Re: orsc root server?
Chris Beggy wrote:
Is there any alternative to the orsc.org root server at
199.166.24.1 ?
; DiG 9.1.3 -t any .
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 33079
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN ANY
;; ANSWER SECTION:
. 172800 IN SOA a.public-root.net.
hostmaster.public-root.net. \
2005060112 43200 3600 1209600
14400
. 172800 IN NS a.public-root.net.
. 172800 IN NS b.public-root.net.
. 172800 IN NS c.public-root.net.
. 172800 IN NS d.public-root.net.
. 172800 IN NS e.public-root.net.
. 172800 IN NS f.public-root.net.
. 172800 IN NS g.public-root.net.
. 172800 IN NS h.public-root.net.
. 172800 IN NS i.public-root.net.
. 172800 IN NS j.public-root.net.
. 172800 IN NS k.public-root.net.
. 172800 IN NS l.public-root.net.
. 172800 IN NS m.public-root.net.
;; ADDITIONAL SECTION:
a.public-root.net. 86400 IN A 205.189.71.2
b.public-root.net. 86400 IN A 61.9.136.52
c.public-root.net. 86400 IN A 68.255.182.111
d.public-root.net. 86400 IN A 205.189.71.34
e.public-root.net. 86400 IN A 216.138.219.83
f.public-root.net. 86400 IN A 66.15.237.185
g.public-root.net. 86400 IN A 199.5.157.131
h.public-root.net. 86400 IN A 65.118.74.205
i.public-root.net. 86400 IN A 203.187.202.205
j.public-root.net. 86400 IN A 57.73.7.89
k.public-root.net. 86400 IN A 81.19.74.67
l.public-root.net. 86400 IN A 195.214.191.125
m.public-root.net. 86400 IN A 205.189.71.26
;; Query time: 135 msec
;; SERVER: 192.168.208.228#53(192.168.208.228)
;; WHEN: Thu Jun 2 08:39:06 2005
;; MSG SIZE rcvd: 481
It is more up to date. It has got
; DiG 9.1.3 -t any eu. +norecursion
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 8684
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;eu.IN ANY
;; AUTHORITY SECTION:
eu. 172800 IN NS a.eu.dns.be.
eu. 172800 IN NS b.eu.dns.be.
eu. 172800 IN NS l.nic.eu.
eu. 172800 IN NS m.nic.eu.
;; ADDITIONAL SECTION:
a.eu.dns.be.172800 IN A 193.194.136.29
b.eu.dns.be.172800 IN A 193.190.135.100
l.nic.eu. 172800 IN A 195.66.241.178
m.nic.eu. 172800 IN A 217.29.76.13
;; Query time: 32 msec
;; SERVER: 192.168.208.228#53(192.168.208.228)
;; WHEN: Thu Jun 2 08:42:51 2005
;; MSG SIZE rcvd: 161
If care about 100% availability have in your named.config:
# zone . in {
# type hint;
# file /etc/root.hint;
# };
zone . in {
type slave;
file /slave/a.public-root.net.axfr;
masters { 205.189.71.2; };
};
Here is how often my own DNS-server updates:
axfr_in(Jun-01,13:31:05,205.189.71.2,.).
axfr_in(Jun-01,02:25:33,205.189.71.2,.).
axfr_in(May-31,16:19:16,205.189.71.2,.).
axfr_in(May-31,09:16:24,205.189.71.2,.).
axfr_in(May-31,06:22:35,205.189.71.2,.).
I could live without the root-servers for about two
weeks.
Public-Root gets you ALL the IANA zones plus practically
all publically available zones like:
xn--55qx5d
try and see:
http://xn--8pru44h.xn--55qx5d/
and more than 2000 others.
More information on
http://public-root.com/
http://inaic.com/
Regards,
Peter and Karin Dambier
Public-Root
Re: orsc root server?
