Time to validate the TLS configuration on your SMTP servers (was: Re: AS5 ipv6 hijack?)

OK, so that email bounced. Or will eventually because this does not go away with someone doing something: ... Deferred: 403 4.7.0 TLS handshake failed. I am posting this in public because it unfortunately is a very common problem. Debian buster was released on July 6th, 2019. It includes

Re: AS5 ipv6 hijack?

Dmitry Sherman writes: > I see ipv6 bgp hijack of our prefixes via AS5. Or misunderstood prepending attempt, like hijacks from low AS numbers often are? Bjørn

Re: login.authorize.net has A and CNAME records

Mark Andrews writes: > It shouldn’t matter. Only non-rfc-compliant servers allow A and CNAME > to co-exist at the same name. That combination was prohibited by RFC > 1034. Right. Thanks. I confused myself multiple times here ;-) The issue seems to be that the cloudflare servers takes a

Re: login.authorize.net has A and CNAME records

Bjørn Mork writes: > Seth Mattinen writes: >> On 4/6/21 11:35 AM, Arne Jensen wrote: >>> login.authorize.net. is a CNAME, but does not have any A records itself. >> >> >> This one returns A records: > > Looks like they host DNS on both cloudflare an

Re: login.authorize.net has A and CNAME records

Seth Mattinen writes: > On 4/6/21 11:35 AM, Arne Jensen wrote: >> login.authorize.net. is a CNAME, but does not have any A records itself. > > > This one returns A records: Looks like they host DNS on both cloudflare and akami, but zone contents are different on the two platforms:

Re: DoD IP Space

Ca By writes: > The 3 cellular networks in the usa, 100m subs each, use ipv6 to uniquely > address customers. And in the case of ims (telephony on a celluar), it is > ipv6-only, afaik. I certainly agree that this is easier and makes more sense. I just don't buy the "can't be done" wrt using

Re: DoD IP Space

Ca By writes: > On Wed, Feb 10, 2021 at 4:32 AM Valdis Klētnieks > wrote: > >> On Wed, 10 Feb 2021 04:04:43 -0800, Owen DeLong said: >> > Please explain to me how you uniquely number 40M endpoints with RFC-1918 >> without running out of >> > addresses and without creating partitioned networks.

Re: DoD IP Space

Owen DeLong writes: > Please explain to me how you uniquely number 40M endpoints with RFC-1918 > without running out of > addresses and without creating partitioned networks. > > If you can’t, then I’m not the one making excuses. You added "without ..." and did not explain why. This does

Re: "Hacking" these days - purpose?

For fun and/or profit. Like the purpose always has been. Note that the definition of fun will vary. But overcoming a challenge of some sort is almost universally considered "fun". Bjørn

Re: Centurylink having a bad morning?

Eric Kuhnke writes: > There's a number of enterprise end user type customers of 3356 that have > on-premises server rooms/hosting for their stuff. And they spend a lot of > money every month for a 'redundant' metro ethernet circuit that takes > diverse fiber paths from their business park office

Re: Ipv6 help

Brian Johnson writes: >> 1) It needs *much less* IPv4 addresses (in the NAT64) for the same number of >> customers. > > I cannot see how this is even possible. If I use private space > internally to the CGN, then the available external space is the same > and the internal customers are the same

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

What problem are you trying to solve? Bjørn

Re: Ipv6 help

Brandon Martin writes: > On 8/25/20 3:38 PM, JORDI PALET MARTINEZ via NANOG wrote: >> This is very common in many countries and not related to IPv6, but >> because many operators have special configs or features in the CPEs >> they provide. > > I really, really hate to force users to use my

Re: understanding IPv6

On Sun, Jun 7, 2020 at 2:00 AM Fred Baker wrote: > I'm sorry you have chosen to ignore documents like RFC 3315, which is > where DHCP PD was first described (in 2003). It's not like anyone's > hiding it. Erhm, you probably meant RFC 3633 (also 2003). There was no PD in the original DHCPv6

Re: understanding IPv6

Daniel Sterling writes: > In all seriousness, I have been trying to understand IPv6 for a long > time, and the documentation that I read (again, admittedly not often > RFCs, but certainly Wikipedia, linux distro docs, etc) never mentioned > DHCP PD, or at least never mentioned it as something

Don't email clients have a kill file?

