Hello Have you tried
https://github.com/blblack/gdnsd you can view usage at http://www.youtube.com/watch?v=WF75IGx9svM art On Mar 21, 2013, at 7:00 AM, nanog-requ...@nanog.org wrote: > Send NANOG mailing list submissions to > nanog@nanog.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.nanog.org/mailman/listinfo/nanog > or, via email, send a message with subject or body 'help' to > nanog-requ...@nanog.org > > You can reach the person managing the list at > nanog-ow...@nanog.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of NANOG digest..." > > > Today's Topics: > > 1. Re: Why are there no GeoDNS solutions anywhere in sight? > (Constantine A. Murenin) > 2. Re: routing table go boom (Randy Bush) > 3. 2012 internet census (Randy Bush) > 4. Re: Why are there no GeoDNS solutions anywhere in sight? > (Simon Lyall) > 5. Re: Why are there no GeoDNS solutions anywhere in sight? > (bmann...@vacation.karoshi.com) > 6. Cisco password implementation trubs: weakened strength? > (jamie rishaw) > 7. Re: Cisco password implementation trubs: weakened strength? > (Nick Hilliard) > 8. Re: Cisco password implementation trubs: weakened strength? > (Jimmy Hess) > 9. Re: Why are there no GeoDNS solutions anywhere in sight? > (Masataka Ohta) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 21 Mar 2013 00:23:02 -0700 > From: "Constantine A. Murenin" <muren...@gmail.com> > To: Masataka Ohta <mo...@necom830.hpcl.titech.ac.jp> > Cc: nanog@nanog.org > Subject: Re: Why are there no GeoDNS solutions anywhere in sight? > Message-ID: > <capkknb4g++kaxmj9y5n-0j2dt+p7yn_xmvxcr7vithh4rf6...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > On 20 March 2013 21:29, Masataka Ohta <mo...@necom830.hpcl.titech.ac.jp> > wrote: >> Constantine A. Murenin wrote: >> >>> Why even stop there: all modern browsers usually know the exact >>> location of the user, often with street-level accuracy. >> >> If you think mobile, they don't, especially because "often" is >> not at all "enough times". > > Are you suggesting that geolocation is inaccurate enough to misplace > Europe with Asia? > >>> Why is there no way to do any of this? >> >> Because it is impractical to assume an IP address can be mapped >> uniquely to a geolocation. > > Why is it impractical? If I have a server in Germany and in Quebec, > why would it be impractical to have the logic in place such that > European visitors would be contacting the server in Germany, and > visitors from US/Canada -- the one in Quebec? > > C. > > > > ------------------------------ > > Message: 2 > Date: Thu, 21 Mar 2013 09:23:08 +0200 > From: Randy Bush <ra...@psg.com> > To: Jared Mauch <ja...@puck.nether.net> > Cc: nanog@nanog.org > Subject: Re: routing table go boom > Message-ID: <m2sj3pb4ir.wl%ra...@psg.com> > Content-Type: text/plain; charset=US-ASCII > >> I certainly think there's a lot that can be done at middle-layers, eg: >> tunnels >> to a few different providers. I can be on a Comcast CM and ATT DSL link and >> establish a link to a tunnel destination in Chicago that is low-latency for >> me >> and the bits will all flow that way. >> >> The last mile loop problem though? > > sweden and japan, among others, have some experiences (good and > mediocre) in this area > > randy > > > > ------------------------------ > > Message: 3 > Date: Thu, 21 Mar 2013 10:24:51 +0200 > From: Randy Bush <ra...@psg.com> > To: North American Network Operators' Group <nanog@nanog.org> > Subject: 2012 internet census > Message-ID: <m2ppytb1nw.wl%ra...@psg.com> > Content-Type: text/plain; charset=US-ASCII > > nice piece of work > > http://internetcensus2012.bitbucket.org/paper.html > > as cristel says, better coverage than atlas and no need for user > credits! :) > > randy > > > > ------------------------------ > > Message: 4 > Date: Thu, 21 Mar 2013 21:26:46 +1300 (NZDT) > From: Simon Lyall <si...@darkmere.gen.nz> > To: nanog@nanog.org > Subject: Re: Why are there no GeoDNS solutions anywhere in sight? > Message-ID: > <alpine.deb.2.00.1303212112110.28...