Do you see problems with this scheme? There's considerable
interest and momentum in end user owned routing infrastructure,
including wireless ad hoc meshes across urban areas.
I've seen remarkably little overlap between the people that think ad
hoc meshes are a fabulous liberating technology and
Here is another thought. Many people think that the rapid computer
trading does not really add any value to the market in any case since
there is no long term investment.
It clearly doesn't. A proposal that's been kicking around for a while
is to clear all trades once a second, so everyone has
Are there DNS caches that allow you to partition the cache for
subtrees of DNS names? That is, you can say that all entries from
say, in-addr.arpa, are limited to 20% of the cache.
The application I have in mind is to see if it helps to keep DNSBL
traffic, which caches poorly, from pushing other
The cache needs to be big enough that it has a thrashy bit that is
getting changed all the time. Those are the records that go into the
cache and then die without being queried again. If the problem is
that there's some other record in there that might be queried again,
but that doesn't get
Is this type of thing typical these days and we're just lucky so far and
behind the curve on the futility of trying to take action on reports of
network abuse?
Suresh is right, this is a GWF/GWL. Normal people send abuse reports
with actionable data and a working return address for replies and
In article 5047a2ea.8010...@hup.org you write:
On 09/05/12 09:13 , Michael Thomas wrote:
The I part of DKIM is Identified. That's all it promises. It's a
feature, not a bug, that spammers use it.
Which is why DKIM does not really address any concerns. The spammers
have reduced its value.
Well, if you've got proper forward and reverse DNS, and your portable
SMTP server identifies itself properly, and you are using networks that
don't filter outbound port 25, AND you have DKIM configured correctly
and aren't using it for a situation for which it is inappropriate, then
you'll get
My idealistic preference would be the ISP allows outbound port 25,
but are highly responsive to abuse complaints;
My idealistic preference is that ISPs not let their botted customers
fill everyone's inbox with garbage.
Why do you think that blocking port 25 precludes logging what they
block,
OpenSRS and Enom both have APIs.
I've ben using OpenSRS's for ages. It's reasonably well documented
and works.
They do nearly all their business with resellers who typically host
their own web sites and use the API to fill the orders, so the API is
critical infrastructure for them.
R's,
John
If I am understanding this quote correctly the author is worried IPv6
will run out of addresses so won't make the switch... Granted only 1/8th
of the IPv6 space has been allocated for internet use but that number is
still so mind-boggling _huge_..
I would suggest it's irrational thinking
In article caarzuotqwgpbw46+xb1ngmcn1yryttpygyymppxpqqug9k6...@mail.gmail.com
you write:
With current use cases at least, yes. What do we know of what's going to
happen in a decade or two?
In technology, not much. But I'd be pretty surprised if the laws of
arithmetic were to change, or if we
John Graham-Cumming, who found this unused block, wrote in a blog post that
the DWP was in possession of 51.0.0.0/8 IPv4 addresses.
Please, don't anyone tell him about 25/8.
And someone should further alert him that they do not own these addresses.
MIT is probably using less of their /8 than MOD is, and as far as I
know, MIT has neither commando forces nor nuclear weapons.
You might want to pick, so to speak, your battles more carefully.
R's,
John
In article 450916d8-fa1d-4d43-be8f-451d50dd6...@privaterra.org you write:
Am I correct in assuming that the unused IP block would not be sold as
is mentioned in the article, but instead be returned to RIPE to be
reallocated?
Since there is no chance of either one happening, no.
R's,
John
So 6-8 years to try and rehabilitate 240/4 was not even enough to try?
Since it would require upgrading the IP stack on every host on the
internet, uh, no. If you're planning to do that, you might as well
make the upgrade handle IPv6.
and no quantity of pixie dust is going to
cause new space
Does the best practise switch to now using one IPv6 per site, or still
the same one IPv6 for multi-sites?
As I've been migrating my sites to IPv6, each site gets its own IP.
