Re: Why used DHCPv6 when RA has RDNSS and DNSSL?
On Wed, Apr 01, 2020 at 10:56:03AM +0200, Jens Link wrote: > people can't/won't read headers. Most mail clients hide them pretty > well. I guess that most people don't even konw they are there. Correct, but appending footers is a problem with cryptographic signatures, so a pretty much no-go too. There is the the issue of email address ownership changing to "non-enlightened" folks, as well as malware out there actually able to perform double opt-in subscription to Mailman lists via email. I've seen it happen. So there ARE unsuspecting, innocent people ending up subscribed here who have ZERO idea how they got here, nor how they get off the list. I have to clue myself up how other list ops deal with that. But I see that there is certainly no "magic bullet" that doesn't have severe drawbacks. Email is becoming more and more unusable due to the defensive measures being taken against spam, phishing and other malicious use of email. On a side note to all: I would prefer not to prolong this discussion here so much as it's quite off-topic. At minimum open a new thread (a new thread, not just change subject) so people have a chance to filter. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Why used DHCPv6 when RA has RDNSS and DNSSL?
On Wed, Apr 01, 2020 at 10:01:21AM +0200, Webmaster wrote: > By the way ... I just realized that the list is not handling correctly > DMARC users. So my own emails when they come back, go to the spam > folder, which means they are going to the spam folder of many folks. One could argue that this is the problem of the DMARC user, expecting the world to adjust to their personal believe how to combat the deficiencies of email. But I don't. :) FYI, you're the first to complain/note a DMARC issue with the lists I'm hosting (with >10k subs), so doesn't seem to be a widespread problem yet. > This was a problem with IETF and RIRs exploders and I believe they > applied some patch or mailman/pipermail upgrade to resolve it. I'm working on upgrading Mailman in the coming weeks and will also revisit DMARC and other stuff at that point. Best regards, Daniel PS: btw, you're posting as "webmaster@" - rly? -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Why used DHCPv6 when RA has RDNSS and DNSSL?
On Wed, Apr 01, 2020 at 09:29:45AM +0200, JORDI PALET MARTINEZ wrote: > If you’re receiving the messages is because YOU subscribed to the list. Not necessarily. Especially with the big freemailers, email accounts sometimes change owners... where old owner didn't unsub from all mailing lists, especially the low volume ones. I've taken care of that. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Link-local and ACLs
On Mon, Jul 24, 2017 at 05:51:37PM +, Goddess: Primal Chaos wrote: > ### Do not reply below this line ### > > - > Goddess: Primal Chaos | July 24, 2017 | 18:51 +0100 > - > > Dear player, This has been remedied. You should see no further auto-replies from them. Best regards, Daniel (list admin)
Re: SV: SV: SV: CPE Residential IPv6 Security Poll
On Thu, Sep 29, 2016 at 01:50:07PM +0200, e.vanu...@avm.de wrote: > CU at BBWF ;-) We are building CPE with IPv6 on board. Which still can't even do static IPv6 routes or open firewall for adresses in prefixes not directly connected. Example: getting a /48 from upstream, either statically routing or PD'ing this to another inside router. No way to disable firewalling for those. Since AVM did close the shell access to the FB, you cannot even manually add the static routes. So FB with current OS is basically unusable for anything but directly connected networks (main/guest) in IPv6. I'm looking for a replacement for my 7390 as this problem doesn't allow me to upgrade firmware anymore (as I would lose telnet access and thus IPv6 in my home networks). Nevertheless, welcome to the list. :-) Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Fwd: Bad list subscription? Re: google path mtu?
On Mon, Jan 19, 2015 at 09:45:51AM -0700, Brielle Bruns wrote: When I posted on the list, I appear to have gotten this bounce from someone subscribed here. Could one of the list mods please check this out? This has been taken care of, thanks. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Poll on SMTP over IPv6 Usage
On Wed, Feb 19, 2014 at 10:54:14AM +0100, Gert Doering wrote: Blocking by /64 by default is likely to get collateral damage. Enough people do shared subnets with multiple customers in the same /64 - while I won't recommend it, it is *done*, and blocking the whole /64 because you have seen SPAM from a single IP out of it is hurting the wrong people. This is btw standard setup in the DOCSIS world. All CPEs get a single IP out of a shared /64. In case the CPE is not a customer PC but a router (most customers have that), of course DHCPv6-PD is used to issue prefixes. Nevertheless, there is a non-insignificant amount of people directly attaching their PCs directly to cable modems. The assumption everyone inside a /64 is the same subject is flawed, indeed. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: i...@prizmaphoto.com
On Mon, Dec 30, 2013 at 03:14:05PM +0100, Mikael Abrahamsson wrote: Every time I post to the list I get an email back from i...@prizmaphoto.com. Could someone please check if that address is subscribed to this list, and in that case, remove it? Done. Best regards, Daniel (list admin) -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: T-Mobile goes IPv6-only on Android 4.4+ devices
