* Marty Strong via NANOG
> Routing from ~150 locations, plenty of redundancy.
Any plans to support NSID and/or "hostname.bind" to allow clients to
identify which node is serving their requests? For example:
$ dig @nsb.dnsnode.net. hostname.bind. CH TXT +nsid
[...]
;; OPT
On 03/04/2018 01:39, Matt Hoppes wrote:
You might be interested in these links which compare the services:
https://medium.com/@nykolas.z/dns-resolvers-performance-compared-cloudflare-x-google-x-quad9-x-opendns-149e803734e5
https://webxtrakt.com/public-dns-performance
-Hank
> So in all this
> On Apr 2, 2018, at 7:24 PM, Robert Mathews (OSIA) wrote:
> *Group Co-founded by City of London Police promises 'no snooping on your
> requests’*
Note that this is _extremely_ misleading, since the group being referred to
here is _not_ Quad9, but instead GCA, one of the
On 4/2/18 7:43 PM, J Crowe wrote:
That database could possibly be ingested and used locally. Traffic may
not even be traversing to the database hosted by IBM.
At least they are open about where they are getting the data that allows
for blocking to certain FQDNs.
Even if it does traverse
On 4/2/18 7:24 PM, Robert Mathews (OSIA) wrote:
To be clear.
*DNS resolver 9.9.9.9 will check requests against IBM threat database*
To be clear on what? That an IBM database is queried, just like it says
on their website? That doesn't mean they are recording who is making
what
To be clear.
*DNS resolver 9.9.9.9 will check requests against IBM threat database*
*Group Co-founded by City of London Police promises 'no snooping on your
requests'*
By Richard Chirgwin
20 Nov 2017 at 06:58
The Register (UK)
I’ve been doing dual stack through Fortinet products for many years without
issue. Well, no issue from a technical perspective. Sometimes you have to dig
for a bit to find the equivalent v6 CLI commands, and occasionally there’s GUI
stuff missing that requires CLI where the v4 equivalent
On 4/2/18 5:10 PM, Mark Andrews wrote:
On 3 Apr 2018, at 1:39 am, Seth Mattinen wrote:
On 4/2/18 8:35 AM, Simon Lockhart wrote:
This looks like a willy-waving exercise by Cloudflare coming up with the lowest
quad-digit IP. They must have known that this would cause routing
> On 3 Apr 2018, at 1:39 am, Seth Mattinen wrote:
>
> On 4/2/18 8:35 AM, Simon Lockhart wrote:
>> This looks like a willy-waving exercise by Cloudflare coming up with the
>> lowest
>> quad-digit IP. They must have known that this would cause routing issues, and
>> now
On Mon, Apr 2, 2018 at 4:32 PM, Marty Strong wrote:
> Do you have one?
>
Yes, supplied by local broadband provider Vivo. FTTH GPON connection,
router with broadband and IPTV services.
> Do you know what is causing it to fail? i.e. IP on internal interface etc.
>
All,
At security and network tradeshows over the last 15 years, I have asked
companies if their products supported "IPv6". They all claimed they did,
but were unable to verify any successful installations. Later they told me
it was on their "Roadmap" but were unable to provide an estimated year,
So in all this discussion, what I'm finding interesting is that 8.8.8.8
is actually more hops away from me than either 9.9.9.9 or 1.1.1.1
On 4/2/18 6:06 PM, Seth Mattinen wrote:
On 4/2/18 14:58, Marty Strong via NANOG wrote:
Routing from ~150 locations, plenty of redundancy.
> On Apr 2, 2018, at 4:36 PM, Anurag Bhatia wrote:
>
> Hello everyone,
>
> Anyone using whoami.akamai.net?
Thanks, our team is investigating this at present. I don’t have an ETR at the
moment.
- Jared
On 4/2/18 14:58, Marty Strong via NANOG wrote:
Routing from ~150 locations, plenty of redundancy.
https://www.cloudflare.com/network/
I recommend 9.9.9.9 to people (if they must use a public resolver)
because Quad9/PCH serves local markets of all sizes with anycast nodes
and peering, not
Routing from ~150 locations, plenty of redundancy.
https://www.cloudflare.com/network/
Regards,
Marty Strong
--
Cloudflare - AS13335
Network Engineer
ma...@cloudflare.com
+44 7584 906 055
smartflare (Skype)
https://www.peeringdb.com/asn/13335
> On 2 Apr
On 4/2/2018 3:23 PM, Mike Hammett wrote:
I believe at one point UBNT did block outside management access, but then their
customers voiced to bring it back.
