Re: This DNS over HTTP thing

2019-09-30 Thread Matt Corallo 
It was mentioned in this (partially related) thread, with all the responses 
being the predictable “lol these folks in Silicon Valley need to lay off the 
drugs”.

https://mailman.nanog.org/pipermail/nanog/2019-September/103059.html

Matt

> On Sep 30, 2019, at 19:25, Jay R. Ashworth  wrote:
> 
> I've been embroiled in my first house-move in 28 years, and just got back
> to the table.  I don't see any threads here about whatever this thing-which-
> appears-to-me-to-be-a-monstrosity; has it been discussed here and I missed it?
> 
> Is there an official name for it I should be searching for?
> 
> Is it in fact not a monstrosity, and I'm just not smart enough?  :-)
> 
> Cheers,
> -- jra
> 
> -- 
> Jay R. Ashworth  Baylink   
> j...@baylink.com
> Designer The Things I Think   RFC 2100
> Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: This DNS over HTTP thing

2019-09-30 Thread Brandon Martin 

On 9/30/19 10:25 PM, Jay R. Ashworth wrote:

Is there an official name for it I should be searching for?


Aside from "DoH" (smacks Homer's head), you might find searching for the 
Mozilla (et. al.) "canary domain" useful.


It's use-application-dns.net.  NXDOMAIN it, and Mozilla (at least) will 
go back to using your local DNS server list as per usual.

--
Brandon Martin

Re: This DNS over HTTP thing

2019-09-30 Thread Fred Baker 
On Sep 30, 2019, at 10:25 PM, Jay R. Ashworth  wrote:
> Is there an official name for it I should be searching for?

The IETF calls it "DoH", pronounced like "Dough". 
https://datatracker.ietf.org/wg/doh/about/

There are a number of such services from Google, Amazon, and others. Firefox 
and Chrome now reportedly use it unless you tell them not to. It is also in use 
by at least one botnet, per reports.

https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/
https://www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/

One thing that bothers me about the Google implementation is that they 
apparently download the IANA zone and, in effect, operate as an informal root 
server. Not that I am protective of the root per se, but the root operators 
operate by an ethos described in RSSAC001 
(https://www.icann.org/en/system/files/files/rssac-001-root-service-expectations-04dec15-en.pdf.).
 If Google wants to promote itself into those ranks, I would expect it to 
shoulder the ethos and responsibility implied. The articles I pointed to above 
would suggest that it does not.

Friendly contact at Comcast about possible RF leaks

2019-09-30 Thread Brandon Martin 
Anyone know a friendly contact at Comcast regarding possible RF leaks on 
their HFC plant?  I'm not a Comcast customer, so I can't get in via 
front line support (not that it would probably do me much good, anyway), 
and I'm not looking to lodge a formal complaint or anything.  I just 
want to give a heads-up about some issues I've noticed locally that 
haven't been addressed for a while and hopefully let things get addressed.


I'm in Central Indiana, if anyone wants to try to route me directly to 
the right people.  A general contact is fine, too.

--
Brandon Martin

This DNS over HTTP thing

2019-09-30 Thread Jay R. Ashworth 
I've been embroiled in my first house-move in 28 years, and just got back
to the table.  I don't see any threads here about whatever this thing-which-
appears-to-me-to-be-a-monstrosity; has it been discussed here and I missed it?

Is there an official name for it I should be searching for?

Is it in fact not a monstrosity, and I'm just not smart enough?  :-)

Cheers,
-- jra

-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: Cisco Metro Ethernet Switching

2019-09-30 Thread Erik Sundberg 
You can get ASR920's with only a layer 2 license, or you can opt for the 
advanced L3 license to BGP\MPLS, this would enable EoMPLS  Tunnels.

The NCS520 is designed only to be a NID, there are a lot of limitations on this 
device. You need to read the configuration guide to see the limitations.  I 
have one on my desk.

The NCS540 is the next model up from the ASR920.

I think ASR924 is the way to go.

Erik





From: NANOG  on behalf of Bogle, Nick 

Sent: Sunday, September 29, 2019 10:45 PM
To: nanog@nanog.org 
Subject: Cisco Metro Ethernet Switching

Hey there!

I'm currently working on a project which entails refreshing a few EoL switches 
that sit on a Metro Ethernet fiber ring that we own acting as essentially a PE 
handoff. It's primarily just a Layer 2 ring with mostly ME3400E switches. We 
are not in a place to convert the entire ring to our standard Nokia SAR 
platform, and just wanted to bring all of our sites to standard on the ME3400E 
platform for consistency (have four switches on the ring that are currently 
3560G's and don't support the needed QoS/CoS). As the ME3400E is currently End 
of Sale, what would you guys recommend as far as a replacement? I am leaning 
towards the ASR920's (affordable, seems like a solid proven platform, future 
flexibility), or the NCS 520 (Ciscos recommended replacement), but neither of 
them seem like appropriate replacements for a simple Layer 2 switching platform 
with just the need for decent QoS and CoS capabilities. No Layer 3, MPLS, or 
10G+ is required. 12 1G SFP ports is about all we need.

Let me know your thoughts -- haven't payed much attention to the Cisco service 
provider space as of late.

Thank you!

Nick Bogle
Network Engineer

 [signature] 

1411 E Mission Ave. MSC-40
Spokane WA 99202
P 509-495-8525
C 509-220-5763
www.avistacorp.com


CONFIDENTIALITY NOTICE: The contents of this email message and any attachments 
are intended solely for the addressee(s) and may contain confidential and/or 
privileged information and may be legally protected from disclosure. If you are 
not the intended recipient of this message or an agent of the intended 
recipient, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and 
any attachments.



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

Cisco Metro Ethernet Switching

2019-09-30 Thread Bogle, Nick 
Hey there!

I'm currently working on a project which entails refreshing a few EoL switches 
that sit on a Metro Ethernet fiber ring that we own acting as essentially a PE 
handoff. It's primarily just a Layer 2 ring with mostly ME3400E switches. We 
are not in a place to convert the entire ring to our standard Nokia SAR 
platform, and just wanted to bring all of our sites to standard on the ME3400E 
platform for consistency (have four switches on the ring that are currently 
3560G's and don't support the needed QoS/CoS). As the ME3400E is currently End 
of Sale, what would you guys recommend as far as a replacement? I am leaning 
towards the ASR920's (affordable, seems like a solid proven platform, future 
flexibility), or the NCS 520 (Ciscos recommended replacement), but neither of 
them seem like appropriate replacements for a simple Layer 2 switching platform 
with just the need for decent QoS and CoS capabilities. No Layer 3, MPLS, or 
10G+ is required. 12 1G SFP ports is about all we need.

Let me know your thoughts -- haven't payed much attention to the Cisco service 
provider space as of late.

Thank you!

Nick Bogle
Network Engineer

 [signature] 

1411 E Mission Ave. MSC-40
Spokane WA 99202
P 509-495-8525
C 509-220-5763
www.avistacorp.com


CONFIDENTIALITY NOTICE: The contents of this email message and any attachments 
are intended solely for the addressee(s) and may contain confidential and/or 
privileged information and may be legally protected from disclosure. If you are 
not the intended recipient of this message or an agent of the intended 
recipient, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and 
any attachments.