Works great. I did find that I needed to improve my tools so I could
track the individual IP addresses and assign the
they're worried about.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
More Wiener schnitzel, please, said Tom, revealingly.
I suggested that probably 99% of the false positives I see could be
avoided by just waiting until there are two or more complaints from
the same source before firing it back as spam.
Perhaps, but different people have different heuristics. There's
nothing keeping you from writing your own
Nor should they. Anyone who actually researches this stuff knows that
the vast majority of unsub links simply confirm you as a live target
who will click on random links sent to them through e-mail.
That's the conventional wisdom, not confirmed by research. The FTC
tried it in 2002 and
I want to ask some folks out there that maintain reverse DNS queries
of their respective IP blocks. I want to know if there is a need for
me to contact my upstream provider. I am in charge of 2 /24's under
LACNIC. I've already registered my DNS servers on LACNIC. but for some
weird reason it's
And yes indeed, its a way for us to automate termination of spammers,
and to discover other patterns (in signup methods / spam content etc)
that we can use to update our filters.
That's a great theory. Would you be willing to post an update to this
list if and when your technology and
'Experts predict that consumer demand, already growing at 60 per cent a
year, will start to exceed supply ...
Dear author: HEY JERKFACE, APRIL 1 IS THE FIRST DAY OF THE MONTH, ...
You know, we have only ourselves to blame.
If we taped up the openings and blew all of the cruft out of the
little reason to limit the block to Minnesota
customers, giving them a lot of latitude in where they implement the
block.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
More Wiener
States are not common carriers. Even the
ISPs that are owned by phone companies (which are common carriers for
their phone service) are not common carriers.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of The Internet for
Dummies,
Information Superhighwayman wanna-be, http
So, although it should be noted that by and large ISPs have resisted
being classified telecommunications common carriers as specifically
defined in CA1934 they seem to be treated by the law, in practice, as
common carriers in the common law sense ...
You're right, but the legal setup is flipped
The fine people at the FBI are recommending people call their ISP for
home computer technical support, even though most ISPs don't sell
home computers, operating system software or application software.
No, the ISPs merely sell the channel through which the home computers
get infected with
Its not a technical problem (although engineers seem to like to think
everything is), its a legal issue with Microsoft's lawyer and licenses.
I realize it's not a technical problem, although I suspect there are
some technical twiddles that could help, e.g., persuading Microsoft to
put the
I'd like to but I don't know of a practical way to measure the
impact of domain tasting on my services: how can I do 6 million
whois lookups to analyse a day's logs to find what proportion of our
email comes from tasty domains?
Probably not much. Domain tasting requires a registrar who is
Hmmm. Who exactly is The Internet Innovation Alliance?
http://www.internetinnovation.org/
The domain is registered to Larry Irving in D.C., who was an
assistant commerce secretary in the Clinton administration.
A little googlage finds this op-ed piece from last May.
On one hand, the amount of content that is 'live' or 'continuous' and
suitable for multicast streaming isn't s large percentage of overall
internet traffic to begin with. So the effect of moving most live
content to multicast on the Internet would have little overall
effect.
I'm wondering how
In article [EMAIL PROTECTED] you write:
I second the motion to recognize Dinosaur BBQ. All those in favor?
Dinosaur is swell, but it's in Syracuse.
Perhaps you could pick one that's reachable by subway instead.
Dinosaur is swell, but it's in Syracuse.
Perhaps you could pick one that's reachable by subway instead.
Oh, all right, as about 47 people have pointed out, they have a branch
on 131st St. The barbeque is not bad. I eat it at the NY State Fair
every year.
On the other hand, I would think that
I also want to 2nd Little Italy and the NY Museum of Natural
History/Hayden Planetarium as must sees if you've never been to NY. ...
Considering the nerdy tendencies of this crowd, I can't see how one
would omit a trip to the NYC Transit Museum, which chronicles the
history of what was in
Is there any full disclosure clause in ICANN member contracts such
that gifts from, or stock in, a Registrar would be declared?
