IPv6 only experiment already yielding results

[Joao Damas]

http://plutarco.lab.bt.es/html/ipv6/global_results.html

google now available over IPv6 at ipv6.google.com, just in time for  
the outage later today.

Thanks to Juan Pedro Cerezo for running the website
Joao
___
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: [DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP

[Joao Damas]

It does indeed as Stephane pointed out.
Opening up your resolver so you can server roaming users, without  
further protection, is, at best, naive.


Joao

On 28 Sep 2007, at 12:15, Jaap Akkerhuis wrote:



There are two major reasons for an organization to not want  
roaming

users to trust locally-assigned DNS servers.

Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.

I seem to remember that the ID actually mentions that.

jaap

___
DNSOP mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/dnsop



___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: [ipv6-wg@ripe.net] RE: /48 micro allocations for v6 root servers, was: national security

[Joao Damas]

On 9 Dec, 2003, at 2:20, Jeroen Massar wrote:

-BEGIN PGP SIGNED MESSAGE-

[2 mails into one again]

Bill Manning [mailto:[EMAIL PROTECTED] wrote:

% Expect to see routers being optimized that will only route
% the upper 64bits of the address, so you might not want to do
% anything smaller than that.
This, if it happens, will be exactly opposed to
the IPv6 design goal, which was to discourage/prohibit
hardware/software designers from making presumptions or
assumptions about the size of prefixes and HARDCODING them
into products.
Good point. With current allocation schemes it should work but
maybe in the future, for anything outside 2000::/3 it could
indeed change and then the above could indeed break.
Hope the implementators of routing engines did notice that
unlike what I did :)
%  Root nameservers are a very different story of course...
%
% A /32 contains 65k /48's, so these IX blocks could provide for
% enough /48's for 65k IX's, thus unless that switch at the back
% of my desk, which connects 'neighbours' too is to be called an
% IX, because they have a linux router and me too and they speak
% BGP is going to be called an IX it shouldn't be a problem if
% the same block is used for 26? and maybe 3 tld servers per country.
%
% At least everybody will know that that /32 will have more specifics.
%
% Greets,
%  Jeroen
	2001:0478:: was delegated expressly for IX and core infrastructure.
- - is this documented somewhere?
  (google on the prefix only returns discussions about it's use ;)
- - is it available to the world(tm) as it looks like this is only
  available for exchanges managed by EP as per 
http://www.ep.net/wtgipa.html
  Thus also to the RIPE/APNIC/LACNIC region ?
  Regionalizing a root-server shouldn't be the case anyways as it
  shouldn't be bound to a certain spot.

I, personally, see absolutely no problem into making it the 'critical 
infra'
or 'root server' prefix, when it is documented correctly. EP.NET acts 
as
a neutral body, with this way kinda of a sub-RIR though. All 
root-servers
should be using the space then btw, not a few, but all of them.


No, no and definitely no!!!

It is one thing to put all IXP prefixes in the same block, after all it 
does not matter if they are not seen in the global Internet as, in 
fact, they should not be visible.

However, putting public infrastructure all in the same prefix is about 
the worst idea I have heard in some time. One hiccup would kill them 
all at the same time.

Joao Damas
ISC