Re: Help with removing DNS shinkhole FP from Charter/Spectrum

[John Levine]

It appears that William Herrin  said:
>On Sun, Apr 21, 2024 at 6:21 PM Validin Axon  wrote:
>> Looking for some help/advice. Spectrum is sinkholing my company's domain, 
>> validin[.]com, to 127.0.0.54.
>
>Howdy,
>
>If you can't reach a technical POC, use the legal one. Your lawyer can
>find the appropriate recipient and write a cease-and-desist letter for
>you. After that, it's -their- lawyer's problem to track down the
>correct technical people.

No, that is terrible advice.  In the immortal acronym of Laura Atkins, TWSD.

The only response to a letter like that is "we run our network to
serve our customers and manage it the way we think is best" and you
know what, they're right. It is absolutely legal to block traffic you
think is malicious, even if you are wrong, and there is case law.

Having said that, I suspect the least bad alternative if you can't
find an out of band contact is to get some of the Spectrum customers
who can't reach you to complain. They're customers, you aren't.

R's,
John

Anyone got a contact at OpenAI. They have a spider problem.

[John Levine]

As I think I have mentioned before, I have the world's lamest content farm
at https://www.web.sp.am/.  Click on a link or two and you'll get the idea.

Unfortunately, GPTBot has found it and has not gotten the idea. It has
fetched over 3 million pages today. Before someone tells me to fix my
robots.txt, this is a content farm so rather than being one web site
with 6,859,000,000 pages, it is 6,859,000,000 web sites each with one
page. Of those 3 million page fetches, 1.8 million were for robots.txt.

It's not like it's hard to figure out what's going on since the pages
all look nearly the same, and they're all on the same IP address with
the same wildcard SSL certificate.

Amazon's spider got stuck there a month or two ago but fortunately I was
able to find someone to pass the word and it stopped.  Got any contacts
at OpenAI?

R's,
John

PS: If you were wondering what they're using to train GPT-5, well, now you know.

Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com)

[John Levine]

It appears that Adam Brenner via NANOG  said:
>mail server. Our mail server checks if DKIM email headers are present 
>and if they are, tries to validate them. If the check fails, we reject 
>the message.

MSN's setup is broken but let me strongly reiterate the advice DON'T DO THAT.

If a DKIM signature isn't valid, you ignore it.  If you do anything else,
as you have just discovered, you will be sorry.

R's,
John

Who is security-research.org ?

[John Levine]

I noticed them in my DNS logs, trying to do AXFRs of random zones I host.  The 
probes
are coming from Hetzner, a low-cost German hosting provider with a history of 
tolerating
dodgy customer behavior.

Their website, which is hosted at Vultr, airly assures us it's nothing 
personal, they
scan everyone to make the Internet better, just filter us, but if you insist, 
you can
send objections to n...@m-d.net.

Any idea who they are?  I expect it's more likely that they're self-important 
than
evil. but still, sigh.

R's,
John

Re: DNSSEC & WIldcards

[John Levine]

It appears that Niels Bakker  said:
>* nanog@nanog.org (Dennis Burgess via NANOG) [Fri 15 Mar 2024, 16:26 CET]:
>>So have *.app.linktechs.net that I have been trying to get to work, 
>>we have DNSSEC on this, and its failing, but cannot for the life of 
>>me understand why.  I think it may have something to do with proving 
>>it exists as a wildcard, but any DNSSEC experts want to take a stab 
>>at it ?
>
>There are better mailing lists to ask this question (like 
>dns-operations at dns-oarc.net) but have you checked 
>https://dnsviz.net/d/www.app.linktechs.net/dnssec/ ?

I agree there are better places to ask, but here's a quick
diagnosis: your nameserver is returning the wrong answer.

What kind of server is it? Any modern nameserver should automatically
return the correct DNSSEC stuff for wildcard responses.

R's,
John

Re: registry for onmicrosoft[dot]com

[John Levine]

It appears that Sean Donelan  said:
>
>Microsoft's corporate email systems appear to silently drop email from 
>small domains (like mine). 

It can't be that simple -- I have some tiny domains and correspond with
Microsoft employees all the time.

R's,
John

Re: IPv6 uptake

[John Levine]

It appears that Nick Hilliard  said:
>full control of all modems and they're all relatively recent, properly 
>supported units, fully managed by the cable operator. If you start 
>adding poor quality cheap units into the mix, it can cause service problems.

The cablecos I've dealt with have a list of modems they let you use.
Since you have to give them the modem's serial number so they can
provision it from the head end, they can enforce it. Here's Spectrum's
and Comcast's list:

https://www.spectrum.net/support/internet/compliant-modems-charter-network

https://www.xfinity.com/support/devices/

>Cable modem rent is a political issue.

That too, but if you're somewhat technically competent, your own modem
and router is generally a better deal even if you have to replace the
modem every few years. You can get reasonable modems for $100 on eBay
or at big box closeouts, $150 to $200 otherwise.

Re: IPv6 mail The Reg does 240/4

[John Levine]

It appears that Michael Thomas  said:
>I kind of get the impression that once you get to aggregates at the 
>domain level like DKIM or SPF, addresses as a reputation vehicle don't 
>much figure into decision making.

It definitely does, since there are plenty of IPs that send only
malicious mail, or that shouldn't be sending mail at all. Every large
mail system uses Spamhaus' IP lists as part of their filtering
process. 

I hear that SPF is largely useless these days because most SPF records
include IP ranges for many mail providers, and a lot of those
providers do a poor job of keeping one customer from spoofing mail
from another. DKIM is still quite useful.

K. But what happens under the hood at 
>major mailbox providers is maddeningly opaque so who really knows? It 
>would be nice if MAAWG published a best practices or something like that 
>to outline what is actually happening in live deployments.

Unfortunately, spammers can read just as well as we can so it's not
going to happen.

R's,
John

Re: IPv6 uptake (was: The Reg does 240/4)

[John Levine]

It appears that William Herrin  said:
>Now suppose I have a firewall at 199.33.225.1 with an internal network
>of 192.168.55.0/24. Inside the network on 192.168.55.4 I have a switch
>that accepts telnet connections with a user/password of admin/admin.
>On the firewall, I program it to do NAT translation from
>192.168.55.0/24 to 199.33.225.1 when sending packets outbound, which
>also has the effect of disallowing inbound packets to 192.168.55.0/24
>which are not part of an established connection.

Or you set up port forwarding for some other device but you mistype the
internal address an forward it to the switch.  Or the switch helpfully
uses UPNP to do its own port forwarding and you forget to turn it off.

If you configure your firewall wrong, bad things will happen.  I have both
IPv6 and NAT IPv4 on my network here and I haven't found it particularly
hard to get the config correct for IPv6.

Normally the ISP will give you an IPv6 /56 or larger so you can have
multiple segments behind the router each with a /64 and different
policies for each segment.

Re: The Reg does 240/4

[John Levine]

It appears that Mike Hammett  said:
>-=-=-=-=-=-
>
>" Does any IPv6 enabled ISP provide PTR records for mail servers?" 
>
>
>I think people will conflate doing so at ISP-scale and doing so at residential 
>hobbiyst scale (and everything in between). One would
>expect differences in outcomes of attempting PTR records in DIA vs. broadband. 

Most consumer ISPs block port 25 so rDNS would be the least of your problems 
trying to run a home mail server.

>"How does Google handle mail from an IPv6 server?" 
>
>A few people have posted that it works for them, but unless it has changed 
>recently, per conversations on the mailop mailing list,
>Google does not treat IPv6 and IPv4 mail the same and that causes non-null 
>issues. 

As has been widely reported, Google has recently tightened up authentication 
requirements so
v4 and v6 are now pretty similar.

They won't accept v6 mail that isn't authenticated with SPF or DKIM
but honestly, if you can't figure out how to publish an SPF record you
shouldn't try to run a mail server.

R's,
John

Re: IPv6 uptake (was: The Reg does 240/4)

[John Levine]

It appears that Stephen Satchell  said:
>Several people in NANOG have opined that there are a number of mail 
>servers on the Internet operating with IPv6 addresses.  OK.  I have a 
>mail server, which has been on the Internet for decades.  On IPv4.
>
>For the last four years, every attempt to get a PTR record in ip6.arpa 
>from my ISP has been rejected, usually with a nasty dismissive.

I don't think you'll get much disagreement that AT is not a great ISP.

One straightforward workaround is to get an IPv6 tunnel from
Hurricane. It's free, it works, and they will delegate the rDNS
anywhere you want. My local ISP doesn't do IPv6 at all (they're a
rural phone company who of course say you are the only person who's
ever asked) so until they do, HE is a quite adequate option.

R's,
John

Re: mail and IPv6, not The Reg does 240/4

[John Levine]

It appears that Stephen Satchell  said:
>On 2/14/24 4:23 PM, Tom Samplonius wrote:
>> The best option is what is happening right now:  you can’t get new IPv4
>> addresses, so you have to either buy them, or use IPv6.  The free market
>>   is solving the problem right now.  Another solution isn’t needed.
>
>Really?  How many mail servers are up on IPv6?  How many legacy mail 
>clients can handle IPv6?  How many MTA software packages can handle IPv6 
>today "right out of the box" without specific configuration?

These days most of them.  The popular open source sendmail, postfix,
and exim all do.  The mail programs on my Android phone and iPad do.
Thunderbird does.

>Does any IPv6 enabled ISP provide PTR records for mail servers?