Since ICANN doesn't have members, no.
R's,
John
Some people are going to get very rich over this.
How do you know this? Judging by the past experience of TLDs
there will not be a rush of customers but there will be a rush
of people trying to make a buck.
You might enjoy my blog entries about the .TRAVEL domain:
http://www.gtld-mou.org/gtld-discuss/mail-archive/00990.html
The SNR in the gtld WG was very low, which I think may have been an
influencing factor.
Yeah, it was dominated by a bunch of small-scale amateur greedy
speculators, while the solution was ICANN which is dominated by a
bunch of
Hey, please don't ignore .tv. No cruft from me, at least.
The two letter country codes are a swamp all of their own, with no help
from ICANN.
I hear that Tuvalu approximately doubled its GNP the year they sold the
rights to .tv.
R's,
John
event the question of to what extent a domain name is a
trademark or other identifier with scope beyond the DNS has been
argued and litigated for over a decade, and we're not going to resolve
it here.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of The Internet for
Dummies
That's the phrase I was thinking of -- sunrise period.
All of you would get first dibs -- I don't have a good idea how it would
actually be doled out or purchased. But at least you three would be first
in the ring, before speculator xyz had a chance.
But in my case, iecc.net already belongs
So should I have bounced all 4,602? Since ninety some percent of them
came from forged addresses that would not only be pointless but would
be contributing to the problem (and get us into bl.spamcop.com).
Of course not. You should have rejected them.
Note that rejection doesn't keep you
, here's a
quiz. How many names are there in the root zone right now?
a) 11
b) 97
c) 153
d) 280
e) 974
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of The Internet for
Dummies,
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
More Wiener schnitzel, please, said
In article [EMAIL PROTECTED] you write:
Terribly stupid question, but one aproppos to this thread.
If my company pays for and registers a new TLD, let's
call it smtp for grins, and I create an A record for smtp.
in my top level zone file, how will users outside my company
resolve and reach that
. ^_^;
Too bad. You might try writing the guy whose address is [EMAIL PROTECTED] (yes, his
name is Ian) and see what his experience has been.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of The Internet for
Dummies,
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex
The real solution to the scorched earth problem is for aging from
blacklists to be dynamic.
Um, this isn't exactly a revolutionary idea. Almost without
exception* the blacklists that are widely used have some sort of
age-out so that the remove addresses that don't continue to show bad
behavior.
In article [EMAIL PROTECTED] you write:
Sort of makes one wonder how the US came to have ubiquitous roads, or
power, or water distribution...
Oh, but that's different. They were important.
That's one of the reasons many of them incorporate as non-profits...
Under the tax laws of most countries, the U.S. and Canada included,
non-profits are legaly protected against acquisition by for-profits.
Do any of these operations post their tax returns online?
In the US, every non-profit
And don't be so hard on the ITU folks, the only thing they want to
break is the monopoly of IP address allocation.
That's OK with me if they're willing to let the IETF break the
monopoly on telephone number allocation.
R's,
John
Some NDA's require that you must state your intent for each
communication that should be covered by the NDA.
I can believe that such NDAs may exist, but I'm pretty sure I didn't
sign one as a condition of subscribing to nanog. In reality,
boilerplate confidentiality notices merely document the
registrars and choose the one that
best meets your needs.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
More Wiener schnitzel, please, said Tom, revealingly.
Whats a dns trapper ?
A transparent proxy that intercepts DNS requests and provides edited
results intended to improve your customer experience, typically
defined as returning A records for web servers full of advertisements
when you were expecting something else.
The unfortunate fact is that if
It was always pretty robust due to the BIND code, thanks to ISC, and
the fact it was always IPV4 AnyCast.
$ asp 4.2.2.2 # look it up in routeviews
4.0.0.0/9 ASN 3356, path 3549 - 3356
Wow, that's a heck of an anycast block.