At the risk of starting an off topic discussion here, but am I the only one who'd like to see more plonks and less troll feeding? I miss Usenet. Bjørn

Re: Are underground utility markers essential workers?

Nick Hilliard writes: > we have a very poorly-defined idea of what constitutes an "essential > worker" I thought "management" was the definition of non-essential workers. Who else would have a job without being essential/critical for day-to-day business? Bjørn

Re: free collaborative tools for low BW and losy connections

Nick Hilliard writes: > nntp is a non-scalable protocol which broke under its own > weight. How is nntp non-scalable? It allows an infinite number of servers connected in a tiered network, where you only have to connect to a few other peers and carry whatever part of the traffic you want.

Re: Gmail email blocking is off the rails (again)

"John Levine" writes: > Google accepts my mail just fine, including from my mailing lists. > Their goal is to make their users happy by accepting the mail the > users want and not the mail the users don't want. If we rule out asking the users for every mail, then that means applying statistics

Re: Disney+ Streaming

Sure. Like we all have been begging for an "Internet service" without any peering... The consumers have been begging for unbundling of content and transport. This does not imply fragmentation of either. That's a content provider straw man. It is only reasonable to assume that all content

Re: BGP over TLS

Christopher Morrow writes: > The x.509 system, to be effective here would require a TrustAnchor / > Root-of-Trust that both parties agreed was acceptable... As in a shared TrustAnchor? No. Both ends could use a simple self signed certificate and be configured to trust the other. A hash of

Re: BGP over TLS

Jeffrey Haas writes: > Exactly how the cert lifetime interacts with peering sessions is > likely to be several flavors of ugly. If you pin the key, then there is no reason to care about expiration. You could define the certificate as valid for as long as the pinned key matches. This is

BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing")

Christopher Morrow writes: > isn't julien's idea more akin to DOT then DOH ? Yes, and I really like Julien's proposal. It even looks pretty complete. There are just a few details missing around how to make the MD5 => TLS transition smooth. Sorry for any confusion caused by an attempt to make

Re: "Using Cloud Resources to Dramatically Improve Internet Routing"

Julien Goodwin writes: > On 20/10/19 11:08 pm, Bjørn Mork wrote: >> Hank Nussbacher writes: >>> On 07/10/2019 17:42, Stephane Bortzmeyer wrote: >>>> On Fri, Oct 04, 2019 at 03:52:26PM -0400, >>>> Phil Pishioneri wrote >>>> a message o

Re: "Using Cloud Resources to Dramatically Improve Internet Routing"

Hank Nussbacher writes: > On 07/10/2019 17:42, Stephane Bortzmeyer wrote: >> On Fri, Oct 04, 2019 at 03:52:26PM -0400, >> Phil Pishioneri wrote >> a message of 9 lines which said: >> >>> Using Cloud Resources to Dramatically Improve Internet Routing >>> UMass Amherst researchers to use

Re: Elad Cohen

Jon Sands writes: > On 9/19/2019 6:12 AM, Ronald F. Guilmette wrote: >> >> I just want to ruling on this. Am I the first and only person who has ever >> received a cartooney directly on the NANOG list? > > I can't remember if it was over NANOG or not, but back in 2010 a good > friend of mine

Re: Mx204 alternative

Mark Tinka writes: > The MX80 and MX104 have no business being in any modern conversation > these days :-). Except for the other MX-80, of course, which are better than ever. https://en.wikipedia.org/wiki/MX-80 Bjørn

Re: Protecting 1Gb Ethernet From Lightning Strikes

Måns Nilsson writes: > /Måns, has 6 pairs 9/125 between garage and house at home. Now you made me worry that my single OM4 pair to the garden shed might be insufficient ;-) Bjørn

Re: SFP supplier in Europe?

nanog-...@mail.com writes: > Unfortunately Fiberstore is what led me to ask about alternative > suppliers. Fiberstore actually ships in their Bidi SFPs from Asia Odd. They have lots of different BiDi SFFs "in Stock, EU Warehouse" according to https://www.fs.com/de-en/c/bidi-sfp-89 > and lead

Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

Stephen Satchell writes: > On 3/5/19 2:54 AM, Thomas Bellman wrote: >> Out of curiosity, which operating systems put anything useful (for use >> in ECMP) into the flow label of IPv6 packets? At the moment, I only >> have access to CentOS 6 and CentOS 7 machines, and both of them set the >> flow

Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

Måns Nilsson writes: > NS5 > 21 > DNSKEY3 > SPF 1 > A 28 > NSEC 62 > AFSDB 3 > RP1 > MX2 > CNAME 9 > SOA 2 > RRSIG 147 > TXT 6 > SSHFP 14 > SRV 20 > DS4 > Total:16 rrtypes in zone No TLSA records? Bjørn

Re: A Deep Dive on the Recent Widespread DNS Hijacking

Bill Woodcock writes: > We need to get switched over to DANE as quickly as possible, and stop > wasting effort trying to keep the CA system alive with ever-hackier > band-aids. Sure. Just won't happen as long as there is money left in the CA business. Bjørn

Re: sendmail.cf

b...@theworld.com writes: > The predecessor to sendmail was delivermail, 1979, also written by > Eric Allman. > > https://en.wikipedia.org/wiki/Delivermail Damn. Now you made me read RFC801 and wonder why we didn't have an updated version for the IPv6 transition. Or: Where would the Internet

Re: DNS Flag Day, Friday, Feb 1st, 2019

Mark Andrews writes: > I’ve been complaining for YEARS about lack of EDNS compliance. Didn't help. bjorn@miraculix:~$ dig +edns=42 +noednsnegotiation @1.1 ; <<>> DiG 9.11.5-P1-1-Debian <<>> +edns=42 +noednsnegotiation @1.1 ; (1 server found) ;; global options: +cmd ;; Got answer: ;;

Re: the e-mail of the future is the e-mail oft the past, was Enough port 26 talk...

Miles Fidelman writes: > Ever since the net went commercial, we've been seeing more and more > walled gardens - driven by folks with an economic advantage to > segmenting & capturing audiences.  Whenever someone talks about how > great some new technology is, I'm always reminded to "follow the >

Re: Enough port 26 talk...

Yes. What is all the fuzz about? Email will be as dead as USENET in a couple of years anyway. Welcome to the age of "feeds". You may cry now. Bjørn

Re: WIndows Updates Fail Via IPv6

John Von Essen writes: > I recently go a Linksys home wifi router, by default it enables ipv6 > on the LAN. If there is no native IPv6 on the WAN side (which is my > case since FiOS doesnt do v6 yet) the Linksys defaults to a v6 tunnel. Could this be a 6RD tunnel requested by your ISP using

Re: bloomberg on supermicro: sky is falling

"Naslund, Steve" writes: > It only proves that you have seen the card at some point. Useless. It doesn't even prove that much. There is nothing preventing a rogue online shop from storing and reusing the CVV you give them. Or selling your complete card details including zip code, CVV and

Re: Service provider story about tracking down TCP RSTs

William Herrin writes: > On Sun, Sep 2, 2018 at 6:06 AM, Bjørn Mork wrote: >> William Herrin writes: >>> https://bill.herrin.us/network/anycasttcp.html >> >> I didn't see a security section in your document. Did you consider the >> side effects of this

Re: Service provider story about tracking down TCP RSTs

William Herrin writes: > BTW, for anyone concerned about an explosion in state management > overhead, the TL;DR version is: the anycast node which first accepts > the TCP connection encodes its identity in the TCP sequence number > where all the other nodes can statelessly find it in the

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

Brian Kantor writes: > On Tue, May 15, 2018 at 05:34:31AM -0400, Rich Kulawiec wrote: >> On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: >> > TL;DR = Don't use HTML email [snip] >> >> That's enough right there. HTML markup in email is used exclusively >>

Re: IPv4 and IPv6 hijacking by AS 6

Randy Bush writes: >> I believe we've seen bogus low AS number announcements a few times >> before, and they've usually been caused by attemts to configure >> AS path prepending without understanding and/or reading the docs. >> >> Someone might have wrongly assumed that >> >>

Re: IPv4 and IPv6 hijacking by AS 6

Anurag Bhatia writes: > Similar for AS2. I believe we've seen bogus low AS number announcements a few times before, and they've usually been caused by attemts to configure AS path prepending without understanding and/or reading the docs. Someone might have wrongly

Re: Why doesn't "Cloudflare 1.1.1.1" compress root answers?