On Thu, 02 Jun 2005 09:19:37 +0200, Peter Dambier said: and more than 2000 others. Apparently, the ICANN crew are finally doing *something* (even if they're doing so while not having read RFC3675): http://www.cnn.com/2005/TECH/internet/06/01/internet.porn.ap/index.html Hopefully none of their 10 conflict with any of your 2000, and nobody will have to go re-read RFC2826 just yet. pgpK2JQKRwvLs.pgp Description: PGP signature
Re: VerizonWireless.com Mail Blacklists
* [EMAIL PROTECTED] (Brad Knowles) [Thu 02 Jun 2005, 06:33 CEST]: You should most definitely be actively participating in the appropriate forums. Failure to do so should be considered a corporate statement that you implicitly condone any and all such activities that occur on your networks. Oooh, threatening, Mr Knowles! And completely lunatic, too. However, this discussion should be held in one of those forums where it is more appropriate to discuss this subject. Unfortunately, you don't participate in any of them. Are you sure you want to inflict a sizeable portion of the Internet's entire population on one certain mailing list? Your claim to fame that you had something to do with AOL's mail servers once may not be sufficient to support this. -- Niels. -- The idle mind is the devil's playground
Re: United.com having DNS issues?
* Christopher L. Morrow: i don't think so, the united.com domain was those two earlier today, with www.united.com NS from dns01/02.uls-prod.com ... though I've seen this situation change some throughout the day as well with the dcXlbs1 boxes in the mix as well. Asking direcly from dns01/02 gets you records for SOME things but not others and servfail 'often' for www.united.com. The COM zone list the dc?lbs1.uls-prod.com servers as authoritative, while the UNITED.COM zone contains NS records for dns0?.uls-prod.com. Maybe this contributes to the confusion. As far as I can tell, neither the NS records nor the A records have recently changed.
Re: Verizon is easily fooled by spamming zombies
There is no real reason why you should be able to email out with [EMAIL PROTECTED] using Verizon's own servers. Not even if you use an SMTP AUTH session and clearly establish your identity as a customer of Verizon? Seems to me that an authenticated SMTP session tends to narrow down the potential source of an email if there is a desire to identify the perpetrator. Some people might consider this to be a good thing. --Michael Dillon
Re: orsc root server?
[EMAIL PROTECTED] wrote: Apparently, the ICANN crew are finally doing *something* (even if they're doing so while not having read RFC3675): http://www.cnn.com/2005/TECH/internet/06/01/internet.porn.ap/index.html Hopefully none of their 10 conflict with any of your 2000, and nobody will have to go re-read RFC2826 just yet. I am not afraid of ICANN. They are predictable and fast as an iceberg. Chinese governements are far less predictable but they try to be ICANN compatible. I am really afraid of Microsoft: Last time they have broken localhost now they do it again with local and what new toplevel domains next windows update will bring - not even Bill Gates knows. local did collide! What ever you answer for *.local will break their directory services. The only reliable solution seems to be: $TTL 2D $ORIGIN local. @ 2D SOA dns.cp.msft.net. msnhst.microsoft.com. 2005053100 300600 2419200 3600 MX 10 maila.microsoft.com. MX 10 mailb.microsoft.com. MX 10 mailc.microsoft.com. TXT v=spf1 mx redirect=_spf.microsoft.com NS ns1.msft.net. NS ns2.msft.net. NS ns3.msft.net. NS ns4.msft.net. NS ns5.msft.net. ns1.msft.net. A 207.46.245.230 ns2.msft.net. A 64.4.25.30 ns3.msft.net. A 213.199.144.151 ns4.msft.net. A 207.46.66.75 ns5.msft.net. A 207.46.138.20 I guess that would solve the localhost problem too - but it does not give the right answer :) Reagards, Peter and Karin Dambier Public-Root http://iason.site.voila.fr
Re: orsc root server?
On Thu, 2 Jun 2005 [EMAIL PROTECTED] wrote: http://www.cnn.com/2005/TECH/internet/06/01/internet.porn.ap/index.html |ICM contends the xxx Web addresses, which it plans to sell for $60 a |year, will protect children from online smut if adult sites voluntarily |adopt the suffix so filtering software used by families can more |effectively block access to those sites How is charging $60/year going to protect children from online smut? if anything it'll still be that less reputable will continue to use less expensive domains. Also I'm curious how much of that $60 will go to ICANN packet? If not much then ICM is getting really good deal, amazingly good deal, a monopoly heaven in fact that reminds me of another TLD decision mentioned at nanog that ICANN is about to make official... -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: orsc root server?