R's,
John
Hrm.. Maybe I misunderstood. Are the packets being intercepted, or
is the problem the local resolvers?
Both, probably. Hotel networks often intercept all port 53 traffic not
out of malice, but so that they won't get support calls from people whose
PCs have poorly configured DNS often pointing
When we licensed Spamhaus a few years back, they required us to
set-up a DNS slave server instead of querying against their public
server. They had a special DNS client that allowed partial zone
updates. Turns out we downloaded huge hourly updates.
They now give you the choice of rsync or queries
In article 4b7da21c.1060...@foobar.org you write:
On 18/02/2010 10:40, Michelle Sullivan wrote:
They seem to be doing that a lot of late. They also contacted my
employer and demanded $100k/yr(?) for having a Use Spamhaus RBL in our
software.
I sympathise. It's very frustrating when you try
I don't know what your spam intake looks like but in mine, 5% to 10%
can't be ranked high confidence until checked by an eyeball mark 1.
In my system, that fraction is a candidate for a bounce...
In mine, it's a candidate for a rejection at SMTP time.
I now do nearly all of my spam filtering
For the purpose of the following two paragraphs, pretend for the moment
that you operate a business selling stuff via an email address
sa...@example.com. For dramatic effect, assume your children will
starve if you are not able to sell anything.
Further, pretend that you have really annoyed
Maybe I'm mistaken, but it appears each end user has to buy the
service for their own mail servers, and the ISP isn't allowed to
bypass that. For the purpose of the agreements with spamhaus, an ISP
customer is probably considered a third party, and making a rbldns
server available to them is
To the best of my knowledge, MAPS was the first to do it. Uribl.com
currently does it (and does the sort of query aggregation across your
entire? network) that I mentioned.
Can you access MAPS without a subscription at all?
No. A low level subscription is pretty cheap, and I used to have
In article fddc4e5f9aeda526d68b236708b0d...@yyc.orthanc.ca you write:
s...@cs.columbia.edu:
I am seriously suggesting that a redirect mechanism -- perhaps the
email equivalent of HTPP's 301/302 -- would be worth considering.
We already have SMTP's 221 and 521 response codes for this. But because
Unfortunately the links cited are in Hebrew so I'm only going on Gadi's
report here.
Google Translate is your friend. Yes, even on MS Word documents
written in Hebrew.
R's,
John
There is much political froth being stirred up here.
I don't see what the big deal is. It was patently unfair not to give
every country a one-digit country code like the US and Russia have.
So they don't want to make the same mistake with IPv6.
R's,
John
I've tried to get the attention of senderbase, which is claiming
activity from my address space which is in fact either un-routed or
within dynamic subscriber blocks that have outbound smtp filtering in
effect. Unfortunately, senderbase refuses to acknowledge the problem in
their database
Having made this bold claim, have you ever actually tried to run a natted
eyeball network? The last two natted eyeball networks I worked with could
never figure out which aspect of NAT hurt more: the technical side or the
business side.
My small telco-owned ISP NATs all of its DSL users, but
And when ISPs start using NAT for their customers, there will be more
problems leading to more support calls.
You say this as though they don't do it now.
R's,
John
I live in central / western New York state (think villages and farms).
You might want to start by talking to Lightlink in Ithaca, which has
been doing fixed wireless for years.
R's,
John
+ I have those numbers I can beat the pavement and find out what people
will pay for my service and then I will know based on my table if there
is a snowball's chance in hell of this working.
Don't forget that you're competing against rural ILECs that drink
deeply from the well of USF funding.
Hmm. A macro expansion for a /48 would mean
1,208,925,819,614,629,174,706,176 leaves. An interesting stress test
for name servers... :-).
My inclination would be to use a wildcard that returns something like
not-in-service.some-network.net, and let the clients add records for
the addresses they
To fix it, the .eg / .xn--4gbrim TLD registrar needs to contact the
Mozilla Foundation in order to inform the Foundation of their
official IDN name allocation policy, so that the native-script URL
display can then be switched on for their domain.
