Livingood, Jason jason_living...@cable.comcast.com writes:
In preparation for the World IPv6 Launch, inbound (SMTP) email to the
comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC.
Roughly one minute later, at 9:35:30 UTC we received our first
inbound email over IPv6 from
Randy Bush ra...@psg.com writes:
...
i have assiduously avoided gaining serious anti-spam fu. but it seems
to me that ipv6 does not create/enable significantly more spam-bots.
the malware will generally have complete control over the bottom 64 bits
of an ipv6 address. there's no reason to
.)
--
Paul Vixie
KI6YSY
recursives would be good to see fixed.
at the moment most attacks are using authority servers, where it's far
easier to automatically tell attack flows from non-attack flows.
--
Paul Vixie
KI6YSY
On 2012-05-30 12:53 AM, Nabil Sharma wrote:
Paul:
Where can we read details about the services ISC provided to the FBI,
and how they were compensated?
it's in the AP News article published a few weeks ago. for an example:
On 5/29/2012 10:27 AM, Stephane Bortzmeyer wrote:
On Mon, May 28, 2012 at 10:01:59PM +,
paul vixie vi...@isc.org wrote
a message of 37 lines which said:
i can tell more than that. rover is a system that only works at all
when everything everywhere is working well, and when changes
On 2012-05-29 5:37 PM, Richard Barnes wrote:
I agree with the person higher up the thread that ROVER seems like
just another distribution mechanism for what is essentially RPKI data.
noting, that up-thread person also said i havn't studied this in detail
so i'm probably wrong.
But does that
information.)
On 2012-05-30 4:24 AM, Shane Amante wrote:
On May 29, 2012, at 8:44 PM, Paul Vixie wrote:
...
the problem is in time domain bounding of data validity and data
reachability. ROVER expects you to be able to query for the information
about a route at the time you receive that route
greetings. i didn't notice this before, and i want to complete the record.
i'm paying more attention to the quoting this time, too.
On Wed, May 23, 2012 at 04:33:28PM -0400, Christopher Morrow wrote:
On Wed, May 23, 2012 at 1:40 AM, bmanning at vacation.karoshi.com wrote:
Paul will be
On 5/28/2012 11:52 AM, Randy Bush wrote:
... maybe a bit too much layer ten for my taste. ...
on that, we're trying to improve. for example, we used to forego
features that some of us found repugnant, such as nxdomain remapping /
ad insertion. since the result was that our software was less
dependency on the acceptance of a route you don't know how to
accept or reject yet.
my take-away from this thread is: very few people take RPKI seriously, but
even fewer take ROVER seriously.
--
Paul Vixie
KI6YSY
(all caught up after this.)
Jay Ashworth j...@baylink.com writes:
- Original Message -
From: paul vixie vi...@isc.org
On 5/28/2012 11:52 AM, Randy Bush wrote:
... maybe a bit too much layer ten for my taste. ...
on that, we're trying to improve. for example, we used to forego
On 5/28/2012 9:42 PM, David Conrad wrote:
On May 28, 2012, at 1:59 PM, Paul Vixie wrote:
third, rsync's dependencies on routing (as in the RPKI+ROA case) are not
circular (which i think was david conrad's point but i'll drag it to here.)
Nope. My point was that anything that uses the Internet
as well,
it would be
a HUGE leap of faith to call Paul Vixie the father of
BIND - The Berkeley Internet Naming Daemon.
Methinks we're talking at cross purposes.
maybe... :) my comment was refering to the father of bind
statement.
i don't describe myself
http://tech.slashdot.org/story/12/04/27/2039237/engineers-ponder-easier-fix-to-internet-problem
The problem: Border Gateway Protocol (BGP) enables routers to
communicate about the best path to other networks, but routers don't
verify the route 'announcements.' When routing problems erupt,
and your proposed alternative.
--
Paul Vixie
KI6YSY
, and
are not an indictment of the whole approach.
thanks for saying so.
--
Paul Vixie
publically here, or privately, as you prefer.
--
Paul Vixie
KI6YSY
several expiring terms. candidates need not be ARIN members.
please see https://www.arin.net/announcements/2011/20110725_elec.html
and think about whether who you can nominate or whether you can self-
nominate.
paul vixie
chairman, 2011 arin nomcom
:
http://www.icann.org/en/announcements/announcement-04jan08.htm
other rootops who have spoken about this have said similar/compatible things.