On 02 Jun 2005, Peter Dambier [EMAIL PROTECTED] wrote: Public-Root gets you ALL the IANA zones plus practically all publically available zones like: juniata# dig @a.public-root.net doesnt.suck ; DiG 9.2.4 @a.public-root.net doesnt.suck ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 46372 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;doesnt.suck. IN A ;; AUTHORITY SECTION: suck. 172800 IN NS tld1.public-root.net. suck. 172800 IN NS tld2.public-root.net. ;; ADDITIONAL SECTION: tld1.public-root.net. 172800 IN A 84.22.100.6 tld2.public-root.net. 172800 IN A 57.67.193.188 ;; Query time: 119 msec ;; SERVER: 205.189.71.2#53(a.public-root.net) ;; WHEN: Thu Jun 2 08:40:20 2005 ;; MSG SIZE rcvd: 114 OK! public-root.net does resolve the important publicly available zones. Thanks.
Re: orsc root server?
On Thu, 2005-06-02 at 03:28 -0700, william(at)elan.net wrote: On Thu, 2 Jun 2005 [EMAIL PROTECTED] wrote: http://www.cnn.com/2005/TECH/internet/06/01/internet.porn.ap/index.html |ICM contends the xxx Web addresses, which it plans to sell for $60 a |year, will protect children from online smut if adult sites voluntarily |adopt the suffix so filtering software used by families can more |effectively block access to those sites How is charging $60/year going to protect children from online smut? if anything it'll still be that less reputable will continue to use less expensive domains. IANA doesn't read rfc3675 I guess http://www.ietf.org/rfc/rfc3675.txt RFC 3675 - .sex Considered Dangerous 8- Periodically there are proposals to mandate the use of a special top level name or an IP address bit to flag adult or unsafe material or the like. This document explains why this is an ill considered idea from the legal, philosophical, and particularly, the technical points of view. -8 or to make it very easy, for the folks who don't want to read it, here is a nice ascii-art picture from the RFC: 8- +-+ | . (root) zone | | .com .org .net .us .uk .sex ... | +---+---+-+ | | V V ++ ++ | .com zone | | .sex zone | | example.com ... | | example.sex ... | +---++ +---++ | | V V +-+ +--+ | example.com zone | | example.sex zone | | | | | | purity.example.com -+--+ +---+- obscene.example.sex | | virtue.example.com | | | | porn.example.sex | | | | | | || | +--+--+ | | ++-+ | +--+--+ | | +-+ | | V VV V +-+ +--+ | Virtuous Data | | Salacious Data | +-+ +--+ --8 Now can IANA stop doing silly stuff like earning money and start working on managing IP resources properly? Also I'm curious how much of that $60 will go to ICANN packet? If not much then ICM is getting really good deal, amazingly good deal, a monopoly heaven in fact that reminds me of another TLD decision mentioned at nanog that ICANN is about to make official... per country tld's was a good idea, they should have required [com|org| ersonal].cc-tld though. The addition of com/net/org. could then be used for international stuff. All those silly new things like .jobs/travel/museum/aero etc don't make sense, those are either org's or com's. Too late to fix that now... Greets, Jeroen signature.asc Description: This is a digitally signed message part
OT: NOC Display's
This is kind of off topic, so please feel free to delete if you want grin.. Anyway, in our NOC we current have two LCD projectors displaying outputs from two different computers. On one of the display's, I would like to be able to take 4 VGA outputs from 4 workstations, and display it on the screen (aka: Hollywood square style). Does anyone have any recommendations for an inexpensive device that will take care of this? I have found some nice devices in the 10k price range, which needless to say is a little outside the budget. Security companies sell these devices for Video for around $500, so I'm figure someone should have a VGA version of the device. Thanks! Spencer Spencer Wood, Network Manager Ohio Department Of Transportation 1320 Arthur E. Adams Drive Columbus, Ohio 43221 E-Mail: [EMAIL PROTECTED] Phone: 614.644.5422/Fax: 614.887.4021/Cell: 614.774.3123 *
Re: OT: NOC Display's
Anyway, in our NOC we current have two LCD projectors displaying outputs from two different computers. On one of the display's, I would like to be able to take 4 VGA outputs from 4 workstations, and display it on the screen (aka: Hollywood square style). This kind of problem is normally solved using software. If the applications driving the 4 VGA displays are all using X-Windows, then try an X Window manager that supports capturing a window and displaying it in miniature form in a dashboard or button bar. It should be possible to adapt this easily to display the 4 applications in a 2 x 2 matrix. If the applications driving the displays are not using X-Windows then it should still be possible to build an X based solution but you would have to start by using VNC on the application machines to provide a remote viewer that can display window contents on the X machine. Chances are you already have people with the skills to do this whose time is not fully occupied in their day job. If so, the marginal cost could be close to zero. --Michael Dillon
