91.192/10 to be used for PI assignments to End Users
Dear Colleagues, At recent RIPE Meetings, we have reported a steady rise in requests from our members for Provider Independent (PI) address space for End User networks. We have reclaimed and recycled space from closed Local Internet Registries to meet this demand, but we are nearing the point where the available PI space will run out. In the past, we made PI assignments from former Class C space (193/8 and 194/7). Because of the increasing demand for PI space, we made sure that we would be able to use some of our most recent allocation of address space to meet future requests. We have designated 91.192/10 for PI assignments to End User networks. When the former Class C space is exhausted, we will start to make PI assignments from 91.192/10. We will let you know when this happens. We are announcing a pilot prefix using the RIS beacons, you may want to update any filters that you have in place. The RIS beacons are announcing the following networks: 91.192.0.0/24 91.192.0.0/16 You can ping 91.192.0.1. Full details of reachable IP addresses and tools are available on our web site at: http://www.ris.ripe.net/debogon/debogon.html Regards, -- leo vegoda Registration Services Manager RIPE NCC
Re: [address-policy-wg] 91.192/10 to be used for PI assignments to End Users
On Mon, 2006-07-10 at 13:50 +0200, leo vegoda wrote: Dear Colleagues, At recent RIPE Meetings, we have reported a steady rise in requests from our members for Provider Independent (PI) address space for End User networks. Any link to the slides which might contain the expected increase for the coming years? Especially the estimated number of routes that will newly be announced using BGP because of this would be something nice to see. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [address-policy-wg] 91.192/10 to be used for PI assignments to End Users
Hi Jeroen, Jeroen Massar wrote: On Mon, 2006-07-10 at 13:50 +0200, leo vegoda wrote: Dear Colleagues, At recent RIPE Meetings, we have reported a steady rise in requests from our members for Provider Independent (PI) address space for End User networks. Any link to the slides which might contain the expected increase for the coming years? Especially the estimated number of routes that will newly be announced using BGP because of this would be something nice to see. Slides from RIPE 52 are available here: http://www.ripe.net/ripe/meetings/ripe-52/presentations/ripe52-plenary-ripe_ncc_numbers_update.pdf We have not made a growth projection in these slides because we concentrate on reporting what has happened. Regards, -- leo vegoda Registration Services Manager RIPE NCC
Sitefinder II, the sequel...
It is not VeriSign this time. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. From their FAQ: -- Why is OpenDNS smarter? We fix typos in the URLs you enter whenever we can. For example, if you're using OpenDNS craigslist.og will lead directly to craigslist.org.If we're not sure what to do with an error, we provide search results for you to choose from. How does OpenDNS make money? OpenDNS makes money by offering clearly labeled advertisements alongside search results on error pages. OpenDNS will provide additional services on top of its enhanced DNS service. ---
Re: Sitefinder II, the sequel...
On Jul 10, 2006, at 9:44 AM, Gerry Boudreaux wrote: It is not VeriSign this time. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. From their FAQ: -- Why is OpenDNS smarter? We fix typos in the URLs you enter whenever we can. For example, if you're using OpenDNS craigslist.og will lead directly to craigslist.org.If we're not sure what to do with an error, we provide search results for you to choose from. How does OpenDNS make money? OpenDNS makes money by offering clearly labeled advertisements alongside search results on error pages. OpenDNS will provide additional services on top of its enhanced DNS service. This is nothing like Verisign's SiteFinder service. OpenDNS is a product a customer -chooses- to use. There really is no comparison. -- TTFN, patrick
Re: Sitefinder II, the sequel...
Gerry Boudreaux wrote: It is not VeriSign this time. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. I think the openDNS approach is far different from the Verisign sitefinder debacle if only for the important reason that using openDNS is voluntary and using sitefinder wasn't. Also, sitefinder created a wildcard DNS record where none existed before, breaking all kinds of applications in the process, openDNS doesn't do this. So at the end of the day, people are FREE to decide what resolvers to use and whoever comes along to offer their idea of value adds can go right ahead without borking the internet. Personally I think openDNS is an idea whose time has come and that Dave Ulevitch and is crew are going to hit one out of the ballpark with this. -mark -- Mark Jeftovic [EMAIL PROTECTED] Founder President, easyDNS Technologies Inc. ph. +1-(416)-535-8672 ext 225 fx. +1-(866) 273-2892
Re: Sitefinder II, the sequel...
Gerry Boudreaux [EMAIL PROTECTED] writes: It is not VeriSign this time. It is not even remotely the same as SiteFinder either. It requires people to make a conscious decision to use different nameservers than the ones they're currently using, and is likely to get the same or less level of traction as the alternative roots have. Since it's completely opt-in, people can feel free to ignore it, as I shall. Sure would have been nice to be able to simply ignore Sitefinder. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. yawn. ---rob
Re: Sitefinder II, the sequel...