Anurag Bhatia writes: > Never realised of such compression on answered. Is this is something well > documented? Curious. https://tools.ietf.org/html/rfc1035#section-4.1.4 Bjørn

Why doesn't "Cloudflare 1.1.1.1" compress root answers?

At first I thought they had disabled compression: bjorn@miraculix:~$ dig . ns @1.1.1.1|grep SIZE ;; MSG SIZE rcvd: 431 bjorn@miraculix:~$ dig . ns @8.8.8.8|grep SIZE ;; MSG SIZE rcvd: 239 bjorn@miraculix:~$ dig . ns @9.9.9.9|grep SIZE ;; MSG SIZE rcvd: 239 But then I noticed that they

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Owen DeLong <o...@delong.com> writes: >> On Mar 2, 2018, at 3:17 AM, Bjørn Mork <bj...@mork.no> wrote: >> >> Owen DeLong <o...@delong.com> writes: >> >>> What can you do with ULA that GUA isn’t suitable for? >> >> 1) get >> 2

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Owen DeLong writes: > I don’t agree that making RFC-1918 limitations a default in any daemon makes > any > sense whatsoever. +1 One of the more annoying anti-features I know of in this regard is the dnsmasq rebind "protection". It claims to protect web browsers on the LAN

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Owen DeLong writes: > What can you do with ULA that GUA isn’t suitable for? 1) get 2) keep 3) move Granted, many of us can do that with GUAs too. But with ULA those features are avaible to everyone everywhere. Which is useful for a number of applications where you care

Re: Incoming SMTP in the year 2017 and absence of DKIM

Steve Atkins <st...@blighty.com> writes: >> On Nov 30, 2017, at 1:22 AM, Bjørn Mork <bj...@mork.no> wrote: >> >> "John Levine" <jo...@iecc.com> writes: >> >>> Broken rDNS is just broken, since there's approximately no reaso

Re: Incoming SMTP in the year 2017 and absence of DKIM

"John Levine" writes: > Broken rDNS is just broken, since there's approximately no reason ever > to send from a host that doesn't know its own name. rDNS is not a host attribute, and will therefore tell you exactly nothing about the host. Bjørn

Re: Google DNS intermittent ServFail for Disney subdomain

David Sotnick writes: > Gotta love it when a problem is solved, by the OP, within an hour of > resorting to mailing the NANOG community. That's the way it is. Posting to a public forum always make you think about the issue a second time, and that's what it takes. The

Re: BGP Optimizers

Job Snijders writes: > Using a BGP > optimizer is essentially trading a degree of risk to society for the > purpose of saving a few bucks or milliseconds. It is basically saying: > "The optimizer helps me, but may hurt others, and I am fine with that". People drive SUVs. Bjørn

Re: Google DNS --- Figuring out which DNS Cluster you are using

Stephane Bortzmeyer writes: > On Thu, Aug 24, 2017 at 10:53:58AM +1000, > Mark Andrews wrote > a message of 39 lines which said: > >> If Google was being sensible the servers would just return the >> information along with the answer. They all support EDNS.

Re: Some advice on IPv6 planning and ARIN request, please

Mark Andrews writes: > If I had 32 departments and were wanting to give them equal sized > allocations then I'd give them a /53 each which is 2064 subnets > each. It isn't that hard to do 8 delegations in the reverse tree > for each of the 32 departments. Delegation on nibble

Re: Some advice on IPv6 planning and ARIN request, please

"Radu-Adrian Feurdean" writes: > No, but I assume IPv6 is still subject to common-sense. I don't see how you can make that assumption. If common sense had been applied, then people would have realized that there are more important parameters than address

Re: Question to Google

Todd Underwood writes: > On Mon, May 15, 2017 at 8:43 AM, Stephane Bortzmeyer > wrote: > >> >> There are many zones (including your isc.org) that have several name >> servers dual-stacked, and they didn't notice a problem. Furthermore, >> since the DNS is