On Tue, Nov 05, 2013 at 08:41:30AM +0100, Tore Anderson wrote: Some cool news to start the day with: http://www.dslreports.com/shownews/TMobile-Goes-IPv6-Only-on-Android-44-Devices-126506 Just that IPv6 only is a bit misleading. IPv6-only on WAN interface, but in fact it's dual-stack. Anyway - nice to see, congrats to the ones involved in that effort! Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Over-utilisation of v6 neighbour slots
On Fri, Oct 25, 2013 at 11:55:05AM +0200, Andrew Yourtchenko wrote: rantI presume that those who want ultimate privacy have inspected their browsers to not do evercookies[1], removed any features in their browsers identifying them via the fingerprint, and ensured that the call-home feature of their favourite operating system and the apps is deactivated, as well as taking care that they manually reconfigure the new mac address on each new connection. /rant Excellent point. Identification via IP address is the least point of concern to me (as long as the host part doesn't use a GUID of course). But making a lot of fuzz about prefix randomization like some German ISPs do in the press nicely distracts from the real powerful identification methods you mentioned - which are widely used. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Over-utilisation of v6 neighbour slots
On Thu, Oct 24, 2013 at 03:14:52PM +0200, Martin Millnert wrote: Anyway, the users will have to pay for that. Too bad users of !AAPL have to subsidize those decisions. Time for an AAPL user NAT tax? :) Interesting idea. Put AAPL-OUI's IPv4-traffic in lousy-queue in the BNG? :} Nah. The problem is that the AFTR doesn't see Ethernet MACs, so you cannot really distinguish AAPL traffic from others. Otherwise you could delay SYNs from AAPL devices by a certain amount. Or generally, help IPv6 out a little by adding general IPv4-(latency)-tax? That would punish the innocent majority. Anyway, we had this discussion before: http://lists.cluenet.de/pipermail/ipv6-ops/2012-June/007060.html Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Windows IPv6 connectivity check
Hi, when using OpenVPN dualstack tunnels, I notice that Windows doesn't realize that it has working IPv6 connectivity for a long time so it won't use the newly established IPv6 connectivity until re-checking. Is there any way to manually trigger Windows to re-check IPv6 connectivity? Best regards, Daniel
Re: IPv6 contact for www.citrix.com - MTU problem?
Hi, the issue still persists a full two years later. Wow. Best regards, Daniel On Fri, Aug 19, 2011 at 09:00:44PM -0500, Frank Bulk wrote: I found a NOC email account for Citrix and emailed it, and had a response from someone at Citrix in 15 minutes who promised to forward it on. Frank -Original Message- From: ipv6-ops-bounces+frnkblk=iname@lists.cluenet.de [mailto:ipv6-ops-bounces+frnkblk=iname@lists.cluenet.de] On Behalf Of Daniel Roesen Sent: Friday, August 19, 2011 3:08 PM To: ipv6-ops@lists.cluenet.de Subject: Re: IPv6 contact for www.citrix.com - MTU problem? Hi, On Fri, Aug 19, 2011 at 02:41:38PM -0500, Frank Bulk wrote: Matthew Luckie (who developed the scamper tool) passed this on to me, which confirms the www.citrix.com MTU issue: $ sudo ./scamper -F ipfw -I tbit -u 'http://www.citrix.com/lang/English/home.asp' 2001:1890:111e:201::15 tbit from 2001:48d0:101:501::89 to 2001:1890:111e:201::15 server-mss 1360, result: pmtud-fail app: http, url: http://www.citrix.com/lang/English/home.asp [ 0.050] TX SYN 64 seq = 0:0 [ 0.184] RX SYN/ACK 64 seq = 0:1 [ 0.184] TX 60 seq = 1:1 [ 0.184] TX254 seq = 1:1(194) [ 0.328] RX 1420 seq = 1:195(1360) [ 0.328] TX PTB 1280 mtu = 1280 [ 0.328] RX 1420 seq = 1361:195(1360) [ 0.328] RX 1420 seq = 2721:195(1360) [ 0.329] RX 1420 seq = 4081:195(1360) [ 1.190] RX 1420 seq = 1:195(1360) [ 1.190] TX PTB 1280 mtu = 1280 [ 2.901] RX 1420 seq = 1:195(1360) [ 2.901] TX PTB 1280 mtu = 1280 [ 6.521] RX 1420 seq = 1:195(1360) [ 6.521] TX PTB 1280 mtu = 1280 [ 13.764] RX 1420 seq = 1:195(1360) You can see that Matthew's server issue a PTB to the citrix server, but it continued to send back 1420 byte packets. Nice. And of course no reaction to my notice via the web form yet (I haven't found an email address to mail to). So, anybody got IPv6 contacts at ATT? After all, www.citrix.com is using (unassigned) ATT address space... Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0 -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: Windows 2008R2 MTU reverts to default
On Tue, Jun 11, 2013 at 07:29:43AM +0200, Enno Rey wrote: b) (much better): have the router advertise the lower MTU you want to use in the RAs by just setting a lower MTU on the (router) interfaces in question. See also: http://blog.ioshints.info/2013/01/mtu-issues-and-tcp-mss-clamping-in.html Guys... don't mess arbitrarily with link MTUs (RA) when you have problems with path MTU. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
outlook.office365.com broken via IPv6
Hi, given that Christopher Palmer is on this list, I doubt NANOG ml would be more helpful. CC'ing him for attention. :-) Best regards, Daniel On Tue, Apr 30, 2013 at 11:28:41AM +0100, Nick Hilliard wrote: On 30/04/2013 11:24, Bernhard Schmidt wrote: - Someone advertises records that fail to connect. See for example https://outlook.office365.com that has had broken IPv6 for weeks now. Would megaphone diplomacy work here? I.e. posting to nanog. Nick -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
