Re: China internet issues

On Wed, May 22, 2024 at 08:18:05PM +0530, Vinod Ola wrote a message of 139 lines which said: > Can anyone please help me to get view of China ISP issues and backbone issues? There is a chinese network operators group (found from ) but it seems without any real

Re: 2600:: No longer pings

On Sun, Apr 07, 2024 at 01:12:21PM +0200, Tomáš Holý wrote a message of 227 lines which said: > $ for i in `cat list.txt`; do fping -6 $i -t 500 -r 0; done | grep 'is alive' > 2409:: is alive > 2a09:: is alive > 2a11:: is alive > 2a12:: is alive All of them are public DNS resolvers, which

Re: 2600:: No longer pings

On Sun, Apr 07, 2024 at 09:33:18AM +0530, Gaurav Kansal via NANOG wrote a message of 41 lines which said: > 2409:: is replying the ICMPv6 request, in case anyone interested Thank, I did not know this service. Note that the signatures on the reverse expired in february: % dig +cd -x 2409::

Re: 2600:: No longer pings

On Sat, Apr 06, 2024 at 06:19:57PM +0800, Soha Jin wrote a message of 50 lines which said: > I don't know what happed to 2600::, but 2a09:: and 2a11:: can be > used as alternatives. These are addresses of https://dns.sb/ running > by xTom. Very good DNS service, buy the way. But, although I

Re: Meta outage

On Tue, Mar 05, 2024 at 04:23:42PM +, Kain, Becki (.) via NANOG wrote https://metastatus.com/ a message of 210 lines which said: > Does meta keep a board somewhere to tell the world it’s down? https://metastatus.com/

Re: Meta outage

On Tue, Mar 05, 2024 at 11:06:11AM -0500, Jay Ashworth wrote a message of 124 lines which said: > This doesn't sound like it's a network layer problem but I'm curious. We can see the start page, authentification fails with an error message. It does not look like a network issue.

Re: Mail to Microsoft being falsely marked as spam/bulk

On Sun, Jan 21, 2024 at 12:18:21PM +0100, Bjoern Franke via NANOG wrote a message of 25 lines which said: > I had the same issue in which they were unable (or unwillig) to resolve it, > and wouldn't have "the liberty to discuss the source of the block". Creating > a new ticket some weeks

Re: Mail to Microsoft being falsely marked as spam/bulk

On Sat, Jan 20, 2024 at 10:07:39PM +1100, Christopher Hawker wrote a message of 132 lines which said: > If there is anyone from Microsoft around that can look into mail issues, > could you please reach out to me off-list? Or if anyone has any > ideas/suggestions as to how to resolve this, I'd

Re: Shared cache servers on an island's IXP

On Thu, Jan 18, 2024 at 12:53:19PM +0100, Jérôme Nicolle wrote a message of 36 lines which said: > - Low redundancy of old cables (2) > - Total service loss when both cables are down because of congestion on > satelite backups A problem which is not often mentioned is that most (all?) "local

Re: Interesting Ali Express web server behavior...

On Sat, Dec 09, 2023 at 09:55:31PM -0800, Owen DeLong via NANOG wrote a message of 1136 lines which said: > But why would AliExpress be redirecting to DDN space? Is this > legitimate? Ali hoping to get away with squatting, or something > else? No idea. The IP address does not reply to HTTP

Re: swedish dns zone enumerator

On Thu, Nov 02, 2023 at 04:09:24PM +1100, Mark Andrews wrote a message of 90 lines which said: > I also see QNAME minimisation in action as the QTYPE is NS. This > could just be a open recursive servers using QNAME minimisation. > With QNAME minimisation working correctly all parent zones

Re: Discord contacts

On Fri, Sep 29, 2023 at 12:33:57PM +, Drew Weaver wrote a message of 172 lines which said: > Any contacts from Discord here? Just started seeing cloudflare blocking > 250,000 IP addresses. There is an unsubstiantated rumor (based on the fact that, from the same IP address, it works with

