Re: 240/4

On 18.10 10:48, Adrian Chadd wrote: > > > Asking the whole internet to support 240/4 is going to tie up > > valuable resources that would be far better off working on IPv6. Keep > > in mind that it's not just software patches. Software vendors don't do > > stuff for free. I doubt ISPs are

Re: Spain was offline

On 01.09 13:47, Martin Hannigan wrote: > > I can't get a TLD zone? But back to the root servers. Are you > agreering with me that if I announce F and I root's netblocks > inside of my own network that everyone would be ok with that? > > C'mon Joe, straight answer on that one. :) Straight answer

Re: IAB and "private" numbering

On 15.11 07:38, Mark Smith wrote: > > RFC1627, "Network 10 Considered Harmful (Some Practices Shouldn't be > Codified)" and RFC3879, "Deprecating Site Local Addresses" provide some > good examples of where duplicate or overlapping address spaces cause > problems, which is what happens when differ

Re: the future of the net

On 16.11 21:33, Bubba Parker wrote: > > Seems to be back up now. At this time I got "Linux Journal Is Currently Unavailable Due to a Denial of Service (DoS) Attack Sorry for any inconvenience." Interesting. At first sight I though that was why Randy posted the URL under "future of the net" ;-

Re: oh k can you see

We have considered the options carefully and decided to announce a covering /23 to get around the problem spotted by Randy and the folks in Oregon. We considered the /24+/25 soloution but decided against that because it makes little sense when we are considering to eventually remove as much of th

Re: oh k can you see

On 01.11 05:41, Randy Bush wrote: > mornin' daniel: ev'nin randy: Of course the NCC takes resposibility for the K anycast deployment including the way we announce BGP routes to K. We also clearly describe and announce what we do. We cannot take responsibility for what others do with that routin

Re: oh k can you see

Randy's description of the issue with NO_EXPORT is correct. It has never appeared to be particularly widespread. It is not specific to anycast. You also describe the rationale correctly by saying "it would be good if a server in Kenya did not take load from nyc". I'll expand a little more on th

Re: Level 3's side of the story

On 16.10 16:04, Simon Leinen wrote: > > Kevin Loch writes: > > Does anyone have reachability data for c-root during this episode? > > The RIPE NCC "DNSMON" service has some: > > http://dnsmon.ripe.net/dns-servmon/server/plot?server=c.root-servers.net&type=drops&tstart=1128246543&tstop=112897225

Re: as numbers

On 31.07 17:20, [EMAIL PROTECTED] wrote: > > we did that (move a root) in the CIDR /8 experiment. > we could do it for this too :) one root name server: yes the root name servers: no, definitely not Daniel PS: Ony as soon as implementations are available of course ! ;-(

Re: as numbers

On 29.07 09:59, Henk Uijterwaal wrote: > > I'd think that 30 days is too low. What we see (*) is that after 30 days, > only half of the assigned ASN have appeared on the Internet. Some 75% > of the assigned ASN appear on the net in the first 6 months after > assignment, 80-85% after a year. An

Re: GSM gateways in the US?!?

On 25.07 07:59, Simon Lockhart wrote: > > > There are two methods that are obvious to terminate calls into mobile > > (GSM) networks in North America: > > Just to give you a .uk experience, I don't know the technical details of how > this is implemented These are pretty common plans over

Re: soBGP deployment

On 23.05 22:13, Tony Li wrote: > ... We, > as responsible operators/architects/vendors/coders need to pick a > solution and field it. It may well be an interim solution, but we MUST > act, and soon. We are already seeing the stress patterns, without > reinforcement it is only a matter of time be

Re: [dnsop] Re: Root Anycast

On 05.05 16:56, Daniel Karrenberg wrote: > > Sneak preview: > > http://rosie.ripe.net/ripe/meetings/ripe-50/presentations/uploads/Tuesday/karrenberg-bgp_anycast_stability.pdf Sorry, correct URL is: http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-anycast.pdf

Re: [dnsop] Re: Root Anycast

On 03.05 16:06, Rodney Joffe wrote: > > ... > > See y'all in Seattle. Daniel Karrenberg and others will be providing loads > of fuel to spark debate amongst non-kooks about the efficacy of anycast DNS > ;-) Sneak preview: http://rosie.ripe.net/ripe/meetings/ripe-5

Re: fwd: Re: [registrars] Re: panix.com hijacked

On 16.01 10:25, Lou Katz wrote: > > > Is there anything that us folks out in the peanut gallery can > do to help, other than locally serving the panix.net zone > for panix.com? Avoid being caught by an IPR lawyer while helping; ;-) Then organise operators to insert operational clue into the va

