Re: Apple Catalina Appears to Introduce Massive Jitter - SOLVED!

I would hesitate to blame BT. I have a macbook pro from ~1 year ago, on Catalina, and I use BT extensively ... mouse, keyboard, and headset. I do have location services trimmed down to just find my mac. I ran: ping -c 1000 -i 0.1 1000 packets transmitted, 998 packets received, 0.2% packet los

Re: CNAME records in place of A records

On 11/6/20 2:49 PM, Sabri Berisha wrote: - On Nov 6, 2020, at 2:07 AM, Dovid Bender wrote: Hi, Sorry if this is a bit OT. Recently several different vendors (in completely different fields) where they white label for us asked us to remove A records that we have going to them and replace t

Re: [EXTERNAL]Re: Don't need someone with clue @ Network Solutions.

I'm curious, and my apologies if I missed it, but crocker.com is registered at Amazon, and the COM whois shows that it was Amazon's registrar that added the host records. Were you able to work with the Amazon registrar (not AWS), as one of their customers, to get the records removed; since cro

Re: DoD IP Space

I used to help large companies rearchitect their addressing, implement IPv6, etc. for a living, so no one is more sympathetic than I am about how difficult it can be to make these changes. However, I have to ask, how far backwards do we want to bend for those that refuse to migrate? There have

Re: DoD IP Space

Randy, In one sense I agree with you, but what I was reacting to was the idea of an ISP begging IETF to reassign 22/8 as private space because their customers won't migrate to IPv6. That's problematic for many reasons, and causes the folks who aren't getting with the program to inflict the pa

Re: DoD IP Space

Joe, I haven't done that kind of work for a few years now, but I assume the answer to your question in terms of hardware is still yes. By and large the problem isn't hardware, it's finding the institutional will to actually do the thing. That requires a lot of education, creating or buying r

Re: DoD IP Space

The KB indicates that the problem is with the "LG TV WebOS 3.8 or above." Doug (not speaking for any employers, current or former) On 1/22/21 12:42 PM, Mark Andrews wrote: Disney should hire some proper developers and QA team. RFC 1123 instructed developers to make sure your products handled

Re: DoD IP Space

Owen, I am genuinely curious, how would you explain the problem, and describe a solution, to an almost exclusively non-technical audience who just wants to get the bits flowing again? Doug (still not speaking for anyone other than myself) On 2/5/21 2:25 PM, Owen DeLong wrote: At the bottom

Re: DoD IP Space

On 2/10/21 5:56 AM, Ca By wrote> The 3 cellular networks in the usa, 100m subs each, use ipv6 to uniquely address customers. And in the case of ims (telephony on a celluar), it is ipv6-only, afaik. So that answers the question of how to scale networks past what can be done with 1918 space. Al

Re: Disney+ contacts or geolocation ideas

I forwarded your message to the appropriate resource. hope this helps, Doug On 7/22/20 4:51 PM, Paul Nash wrote: I’m looking for a technical contact at Disney regarding geo-location. I have a client (apartment building) with a /24 (one IP per apartment). We recently upgraded out Internet

Re: S.Korea broadband firm sues Netflix after traffic surge

On 10/1/21 7:45 AM, Mark Tinka wrote: The reason Google, Facebook, Microsoft, Amazon, e.t.c., all built their own global backbones is because of this nonsense that SK Broadband is trying to pull with Netflix. At some point, the content folk will get fed up, and go build it themselves. What an o

Re: S.Korea broadband firm sues Netflix after traffic surge

[some snipping below] Also just to be clear, these are my own opinions, not necessarily shared by any current or former employers. On 10/10/21 12:31 PM, Mark Tinka wrote: On 10/10/21 21:08, Doug Barton wrote Given that issue, I have some sympathy for eyeball networks wanting to charge

Re: S.Korea broadband firm sues Netflix after traffic surge

On the cookie issue, I have had very good luck with this in Firefox: https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/ hope this helps, Doug On 10/12/21 6:26 AM, scott wrote: On 10/12/21 9:15 PM, Matthew Petach wrote: So, I take it you steadfastly block *all* cookies from