I'm not sure what you're asking. Every IPv6 mail server has rDNS since
otherwise nobody would accept its mail, same as IPv4.

>How does Google handle mail from an IPv6 server?

Assuming it's authenticated with SPF or DKIM, better than IPv4. All
the mail between Gmail and my system runs over IPv6.

A fair amount of mail from Hotmail/Outlook arrives over IPv6 as well
which is surprising since they don't publish  records for their
inbound mail.

R's,
John

Re: The Reg does 240/4

[John Levine]

It appears that William Herrin  said:
>On Wed, Feb 14, 2024 at 9:23 AM Owen DeLong via NANOG  wrote:
>> Think how many more sites could have IPv6 capability already if this wasted 
>> effort had been put into that, instead.
>
>"Zero-sum bias is a cognitive bias towards zero-sum thinking; 

Well, OK, think how many more sites could hav IPv6 if people weren't
wasting time arguing about this nonsense.

R's,
John

Re: Anyone have contacts at the Amazon or OpenAI web spiders?

[John Levine]

It appears that Patrick Clochesy  said:
>Both robots respect robots.txt, of course they’re not going to answer.

The content farm is not one site with six billion pages, it's six billion
sites each with one page.  They check the robots.txt for each site they
visit but by then its's too late.

Most spiders can take the hint that they're all on the same IP.  But not
these two.

R's,
John

>
>On Feb 13, 2024, at 8:35 PM, John Levine  wrote:
>> 
>> One day I set up the world's lamest content farm. You can see it here:
>> 
>> https://www.web.sp.am/
>> 
>> While humans tend not to find its six billion pages very interesting,
>> some web spiders are entranced. In the past week or so, Amazon's
>> amazonbot has visited it 6 million times, and OpenAI's gptbot 2.6
>> million. (If you were wondering what they use to train ChatGPT, now
>> you know.) I don't care that googlebot comes by every 5 or 10 minutes,
>> but gptbot is every few seconds and amazon as fast as the server will
>> respond.
>> 
>> They both come from predictable IPs so I can set packet filters but
>> they're still hammering pretty hard. Each has a URL in the user agent
>> string, Amazon's page has an address to write to but OpenAI's doesn't.
>> I wrote to the Amazon address, no response.
>> 
>> If anyone has contacts at either I would appreciate it. A few years
>> ago the bingbot got trapped but fortunately I knew someone at
>> Microsoft who could pass the word. He reported back that while he
>> could not go into detail, there was a great deal of animated
>> conversation at the other end of the hall, and shortly after that it
>> stopped.
>> 
>> R's,
>> John
>

Anyone have contacts at the Amazon or OpenAI web spiders?

[John Levine]

One day I set up the world's lamest content farm. You can see it here:

https://www.web.sp.am/

While humans tend not to find its six billion pages very interesting,
some web spiders are entranced. In the past week or so, Amazon's
amazonbot has visited it 6 million times, and OpenAI's gptbot 2.6
million. (If you were wondering what they use to train ChatGPT, now
you know.) I don't care that googlebot comes by every 5 or 10 minutes,
but gptbot is every few seconds and amazon as fast as the server will
respond.

They both come from predictable IPs so I can set packet filters but
they're still hammering pretty hard. Each has a URL in the user agent
string, Amazon's page has an address to write to but OpenAI's doesn't.
I wrote to the Amazon address, no response.

If anyone has contacts at either I would appreciate it. A few years
ago the bingbot got trapped but fortunately I knew someone at
Microsoft who could pass the word. He reported back that while he
could not go into detail, there was a great deal of animated
conversation at the other end of the hall, and shortly after that it
stopped.

R's,
John

Re: Enough of The Reg does 240/4

[John Levine]

It appears that Tom Beecher  said:
>> We aren't trying to have a debate on this. All we can do is present our
>> case, explain our reasons and hope that we can gain a consensus from the
>> community.
>
>Respectfully, if you're just putting your case out there and hoping that
>people come around to your position, it's never going to happen.

I think we have once again established that repeating a bad idea over
and over and over does not make it any less bad.

Let's argue about something else, OK?

R's,
John

Re: The Reg does 240/4

[John Levine]

It appears that Lyndon Nerenberg (VE7TFX/VE6BBM)  said:
>And what are they going to do when 240/4 runs out?

That will be a hundred years from now, so who cares?

R's,
John

PS: I know this because it will take 98 years of process before the
RIRs can start allocating it.

Re: Diversity in threading, Diversity of MUAs (was Re: How threading works

[John Levine]

It appears that Peter Potvin via NANOG  
said:
>-=-=-=-=-=-
>
>*audible sigh*
>
>Yet another useless thread added to my Gmail inbox because of a changed
>subject line.
>
>Can we please stop doing this for conversations that are about the same
>topic?

I don't think the rest of us are obliged to arrange our lives around one
mail provider's imperfect heuristics.

If I were you, I would call up Google and demand that they fix this bug.
What do they think you're paying for?  Oh, wait ...

R's,
John

Re: classic mail, was Vint Cerf Re: Backward Compatibility Re: IPv4 address block

[John Levine]

It appears that Randy Bush  said:
>> Some of us still use pine$B!D(B
>
>i thought most pine users had moved to mutt

Some, but pine (now called alpine) is still actively maintained and
does some things better than mutt, particularly if you want to keep
track of multiple inboxes on different servers.

>randy, who uses wanderlust under emacs :)
>

What are these Google IPs hammering on my DNS server?

[John Levine]

At contacts.abuse.net, I have a little stunt DNS server that provides domain 
contact info, e.g.:

$ host -t txt comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net descriptive text "ab...@comcast.net"

$ host -t hinfo comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net host information "lookup" "comcast.net"

Every once in a while someone decides to look up every domain in the
world and DoS'es it until I update my packet filters. This week it's
been this set of IPs that belong to Google. I don't think they're
8.8.8.8. Any idea what they are? Random Google Cloud customers? A
secret DNS mapping project?

 172.253.1.133 
 172.253.206.36 
 172.253.1.130 
 172.253.206.37 
 172.253.13.196 
 172.253.255.36 
 172.253.13.197 
 172.253.1.131 
 172.253.255.35 
 172.253.255.37 
 172.253.1.132 
 172.253.13.193 
 172.253.1.129 
 172.253.255.33 
 172.253.206.35 
 172.253.255.34 
 172.253.206.33 
 172.253.206.34 
 172.253.13.194 
 172.253.13.195 
 172.71.125.63 
 172.71.117.60 
 172.71.133.51 

R's,
John

Re: .US Harbors Prolific Malicious Link Shortening Service

[John Levine]

It appears that Eric Kuhnke  said:
>-=-=-=-=-=-
>
>I've seen a US based ISP do its internal management network reverse DNS
>using '.us' as a suffix, where the hierarchy is like POP name, then
>city/airport code, then state (eg: CA, NJ, FL), then .us for geographical
>location of equipment in USA.

For a long time, .US had an odd geographic structure invented by Jon
Postel. Everything was ...us. There are also some
special cases, notably k12..us for K-12 schools in each state. One
could volunteer to be a local subregistrar and a fair number of us
still exist. If you have a use for a domain name in
watkins-glen.ny.us, just ask. In that era it was up to each
subregistrar what to charge, and most of us charged and still charge
nothing. Or check out my church's web site at unitarian.ithaca.ny.us.

In 2002 the US government contracted with Neustar to run .US and since
then it's been a lot like generic TLDs, with second level domains
rented for a yearly fee.  The old geographic names are still grandfathered
but the registry, now run by Godaddy, isn't delegating any new ones.

R's,
John

Re: Charter DNS servers returning malware filtered IP addresses

[John Levine]

It appears that   said:
>* Owen DeLong [Sat 28 Oct 2023, 01:00 CEST]:
>>If it’s such a reasonable default, why don’t any of the public 
>>resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so?
>
>It's generally a service that's offered for money. Quad9 definitely 
>offer it: https://www.quad9.net/service/threat-blocking

Not really for money.  Quad9, Cloudflare, and OpenDNS provide filtered DNS for 
free.

There are expensive versions for enterprise networks but there's
plenty of malware filtering DNS for users.

I'm with you about the purity argument. While it certainly would be
possible to use DNS filtering for political reasons (the "family
friendly" versions arguably do that), the amount of malware and phish
is a large and real threat.

By the way, don't miss Interisle's new report on the cybercrime
supply chain.  They (we, actually) found five millions domains
used in crime of at least a million were registered only to do crime.

https://interisle.net/CybercrimeSupplyChain2023.html

R's,
John

Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

[John Levine]

It appears that Michael Thomas  said:
>> If you're one of the small minority of retail users that knows enough
>> about the technology to pick your own resolver, go ahead.  But it's
>> a reasonable default to keep malware out of Grandma's iPad.
>
>How does this line up with DoH? Aren't they using hardwired resolver 
>addresses? I would hope they are not doing anything heroic.

Generally, no.  I believe that Chrome probes whatever resolver is configured
into the system and uses that if it does DoH or DoT.

At one point Firefox was going to send everything to their favorite
DoH resolver but they got a great deal of pushback from people who
pointed out that they had policies on their networks and they'd have
to ban Firefox.  Firefox responded with a lame hack
where you can tell your cache to respond to some name and if so
Firefox will use your resolver.