Re: fwd: Re: [registrars] Re: panix.com hijacked

On 16.01 12:46, William Allen Simpson wrote: > > >--- Forwarded Message > > > >From: "Ross Wm. Rader" <[EMAIL PROTECTED]> > > > > > >I don't see what you are looking at - .net and .com point to the same > >place with no indication of anything awry...of course, I'm late to the > >game and t

Re: panix.com hijacked (VeriSign refuses to help)

On 16.01 16:34, Hank Nussbacher wrote: > > On Sun, 16 Jan 2005, Eric Brunner-Williams in Portland Maine wrote: > > One could almost think this hijack was timed to the release of the ICANN > "Requests Public Comments on Experiences with Inter-Registrar Transfer > Policy" from Jan 12: > http://www

Re: panix.com hijacked (VeriSign refuses to help)

On 16.01 16:34, Hank Nussbacher wrote: > > On Sun, 16 Jan 2005, Eric Brunner-Williams in Portland Maine wrote: > > One could almost think this hijack was timed to the release of the ICANN > "Requests Public Comments on Experiences with Inter-Registrar Transfer > Policy" from Jan 12: > http://www

Re: verizon.net and other email grief

On 14.12 09:39, Todd Vierling wrote: > > That's definitely true, though it can be used successfully -- if there's a > very reliable kill-switch to withdraw the advertisement in a moment, or some > kind of fallback mechanism in place to handle gross failures. Using this as the *only* remedy for u

Re: anycast stability experiment

The RIPE NCC dnsmon (http://dnsmon.ripe.net) has collected such data for all root servers from dozens of places for about two years already. You are welcome to the raw data. NB: The further back in time the more work it will be for us to dig out raw data. Differences to your set-up: - most p

Re: European Nanog?

On 14.09 13:23, Roland Perry wrote: > > > ... > >more to the point, who decided meeting content? essentially daniel > >karrenberg does. > > I thought it was a committee of the Workgroup chairs (apart perhaps from > the first day). Roland, you are almost rig

Re: RIPE "Golden Networks" Document ID - 229/210/178

Some facts: "RIPE" is an operator forum, comparable to NANOG, APRICOT, AFNOG, (Strictly speaking RIPE pre-dates all of the others if one disregards that NANOG started as the NSFnet regional network meetings. ;-) "RIPE NCC" is a Regional Internet Registry, comparable to ARIN, APNIC, LACNIC,

Re: DNS Anycast as traffic optimizer?

On 01.09 15:18, Matt Larson wrote: > > I can give you one data point: VeriSign anycasts j.root-servers.net > from all the same locations (minus one) where the com/net > authoritative servers (i.e., *.gtld-servers.net) are located. An > informal examination of query rates among all the J root ins

Re: that MIT paper again (Re: VeriSign's rapid DNS updates in .com/.net ) (longish)

On 23.07 22:30, Simon Waters wrote: > > The abstract doesn't mention that the TTL on NS records is found to be > important for scalability of the DNS. Sic! And it is the *child* TTL that counts for most implementations.

Re: VeriSign's rapid DNS updates in .com/.net

On 22.07 14:46, Randy Bush wrote: > > ... the TTL issue is almost entirely NS RRs, ... > of course, almost all date in the gtlds are NS RRs, so the worry about > TTL crank-down holds, though just for silly gtld servers. then again, > they're paid to serve. This assumes rational behavior of a lo

Re: VeriSign's rapid DNS updates in .com/.net

On 22.07 21:05, an alter ego of Daniel Karrenberg wrote: > > I am worried about all the other root servers that have to deal with > much lesser query loads and might feel the impact of lowered TTLs > much more. Of course I meant "all the other DNS servers". Daniel

Re: VeriSign's rapid DNS updates in .com/.net

On 22.07 17:08, Paul Vixie wrote: > > therefore if there were a drop in TTL for root-zone data, it would > only be a multiplier against 2.1% of f-root's present volume. I am not worried so much about the root servers here because of the reasons you cite. The root server system is engineer

Re: VeriSign's rapid DNS updates in .com/.net

On 22.07 12:26, Stephen J. Wilcox wrote: > > I dont see any reference to adjusting the TTL in the verisign announcement. Correct. > They say they will update the zones every 5 minutes from the registry data. > > These are not the same things (or did I miss that bit?) Correct. > Also, isnt a

Re: VeriSign's rapid DNS updates in .com/.net

Matt, others, I am a quite concerned about these zone update speed improvements because they are likely to result in considerable pressure to reduce TTLs **throughout the DNS** for little to no good reason. It will not be long before the marketeers will discover that they do not deliver what the