Re: *.au RRSIG Expired

On Sun, Sep 17, 2023 at 05:52:35PM -0700, Matt Corallo wrote a message of 16 lines which said: > I believe same for name.au where `name` has a DS record. Same for net.au./DS, > etc. Seems fixed now. Here is the last error seen by DNSviz: https://dnsviz.net/d/com.au/ZQedzg/dnssec/ After

Re: DNS resolution for hhs.gov

On Tue, Apr 11, 2023 at 12:16:36PM -0400, Robert Story wrote a message of 22 lines which said: > DNSVis.net is a good place to check nameserver issues.. DNSViZ.net. Yes, great service.

Re: any dangers of filtering every /24 on full internet table to preserve FIB space ?

On Mon, Oct 10, 2022 at 05:20:33PM +0200, Stephane Bortzmeyer wrote a message of 10 lines which said: > > But theoretically every filtered /24 could be routed via smaller > > prefix /23 /22 /21 or etc. > > I don't think this is true, even in theory, specially for legacy &

Re: any dangers of filtering every /24 on full internet table to preserve FIB space ?

On Mon, Oct 10, 2022 at 05:58:45PM +0300, Edvinas Kairys wrote a message of 35 lines which said: > But theoretically every filtered /24 could be routed via smaller > prefix /23 /22 /21 or etc. I don't think this is true, even in theory, specially for legacy prefixes. There is probably

Re: IERS ponders reverse leapsecond...

On Wed, Aug 03, 2022 at 11:09:25AM -0400, Jay Ashworth wrote a message of 32 lines which said: > General press loses its *mind*: Indeed, they seem not to know what they write about. "atomic time – the universal way time is measured on Earth – may have to change" They don't even know the

Re: ns1-proddns.glbdns.o365filtering.com unreachable?

On Wed, Jul 06, 2022 at 12:15:31PM +0200, Peter van Dijk wrote a message of 28 lines which said: > So, in short, they have a DNS responding problem; their bad handling > of EDNS makes that worse, because now a resolver needs to get two > queries (one with EDNS, then one without) through to

Re: ns1-proddns.glbdns.o365filtering.com unreachable?

On Wed, Jul 06, 2022 at 11:37:40AM +0200, Bjoern Franke via NANOG wrote a message of 10 lines which said: > .mail.protection.outlook.com seems to throw servfails. The authoritative name servers for this domain do not handle EDNS (which was specified only 23 years ago) so the resolvers that

Re: cf is down?

On Tue, Jun 21, 2022 at 12:20:42AM -0700, Eric Kuhnke wrote a message of 204 lines which said: > Massive spike in consumer facing services reported as broken by > downdetector, almost all are likely cf customers. See downdetector > homepage. It seems back into service, now.

Re: cf is down?

https://www.cloudflarestatus.com/ Identified - The issue has been identified and a fix is being implemented. Jun 21, 06:57 UTC Investigating - Cloudflare is investigating wide-spread issues with our services and/or network. Users may experience errors or timeouts reaching Cloudflare’s

Re: Russia to disconnect from global Internet

On Sun, Mar 06, 2022 at 11:49:54PM +0100, Bill Woodcock wrote a message of 62 lines which said: > This applies exclusively to Russian federal government networks, not > ISPs or telecom operators. It’s just trying to get them to document > and harmonize their practices isn perfectly

Re: Authoritative Resources for Public DNS Pinging

On Wed, Feb 09, 2022 at 09:37:02AM +0200, Mark Tinka wrote a message of 18 lines which said: > > Let me repeat that there is a service which is officially intended to > > be pinged/queried/etc, the RIPE Anchors. > > Yeah, but how do we get out there in a manner that Jane can easily find and

Re: Authoritative Resources for Public DNS Pinging

On Wed, Feb 09, 2022 at 09:08:04AM +0200, Mark Tinka wrote a message of 25 lines which said: > It's terrible behaviour, but unless we offer a more "official" > alternative, it won't end. Let me repeat that there is a service which is officially intended to be pinged/queried/etc, the RIPE