R's,
John

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

[John Levine]

It appears that Bryan Fields  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>On 10/27/23 7:49 AM, John Levine wrote:
>> But for obvious good reasons,
>> the vast majority of their customers don't
>
>I'd argue that as a service provider deliberately messing with DNS is an 
>obvious bad thing.  They're there to deliver packets.

For a network feeding a data center, sure. For a network like
Charter's which is feeding unsophisticated nontechnical users, they
need all the messing they can get.

If you're one of the small minority of retail users that knows enough
about the technology to pick your own resolver, go ahead.  But it's
a reasonable default to keep malware out of Grandma's iPad.

R's,
John

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

[John Levine]

According to Bryan Fields :
>On 10/25/23 4:58 PM, Compton, Rich A wrote:
>> Charter uses threat intel from Akamai to block certain "malicious" domains.
>
>Does charter do this on signed domains too?

Of course.

If you want to run your own DNSSEC resolver and bypass their malware
protection, you are welcome to do so. But for obvious good reasons,
the vast majority of their customers don't.

R's,
John

Re: Charter DNS servers returning invalid IP addresses

[John Levine]

It appears that J. Hellenthal via NANOG  said:
>-=-=-=-=-=-
>
>Maybe the site "has/had" a shopping cart infection at one point that has been 
>found and eradicated at one point ?

Virustotal reported it four days ago, which suggests that whatever was
wrong with it is still wrong with it,

The usual (correct) response to "whitelist us because your malware
report is wrong" is "no, because it's not."

R's,
John

Re: it's mailman time again

[John Levine]

It appears that Aaron de Bruyn via NANOG  said:
>-=-=-=-=-=-
>
>I donno Rich...a couple of decades ago I lost my Slashdot account because 
>someone was able to access it.
>I used the password in two places...Slashdot and all the blasted mailman 
>instances I was signed up with.

I can believe that your Slashdot account got hacked, but why do you
think that's because someone read a monthly mailing list reminder,
figured out how to connect that list to your Slashdot account, and
broke in? That's quite a stretch.

More likely some Slashdot subcontractor sold it*, or you logged in
from a device that was compromised somehow. Or maybe it was just brute
forced.

R's,
John

* - I use tagged email on all my subscriptions and it's amazing how
passwords leak from places like the Wall Street Journal and the
Economist who really should know better. On the other hand, the NY
Times and WaPo don't leak, so pick your subcontractors carefully.

Re: it's mailman time again

[John Levine]

It appears that Rich Kulawiec  said:
>On Fri, Sep 01, 2023 at 10:16:05AM -0700, Randy Bush wrote:
>> and i just have to wonder about sending passords over the net in
>> cleartext in 2023.  really?
>
>This is a non-issue.

It's like changing your password, it sort of made sense in the 1980s
when networks meant coax Ethernets and bored students could sniff
passwords, and now it's cargo cult security. These days the only
sniffable shared media left is passwordless wifi and even there as you
note, mail all goes through TLS tunnels.

Re: Hawaiian ILEC infrastructure and fire

[John Levine]

According to Eric Kuhnke :
>-=-=-=-=-=-
>
>It's my understanding that the Hawaiian ILEC is now owned by Cincinnati
>Bell, which is also a unique historical artifact, as it was its own
>independent corporation/operating entity in the region of Cincinnati during
>the era of the pre-1984 Bell system.

Not that unique, SNET was also a Bell affiliate in most of Connecticut.

Hawaiian Tel has a very painful history. It was independent until
1967, then bought by GTE, then merged into Verizon along with the rest
of GTE in 2000, then sold to a hedge fund in 2004 which knew nothing
about telephony and ran it into bankruptcy, then an independent public
company from 2010 to 2017, when it was bought by Cincinnati Bell,
which in turn was bought in 2021 by Australian conglomerate Macquarie.

Running phone systems on islands is very expensive. There's only
160,000 people on Maui, about the same as Salinas CA, but separated
from the rest of the world by a lot of water.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: Historical info on how 'x.com' came to be registered

[John Levine]

It appears that Drew Weaver  said:
>-=-=-=-=-=-
>
>Does anyone have any historical information on how 'x.com' came to be 
>registered even though single letters were reserved?
>
>Is there a story or is it as simple as it was registered prior to the 
>reservation?

Here's a story about its history.  It's very old, from 1992.

https://jimmysoni.substack.com/p/the-colorful-history-of-xcom-aka

R's,
John

Re: whois server

[John Levine]

It appears that Matt Corallo  said:
>But, like they say, modern whois knows where to look, no need to use anything 
>else, I think as long 
>as you're not stuck trying to use macOS or something else shipping weird 
>ancient un-updated unix tools.

If you're inclined to roll your own, I keep a set of whois server
pointers at .whois.services.net so for example
aero.whois.services.net is a CNAME for the whois server for .aero. I
update it daily using a the info in the IANA database and a bunch of
kludges to fill in the gaps.

There's a similar set at .whois-servers.net which seems to be
less up to date.

R"s,
John

PS: Someday I'll do it for rDNS, too.

Re: Northern Virginia has had enough with data centers

[John Levine]

It appears that Michael Thomas  said:
>
>On 6/26/23 6:06 PM, Ron Yokubaitis wrote:
>> Dalles: government subsidized Hydroelectric Power, that’s why.
>
>Well that maybe, but electric rates are hella cheap in Oregon regardless.

Well, yeah, that's what he said although I would argue about the
subsidy part. The feds subsidized construction somewhere between 50
and 90 years ago, but the power charges have paid for O+M since then.
If you have the right geography, hydro is really cheap. Just ask the
people in Labrador who sell their power to Hydro Quebec for 0.2c/kWh.

By the way, here in the decadent northeast I pay about 9.5c/kwh
retail. What are the prices like in Oregon?

R's,
John

Re: Treasurydirect.gov unreachable over IPv6?

[John Levine]

It appears that holow29  said:
>-=-=-=-=-=-
>
>Is anyone able to reach treasurydirect.gov over IPv6? Unable to do so over
>Verizon Fios, and I'm not sure if it is a routing issue or an issue on
>Treasury's end.

Works fine via a HE tunnel.

R's,
John

Is malicious asymmetrical routing still a thing?

[John Levine]

Back in the olden days, a spammer would set up a server with a fast
broadband connection and a dialup connection, and send out lots of
spam over the broadband connection using the dialup's IP address.  Since
mail traffic is quite asymmetric, this got them most of the broadband
speed, and when the dialup provider cancelled their service, they could
just dial into someone else.  Or maybe work through that giant pile of
AOL CD-ROMs we all had.  The broadband provider often wouldn't notice
since it wasn't their IP and they didn't get the complaints.

Is this still a thing? Broadband providers fixed this by some
combination of filtering port 25 traffic both ways, and BCP38 so you
can only send packets with your own address. Do providers do both of
these? More of one than the other? TIA.

R's,
John

Re: Smaller than a /24 for BGP?

[John Levine]

It appears that Chris J. Ruschmann  said:
>-=-=-=-=-=-
>How do you plan on getting rid of all the filters that don’t accept anything 
>less than a /24?
>
>In all seriousness If I have these, I’d imagine everyone else does too.

Right. Since the Internet has no settlements, there is no way to
persuade a network of whom you are not a customer to accept your
announcements if they don't want to, and even for the largest
networks, that is 99% of the other networks in the world. So no,
they're not going to accept your /25 no matter how deeply you believe
that they should.

I'm kind of surprised that we haven't seen pushback against sloppily
disaggregated announcements.  It is my impression that the route table
would be appreciably smaller if a few networks combined adjacent a
bunch of /24's into larger blocks.

R's,
John

Re: txt.att.net outage?

[John Levine]

It appears that Simmons, Jay via NANOG  said:
>-=-=-=-=-=-
>This may be the issue

Sorry, but no.

>Here are some details on this Government protocol implemented by all Telecom 
>Carriers.
>
>Why it is being done? To support FCC mandate for STIR/SHAKEN, an industry set 
>of rules designed to authenticate
>and validate CallerID information associated with phone calls using digital 
>signatures.
>
>SHAKEN/STIR ...

STIR/SHAKEN only affects voice calls.  It has nothing to do with SMS.

As several other people have said, if you're sending safety critical SMS 
messages, use
a real SMS service, not a carrier's courtesy low volume e-mail gateway.

SMS services are not free, but they are not expensive, typically about 1/2 cent 
per message.

R's,
John

Re: FCC chairwoman: Fines alone aren't enough (Robocalls)

[John Levine]

It appears that Matthew Black  said:
>-=-=-=-=-=-
>This might have been what I read years ago:
>
>Teltech Systems Inc. v. Bryant, 5th Cir., No. 12-60027

No, that just said that federal law preempts a Mississippi state law
that purported to regulate Caller ID.

The federal law in 47 USC 227(e) says:

(1)In general 

 It shall be unlawful for any person within the United
 States, or any person outside the United States if the recipient is
 within the United States, in connection with any voice service or text
 messaging service, to cause any caller identification service to
 knowingly transmit misleading or inaccurate caller identification
 information with the intent to defraud, cause harm, or wrongfully
 obtain anything of value, unless such transmission is exempted
 pursuant to paragraph (3)(B).

In (3)(B) is a narrow carve-out for law enforcement and court orders.

The important point is that spoofing is illegal with fraudulent
intent, OK with benign intent.

R's,
John

Re: U.S. Court PACER system overloaded by public interest

[John Levine]

It appears that Jeffrey Ollie  said:
>-=-=-=-=-=-
>
>Anyone that regularly uses PACER should absolutely be using
>https://www.courtlistener.com/.

