Re: DNSSEC and ISPs faking DNS responses

> On Nov 14, 2015, at 00:21 , Roland Dobbins wrote: > > On 14 Nov 2015, at 13:36, Jean-Francois Mezei wrote: > >> With regards to VPNs: while they may not be very well known in the USA, they >> are outside the USA where many people need VPNs to access foreign content >>

Re: DNSSEC and ISPs faking DNS responses

> On Nov 14, 2015, at 03:11 , Roland Dobbins wrote: > > On 14 Nov 2015, at 16:05, Owen DeLong wrote: > >> Lots of VPN services out there like the ones mentioned earlier in the thread >> have made it nearly as simple to install and operate a VPN. > > Until the setup and

Re: DNSSEC and ISPs faking DNS responses

On 14 Nov 2015, at 16:27, Owen DeLong wrote: Today. Yes, today, and tomorrow, and next week, and next month, and next year, etc. Why on earth do you assume that this will not continue to expand and/or accelerate its rate of expansion as word spreads that it is possible? Because it

Re: DNSSEC and ISPs faking DNS responses

On 14 Nov 2015, at 19:07, Owen DeLong wrote: The point you seem to be missing is that your “until…” is already met. Not AFAICT. It isn't a default in the OS and on the window manager/home screen. I know of at least one ISP that is providing CPE with VPN pre-configured and built in.

Re: DNSSEC and ISPs faking DNS responses

On 14 Nov 2015, at 13:36, Jean-Francois Mezei wrote: With regards to VPNs: while they may not be very well known in the USA, they are outside the USA where many people need VPNs to access foreign content that is geoblocked in their home country. I do not live in the United States; I live

Re: DNSSEC and ISPs faking DNS responses

On 14 Nov 2015, at 13:38, Royce Williams wrote: > They don't have to know what a VPN is in order to to use it -- and to pass > it on to their friends. That's still a very small proportion of the user base. --- Roland Dobbins

Re: DNSSEC and ISPs faking DNS responses

> On Nov 13, 2015, at 21:28 , Roland Dobbins wrote: > > On 14 Nov 2015, at 11:32, Owen DeLong wrote: > >> Go out onto the street and ask a random number of people over 30 if they >> know what a URL is and how to enter one into a browser. > > They don't know what URIs

Re: DNSSEC and ISPs faking DNS responses

On 14 Nov 2015, at 16:05, Owen DeLong wrote: Lots of VPN services out there like the ones mentioned earlier in the thread have made it nearly as simple to install and operate a VPN. Until the setup and functionality are automagic, we're not going to see broad use of VPNs by non-specialists.

Re: EoMPLS vlan rewrite between brands; possibly new bug in Cisco IOS 15

Thank you Jeff, I'll check it out on the HP side since Cisco seems to not care: Known Fixed Releases: (0) No release planned to fix this bug Best regards, Jonas Bjork > On 15 Nov 2015, at 2:54, Jeff Tantsura wrote: > > Jonas, > > As expected - the problem is

Re: Project Fi and the Great Firewall

Sent from my iPhone > On Nov 14, 2015, at 18:00, Sean Hunter wrote: > > Hello everyone, > > I come to you to humbly request your assistance, on or off list. This not > an urgent technical matter, but something I'm rather fascinated by at the > moment. > > While in

Re: Project Fi and the Great Firewall

I know the service/device uses VPN if you are using "wifi assist" to connect to an open WAP -- it automatically tunnels the traffic so it can't be read by nearby snoopers. Perhaps they employ a similar technology or are using something like PPP to take all of the traffic back to one (or many)

Re: Project Fi and the Great Firewall

On 15 Nov 2015, at 9:00, Sean Hunter wrote: While in China recently, I noticed that my Project Fi phone was accessing Google. Accessing, or attempting to access? Were you using a local SIM card, or roaming w/data? What about WiFi? --- Roland Dobbins

Re: Project Fi and the Great Firewall

This is what roaming data means, Your data packet is simply trunked to your original operator to process. So you will be having a US ip on the web. On Sun, Nov 15, 2015 at 12:02 PM, Yury Shefer wrote: > My team mate was traveling to China with his Nexus 6 (with Project Fi >

Re: Project Fi and the Great Firewall

My team mate was traveling to China with his Nexus 6 (with Project Fi SIM-card) and was able to access Google services. The phone uses roaming data to access Google and your phone gets IP assigned by your home mobile network packet gateway (P-GW). There is no local data break-out. On Sat, Nov 14,