Re: Authoritative Resources for Public DNS Pinging

On Tue, Feb 08, 2022 at 11:56:44AM -0600, Mike Hammett wrote a message of 140 lines which said: > Are there any authoritative resources from said organizations saying > you shouldn't use their servers for your persistent ping > destinations? Why not using RIPE Anchors, which are made to be

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

On Wed, Dec 08, 2021 at 01:27:23PM +, Laura Smith via NANOG wrote a message of 18 lines which said: > Bit of a long stretch given the US audience, but I'm seeing lots of things > like this at the moment: Indeed, they botched DNSSEC

Re: .bv ccTLD

On Sat, Dec 04, 2021 at 10:20:16AM -0500, Jay Ashworth wrote a message of 121 lines which said: > Oh dear. They actually gave them .SS? It's an european reference. For the local people, this 2-letters code probably means nothing special, it is not their history. (I assume that the there is

Re: DNS hijack?

On Fri, Nov 12, 2021 at 03:13:57PM -0800, William Herrin wrote a message of 24 lines which said: > To my mind, though, Netsol's server should not be responding with > authoritative answers to random domains that aren't assigned to it. > That it does makes me think it's a good candidate for

Re: DNS hijack?

On Thu, Nov 11, 2021 at 09:44:04PM +, Richard wrote a message of 37 lines which said: > The second of these is returning the 208.nnn IPnumber for your > a-record: > >dig @VOYAGER.VISER.NET 2dpnr.org > >2dpnr.org. 300 IN A 208.91.197.132 It depends on where you are (from my

Re: DNS hijack?

On Thu, Nov 11, 2021 at 01:36:58PM -0800, Jeff Shultz wrote a message of 122 lines which said: > Never mind, looks like an expired domain issue. Someone didn't remind > someone else. To avoid such a problem: * some registries allow for multi-year registration, * some registrars allow for

Re: DNS hijack?

On Thu, Nov 11, 2021 at 01:28:07PM -0800, Jeff Shultz wrote a message of 105 lines which said: > I hit my registrar, DirectNic, and found I'm good through 2023. They > pulled up DNS checker and found that a bunch of DNS servers were > showing 208.91.197.132 as the IP for the domain. It's

Re: An update on the AfriNIC situation

On Fri, Aug 27, 2021 at 10:38:01PM +0200, Mark Tinka wrote a message of 13 lines which said: > Oddly, I recommended to a friend (one who promotes competitors do the wrong > thing, hehe) that sending CI routes to /dev/null would be ideal. Trollish idea of the day: since it is an IPv4-specific

Re: Is Verizon core network broken? Can someone reach out to Verizon core network team so that they can look into why so many networks are missing?

On Wed, Jul 21, 2021 at 11:35:35AM -0400, S Umple wrote a message of 61 lines which said: > # > 81.0.0.0/8 is variably subnetted, 2835 subnets, 14 masks > 121.51.0.0/16 > 182.254.0.0/16 is variably subnetted, 3 subnets, 2 masks > > > route-views.routeviews.org> >

Re: amazon.com multiple SPF records

On Sat, Jun 05, 2021 at 07:59:40AM -0400, Brad Barnett wrote a message of 15 lines which said: > If anyone at Amazon is paying attention, you have duplicate spf1 records > for amazon.com: If so, it is now gone. Not one RIPE Atlas probe see this duplication: % blaeu-resolve -r 100 --ednssize

Re: RADb

On Mon, May 10, 2021 at 09:25:36AM +0200, Marco Paesani wrote a message of 51 lines which said: > do you have news about the issue on RADb ? Note that it is discussed on the outages mailing list. No specific news, just that it is down.

