Re: Yet another Quadruple DNS?

--- bortzme...@nic.fr wrote: From: Stephane Bortzmeyer Rich Kulawiec wrote a message of 10 lines which said: > Watch what you wish for: you might get it. The number of > attack/abuse vectors (and the severity of their consequences for > security and privacy) involved in doing auto-update

Re: Yet another Quadruple DNS?

ebersman> In the pipe dream category, it would be great to think that as ebersman> IoT becomes unavoidable, we'll get more boxes that do ebersman> auto-update. rsk> Watch what you wish for: you might get it. The number of rsk> attack/abuse vectors (and the severity of their consequences for rsk>

Re: Yet another Quadruple DNS?

On Tue, Apr 03, 2018 at 10:54:34AM -0400, Rich Kulawiec wrote a message of 10 lines which said: > Watch what you wish for: you might get it. The number of > attack/abuse vectors (and the severity of their consequences for > security and privacy) involved in doing auto-update may rival those >

Re: Yet another Quadruple DNS?

On Tue, Apr 03, 2018 at 08:21:02AM -0600, Paul Ebersman wrote: > In the pipe dream category, it would be great to think that as IoT > becomes unavoidable, we'll get more boxes that do auto-update. Watch what you wish for: you might get it. The number of attack/abuse vectors (and the severity of

Re: Yet another Quadruple DNS?

ebersman> And EDNS client subnet mostly works. bortzmeyer> It is awful, privacy-wise, complicates the cache a lot and bortzmeyer> seriously decreases hit rate in cache (since the key to a bortzmeyer> cached resource is no longer type+name but bortzmeyer> type+name+source_address). I was trying to

Re: Yet another Quadruple DNS?

> > This also ignores the shift if every house in the world did its own > > recursion. TLD servers and auth servers all over the world would > > have to massively up their capacity to cope. > > With my TLD operator hat, I tend to say it is not a problem, we > already have a lot of extra capacity,

Re: Yet another Quadruple DNS?

On Tue, Apr 03, 2018 at 12:09:27PM +0200, Stephane Bortzmeyer wrote: > On Tue, Apr 03, 2018 at 03:01:19AM -0700, > Brian Kantor wrote > a message of 12 lines which said: > > > > That would be a terrible violation of network neutrality. I hope > > > that such ISP will go bankrupt. > > > > On t

Re: Yet another Quadruple DNS?

On Tue, Apr 03, 2018 at 03:01:19AM -0700, Brian Kantor wrote a message of 12 lines which said: > > That would be a terrible violation of network neutrality. I hope > > that such ISP will go bankrupt. > > On the contrary: it will enable them to collect more usage > statistics and from that sel

Re: Yet another Quadruple DNS?

On Tue, Apr 03, 2018 at 11:54:36AM +0200, Stephane Bortzmeyer wrote: > On Sun, Apr 01, 2018 at 02:03:41PM -0600, > Paul Ebersman wrote > > As long as ISPs don't actually disallow running of recursive servers > > That would be a terrible violation of network neutrality. I hope that > such ISP wi

Re: Yet another Quadruple DNS?

On Sun, Apr 01, 2018 at 02:03:41PM -0600, Paul Ebersman wrote a message of 38 lines which said: > And EDNS client subnet mostly works. It is awful, privacy-wise, complicates the cache a lot and seriously decreases hit rate in cache (since the key to a cached resource is no longer type+name bu

Re: Yet another Quadruple DNS?

On Sun, Apr 01, 2018 at 09:22:10AM -0700, Stephen Satchell wrote a message of 39 lines which said: > Recursive lookups take bandwidth and wall time. The closer you can > get your recursive DNS server to the core of the internet, the > faster the lookups. I think the exact opposite is true: m

Re: Yet another Quadruple DNS?

ebersman> And yes, running your own resolver is more private. So is ebersman> running your own home linux server instead of antique consumer ebersman> OSs on consumer grade gear and using VPNs. But how many folks ebersman> can do that? ssatchell> ssatchell> I gave up on Microsoft desktop product

Re: Yet another Quadruple DNS?