Re: "Permanent" DST

All of this. The reason that the proposal is always worded "Permanent Daylight Savings Time" is that there are a non-trivial number of people who genuinely believe that with DST we get more sunlight. Not more sunlight during the hours when most people are awake, literally more sunlight. In a

A way that ARIN can help encourage RPKI adoption

On 4/6/22 10:55 AM, John Curran wrote: Interesting philosophy - historically ARIN customers have asked for simplicity in the relationship; i.e. a single fee that encompasses all of the services - in this way, an organization can utilize something without having to “get new approval” and there’

Re: A way that ARIN can help encourage RPKI adoption

On 4/12/22 9:56 PM, John Curran wrote: Doug, we’re not contracting with these parties to provide any other services…i.e. there’s nothing to "add a rider to”. (Those who have any registration services agreement with ARIN already have access to all services incl. RPKI) Thank you for considerin

Re: Serious Juniper Hardware EoL Announcements

I don't want to glorify the idea of converting multicast space by commenting on it, however you're wrong in several particulars about the relationships around the IANA. Most notably here is the issue that in relationship to what IP addresses can be handed out to who, and for what purpose, IANA

Re: cf is down?

Was someone scanning the Internet for vulnerabilities? On 6/21/22 12:20 AM, Eric Kuhnke wrote: Massive spike in consumer facing services reported as broken by downdetector, almost all are likely cf customers. See downdetector homepage.

Re: IoT - The end of the internet

On 8/9/22 10:40 PM, b...@theworld.com wrote: Possibly interesting: This kind of idea came up w/in ICANN when they were first considering the idea of adding 1000+ new generic and internationalized TLDs. Will it cause a melt down? Money was allocated, studies and simulations were done, reports w

Re: DNS resolution for hhs.gov

Responses in line below. Doug On 4/11/23 8:12 AM, Samuel Jackson wrote: I wanted to run this by everyone to make sure I am not the one losing my mind over this. A dig +trace cob.cms.hhs.gov fails for me as it looks like the NS for hhs.gov does not s

Re: DNS resolution for hhs.gov

Always love your in-depth analysis. Thanks, Mark. :) On 4/14/23 4:40 PM, Mark Andrews wrote: On 15 Apr 2023, at 02:41, Doug Barton wrote: Responses in line below. Doug On 4/11/23 8:12 AM, Samuel Jackson wrote: I wanted to run this by everyone to make sure I am not the one losing my

Re: Comcast storing WiFi passwords in cleartext?

On 4/25/19 8:04 AM, K. Scott Helms wrote: Just so you know, if you have an embedded router from a service provider all of that data is _already_ being transmitted and has been for a long long time. Responding to a pseudo-random message ... If you are an average consumer and purchase a managed

Re: any interesting/useful resources available to IPv6 only?

On 5/3/19 8:14 AM, Brian J. Murrell wrote: Hi, I am trying to make a case (to old fuddy-duddies, which is why I even need to actually make a case) for IPv6 for my own selfish reasons. :-) I wonder if anyone has any references to interesting/useful/otherwise resources on are only available to I

Re: any interesting/useful resources available to IPv6 only?

On 5/3/19 1:33 PM, Mohammad Khalil wrote: Hello all I have prepared something in the past you might find useful (hopefully). First, it's considered rude to send attachments of any size to a mailing list, never mind one that's almost 2 megs in size. Much better to put it on a web site somewher

Re: 44/8

On 2019-07-23 10:43 AM, William Herrin wrote: On Tue, Jul 23, 2019 at 7:32 AM Naslund, Steve > wrote: In defense of John and ARIN, if you did not recognize that ARDC represented an authority for this resource, who would be? The American Radio Relay League

Feasibility of using Class E space for public unicast (was re: 44/8)