Re: BCP for securing IPv6 Linux end node in AWS

Alarig Le Lay writes: > So, my advise is simply to not filter ICMP and ICMPv6. And by the way, > why do want to filter ICMP? You will not be DDoSed with pings. I tend to agree. But if you still want to do it, then there is some advice in

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

William Herrin writes: > On Fri, Mar 17, 2017 at 7:52 AM, Romeo Zwart wrote: >> RIPE NCC have issued a statement about the issue here: >> >> https://www.ripe.net/ripe/mail/archives/dns-wg/2017-March/003394.html >> >> Our apologies for the inconvenience caused.

Re: IPv6 Residential Deployment Survey

Got as far as the second page, where I was met by the question "What technology is used for the customer link ? Choose one of the following answers " Come on... One technology per ISP? In what world is that? Bjørn John Curran writes: > NANOGers - > > If you

Re: Stop IPv6 Google traffic

b...@theworld.com writes: > It seems like every technical list is over-run with > meta-conversations, how do I (blah), WHY WOULD YOU WANT TO (blah)?!?! It is reasonable to expect anyone asking for help to describe the process leading up to the situation where they are stuck. I'd say it is rare

Re: IPV6 planning

Owen DeLong writes: >> On Mar 7, 2016, at 16:01 , Alarig Le Lay wrote: >> >> It’s not exactly specific to Windows, dhcpcd use a something like that >> (my IPv6 is 2a00:5884:8316:2653:fd40:d47d:556f:c426). And at least, >> there is a RFC related to that,

Re: Devices with only USB console port - Need a Console Server Solution

Erik Sundberg writes: > Just some follow up on this one. I have also posed in the C-NSP list > > Yes you do need to have this kit to have serial console, No a normal > USB-DB9 Console adapters do not work. Which could be because the driver for that particular Console

Re: Devices with only USB console port - Need a Console Server Solution

Christopher Morrow writes: > seems like a total improvement swapping 1 well known, simple cable for > 2... > > hurray progress? The USB port is probably cheaper than anything else. And it gives them more flexibility. No need for both an RS232 and Ethernet console

Re: Equipment Supporting 2.5gbps and 5gbps

"Alex Hargrove" writes: > I just purchased some empty Intel X520-DA2 cards and then picked up > the E10GSFPSR-compatible optics for them from Fiberstore. Note that this requirement is implemented in the driver. YMMV depending on OS, but in Linux you can disable it with

Re: SMS gateways

Adam Kennedy writes: > I picked up two of the AT "Beam" USB devices that use the LTE network. > Netgear is the listed manufacturer and has firmware for the units that > makes them usable on Linux. I loaded the driver for those into a Debian box > and I'm able to use

Re: Deploying IPv6 in an ISP network [ was: Best Source for ARIN Region /24 ]

Baldur Norddahl writes: > Note that 12 is "0b" in hexadecimal. Only when gravity is negative IIRC. Bjørn

Re: Looking for Yahoo eMail contact

Elizabeth Zwicky via NANOG writes: > "permanently deferred" Does not compute :) Bjørn

Re: IPv4 shutdown in mobile

Mikael Abrahamsson writes: > North America is by far the leader in number of IPv6 enabled customers > which > > https://www.stateoftheinternet.com/trends-visualizations-ipv6-adoption-ipv4-exhaustion-global-heat-map-network-country-growth-data.html#networks > > shows. On the

Re: Nat

Owen DeLong writes: >> On Dec 20, 2015, at 08:57 , Mike Hammett wrote: > >> The idea that there's a possible need for more than 4 bits worth of >> subnets in a home is simply ludicrous and we have people advocating >> 16 bits worth of subnets. How does that

Re: DHCPv6 PD & Routing Questions

Mark Andrews writes: > The DHCP server usually is sitting > in a data center on the other side of the country with zero ability > to inject approptiate routes. Not too sure about that. At least, that's not what we do. We run the DHCPv6 and DHCP servers on our BNGs (or BRAS or

Re: DHCPv6 PD & Routing Questions

Mark Andrews writes: > This isn't rocket science. Just use your @#!Q$# brains when you build > CPE routers. Right... Still waiting for the first CPE built like that :) Bjørn