Re: DoD IP Space

On Sun, Apr 25, 2021 at 08:29:51AM -0400, Jean St-Laurent via NANOG wrote a message of 38 lines which said: > Let's see what will slowly appear in shodan.io and shadowserver.org My favorite (but remember it can be a gigantic honeypot) is the Ubiquiti router with the name

Re: Level3 DNS Issues

On Thu, Sep 10, 2020 at 01:20:15PM +, Ryan O’Shea wrote a message of 41 lines which said: > Is anyone experiencing timeouts when querying 209.244.0.3? No, according to RIPE Atlas probes: % blaeu-resolve --nameserver 209.244.0.3 --requested 100 --type SOA . Nameserver 209.244.0.3

Re: BGP route hijack by AS10990

On Thu, Jul 30, 2020 at 11:21:04AM +0300, Hank Nussbacher wrote a message of 48 lines which said: >See: And: https://stat.ripe.net/widget/bgp-update-activity#w.starttime=2020-07-16T05%3A00%3A00=2020-07-30T05%3A00%3A00=AS10990

Re: Comcast DNS Assistance?

On Sun, Jul 05, 2020 at 09:30:27AM -0400, Dave Dechellis wrote a message of 15 lines which said: > Last night we made some changes to our DNS-SEC environment at Tufts > University and all changes seem to have propagated - but we're having > issues resolving against Comcast's DNS servers.

Re: ISC BIND 9 breakage?

On Wed, Mar 25, 2020 at 05:18:49PM +, Drew Weaver wrote a message of 97 lines which said: > Did anyone else on CentOS 6 just have some DNS resolvers totally fall over? dlv.isc.org signatures just expired. > # NOTE: The ISC DLV zone is being phased out as of February >

Re: Rogue objects in routing databases

On Sat, Jan 25, 2020 at 12:06:51AM +0100, Florian Brandstetter wrote a message of 53 lines which said: > Examples of affected networks are: > > 193.30.32.0/23 > 45.129.92.0/23 > 45.129.94.0/24 Note that 193.30.32.0/23 has also a ROA (announces by 42198). So, announces by AS8100 would be

Re: DoD IP Space

On Mon, Nov 04, 2019 at 10:55:47AM +0200, Chris Knipe wrote a message of 35 lines which said: > We are experiencing a situation with a 3rd party (direct peer), > wanting to advertise DoD address space to us, and we need to confirm > whether they are allowed to do so or not. The US military

Re: Cogent & FDCServers: Knowingly aiding and abetting fraud and theft?

On Fri, Oct 11, 2019 at 08:14:00PM +0900, Masataka Ohta wrote a message of 34 lines which said: > they said they have never transferred the block > So, RADB entry: ... > route: 146.51.0.0/16 > origin: AS174 ... > is confirmed to be registration fraud. I nitpick, but

Re: "Using Cloud Resources to Dramatically Improve Internet Routing"

On Fri, Oct 04, 2019 at 03:52:26PM -0400, Phil Pishioneri wrote a message of 9 lines which said: > Using Cloud Resources to Dramatically Improve Internet Routing > UMass Amherst researchers to use cloud-based ‘logically centralized > control’ Executive summary: it's SDN for BGP. Centralizing

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 12:11:32PM +0200, Jeroen Massar wrote a message of 101 lines which said: > - Using a centralized/forced-upon DNS service (be that over DoT/DoH > or even plain old Do53 Yes, but people using a public DNS resolver (of a big US corporation) over UDP is quite an old

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 10:35:31AM +0200, Jeroen Massar wrote a message of 29 lines which said: > Correct: for the DoH protocol it is not that goal, there it solely > is "encryption". But DoT already solves that. DoT is fine, (and my own public resolver activates it) but, as you know, it is

Re: AWS issues with 172.0.0.0/12

On Tue, Oct 01, 2019 at 09:09:38AM +0100, Christopher Morrow wrote a message of 27 lines which said: > possible that this is various AWS customers making iptables/firewall mistakes? > "block that pesky rfc1918 172/12 space!!" May be, but I used the same target as Mehmet.