Project Fi and the Great Firewall

Hello everyone, I come to you to humbly request your assistance, on or off list. This not an urgent technical matter, but something I'm rather fascinated by at the moment. While in China recently, I noticed that my Project Fi phone was accessing Google. Not only Google, but Facebook, YouTube,

Re: Project Fi and the Great Firewall

On 15 Nov 2015, at 11:02, Yury Shefer wrote: The phone uses roaming data to access Google and your phone gets IP assigned by your home mobile network packet gateway (P-GW). This is what I thought, as well - thanks for confirming! --- Roland Dobbins

comcast metro-e questions

Hi, Anyone here using comcast metro-e? I'd like to hear the good, bad and the ugly. I have a call in to sales but it being the weekend I won't be expecting a response, but I'm also wondering off the top of my head on general ballpark pricing for gigE? Thanks. Mike-

Re: DNSSEC and ISPs faking DNS responses

On Sat, Nov 14, 2015 at 3:34 AM, Roland Dobbins wrote: >> >> More likely this is going to be iterations of what is already being more widely accepted. Downloadable pre-configured client software that works with a particular VPN service. > > > Again, downloading is a barrier to

EoMPLS vlan rewrite between brands; possibly new bug in Cisco IOS 15

Hi, I am using a couple of AToM/EoMPLS tunnels in order to carry customer voice and data traffic across our IP/MPLS core, and it is currently working just fine. The first side consists of a Cisco 7600 router (rsp) and the other one is an HP A5500-HI routing switch with full LER/E-LSR

Re: DNSSEC and ISPs faking DNS responses

* rdobb...@arbor.net (Roland Dobbins) [Sat 14 Nov 2015, 04:13 CET]: On 14 Nov 2015, at 10:02, John Levine wrote: People in New Zealand said differently. This is a corner-case, however. We can continue citing corner cases, like the % of people in Turkey who use Google DNS since their

Re: DNSSEC and ISPs faking DNS responses

>Until the setup and functionality are automagic, we're not going to see >broad use of VPNs by non-specialists. I'm getting the impression you haven't yet gotten around to looking at VPN applications intended for non-specialists. Here's a good one to start with:

Re: DNSSEC and ISPs faking DNS responses

On Sat, Nov 14, 2015 at 01:36:06AM -0500, Jean-Francois Mezei wrote a message of 71 lines which said: > Loto Québec is supposed to be testing for compliance, and I am not > sure how they will do that short of having a subscription to every > ISP that sells

Re: DNSSEC and ISPs faking DNS responses

So when will we see CPE routers with built-in secure resolver and VPN client? Log in to 192.168.1.1 and select your country of the day from a drop down. Regards Baldur

Re: DNSSEC and ISPs faking DNS responses

In article you write: >So when will we see CPE routers with built-in secure resolver and VPN >client? Log in to 192.168.1.1 and select your country of the day from a >drop down. VyprVPN has a plug in for Tomato. R's, John

Re: Colo space at Cermak

That's interesting news, how did you hear about that? On Nov 14, 2015 1:46 AM, "Ishmael Rufus" wrote: > The company who has the worlds most played online multiplayer game moved > their servers to Chicago back in late August. Maybe that affected prices? > > On Fri, Nov 13,

Re: Colo space at Cermak

They made an announcement about it a while back: http://boards.na.leagueoflegends.com/en/c/help-support/2uTrAyy8-na-server-roadmap-update-chicago-server-move-complete On Sat, Nov 14, 2015 at 11:58 AM, Josh Reynolds wrote: > That's interesting news, how did you hear about

Re: DNSSEC and ISPs faking DNS responses

On Sat, Nov 14, 2015 at 05:32:41PM +1100, Mark Andrews wrote: > In message <20151114044614.ga4...@hezmatt.org>, Matt Palmer writes: > > On Fri, Nov 13, 2015 at 10:51:52AM +0100, Bj�rn Mork wrote: > > > So what do we do? We currently point the blocked domains to addresses of > > > a web server with

Re: DNSSEC and ISPs faking DNS responses

On 15 Nov 2015, at 2:25, John Levine wrote: They have point'n'click apps for all the usual platforms. They are not defaults. I think that many people on this list don't understand that the vast majority of users around the world do not know what a VPN is, do not know why they might need