On Jul 10, 2006, at 6:44 AM, Gerry Boudreaux wrote: For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. I'm happy to answer any and all questions off-list but I want to point out one aspect that hasn't quite been messaged correctly. A big point being missed is the addition of if you want. We have written this as a recursive dns service that can do different things to different IPs. You quote from our FAQ but you leave out the cluefull parts of the FAQ so this is one that's important: How do I turn off phishing protection or typo correction? If you want to use OpenDNS but do not want phishing protection and/ or typo correction, you may ask us to disable that protection for you. Currently, setting these preferences requires an OpenDNS team member. In the future, you may manage this preference yourself, if registered. Registration will be free, and not required to use the service. This preference will be offered first for members with a static IP address, and then for those with dynamic IP addresses. So if you want standard NXDOMAIN, that's fine. Happy to do it. Different strokes for different folks. That's the whole idea. We're not new at this, or looking to make a quick buck by annoying you with ads. I recommend giving it a try and letting me know your thoughts. The idea of both building an intelligent recursive dns server and a recursive DNS service are both a long time in the making and make a lot of sense. Perhaps we can work on our messaging to more technical audiences. :-) Best, David Ulevitch From their FAQ: -- Why is OpenDNS smarter? We fix typos in the URLs you enter whenever we can. For example, if you're using OpenDNS craigslist.og will lead directly to craigslist.org.If we're not sure what to do with an error, we provide search results for you to choose from. How does OpenDNS make money? OpenDNS makes money by offering clearly labeled advertisements alongside search results on error pages. OpenDNS will provide additional services on top of its enhanced DNS service. ---
Re: Sitefinder II, the sequel...
Gerry, I sat on the Security and Stability committee for ICANN and was part of the folks that reviewed SiteFinder. OpenDNS is not SiteFinder; Give them a try, the DNS resolution is blazing fast and they do fix up the most common typos. One thing massively different between openDNS and SiteFinder is that you have choice -- the choice to use them. IMHO many will choose to use OpenDNS because it is fast and can offer protections you just can't get from running your own resolver. best, -rick Gerry Boudreaux wrote: It is not VeriSign this time. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. From their FAQ: -- Why is OpenDNS smarter? We fix typos in the URLs you enter whenever we can. For example, if you're using OpenDNS craigslist.og will lead directly to craigslist.org.If we're not sure what to do with an error, we provide search results for you to choose from. How does OpenDNS make money? OpenDNS makes money by offering clearly labeled advertisements alongside search results on error pages. OpenDNS will provide additional services on top of its enhanced DNS service. ---
Re: Fridays are always good for shock headlines...
On July 8, 2006 at 03:04 [EMAIL PROTECTED] (Fergie) wrote: [snip] The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET News.com has learned. I say: Double-plus ungood! I guess they can mandate whatever in hell they want in the name of catching bad guys, anything. It should remind us why those obnoxious folks from the ACLU et al really need to have a more balanced influence. -b P.S. In a somewhat unrelated but amusing chapter from the Clear Thinking in Jurisprudence dept: The NY State Supreme Court last week tossed gay marriage as being compelled by the state's constitution. One of the reasonings shot down was the assertion that there is any problem with discrimination because the result forbids both straights and gays from marrying same-sex, thus the result is non-discriminatory. I'll admit there may be arguments to be made on both sides but...WHEW!
Re: Sitefinder II, the sequel...
* [EMAIL PROTECTED] (Mark Jeftovic) [Mon 10 Jul 2006, 15:55 CEST]: I think the openDNS approach is far different from the Verisign sitefinder debacle if only for the important reason that using openDNS is voluntary and using sitefinder wasn't. Correct. OpenDNS is not abusing a monopoly position here. Also, sitefinder created a wildcard DNS record where none existed before, breaking all kinds of applications in the process, openDNS doesn't do this. Wrong. Asking their big caching nameserver for gibberish returns IN A 208.67.219.40 instead of NXDOMAIN. Same breakage occurs, although they return NXDOMAIN instead of NOERROR when queried about MX or records, so ironically damage for IPv6-enabled applications is limited. They seem to be using Yahoo! as search engine there. 220 reject.opendns.com - OpenDNS Mail Rejection Service 1.2 (No mail accepted here) Remind you of anything - what was it called, chuck? It's already broken. So at the end of the day, people are FREE to decide what resolvers to use and whoever comes along to offer their idea of value adds can go right ahead without borking the internet. Several people have eloquently expressed why creating different views of a global namespace is a bad idea before on this mailing list. Personally I think openDNS is an idea whose time has come and that Dave Ulevitch and is crew are going to hit one out of the ballpark with this. Have you switched your company over yet? Regards, -- Niels.
Re: Sitefinder II, the sequel...
Personally I think openDNS is an idea whose time has come and that Dave Ulevitch and is crew are going to hit one out of the ballpark with this. Have you switched your company over yet? yes, and the thing that pisses me off, is that it does seem faster. -rick
Re: Sitefinder II, the sequel...
