greetings. i didn't notice this before, and i want to complete the record.
i'm paying more attention to the quoting this time, too.
On Wed, May 23, 2012 at 04:33:28PM -0400, Christopher Morrow wrote:
On Wed, May 23, 2012 at 1:40 AM, bmanning at vacation.karoshi.com wrote:
Paul will be
fwiw, i think isc and isc staff are very well intentioned and do a lot
of good work for the community. i have doubts about isc's business
model, but definitely not that it makes too much money or is greedy.
maybe a bit too much layer ten for my taste. and i run and appreciate
the software.
Dear all,
We are AS21219 - PJSC Datagroup and owner of 5.1.0.0/19 block. Our customers
have no access to some part of Internet if they use these IPs.
Could you please update your bogon filters to permit this range.
Thanks.
--
Best regards,
Evgeniy Aikashev
network engineer
PJSC DATAGROUP
On 5/28/2012 11:52 AM, Randy Bush wrote:
... maybe a bit too much layer ten for my taste. ...
on that, we're trying to improve. for example, we used to forego
features that some of us found repugnant, such as nxdomain remapping /
ad insertion. since the result was that our software was less
On Mon, May 28, 2012 at 6:32 AM, paul vixie vi...@isc.org wrote:
i'm paying more attention to the quoting this time, too.
On Wed, May 23, 2012 at 04:33:28PM -0400, Christopher Morrow wrote:
On Wed, May 23, 2012 at 1:40 AM, bmanning at vacation.karoshi.com wrote:
Paul will be there to turn
Greetings everyone!
One small concern I wanted to discuss here. I know few registry/registrars
which do not accept both (or all) name servers of domain name on same
subnet. They demand at least 1 DNS server should be on different subnet for
failover reasons (old thoughts).
How one can deal with
Anurag,
On May 28, 2012, at 11:51 AM, Anurag Bhatia wrote:
I know few registry/registrars
which do not accept both (or all) name servers of domain name on same
subnet. They demand at least 1 DNS server should be on different subnet for
failover reasons (old thoughts).
IMHO appropriately so.
Anurag Bhatia m...@anuragbhatia.com wrote:
One small concern I wanted to discuss here. I know few
registry/registrars which do not accept both (or all) name servers of
domain name on same subnet. They demand at least 1 DNS server should be
on different subnet for failover reasons (old
On Tue, May 29, 2012 at 12:50 AM, Tony Finch d...@dotat.at wrote:
Anurag Bhatia m...@anuragbhatia.com wrote:
One small concern I wanted to discuss here. I know few
registry/registrars which do not accept both (or all) name servers of
domain name on same subnet. They demand at least 1 DNS
On Tue, May 29, 2012 at 12:21:10AM +0530,
Anurag Bhatia m...@anuragbhatia.com wrote
a message of 28 lines which said:
I know few registry/registrars which do not accept both (or all)
name servers of domain name on same subnet.
Since my employer is one of these registries, let me mention
On May 28, 2012, at 15:24 , Anurag Bhatia wrote:
On Tue, May 29, 2012 at 12:50 AM, Tony Finch d...@dotat.at wrote:
Anurag Bhatia m...@anuragbhatia.com wrote:
One small concern I wanted to discuss here. I know few
registry/registrars which do not accept both (or all) name servers of
domain
On Tue, May 29, 2012 at 1:07 AM, Patrick W. Gilmore patr...@ianai.netwrote:
On May 28, 2012, at 15:24 , Anurag Bhatia wrote:
On Tue, May 29, 2012 at 12:50 AM, Tony Finch d...@dotat.at wrote:
Anurag Bhatia m...@anuragbhatia.com wrote:
One small concern I wanted to discuss here. I know few
- Original Message -
From: paul vixie vi...@isc.org
On 5/28/2012 11:52 AM, Randy Bush wrote:
... maybe a bit too much layer ten for my taste. ...
on that, we're trying to improve. for example, we used to forego
features that some of us found repugnant, such as nxdomain remapping /
[Dnschanger substitute server operations]
One thing is clear, Paul is able to tell a great story.
PR for ISC is somewhat limited, it's often attributed to the FBI:
| The effort, scheduled to begin this afternoon, is designed to let
| those people know that their Internet connections will stop
It's past given that large entities that can forge the use of BIND; at that
point, engineering aside, Paul's point that the market and code have spoken is
hard to deny.