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 09:55:54AM +0200, Jeroen Massar wrote a message of 26 lines which said: > > (Because this canary domain contradicts DoH's goals, by allowing > > the very party you don't trust to remotely disable security.) > > The goal is centralization of DNS Hmmm, no, read RFC

Re: AWS issues with 172.0.0.0/12

On Mon, Sep 30, 2019 at 11:38:25PM -0700, Mehmet Akcin wrote a message of 131 lines which said: > Here you go The two RIPE Atlas probes in the AT prefix seem able to reach AWS: % blaeu-traceroute --protocol TCP --size=0 --port=80 --first_hop=64 --format --prefix 172.0.0.0/12 --requested

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 08:22:58AM +0100, Brandon Butterworth wrote a message of 37 lines which said: > Here are some UKNOF presentations on it - Note that the UK is probably the country in Europe with the biggest use of lying DNS resolvers for censorship. No wonder that the people who

Re: This DNS over HTTP thing

On Mon, Sep 30, 2019 at 11:56:33PM -0400, Brandon Martin wrote a message of 10 lines which said: > It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) > will go back to using your local DNS server list as per usual. Unless, I hope, the user explicitely overrides this. (Because

Re: This DNS over HTTP thing

On Mon, Sep 30, 2019 at 11:46:04PM -0400, Fred Baker wrote a message of 28 lines which said: > > Is there an official name for it I should be searching for? > > The IETF calls it "DoH", pronounced like > "Dough". https://datatracker.ietf.org/wg/doh/about/ And it is standardized in RFC 8484,

Re: 44/8

On Thu, Jul 18, 2019 at 11:13:24PM -0400, Majdi S. Abbas wrote a message of 26 lines which said: > Amusingly, they still seem to be advertising the covering > aggregate, Are you sure? RIPE stat shows it stopped one month ago

Re: who attacks the weather channel?

On Thu, Apr 18, 2019 at 03:16:34PM +, Kain, Rebecca (.) wrote a message of 69 lines which said: > https://www.cnn.com/2019/04/18/media/weather-channel-hack/index.html May be these people? https://en.wikipedia.org/wiki/Weather_Underground

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Very good article, very detailed, with a lot of technical precisions, about the recent domain name hijackings (not using the DNS, just good old hijackings at registrar or hoster). https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/

Re: A Zero Spam Mail System [Feedback Request]

On Mon, Feb 18, 2019 at 12:28:21PM +0530, Viruthagiri Thirumavalavan wrote a message of 111 lines which said: > Just gone through all your replies. And apparently you did not read them and did not take any lesson in it. > Literally everyone attacking me here. In the current thread, NOT ONE

Re: A Zero Spam Mail System [Feedback Request]

On Mon, Feb 18, 2019 at 07:33:32AM +0530, Viruthagiri Thirumavalavan wrote a message of 515 lines which said: > My name is Viruthagiri Thirumavalavan. I'm the guy who proposed SMTP > over TLS on Port 26 Besides all the excellent remarks that were made here (and I seriously urge you to read

Re: 2019-01-11 ARIN.NET DNSSEC Outage – Post-Mortem (was: Re: ARIN NS down?)

On Fri, Jan 11, 2019 at 08:59:10PM +, John Curran wrote a message of 125 lines which said: > Our monitoring systems reported being green until the signatures > expired as they presently check that the SOA's match on the internal > and external nameservers. For checking of DNSSEC

Re: Dnssec still inoperable on the internet ?— was ARIN NS down?

On Fri, Jan 11, 2019 at 07:58:25AM -0800, Ca By wrote a message of 488 lines which said: > No your threats and deploy wisely Say no to the threats :-)

Re: ARIN NS down?