* [EMAIL PROTECTED] (Rick Wesson) [Mon 10 Jul 2006, 21:08 CEST]: Personally I think openDNS is an idea whose time has come and that Dave Ulevitch and is crew are going to hit one out of the ballpark with this. Have you switched your company over yet? yes, and the thing that pisses me off, is that it does seem faster. With 170ms to their resolvers I doubt it'll be much of an improvement for me... -- Niels.
Net Neutrality Legislative Proposal
Hello folks, please consider endorsing this legislative proposal on net neutrality. It's a bit different from the others you may have heard of . . . http://www.dpsproject.com This bill focuses on net neutrality in terms of the IP protocol, rather than the equal treatment and nondiscrimination application-layer policy approaches you usually hear about. One of the Intro pages from the site above, and the legislative Language, are pasted below. Coverage on Infoworld: http://www.infoworld.com/article/06/06/20/79453_HNnetneutrality_1.html David Weinberger on Stevens and a Commentary by David Reed: http://www.hyperorg.com/blogger/mtarchive/sen_stevens_and_david_reed_on.html Here's a link to a research paper by Dave Clark, et al. that identifies the IP protocol as the spanning layer that assures innovation across hardware and protocols: http://www.isi.edu/newarch/iDOCS/final.finalreport.pdf Seth Johnson --- http://www.dpsproject.com/twotypes.html Two Types of Neutrality So far, much of the argument over net neutrality has been over whether service providers should be allowed to favor one application, destination or Internet service over another. This is Net neutrality at the application layer. But the real issue is the neutrality of the IP layer where routers treat alike bits from every type of application. This neutrality is what makes the Internet flexible -- while it also assures uniform treatment of information flow. If this neutrality is not maintained, the Internet will be changed fundamentally. It will no longer be the flexible, open platform that allows anyone with a good idea to compete on a level ground. IP-layer neutrality is not a property of the Internet. It is the Internet. The Internet is a set of agreements (protocols) that enable networks to work together. The heart of the Internet protocol is the agreement that all data packets will be passed through without regard to which application created them or what's inside of them. This reliable, uniform treatment of packets is precisely what has made the Internet a marketplace of innovation so critical to our economy. Providers certainly should be allowed to develop services within their own networks, treating data any way they want. But that's not the Internet. If they want to participate in the Internet, they need to follow the protocols that have been developed over the course of more than thirty years through consensus standards processes. Nor should they be permitted to single-handedly subvert the authority of the processes that have developed and maintained the Internet. We call on Congress to end the confusion and protect not only the Internet but the tens of millions of American citizens who need to know that when they buy Internet access, they're getting access to the real Internet. Network providers who offer services that depend on violating IP-layer neutrality should be prohibited from labeling those services as Internet, as their doing so will only undermine the weight of consensus authority presently accorded to the existing standards. The term Internet represents specific standards that provide IP-layer neutral connectivity that supports the openness of access and innovation that have been the defining characteristics of the Internet since its origins. To that end, we present the attached draft legislative language and call for concerned citizens and members of Congress to offer their support for passing it into law. --- http://www.dpsproject.com/legislation.html SECTION 1. SHORT TITLE. This Act may be cited as the Internet Platform for Innovation Act of 2006. SEC. 2. FINDINGS. The Congress finds the following: (1) The Internet is the most successful means of communication ever developed, connecting people of all walks of life across the globe and enabling unprecedented flexibility in applications and unfettered exchange of information and ideas. (2) The success of the Internet is built on the establishment of certain commonly observed principles of practice, expressed in Internet protocols, governing the manner in which transmissions are exchanged. Interoperation among competing Internet providers on the basis of these principles assures that the Internet remains a generic, flexible platform that supports innovation and free expression. (3) This flexible platform, commonly referred to as the IP layer of the Internet, enables users to independently develop innovative applications by devising rules and conventions describing how information transmitted between connected users will be interpreted in order to serve diverse purposes. The vast collection of applications that have been freely created in this manner is commonly referred to as the application
Re: Sitefinder II, the sequel...