That said, I think they're taking security more seriously going forward.
I'm not entirely sure what Ubnt has changed lately, because
* Hank Nussbacher:
> Perhaps they are running all this to shake out exactly these type of
> issues? I think that is exactly why APNIC research is called for.
And return another 2**24 addresses to the global IPv4 pool eventually?
That would indeed be a loadable goal.
I believe at one point UBNT did block outside management access, but then their
customers voiced to bring it back.
That said, I think they're taking security more seriously going forward.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
On 4/2/2018 9:35 AM, Simon Lockhart wrote:
Quite.
This looks like a willy-waving exercise by Cloudflare coming up with the lowest
quad-digit IP. They must have known that this would cause routing issues, and
now suddenly it's our responsibility to make significant changes to live
Hello everyone,
Anyone using whoami.akamai.net? I have used it quite a while especially
with large anycast players because they tend to have customer facing
(anycast) IPs and internet facing unicast IPs to reach to outside world.
Thus for say 8.8.8.8 while query may be local to my country
On Mon, Apr 2, 2018 at 8:14 PM, Saku Ytti wrote:
> If they are for redundancy, wouldn't it be preferable to route them to
> different place to cover more fault scenarios.
>
> I would complain if they are routed to same place.
Better start complaining then :-)
Kind regards,
Job
If they are for redundancy, wouldn't it be preferable to route them to
different place to cover more fault scenarios.
I would complain if they are routed to same place.
On 2 April 2018 at 22:56, Colin Johnston wrote:
> dont know if this is a problem but seeing different
dont know if this is a problem but seeing different as paths for 1.0.0.1 and
1.1.1.1 in UK as lands
2 185.61.135.25 (185.61.135.25) 1.964 ms 72.824 ms 72.835 ms
3 10.254.84.3 (10.254.84.3) 2.671 ms 2.577 ms 2.601 ms
4 31.28.72.22 (31.28.72.22) 2.798 ms 2.897 ms 3.123 ms
5 * * *
Do you have one?
Do you know what is causing it to fail? i.e. IP on internal interface etc.
Regards,
Marty Strong
--
Cloudflare - AS13335
Network Engineer
ma...@cloudflare.com
+44 7584 906 055
smartflare (Skype)
https://www.peeringdb.com/asn/13335
> On 2 Apr
Because it would be wasteful not to use it???
> On Apr 2, 2018, at 11:48, Brett Watson wrote:
>
>
>
>> On Apr 2, 2018, at 10:18, John Levine wrote:
>>
>> In article <7db5fac7-972a-4eb6-89d9-b305a7233...@cloudflare.com> you write:
>>> If you know of
> On Apr 2, 2018, at 10:18, John Levine wrote:
>
> In article <7db5fac7-972a-4eb6-89d9-b305a7233...@cloudflare.com> you write:
>> If you know of others please send them my way so we can investigate.
>
> A lot of hotel and coffee shop captive portals use it for the login
> and
D-Link DMG-6661 as well.
Rubens
On Mon, Apr 2, 2018 at 12:26 PM, Marty Strong via NANOG
wrote:
> So far we know about a few CPEs which answer for 1.1.1.1 themselves:
>
> - Pace 5268
> - Calix GigaCenter
> - Various Cisco Wifi access points
>
> If you know of others please
On 4/2/18 10:49, David Conrad wrote:
Wait. What?
Why do you think 1/8 shouldn’t be used for anything?
I didn't say that.
In case this is a non-native English issue, "nobody should have been
using" is past tense, which is to say everyone squatting on 1/8 space
for their own purposes
Wait. What?
Why do you think 1/8 shouldn’t be used for anything?
Regards,
-drc
--
> On Monday, Apr 02, 2018 at 11:40 AM, Seth Mattinen (mailto:se...@rollernet.us)> wrote:
> On 4/2/18 8:35 AM, Simon Lockhart wrote:
> >
> > This looks like a willy-waving exercise by
In article <7db5fac7-972a-4eb6-89d9-b305a7233...@cloudflare.com> you write:
>If you know of others please send them my way so we can investigate.