Sucks when it works against us...
George William Herbert
Sent from my iPhone
On May 28, 2012, at 12:52, Jay Ashworth
more threads from the crypt as i catch up to 6000 missed nanog posts.
Dobbins, Roland rdobb...@arbor.net writes:
On Apr 28, 2012, at 5:17 PM, Saku Ytti wrote:
People might scared to rely on DNS on accepting routes, but is this
really an issue?
Yes, recursive dependencies are an issue. I'm
I am building redundancy within that setup. I mean it will be software
based BGP so if hardware if fried up, it will break BGP session and pull
off routes anyway and for cases like DNS server (software) failure, I will
monitor it via simple bash script which can turn bgp daemon down. So once
Q
--Message d'origine--
De : Randy Bush
À : Anurag Bhatia
Cc : NANOG Mailing List
Objet : Re: DNS anycasting - multiple DNS servers on same subnet Vs
registrar/registry policies
Envoyé : 28 mai, 2012 17:03
I am building redundancy within that setup. I mean it will be software
based BGP
(all caught up after this.)
Jay Ashworth j...@baylink.com writes:
- Original Message -
From: paul vixie vi...@isc.org
On 5/28/2012 11:52 AM, Randy Bush wrote:
... maybe a bit too much layer ten for my taste. ...
on that, we're trying to improve. for example, we used to forego
maxlarson.he...@transversal.ht wrote:
Q
--Message d'origine--
De : Randy Bush
À : Anurag Bhatia
Cc : NANOG Mailing List
Objet : Re: DNS anycasting - multiple DNS servers on same subnet Vs
registrar/registry policies
Envoyé : 28 mai, 2012 17:03
...
Envoyé par mon BlackBerry de
On 5/28/12 6:31 AM, Evgeniy Aikashev wrote:
Dear all,
We are AS21219 - PJSC Datagroup and owner of 5.1.0.0/19 block. Our customers
have no access to some part of Internet if they use these IPs.
Could you please update your bogon filters to permit this range.
Do you have a test IP address
off topic.
I have to do a better job to prevent my 5 year old daughter from
touching my phone :)
-M
On Mon, May 28, 2012 at 4:17 PM, Randy Bush ra...@psg.com wrote:
maxlarson.he...@transversal.ht wrote:
Q
--Message d'origine--
De : Randy Bush
À : Anurag Bhatia
Cc : NANOG Mailing
On May 28, 2012, at 1:59 PM, Paul Vixie wrote:
third, rsync's dependencies on routing (as in the RPKI+ROA case) are not
circular (which i think was david conrad's point but i'll drag it to here.)
Nope. My point was that anything that uses the Internet to fetch the data
(including rsync) has a
On Mon, May 28, 2012 at 04:31:34PM +0300, Evgeniy Aikashev wrote:
We are AS21219 - PJSC Datagroup and owner of 5.1.0.0/19 block. Our
customers have no access to some part of Internet if they use these IPs.
Could you please update your bogon filters to permit this range.
You're probably going
On May 28, 2012, at 2:45 PM, Matthew Palmer wrote:
On Mon, May 28, 2012 at 04:31:34PM +0300, Evgeniy Aikashev wrote:
We are AS21219 - PJSC Datagroup and owner of 5.1.0.0/19 block. Our
customers have no access to some part of Internet if they use these IPs.
Could you please update your bogon
On 5/28/2012 9:42 PM, David Conrad wrote:
On May 28, 2012, at 1:59 PM, Paul Vixie wrote:
third, rsync's dependencies on routing (as in the RPKI+ROA case) are not
circular (which i think was david conrad's point but i'll drag it to here.)
Nope. My point was that anything that uses the Internet
While I still don't agree it's fair, that arrangement seems limited to
the viewing of the Xfinity TV application via XBOX for subscribers who
have both an internet and cable TV package via Comcast and not XBOX in
general. None the less, the cap is 250gb at the moment, and only
applies to
On 27.05.2012 22:27, Nabil Sharma wrote:
NANOG List,
I am developing streaming video service, and seek your feedback... I
would like to pay Comcast forward so that accessing our site does not
count against user's bandwidth caps, similar to the arrangement made
with
Microsoft Xbox.