@green.darkmere.gen.nz> > Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed > > On Thu, 21 Mar 2013, Constantine A. Murenin wrote: >> Why is it impractical? If I have a server in Germany and in Quebec, >> why would it be impractical to have the logic in place such that >> European visitors would be contacting the server in Germany, and >> visitors from US/Canada -- the one in Quebec? > > But what if the server in Quebec is a little VPS on a 10Mb/s link while > the one in Germany is a rack of servers on a 10Gb/s link? > > What if I just want the server in Quebec to serve people from Canada and > the one in Germany serves the rest of the world? > > What if it is 4am in Quebec but 9am in Germany? (it is right now) > > What if I have half a dozen pops worldwide? > > What if I have 20? 200? 2000? > > What is closer to a user in New Zealand, A Pop in Japan, Singapore or LA? > > The main thing with GSLB is: > > The little guys don't need it, > The medium sized sites outsource, > The big guys roll their own. > > Personally I outsource and it works very well. > > -- > Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ > "To stay awake all night adds a day to your life" - Stilgar | eMT. > > > > > ------------------------------ > > Message: 5 > Date: Thu, 21 Mar 2013 08:41:40 +0000 > From: bmann...@vacation.karoshi.com > To: "Constantine A. Murenin" <muren...@gmail.com> > Cc: nanog@nanog.org > Subject: Re: Why are there no GeoDNS solutions anywhere in sight? > Message-ID: <20130321084140.gb...@vacation.karoshi.com.> > Content-Type: text/plain; charset=us-ascii > > On Thu, Mar 21, 2013 at 12:23:02AM -0700, Constantine A. Murenin wrote: >> On 20 March 2013 21:29, Masataka Ohta <mo...@necom830.hpcl.titech.ac.jp> >> wrote: >>> Constantine A. Murenin wrote: >>> >>>> Why even stop there: all modern browsers usually know the exact >>>> location of the user, often with street-level accuracy. >>> >>> If you think mobile, they don't, especially because "often" is >>> not at all "enough times". >> >> Are you suggesting that geolocation is inaccurate enough to misplace >> Europe with Asia? > > > last month, while in western australia, geoloc pegged me in utah. > this morning, geoloc pegged me in Kansas, while resident in Maryland. > > >>>> Why is there no way to do any of this? >>> >>> Because it is impractical to assume an IP address can be mapped >>> uniquely to a geolocation. >> >> Why is it impractical? If I have a server in Germany and in Quebec, >> why would it be impractical to have the logic in place such that >> European visitors would be contacting the server in Germany, and >> visitors from US/Canada -- the one in Quebec? >> >> C. > > secure dynamic update works. waht is TWC's incentive to allow clients to > update > tjheir reverse DNS delegations, esp when clients are leaving them for > T-Mobile? > > > your sugesting the cretion and deployment of something that already exists > in the LOC RR. Your rational is that LOC isn't used. If thats the case, > why would your proposal be any more successful? > > /bill > > > > ------------------------------ > > Message: 6 > Date: Thu, 21 Mar 2013 05:10:36 -0500 > From: jamie rishaw <j...@arpa.com> > To: NANOG <nanog@nanog.org> > Subject: Cisco password implementation trubs: weakened strength? > Message-ID: > <cabl6yzqff9_e9va0j15kdz1np-jv-jez1vi9lpnnewgkwmz...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > warning: I'm tired and this email is terse. > warning: for huge nerds only. > disclaimer: although I've worked with actual rocket scientists(hi Roger), > I'm. not one myself..nor am I a crypto mathnerd > > apparently, Cisco is changing its password schemas. > > old: pbkdf2 by 1k, salted > vs > New: (type 4) unsalted sha256 > .. > discuss.? > > there is a cert and Cisco sa on this.. but I'm wondering if anyone has any > opinions, yea or nay.? > > -j. > > > ------------------------------ > > Message: 7 > Date: Thu, 21 Mar 2013 10:57:02 +0000 > From: Nick Hilliard <n...