Check Your Routing Table! 85-88/8 active

connectivity problem shortly. We also suggest that you check any packet filters you may be responsible for. Regards Daniel Karrenberg RIPE NCC -- Notes: This address space has been allocated by the IANA on April 4th 2003, almost a month ago. The fact has been widely announced then. Routing

EOF, Amsterdam, May - Call for Presentations

[apologies for duplicates, hint: they have the same message-id] Hi Network Operations Folk, NOW is the time to consider making a presentation at the European Operators Forum (EOF) to be held during the 48th RIPE meeting in Amsterdam on Monday 3rd and Tuesday 4th of May 2004. We would like to

Re: DNS requests for 1918 space

On 16.03 11:22, Geo. wrote: > > Can anyone point me at any papers that talk about security issues raised by > private networks passing dns requests for RFC 1918 private address space out > to their ISP's dns servers? RFC1918

Re: Counter DoS

On 10.03 20:55, Steven M. Bellovin wrote: > > The phrase "seriously bad idea" comes to mind. Other phrases include > "illegal", "collateral damage", and "stupid". Those plus "escalation of agression" and "uncontrollable feedback

Check Your Routing Table! Production Use of 84/8 Imminent.

any packet filters you may be responsible for. Regards Daniel Karrenberg RIPE NCC -- Notes: 84/8 has been allocated by the IANA on November 17th 2003, almost 4 months ago. The fact has been announced on this list a couple of times since. Routing decisions are fully within the

Re: New Draft Document: De-boganising New Address Blocks

On 24.02 16:32, [EMAIL PROTECTED] wrote: > > That is a misleading title. I thought it was to the point and rather cute ;-). > > The problem is that ISPs cannot react quickly enough > to open filters when new ranges are allocated. The proposed > solution is to provide advance notification. I sup

Proposal: De-boganising New Address Blocks

[Apologies for duplicate messages] This is of interet to all operators worldwide. Operators who do not participate in RIPE are invited to send comments and suggestions directly to the author. "De-Bogonising New Address Blocks"

Re: 168.0.0.0/6

On 24.02 23:20, Randy Bush wrote: > > BGP routing table entry for 168.0.0.0/6, version 7688303 > ... > 3277 13062 20485 20485 20485 8437 3303 > 194.85.4.249 from 194.85.4.249 (194.85.4.249) > Origin IGP, localpref 100, valid, external, best > > ripe is being overgenerous to the swiss

Re: updated root hints file

On 29.01 15:36, Jess Kitchen wrote: > > > http://www.root-servers.org/ seems to only have news on I's ASN change, no > > mention of B or J or the anycast F/K/I's ... methinks this info should have a > > home on this site.. If you folow the link from this site to http://k.root-servers.org/ you wi

Re: What's the best way to wiretap a network?

On 21.01 09:24, Kurt Erik Lindqvist wrote: > > From the initial discussions in Sweden around the new electronic > communications act, it seems as if the operators are obliged to provide > tapping free of charge. If this turns out to be the case, I guess it is > pretty much the same all over E

Re: New IPv4 Allocation to ARIN

On 16.01 13:13, [EMAIL PROTECTED] wrote: > ... > Alternatively, the RIRs might consider doing this sort of thing before > allocating IPs from new blocks. I know it's not their job to make sure > IPs are routable (especially not on every remote network), but as holders > of all the IPs, they are

Re: good cabling in real environments [Re: Request for submissions: messy cabling and other broken things]

On 17.12 19:07, Pekka Savola wrote: > > How do you do good cabling in dynamic, real environments? :-) My own 25 years of experience boil down to: Try to plan for expansion as well as possible when designing, then periodically start over and completely re-build the messy parts.

Re: Root Authority

On 16.12 07:14, Paul Vixie wrote: > we (i'm speaking for f-root here) have no "authority". nobody has to > listen to us, we are the most powerless bunch of folks you'll ever meet. > > now if you'd asked where we derive our *relevance*, i'd say the same as > mr. bush and mr. kletnieks -- from all

Re: Anit-Virus help for all of us??????

On 24.11 18:20, William Allen Simpson wrote: > > Brian Bruns wrote: > > > > One thing that many people don't realize (from my personal experience) is > > that contrary to popular belief, Win98SE is a good all around desktop OS to > > use. It can run most things like productivity apps and games,

Re: possible ORG problems, maybe?