On Fri, Jan 11, 2019 at 07:57:25PM +0530, Suresh Ramasubramanian wrote a message of 56 lines which said: > couldn't get address for 'ns1.arin.net': not found DNSSEC issue, they let the signatures expire

Re: CenturyLink

On Fri, Dec 28, 2018 at 07:07:42AM +, Erik Sundberg wrote a message of 131 lines which said: > CenturyLink will be conducting an extensive post-incident > investigation and root cause analysis to provide follow-up > information to our customers Is this problem also responsible for the

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

On Wed, Sep 26, 2018 at 11:28:06AM +0200, Jens Link wrote a message of 14 lines which said: > quick and dirty: Indeed. For instance, the delay depends wether the cache it hot or cold (measuring response time for an authoritative server is easier).

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

On Wed, Sep 26, 2018 at 09:21:21AM +0100, Colin Johnston wrote a message of 16 lines which said: > also could use ripe atlas Which embeds clients for ICMP Echo, DNS, NTP, TLS, arbitrary TCP (with some hacks), and, with serious limitations, HTTP.

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

On Wed, Sep 26, 2018 at 10:59:02AM +0300, Michael Bullut wrote a message of 192 lines which said: > How would you gauge good DNS performance? To test {XXX} performance, you use a {XXX} client, where XXX = DNS, HTTP, SSH, LDAP, etc.

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

On Wed, Sep 26, 2018 at 10:52:07AM +0300, Michael Bullut wrote a message of 162 lines which said: > Has anyone deployed the aforementioned in your individual networks? > A quick test suggests it is quite fast compared with Google's > D.N.S. resolvers: Well, you don't test a DNS service with

Re: Bogon prefix c0f:f618::/32 announced via Cogent

On Sat, Jul 14, 2018 at 08:18:25AM +0800, Siyuan Miao wrote a message of 27 lines which said: > c0f:f618::/32 originated from AS327814 is announcing via Cogent for several > weeks. Apparently withdrawn 2018-07-14 around 16:00:00 UTC. Your mail to NANOG was effective :-)

Re: broken DNS

On Thu, Jun 07, 2018 at 11:31:15AM -0400, harbor235 wrote a message of 5 lines which said: > I was hoping for some DNS wisdom, Then this is more a dns-operations mailing list issue. > would a change in a SOA record cause a > DNSSEC broken trust chain? incorrect RRSIG? No. The SOA record

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

On Tue, Apr 24, 2018 at 08:35:17PM +0200, Fredrik Korsbäck wrote a message of 28 lines which said: > Surprised this hasnt "made the news" over at this list yet. It may be also because NANOG email is handled by Google, who broke its antispam: : host

Re: Yet another Quadruple DNS?

On Tue, Apr 03, 2018 at 10:54:34AM -0400, Rich Kulawiec wrote a message of 10 lines which said: > Watch what you wish for: you might get it. The number of > attack/abuse vectors (and the severity of their consequences for > security and privacy) involved in doing auto-update

Re: Yet another Quadruple DNS?

On Tue, Apr 03, 2018 at 03:01:19AM -0700, Brian Kantor wrote a message of 12 lines which said: > > That would be a terrible violation of network neutrality. I hope > > that such ISP will go bankrupt. > > On the contrary: it will enable them to collect more usage > statistics

Re: Yet another Quadruple DNS?

On Sun, Apr 01, 2018 at 02:03:41PM -0600, Paul Ebersman wrote a message of 38 lines which said: > And EDNS client subnet mostly works. It is awful, privacy-wise, complicates the cache a lot and seriously decreases hit rate in cache (since the key to a cached resource

Re: Yet another Quadruple DNS?