And the RECAP browser plugin, which both looks in courtlistener
for you, and uploads copies to it when you do a PACER download.
(The actual documents are public, only the downloading costs money.)

Start here: https://free.law/recap

R's,
John

Re: IERS ponders reverse leapsecond...

[John Levine]

>> > General press loses its *mind*:

No more than usual.  They're just rewriting this Facebook blog post:

https://engineering.fb.com/2022/07/25/production-engineering/its-time-to-leave-the-leap-second-in-the-past/

It appears that Forrest Christian (List Account)  said:
>Personally I'd like to see the UTC timescale be fixed to the TAI timescale
>with a fixed offset determined by whatever the offset is when they make the
>change.

That's what Facebook, Google, and AWS want, too.  Who knows, for once they 
might be right.

Re: NANOG List posts and DMARC

[John Levine via NANOG]

It appears that Jared Mauch  said:
>Can someone flip the option in Mailman for DMARC please, it’s problematic as 
>if one posts and does DMARC and has feedback on, our
>messages are  possibly rejected, and the feedback from a post is quite large.

I checked with Jared and he seems to misunderstand the meaning of the
DMARC failure reports he is getting. (I get them too, lots of them,
and file and ignore them.) They do not indicate any sort of delivery
problem.

Please do *not* change the DMARC settings for p=none since it degrades
the list mail and makes it much harder to tell who is sending each
message and who to reply to.

R's,
John

Re: NANOG List posts and DMARC

[John Levine via NANOG]

It appears that Michael Thomas via NANOG  said:
>
>On 8/2/22 12:30 PM, Jim Popovitch via NANOG wrote:
>> It's been doing it for ages for p=reject, but not p=none (the latter
>> being Jared's situation)

I don't understand Jared's concern.  His DMARC policy, like mine, is p=none
which tells receivers to do nothing DMARC-y with our messages.  I don't get
any sort of blowback from nanog posts that I can recall seeing.

>I'm sort of surprised that an org would have p=reject when its users use 
>outside mailing lists. 

Unfortunately, we lost that battle a long time ago.  It's "more secure" and
"best practice" so go away.

R's,
John

Re: Sigh, friends don't let politicians write tech laws

[John Levine]

It appears that Michael Thomas  said:
>-=-=-=-=-=-
>
>
>https://www.congress.gov/bill/117th-congress/senate-bill/4409/text?r=9=1
>
>the body of the proposed law:

This bill was filed by a bunch of the usual right wing suspects about
a month ago.  It was referred to committee, like all filed bills, and
I very much doubt it will ever emerge.

The US congress is not a parliamentary system and even bills from 
members of the majority party usually go nowhere.

R's,
John

Re: ICANN

[John Levine]

It appears that Keith Medcalf  said:
>
>Does anyone have contact information (or address for service of legal
>documents) for ICANN?  There web site does not appear to contain contact
>information.

If you really wish to send such a letter, I would send it by paper mail,
attn General Counsel.  Their address is on the web site.  But first ...

>ICANN apparently promulgates a policy which requires clickage on spam
>links in e-mail.  I intend to sue them for trillions of dollars for this
>policy.

Could you give us some hints about the legal theory under which you believe
they are liable?  ICANN is incorporated in California so only laws that apply
in the US matter.

R's,
John

Re: What say you, nanog re: Starlink vs 5G?

[John Levine]

It appears that Eric Kuhnke  said:
>Adding a terrestrial transmitter source mounted on towers and with CPEs
>that stomps on the same frequencies as the last 20 years of existing two
>way VSAT terminals throughout the US seems like a bad idea. Even if you
>ignore the existence of Starlink, there's a myriad of low bandwidth but
>critical SCADA systems out there and remote locations on ku-band two way
>geostationary terminals right now.

I think the original thought was that the satellite service would be used in
rural areas and 5G in cities so there'd be geographic separation, but Starlink
is selling service all over the place.

Re: FCC vs FAA Story

[John Levine]

It appears that Miles Fidelman  said:
>> Harold Feld did a much better job in November:
>>
>> https://wetmachine.com/tales-of-the-sausage-factory/what-the-eff-faa-my-insanely-long-field-guide-to-the-faa-fcc-5g-c-band-fight/
>Well... a bit better look at the politics & motivations of the folks 
>involved.  Still doesn't address whether or not C band radios break 
>radio altimeters.

 To translate from the FCC-esse: “Air industry, we cannot screw over
 the U.S. deployment in 5G by taking the single largest, most useful
 allocation of 5G spectrum off the shelf indefinitely because a handful
 of older, crappy altimeters might under some wildly improbable set of
 circumstances experience harmful interference. While we take air
 safety issues seriously, you guys are gonna need to recognize that “no
 5G in lower C-Band” is not a realistic expectation. So please work
 with the wireless industry here to figure out if you are going to need
 to get people to upgrade their equipment.”

Also this link from the article, which is self-serving but I believe
their numbers are accurate:

https://www.5gandaviation.com/

R's,
John

Re: FCC vs FAA Story

[John Levine]

It appears that Crist Clark  said:
>ProPublica published an investigative report on it last week,
>
>https://www.propublica.org/article/fcc-faa-5g-planes-trump-biden
>
>Whaddya know. Plenty of blame to go around. Government regulative bodies
>captured by the industries they’re supposed to regulate. The usual stuff.

That piece has way too much inside baseball and misses the actual question
of whether C band radios would break radio altimeters.

Harold Feld did a much better job in November:

https://wetmachine.com/tales-of-the-sausage-factory/what-the-eff-faa-my-insanely-long-field-guide-to-the-faa-fcc-5g-c-band-fight/

R's,
John

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

[John Levine]

It appears that Owen DeLong via NANOG  said:
>-=-=-=-=-=-
>Forgive me if I have little or no sympathy for them.

The laws of physics make it rather difficult to provide symmetrical speeds on
shared media like coax or cellular radio.  As wired networks move to all fiber
they'll get more symmetrical but in the meantime I expect that Comcast, 
Spectrum,
Cox, AT, Verizon, and T-Mobile are deeply troubled by your disapproval.

R's,
John

>> On May 29, 2022, at 14:10, Eric Kuhnke  wrote:
>> 
>> This is going to be very painful and difficult for a number of DOCSIS3 
>> operators, including some of the largest ISPs in the USA with
>multi-millions of subscribers with tons of legacy coax plant that have no 
>intention of ever changing the RF channel setup and
>downstream/upstream asymmetric bandwidth allocation to provide more than 
>15-20Mbps upstream per home. 
>> 
>> 
>> On Thu, 26 May 2022 at 16:59, Jeff Shultz > > wrote:
>> I think we have a winner here - we don't necessarily need 1G down, but we do 
>> need to get the upload speeds up to symmetrical 50/50,
>100/100 etc... there are enough people putting in HD security cameras and the 
>like that upstream speeds are beginning to be an issue. 
>> 
>> On Tue, May 24, 2022 at 4:37 AM David Bass > > wrote:
>> The real problem most users experience isn’t that they have a gig, or even 
>> 100Mb of available download bandwidth…it’s that
>they infrequently are able to use that full bandwidth due to massive over 
>subscription .  
>> 
>> The other issue is the minimal upload speed.  It’s fairly easy to consume 
>> the 10Mb that you’re typically getting as a
>residential customer.  Even “business class” broadband service has a pretty 
>poor upload bandwidth limit.  
>> 
>> We are a pretty high usage family, and 100/10 has been adequate, but there’s 
>> been times when we are pegged at the 10 Mb upload
>limit, and we start to see issues. 
>> 
>> I’d say 25/5 is a minimum for a single person. 
>> 
>> Would 1 gig be nice…yeah as long as the upload speed is dramatically 
>> increased as part of that.  We would rarely use it, but that
>would likely be sufficient for a long time.  I wouldn’t pay for the extra at 
>this point though. 
>> 

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

[John Levine]

It appears that Rubens Kuhl  said:
>> It's perfectly reasonable to claim a database right in the WHOIS data,
>> but the offense is scraping WHOIS, not enumerating the DNS zone. ...

>The zone file could be seen as an accessory to the database rip-off.
>For instance, it would be hard to see such a dependency on Alexa 1M
>top domains, since they are already enumerated. But some spam actors
>deliberately compared zone file editions to single out additions, and
>then harass the owners of newly registered domains, both by e-mail and
>phone.

Yeah, I know, and some of us download and diff zone files every day to
see what's new to track abuse trends.  That doesn't annoy anyone other
than perhaps people whose phish campaigns it might disrupt.

Once again, the issue is WHOIS scraping, not the DNS.

R's,
John

Re: Re: 10 Do's + Don'ts for Visiting Québec + Register Now for N85!

[John Levine]

It appears that Laura Smith via NANOG  said:
>
>--- Original Message ---
>On Friday, May 6th, 2022 at 13:59, J EMail <70ford...@gmail.com> wrote:
>
>> poutine should be on this list.
>
>God no ! 
>There are many great things about Canada and Québec  but poutine most 
>certainly is not. A culinary abomination that deserves to be confined to the 
>history books.

I dunno.  The foie gras poutine at Au Pied de Cochon, on R. Duluth in the 
plateau, is pretty darn tasty.