On 17.10 09:47, Randy Bush wrote: > > but one has little assurance that the response is from the same > server as the one from which one had the dns response one is debugging. That is true. However this only matters if the operator of the server allows them to be inconsistent *and* routing so vo

A RR Wildcards and Stability

The comittee should realise that the question Verisign poses about observed adverse effects, while interesting, is not as pertinent as it seems at first sight. John Klensin put it very well yesterday in a rigorous way. I'll offer a less rigorous but more graphical analogy: A contractor drills l

Re: sitefinder technical discussions

On 06.10 23:51, Mark Kosters wrote: > > In the interest in gaining more community review and comment, a discussion > list has been setup to discuss factually-based technical issues > and solutions surrounding the operational impact of wildcards in > top-level domains on Internet applications. >

Re: VeriSign Capitulates

On 06.10 10:54, [EMAIL PROTECTED] wrote: > > > "There is no data to indicate the core operation of the domain name > > system or the stability of the Internet has been adversely affected," > > VeriSign's Galvin said. > > This means that there are no papers published or > conference present

Re: Is there anything that actually gets users to fix their computers?

On 03.10 10:59, Erik-Jan Bos wrote: > > Perhaps an "auto club" for PC-users: You call and within the next 24 or > 48 hours, depending on your subscription, an expert would dial in or > come by to get you on the virtual road again. If this was a viable business proposition, it would exist. My

Re: Is there anything that actually gets users to fix their computers?

On 03.10 10:36, Erik-Jan Bos wrote: > >Hey, it's working! If it ain't broken > > I doubt this. Recently, I worked with a couple of people that each had > their PCs infected. Their own virtual neighborhood complained to them, > and they surely were embaressed about the situation, but... T

Re: Is there anything that actually gets users to fix their computers?

On 03.10 04:12, Sean Donelan wrote: > > Short of turning off their network access, why won't users fix > their computers when the computer is infected or needs a patch? Hey, it's working! If it ain't broken Related question for network engineers: When did you have your last medical check

Re: what happened to ARIN tonight ?

On 29.09 10:27, James Cowie wrote: > > Single-homed /24 through UUNet's 7046 to 701. Withdrawals started at 01:21:38 GMT > (21:21:38 Eastern time), and ARIN flapped severely for about fifteen minutes. > > Then they spent another hour and ten minutes inconsistently reachable from half the > w

Re: Verisign Responds

On 23.09 08:43, [EMAIL PROTECTED] wrote: > > > > brilliant_draft = rfc-format(relevant(good(iab-statement)) + > > night_sleep(own-ideas)); > > suggest(dnsop-wg, brilliant_draft); > > wait(unspec); > > ... > > you missed a step... > > approve(iesg, wildcard-clarify); I *said* "wait(unspec);"

Re: Verisign Responds

On 23.09 14:34, Paul Vixie wrote: > > > > What else does the IETF need to do here? > > issue an rfc. iab is not a representative body, and their opinions > are not "refereed." brilliant_draft = rfc-format(relevant(good(iab-statement)) + night_sleep(own-ideas)); suggest(dnsop-wg, brilliant_draf

Re: Verisign Responds

On 23.09 06:07, Paul Vixie wrote: > We call on the IAB, the IETF, and the operational community to > examine the specifications for the domain name system and consider > whether additional specifications could improve the stability of > the overall system. Most urge

Re: Not the best solution, but it takes VeriSign out of the loop

On 17.09 04:27, Paul Vixie wrote: > speaking for f-root, we won't be cooperating with anything like that. speaking for k-root we will not either. > ... sounds like mob rule to me -- count me out. so, block me first, i guess? block us second. Daniel

Re: News of ISC Developing BIND Patch

On 17.09 00:50, Sean Donelan wrote: > > On Tue, 16 Sep 2003, John Brown wrote: > > not all the *root-servers* carry .arpa or in-addr.arpa > > > > J (one of verisigns) does not carry this zone, based > > on their own internal decision. > > Actually, I thought that was one of Jon Postel's dec

Re: Dynamic Internet Maps based on BGP table / AS_PATH

On 09.09 17:09, Mehmet Akcin wrote: > > hey > are you looking something like that? > http://www.netlantis.org/index.php?menu=2&page=gasp Actually much nicer is now http://www.netlantis.org/index.html?menu=2&page=sagm This is *really* cool. Daniel

Re: Dynamic Internet Maps based on BGP table / AS_PATH

http://www.ris.ripe.net/cgi-bin/risas.cgi Select output format "graphical". The really nice feature is that you can do this for any time in the recent past and from multiple view points because it works off a database of BGP data collected in 9 places all over the globe. Feedback welco