Re: OT: NOC Display's
On Thu, Jun 02, 2005 at 08:54:39AM -0400, Spencer Wood wrote: Anyway, in our NOC we current have two LCD projectors displaying outputs from two different computers. On one of the display's, I would like to be able to take 4 VGA outputs from 4 workstations, and display it on the screen (aka: Hollywood square style). Does anyone have any recommendations for an inexpensive device that will take care of this? I have found some nice devices in the 10k price range, which needless to say is a little outside the budget. Security companies sell these devices for Video for around $500, so I'm figure someone should have a VGA version of the device. A VGA (much less XVGA, which is probably what you really need) quad splitter is likely to be pricey as crap. I'd recommend looking at using VNC from the workstation you have now to pick up the screens you need. Check out: http://www.csd.uwo.ca/staff/magi/doc/vnc/extras.html and specifically John Wilson's VNCMonitor, at: http://www.wilson.co.uk/Software/vnc/VncMonitor.htm which sounds like it will do the splitting for you. I've never used it personally, but it sounds like it might do what you need. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: OT: NOC Display's
On Thu, 02 Jun 2005 14:43:55 BST, [EMAIL PROTECTED] said: If the applications driving the 4 VGA displays are all using X-Windows, then try an X Window manager that supports capturing a window and displaying it in miniature form in a dashboard or button bar. It should be possible to adapt this easily to display the 4 applications in a 2 x 2 matrix. Or recent Xorg servers support the Xinerama extension, which will do a lot of the heavy lifting for you... We now return to our regularly scheduled flamefest about RFCs 3675 and 2826.. ;) pgpodLlshaHJN.pgp Description: PGP signature
Re: OT: NOC Display's
On 2 Jun 2005, [EMAIL PROTECTED] wrote: Anyway, in our NOC we current have two LCD projectors displaying outputs from two different computers. On one of the display's, I would like to be able to take 4 VGA outputs from 4 workstations, and display it on the screen (aka: Hollywood square style). This kind of problem is normally solved using software. If the applications driving the 4 VGA displays are all using X-Windows, then try an X Window manager that supports capturing a window and displaying it in miniature form in a dashboard or button bar. It should be possible to adapt this easily to display the 4 applications in a 2 x 2 matrix. An X window manager like ratpoison or ion can easily do 2x2 tiling of windows, mixing continuously displayed host and remote node sessions. Chris
ICANN approves new .xxx TLD
http://icann.org/announcements/announcement-01jun05.htm - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
The funny thing about e-mail handling...
...is that the first rejection/bounce I recieved because of the subject line of my previous message to the list [see below] was from DISA. I find an enormous amount of humor in that. ;-) - ferg [snip] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Symantec Mail Security detected that you sent a message containing prohibited content (SYM:03920966862936343196) Date: Thu, 2 Jun 2005 14:26:59 - Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Microsoft CDO for Exchange 2000 Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-OriginalArrivalTime: 02 Jun 2005 14:26:59.0395 (UTC) FILETIME=[22E64130:01C5677F] X-ContentStamp: 1:1:4025505857 X-UNTD-Peer-Info: 131.80.32.7||noccb2k07.nocc.disa.mil|NortonAVExchange@ nocc.disa.mil X-UNTD-UBE:-1 Subject of the message: ICANN approves new .xxx TLD Recipient of the message: nanog@merit.edu nanog@merit.edu [snip] -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
ICANN cannot decide, oh what fun we have in this .net world :)
A controversial vote to give VeriSign control of the .net registry for the next six years has stalled. http://www.theregister.co.uk/2005/06/02/net_vote_stalls/ Colin Johnston
Meeting stats from Seattle
NANOG 34 May 15-17, 2005 Seattle, Washington Host: Switch and Data -- Total attendance458 Women attendees 9% (up from 7% in Las Vegas) NAPs represented 11 Univ./Colleges repr. 13 Non-US/Canada/Mexico attendees 19 Attendee occupation breakdown: Vegas Seattle - --- ISPs/NetOps 44% 50% Hardware vendors 20% 15% Software vendors 3% 4% RE 11% 9% Government 4% 3% Consultant 4% 3% Content provider 3% 4% Other 11% 12% Presentation proposals reviewed by Program Committee: Total submissions: 27 (up from 22 in Las Vegas) (20 rec'd. before CFP deadline, 7 after) On-time talks accepted: 19 On-time talks rejected: 1 Late submissions: 7 Late submissions accepted: 4 (1 later withdrawn by author) Support: Meeting coordination: Merit Network Host: Switch and Data Squid, DNS, DHCP: Measurement Factory, Table23 Multicast: University of Oregon IPv6 feed: Merit Sponsors: Alcatel, Arbor, Cariden, Cisco, Force10, Internap, Juniper, Redback Maximum RealMedia streaming participants: 102