Niels Bakker wrote: Also, sitefinder created a wildcard DNS record where none existed before, breaking all kinds of applications in the process, openDNS doesn't do this. Wrong. Asking their big caching nameserver for gibberish returns IN A 208.67.219.40 instead of NXDOMAIN. Same breakage occurs, although they return NXDOMAIN instead of NOERROR when queried about MX or records, so ironically damage for IPv6-enabled applications is limited. I stand corrected, however this is not as big a deal as when sitefinder did it because as we've both observed, this is voluntary. If using this breaks your application, don't have your application use it, with sitefinder you didn't have the choice. For it's target market: end user DNS resolution, the side effects will be minimal if anything. Several people have eloquently expressed why creating different views of a global namespace is a bad idea before on this mailing list. I don't consider this a different view of the global namespace. If they decide to add ORSC root glue or New.net domains then it'll be a different view of the global namespace. Hopefully they wouldn't be that reckless. Have you switched your company over yet? They way we run our applications doesn't lend itself to using it (it's that choice thing again), but I've got a few workstations using it and one of my laptops. It's also a handy offsite resolver to use to check DNS settings from outside our own cloud. We also get asked our members if there is a viable resolver they can use and we'll be happy to recommend this. -mark -- Mark Jeftovic [EMAIL PROTECTED] Founder President, easyDNS Technologies Inc. ph. +1-(416)-535-8672 ext 225 fx. +1-(866) 273-2892
Re: Net Neutrality Legislative Proposal
On Mon, 10 Jul 2006 15:25:55 EDT, Seth Johnson said: (2) Any person engaged in interstate commerce that charges a fee for the provision of Internet access must in fact provide access to the Internet in accord with the above definition, regardless whether additional proprietary content, information or other services are also provided as part of a package of services offered to consumers. So how does all this mumbo-jumbo square up with the common practices of blocking SMTP and the 135-139/445 ports to protect your own infrastructure from the mass of malware that results if you don't block it? And does this mean that my Verizon DSL isn't 'The Internet' because the customer side of the modem hands me a DHCP address in RFC1918 space? For bonus points - is the DSL *still* not the Internet if I bring my own DSL modem or hand-configure the DSL one to mitigate the effects of NAT brain damage? What percentage of cable and DSL access is an unfair or deceptive act per the definition of this? pgpaSW3THz4XI.pgp Description: PGP signature
Re: Fridays are always good for shock headlines...
I apologize, my note (appended below) was intended for another list which was also discussing this article. I hope no one was seriously injured. -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo* On July 10, 2006 at 13:54 [EMAIL PROTECTED] (Barry Shein) wrote: On July 8, 2006 at 03:04 [EMAIL PROTECTED] (Fergie) wrote: [snip] The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET News.com has learned. I say: Double-plus ungood! I guess they can mandate whatever in hell they want in the name of catching bad guys, anything. It should remind us why those obnoxious folks from the ACLU et al really need to have a more balanced influence. -b P.S. In a somewhat unrelated but amusing chapter from the Clear Thinking in Jurisprudence dept: The NY State Supreme Court last week tossed gay marriage as being compelled by the state's constitution. One of the reasonings shot down was the assertion that there is any problem with discrimination because the result forbids both straights and gays from marrying same-sex, thus the result is non-discriminatory. I'll admit there may be arguments to be made on both sides but...WHEW!
Re: Sitefinder II, the sequel...
On Mon, Jul 10, 2006 at 09:06:20AM -0700, Rick Wesson [EMAIL PROTECTED] wrote a message of 49 lines which said: OpenDNS is not SiteFinder; Give them a try, the DNS resolution is blazing fast For the typical NANOGer, yes, but remember that the Internet is larger than that. From France, the RTT is very poor (more than 200 ms), whatever the speed of their application.
OT: Re: Fridays are always good for shock headlines...
On Jul 10, 2006, at 12:54 PM, Barry Shein wrote: The NY State Supreme Court last week tossed gay marriage as being compelled by the state's constitution. One of the reasonings shot down was the assertion that there is any problem with discrimination because the result forbids both straights and gays from marrying same-sex, thus the result is non- discriminatory. I'll admit there may be arguments to be made on both sides but...WHEW! The counter-argument to that is that it DOES unfairly restrict, based on gender, the question of who can marry a female or who can marry a male. But that topic veers widely off-topic, and any future discussion of it should probably find a new home. Cheers, D -- Derek J. Balling Manager of Systems Administration Vassar College 124 Raymond Ave Box 0406 - Computer Center 217 Poughkeepsie, NY 12604 W: (845) 437-7231 C: (845) 249-9731
Re: Net Neutrality Legislative Proposal
The proposal is designed to straighten out the current misguided discourse on NN, which actually would end up ending NN either way -- the pro-NN legislative proposals would essentially say similar applications need to be treated the same, thereby authorizing the breaking of the separation of layers. Our point is, as I think you see, that the merits of the Internet's design are for application flexibility as provided by the nature if the transport, and this design needs to be recognized in policy that intends to enforce neutrality, because that design will be lost as a result of the current discussion. Many observe that present practices already block or disfavor certain applications. We want those practices to be the substance of the discussion, and the discussion should be on the right basis. The proposal is designed to accomplish that (and we believe we have already had that effect -- Snowe and Dorgan may have modified their amendment to the Stevens Bill, withdrawing their original proposal and introducing a simple additional principle to the FCC's list, in response to the concerns we expressed that they would unintentionally actually end up ending NN. And, while common carrier is not necessarily the only solution, we think that the consumer groups pursuing NN settled on a position of going back to common carrier a la Internet II as a result of the concerns we raised). A lot of times, we've found many people looking at NN in more deterministic or behavioral terms, as in rules about practices that network providers must obey. The thing to get about this proposal is that if it passed, the result is really to preserve and separate the standards. If everybody proceeded to offer the same services, with little tiny asterisked notices in their advertising that this is not Internet per US Code XXX we'd still achieve the critical outcome. We think it's the right position to present, and it's critical that it be presented now. Of course, we can't exactly fault people who are engaged in the