On 2019-07-22 6:09 PM, Owen DeLong wrote: On Jul 22, 2019, at 12:15 , Naslund, Steve > wrote: I think the Class E block has been covered before.  There were two reasons to not re-allocate it. 1.A lot of existing code base does not know how to handle those addresse

Re: 44/8

Responding to no one in particular, and not representing views of any current or former employer ... I find all of this hullabaloo to be ... fascinating. A little background to frame my comments below. I was GM of the IANA in the early 2000's, I held a tech license from 1994 through 2004 (I ga

Re: Feasibility of using Class E space for public unicast (was re: 44/8)

On 2019-07-26 10:07 PM, William Herrin wrote: On Fri, Jul 26, 2019 at 9:21 PM Doug Barton <mailto:do...@dougbarton.us>> wrote: > When I was running the IANA in the early 2000's we discussed this issue with many different experts, hardware company reps, etc. Not only was there

Re: Feasibility of using Class E space for public unicast (was re: 44/8)

On 2019-07-26 11:01 PM, William Herrin wrote: On Fri, Jul 26, 2019 at 10:36 PM Doug Barton <mailto:do...@dougbarton.us>> wrote: > So I'll just say this ... if you think that the advice I received from all of the many people I spoke to (all of whom are/were a lot smarter than

Re: 44/8

On 8/27/19 8:52 PM, Owen DeLong wrote: On Jul 26, 2019, at 21:59 , Doug Barton <mailto:do...@dougbarton.us>> wrote: Responding to no one in particular, and not representing views of any current or former employer ... I find all of this hullabaloo to be ... fascinating.

Re: IPv6 Pain Experiment

On 10/2/19 3:03 PM, Naslund, Steve wrote: The next largest hurdle is trying to explain to your server guys that you are going to go with all dynamically assigned addressing now Completely false, but a very common misconception. There is nothing about IPv6 that prevents you from assigning stati

Re: IPv6 Pain Experiment

ree on that. Ipv4 is very human readable. It is numbers. Ipv6 is not human numbers. It’s hex, which is not how we normally county. It is all water under the bridge now, but I really feel like ipv6 could have been made more human friendly and ipv4 interoperable. On Oct 2, 2019, at 8:49 PM,

Re: IPv6 Pain Experiment

Yes, IPv6 suffers from Second System Syndrome. No this is not news, neither is it malleable (no matter how much whinging about roads not taken occurs). On 10/2/19 6:30 PM, George Michaelson wrote: A long time ago, in another country, JANET had a mail list to discuss email, in a world before D

Re: IPv6 Pain Experiment

On 10/2/19 10:27 PM, Masataka Ohta wrote: The tricky part is in converting a domain name of a primary nameserver to IP addresses,  when the IP addresses of the primary nameserver changes. If the primary nameserver ask DNS its IP address to send an update request to itself, it will get old addre

Re: IPv6 Pain Experiment

On 10/3/19 5:35 PM, Masataka Ohta wrote: Doug Barton wrote: Not if you configure your services (like DNS) with static addresses,which as we've already discussed is not only possible, but easy. That's your opinion. But, as Mark Andrews said: > Actually you can do exactly the s

Re: IPv6 Pain Experiment

I'm going to reply in some detail to your points here because they are very common arguments that have real answers. Those who have heard all this before are free to move on. :) You sound like someone who doesn't have experience with IPv6. I don't intend any criticism, I'm simply saying that

Re: IPv6 Pain Experiment

On 10/3/19 8:41 PM, Masataka Ohta wrote: Doug Barton wrote: Automatic renumbering involving DNS was important design goal of IPv6 with reasons. Lack of it is still a problem. Meanwhile, the thing that most people miss about IPv6 is that except in edge cases, you never have to renumber. You

Re: IPv6 Pain Experiment

On 10/4/19 7:45 AM, Warren Kumari wrote: On Fri, Oct 4, 2019 at 5:13 AM Masataka Ohta wrote: Doug Barton wrote: And even if you do need to change providers, once you have your addressing plan in place all you have to change is the prefix. This is the same as saying "If you ne