Wow, talk about layer violation.
Yeah,
It's really impressive how insular a bunch of old timers can be.
Coming up next: rants about HTML mail!
R's,
John
In article BANLkTi=v11tghfgmxstjxscjtgpb6ct...@mail.gmail.com you write:
On Mon, Apr 11, 2011 at 8:21 AM, Kevin Oberman ober...@es.net wrote:
Of late I have started to get
Some people claimed they'd have preferred it if we'd changed to the
_following_ shift rater than the preceding shift each week but never
having tried that I don't know how it would be.
I've read stuff that confirms that changing to a later shift is much
easier than changing to an earlier one.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
Delivering multicast to end users is fundamentally not hard. The
biggest issue seems to be with residential CPE (pretty much the same
problem as IPv6, really).
Well, more than that, since I don't really want my DSL pipe saturated
with TV that I'm not watching, you need some way for the CPE to
;; ANSWER SECTION:
xxx.300 IN NS a0.xxx.afilias-nst.info.
xxx.300 IN NS c0.xxx.afilias-nst.info.
xxx.300 IN NS a2.xxx.afilias-nst.info.
xxx.300 IN NS
I think that the real question is, when will people who are running
IPv4 only not be on the Internet by this definition ?
Probably never. What would be the incentive to turn off the NAT
gateways?
R's,
John
Which they should be ready to do already, since didn't the US Govt.
mandate IPv6 support sometime last century? ;)
Yeah, it runs over GOSIP.
R's,
John
Notwithstanding that, globally resolvable valid DNS names *with no dots
in them* are going to break a fair amount of software which assumes that's
an invalid case, and that is in fact a *different* situation, not triggered
by the expansion of the *generic* gTLD space.
Just to be sure I
This is the first I've heard of *the possibility of TLD registrars being
end-user internal/exclusive*.
People around ICANN have been arguing about the registry/registrar
split for years, and whether to have special rules for TLDs where one
party would own all the names. Really. If this is the
The notion of a single-component FQDN would be quite a breakage for
the basic concept of using both FQDNs and Unqualified names.
Well, you know, there's a guy whose email address has been n@ai for
many years. People have varying amounts of success sending him mail.
R's,
John
Well... Which MacDonald's?
ICANN has a 350 page draft applicant guidebook on their web site that
explains the barococo application and evaluation process here:
http://www.icann.org/en/topics/new-gtld-program.htm
Please do NOT download it or read it, since actual knowledge is so
much less fun
so did anyone have a question or is my epistolary stylistic genius sufficient
as topic of general interest?
Hi. How does ICANN seem to be reacting to the flaming arrow that the
DOC shot in front of them?
Also, the DOC letter refers to a European Commission letter from Tuesday,
which I can't
I believe the root server operators have stated (the equivalent of)
that it is not their job to make editorial decisions on what the root
zone contains. They distribute what the ICANN/NTIA/Verisign gestalt
publishes.
That has always been the case in the past. Given the level of public
A surprising number of TLDs have A records. Many are hosts with web
servers, a few are hosts with misconfigured or unconfigured web
servers (ph. and bi.), some don't respond. No TLD has an record,
confirming the theory that nobody actually cares about IPv6.
ac. 193.223.78.210
ai.
i think he's seen RFC 1034 :-). anyway, i don't see the difference between
http://sony/ and http://sony./
Neither do any of the browsers I use, which resolve http://bi/ as well
as http://dk./ just fine. Whatever problem unqualified TLD names
might present to web browsers has been around for a
Adding gtlds and opening up the root to brands effectively requires
TM holders to register/bid to protect their TM rights.
If you had read the applicant handbook, you would know that's not
true.
But I'm glad to see that people are taking my advice and continuing
the traditional uninformed nanog
How long before we see marketing campaigns urging people to only trust
.band and that .com et. al. are less secure.