Re: rfc1918 ignorant

On 23.07 10:07, Kevin Oberman wrote: > > "In order to use private address space, an enterprise needs to > determine which hosts do not need to have network layer connectivity > outside the enterprise in the foreseeable future and thus could be > classified as private. Such hosts will use the priv

Re: Cisco IOS Vulnerability

On 17.07 15:59, Andy Dills wrote: > Sendmail is open source, IOS is not. > > Knowing where the problem is and knowing how to exploit it are two > entirely different situations. You are naive: Security through obscurity has never worked. You need secrecy if you go down this road; and that is hard

Re: it's 1918 in bologna

On 10.07 19:56, Randy Bush wrote: > >> note the 37. address. cute, eh? and i thought omphaloskepsis > >> was greek! > > Someone is going to have fun when tat part of 37/8 gets assigned and used. > > as the us military is blocking overseas access to more and more address > space, i guess non

Re: it's 1918 in bologna

On 10.07 12:19, Randy Bush wrote: > ... > > note the 37. address. cute, eh? and i thought omphaloskepsis > was greek! Someone is going to have fun when tat part of 37/8 gets assigned and used. Daniel >From http://www.quinion.com/words/weirdwords/ww-omp1.htm : OMPHALOSKEPSISI pronunciat

EOF, Amsterdam, September - Call for Presentations

presenting below and think about all those experiences this year that might be interesting to other operators. For the EOF "Coordination Group". Daniel Karrenberg -- The EOF The European Operators Forum (EOF)

Re: Mark Allman: Internet measurement: what next?

just a software package. These could be deloyed more easily. Daniel Karrenberg RIPE NCC

Re: Slow and Fast IP addresses on http ?

tcp-wrapper. Check DNS of the client address affected, forward and reverse. Daniel

Metoo Was: Pesky spammers are using my mailbox

On 03.06 13:44, Dominic J. Eidson wrote: > > I'm having a feeling that someone harvested a bunch of adresses, possibly > from NANOG, and is using them as the sender address in pretend-to-be KLEZ > spams.. I have received several bounces lately, several of them appearing > to be KLEZ, all with me

Re: BGP to doom us all

On 28.02 18:13, Barry Raveendran Greene wrote: > > Now - show me an operational environment on the Internet were this authorization > chain is _working_ today. RIRs and RADB do not count. As you mention before, > those databases and keeping them up to date are a "pulling teeth" exercise. > > ...

Re: Bell Labs or Microsoft security?

On 29.01 03:32, Sean Donelan wrote: > ... Multics security. Bell Labs answer: Unix. Who needs all that "extra" > security junk in Multics. . [reader warning: diatribe following] Gee, there once were a handflul of people; their principle goal was to make an OS for their own use. They

Impact of MS SQL Worm on DNS Root Name Service on 25.1.2003

THe RIPE NCC monitors response times to DNS queries of all root server addresses from ~60 points worldwide. Most of these points are within the RIPE region. 2 of the 13 server addresses (B&G) showed noticable degradation of response times to DNS queries across all measuring points. The othe

Re: Important Informational Message - root.zone change

At 12:59 AM 11/5/2002, Sean Donelan wrote: >Since its been 5 years since the hints/cache boot file has changed, >it may be useful to remind people an immediate change to your >local configuration files is not required. You don't need to >slashdot internic.net tomorrow morning trying to download t

Re: More federal management of key components of the Internet needed

At 07:05 AM 10/24/2002, Alan Hannan wrote: > It worked for airline security. Oh, did it now? Just to paraphrase Seans very professional language: Before the US government proposes to unilaterally take responsibility for a particular service it should consider its track record of providing pa

RE: WP: Attack On Internet Called Largest Ever

[Longish diatribe. I just use my share of bandwidth here in larger packets. I hope you will consider S/N large enough] At 04:51 PM 10/23/2002, Joe Patterson wrote: >would it cause problems, and more importantly would it solve potential >problems, to put some/most/all of the root servers (and mayb

Re: WP: Attack On Internet Called Largest Ever

At 07:50 AM 10/23/2002, Jamie C. Pole wrote: >It's a terrible thing when the most "competent" assessment of an attack >comes from a "company spokesperson", rather than someone just a little more >technical... In my reality the shop floor is not allowed to comment on something that is seen as vit

Re: IRR listing of IANA-reserved, a question..

Speaking for myself too: I have been wanting an *authoritative* *single* listing of unallocated address space for at least 6 years. Note that this is at a finer granularity than the IANA allocations list and it would have much more frequent changes than the IANA list as address space is allocate