Re: Advance notice - H-root address change on December 1, 2015

Mark Andrews writes: > The [func] below are bug fixes / security fixes. Umh, using a very relaxed definition maybe... I was very happy to see this feature added in 9.9.8, and I can certainly agree that it is security related. But I hardly think it is suitable for the strict "no

Re: DNSSEC and ISPs faking DNS responses

Jean-Francois Mezei writes: > The Québec government is wanting to pass a law that will force ISPs to > block and/or redirect certain sites it doesn't like. BTDT. See https://torrentfreak.com/pirate-sites-must-pay-legal-costs-of-own-blockade-court-rules-150902/

Re: IP-Echelon Compliance

Seth Arnold writes: > Please feel free to get in touch with us to request changes. > > Expedited processing of your requests is offered through the Notice Recipient > Management for ISPs section of our website located here: > http://www.ip-echelon.com/isp-notice-management/

Re: IPv6 Subscriber Access Deployments

Owen DeLong writes: > Sure, but this is a useless savings that comes at the cost of awkward > traceroute output > that will initially confuse your new employees and consistently confuse your > customers. Like MPLS or asymmetric routing... Noone wants unnecessarily confused

Re: Yet Another BGP (Border Gateway Protocol) Python Implementation

Randy Bush ra...@psg.com writes: perhaps dissing someone for their free code is even ruder than not doing ipv6 in 2015? you don't have to use either. Definitely. In any case, one advantage of open sourcing stuff is that you can always answer such comments with a simple Patches welcome!

Re: Supplier 100/200Mbps on Canarias Is.

Marco Paesani ma...@paesani.it writes: I need a supplier on Canarias Is, do you have some info ? http://www.d-alix.com/ Bjørn

Re: Reverse DNS RFCs and Recommendations

Mark Andrews ma...@isc.org writes: That said it is possible to completely automate the secure assignment of PTR records. It is also possible to completely automate the secure delegation of the reverse name space. See http://tools.ietf.org/html/draft-andrews-dnsop-pd-reverse-00 I like that.

Re: IP4 address conservation method

Jimmy Hess mysi...@gmail.com writes: The kernel has its defaults, but distribution vendors such as Redhat/Ubuntu/Debian, are free to supply their own defaults through sysctl.conf or their NetworkManager packages or network configuration scripts... It's interesting to note they have so

Re: IP4 address conservation method

William Herrin b...@herrin.us writes: On Wed, Jun 5, 2013 at 6:25 PM, Ricky Beam jfb...@gmail.com wrote: I won't argue against calling Linux wrong. However, the linux way of dealing with ARP is well tuned for host and not router duty. I love Linux and use it throughout my work but I can't

Re: What do people use public suffix for?

Jay Ashworth j...@baylink.com writes: - Original Message - From: John Levine jo...@iecc.com The public suffix list contains points in the DNS where (roughly speaking) names below that point are under different management from each other and from that name. It's here:

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Dobbins, Roland rdobb...@arbor.net writes: On Nov 29, 2012, at 12:18 AM, Bjørn Mork wrote: But I will absolutely refuse the idea that anyone incapable of getting their application tested with IPv6 are able to create any useful networking software. Who's talking about 'networking software

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Dobbins, Roland rdobb...@arbor.net writes: On Nov 29, 2012, at 4:28 PM, Bjørn Mork wrote: If it doesn't do IPv4 then I don't see the need for IPv6 support. To me, 'networking software' software which happens to access the network. Quagga is an example of 'networking software'. OK

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

david raistrick dr...@icantclick.org writes: On Tue, 27 Nov 2012, Jeroen Massar wrote: As for actually getting IPv6 at home or at work, there are so many ways to get that, thus not having it is a completely ridiculous excuse. bull. explain using a tunnel broker to anyone who isn't a network

Re: Big day for IPv6 - 1% native penetration

Mikael Abrahamsson swm...@swm.pp.se writes: On Tue, 27 Nov 2012, mike wrote: You're saying there are no cellular v6 deployments? I'm about 99% certain that you're wrong. I see v6 addresses in my apache logs all the time and they're almost definitely while they're not on wifi (my site uploads