> On 2 Apr 2018, at 10:32, William Waites wrote: > > > >> On 2 Apr 2018, at 02:57, Aftab Siddiqui wrote: >> >> Here is the update from Geoff himself. I guess they didn't want to publish >> it on April 1st (AEST). >> https://blog.apnic.net/2018/04/02/apnic-labs-enters-into-a-research-agreeme

Re: Yet another Quadruple DNS?

> On 2 Apr 2018, at 02:57, Aftab Siddiqui wrote: > > Here is the update from Geoff himself. I guess they didn't want to publish > it on April 1st (AEST). > https://blog.apnic.net/2018/04/02/apnic-labs-enters-into-a-research-agreement-with-cloudflare/ The research justification for a RIR to do

Re: Yet another Quadruple DNS?

On Mon, Apr 02, 2018 at 09:07:07AM +, Baldur Norddahl wrote: > The problem I see here is the five year research term after which they may > or may not revoke the use of the prefix. > > This is harmful. Such services should be stable. If you are going to let > cloudflare run this service, it sh

Re: Yet another Quadruple DNS?

The problem I see here is the five year research term after which they may or may not revoke the use of the prefix. This is harmful. Such services should be stable. If you are going to let cloudflare run this service, it should be permanent. Regards Baldur Den man. 2. apr. 2018 03.57 skrev Aft

Re: Yet another Quadruple DNS?

Here is the update from Geoff himself. I guess they didn't want to publish it on April 1st (AEST). https://blog.apnic.net/2018/04/02/apnic-labs-enters-into-a-research-agreement-with-cloudflare/ On Mon, 2 Apr 2018 at 09:51 Stephen Satchell wrote: > On 04/01/2018 01:03 PM, Paul Ebersman wrote: > >

Re: Yet another Quadruple DNS?

On 04/01/2018 01:03 PM, Paul Ebersman wrote: And yes, running your own resolver is more private. So is running your own home linux server instead of antique consumer OSs on consumer grade gear and using VPNs. But how many folks can do that? I gave up on Microsoft desktop products more than 15

Re: Yet another Quadruple DNS?

mhoppes> Why not just implement recursive cache severs on end user mhoppes> routers? Because who ever saw problems with old, unpatched code or misconfigured CPE routers? And they all use the best possible hardware and are at the end of uncongested, close to the core connections. Not. ;) mhoppes>>

Re: Yet another Quadruple DNS?

; > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > - Original Message - > > From: "Stephen Satchell" > To: nanog@nanog.org > Sent: Sunday, April 1, 2018 11:

Re: Yet another Quadruple DNS?

you can't abandon the old way. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Stephen Satchell" To: nanog@nanog.org Sent: Sunday, April 1, 2018 11:22:10 AM Subject: Re:

Re: Yet another Quadruple DNS?

On 04/01/2018 08:18 AM, Matt Hoppes wrote: Why not just implement recursive cache severs on end user routers? Why does an end user CPE need to query one or two specific DNS servers? Recursive lookups take bandwidth and wall time. The closer you can get your recursive DNS server to the core of

Re: Yet another Quadruple DNS?

Well that isnt optimal for root servers. Every cpe querying root would be waste really. Though we can copy root zone into recursive servers (not via DNS) and serve from CPEs that way. I think the real problem is restictions of networks who won’t let you run this on your devices. Mehmet On Sun,

Re: Yet another Quadruple DNS?

Do we? (Need more services like this?) Why not just implement recursive cache severs on end user routers? Why does an end user CPE need to query one or two specific DNS servers? Recursive servers like PowerDNS are extremely simple and light weight. Is there a legitimate reason things don’t j

Re: Yet another Quadruple DNS?

https://1.1.1.1 link has details of the service. No official announcement from APNIC (though Geoff replied my direct email inquiry privately) I don’t know why this prefix was handed over to any company for a service without public consultation but again this may or may not be required. I am just

Re: Yet another Quadruple DNS?