On Sun, Apr 01, 2018 at 09:22:10AM -0700, Stephen Satchell wrote a message of 39 lines which said: > Recursive lookups take bandwidth and wall time. The closer you can > get your recursive DNS server to the core of the internet, the > faster the lookups. I think the exact

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 03:57:24PM +0100, William Waites wrote a message of 48 lines which said: > > 77.77.77.77 - Dadeh Gostar Asr Novin P.J.S. Co. (Iran) | 77.77.64/19 | > > recursion-yes > > Well, that one's a little odd: I think that, for the government of this

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 06:46:19AM -0800, Royce Williams wrote a message of 19 lines which said: > Full survey - with owners of the largest bit-boundary-aligned blocks > that contain them - here: > >

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 08:29:57AM -0700, Bill Woodcock wrote a message of 53 lines which said: > there are ISPs who are internally capturing 8.8.8.8, and who try to > do the same with 9.9.9.9. Which is why it’s so important to do > cryptographic validation of the server and

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote a message of 12 lines which said: > I've never really understood this - if you don't trust your ISP's > DNS, why would you trust them not to transparently intercept any > well-known third-party DNS? Technically,

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:01:59AM -0700, Brian Kantor wrote a message of 20 lines which said: > I believe that centralized DNS resolvers such as 8.8.8.8 are of > benefit to those folks who can't run their own recursive resolver > because of OS, hardware, Hardware is not a

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:33:08AM -0400, Matt Hoppes wrote a message of 7 lines which said: > We already have 8.8.8.8 and 8.8.4.4. And 9.9.9.9 and several others public DNS resolvers. > And any reputable company or ISP should be running their own. I

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 12:16:48PM +0100, Tony Finch wrote a message of 15 lines which said: > Also the very amusing > > https://twitter.com/eastdakota/status/970359846548549632 Less amusing, for a DNS service, the brokenness of reverse service: % dig -x 1.1.1.1 ; <<>> DiG

Re: Yet another Quadruple DNS?

On Wed, Mar 28, 2018 at 11:16:15PM +0300, DaKnOb wrote a message of 25 lines which said: > Out of 1,000 RIPE Atlas Probes, only 34 report it as unreachable. It's still a lot for IPv4. And it measures ony filtering, not hijacking (which seems to exist, some probes get a

Re: Spectre/Meltdown impact on network devices

On Mon, Jan 08, 2018 at 11:41:04AM +0100, Stephane Bortzmeyer <bortzme...@nic.fr> wrote a message of 20 lines which said: > > I'm curious to hear the impact on network devices of this new hardware > > flaws that everybody talk about. Yes, the Meltdown/Spectre

Re: Spectre/Meltdown impact on network devices

On Sun, Jan 07, 2018 at 02:02:24PM -0500, Jean | ddostest.me via NANOG wrote a message of 21 lines which said: > I'm curious to hear the impact on network devices of this new hardware > flaws that everybody talk about. Yes, the Meltdown/Spectre flaws.

Re: Google DNS intermittent ServFail for Disney subdomain

On Fri, Oct 20, 2017 at 03:29:15PM +0200, Filip Hruska wrote a message of 49 lines which said: > Would be great if makers of home routers would implement full recursive DNS > resolvers The good ones do

Re: Google DNS --- Figuring out which DNS Cluster you are using

On Thu, Aug 24, 2017 at 10:53:58AM +1000, Mark Andrews wrote a message of 39 lines which said: > If Google was being sensible the servers would just return the > information along with the answer. They all support EDNS. I fully agree with you that NSID (RFC 5001) is great and

Re: loc.gov

On Sat, Jul 08, 2017 at 09:41:29PM -0400, Nicholas Oas wrote a message of 37 lines which said: > Have isitdownorjustme sites simply superceded the need for such > lists? isitdownorjustme-type sites are very limited: one vantage point, and few (or none) indication of

Re: IP Hijacking For Dummies

On Mon, Jun 05, 2017 at 04:46:04PM -0700, Ronald F. Guilmette wrote a message of 85 lines which said: > Late last night, I put together the following simple annotated listing of > the routes being announced by AS34991. Note that they apparently stopped on 7 june.