--
Paul Vixie
KI6YSY
first in a search list containing 'this' and 'that', where
the default search list is normally the parent domain name of your own
hostname (so for me on six.vix.com the search list would be vix.com and
so as long as dk.vix.com did not exist then http://dk/ would reach dk.)
--
Paul Vixie
KI6YSY
say inevitable; i don't know a way to avoid it
since there will be a lot of money and a lot of people involved.
--
Paul Vixie
KI6YSY
Date: Sun, 19 Jun 2011 19:30:58 -0500
From: Jeremy jba...@gmail.com
DK may not be hierarchical, but DK. is. If you try to resolve DK
on it's own, many (most? all?) DNS clients will attach the search
string/domain name of the local system in order to make it a FQDN. The
same happens when
From: David Conrad d...@virtualized.org
Date: Sun, 19 Jun 2011 16:04:09 -1000
On Jun 19, 2011, at 3:24 PM, Paul Vixie wrote:
i think we have to just discourage lookups of single-token names,
universally.
How?
that's a good question. marka mentioned writing an RFC, but i expect
Date: Sun, 19 Jun 2011 19:22:46 -0700
From: Michael Thomas m...@mtcc.com
that's a good question. marka mentioned writing an RFC, but i expect
that ICANN could also have an impact on this by having applicants sign
something that says i know that my single-label top level domain name
Date: Sun, 19 Jun 2011 22:32:59 -0700
From: Doug Barton do...@dougbarton.us
... the highly risk-averse folks who won't unconditionally enable IPv6
on their web sites because it will cause problems for 1/2000 of their
customers.
let me just say that if i was making millions of dollars a day
.
That's not to say there's a route back, by any means.
i'll bet i'm not alone in seeing traffic from this prefix. as a rootop
i can tell you that we see plenty of queries from ipv4 rfc1918 as well.
--
Paul Vixie
KI6YSY
it's been a while since i looked at the query stream still hitting
{rbl,dul}.maps.vix.com. this was the world's first RBL but it was
renamed from maps.vix.com to mail-abuse.org back in Y2K or so. i
have not sent anything but NXDOMAIN in response to one of these
queries for at least ten years,
Date: Tue, 17 May 2011 11:07:17 +0200
From: Mans Nilsson mansa...@besserwisser.org
... It's not like you can even reach anything at home now, let alone
reach it by name.
that must and will change. let's be the generation who makes it possible.
I'd like to respond to this by
Date: Tue, 17 May 2011 11:49:47 -0400
From: Steve Clark scl...@netwolves.com
This is all very confusing to me. How are meaningful names going to assigned
automatically?
It'll probably be a lot like Apple's and Xerox's various multicast naming
systems if we want it to work in non-globally
Date: Mon, 16 May 2011 14:37:46 -0400
From: Jim Gettys j...@freedesktop.org
perhaps i'm too close to the problem because that solution looks quite
viable to me. dns providers who don't keep up with the market (which
means ipv6+dnssec in this context) will lose business to those who do.
From: Owen DeLong o...@delong.com
Date: Mon, 16 May 2011 16:12:27 -0700
... It's not like you can even reach anything at home now, let alone
reach it by name.
that must and will change. let's be the generation who makes it possible.
definition, matthew's observation would be correct. folks who want
to run V6 only and still be on the internet will need proxies for a long
while. folks who want to run V6 only *today* and not have any proxies *today*
are sort of on their own -- the industry will not cater to market non-forces.
--
Paul
From: Marshall Eubanks t...@americafree.tv
Date: Sat, 14 May 2011 13:02:16 -0400
I think that the real question is, when will people who are running
IPv4 only not be on the Internet by this definition ?
is there an online betting mechanism we could use, that we all think will
still be in
providers who don't keep up with the market (which means
ipv6 and dnssec in this context) will lose business to those who do.
--
Paul Vixie
KI6YSY
looks like trolling to me. if
you ask again with a real domain name and a real meatspace signature, i'll
be happy to say what i think about ntt as a service provider in the US.
--
Paul Vixie
KI6YSY
by infectable pc's means
we'll be blackholing by /64 when we blackhole in ipv6. it's no big deal.
--
Paul Vixie
KI6YSY
Date: Thu, 10 Feb 2011 01:13:49 -0600
From: Jimmy Hess mysi...@gmail.com
With them not requiring a /8 in the first place (after CIDR); one
begins to wonder how much of their /8 allocations they actually
touched in any meaningful way.
i expect that after final depletion there will be some
... what whacky kids we all were. hint: i had hair back then.)