discussion at the level of what existing practices are. NANOG folks would either sign out of simple dedication end-to-end purity, or knowing that starting from this place, other issues will be addressed appropriately. And note, it is designed not to legislate engineering -- only to say that what may be called Internet needs to actually follow the standard, described here in abstract terms in terms of the router behavior. This preserves the standards against their being trumped by incumbents who are asserting they can go ahead and offer priced, tiered services, and against letting local peering policies of certain incumbents (or port blocking practices of consumer internet, etc.) from gaining priority due to their position in the market. Seth [EMAIL PROTECTED] wrote: On Mon, 10 Jul 2006 15:25:55 EDT, Seth Johnson said: (2) Any person engaged in interstate commerce that charges a fee for the provision of Internet access must in fact provide access to the Internet in accord with the above definition, regardless whether additional proprietary content, information or other services are also provided as part of a package of services offered to consumers. So how does all this mumbo-jumbo square up with the common practices of blocking SMTP and the 135-139/445 ports to protect your own infrastructure from the mass of malware that results if you don't block it? And does this mean that my Verizon DSL isn't 'The Internet' because the customer side of the modem hands me a DHCP address in RFC1918 space? For bonus points - is the DSL *still* not the Internet if I bring my own DSL modem or hand-configure the DSL one to mitigate the effects of NAT brain damage? What percentage of cable and DSL access is an unfair or deceptive act per the definition of this? - Part 1.2Type: application/pgp-signature -- RIAA is the RISK! Our NET is P2P! http://www.nyfairuse.org/action/ftc DRM is Theft! We are the Stakeholders! New Yorkers for Fair Use http://www.nyfairuse.org [CC] Counter-copyright: http://realmeasures.dyndns.org/cc I reserve no rights restricting copying, modification or distribution of this incidentally recorded communication. Original authorship should be attributed reasonably, but only so far as such an expectation might hold for usual practice in ordinary social discourse to which one holds no claim of exclusive rights.
Re: Net Neutrality Legislative Proposal
Based on this link . . . http://abcnews.go.com/Technology/ZDM/story?id=2138772 . . . it would appear that we were successful in correcting the language of the amendment that Snowe and Dorgan presented: Senators Olympia Snowe (R-Maine) and Byron Dorgan (D-N.D.) proposed an amendment to the bill to ensure fair treatment of all Internet content. The amendment incorporated the following non-discriminatory principle: to promote broadband deployment, and presence and promote the open and interconnected nature of the Internet, a broadband service provider shall not discriminate Internet traffic based on source, ownership, or destination of such traffic as part of any publicly available Internet offering. It was defeated in the Committee with a tie vote of 11-to-11. This language is much, much better than what they originally had. When HR 5217 came out of the House Judiciary Committee, we quickly put out word that all the existing NN proposals, both House and Senate side, would actually end net neutrality if they were passed (less conveniently for the broadband providers than what they were saying they wanted to do, but just as certainly) (HR5273[Markey], HR5417[Sensenbrenner], S2360[Wyden] and S2917[Snowe]). They all basically came down to saying applications, content and services were to be either treated equally or non-discriminatorily -- meaning, break the separation of layers by identifying applications that would be treated the same. We recruited support for the legislative proposal at http://www.dpsproject.com and blitzed people both in the movement actively in motion and on the Hill with it, saying they would end net neutrality, that this was the right definition, and using the line: Packets, not Applications, Content and Services. During the markup for the Stevens Bill, Snowe and Dorgan withdrew their original language and introduced a new amendment, the full language of which I haven't yet found anywhere, but the language quoted in the article above is indeed way better than what they had in their original Bill. Nothing about applications, content or services. Just Internet traffic and source, ownership or destination of such traffic. My remaining concern is whether not discriminat[ing] Internet traffic on the given bases is clear enough. The NN movement and its legislative sponsors now seem to be talking the right language. We seem to have been quite successful. We still have to watch to see what language comes out as the Steven Bill progresses. I still haven't seen the actual amendment that was presented during the markup for the Stevens Bill. Seth Seth Johnson wrote: The proposal is designed to straighten out the current misguided discourse on NN, which actually would end up ending NN either way -- the pro-NN legislative proposals would essentially say similar applications need to be treated the same, thereby authorizing the breaking of the separation of layers. Our point is, as I think you see, that the merits of the Internet's design are for application flexibility as provided by the nature if the transport, and this design needs to be recognized in policy that intends to enforce neutrality, because that design will be lost as a result of the current discussion. Many observe that present practices already block or disfavor certain applications. We want those practices to be the substance of the discussion, and the discussion should be on the right basis. The proposal is designed to accomplish that (and we believe we have already had that effect -- Snowe and Dorgan may have modified their amendment to the Stevens Bill, withdrawing their original proposal and introducing a simple additional principle to the FCC's list, in response to the concerns we expressed that they would unintentionally actually end up ending NN. And, while common carrier is not necessarily the only solution, we think that the consumer groups pursuing NN settled on a position of going back to common carrier a la Internet II as a result of the concerns we raised). A lot of times, we've found many people looking at NN in more deterministic or behavioral terms, as in rules about practices that network providers must obey. The thing to get about this proposal is that if it passed, the result is really to preserve and separate the standards. If everybody proceeded to offer the same services, with little tiny asterisked notices in their advertising that this is not Internet per US Code XXX we'd still achieve the critical outcome. We think it's the right position to present, and it's critical that it be presented now. Of course, we can't exactly fault people who are engaged in the discussion at the level of what existing practices are. NANOG folks would either sign out of simple dedication end-to-end purity, or knowing that starting from this place, other issues will be addressed appropriately. And note, it is designed not to legislate engineering --
Re: Sitefinder II, the sequel...
