Michael Sinatra, UCB; what are thoughts around best practices for
auth DNS server in ILNP world, and how do you handle updates for
locator values to the auth servers when a link changes?
A: you need
DNSsec to be running, you make updates, you check authenticity of the
update, etc. How
On 10/5/10 9:18 AM, Tony Finch wrote:
On Tue, 5 Oct 2010, Michael Sinatra wrote:
Hence the question: How should I provision authoritative DNS servers,
given that the prefix information is provided via DNS--including the
prefix information for the DNS servers themselves--leading to a
chicken
On 10/31/12 2:55 PM, Blair Trosper wrote:
I guess I'll be the one to ask...what's going on over at Google? Service
interruptions and front-end errors all over the place across what appears
to be all services, though Gmail seems to have bounced back up. Google's
service disruption is about to
Hi Jeff (and NANOG)
This is one of our customers, and we're going to get it fixed (or worked
around) ASAP.
michael
On 11/29/12 12:44 AM, Jeff Wheeler wrote:
I had two downstream BGP customers experience problem with an OpenBGPd bug
tonight. Before diving into detail, I would like to link
Jeff and NANOG:
We are currently dropping the bad attribute within our network (as293)
and are working with the customer to determine the origin of the
attribute (equipment, code rev, etc.). The bad attribute should not be
leaking beyond our AS at all. If you're filtering routes from AS68, you
On 04/29/13 15:38, Brzozowski, John wrote:
FYI for folks that are interested:
http://corporate.comcast.com/comcast-voices/comcast-launches-ipv6-for-business-customers
Great news!
Strangely, I (a Comcast Business customer at home) have noticed RAs
coming across my wire for several months now.
On Mon, 10 Oct 2011, Randy Bush wrote:
if it's wifi that's causing the trouble, the usual causes are:
is the complaint the hotel ROOM wireless? or the meeting-room?
meeting net, a-secure and a. really bad during the night, but still
bouncing up until 08:30 when i turned laptop off to
On 11/15/11 09:15, William Herrin wrote:
On Mon, Nov 14, 2011 at 7:35 PM, Jeroen van Aartjer...@mompl.net wrote:
William Herrin wrote:
If your machine is addressed with a globally routable IP, a trivial
failure of your security apparatus leaves your machine addressable
from any other host in
On 11/13/11 07:36, Jason Lewis wrote:
I don't want to start a flame war, but this article seems flawed to
me. It seems an IP is an IP.
http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html
I think I could announce private
On 12/20/11 06:33, Jeroen Massar wrote:
On 2011-12-20 15:17 , Steve Clark wrote:
Hello,
I have a SIXXS ipv6 tunnel that terminates in Ashburn, Va.
I have two HE ipv6 tunnels, one terminates in Dallas the other
terminate in Ashburn. I can ping each endpoint of the tunnels that
terminate
in
On 12/20/11 09:31, valdis.kletni...@vt.edu wrote:
On Tue, 20 Dec 2011 17:16:06 GMT, bmann...@vacation.karoshi.com said:
the one difference is that ISC will be shipping RPZ enabled code v.
the blackhat having to hack the machine and modify the configuration.
EIther way, the
On 12/20/11 12:22, Mark Andrews wrote:
In message4ef09908.3050...@netwolves.com, Steve Clark writes:
Hello,
I have a SIXXS ipv6 tunnel that terminates in Ashburn, Va.
I have two HE ipv6 tunnels, one terminates in Dallas the other
terminate in Ashburn. I can ping each endpoint of the tunnels
On 12/21/11 12:40, Ray Soucy wrote:
I'm afraid you're about 10 years too late for this opinion to make
much difference. ;-)
We have been running IPv6 in production for several years (2008) as
well (answering this email over IPv6 now, actually) yet I have
completely different conclusions about
On 12/22/11 16:16, Masataka Ohta wrote:
Glen Kent wrote:
While in some environments, typically with small number of devices,
its indispensable. Small businesses may not want the complexity of
setting up a central server (for DHCP) - SLAAC works very well in such
environments.
IPv6
On 12/22/11 12:09, Tomas Podermanski wrote:
We have to use SLAAC as well because we do not have other choice. Not
all operating systems supports DHCPv6 today. But we are not happy about
it (problems with privacy extensions, security as I mentioned before).