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Dobbins, Roland rdobb...@arbor.net writes: On Nov 28, 2012, at 4:52 PM, Bjørn Mork wrote: Do you really want to run netowrking software written by someone incapable of setting up a test network? If you don't think you're running some piece or another of software right this minute which

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

david raistrick dr...@icantclick.org writes: On Wed, 28 Nov 2012, Bjørn Mork wrote: Do you really want to run netowrking software written by someone incapable of setting up a test network? This doesn't have anything with tunnel brokers or native access to do at all. So the software

Re: guys != gender neutral

Scott Howard sc...@doc.net.au writes: On Thu, Sep 27, 2012 at 11:10 AM, Jo Rhett jrh...@netconsonance.com wrote: Guys seem to think that it's gender neutral. The majority of women are used to this, but they have indicated to me that they don't believe it to be very neutral. Using guys is not

Re: Bird vs Quagga revisited

Seth Mattinen se...@rollernet.us writes: What's the state of MPLS on Linux these days? There was some renewed interest recently (i.e. last year). See the discussion starting at http://www.spinics.net/lists/netdev/msg180282.html But do note davem's replies in

Re: Bird vs Quagga revisited

Edward Dore edward.d...@freethought-internet.co.uk writes: They used to publish the source for their 2.4 kernel on routerboard.com (in fact, it's still available at http://routerboard.com/files/linux-2.4.31.zip), but I've not seen anything for the 2.6 kernel however and the routerboard.com

Re: job screening question

David Coulson da...@davidcoulson.net writes: Anyone else noticed their memory has gotten worse since Google came along? :) Huh? Hasn't Google always been there? Bjørn

Re: IETF - Overlapping IPv4 Address Support

You seem to have skipped a calendar page. Bjørn

Re: Huawei edge routers..

Saku Ytti s...@ytti.fi writes: I've not really used them much, I think I've just configured enough to get 6VPE working, and it worked (against CSCO and JNPR) and was easy enough to do without docs. On paper they look fine, CLI is worse than IOS, but honestly if CLI is critical to you, you're

Re: How are you doing DHCPv6 ?

Randy Carpenter rcar...@network1.net writes: DHCP is certainly not stateless, which is why there is a concept of leases, which are stored in a file. You can't have 2 servers answering for the same subnet without some sort of coordination, or you would have a potential for duplicate addresses

Re: How are you doing DHCPv6 ?

Randy Carpenter rcar...@network1.net writes: I am wondering how people out there are using DHCPv6 to handle assigning prefixes to end users. We have a requirement for it to be a redundant server that is centrally located. OK, so then you've already made your choice. Another solution is

Re: subnet prefix length 64 breaks IPv6?

sth...@nethelp.no writes: And yes, we know equipment that cannot *filter* on full IPv6 + port number headers exists (e.g. Cisco 6500/7600 with 144 bit TCAMs) - my original point was that I still haven't seen equipment with forwarding problems for prefixes 64 bits. Depends on what you

Re: Dynamic (changing) IPv6 prefix delegation

Nathan Eisenberg nat...@atlasnetworks.us writes: What does Joe Sixpack do at home with a /48 that he cannot do with a /56 or a /60? What does Joe's ISPack save the missing bits for? Bjørn

Re: Dynamic (changing) IPv6 prefix delegation

Seth Mos seth@dds.nl writes: Hello List, As a pfSense developer I recently ran into a test system that (actually) gets a IPv6 prefix from it's ISP. (Hurrah). What is bewildering to me is that each time the system establishes a new PPPoE session to the ISP they assign a different IPv6

Re: [outages] More notes

Stephane Bortzmeyer bortzme...@nic.fr writes: (Given the complexity of conditions required to trigger this issue, the probability of exploiting this defect is extremely low). Which translates to This bug has such catastrophic consequenses that we do not want to disclose how to trigger it.

Re: Performance Issues - PTR Records

Leigh Porter leigh.por...@ukbroadband.com writes: Indeed, there is no way I would allow that either. But really, providing a reverse zone and forward zone to match is a case of five minutes and a shell script or a DNS that as Steinar said, will synthesise results. It's really not all that

  1   2   >