Re: RIPE our of IPv4

The two things feed each other. Big content networks have had IPv6 for years now, and the mobile phone networks are primarily, if not exclusively IPv6 on the inside. Adding IPv6 now helps push the cycle forward, whether you are an eyeball, content, or other network. Doug On 11/25/19 11:50

Re: RIPE our of IPv4

On 2019-11-25 1:47 PM, Valdis Klētnieks wrote: On Tue, 26 Nov 2019 06:46:52 +1100, Mark Andrews said: On 26 Nov 2019, at 03:53, Dmitry Sherman wrote:  I believe it’s Eyeball network’s matter to free IPv4 blocks and move to v6. It requires both sides to move to IPv6. Why should the

Re: RIPE our of IPv4

On 2019-11-25 20:26, Brandon Martin wrote: On 11/26/19 4:36 AM, Doug Barton wrote: I get that some people still don't like it, but the answer is IPv6. Or, folks can keep playing NAT games, etc. But one wonders at what point rolling out IPv6 costs less than all the fun you get with [C

Re: RIPE our of IPv4

On 11/26/19 12:13 AM, Sabri Berisha wrote: - On Nov 26, 2019, at 1:36 AM, Doug Barton do...@dougbarton.us wrote: I get that some people still don't like it, but the answer is IPv6. Or, folks can keep playing NAT games, etc. But one wonders at what point rolling out IPv6 costs less tha

Re: number of characters in a domain?

On 07/23/2016 07:07 AM, Matthew Pounsett wrote: On 23 July 2016 at 14:31, Ryan Finnesey wrote: I was hoping someone can help me confirm my research. I am correct that domains are now limited to 67 characters in length including the extension? 63 octets per label (the bits between the perio

Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years

vDOS — a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands

Re: Domain renawals

On 09/21/2016 01:44 PM, Richard Holbo wrote: FWIW, as I'm in the middle of this right now. It would appear that many of the less expensive registrars no longer support glue records in any meaningful way. They all expect you to host DNS with them. So might want to check on that before buying the

Re: Spitballing IoT Security

On 10/29/2016 05:32 PM, Ronald F. Guilmette wrote: you don't need to be either an omnious "state actor" or even SPECTER to assemble a truly massive packet weapon. Please, it's SPECTRE show some respect

Re: Wanted: volunteers with bandwidth/storage to help save climate data

On 12/16/2016 1:48 PM, Hugo Slabbert wrote: This started as a technical appeal, but: https://www.nanog.org/list 1. Discussion will focus on Internet operational and technical issues as described in the charter of NANOG. Hard to see how the OP has anything to do with either of the above.

Re: Wanted: volunteers with bandwidth/storage to help save climate data

On 12/20/2016 8:08 AM, Royce Williams wrote: n Sat, Dec 17, 2016 at 6:15 PM, Doug Barton wrote: On 12/16/2016 1:48 PM, Hugo Slabbert wrote: This started as a technical appeal, but: https://www.nanog.org/list 1. Discussion will focus on Internet operational and technical issues as described

Re: Wanted: volunteers with bandwidth/storage to help save climate data

On 12/21/2016 06:15 PM, Royce Williams wrote: On Wed, Dec 21, 2016 at 3:49 PM, Ken Chase wrote: On Wed, Dec 21, 2016 at 04:41:29PM -0800, Doug Barton said: [..] >>Everyone has a line at which "I don't care what's in the pipes, I just >>work here" change

Re: DNS Flag Day, Friday, Feb 1st, 2019

On 2019-01-31 08:32, James Stahr wrote: I think the advertised testing tool may be flawed as blocking TCP/53 is enough to receive a STOP from the dnsflagday web site. It's been my (possibly flawed) understanding that TCP/53 is an option for clients but primarily it is a mechanism for the *serve