DHCPv6 do not have to be run on a
On 12/23/11 12:52, Masataka Ohta wrote:
Michael Sinatra wrote:
The only time you need to perform extra steps is when you want to run
DHCPv6. You need to enable the M and/or O flags and turn off the
'autonomous' flag (if you don't want a host to get both SLAAC addresses
and DHCPv6 addresses
On 12/23/11 13:00, Masataka Ohta wrote:
Tomas Podermanski wrote:
It sounds good, but according to RFC 6434 ( IPv6 Node Requirements)
SLAAC is required,
Not at all. SLAAC is required only if ND is supported, which
is optional.
Note that ND works poorly over link layers such as 802.11
ULA is the IPv6 equivalent of RFC1918
RFCs are standards (i.e. all of them, or RFC is synonymous with standard)
The words Internet and Web can be used interchangeably
Not only does NAT provide security, but it's NECESSARY for security.
Alternatively, you can't possibly be as secure without
On 02/16/12 05:17, Ray Soucy wrote:
I've found starting off with some history on Ethernet (Maine loves Bob
Metcalfe) becomes a very solid base for understanding; how Ethernet
today is very different; starting with hubs, bridges, collisions, and
those problems, then introducing modern switching,
On 02/15/12 23:34, Owen DeLong wrote:
I think one of the most damaging fundamental misconceptions which is
not only rampant among students, but, also enterprise IT professionals
is the idea that NAT is a security tool and the inability to conceive of the
separation between NAT (header
On 02/16/12 14:21, Chris Adams wrote:
Once upon a time, Bryan Irvinesparcta...@gmail.com said:
And watch for the removable faceplates. We've been bitten before
after a server move by rebooting a server that had the correct label
but the wrong faceplate. Now we label the faceplate as well as
On 03/07/12 16:10, Patrick W. Gilmore wrote:
On Mar 7, 2012, at 19:06 , Jim Cowie wrote:
As a meta-comment: this Quick Look style of blog is an experiment we're
trying, based on feedback that the community wanted to hear about more of these little
events as they happen. In a Quick Look,
On 03/30/12 13:41, Henry Yen wrote:
uunet/vzb will terminate its United States Newsreader and Newsfeed
services on March 31, 2012, with no plans to offer a replacement, and
any content/data remaining after that date will be unrecoverably deleted.
does anyone on NANOG have any thoughtful
On 04/06/12 10:47, Keegan Holley wrote:
Have you tried contacting the owner of the IP? A DDOS attack from that
particular IP would be ironic.
#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=72.20.23.24?showDetails=trueshowARIN=falseext=netref2
#
On 11/17/08 14:46, [EMAIL PROTECTED] wrote:
ARIN claims they are seeing /48s routed, at least in their route tables. I
have seen some new momentum on the allocation of /32's, don't know if that
is in response to rules like this?? Would be awefully difficult for our
organization to come up
On 11/18/08 9:59 AM, Jeroen Massar wrote:
Michael Sinatra wrote:
On 11/18/08 9:26 AM, Christopher Morrow wrote:
On Mon, Nov 17, 2008 at 9:02 PM, Nathan Ward [EMAIL PROTECTED] wrote:
I wish them good luck in reaching the DNS root servers.
They are in critical infrastructure space, which
On 11/19/08 14:05, Jack Bates wrote:
Nathan Ward wrote:
The problem here is XPSP2/Vista assuming that non-RFC1918 =
unfiltered/unNATed for the purposes of 6to4.
Well, deeper problem is that they're using 6to4 on an end host I
suppose - it's supposed to be used on routers.
While I don't
On 12/03/08 12:36, Larry Daberko wrote:
I am unable to resolve www.yahoo.com. Tracing DNS back from the root
servers shows that www.yahoo.com is a CNAME to www.wa1.b.yahoo.com and
there are no A records for that hostname.
Anyone have more details or a Yahoo contact? I'm unable to get to their
On 01/05/09 12:47, Randy Bush wrote:
perhaps i am a bit slow. but could someone explain to me how trust in
dns data transfers to trust in an http partner and other uses to which
ssl is put?
Because I have to trust the DNS anyway. If the DNS redirects my users
to a bad site, they may not
Nathan Anderson/FSR wrote:
Here is a brief update on the situation:
I have been in contact with someone at Microsoft's service operations
center, who has confirmed for me that MS does in fact block _all_ ICMP
at the edge of their network, that they are aware that this will in fact
break
Mark Andrews wrote:
Authoritative only servers need hints so that NOTIFY will
work in the general case.