--
Paul Vixie
KI6YSY
, Paul Vixie vi...@isc.org wrote:
Jeffrey Lyon jeffrey.l...@blacklotus.net writes:
One cannot be owned by a carrier and remain carrier neutral.
My two cents,
my experience running PAIX when it was owned by MFN was not
like you're saying.
Jeffrey Lyon jeffrey.l...@blacklotus.net writes:
One cannot be owned by a carrier and remain carrier neutral.
My two cents,
my experience running PAIX when it was owned by MFN was not like you're saying.
--
Paul Vixie
KI6YSY
at the
risks and benefits of various RPKI deployment scenarios, and we expect
to do more public and member outreach and consultation at our upcoming
meeting in san juan PR.
Paul Vixie
Chairman and Chief Scientist, ISC
Member, ARIN BoT
re:
i don't agree that that question is pertinent. in deployment
ARIN public policy meeting in
san juan PR where this is sure to be discussed both at the podium and in
the hallways and bar rooms.
Paul Vixie
Chairman and Chief Scientist, ISC
Member, ARIN BoT
Date: Sat, 08 Jan 2011 15:47:51 +0900
From: Randy Bush ra...@psg.com
...
more recent rumors, and john's posting here, seem to indicate that
...
even to the extent that i know what's really happened or happening, i'd
be loathe to comment on rumours. i have high confidence in arin's board
and
From: David Conrad d...@virtualized.org
Date: Fri, 7 Jan 2011 21:01:52 -1000
do you have a specific proposal? i've noted in the past that arin tries
hard to stick to its knitting, which is allocation and allocation policy.
Yes. This is a positive (IMHO), however it seems that
From: David Conrad d...@virtualized.org
Date: Fri, 7 Jan 2011 23:11:32 -1000
On Jan 7, 2011, at 10:24 PM, Paul Vixie wrote:
the price of changing what ARIN does is, at a minimum: participation.
Another view is that ARIN's whole and sole reason for being is to
provide services
Date: Sat, 08 Jan 2011 18:17:55 +0900
From: Randy Bush ra...@psg.com
let me be a bit more clear on this
thanks.
o you affect the operational community, you talk with (not to) the
operational community where the operational community talks
i think arin does this today. certainly
of folks would
say that's mission creep and that it would be arin poaching on nanog lands.
--
Paul Vixie
Chairman and Chief Scientist, ISC
Trustee, ARIN
John Jason Brzozowski john_brzozow...@cable.comcast.com writes:
This does not alter our plans for our native dual stack trials, in fact, I
hope to have more news on this front soon.
comcast native dual stack is working fine at my house.
traceroute6 -q1 mol.redbarn.org shows details.
blacklisting them permanently.
domains and/or cidrs, plz?
--
Paul Vixie
KI6YSY
d...@bungi.com (Dave Rand) writes:
...
With more than 100,000,000 compromised computers out there, it's really
time for us to step up to the plate, and make this happen.
+1.
--
Paul Vixie
KI6YSY
EMAIL or a note tied to
a brick, but do not prate incessantly about it on the list.
+1.
--
Paul Vixie
KI6YSY
From: David Conrad d...@virtualized.org
Date: Sun, 11 Apr 2010 13:52:24 -1000
On Apr 11, 2010, at 10:57 AM, Paul Vixie wrote:
... i'd like to pick the easiest problem and for that reason i'm urging
dual-stack ipv4/ipv6 for all networks new or old.
Is anyone arguing against this?
yes
little dance. however, for many
networks, growth is life, and for them, free pool depletion is a problem.
--
Paul Vixie
Chairman, ARIN BoT
.
nevertheless if everybody who can deploy dual-stack does so, we'll reach
that tipping point sooner and it'll be less spectacular.
--
Paul Vixie
Chairman, ARIN BoT
, we'll also have a
problem but a different problem. i'd like to pick the easiest problem and
for that reason i'm urging dual-stack ipv4/ipv6 for all networks new or old.
--
Paul Vixie
Chairman, ARIN BoT
, see http://dlv.isc.org/. Most server hosts
here run FreeBSD on AMD64/EM64T or else i386.
--
Paul Vixie
KI6YSY
to address the backscatter problem, it
ought to be along those lines, rather than everything must be synchronous.