R's,
John

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

[John Levine]

It appears that Ray Bellis  said:
>
>> Is there any case law where someone has asserted a database right for a DNS 
>> zone?
>
>> It seems like a rather stupid thing to do. If someone asserted such a
>> right, I would make sure not to infringe it by ensuring no entries
>> from that database entered my DNS caches or other software.
>
>It wasn’t the zone itself as such - the concern was use of enumerated zone 
>data to then perform bulk collection of Whois data.

It's perfectly reasonable to claim a database right in the WHOIS data,
but the offense is scraping WHOIS, not enumerating the DNS zone.

I could enumerate the DNS zone twice a day every day and so long as I stayed
away from WHOIS, nobody would notice or care.

R's,
John

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

[John Levine]

It appears that Ray Bellis  said:
>> On March 27, 1991, in a case that transformed the nascent online database 
>> publishing industry, the Supreme Court ruled unanimously that there is no
>copyright protection for purely factual products such as a telephone directory 
>white pages. 
>
>I wasn’t talking about US law…

Is there any case law where someone has asserted a database right for a DNS 
zone?

It seems like a rather stupid thing to do. If someone asserted such a
right, I would make sure not to infringe it by ensuring no entries
from that database entered my DNS caches or other software.

Also, I see that in a decision last year the ECJ required "substantial
extraction" also caused "significant detriment" to the investment in
the database.  I'm having trouble coming up with a scenario in which copying
even the entire thing would impair the investment unless they are going to
assert that the structure of the names somehow gave away secrets about their
business plans.

R's,
John

Re: Court orders for blocking of streaming services

[John Levine]

It appears that Joe Greco  said:
>While the issue of domains being confiscated and being handed over to a
>prevailing plaintiff for an international domain with no obvious nexus
>to the United States ...

Most of the domains do have US nexus. Two are in .TV, one in .COM,
both run by Verisign, one in .XYZ which is assigned to an LLC in Las
Vegas, registered via registrar Namecheap which is in Phoenix. .DEV is
Google, again registered via Namecheap. The ones in .AC .LY .TO and
the non-existent .ISR, not so much.

I agree that the rest of the language demanding that every ISP,
hosting provider, credit union, bank, and presumably nail salon and
coin laundry in the US stop serving the defendants is nuts.

The defendants didn't show up in court so the plantiffs would have
provided a proposed order which it looks like the court just rubber
stamped. That was pretty sloppy of her.

R's,
John

Re: antique CGN complaints, was V6 still not supported

[John Levine]

It appears that JORDI PALET MARTINEZ via NANOG  
said:
>Related to the LEA agencies and CGN:
>
>https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online

Before we freak out too much, you might note that this page is dated 17 Oct 
2017.

I'm pretty sure that CGNs didn't disappear four years ago.

R's,
John

Re: Gmail (thus Nanog) rejecting ipv6 email

[John Levine]

It appears that Michael Thomas  said:
>
>On 4/3/22 12:12 PM, Bjørn Mork wrote:
>> On a slightly related subject... This DKIM failure surprised me, but at
>> least I verified that many NANOG subscribers have mailservers returning
>> DMARC failure reports ;-)
>
>Oh wow, you should report that to Murray.

It's on Github, so you can open an issue and if you're
feeling inspired a fork and a patch.  There's currently
67 open issues and 15 pull requests so don't hold your breath.

https://github.com/trusteddomainproject/OpenDKIM

R's,
John

>> Bjørn Mork  writes:
>>
>>> Authentication-Results: mx.google.com;
>>>   dkim=fail header.i=@mork.no header.s=b header.b=NB0BT8Ez;
>>>   spf=pass (google.com: best guess record for domain of 
>>> bj...@miraculix.mork.no
>>>   designates 2001:41c8:51:8a:feff:ff:fe00:e5 as permitted sender)
>>>   smtp.mailfrom=bj...@miraculix.mork.no;
>>>   dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mork.no
>>> Received: from canardo.dyn.mork.no ([IPv6:2a01:799:c9f:8600:0:0:0:1])
>>>   (authenticated bits=0)
>>>   by louie.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnGC342047
>>>   (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK);
>>>   Sun, 3 Apr 2022 19:16:50 +0100
>>> Received: from miraculix.mork.no 
>>> ([IPv6:2a01:799:c9f:8602:8cd5:a7b0:d07:d516])
>>>   (authenticated bits=0)
>>>   by canardo.dyn.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnKb1147676
>>>   (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK);
>>>   Sun, 3 Apr 2022 20:16:49 +0200
>>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b;
>>>   t=1649009809; bh=ZByFGHIiZPQYmJjQnCv16CXFZhKG8U3fTayR+Mx3piY=;
>>>   h=From:To:Cc:Subject:References:Date:Message-ID:From;
>>>   b=NB0BT8EzJBl2E3jzDaz7QY4C/utMGKFF+HCs8qjQFoHA4JHTD21ZkTk34jp2VOiJ0
>>>   pYWHUNXCNaEBK44Hr4U96h5pfXor+dqo0cSuRPTLNnRsoLAQg2kqmQkvylagdeezZc
>>>   4p+jQEQv5La2KbjzEIvW6iSGwwe4ltT9hu7h0H8U=
>>> Received: (nullmailer pid 389787 invoked by uid 1000);
>>>   Sun, 03 Apr 2022 18:16:48 -
>>> From: =?utf-8?Q?Bj=C3=B8rn_Mork?= 
>>> To: Randy Bush 
>>> Cc: John Levine ,
>>>  "North American Network Operators' Group" 
>>> Subject: Re: Gmail (thus Nanog) rejecting ipv6 email
>>> Organization: m
>>> References: <875ynqcvsl@miraculix.mork.no>
>>>   <20220403164123.4ce413a4b...@ary.qy> 
>>> Date: Sun, 03 Apr 2022 20:16:48 +0200
>>> In-Reply-To:  (Randy Bush's message of "Sun, 03
>>>   Apr 2022 10:50:06 -0700")
>>> Message-ID: <87v8vqav73@miraculix.mork.no>
>>
>> Did a little testing, and it looks like opendkim create a bogus
>> signature if a quoted-string diplay name in a To or Cc headers contains
>> an apostrophe. Not good at all.

Re: Gmail (thus Nanog) rejecting ipv6 email

[John Levine]

It appears that Bjørn Mork  said:
>Google has been trying to move away from Internet email for many years
>now.  Just let them.  There is no way you can "fix" that problem on your
>side.

Don't be silly.  Gmail has over a billion users and hosts mail for
vast numbers of businesses large and small.

I agree that they are stricter than many others at mail authentication
but considering how big they are, they do a very good job of doing what
the standards say.  Way better than Y**o* ot M*o**.

R's,
John
-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: Gmail (thus Nanog) rejecting ipv6 email

[John Levine]

It appears that Michael Thomas  said:
>> ARC lets the recipient system look back and do what we might call
>> retroactive filtering, using info about messages as they arrived at
>> the previous forwarder. While it would be nice if lists did a better
>> job of spam filtering, they don't, and ARC is a reasonable remedy for
>> that.
>
>I'll be eager to see the papers substantiating this. Until then I remain 
>completely skeptical. It's an experimental RFC for a reason. Let's see 
>the data.
>
>I'd also like to see a paper substantiating your claim that mailing 
>lists do a bad job of spam filtering. In my experience it is a non-problem.

People from Google have told me that is the specific reason that they
need all the complexity of ARC rather than just whitelisting mailing
lists. If you think they're lying, or you know more about their mail
stream than they do, not much we can do about that.

R's,
John

Re: Gmail (thus Nanog) rejecting ipv6 email from poorly configured senders

[John Levine]

It appears that Niels Bakker  said:
>I also run my own mail server. I had to firewall off Google's MXes for 
>this exact reason: silent and not-so-silent email rejection when 
>offered over IPv6.

I run my own mail server and have no trouble at all delivering mail to Gmail 
over IPv6.
I do have SPF, DKIM, DNSSEC and DANE on my mail servers.  My DMARC policy is 
p=none.
If it matters, the MTA is a heavily hacked version of qmail.

While I believe that Gmail rejects some people's mail, every time when
I have looked in detail, I have found that their mail authentication
isn't working properly. I'd suggest starting there.

R's,
John

Re: Gmail (thus Nanog) rejecting ipv6 email

[John Levine]

It appears that Michael Thomas  said:
>> Google at least adds ARC headers in Gmail, and did the editing of RFC8617.
>
>ARC resolves into a previously unsolved problem: reputation. ...

No, actually it doesn't, as has been repeatedly explained.

ARC addreses the problem that mailing lists do a lousy job of spam
filtering, A list that usually sends lovely clean mail sometimes
doesn't, since a typical list forwards anything with a subscriber's
address on the From line including spam from cleverish spammers who
take pairs of from/to addresses from stolen mailboxes.

ARC lets the recipient system look back and do what we might call
retroactive filtering, using info about messages as they arrived at
the previous forwarder. While it would be nice if lists did a better
job of spam filtering, they don't, and ARC is a reasonable remedy for
that.

R's,
John

Re: Gmail (thus Nanog) rejecting ipv6 email

[John Levine]

It appears that Michael Thomas  said:
>> There are a lot of bits and bobs that one has to get right for mail to flow, 
>> amongst which:
>>
>>   - IP -> PTR lookup -> that hostname lookup, and match to IP again
>>   - SPF
>>   - DKIM
>>   - DMARC

Yup.  Gmail has made it quite clear that they will not accept v6 mail that
isn't SPF or DKIM authenticated.  DKIM is more work but works more reliably.