A lot of hotel and coffee shop captive portals use it for the login
and logout screens. Don't know what the underlying software is, but
wander around
thats probably a key part of the experiment - to find locations and
systems where 1.1.1.1 is trashed.
it should be routable and its about time that vendors stopped messing
around in that space - hopefully this is
one of the sticks that prods people to start to behave - at which
point 1.0.0.0/8
Hi,
I actually got that value from curl (on Mac) so who knows.
It's certainly possible that it's generated on-the-fly and curl just
shows garbage info.
Regards,
--
Filip Hruska
Linux System Administrator
Dne 4/2/18 v 18:59 Tarko Tikan napsal(a):
hey,
How did you actually create the .txt
hey,
How did you actually create the .txt file? Is the filesize spoofed in
some way?
8191PB is a lot of storage.
Probably just handcrafted index.html with fake file size and CGI script
that outputs the actual prefixes on-demand?
--
tarko
Filip Hruska wrote:
> How did you actually create the .txt file? Is the filesize spoofed in
> some way?
> 8191PB is a lot of storage.
Probably a giant RAID in the attic. Disk space is very cheap these days.
Anyway, txt files are old hat for ip address management. Job should be
using Excel like
Well played.
How did you actually create the .txt file? Is the filesize spoofed in
some way?
8191PB is a lot of storage.
--
Filip Hruska
Linux System Administrator
Dne 4/1/18 v 13:09 Job Snijders napsal(a):
Hi all,
I made a list of the IPv6 addresses in my home LAN, but have trouble
On 02/04/2018 18:35, Simon Lockhart wrote:
> On Mon Apr 02, 2018 at 11:17:47AM -0400, John Levine wrote:
>> So it's routed deliberately but it sure looks like an experiment.
>> There's way too much equipment that treats 1.1.1.1 as magic for it to
>> work reliably. Captive portals tend to use that
We use PHPIPAM for our clients
If given the choice Netflix traffic prefers IPV6. That is the “killer app” for
me.
Justin Wilson
j...@mtin.net
www.mtin.net
www.midwest-ix.com
> On Apr 1, 2018, at 2:35 PM, Pete Baldwin wrote:
>
> Each file can only contain a single IP
> On Apr 2, 2018, at 11:35 AM, Simon Lockhart wrote:
>
> …
> This looks like a willy-waving exercise by Cloudflare coming up with the
> lowest
> quad-digit IP. They must have known that this would cause routing issues, and
> now suddenly it's our responsibility to make
This looks like a willy-waving exercise by Cloudflare coming up with the lowest
quad-digit IP. They must have known that this would cause routing issues, and
now suddenly it's our responsibility to make significant changes to live
infrastructures just so they can continue to look clever with the
On Mon, Apr 2, 2018, at 8:35 AM, Simon Lockhart wrote:
> quad-digit IP. They must have known that this would cause routing issues, and
> now suddenly it's our responsibility to make significant changes to live
> infrastructures just so they can continue to look clever with the IP address.
In this
On 4/2/18 8:35 AM, Simon Lockhart wrote:
This looks like a willy-waving exercise by Cloudflare coming up with the lowest
quad-digit IP. They must have known that this would cause routing issues, and
now suddenly it's our responsibility to make significant changes to live
infrastructures just so
On Mon Apr 02, 2018 at 11:17:47AM -0400, John Levine wrote:
> So it's routed deliberately but it sure looks like an experiment.
> There's way too much equipment that treats 1.1.1.1 as magic for it to
> work reliably. Captive portals tend to use that address for the host
> you contact to log out.
“Routed briefly for passive testing” sounds to me like “black hole it because
legitimate traffic shouldn’t be coming to your network from it”
> On Apr 2, 2018, at 11:23, Jason Kuehl wrote:
>
> Not saying you're wrong. But people did it for whatever reason.
>
>> On
So far we know about a few CPEs which answer for 1.1.1.1 themselves:
- Pace 5268
- Calix GigaCenter
- Various Cisco Wifi access points
If you know of others please send them my way so we can investigate.
Regards,
Marty Strong
--
Cloudflare - AS13335
Network
Not saying you're wrong. But people did it for whatever reason.