--
Paul Vixie
KI6YSY
seem to find any online information regarding this difference of
behavior.
Enlightenment appreciated.
i suggest re-asking this over on dns-operati...@lists.dns-oarc.net, since it
a bit deep in the DNS bits for a general purpose list like NANOG.
--
Paul Vixie
KI6YSY
-- will the people who build and/or
deploy such crapware lose their jobs, or will ICANN back down from DNSSEC?
--
Paul Vixie
KI6YSY
Date: Fri, 1 Jan 2010 22:16:31 +
From: bmann...@vacation.karoshi.com
It would help if the BIND EDNS0 negotiation would not fall back to
the 512 byte limit - perhaps you could talk with the ISC developers
about that.
i don't agree that your proposed change would help
on doing what the community asks, no
less, no more. ARIN has no mechanism, as a company, for [paying]
attention to [your] collective work product. our members, and the public
at large who participates in ARIN's policy development process, do that.
--
Paul Vixie
Chairman, ARIN BoT
KI6YSY
RFC 974 today
(since i see a lot of them come to my A RR rather than an MX RR, or
in the wrong order). any well known pattern that says don't try
to deliver e-mail here will only be honoured by friend people who
don't want us to get e-mail we don't want to get.
--
Paul Vixie
KI6YSY
that a piece of e-mail had come from us using
some kind of semi-opaque H(message-id) scheme, but in studying it i
found that as usual with spam the economic incentives are all backwards.
--
Paul Vixie
KI6YSY
for people who know how to do that, then we'd all still be
using Usenet over modems. we're trying to build digital infrastructure for
all of humanity, and that means stuff like the above has to be unnecessary.
--
Paul Vixie
KI6YSY
From: David Conrad d...@virtualized.org
Date: Thu, 26 Nov 2009 07:42:15 -0800
As you know, as long as people rely on their ISPs for resolution
services, DNSSEC isn't going to help. Where things get really offensive
if when the ISPs _require_ customers (through port 53 blocking, T-Mobile
From: David Conrad d...@virtualized.org
Date: Thu, 26 Nov 2009 13:25:39 -0800
At some point, we may as well bite the bullet and redefine http{,s} as IPv7.
since products and services designed to look inside encrypted streams and
inspect, modify, or redirect them are illegal in most parts of
in spite of its technical suckitude i'm working on DNSSEC.)
http://queue.acm.org/detail.cfm?id=1647302 lays out this case.
--
Paul Vixie
KI6YSY
, and I listened. Probably I forgot to
thank you until now. Thanks.
--
Paul Vixie
KI6YSY
have stuck with the
longer formulation (incoherent responses crafted based on the identity of
the querier rather than on the authoritative data).
--
Paul Vixie
KI6YSY
.
http://www-uxsup.csx.cam.ac.uk/~dpc22/prayer/ is the home page. though i
found it in freebsd /usr/ports/mail/prayer.
--
Paul Vixie
KI6YSY
no big deal.
--
Paul Vixie
KI6YSY
note, i went off-topic in my previous note, and i'll be answering florian
on namedroppers@ since it's not operational. chris's note was operational:
Date: Thu, 6 Aug 2009 10:18:11 -0400
From: Christopher Morrow morrowc.li...@gmail.com
awesome, how does that work with devices in the
randomization first, since they do it in their kernel
when you try to bind(2) to port 0. most kernels are still very predictable
when they're assigning a UDP port to an outbound socket.
--
Paul Vixie
KI6YSY
than fire,
where a lawsuit could recover some losses and firing someone usually won't.
digital security is getting a lot of investor attention right now. i wonder
if this will ever consolidate or if pandora's box is just broken for all time.
--
Paul Vixie
KI6YSY
. this is rocket
science.
to me wisely means backfilling 80% of what the Good Guys do that isn't
rocket science. (most A's are not doing only what only A's can do.)
--
Paul Vixie
KI6YSY
, if wisely deployed, could bridge that gap. the
key to all this is therefore not really neurons but rather wiselyness.
i promise to, um, mention this, or maybe more, in my nanog-philly keynote.
--
Paul Vixie
KI6YSY
know this -- the difference
is that the Good Guys try not to think about this whereas the Bad Guys think
about it all the time.
--
Paul Vixie
KI6YSY
with an LCD. everything else that's
still worth plugging in (that is, having a power/heat cost per performance
better than that of a blow dryer) doesn't care what voltage it lives on.