>>   - ARC (for mailinglists)

>Seriously spend zero time on ARC. It doesn't work as advertised ...

Please, not this again. ARC does what it does, even if it doesn't do
what you might wish it did instead.

It's certainly not a magic ticket into an inbox but it is slowly
helping undo DMARC mailing list damage.  It's not important unless
you forward mail like a mailing list does.

R's,
John

Re: Let's Focus on Moving Forward Re: V6 still not supported

[John Levine]

According to james.cut...@consultant.com :
>> which, in general, requires provider change and renumbering
>> of globally unique addresses, unless you own /24.
>
>Moot since we are not discussing office moves. However, renumbering to global 
>IPv6 addressing allows easy coexistence with the global Internet

Alternatively, if you have network addresses that you want to be sure
don't leak to the global Internet, ULAs work well, too. If you pay
attention to RFC 4193 and select your Global ID randomly, when you
merge two networks there is no meaningful chance that the ULAs will
overlap.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: MAP-T (was: Re: V6 still not supported)

[John Levine]

It appears that JORDI PALET MARTINEZ via NANOG  
said:
>At the end, if you turn on IPv6 to residential customers, typically you will 
>get 70-80% IPv6 traffic, so the state in the NAT64 using 464XLAT is lower and 
>lower every day.

Not disagreeing, but where does that number come from?  Anectodally, on my home 
network I see
less than 50%.

R's,
John

Re: Bufferbloat and the pandemic was: V6 still not supported

[John Levine]

It appears that Michael Thomas  said:
>anything that ISP can do if they don't supply the ÇPE? What percentage 
>of providers do supply the CPE in the form of cable and dsl modems, etc, 
>that they could solve the problem with a swap out?

In the US at least, although cable customers can use their own DOCSIS modem and
a router, most don't.  All the Comcast customers I know have a combo box that
is a modem, router, hotspot, and telephone adapter.  It has full native IPv6
support, of course.  I poked at one and found that some functions like port
forwarding are only managed remotely by logging into the Xfinity website.

DSL and fiber modems aren't standard like DOCSIS so you have to use the telco's.

Anecdotally, when I've rented apartments in the UK and France they all had
provider CPE too.

Re: Making Use of 240/4 NetBlock Re: 202203151549.AYC

[John Levine]

It appears that Abraham Y. Chen  said:
>     C.    Recently, we were made aware of the Int-Area activities. 
>Attempts to reach the Group Chairs have not received any responses.
>
>     D.    I just received an Int-Area Digest Vol 199, Issue 14 
>requesting IETF to reactivate the IPv4 support.

For people who don't follow the IETF lists, here's a summary of
the responses.  Mr. Chen thought it was a good idea, everyone
else, and I mean everyone, said it's a foolish idea and not
worth pursuing.

R's,
John

Re: V6 still not supported

[John Levine]

It appears that Matt Hoppes  said:
>Just like with IPv6, there would be a transition period, but during that 
>time software updates would very easily bring equipment up to spec much 
>faster and quicker.
>
>Eventually, 192.168.0.1 would be represented (for example) as 
>0.0.0.0.192.168.0.1 (or something similar - I haven't really sketched 
>out the logistics on paper).

Sounds just like an IPv4-mapped IPv6 address, which is :::192.168.0.1.
See RFC 1884, written in 1995, and the other RFCs which update it but don't
change this particular aspect.

What's the difference?

R's,
John

Re: V6 still not supported

[John Levine]

It appears that Matt Hoppes  said:
>At this point I would *love* to see IPv4 get extended, a software patch 
>applied to devices, and IPv6 die a quick painless death.

The people at the IETF may be shortsighted, but not *that* shortsighted.
If adding 16 more /8's would have been enough, they would have done it.

But anyone with his or her eyes open knows that's silly.  IPv6 certainly
has its problems but it's the only bigger address space we've got.

R's,
John

Re: are underwater routers a thing?

[John Levine]

It appears that Jerry Cloe  said:
>-=-=-=-=-=-
>
>it look like it was completely at sea, but it would kind of make sense
>to leave them at sea if you could put a router there.
>
>First thing that comes to mind is power, how would you power them?

Undersea cables have had power for repeaters since TAT-1 in 1956.  I
think we can consider that to be a solved problem.

R's,
John

Re: "Permanent" DST

[John Levine]

It appears that Chris Adams  said:
>Once upon a time, Owen DeLong  said:
>> You’re right… Two changes to a single file in most cases:
>> 
>> 1.   Set the correct new timezone (e.g. MST for California).
>
>And now your system displays wrong info 100% of the time, since as I
>understand it, the zones will be changed (e.g. for me, CST will change
>from UTC-0600 to UTC-0500).  How will you distinguish between "old" MST
>and "new" MST when you see it listed?

No, the names of time zones will not change. California would
permanently be on PDT.  If you want to call it MST, that's OK, too.

Arizona is on MST which is the same as PDT. Puerto Rico is on AST
which is the same as EDT. Neither of them are going to change.

R's,
JOhn

Re: "Permanent" DST

[John Levine]

It appears that Jay Hennigan  said:
>Some systems are dumbed-down with drop-down menus listing cities like 
>"Americas-Los Angeles" and similar. These will require a bit of work on 
>the back end.

Unix and linux systems have a timezone database that has the historic time
zones for everywhere they know about.  The internal time format is always
seconds since the beginning of 1970 UTC, and the libraries use the database
to convert back and forth to display formats.

Updating the timezone database is just like updating any other files in
your computer.  If you install the usual system updates, you'll be fine.

R's,
John

Re: "Permanent" DST

[John Levine]

It appears that Aaron C. de Bruyn via NANOG  said:
>All that's left to solve is in-person stuff...which already currently sucks.
>
>"My flight leaves at 6 AM local time and lasts 90 minutes, but I'm crossing
>3 timezones heading west...

It could be worse.  In non-COVID times there are flights between Honolulu (HNL) 
and
Kirimati (CXI) which take about three hours but there is a 24-hour time change.

Re: "Permanent" DST

[John Levine]

It appears that Mel Beckman  said:
>-=-=-=-=-=-
>We already have this problem with Arizona, which never changes time for the 
>summer.

Sure it does.  It switches from MST to PDT.

Helpfully,
John

Re: Not Making Use of 240/4 NetBlock

[John Levine]

It appears that Joe Maimon  said:
>Saku Ytti wrote:
>> What if many/most large CDN, cloud, tier1 would commonly announce a 
>> plan to drop all IPv4 at their edge 20 years from now? How would that 
>> change our work? What would we stop doing and what would we start doing? 
>
>I cant see how it would change or do anything IPv6-related for myself 
>for at least 19 years. And I suspect most others would fall somewhere 
>between that and never.

Yet the four largest cable networks and all of the mobile networks in the
US have had full IPv6 support for years as do AWS, Google, Azure, Digital
Ocean, Linode, and many other hosting providers.

Could you explain what "most" means where you are?

R's,
John

Re: V6 still widely supported (was Re: CC: s to Non List Members,

[John Levine]

It appears that Joe Maimon  said:
>higher penetration of native v6, I would restate that a bit more 
>conservatively as
>
>Google's statistics are likely a fair barometer for USA usage in the 
>large content provider arena which have a strong mobile representation.

AT, Comcast, and Charter/Spectrum, the three largest cable companies, have 
IPv6
support.  I expect a lot of Google searches and Gmail messages come from them, 
too.

I think it's more accurate to say that large networks have looked at the
costs and implemented IPv6.  Small networks, many of which have no need
to expand beyond their existing IPv4 allocations, largely have not.

Of course, there are a lot more small networks than large ones, even though
they don't necessarily represent many users, so guess who we hear from?

R"s,
John

Re: Making Use of 240/4 NetBlock

[John Levine]

It appears that David Conrad  said:
>isn’t very far), 240/4 isn’t sourcing or sinking significant traffic on the 
>Internet.

FWIW, my tiny server sees about 20 packets/day from that range.  It's not very 
much but it's
hard to imagine why I'm seeing any at all.

It's more than I see from 0/8, less than what I see from 192.168.0.0/16.

R's,
John

Re: Making Use of 240/4 NetBlock

[John Levine]

It appears that David Conrad  said:
>-=-=-=-=-=-
>
>On Mar 9, 2022, at 10:08 AM, John R. Levine  wrote:
>> On Wed, 9 Mar 2022, John Gilmore wrote:
>>> Major networks are already squatting on the space internally, because they 
>>> tried it and it works.
>> Sounds like an excellent reason not to try to use it for global unicast.
>
>When did squatting become a justification for not allocating addresses?

Um, when can I register my .corp and .home domains?

R's,
John

Re: CC: s to Non List Members (was Re: 202203080924.AYC Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock)

[John Levine]

It appears that William Herrin  said:
>On Tue, Mar 8, 2022 at 12:34 PM John Levine  wrote:
>> FWIW, I also don't think that repurposing 240/4 is a good idea.  To be 
>> useful it would require
>> that every host on the Internet update its network stack,
>
>Hi John,
>
>That's incorrect and obviously so. While repurposing 240/4 as general
>purpose Internet addresses might require that level of effort, other
>uses such as local LAN addressing would only require the equipment on
>that one lan to be updated -- a much more attainable goal.

If you want to patch your devices so they use 240/4 as a version of
10/8 on your own network, you can do that any time you want.

>Reallocating 240/4 as unpurposed unicast address space would allow
>some standards-compliant uses to become practical before others. A few
>quite quickly.