Presumably that's because the authoritative server will want to look up
the RDATA (hostname) of each NS record that serves a zone for which it
is authoritative. Could you
On 07/10/08 11:03, Jay R. Ashworth wrote:
Another test, that apparently was publicized on some dnsops list:
dig +short porttest.dns-oarc.net TXT
The some dnsops list is the OARC public dns-operations list, and this
posting explains the tool and briefly describes the results:
On 12/25/09 7:57 AM, Anton Kapela wrote:
What I'm getting at is that after following this thread for a while,
I'm not convinced any amount of process-borrowing is going to solve
problems better, faster, or even avoid them in the first place. At
best, our craft is 1/3rd as old (if that's somehow
On 01/24/10 18:53, Mark Andrews wrote:
In message202705b1001241834l5b1911bat97ee2130f632f...@mail.gmail.com, Jorge
Amodio writes:
Good point, tomorrow/today we'll start seeing what gets broken and
hopefully why.
Regards.
Jorge
I don't expect to see much until the last root server (J)
On Wed, 8 Jun 2011, Iljitsch van Beijnum wrote:
www.juniper.net is on IPv6
www.facebook.com has but doesn't load for me over IPv6, it does for others
though
Working great for me. Getting to it via HE.
www.level3.com works fine over v4 but shows a 404 over IPv6
Yes, I am seeing
On 06/07/11 22:00, Joly MacFie wrote:
ISOC Hong Kong has a great World IPv6 Day event - Kickstart IPv6! -
starting at 2pm HKT = 0600UTC (around an hour from now) and
running 3 and a half hours.
It will be webcast live via the ISOC Chapters Livestream Channel on the
ISOC-HK site -
On 06/08/11 18:32, Jared Mauch wrote:
MYTHS:
TCP/53 is only for zone transfers ICMP is a security risk/ddos
avenue Internal networks must be secured with NAT A firewall is the
only way to secure the perimiter
In fact for IPv6, ICMP is more important vs less. Firewalls
frequently harm and
On 09/12/11 10:13, Always Learning wrote:
Primarily IP ranges to block and/or abuse email addresses.
https://www.arin.net/participate/mailing_lists/
Thank you. I will try it.
Oh, and there they also like to see your real name and not a junk mail
address. Just like on the RIPE
On 09/12/11 17:49, Jimmy Hess wrote:
I think arin-discuss would be a better place for this than arin-ppml.
You're suggesting using ARIN's private members-only mailing list over
a public one?
That doesn't make sense, because this is a public issue, not a members issue.
PPML isn't right either,
On 09/16/11 08:35, John Curran wrote:
On Sep 16, 2011, at 10:17 AM, Leigh Porter wrote:
-Original Message-
From: Randy Bush [mailto:ra...@psg.com]
Sent: 16 September 2011 16:05
To: John Curran
Cc: NANOG list
Subject: Re: Disappointing ARIN - A great advertisement for the USA ?
If
On 09/18/11 19:41, Frank Bulk wrote:
I should have made myself more clear -- the policy amendment would make
clear that multihoming requires only one facilities-based connection and
that the other connections could be fulfilled via tunnels. This may be
heresy for some.
I don't think the
Hi Justin and Roy:
On 11/13/13 12:05, Justin M. Streiner wrote:
On Wed, 13 Nov 2013, Roy hockett wrote:
Has anyone ever used a below grade vault for housing fiber cross
connects?
We have to move a fiber interconnect facility due to the current
building being demolished. If you have I
On 11/15/13 12:29, Jay Ashworth wrote:
- Original Message -
From: Michael Sinatra mich...@rancid.berkeley.edu
UC Berkeley installed 3 CEVs (Controlled Environment Vaults) below
ground on campus about 10-15 years ago. One of them houses one of the
two main fiber penetrations
On 11/15/13 13:25, Jay Ashworth wrote:
You seem to be taking this awfully personally, though, Mike; did you
*set* the policies and procedures I'm scoffing at?
I am NOT TAKING IT PERSONALLY DAMMIT!!!
Okay, now being serious (note clever way of avoiding using emoticons
while pointing out that
44 matches
Mail list logo