Re: DNSSEC and ISPs faking DNS responses

On 11/14/2015 16:48, Roland Dobbins wrote: On 15 Nov 2015, at 2:25, John Levine wrote: They have point'n'click apps for all the usual platforms. They are not defaults. I think that many people on this list don't understand that the vast majority of users around the world do not know what a

Re: DNSSEC and ISPs faking DNS responses

On 11/14/2015 16:56, Larry Sheldon wrote: On 11/14/2015 16:48, Roland Dobbins wrote: On 15 Nov 2015, at 2:25, John Levine wrote: They have point'n'click apps for all the usual platforms. They are not defaults. I think that many people on this list don't understand that the vast majority of

Re: DNSSEC and ISPs faking DNS responses

On 15 Nov 2015, at 2:08, Niels Bakker wrote: When will there be enough 'corner cases' to convince you it's business as usual? The majority of people who use the Internet in Turkey do not in fact use Google DNS. It is an informed and motivated minority. The most recent statistics I can

Re: DNSSEC and ISPs faking DNS responses

In article <339de9d9-f459-48e3-8d27-94eb76c90...@arbor.net> you write: >On 15 Nov 2015, at 2:25, John Levine wrote: > >> They have point'n'click apps for all the usual platforms. > >They are not defaults. The question at hand is whether gamblers faced with government blocking would use VPNS to

Re: DNSSEC and ISPs faking DNS responses

>Do you believe that percentage is going to significantly increase over >time? What relevance does that have to gamblers using VPNs to circumvent blocks? R's, John

Re: DNSSEC and ISPs faking DNS responses

On 14 Nov 2015, at 23:39, Royce Williams wrote: Downloading is now much more common 2than during the age of the browser wars. Sure, I understand that. As of October 2014, 64% of American adults owned a smartphone [1]. Phones don't usually come with Candy Crush, but somehow, 93

Re: DNSSEC and ISPs faking DNS responses

On 15 Nov 2015, at 6:01, Larry Sheldon wrote: in spite of your best attempts to prevent it. My 'best attempts to prevent it'? You're obviously addressing someone else. I'm not trying to prevent anyone accessing anything. On the contrary, I'm very much in favor of making applications and

Re: DNSSEC and ISPs faking DNS responses

On Sun, 15 Nov 2015, Roland Dobbins wrote: > On 15 Nov 2015, at 2:25, John Levine wrote: > > > They have point'n'click apps for all the usual platforms. > > They are not defaults. > > I think that many people on this list don't understand that the vast majority > of users around the world do

Re: EoMPLS vlan rewrite between brands; possibly new bug in Cisco IOS 15

Been forever since i looked at cisco, however sounds like vc type mismatch. They used to have it as a platform capability, perhaps SW upgrade changed the default. to my memory "show mpls l2 transport" should provide enough details. Hope this helps Regards, Jeff > On Nov 14, 2015, at 4:50 AM,

Re: DNSSEC and ISPs faking DNS responses

> On Nov 14, 2015, at 04:34 , Roland Dobbins wrote: > > On 14 Nov 2015, at 19:07, Owen DeLong wrote: > >> The point you seem to be missing is that your “until…” is already met. > > Not AFAICT. It isn't a default in the OS and on the window manager/home > screen. > >> I

Re: DNSSEC and ISPs faking DNS responses

> > And it may only take a secondary use case to reach critical mass. People I > know who use WhatsApp seem to have started using it to avoid per-text > charges, not to get end-to-end encrypted messaging. But now, even if > Facebook's estimate [2] of 450 million WhatsApp users is 90% inflated,

Re: EoMPLS vlan rewrite between brands; possibly new bug in Cisco IOS 15

Dear Mr. Jeff, Thank you for your reply. Below is the complete output in question (l2 is short for l2transport). You are mentioning platform capabilities and that the default might have changed. How do I alter this? pe#sh mpls l2 vc 42 d Local interface: Po190.42 up, line protocol up, Eth VLAN

Re: EoMPLS vlan rewrite between brands; possibly new bug in Cisco IOS 15

Jonas, As expected - the problem is related to vc type negotiation. You have hit CSCuq28998 :) talk to your cisco rep Workaround: - configure VC type 5 between the routers (configured on HP side) - configuring no-control-word The bug has been reported in 15.2(4)S4a, perhaps there’s an