So long as we agree that "quickly" means a decade.  If we did this bad idea,
at some point there would be a tipping point where enough hosts recognized
them to be useful, but we say the same thing about IPv6.

>Is it not past time we admit that we have no real idea what the
>schedule or level of effort will be for making IPv6 ubiquitous?

Oh, absolutely.  I have conversations with my hosting provider in which
they tell me that nobody has ever asked for IPv6 other than me, and they
had no idea their upstream (Spectrum) had native IPv6.  So I keep using
a tunnel.  I would expect the same conversations about 240/4.

R's,
John

Re: CC: s to Non List Members (was Re: 202203080924.AYC Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock)

[John Levine]

It appears that Anne Mitchell  said:
>> Cc: NANOG , Greg Skinner , 
>> "Karandikar, Abhay" , Rama Ati
>, Bob Corner GMAIL , "Hsing, T. 
>Russell" , "Chen, Henry C.J."
>, ST Hsieh , "Chen, Abraham Y." 
>
>> 
>
>This is a whole lot of cc:s to people who aren't even part of this group/list. 
> One wonders with this many cc:s, how many bcc:s there also were, and to whom.

There are several thousand people on the NANOG list, and public web archives.  
I don't think this
is a useful question.

FWIW, I also don't think that repurposing 240/4 is a good idea.  To be useful 
it would require
that every host on the Internet update its network stack, which would take on 
the order of
a decade, to free up some space that would likely be depleted in a year or two. 
 It's basically
the same amount of work as getting everything to work on IPv6.

R's,
John

Re: Ukraine request yikes

[John Levine]

It appears that Carsten Bormann  said:
>On 2. Mar 2022, at 17:38,   wrote:
>> 
>> “democracy”
>
>PSA: Please read
>
>https://newsletters.theatlantic.com/peacefield/6206c37b9d9e380022bed32f/is-it-fascism-is-it-socialism/
>
>before using words like this again.

Nice article, definitely worth reading.  Thanks.

R's,
John

Re: Ukraine request yikes

[John Levine]

It appears that Daniel Suchy via NANOG  said:
>It's also technically possible to perform full AXFR from some official 
>root-server (it's allowed on some instances) and bring your own 
>root-server locally-anycasted instance anywhere you want.

It's not just possible, it's quite common.  See RFC 8806.

I run local roots on my small networks.

R's,
John
-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: Slack.com DNSSEC on Feb 12th 15: 00 UTC

[John Levine]

It appears that Peter Beckman  said:
>Agreed! Slack should probably move away from the custom domain model, and
>go with slack.com/w/bjornbjorn moving forward.

Their problem was poorly debugged software.  I don't see any reason that web
software is necessarily any better debugged than DNS software.

I use DNSSEC signed wildcards and it works fine, although it has blown up
the occasional buggy web spider which is not my problem.

Check out https://www.web.sp.am.

R's,
John



>
>On Fri, 4 Feb 2022, Christopher Morrow wrote:
>
>> On Fri, Feb 4, 2022 at 10:54 AM Bj�rn Mork  wrote:
>>
>>>
>>> I assume you know which names you are going to serve?
>>>
>>>
>> how would they be able to serve:
>>  footgun.slack.com
>>   bjornbjorn.slack.com
>>   ilovecorn.slack.com
>>
>> so immediately without that wildcard though?
-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: What do you think about the "cloudification" of mobile?

[John Levine]

It appears that Michael Thomas  said:
>Didn't Netflix for the longest time run on AWS? 

They still do.  Their web site and the non-realtime stuff is at AWS,
the streaming they do themselves.

R's,
John

Re: Coverage of the .to internet outage

[John Levine]

It appears that Aaron C. de Bruyn via NANOG  said:
>> If you're a small pacific island nation state with a limited budget, and a
>> working submarine cable, maintaining a SCPC geostationary satellite service
>> that might be $20,000 a month (on 36-60 month term) in transponder kHz may
>> seem like a very large ongoing expense.
>
>Redundancy seems like it could be covered by increasing the cost of a .to
>domain.

I think you vastly overestimate how much money there is in domain registrations
if your name is not Verisign or Godaddy.

>DNS for .to domains seems to be working just fine, but whois lookups for
>.to domains fail with a timeout.

Well, sure, the DNS has mirrors all over the place:

$ host -t ns to.
to name server frankfurt.tonic.to.
to name server singapore.tonic.to.
to name server colo.tonic.to.
to name server tonic.to.
to name server sydney.tonic.to.
to name server newyork.tonic.to.
to name server helsinki.tonic.to.

Dunno why WHOIS would fail since traceroutes say the WHOIS server is in 
California.

R's,
John

Re: What do you think about this airline vs 5G brouhaha?

[John Levine]

It appears that Michael Thomas  said:
>
>I really don't know anything about it. It seems really late to be having 
>this fight now, right?

Harold Feld did an excellent explainer about this in November:

https://wetmachine.com/tales-of-the-sausage-factory/what-the-eff-faa-my-insanely-long-field-guide-to-the-faa-fcc-5g-c-band-fight/

tl;dr while interference is certainly possible in theory, the putative
evidence can charitably be described as weak, and the FAA has been
complete jerks throughout the process.

R's,
John

Re: home router battery backup

[John Levine]

It appears that Shawn L via NANOG  said:
>In $dayjob I work for a telco that deploys fiber to the home.  If we are
> providing voice services over fiber a battery backup is installed (we main
>tain) that powers the customer's phone in the event of a power outage.  

I have fiber service from my local RLEC.  The modem comes with a 12V battery
UPS which looks big enough to keep the phone and internet on for several days.

But as you say, it's the modem, not the router.  If the power went out
and the UPS I have for my other equipment ran down, which would take about
half an hour, I suppose I could run an ethernet cable from my laptop to
the modem.

R's,
John

Re: .bv ccTLD

[John Levine]

It appears that Jay R. Ashworth  said:
>- Original Message -
>> From: "Jaap Akkerhuis" 
>
>> Similar ideas where held for MD and TM but didn'y seem to work
>> out. Furthermore, an indepent Bougainville mighs change the name
>> to something else (as Zimbabwe did).
>
>On reflection, I don't think .inc has played all that well either.

>From ICANN's recent round of new domains:

22793 .llc
114209 .ltd
3924 .inc
23812 .gmbh

The larger number in .ltd and .gmbh and .llc is likely because they
don't check that you are actually incorporated and the price is about $25 or
$50.

For .inc they don't check either but the price is more like $2000.

They're all pretty lame compared to .biz with 1.4 million, or .com with 158 
million.

R's,
John

Re: .bv ccTLD

[John Levine]

It appears that Jay R. Ashworth  said:
>Well, sure, but with the copper deposit measured in double-digit billions, 
>it seems sane to assume they've got a plan there...

It's been 30 years.  We can hope but I wouldn't hold my breath.

>Though given .TV's benefits to Tuvalu, and the number of Scandahoovian 

You misspelled Dutch.

>businesses that are BVs...

Quite a while ago I met a guy at an ICANN meeting who'd made a deal with
American Samoa to sell .AS domains since AS is the corporate abbreviation in
several European countries.  It went nowhere, the Samoans took it back.

R's,
John

Re: .bv ccTLD

[John Levine]

According to Jay R. Ashworth :
>- Original Message -
>> From: "John Levine" 
>
>> There's over 300 unassigned codes to choose from.  GV or UV perhaps?
>
>I'm sure *I* would fight for a 3166 code that started with the first letter
>of my country name.  But it's not my country, so my concerns are esthetic,
>and academic (in either send of the word).

I suspect the Bougainvillians (Bougainvillains?) have a few more urgent topics
to attend to.  The island's only significant asset is a huge copper mine which
has been closed since 1989 when the civil war started.  If they can't figure
out how to both get the mine open again and to deal with the environmental mess
left by the former operator, they won't have much of a country.

R's,
John
-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: .bv ccTLD

[John Levine]

It appears that David Conrad  said:
>> Anyone here got a buddy on the secretariat?  :-)
>
>Even if they did, transitioning codes is a long (99 year? I’ve forgotten) 
>process…

It's only 50, but yeah, it's not changing any time soon.

There's over 300 unassigned codes to choose from.  GV or UV perhaps?

R's,
John

Re: fun with TLDs and captive portals was, Redploying most of 127/8 as unicast public

[John Levine]

It appears that Francis Booth via NANOG  said:
>So we know RFC 2606 defined reserved TLDs like .lan and .home so there

Um, this must be a different RFC 2606 than the one the rest of us have read.
It mentions neither .lan nor .home.

>In order to solve the chicken/egg problem of having to know your IPv6
>prefix and the address assigned to your router dynamically for
>nontechnical users to reach their router configuration pages, ...

SLAAC lets hosts find their prefix and router and optionally other
stuff like the DNS servers.  See RFC4862.  This is a thoroughly solved problem.
If your router is a captive portal like at a coffee shop and client devices
need to open a web page to log in, see RFC 8910.

R's,
John

Re: Class D addresses? was: Redploying most of 127/8 as unicast public

[John Levine]

It appears that Michael Thomas  said:
>There is just as big a block of addresses with class D addresses for 
>broadcast. Is broadcast really even a thing these days?

It's multicast and no, but it hardly matters.

It's the same problem, if you wanted to turn it into unicast space you'd need
a global forklift upgrade.

FWIW, I see a trickle of class D traffic coming through my router but no class 
E.