An interesting question. There was a group that was supposed to work
on high security TLDs. I suggested that to be usefully high
security, the registry should make site visits to
Simple hostnames as, global identifiers, were supposed to cease
to work in 1984.
Can you point out where that is stated?
jaap
RFC 897.
I see where it says that all of the hosts that existed in 1984 were
supposed to change their names to something with at least two
My feeling is that (paraphrasing here) we might get blocked
occasionally and we need this many IPs on our MTAs because they
can't handle the load are *not* legitimate reasons for requesting
so many addresses.
It is definitely not your job to help spammers evade blocking. If
someone's
They have inquired about IPv6 already, but it's only gone so far as
that. I would gladly give them a /64 and be done with it, but my
concern is that they are going to want several /64 subnets for the
same reason and I don't really *think* it's a legitimate reason.
No legitimate mailer needs more
An organization that blocks 90% of spam with no false positives is
incredibly useful.
Using a greylisting system is equally effective without the black
list part.
Hi. I'm the guy who wrote the CEAS paper on greylisting.
Greylisting is useful, but anyone who thinks it's a substitute for
do you want to issue a RFC that bans search lists?
Personally, I think search lists are a mistake and don't use them.
You're in good company. It's hard to find a modern mail system that
allows abbreviated domain names in addresses. I just checked the mail
at AOL, Yahoo, Gmail, and Hotmail,
Lets say I want to apply for .WINE with commercial purposes, then what
is a ballpark figure for the funds/investment required ?
I wouldn't try it with less than a million bucks in hand. Beyond the
ICANN application nonsense, you'd also want to budget something for
running and promoting it for
Backups remain a tricky problem to get right.
Yeah. I've been using external USB terabyte disks, which work OK but
are irritatingly flaky.
I keep thinking that this is what tape is for, but every time I look
at AIT or LTO tapes and jukeboxes, they seem to be about a generation
behind the disks
It looks like the DHS, FEMA got this emergency wrong... by the time
it got to NYC it was the equivalent of a normal day in Scotland. I
live in Scotland...
I've been to Scotland, and I don't recall this being a daily
occurrence even in the Highlands:
In article
CAJNn=DNMrGC42i4Q_Wjvz-i9uV_4w1YnfM8vcX4g_wnXLoT=v...@mail.gmail.com you
write:
Except that this just shifts the burden of trust on to DNSSEC, which also
necessitates a central authority of 'trust'. Unless there's an explicitly
more secure way of storing DNSSEC private keys, this
2. I have yet to see any evidence this century that Yahoo cares in
the slightest about the unceasing flood of spam/phish/abuse flowing
outbound from its operation. After all, if they did, we would not
be having this conversation.
wasn't yahoo's abuse team disbanded years ago?
It was cut way
Reaching out to DNS operators around the globe. Linkedin.com has had some
issues with DNS
and would like DNS operators to flush their DNS. If you see www.linkedin.com
resolving NS to
ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS.
Any other info please reach out to me off-list.
Registrar Primary and Registrar Auditor
There are certainly registrars who are more security oriented than
Netsol. If you haven't followed all of the corporate buying and
selling, Netsol is now part of web.com, so their business is more to
support web hosting than to be a registrar.
I expect
In article 001a01ce6ef9$bf74d4a0$3e5e7de0$@iname.com you write:
It's 120M if you add the .COM and the .NET's together, both of which NetSol
is responsible for.
http://www.verisigninc.com/en_US/products-and-services/domain-name-services/
registry-products/tld-zone-access/index.xhtml
In late
The forwarding hardware is generally going to be the limit, and
that's going to be painful enough as we approach a half million
prefixes.
I would expect that we might finally see some pushback against
networks that announce lots of disaggregated prefixes. The current
CIDR report notes
I haven't read enough, but what's to stop speculators
paying the $186,000 then ...
Rather than asking random strangers, you can read the applicant
guidebook and find out what the actual rules are:
http://newgtlds.icann.org/en/applicants/agb
101 - 200 of 670 matches
Mail list logo