people who will do what you are after at http://www.sixxs.net/faq/connectivity/?faq=ipv6transit. I hope that helps, Alex
Re: [uknof] HTTP Speed Test Software
On Mon, Dec 5, 2011 at 11:04 AM, Ben Ward wrote: > > Hi NOFfers, > > Despite distrusting HTTP Speed Tests I'm investigating speed test > software/hardware which I can deploy inside a private network infrastructure > to prove problems off our network when only HTTP is available to diagnose > "slow internet". There are several customer proxy servers which we suspect > introduce problems, so we're trying to take them out of the picture. > > Does anyone have any recommendations here? We are looking for something > convincing enough for end-users, but transparent enough for us to make sense > of the results. Also, we'd like to log the results so we can monitor > performance. > A nice one for diagnostics, but unfortunately less end user friendly than just a number, is Netalyzr. It's a Java applet at http://netalyzr.icsi.berkeley.edu/ or a jar file that you can download and run at http://netalyzr.icsi.berkeley.edu/cli.html. A good thing about it is that it generates a weblink to view the report, which a customer can send to you. Go to the site and click the start button, you might be impressed with what you see. Alex