On Mon, Apr 2, 2018 at 11:12 AM, Justin Wilson wrote:
> 1.0.0.0/8 was assigned to APNIC in 2010. Those who used it as a
> placeholder were doing it wrong. It is valid IP space. It just was not
> assigned until
In article <20180402150821.ga24...@cmadams.net> you write:
>Once upon a time, Matt Hoppes said:
>> Seeing as how 1.1.1.1 isn’t suppose to be routed
>
>[citation needed]
Look at the WHOIS info -- 1.1.1.0/24 is assigned to APNIC Research, and it says
remarks:
Just like "S3 dependency check day" Thus begins "National 1.1.1.1 change
week" I've already around a few peaces of equipment sets with 1.1.1.1
On Mon, Apr 2, 2018 at 11:05 AM, Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:
> Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not
1.0.0.0/8 was assigned to APNIC in 2010. Those who used it as a placeholder
were doing it wrong. It is valid IP space. It just was not assigned until 2010.
Justin Wilson
j...@mtin.net
www.mtin.net
www.midwest-ix.com
> On Apr 2, 2018, at 11:05 AM, Matt Hoppes
That sounds like a provider problem with their configuration most likely. I run
hundreds of 844E, 844Gs and have one at my house even, and it continues out
fine for 1.1.1.1 when I was testing over the weekend with our config.
Chris Gross
IP Services Supervisor
-Original Message-
From:
Once upon a time, Matt Hoppes said:
> Seeing as how 1.1.1.1 isn’t suppose to be routed
[citation needed]
--
Chris Adams
Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not surprised this is
causing odd issues.
> On Apr 2, 2018, at 11:03, Darin Steffl wrote:
>
> I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my router
> and not any further. When I enter the IP
I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my router
and not any further. When I enter the IP into my browser, it opens the
login page for my router. So it appears 1.1.1.1 is used as a loopback in my
Calix router.
1.0.0.1 goes to the proper place fine.
On Sun, Apr 1, 2018
ebersman> And yes, running your own resolver is more private. So is
ebersman> running your own home linux server instead of antique consumer
ebersman> OSs on consumer grade gear and using VPNs. But how many folks
ebersman> can do that?
ssatchell>
ssatchell> I gave up on Microsoft desktop
> On 2 Apr 2018, at 10:32, William Waites wrote:
>
>
>
>> On 2 Apr 2018, at 02:57, Aftab Siddiqui wrote:
>>
>> Here is the update from Geoff himself. I guess they didn't want to publish
>> it on April 1st (AEST).
>>
Greetings,
If anyone at 7018 wants to pass a message along to the correct folks,
please let them know that Cloudflare's new public DNS service (1.1.1.1)
is completely unusable for at least some of AT's customers.
There is apparently a bug with some CPE (including the 5268AC). From
behind such
Can a Comcast engineer please contact me off-list.
der...@gmail.com
We are seeing some unusual behavior with one prefix that looks like it's
stopping in the Comcast network.
Thanks!
Derrick
Dear Job,
> In cases where you have both 'normal' and 'bulk' content on the same
webserver, are there any webservers that allow you to set a DSCP value per
path or filename?
please check http://techgenix.com/qos-windows-server-2012-part3/
You can assign DSCP per (outgoing) URL on Windows
NANOGers -
ARIN operates the number registry according to community-developed
policies, but ultimately such policies are shaped by the folks in this
community who choose to participate in their development.
There are several significant policy proposals that will be considered at
> On 2 Apr 2018, at 02:57, Aftab Siddiqui wrote:
>
> Here is the update from Geoff himself. I guess they didn't want to publish
> it on April 1st (AEST).
> https://blog.apnic.net/2018/04/02/apnic-labs-enters-into-a-research-agreement-with-cloudflare/
The research
On Mon, Apr 02, 2018 at 09:07:07AM +, Baldur Norddahl wrote:
> The problem I see here is the five year research term after which they may
> or may not revoke the use of the prefix.
>
> This is harmful. Such services should be stable. If you are going to let
> cloudflare run this service, it
The problem I see here is the five year research term after which they may
or may not revoke the use of the prefix.
This is harmful. Such services should be stable. If you are going to let
cloudflare run this service, it should be permanent.
Regards
Baldur
Den man. 2. apr. 2018 03.57 skrev
61 matches
Mail list logo