Re: VerizonWireless.com Mail Blacklists
At 10:37 AM +0200 2005-06-02, Niels Bakker wrote: Failure to do so should be considered a corporate statement that you implicitly condone any and all such activities that occur on your networks. Oooh, threatening, Mr Knowles! Threatening? No, I don't think so. Something to be concerned about? Yes. However, this discussion should be held in one of those forums where it is more appropriate to discuss this subject. Unfortunately, you don't participate in any of them. Are you sure you want to inflict a sizeable portion of the Internet's entire population on one certain mailing list? A sizable portion of the Internet's entire population are network or access providers who have mail servers or who provide access to mail servers through their network, and who are not already on the appropriate forums? If that is an accurate statement, then I would be very, very concerned for the future of the Internet. Your claim to fame that you had something to do with AOL's mail servers once may not be sufficient to support this. At the time, on a volume basis, I was probably responsible for as much or more anti-spam work than anyone else around. I know that things have grown a great deal since then, but I imagine that there are probably still plenty of places that have fewer than ten million customers and doing less than ten million messages per day, and yet they are also to be found on the appropriate forums. So, I figure I'm still in pretty good company. Of course, spam-l is not the only appropriate forum where discussions of that sort should be held. Now, if we're done with the personal attacks, can we get back to subjects that are appropriate for this forum? -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
NYSE Trading Halt Triggered by 'Network Storm'
I don't suppose anyone knows any further details beyond this media snippet? - ferg [snip] An error message that was duplicated millions of times overwhelmed network routers at the New York Stock Exchange Wednesday, leading to a four-minute halt in trading just before the closing bell. Trading resumed normally at 9:30 a.m. Thursday. In a statement, the NYSE blamed the system failure, which suspended trading at 3:56 p.m., on a communication problem. In an interview Thursday with cable-news channel CNBC, NYSE CEO John Thain said the problem was caused by a network storm in which an error message was created and then duplicated millions of times, overwhelming both the system's primary and backup network routers. [snip] http://www.informationweek.com/story/showArticle.jhtml?articleID=163703141 -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: VerizonWireless.com Mail Blacklists
John Bittenbender wrote: We don't provide email services to our customers. Sure you do. When I was a VZW customer, I had a vtext.com email address and a few aliases. (BTW, you should provide better spam filtering to your customers who use SMS, but that's something we can talk about offlist as it's not relevant to NANOG.) -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED The wisdom of a fool won't set you free --New Order, Bizarre Love Triangle
Fwd: NYSE Trading Halt Triggered by 'Network Storm'
I dont want join the ranks of conspiracy theorists, but i must point out the coincidence that this minor digital spanking occurred exactly at the same time the NYSE members (folks whom own seats on the exchange) filed suit to block NYSE's proposed merger with electronic trading firm Archipelago Holdings Inc., saying the deal is unfair to exchange members. The members feel the old manual way of doing trades (where they get a cut of every transaction) is best and that they dont need the electronic trading. --- In fact one of their contentions is that the online system is not foolproof and prone to being compromised or disrupted by terrorists etc. ...and get this -- that they are the only ones -- in face to face trading -- that can give a fair transaction --- here is the article on the members trying to block the merger: http://www.washingtonpost.com/wp-dyn/content/article/2005/05/09/ AR2005050901325.html Begin forwarded message: Trading resumed normally at 9:30 a.m. Thursday. In a statement, the NYSE blamed the system failure, which suspended trading at 3:56 p.m., on a communication problem. In an interview Thursday with cable-news channel CNBC, NYSE CEO John Thain said the problem was caused by a network storm in which an error message was created and then duplicated millions of times, overwhelming both the system's primary and backup network routers. [snip] http://www.informationweek.com/story/showArticle.jhtml? articleID=163703141