R's,
John

Re: is ipv6 fast, was silly Redeploying

[John Levine]

It appears that Michael Thomas  said:
>Both have sprawling product lines though even with fsvo big iron. It 
>would be nice to hear that they can build out big networks, but given 
>the use of ipv6 in mobile I assume they can. I wonder what the situation 
>is for enterprise which doesn't have any direct drivers that I know of.

Google says they see about 1/3 of their users on IPv6 so I presume they
are getting their routers from someone.  As you note, many mobile networks
are IPv6 internally, and they seem to work.

R's,
John

Re: is ipv6 fast, was silly Redeploying

[John Levine]

It appears that Michael Thomas  said:
>And just as impossible since it would pop it out of the fast path. Does 
>big iron support ipv6 these days?

My research associate Ms. Google advises me that Juniper does:

https://www.juniper.net/documentation/us/en/software/junos/routing-overview/topics/concept/ipv6-technology-overview.html

As does Cisco:

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9600-series-switches/nb-06-cat9600-ser-sup-eng-data-sheet-cte-en.pdf

R's,
John

Re: WKBI #586, Redploying most of 127/8 as unicast public

[John Levine]

It appears that Joe Maimon  said:
>Mark Andrews wrote:
>> It’s a denial of service attack on the IETF process to keep bringing up 
>> drafts like this that are never going to be approved.  127/8 is
>in use.  It isn’t free.
>
>There are so many things wrong with this statement that I am not even 
>going to try to enumerate them.

Aw, c'mon, don't leave us guessing.

>For example 
>https://datatracker.ietf.org/doc/html/draft-fuller-240space-02 from 2008 
>which fell prey to the "by the time this is usable IPv6 will have taken 
>over" groupthink.
>
>Objectively wrong.

I will agree that your explanation of the reasons the IETF didn't repurpose 
240/8 is objectively wrong.

The amount of work to change every computer in the world running
TCP/IP and every IP application to treat 240/4 as unicast (or to treat
some of 127/8) is not significantly less than the work to get them to
support IPv6. So it would roughly double the work, for a 2% increase
in the address space, or for 127/8 less than 1%.  The code for IPv6
is already written, after all.

Also, while the world has run out of free IPv4 address space, there is
plenty of IPv4 if you are willing to pay for it. A 2% increase in v4
addresses would not change that.

>> "By contrast, IPv6, despite its vastly larger pool of available address 
>> space, allocates only a single local loopback address (::1)
>[RFC4291]. This appears to be an architectural vote of confidence in the idea 
>that Internet protocols ultimately do not require millions of
>distinct loopback addresses.”
>>
>> This is an apples-to-oranges comparison.  IPv6 has both link and site local 
>> addresses and an architecture to deliver packets to specific
>instances of each.  This does not exist in the IPv4 world.
>
>SO an IPv6 only system without any network interfaces can run multiple 
>discrete instances of the same daemon accepting connections on the same 
>TCP port?

Sure.

 Can I script that, can I template that with hardcoded 
>addresses, same as I can now for 127/8?

Sure, if you think that's a good idea which it isn't.  Use LLAs on your 
loopback interface.

Personally, I take my 127/8 addresses from a configuration file since I don't 
know in advance what
other daemons might also want to run on addresses only visible on the local 
machine.  Or, you know,
some maniac might decide that part of 127/8 isn't loopback so I have to move 
them to the part that
still is.

In IPv6 I use ULAs since that gives me the option of routing them or not.

R's,
John

Re: . (was IPv6 and CDN's)

[John Levine]

It appears that Bryan Fields  said:
>Can you explain how it would work?  Say you have a root server operator who
>starts messing up, is there any ability to remove them?

Nope.  We are fortunate that for over 30 years the root servers have all been
competent and reliable.

>> It’s a hard question, but it isn't the folks at IANA who answer it.
>
>Who does?  Doesn't IANA designate root servers and the . zone?

The root servers are basically the people who have always run the root servers,
give or take a few changes due to mergers and a few additions over a decade ago
to get better geographic diversity.

R's,
John

Re: Safe Geo-location Defaults

[John Levine]

It appears that Lukas Tribus  said:
>Yes... point your default coordinates to a safe location, please!
>
>https://www.washingtonpost.com/news/morning-mix/wp/2016/08/10/lawsuit-how-a-quiet-kansas-home-wound-up-with-600-million-ip-addresses-and-a-world-of-trouble/
>
>https://arstechnica.com/tech-policy/2016/08/kansas-couple-sues-ip-mapping-firm-for-turning-their-life-into-a-digital-hell/

After reading the stories about people who were sure their stolen device was at 
the default location, and then Maxmind
moving the default into the middle of a nearby lake, I was tempted to set up a 
stand next to the lake renting glass bottom
boats and snorkel gear.

R's,
John

Re: Internet history

[John Levine]

It appears that Patrick W. Gilmore  said:
>
>My understanding is that really is IMP No. 1. Someone found it in the “to be 
>scrapped” pile & rescued it, then they closed off room 3420 & made it a 
>micro-museum. I believe the teletype
>is not the original, but is a real ASR-33. The Sigma 7 is a prop, I believe.

The IMP is real, as are some of the notebooks.  Everything else is a prop.

The terminal isn't even a model 33, it's a model 32 which says ITT in large 
letters so you know it was retired from
Telex service, not computing.

But it's definitely worth a visit, particularly if Len Kleinrock is around to 
give his spiel about "LO" the first message.

https://uclaconnectionlab.org/internet-museum/

R's,
John

Re: IPv6 woes - RFC

[John Levine]

It appears that Brian Johnson  said:
>Side question on this thread…
>
>Is it everyones current expectation that if a provider were to switch to IPv6 
>and drop IPv4 that the customers would all be
>just fine with that? 

Try sending e-mail to AOL/Yahoo or Hotmail/Outlook over IPv6.

R's,
John

Re: IPv6 woes - RFC

[John Levine]

It appears that Stephen Satchell  said:
>> or get an HE /48 over a tunnel which will do PTR or NS records appropriately.
>
>Hurricane Electric?  Seriously?

I've been using HE's free ipv6 tunnels for ten years. They work great.
I don't ever recall any downtime. They assign you a /64 by default,
/48 on request, and delegate the rDNS wherever you want.  One points at my 
server which
is in a rack somewhere, one points at the router on my home fiber connection.

Since I set it up they filter port 25 by default for obvious reasons but will 
unblock
if you ask nicely and sound like you know what you're doing.  Geolocation 
doesn't work,
and now and then someone (Wikipedia) decides it's an evil VPN and blocks or 
filters it
but I haven't found that to be much of a problem in practice.

R's,
John

Re: IPv6 woes - RFC

[John Levine]

According to Mark Andrews :
>It tells you that AT don’t treat IPv6 on equal footing to IPv4 and nothing 
>more.

Indeed but since AT is about 1/4 of the US broadband market, and our screwed 
up telco
politics means there is often no practical competitor available, that's a big 
problem.

R's,
John

PS: that's separate from what he said about equipment which nomninally has v6 
support but not
in a way that you can actually use.
-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: IPv6 woes - RFC

[John Levine]

It appears that Owen DeLong via NANOG  said:
>> The cost of putting flyers in the bills rounds to zero, so yes, really. I 
>> expect these companies all have plans
>to support v6 eventually, someday, once they're retired and replaced all of 
>the old junk that handles v6 poorly or
>not at all, but you know about accountants and depreciation.
>
>Unless their infrastructure runs significantly on hardware and software 
>pre-2004 (unlikely), so does the cost of
>adding IPv6 to their content servers. Especially if they’re using a CDN such 
>as Akamai.

I wasn't talking about switches and routers.  I was talking about every single 
piece of software and equipment that
they use for support and marketing and customer service and all the other stuff 
that big companies do.

As I may have said once or twice, eventuallly it'll all be replaced so it works 
on IPv6 but we're not holding our breath.

R's,
John

Re: IPv6 woes - RFC

[John Levine]

It appears that Baldur Norddahl  said:
According to Baldur Norddahl :
>> Number portability database is looked up after the call
>> reaches the destination country, which will be used for
>> further intra-national routing, which do not affect
>> country-wise aggregation of international routing table.
>
>Actually the GSM system will query the HLR to find out where to really
>route the call. Much like LISP actually.

With a century and a half of history, the phone system has a lot of different
numbering hacks.

In the US, the country is divided into several hundred regions within which
you can port phone numbers.  They do this with an overlay database; on each
call the number is looked up to get a routing number which is used to route
the call.  If the number hasn't been ported the routing number is the
number itself, otherwise it's a number assigned to the switch that handles
the call.  The routing numbers are assigned in the familar hierarchical
way and the first seven digits of the number (three digit area code,
three digit prefix, one digit subprefix) to route the call.  Mobile carriers
have their own system underneath that so if you, say, get an AT number in
New York, port it to Verizon, and then move to California, calls to your
number get routed to New York, looked up in the porting database, delivered
to a Verizon switch in NY, then routed within the Verizon network to your
phone in California.  Dunno whether Verizon uses the same HLR to do 
international
roaming or separate for domestic and international.

There is a proposal to provide national number portability in the US which
would in effect merge all of the regions together and get rid of all long
distance charges within the US that has a reasonably good chance of happening.

This has nothing to do with IPv6, of course, other than that modern phones use
VoLTE so within a mobile carrier's network your voice call is probably handled
using IPv6 transport.