On Sat, Mar 31, 2018 at 7:08 PM, wrote: > From what I can tell, this has not been "allocated" (probably closer to a > LOA)? > All contacts and maintainers on the inetnum object are still APNIC's, > Cloudflare > does not have free access to do whatever they want here. Did you ask WHOIS?Loo

Re: Yet another Quadruple DNS?

https://www.wired.com/story/new-encryption-service-adds-privacy-protection-for-web-browsing/ On Sat, Mar 31, 2018 at 5:08 PM, wrote: > On Sat, Mar 31, 2018, at 2:18 PM, Mehmet Akcin wrote: > > > Very disappointing to see a popular prefix being allocated/reseved for > > research then being alloc

Re: Yet another Quadruple DNS?

On Sat, Mar 31, 2018, at 2:18 PM, Mehmet Akcin wrote: > Very disappointing to see a popular prefix being allocated/reseved for > research then being allocated to a company without public consultation. I > am sure APNIC community will ask APNIC Sr. management for an explanation. > > This prefix ,

Re: Yet another Quadruple DNS?

Joining the party late. Very disappointing to see a popular prefix being allocated/reseved for research then being allocated to a company without public consultation. I am sure APNIC community will ask APNIC Sr. management for an explanation. This prefix , if it will be given to any business , sh

Re: Yet another Quadruple DNS?

Hi, Le 30/03/2018 à 13:00, nanog-requ...@nanog.org a écrit : > >Date: Thu, 29 Mar 2018 09:13:06 -0400 >From: Doug Clements > >>From https://1.1.1.1/: >For IPv6: *2001:2001::* and/or *2001:2001:2001::* No, it's 1dot1dot1dot1.cloudflare-dns.com (2606:4700:4700::1001 and 2606:4700:4700:: )

Re: Yet another Quadruple DNS?

Greetings, On Fri, 30 Mar 2018, Feldman, Mark wrote: Another one for the list... We're working on fielding our quad-255 (255.255.255.255) DNS. It's currently pingable but not yet providing resolution. We're aiming for an April 1st release. One of the most widley-distributed quads out ther

Re: Yet another Quadruple DNS?

> Public DNS resolvers still help against "ordinary" > adversaries. (If your ennemy is the NSA, you have > other problems, anyway.) : I think there's ample evidence that everyone's enemy : is 'the nsa' (or other nation-state-actors) isn't : there? --- na...@ics-il.net wrote: -

Re: Yet another Quadruple DNS?

;Stephane Bortzmeyer" Cc: "nanog list" Sent: Friday, March 30, 2018 8:30:00 AM Subject: Re: Yet another Quadruple DNS? On Thu, Mar 29, 2018 at 10:32 AM, Stephane Bortzmeyer wrote: > > Public DNS resolvers still help against "ordinary" adversaries. (If > y

Re: Yet another Quadruple DNS?

On Thu, 29 Mar 2018, Seth Mattinen wrote: >I'm lazy and have been using 9.9.9.9 at home. nameserver 1.1 /mark

Re: Yet another Quadruple DNS?

On Fri, 30 Mar 2018 14:27:47 -0400, Ken Chase said: > uh, quad the f do you think you're doing?! > > you think anything.255 is routable by COTS gear? :) Obviously posted 48 hours early. :) pgpKuzBvYWA9n.pgp Description: PGP signature

Re: Yet another Quadruple DNS?

uh, quad the f do you think you're doing?! you think anything.255 is routable by COTS gear? :) maybe everyone who operates x.y/16 should be setting up their open resolvers on x.y.x.y (can i get an rfc up in the hizzy? apr 1 is rsn.) /kc On Fri, Mar 30, 2018 at 05:02:27PM +, Feldman, Mark

Re: Yet another Quadruple DNS?

Another one for the list... We're working on fielding our quad-255 (255.255.255.255) DNS. It's currently pingable but not yet providing resolution. We're aiming for an April 1st release. One of the most widley-distributed quads out there. We're thinking about calling it QUAdFF -- drink it

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 11:22 AM, Ken Chase wrote: > On Fri, Mar 30, 2018 at 09:30:00AM -0400, Christopher Morrow said: > >I think there's ample evidence that everyone's enemy is 'the nsa' (or > other > >nation-state-actors) isn't there? > > Or yourself, after you flip the EU off. > > https:/

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 09:30:00AM -0400, Christopher Morrow said: >I think there's ample evidence that everyone's enemy is 'the nsa' (or other >nation-state-actors) isn't there? Or yourself, after you flip the EU off. https://www.theregister.co.uk/2018/03/29/eu_dumps_30_ukowned_domains_i

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 03:57:24PM +0100, William Waites wrote a message of 48 lines which said: > > 77.77.77.77 - Dadeh Gostar Asr Novin P.J.S. Co. (Iran) | 77.77.64/19 | > > recursion-yes > > Well, that one's a little odd: I think that, for the government of this country, it is seen as a f

Re: Yet another Quadruple DNS?