@foobar.org> > To: nanog@nanog.org > Subject: Re: Cisco password implementation trubs: weakened strength? > Message-ID: <514ae77e.10...@foobar.org> > Content-Type: text/plain; charset=ISO-8859-1 > > On 21/03/2013 10:10, jamie rishaw wrote: >> apparently, Cisco is changing its password schemas. >> >> old: pbkdf2 by 1k, salted >> vs >> New: (type 4) unsalted sha256 >> .. >> discuss.? > > security advisory: > >> http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 > > which states: > >> Because of the issues discussed in this Security Response, Cisco is >> taking the following actions for future Cisco IOS and Cisco IOS XE >> releases: >> >> Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE >> releases will not generate Type 4 passwords. However, to maintain >> backward compatibility, existing Type 4 passwords will be parsed and >> accepted. Customers will need to manually remove the existing Type 4 >> passwords from their configuration. > > Kudos to Cisco - this was the right thing to do. > > Nick > > > > > ------------------------------ > > Message: 8 > Date: Thu, 21 Mar 2013 06:22:52 -0500 > From: Jimmy Hess <mysi...@gmail.com> > To: jamie rishaw <j...@arpa.com> > Cc: NANOG <nanog@nanog.org> > Subject: Re: Cisco password implementation trubs: weakened strength? > Message-ID: > <caaawwbvxuhr4v4o3_qqjhbxdttay0d0jumcnnbyovgdzzs6...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > On 3/21/13, jamie rishaw <j...@arpa.com> wrote: >> New: (type 4) unsalted sha256 > > Good for them; DES Crypt and MD5 crypt are dead... however, I hope > they have misspoken then... because that move would make no > sense... moving to simple unsalted SHA256 as the new hash type would > definitely increase the performance of potential password cracking > attempts against passwords stored at rest, instead of addressing the > massive increase in cheap computing power (which will necessitate all > software vendors who are concerned about stored password security, > stop using older crypt algorithms yesterday). > > In other words; they would be moving to a weaker hashing algorithm if > selecting unsalted SHA -- more hashes per second of SHA256 could be > computed per second on equivalent GPU than hashes per second of MD5 > Crypt. > > PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required > for a password cracker); Bcrypt stronger than PBKDF2 with appropriate > work factor selected (more time _and_ larger amounts of memory space > required thwarting GPUs); etc. > > > Also, on what platform have they already used anything stronger than Unix > crypt? > > As far as I knew, Cisco were always using; 'type 7' password blobs > vigenere based symmetric encryption with a factory-defined key, type > 6 symmetric encrypted storage (with des/aes key obscured from view), > or type 5 basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm > used in FreeBSD. > > >> I'm. not one myself..nor am I a crypto mathnerd >> apparently, Cisco is changing its password schemas. >> old: pbkdf2 by 1k, salted >> vs >> New: (type 4) unsalted sha256 >> .. >> discuss.? >> >> there is a cert and Cisco sa on this.. but I'm wondering if anyone has any >> opinions, yea or nay.? > > -- > -JH > > > > ------------------------------ > > Message: 9 > Date: Thu, 21 Mar 2013 20:36:36 +0900 > From: Masataka Ohta <mo...@necom830.hpcl.titech.ac.jp> > To: "Constantine A. Murenin" <muren...@gmail.com> > Cc: nanog@nanog.org > Subject: Re: Why are there no GeoDNS solutions anywhere in sight? > Message-ID: <514af0c4.7000...@necom830.hpcl.titech.ac.jp> > Content-Type: text/plain; charset=ISO-2022-JP > > Constantine A. Murenin wrote: > >> Are you suggesting that geolocation is inaccurate enough to misplace >> Europe with Asia? > > Yes, of course. > > Think mobile. > > Masataka Ohta > > > > End of NANOG Digest, Vol 62, Issue 67 > *************************************