On Mon, 10 Jul 2006, Gerry Boudreaux wrote: It is not VeriSign this time. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. hurrah :( cause obviously everything in the world using dns is a browser? :( As a note, some other folks do this as well: www.paxfire.com nominum perhaps as well? :( Seems really, really dumb to me, since everything is NOT (surprised?) a web browser :( I wonder what happens when it tries to correct my enum dns requests? Be cautious that some largish provider's dns cache's might be doing this as well 'soon' despite engineering folks saying 'gosh that seems like a very poor plan...' :( 'fun'!
Best practices inquiry: filtering 128/1
Sometimes earlier this year someone announced this 128/1 and caused heavy loading to our routers to rebuild the CEF. Would anyone filter out this route (and other similar routes such as 0/1, 128/1, 0/2, 64/2, up to /4, for example) as bogus routes? Thanks. --yf
RE: Sitefinder II, the sequel...
Title: RE: Sitefinder II, the sequel... Nice troll. -Original Message- From: Gerry Boudreaux [mailto:[EMAIL PROTECTED]] Sent: Mon Jul 10 06:45:33 2006 To: [EMAIL PROTECTED] Subject: Sitefinder II, the sequel... It is not VeriSign this time. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. From their FAQ: -- Why is OpenDNS smarter? We fix typos in the URLs you enter whenever we can. For example, if you're using OpenDNS craigslist.og will lead directly to craigslist.org.If we're not sure what to do with an error, we provide search results for you to choose from. How does OpenDNS make money? OpenDNS makes money by offering clearly labeled advertisements alongside search results on error pages. OpenDNS will provide additional services on top of its enhanced DNS service. ---
Re: Sitefinder II, the sequel...
Christopher L. Morrow wrote: :( Seems really, really dumb to me, since everything is NOT (surprised?) a web browser :( I wonder what happens when it tries to correct my enum dns requests? Be cautious that some largish provider's dns cache's might be doing this as well 'soon' despite engineering folks saying 'gosh that seems like a very poor plan...' :( 'fun'! All of the arguments I've heard against this idea today apply well and good to the context of a sitefinder, but the simple fact that this is an application oriented enhancement to DNS resolvers fall on deaf ears. David has already responded that people can configure their resolver service to return NXDOMAINs instead and nobody here has acknowledged it. The more I see people laugh at this, the more I'm convinced this idea has legs. (and if anybody is wondering, I have no affiliation with it.) I just see a lot of the grief caused by phishers, and alot of the spam crap sites clogging the net and it's nice to see somebody taking a fresh approach, doing something about it and adding another avenue of mitigation to the equation. -mark (P.S. One of the reasons I'm behind this so much is because David has been a long time participant in the DNSbl.org project and I know he's a white hat DNS guy trying to fight the good fight, so when I look at this project, I see Dave's track record behind it.) -- Mark Jeftovic [EMAIL PROTECTED] Founder President, easyDNS Technologies Inc. ph. +1-(416)-535-8672 ext 225 fx. +1-(866) 273-2892
Re: Sitefinder II, the sequel...