- Original Message -
From: Paul Vixie vi...@isc.org
*Now*, you see, we no longer have a canonical Good Engineering
Example to
which we can point when yelling at people (and software vendors)
which
*do* permit that, to say see? You shouldn't be doing that; it's
bad.
The
PC:
Thank you for the reply. We will not encourage customers to disconnect cable
TV service, think of it more like an add-on.
I generate http test stream with DSCP code point 5 to match the Xbox service,
however Comcast is rewriting the packets as CS 1, even when serving out a
server at Soft
On Mon, May 28, 2012 at 09:32:29PM +0200, Stephane Bortzmeyer wrote:
On Tue, May 29, 2012 at 12:21:10AM +0530,
Anurag Bhatia m...@anuragbhatia.com wrote
a message of 28 lines which said:
I know few registry/registrars which do not accept both (or all)
name servers of domain name on
On 5/28/12, Paul Vixie vi...@isc.org wrote:
[snip]
if i thought there was even one isp anywhere who wanted to use nxdomain
remapping but didn't because bind didn't have that feature, i'd be ready to
argue the point. but all isc did by not supporting this feature was force
Maybe they would
The code is DNSSEC aware, it doesn't perform redirection if the
client can detect that redirection has occured. So sign your zones
and use a validating client (or just one that sets DO=1).
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
On May 29, 2012, at 01:56 , Brett Frankenberger wrote:
On Mon, May 28, 2012 at 09:32:29PM +0200, Stephane Bortzmeyer wrote:
On Tue, May 29, 2012 at 12:21:10AM +0530,
Anurag Bhatia m...@anuragbhatia.com wrote
a message of 28 lines which said:
I know few registry/registrars which do not
In message 1564718.6360.1338247007903.javamail.r...@benjamin.baylink.com, Jay
Ashworth writes:
- Original Message -
From: Paul Vixie vi...@isc.org
*Now*, you see, we no longer have a canonical Good Engineering
Example to
which we can point when yelling at people (and
In message 5ebc0868-05d2-435e-a671-e957af72f...@one.com, Mikkel Mondrup Krist
ensen writes:
On May 29, 2012, at 01:56 , Brett Frankenberger wrote:
On Mon, May 28, 2012 at 09:32:29PM +0200, Stephane Bortzmeyer wrote:
On Tue, May 29, 2012 at 12:21:10AM +0530,
Anurag Bhatia
- Original Message -
From: Mark Andrews ma...@isc.org
[ vix: ]
meanwhile isc continues to push for ubiquitous dnssec, through to
the stub,
to take this issue off the table for all people and all time.
(that's the
real fix for nxdomain remapping.)
You really believe
Jay Ashworth writes:
please do not feed the troll
When your browers supports DANE
and a billion home nats support dnssec :(
randy
On 5/28/12, David Conrad d...@virtualized.org wrote:
On May 28, 2012, at 11:51 AM, Anurag Bhatia wrote:
I know few registry/registrars
which do not accept both (or all) name servers of domain name on same
subnet. They demand at least 1 DNS server should be on different subnet for
failover
On 5/28/12, Mark Andrews ma...@isc.org wrote:
Until stub resolvers set DO=1 pretty much ubiquitously this won't
be a problem for ISP's that want to do nxdomain redirection. There
Yeah.
Right now current _server_ implementations don't even have it right,
for properly implementing
Folks,
* We've published a new IETF I-D entitled DHCPv6-Shield: Protecting
Against Rogue DHCPv6 Servers, which is meant to provide RA-Guard-like
protection against rogue DHCPv6 servers. The I-D is available at:
http://tools.ietf.org/id/draft-gont-opsec-dhcpv6-shield-00.txt
Other IPv6 security
In message 23491623.6382.1338256344974.javamail.r...@benjamin.baylink.com,
Jay Ashworth writ
es:
- Original Message -
From: Mark Andrews ma...@isc.org
[ vix: ]
meanwhile isc continues to push for ubiquitous dnssec, through to
the stub,
to take this issue off the table
In message CAAAwwbWRGcGcxhJ7G4XcFTr=6q--eowkbgnoqhwba1o0bb+...@mail.gmail.com
, Jimmy Hess writes:
On 5/28/12, Mark Andrews ma...@isc.org wrote:
Until stub resolvers set DO=1 pretty much ubiquitously this won't
be a problem for ISP's that want to do nxdomain redirection. There
43 matches
Mail list logo