Re: IANA IPv4 Recovered Address Space registry updated

Paula, Thank you for this update. Is there a convenient resource for viewing the delta? Doug On 03/01/2017 12:15 PM, Paula Wang wrote: Hi, An update has been made to the IANA IPv4 Recovered Address Space registry according to the Global Policy for Post Exhaustion IPv4 Allocation Mechanis

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

On 03/17/2017 10:42 AM, Mark Kosters wrote: On 3/17/17, 12:26 PM, "NANOG on behalf of William Herrin" wrote: On Fri, Mar 17, 2017 at 7:52 AM, Romeo Zwart wrote: RIPE NCC have issued a statement about the issue here: https://www.ripe.net/ripe/mail/archives/dns-wg/2017-March/003394.html

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

Thanks for the response, John. Some thoughts below. On 03/18/2017 08:58 PM, John Curran wrote: On 18 Mar 2017, at 9:58 PM, Doug Barton mailto:do...@dougbarton.us>> wrote: My eyebrows reacted to this the same way Bill's did. It sounds like this is at least a semi-automated system.

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

On 03/18/2017 09:40 PM, John Curran wrote: On 19 Mar 2017, at 12:27 AM, Doug Barton wrote: ... Despite the associated risk, we are happy to install such checks if RIPE requests them, but are this time are processing them as we agreed to do so – which is whenever we receive correctly formatted

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

On 03/18/2017 10:53 PM, John Curran wrote: On 19 Mar 2017, at 12:50 AM, Doug Barton mailto:do...@dougbarton.us>> wrote: ... Meanwhile, my offer to help y'all fix your DNS was a sincere one. Feel free to hit me up off list. Doug - You’d want to make that offer to the RIPE NCC M

Re: loc.gov

Isn't that a problem that suggests its own solution? On 7/8/2017 1:43 PM, Joly MacFie wrote: (sorry I'm not on the outage list)

Re: Last Week's Canadian Fiber Cut

Does this sound like a dry run to anyone else? Or did I forget to take my anti-paranoia pills today? On 08/15/2017 06:05 PM, David Charlebois wrote: Just read this on http://www.ctvnews.ca/business/bell-aliant-says- double-cable-cut-that-led-to-cell-outages-was-perfect-storm-1.3547018 "Bell s

Re: Ticketmaster?

On 12/02/2017 02:39 PM, Ryan Gard wrote: *Oh, you must be sharing your IP with everyone else in your area* CGNAT by any chance?

Re: Definitive Guide to IPv6 adoption

On Mon, 18 Oct 2010, Owen DeLong wrote: I think it's generally a bad idea. /48 is the design architecture for IPv6. It allows for significant innovation in the SOHO arena that we haven't accounted for in some of our current thinking. Q: Why are /48s everywhere a good idea? A: Becaus

Re: Pica8 - Open Source Cloud Switch

On Mon, 18 Oct 2010, Joe Greco wrote: For example, consider the T-Mobile Sidekick Danger server crash/disaster. This is frequently pointed to as a "failure of the cloud", but in reality, it appears to have been trusting data to a company that wasn't exercising proper care in maintaining its serv

Re: Definitive Guide to IPv6 adoption

On 10/18/2010 5:16 PM, Robert E. Seastrom wrote: sth...@nethelp.no writes: I still haven't seen any good argument for why residential users need /48s. No, I don't think "that makes all the address assignments the same size" is a particularly relevant or convincing argument. We're doing /56 fo

Re: Definitive Guide to IPv6 adoption

On 10/19/2010 6:24 AM, Dan White wrote: But I still feel strongly that a /48 assignment model for residential customers is right for our environment. Perfectly reasonable. If you've analyzed your situation and come to that conclusion who am I to argue? Please note, I'm NOT saying, "You must us

Re: ARIN recognizes Interop for return of more than 99% of 45/8 address block

On 10/20/2010 7:13 AM, Randy Bush wrote: i think this is cool, but ... ARIN will follow global policy at that time and return it to the global free pool or distribute the space to those organizations in the ARIN region with documented need, as appropriate. i know the us has the world series,

Re: Token ring? topic hijack: was Re: Mystery open source switching

On 11/02/2010 10:47 PM, Jacob Broussard wrote: I guess I am not as funny as I thought I was. None of us are. :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS.