> > On 30 Mar 2018, at 15:46, Royce Williams wrote: > > 77.77.77.77 - Dadeh Gostar Asr Novin P.J.S. Co. (Iran) | 77.77.64/19 | > recursion-yes Well, that one's a little odd: % host news.bbc.co.uk 77.77.77.77 Using domain server: Name: 77.77.77.77 Address: 77.77.77.77#53 Aliases: news.bbc.co.u

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 06:46:19AM -0800, Royce Williams wrote a message of 19 lines which said: > Full survey - with owners of the largest bit-boundary-aligned blocks > that contain them - here: > > https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1 Unlike what you say,

Re: Yet another Quadruple DNS?

And FWIW, there are currently a few other other same-quad open resolvers: # IP - desc | CIDR | recursion-yes 1.1.1.1 - APNIC-LABS - Research prefix for APNIC Labs (now Cloudflare distributed public recursive DNS) | 1/8 | recursion-yes 8.8.8.8 - Google LLC (public recursive DNS) | 8.8.8/24 | recurs

Re: Yet another Quadruple DNS?

On Fri, Mar 30, 2018 at 5:30 AM, Christopher Morrow wrote: > > On Thu, Mar 29, 2018 at 10:32 AM, Stephane Bortzmeyer > wrote: > > > Public DNS resolvers still help against "ordinary" adversaries. (If > > your ennemy is the NSA, you have other problems, anyway.) If you're individually targeted by

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 10:32 AM, Stephane Bortzmeyer wrote: > > Public DNS resolvers still help against "ordinary" adversaries. (If > your ennemy is the NSA, you have other problems, anyway.) > I think there's ample evidence that everyone's enemy is 'the nsa' (or other nation-state-actors) isn'

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 08:29:57AM -0700, Bill Woodcock wrote a message of 53 lines which said: > there are ISPs who are internally capturing 8.8.8.8, and who try to > do the same with 9.9.9.9. Which is why it’s so important to do > cryptographic validation of the server and encryption of the

Re: Yet another Quadruple DNS?

* eric-l...@truenet.com (Eric Tykwinski) [Fri 30 Mar 2018, 02:11 CEST]: Still curious how they got a SSL cert for an IP address, as that was definitely interesting to me. https://cabforum.org/guidance-ip-addresses-certificates/ -- Niels. --

Re: Yet another Quadruple DNS?

> Is it just me, or is there a problem with the website? I get a nginx 403 > Forbidden error when trying to access it. > > > > Regards, > Filip I can verify it was working, but they might have gotten hammered after this thread. Still curious how they got a SSL cert for an IP address

Re: Re: Yet another Quadruple DNS?

Is it just me, or is there a problem with the website? I get a nginx 403 Forbidden error when trying to access it. Regards, Filip > > On 29 Mar 2018 at 2:41 pm,wrote: > > > Cloudflare’s website provides some more information: https://1.1.1.1/

Re: Yet another Quadruple DNS?

On 3/29/18 10:59 AM, Stephen Satchell wrote: > In regards to: spoofing DNS to 8.8.8.8 et al > > On 03/29/2018 09:26 AM, Baldur Norddahl wrote: >> Running your own resolver will not work. > > Why won't it work?  I run a Linux box with BIND 9 set up as a > recursive resolver.  Are you saying that t

Re: Yet another Quadruple DNS?

In regards to: spoofing DNS to 8.8.8.8 et al On 03/29/2018 09:26 AM, Baldur Norddahl wrote: Running your own resolver will not work. Why won't it work? I run a Linux box with BIND 9 set up as a recursive resolver. Are you saying that the rogues will also capture requests to the root DNS se

Re: Yet another Quadruple DNS?