--
Paul Vixie
KI6YSY
Pshem Kowalczyk pshe...@gmail.com writes:
(answers can be off-list)
See http://www.vix.com/personalcolo/. (updates still welcomed, btw.)
--
Paul Vixie
KI6YSY
/ \
ftp://gatekeeper.research.compaq.com/pub/misc/vixie/
since the ftp server mentioned here in 1996
http://www.merit.edu/mail.archives/nanog/1996-08/msg00223.html
is dead.
--
Paul Vixie
KI6YSY
starting an IXP from scratch, a shared subnet would be just crazy talk.
--
Paul Vixie
From: Paul Vixie vi...@isc.org
Date: Sat, 18 Apr 2009 00:08:04 +
...
i should answer something said earlier: yes there's only 14 bits of tag and
yes 2**14 is 4096. in the sparsest and most wasteful allocation scheme,
tags would be assigned 7:7 so there'd be a max of 64 peers.
i meant
...@nipper.de, Paul Vixie vi...@isc.org,
na...@merit.edu na...@merit.edu
Subject: Re: IXP
Date: Sat, 18 Apr 2009 05:30:41 +
From: Stephen Stuart stu...@tech.org
Not sure how switches handle HOL blocking with QinQ traffic across trunks,
but hey...
what's the fun of running an IXP
Date: Sat, 18 Apr 2009 10:09:00 +
From: bmann...@vacation.karoshi.com
... well... while there is a certain childlike obession with the
byzantine, rube-goldburg, lots of bells, knobs, whistles type
machines... for solid, predictable performance, simple clean
Date: Sat, 18 Apr 2009 16:35:51 +0100
From: Nick Hilliard n...@foobar.org
... i just don't care if people use L2 connectivity to get to an exchange
from a router somewhere else on their LAN. They have one mac address to
play around with, and if they start leaking mac addresses towards the
Date: Sat, 18 Apr 2009 13:17:11 -0400
From: Steven M. Bellovin s...@cs.columbia.edu
On Sat, 18 Apr 2009 16:58:24 +
bmann...@vacation.karoshi.com wrote:
i make the claim that simple, clean design and execution is
best. even the security goofs will agree.
Even? *Especially*
Large IXP have 300 customers. You would need up to 45k vlan tags,
wouldn't you?
the 300-peer IXP's i've been associated with weren't quite full mesh
in terms of who actually wanted to peer with whom, so, no.
server on the west coast, and it seems like
the economy has taken out most of the old personal colo offers. Even the
old web page on www.vix.com/personalcolo is gone.
--
Paul Vixie
to communicate.)
--
Paul Vixie
Paul Ferguson fergdawgs...@gmail.com writes:
On Sat, Apr 4, 2009 at 9:55 PM, Marcelo Gardini do Amaral
mgard...@gmail.com wrote:
Guys,
are you having problems to validate DNSEC using ISC DLV?
No idea, but I did see another reference to this over on the OARC dns-ops
list:
, the failure codepaths for DLV are
inevitably not as well oiled as the success codepaths. (we're on it.)
--
Paul Vixie
where you lose me is where the attacker must always win.
Do you have a miraculous way to stop DDOS? Is there now a way to quickly
and efficiently track down forged packets? Is there a remedy to shutting
down the *known* botnets, not to mention the unknown ones?
there are no silver bullets.
a minor editorial comment:
Jens Ott - PlusServer AG j@plusserver.de writes:
Jack Bates schrieb:
Paul Vixie wrote:
Do you have a miraculous way to stop DDOS? Is there now a way to quickly
and efficiently track down forged packets? Is there a remedy to shutting
down the *known* botnets
blackholing victims is an interesting economics proposition. you're saying
the attacker must always win but that they must not be allowed to affect the
infrastructure. and you're saying victims will request this, since they know
they can't withstand the attack and don't want to be held
, and IPv6 arms that
bogeyman with nukes.
--
Paul Vixie
at it.
--
Paul Vixie
likewise.
--
Paul Vixie
. It is now part of every nation's and everbody's critical
infrastructure. It needs to be engineered and operated better so that it
does not end up partitioning for dumb reasons.
that sounds like justification for government regulation, if true.
--
Paul Vixie
notice. None of
us who aren't parties to the dispute can do other than wonder, ponder, guess.
--
Paul Vixie
1 - 100 of 141 matches
Mail list logo