Re: Verizon off-list contact requested

If you're going to start a new thread on a mailing list your best bet is to copy the list address to your address book, and create a new message. By replying to another message and changing the topic your message shows up "buried" under the thread you replied to. This is particularly bad when y

Re: RINA - scott whaps at the nanog hornets nest :-)

On 11/6/2010 3:14 PM, George Bonser wrote: It ships with Microsoft Windows as "Blackhole Router Detection" and is on by default since Windows 2003 SP2. The first item returned on a blekko search is the following article which indicates that it is on by default in Windows 2008/Vista/2003/XP/20

Re: Conclusions? - Introducing draft-denog-v6ops-addresspartnaming

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/29/2010 11:59, Joel Jaeggli wrote: | Since 11/18/10 this discussion has generated something like 66 messages | across five threads on this list, on nanog and elsewhere. | | While some suggestions are entertaining, I would think of this critici

Re: .gov DNSSEC operational message

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/26/2010 09:07, Matt Larson wrote: | On Thu, 23 Dec 2010, Jay Ashworth wrote: |>> From: "Matt Larson" |> |>> The new KSK will not be published in an authenticated manner outside |>> DNS (e.g., on an SSL-protected web page). Rather, the intended

Re: .gov DNSSEC operational message - picking a fight

On 12/28/2010 14:46, bmann...@vacation.karoshi.com wrote: On Tue, Dec 28, 2010 at 11:41:18AM -0800, Doug Barton wrote: Now OTOH if someone wants to demonstrate the value in having a publication channel for TLD DNSKEYs outside of the root zone, I'm certainly willing to listen. Ju

Re: AltDB?

On 01/09/2011 10:09, John Curran wrote: On Jan 9, 2011, at 2:09 AM, Jeff Wheeler wrote: In terms of database size, excluding RIPE, the ARIN IRR is the 8th largest, ahead of ALTDB and about 10% as large as Level3, the second largest IRR database (except RIPE.) A mass-corruption of the ARIN IRR

Re: AltDB?

On 01/10/2011 19:18, John Curran wrote: On Jan 10, 2011, at 7:57 PM, Doug Barton wrote: On 01/09/2011 10:09, John Curran wrote: Please suggest your preferred means of IRR authentication to the ARIN suggestion process:<https://www.arin.net/participate/acsp/index.html> ... Now it seem

Re: [NANOG-announce] NANOG On The Road - San Diego

This event sounds like a lot of fun, and I look forward to attending. :) Just curious if anyone wants to participate in an informal PGP key signing activity while we're there? I'm thinking an old fashioned "everyone brings their own slips of paper" type thing, but if there is sufficient intere

Re: TWC (AS11351) blocking all NTP?

On 02/03/2014 12:50 PM, John R. Levine wrote: I was thinking that the ntp.org servers on any particular network are a small set of exceptions to a general rule to rate limit outgoing NTP traffic. www.pool.ntp.org allows any NTP operator to opt-in to receive NTP traffic should their clock be ava

Re: TWC (AS11351) blocking all NTP?

On 02/03/2014 05:10 PM, Majdi S. Abbas wrote: NTP works best with a diverse set of peers. You know, outside your little bubble, or walled garden, or whatever people in this thread appear to be trying to build. I'm not sure what to call it, but it's definitely not the Internet. "The In

Re: TWC (AS11351) blocking all NTP?