Who's got visible projects looking to detect this from various points/regimes on the internet? (University of Toronto's IXMaps group whom I advised a few times over the years did something similar for routes, not that BGPlay isnt out there, but they translated it into human as a sociology project

Re: Yet another Quadruple DNS?

On 29/03/2018 17:23, Jared Mauch wrote: >> On Mar 29, 2018, at 10:19 AM, Seth Mattinen wrote: >> >> On 3/29/18 7:17 AM, Izaac wrote: And I'd really like not to enrich my ISP's trove of information about my browsing habits by them recording all my DNS lookups. Of course, 9.9.9.9 cou

Re: Yet another Quadruple DNS?

> > > Technically, tweaking your DNS resolver to lie (and/or to log) is much > easier and faster (and way less expensive) than setting up a > packet interception and rewriting device at line rate. > It is just a static /32 route for well known DNS resolvers to the ISP resolver. It is free and

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 9:27 AM, Brian Kantor wrote: > Of course they could. But it's testable; experiments show that they > aren't doing so currently. Some of the recursive DNS providers support a protocol called DNSCrypt for authenticating data between the client and the recursive nameserve

Re: Yet another Quadruple DNS?

From 1.1.1.1 website: Cloudflare DNS resolver: ** * For IPv4:*1.1.1.1*and/or*1.0.0.1* * For IPv6:*2001:2001::*and/or*2001:2001:2001::* Its catchy enough for IPV6 :). On 29.3.2018 15:07, Chip Marshall wrote: I think the real question is "when are we going to get some memorable IPv6 public re

Re: Yet another Quadruple DNS?

exactly. intercept/inject? why. an ISP can just run its own standard DNS servers on 8.8.8.8 and 8.8.4.4 and point their customers to those - they own their routing space, they can just route to those locallyso anyone thinking they can avoid their ISP by choosing some other addresses are mistak

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 7:01 AM, Brian Kantor wrote: > > I use 9.9.9.9 for my home desktop to avoid the interception of my > DNS queries by my cable company. I'd very much rather get an > NXDOMAIN than a connection to some web server that wants to offer > me a "helpful" web page, even when I'm r

Re: Yet another Quadruple DNS?

Along these same lines, we have a service that captures all DNS requests regardless the server(only non-TLS, albeit), that people pay $9.99/mo for, so they definitely want this.. We just NAT all requests to Open DNS servers to provide internet filtering as a service. It would be arbitrarily trivial

Re: Yet another Quadruple DNS?

> \On Mar 29, 2018, at 7:27 AM, Brian Kantor wrote: > > On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote: >> I've never really understood this - if you don't trust your ISP's DNS, >> why would you trust them not to transparently intercept any well-known >> third-party DNS? > > Of cour

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 9:07 AM, Chip Marshall > wrote: > > ... > I think the real question is "when are we going to get some memorable > IPv6 public recursive DNS servers?" > > 2001:4860:4860:: or 2620:fe::fe just aren't quite as catchy as > 8.8.8.8 or 9.9.9.9. >

Re: Yet another Quadruple DNS?

On 3/29/18 7:24 AM, Stephane Bortzmeyer wrote: That's certainly a more important issue. Even when someone has skills, he or she may not have the time and inclination to do system administration at home. The solution is proper packaging of this DNS function in ready-made boxes such as the Turris O

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote a message of 12 lines which said: > I've never really understood this - if you don't trust your ISP's > DNS, why would you trust them not to transparently intercept any > well-known third-party DNS? Technically, tweaking your DNS res

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:01:59AM -0700, Brian Kantor wrote a message of 20 lines which said: > I believe that centralized DNS resolvers such as 8.8.8.8 are of > benefit to those folks who can't run their own recursive resolver > because of OS, hardware, Hardware is not a real problem. A Ras

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote: > I've never really understood this - if you don't trust your ISP's DNS, > why would you trust them not to transparently intercept any well-known > third-party DNS? Of course they could. But it's testable; experiments show that they are

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 10:19 AM, Seth Mattinen wrote: > > On 3/29/18 7:17 AM, Izaac wrote: >>> And I'd really like not to enrich my ISP's trove of information about >>> my browsing habits by them recording all my DNS lookups. Of course, >>> 9.9.9.9 could be collecting that information, but they

Re: Yet another Quadruple DNS?