On Jul 10, 2006, at 10:47 AM, David Ulevitch wrote: On Jul 10, 2006, at 6:44 AM, Gerry Boudreaux wrote: For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. I'm happy to answer any and all questions off-list but I want to point out one aspect that hasn't quite been messaged correctly. A big point being missed is the addition of if you want. We have written this as a recursive dns service that can do different things to different IPs. You quote from our FAQ but you leave out the cluefull parts of the FAQ so this is one that's important: How do I turn off phishing protection or typo correction? If you want to use OpenDNS but do not want phishing protection and/or typo correction, you may ask us to disable that protection for you. Currently, setting these preferences requires an OpenDNS team member. In the future, you may manage this preference yourself, if registered. Registration will be free, and not required to use the service. This preference will be offered first for members with a static IP address, and then for those with dynamic IP addresses. So if you want standard NXDOMAIN, that's fine. Happy to do it. Different strokes for different folks. That's the whole idea. We're not new at this, or looking to make a quick buck by annoying you with ads. I recommend giving it a try and letting me know your thoughts. The idea of both building an intelligent recursive dns server and a recursive DNS service are both a long time in the making and make a lot of sense. Perhaps we can work on our messaging to more technical audiences. :-) Best, David Ulevitch I stand corrected. After reading further, it does appear to provide a useful service that many will find meets/exceeds their needs.. Thanks
Re: Best practices inquiry: filtering 128/1
On Jul 10, 2006, at 9:48 PM, WONG, Yuen-Fung wrote: Sometimes earlier this year someone announced this 128/1 and caused heavy loading to our routers to rebuild the CEF. Would anyone filter out this route (and other similar routes such as 0/1, 128/1, 0/2, 64/2, up to /4, for example) as bogus routes? Would anyone not filter those routes? Why wouldn't you filter to /7? Actually, I take that back. Why wouldn't you just get a feed from Cymru http://www.cymru.com/Bogons/index.html ?? -- TTFN, patrick
Re: Best practices inquiry: filtering 128/1
On Jul 10, 2006, at 10:18 PM, [EMAIL PROTECTED] wrote: On Mon, 10 Jul 2006 22:00:11 EDT, Patrick W. Gilmore said: On Jul 10, 2006, at 9:48 PM, WONG, Yuen-Fung wrote: Sometimes earlier this year someone announced this 128/1 and caused heavy loading to our routers to rebuild the CEF. Would anyone filter out this route (and other similar routes such as 0/1, 128/1, 0/2, 64/2, up to /4, for example) as bogus routes? Would anyone not filter those routes? Why wouldn't you filter to /7? Every growing season, a new crop of network engineers falls fresh from the tree, and must be picked up, polished, and clue imparted on the way to market. Well, then don't snip the most important clue in the post: Actually, I take that back. Why wouldn't you just get a feed from Cymru http://www.cymru.com/Bogons/index.html ?? :-) -- TTFN, patrick
Re: Best practices inquiry: filtering 128/1
Actually, I take that back. Why wouldn't you just get a feed from Cymru http://www.cymru.com/Bogons/index.html ?? Because you fear that their routers that distribute the feed could become own3d and used to cause a massive DoS by filtering out some networks? You asked. And I use their route feed. :-) I figure it a problem occurs, 1)I won't be the only one that has that problem 2)I'll hear about it on NANOG. I figure the minute risk is worth the conveniencethe chances of their routers getting 0wn3d are probably about the same as my routers getting 0wn3d. The chances of it happening aren't zero, but probably pretty small. Enough so that it sure beats editing the BOGON list manually! -Jerry
Re: Best practices inquiry: filtering 128/1
On Jul 10, 2006, at 10:56 PM, Jerry Pasker wrote: Actually, I take that back. Why wouldn't you just get a feed from Cymru http://www.cymru.com/Bogons/index.html ?? Because you fear that their routers that distribute the feed could become own3d and used to cause a massive DoS by filtering out some networks? Then use the static list, just be sure to update it frequently. You asked. And I use their route feed. :-) I figure it a problem occurs, 1)I won't be the only one that has that problem 2)I'll hear about it on NANOG. I figure the minute risk is worth the conveniencethe chances of their routers getting 0wn3d are probably about the same as my routers getting 0wn3d. The chances of it happening aren't zero, but probably pretty small. Enough so that it sure beats editing the BOGON list manually! I'd guess the Cymru team is less likely to be hax0r'ed. But that's just 'cause I'm afraid of them. (Especially if Rob's had coffee recently. Which means I'm always afraid of them. :) -- TTFN, patrick
APRICOT 2007 Call for Papers
Hi All. The APRICOT 2007 call for papers is now open, as per the following. Cheers, Jonny Martin APRICOT Program Committee --- Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) Bali, Indonesia 21st Feb - 2nd March 2007 http://www.2007.apricot.net Call for Papers The APRICOT 2007 Program Committee is now seeking contributors to the program. This is the main call for Presentations Tutorials before the final program is fixed. We would like to give people the opportunity to submit their proposals early and to encourage people in the Asia Pacific region who have not previously presented their work to do so. We are looking for people who would like to: * Offer a technical tutorial on an appropriate topic; and/or * Participate in the technical conference sessions as a speaker; and/or * Convene and chair a Birds of a Feather (BOF) session. CONFERENCE MILESTONES - Call for Papers Opens: 1 July 2006 Deadline for Speaker Submissions: 30 October 2006 First Draft Program Published: 15 November 2006 Final Program Published: 15 January 2007 PROGRAM MATERIAL APRICOT 2007 will be arranged into six operational streams, each of which will contain a number of conference tracks and related tutorials. This streamed approach is designed to foster operational communities within the Asia Pacific region. Each stream will take place in the same area providing opportunity for people do further discuss and network with peers. Streams for APRICOT 2007 are: 1. Routing Operations IPv4 and IPv6 Routing, APNIC Routing and IPv6 Technical SIG, MPLS, Backbone operations. 