On 02/04/2014 08:04 AM, William Herrin wrote: On Sun, Feb 2, 2014 at 5:17 PM, Cb B wrote: And, i agree bcp38 would help but that was published 14 years ago. Howdy, If just three of the transit-free networks rewrote their peering contracts such that there was a $10k per day penalty for sendin

Re: random dns queries with random sources

On 02/18/2014 07:08 PM, Joe Maimon wrote: Thousand of queries with thousands of source ip addresses. Pardon if I missed a memo, but how are your resolver systems receiving these thousands of very different source addresses? Doug

Re: random dns queries with random sources

On 02/18/2014 07:59 PM, Joe Maimon wrote: Doug Barton wrote: On 02/18/2014 07:08 PM, Joe Maimon wrote: Thousand of queries with thousands of source ip addresses. Pardon if I missed a memo, but how are your resolver systems receiving these thousands of very different source addresses? Doug

Re: DNS resolver reaction to non-reachable authoritative DNS server

On 03/13/2014 12:35 AM, Anurag Bhatia wrote: Hello there! I am trying to troubleshoot a case of DNS failure issue with one of Indian Govt's domain (nic.in). I can see that 1 out of 4 authoritative DNS server is IPv6 only. We have quite a few users running IPv4 only setup and hence 1/4 of these

Re: DNS resolver reaction to non-reachable authoritative DNS server

On 3/13/2014 5:23 PM, Mark Andrews wrote: If your customers are using BIND there is a flag you can supply to named >to cause it to operate only in IPv4. That would avoid this problem >altogether. > And is basically not needed as the IP stack (with the exception of Solaris) informs named when th

Re: How to catch a cracker in the US?

On 03/16/2014 08:51 PM, Jay Hennigan wrote: On 3/13/14 6:22 AM, Sholes, Joshua wrote: If one came up in this field with a mentor who was old school, or if one is old school oneself, one tends use the original (as I understand it) definitions--a "cracker" breaks security or obtains data unlawful

Re: misunderstanding scale

On 03/22/2014 08:47 AM, Robert Webb wrote: First, there may be those that do not require IPv6 due to size. It is a mistake to believe that the only reason to add IPv6 to your network is size. Adding IPv6 to your network _now_ is the right decision because at some point in the not-too-distant

Re: misunderstanding scale

On 03/22/2014 10:16 AM, Nick Hilliard wrote: On 22/03/2014 16:29, Doug Barton wrote: It is a mistake to believe that the only reason to add IPv6 to your network is size. Adding IPv6 to your network _now_ is the right decision because at some point in the not-too-distant future it will be the

Re: arin representation

On 3/24/2014 9:03 PM, Owen DeLong wrote: [0] As a member of the nominating committee in question, I will disagree with your claim that our declining to nominate you constitutes rigging the election. While I can’t disclose the details due to NDA restrictions on the NomCom, I will say that in my ex

Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

On 04/08/2014 10:28 PM, Matt Palmer wrote: On Wed, Apr 09, 2014 at 12:18:00AM -0500, jamie rishaw wrote: Here's the only way to keep a system safe from Internet hackers: http://goo.gl/ZvGrXw [google images] /me is disappointed that wasn't a pair of scissors ... or a backhoe

Re: DNSSEC?

On 04/11/2014 11:35 AM, Barry Shein wrote: So, DNSSEC is also compromised by this heartbleed bug, right? There is nothing in the DNSSEC protocol that requires the Heartbeat functionality. However whether a specific implementation of DNS software is vulnerable or not depends on how it's compil

Re: Kit to split a 19" closet?

Please don't reply to a message on the list and change the subject line. Doing so causes your new topic to show "under" the previous one for those using mail readers that thread properly, and may cause your message to be missed altogether if someone has blocked that thread. Instead, save the l

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 12:59 PM, Patrick W. Gilmore wrote: On Apr 14, 2014, at 15:47 , Scott Howard wrote: On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker wrote: At least one vendor, Akamai is helping out now: http://marc.info/?l=openssl-users&m=139723710923076&w=2 I hope other vendors will follow sui

Re: DMARC -> CERT?

On 04/14/2014 01:20 PM, Christopher Morrow wrote: On Mon, Apr 14, 2014 at 4:10 PM, Scott Howard wrote: Whilst I don't agree with the way that Yahoo has done this (particularly around communication), how could they have communicated this better? how can we all learn from this? The obvious on

Re: DMARC -> CERT?