On 3/29/18 7:17 AM, Izaac wrote: And I'd really like not to enrich my ISP's trove of information about my browsing habits by them recording all my DNS lookups. Of course, 9.9.9.9 could be collecting that information, but they're in less of a position to insert ads than my cableco is. Don't worr

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:01:59AM -0700, Brian Kantor wrote: > do not trust the ones provided by their ISPs. Ohhh! Is that a thing? Network operators doing crazy shit like throwing A records to local machines instead of NXDOMAIN in order to splash advertising at users? Imagine users getting so

Re: Yet another Quadruple DNS?

Once upon a time, Brian Kantor said: > I believe that centralized DNS resolvers such as 8.8.8.8 are of > benefit to those folks who can't run their own recursive resolver > because of OS, hardware, or skill limitations, and yet do not trust > the ones provided by their ISPs. I've never really und

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 09:38:09AM -0400, Izaac wrote: > No, the real question is: why do you find it desirable to centralize a > distributed service? I believe that centralized DNS resolvers such as 8.8.8.8 are of benefit to those folks who can't run their own recursive resolver because of OS, ha

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 6:38 AM, Izaac wrote: > > On Thu, Mar 29, 2018 at 01:07:58PM +, Chip Marshall wrote: >> I think the real question is "when are we going to get some memorable >> IPv6 public recursive DNS servers?" > > No, the real question is: why do you find it desirable to centraliz

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 01:07:58PM +, Chip Marshall wrote: > I think the real question is "when are we going to get some memorable > IPv6 public recursive DNS servers?" No, the real question is: why do you find it desirable to centralize a distributed service? -- . ___ ___ . . ___ . \

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 9:07 AM, Chip Marshall wrote: > I think the real question is "when are we going to get some memorable > IPv6 public recursive DNS servers?" > > 2001:4860:4860:: or 2620:fe::fe just aren't quite as catchy as > 8.8.8.8 or 9.9.9.9. >From https://1.1.1.1/: For IPv6: *20

Re: Yet another Quadruple DNS?

On 2018-03-29, Stephane Bortzmeyer sent: > On Thu, Mar 29, 2018 at 07:33:08AM -0400, > Matt Hoppes wrote > a message of 7 lines which said: > > > We already have 8.8.8.8 and 8.8.4.4. > > And 9.9.9.9 and several others public DNS resolvers. I think the real question is "when are we going to

Re: Yet another Quadruple DNS?

Cloudflare’s website provides some more information: https://1.1.1.1/ According to Cloudflare’s CEO, we’ll have more news on 1/4, so in a few days. https://twitter.com/eastdakota/status/979257292938911744 From their website I can see that it is a low latency and privacy orient

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:33:08AM -0400, Matt Hoppes wrote a message of 7 lines which said: > We already have 8.8.8.8 and 8.8.4.4. And 9.9.9.9 and several others public DNS resolvers. > And any reputable company or ISP should be running their own. I fully agree. > What purpose would this

Re: Yet another Quadruple DNS?

8 6:33:08 AM Subject: Re: Yet another Quadruple DNS? Why do we need this? We already have 8.8.8.8 and 8.8.4.4. And any reputable company or ISP should be running their own. What purpose would this serve?

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 12:16:48PM +0100, Tony Finch wrote a message of 15 lines which said: > Also the very amusing > > https://twitter.com/eastdakota/status/970359846548549632 Less amusing, for a DNS service, the brokenness of reverse service: % dig -x 1.1.1.1 ; <<>> DiG 9.10.3-P4-Debian

Re: Yet another Quadruple DNS?

Why do we need this? We already have 8.8.8.8 and 8.8.4.4. And any reputable company or ISP should be running their own. What purpose would this serve?

Re: Yet another Quadruple DNS?

On Wed, Mar 28, 2018 at 11:16:15PM +0300, DaKnOb wrote a message of 25 lines which said: > Out of 1,000 RIPE Atlas Probes, only 34 report it as unreachable. It's still a lot for IPv4. And it measures ony filtering, not hijacking (which seems to exist, some probes get a DNS reply without the A

Re: Yet another Quadruple DNS?