Re: IP Hijacking For Dummies

On Mon, Jun 05, 2017 at 04:46:04PM -0700, Ronald F. Guilmette wrote a message of 85 lines which said: > I just think that by now, in 2017, we should have a somewhat more > skilled class of frauds, rogues, criminals and spies on the > Internet. "This city deserves a

Re: Question to Google

On Mon, May 15, 2017 at 07:55:41AM -0700, Damian Menscher wrote a message of 82 lines which said: > Can you point to published studies where the root and .com server > operators analyzed Todd's questions? For the root, the most comprehensive one is probably SAC 18 A good

Re: Question to Google

On Mon, May 15, 2017 at 09:20:17AM -0400, Todd Underwood wrote a message of 66 lines which said: > so implications that this is somehow related to Google dragging > their feet are silly. Implying that the root name server operators, or Verisign (manager of the .com name

Re: Question to Google

> Unfortunately, every time we've looked at the data, the > conclusion has been that it would cause unwarranted user > impact. IIRC the most recent blocker was a major US ISP whose > clients would experience breakage if even just one NS record > was dual-stacked.

Re: Financial services BGP hijack last week?

On Tue, May 02, 2017 at 01:49:04AM -0400, valdis.kletni...@vt.edu wrote a message of 29 lines which said: > I didn't see any mention of this here. You should susbcribe to @bgpstream on Twitter, and read BGPmon blog :-) https://twitter.com/bgpstream

Re: ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

On Fri, Mar 17, 2017 at 12:03:58PM +0300, Eygene Ryabinkin wrote a message of 71 lines which said: > We (at Kurchatov Insitute) still use 144.206.0.0/16, the legacy > block, and seeing the breakage rooted at ARIN since this night, > {{{ > $ dig +trace -t soa

Re: ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

On Fri, Mar 17, 2017 at 12:03:58PM +0300, Eygene Ryabinkin wrote a message of 71 lines which said: > Seems like the other /16 from 144.in-addr.arpa are affected too > (at least). Also in 164.in-addr.arpa, it seems?

Re: Internet Governance Forum DNS

On Thu, Dec 08, 2016 at 03:36:03AM -0500, Joly MacFie wrote a message of 13 lines which said: > "www.intgovforum.org’s server DNS address could not be found." Welcome to the UN... Updated Date: 2016-12-08T14:33:28Z It expired and was renewed yesterday (source: Internet

Re: Lawsuits for falsyfying DNS responses ?

On Tue, Sep 13, 2016 at 07:12:59AM +0200, JÁKÓ András wrote a message of 18 lines which said: > Blocking for that purpose usually means redirecting in > practive. You'll redirect to a page that explains why the original > site is not available. It has practical

Re: Chinese root CA issues rogue/fake certificates

On Thu, Sep 01, 2016 at 11:36:57AM +1000, Matt Palmer wrote a message of 45 lines which said: > I'd be surprised if most business continuity people could even name > their cert provider, And they're right because it would be a useless information: without DANE, *any* CA

Re: number of characters in a domain?

On Sat, Jul 23, 2016 at 08:35:57AM -0400, Jared Mauch wrote a message of 12 lines which said: > I would consult RFC1035 for the label sizes, but the total length > can include multiple labels up to 255 in length. Check section 2.3.4 On another mailing list, Marc

Re: NANOG is five days late?

On Mon, Jul 18, 2016 at 08:53:02AM -0500, Andy Koch wrote a message of 15 lines which said: > The NANOG mailing list has a policy to hold the first post from all > new subscribers and those who have not posted in a long time (one > year+). So, the batch of messages which has

NANOG is five days late?

This message just arrived... Received: from mail.nanog.org (localhost [127.0.0.1]) by mail.nanog.org (Postfix) with ESMTP id 96AA42D47BB; Mon, 18 Jul 2016 13:15:14 + (UTC) X-Original-To: nanog@nanog.org Delivered-To: nanog@nanog.org Received: from mail-it0-x245.google.com

Re: NIST NTP servers

On Tue, May 10, 2016 at 10:52:28AM -0400, valdis.kletni...@vt.edu wrote a message of 37 lines which said: > Note that they *do* have motivation to keep it working, simply > because so much of their *own* gear (from gear for individual > soldiers all the way to

  1   2   3   >