On 04/14/2014 01:38 PM, Christopher Morrow wrote: On Mon, Apr 14, 2014 at 4:28 PM, Doug Barton wrote: The obvious ones would have been to announce a flag day somewhere far enough in advance to give list software devs time to adapt, and to work with list software devs on a solution. where

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 05:50 PM, John Levine wrote: In article <534c68f4@cox.net> you write: On 4/14/2014 9:38 AM, Matthew Black wrote: Shouldn't a decent OS scrub RAM and disk sectors before allocating them to processes, unless that process enters processor privileged mode and sets a call flag? I r

Re: Thank you Comcast

Please don't reply to a message on the list and change the subject line. Doing so causes your new topic to show "under" the previous one for those using mail readers that thread properly, and may cause your message to be missed altogether if someone has blocked that thread. Instead, save the l

Re: Requirements for IPv6 Firewalls

On 04/18/2014 12:57 AM, Enno Rey wrote: I fully second Sander's input. I've been involved in IPv6 planning in a number of very large enterprises now and_none_ of them required/asked for (66/overloading) NAT for their firewall environments. A few think about very specific deployments of NPTv6 l

Re: Requirements for IPv6 Firewalls

On 04/18/2014 07:58 PM, Enno Rey wrote: Hi, On Fri, Apr 18, 2014 at 11:59:04AM -0700, Doug Barton wrote: On 04/18/2014 12:57 AM, Enno Rey wrote: I fully second Sander's input. I've been involved in IPv6 planning in a number of very large enterprises now and_none_ of them required

Re: Requirements for IPv6 Firewalls

On 04/22/2014 12:18 PM, Christopher Morrow wrote: Roland's saying basically: 1) if you deploy something on 'the internet' you should secure that something 2) the securing of that 'thing' should NOT be be placing a stateful device between your users and the 'thing'. In a simple case of:

Re: Requirements for IPv6 Firewalls

On 04/22/2014 01:15 PM, Matthew Huff wrote: I wouldn't manage a corporate network without a centrally managed firewall (stateful; or not). Matthew, No one is saying that. What Roland is saying, and the position that I agree with, is that putting a firewall in front of a system _that is inte

Re: Requirements for IPv6 Firewalls

On 04/22/2014 01:49 PM, George Herbert wrote: As long as the various stateful firewalls and IDS systems offer hostile action detection and blocking capabilities that raw webservers lack, there are certainly counterarguments to the "port filter only" approach being advocated here. Right, but now

Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post

On 04/27/2014 03:15 PM, Jay Ashworth wrote: - Original Message - From: "Hugo Slabbert" But this isn't talking about transit; this is about Comcast as an edge network in this context and Netflix as a content provider sending to Comcast users the traffic that they requested. Is there r

Re: Observations of an Internet Middleman (Level3) (was: RIP Network Neutrality

On 05/12/2014 12:48 PM, Livingood, Jason wrote: Also Amazon seems to be experimenting with direct delivery in some areas in order to provide a level of delivery quality they don’t feel they can get via 3rd party Someone wake me up when RFC 1149 gets updated to "IP Datagrams on Drone Carriers

Re: rz.verisign-grs.com root zone ftp access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/20/2014 02:21 PM, Brandon Applegate wrote: | Is anyone using this and having failed login for a few days now ? I?ve been mirroring the root zone(s) for years and I just started getting failures in my logs. I emailed an address I found on the

Re: rz.verisign-grs.com root zone ftp access

27;s the way I recommend people go. YMMV. Doug On 05/20/2014 10:42 PM, Mehmet Akcin wrote: F-root also allows you to axfr root-zone ( dig @f.root-servers.net . axfr ) On May 20, 2014, at 10:32 PM, Doug Barton wrote: Signed PGP part On 05/20/2014 02:21 PM, Brandon Applegate wrote: | Is any

  1   2   3   >