David Ulevitch wrote: > https://twitter.com/eastdakota/status/970214433598275584 > https://twitter.com/eastdakota/status/970359846548549632 Also the very amusing https://twitter.com/eastdakota/status/970359846548549632 Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Heb

Re: Yet another Quadruple DNS?

On Wed, Mar 28, 2018 at 1:27 PM Aftab Siddiqui wrote: > 1.1.1.0/24 and 1.0.0.0/24 both are APNIC's Lab Research Prefixes. APNIC, > probably doing some more data gathering on 1.1.1.1 and doesn't want to be > smashed with Gigs of traffic. Doubtful. This is most assuredly going to be a commercial

Re: Yet another Quadruple DNS?

On March 28, 2018 6:14:26 PM UTC, Payam Poursaied wrote: >dig google.com @1.1.1.1 Cute. I'm sure this engineering effort to centralize a distributed service will also go a long way to spur IPv6 adoption. -- Izaac

Re: Yet another Quadruple DNS?

> On Mar 28, 2018, at 2:39 PM, David Ulevitch wrote: > > On Wed, Mar 28, 2018 at 1:27 PM Aftab Siddiqui > wrote: > 1.1.1.0/24 and 1.0.0.0/24 both are APNIC's Lab Research Prefixes. APNIC, > probably doing some more data gathering on 1.1.1.1 and doesn't want to be > smashed with Gigs of traffi

Re: Yet another Quadruple DNS?

A reminder to go back and watch the awesome talk from Nanog 49 about this: https://youtu.be/RBOPcLpQZ8w https://www.nanog.org/meetings/nanog49/presentations/Monday/karir-1slash8.pdf - Jared > On Mar 28, 2018, at 4:25 PM, Aftab Siddiqui wrote: > > 1.1.1.0/24 and 1.0.0.0/24 both are APNIC's Lab

Re: Yet another Quadruple DNS?

1.1.1.0/24 and 1.0.0.0/24 both are APNIC's Lab Research Prefixes. APNIC, probably doing some more data gathering on 1.1.1.1 and doesn't want to be smashed with Gigs of traffic. Transit is still quite expensive in Aus :) https://www.apnic.net/wp-content/uploads/prop-109/assets/prop-109-v001.txt O

Re: Yet another Quadruple DNS?

On Wed, Mar 28, 2018 at 9:13 PM, Michael Crapse wrote: > Many providers filter out 1.1.1.1 because too many people use it in their > examples/test code. I doubt that it's a usable IP/service. > > having previously globally announce 1.1.1.1 ... and some other of it's friends... not nearly enough p

Re: Yet another Quadruple DNS?

> On Mar 28, 2018, at 4:13 PM, Michael Crapse wrote: > > Many providers filter out 1.1.1.1 because too many people use it in their > examples/test code. I doubt that it's a usable IP/service. There’s at least one vendor *cough* cisco *cough* that has used it as captive portal IP. I’m not sur

Re: Yet another Quadruple DNS?

Out of 1,000 RIPE Atlas Probes, only 34 report it as unreachable. Very good latency from those who can reach it.. https://atlas.ripe.net/measurements/11859210/#!general Antonis > On 28 Mar 2018, at 23:13, Michael Crapse wrote: > > Man

Re: Yet another Quadruple DNS?

Many providers filter out 1.1.1.1 because too many people use it in their examples/test code. I doubt that it's a usable IP/service. On 28 March 2018 at 12:14, Payam Poursaied wrote: > dig google.com @1.1.1.1 > > > > Cloudflare? > > Didn't find any news around it > >

Re: Yet another Quadruple DNS?

> On Mar 28, 2018, at 11:14 AM, Payam Poursaied wrote: > > dig google.com @1.1.1.1 > Cloudflare? Yeah, Cloudflare did a deal with Geoff Huston to use it. It’s reserved for “experimental use." -Bill signature.asc Description: Message signed with OpenPGP

Yet another Quadruple DNS?

dig google.com @1.1.1.1 Cloudflare? Didn't find any news around it