2. Services Operations DNS, VOIP, ENUM, IDN, IDC, content and other services, APNIC DNS SIG. 3. Security Operations NSP-Sec, DDoS, Security Operations, Anti-SPAM, Anti-Malware. 4. Internet Provider Relationships IXP Operations, Peering, APNIC IX SIG. 5. Access Technologies Wireless, WiMax, Metro Ethernet, DSL, Broadband access aggregation. 6. APNIC Stream APNIC's NIR, Database, Policy SIGs. TUTORIALS Tutorials are full-day workshops which focus on a particular subject in-depth. They may be presented by a single Instructor, or a team of instructors working together. Tutorial Instructors are encouraged to also sign up to be a Speaker in the Technical Conference Program as well. You can sign up to give a tutorial and/or conference session presentation by following the instructions at the end of this message for signing up as a speaker or instructor. Tutorial topics which have successful in the past, or have been requested for this year are: - Network security, IPSec, Auditing/Forensics, DDoS Mitigation, VoIP Security - Address planning, conservation, responsibility and migration to IPv6 - High performance IP backbone routing and management - BGP MultiHoming - MPLS - IPv6 implementation - Network planning, management and traffic engineering - Internet exchanges, construction, peering and collocation - Operations, NOC, Helpdesk and other support aspects - BIND, DNSSEC, Split Horizon DNS, and Reverse and multilingual DNS - Broadband first/last mile access technologies - Mobile and wireless technologies - Content, Applications, streaming and multimedia infrastructure - VoIP, Unified messaging, scaling e-mail infrastructure, Asterisk, etc. - Hosted Essential Services (mail, DNS, etc), Server scaling, Open source - Quantitative Analysis for Internet Public Policy The program committee will consider proposals for tutorials in any of these areas, and also in new areas. There will be two days of Tutorials. Tutorials last 1/2 day or a full day and can cater to beginner through to advanced audiences. Tutorial days are typically split into four 1.5 hour sessions. If you have an idea for a tutorial subject that is not listed, please feel free to submit it to us. TECHNICAL CONFERENCE SESSIONS The Main Conference Program for 2006 will be made up of two days, with three streams each day. In addition there will be a stream focused on local (Indonesian) internet issues. Each stream will consist of four 1.5 hour sessions, with each having three or four presentations. This allows 20-30mins per presenter. Sessions are chaired by persons of appropriate expertise in the subject matter of the session and will include ample time for questions from the audience. Successful presentations from past APRICOTs have covered topics relevant to current operational deployments or new technologies not yet in wide deployment. Proposals for conference presentations are invited for topics fitting into the six streams outlined above. If you would like to give a presentation at one or more of the sessions, follow the instructions at the end of this message for signing up as a speaker or instructor. CFP
Re: Best practices inquiry: filtering 128/1
On Mon, 10 Jul 2006 21:56:27 -0500 Jerry Pasker [EMAIL PROTECTED] wrote: Because you fear that their routers that distribute the feed could become own3d and used to cause a massive DoS by filtering out some networks? Someone in the NANOG community, I forget who now, had the sensible suggestion that you create a filter list based on the bogon list at the time you setup your feed. You use that to limit what you will accept from Cymru. Since bogon blocks will only get allocated, the worst that could happen is the breaking of a recently allocated bogon network. Even if you don't update your filter list for the next 5 years the damage is likely to be minimal. John
Re: Sitefinder II, the sequel...
I'll demur --- I don't much like it, for several reasons. The first is that it *does* present a different view of the One True Tree. I've been saying for years -- among other things, in the context of Sitefinder, alternate roots, and other things -- that the DNS was designed under the assumption that there's one namespace. Anything that presents different results will result in confusion. The second is the precedent that's set -- who gets to decide what zones are excluded from the tree? OpenDNS? Sure -- and to whom do they listen? Are any sites to be ruled out on political grounds? Ideological? Not today, sure, and (I assume) not by OpenDNS -- but what if some misguided legislature passes some law? Bear in mind that *by U.S. law*, libraries that receive federal funding *must* install certain kinds of filters. The third is that not all the world is a web site. I send email, do IM, ftp, ssh, SIP, imaps, pop3s, and assorted other weird protocols. (I'm having trouble doing SIP from my hotel tonight. I wonder if that's a coincidence. The server worked just fine from the IETF venue a few hours ago.) OpenDNS, like Sitefinder before it, is optimized for web users. A fourth is that most consumers don't have a realistic choice; they use whatever DNS server their ISP gives them. Furthermore, they have little choice of ISP. In the U.S., people are lucky if they have two choices, DSL from the local monopoly telco or cable modem service from the local monopoly cable TV company. You might not like the service; you may get it anyway. (Yes, I read their instructions how individuals can start using the service. I frankly don't believe that that will happen at a large enough scale to make a viable business.) This doesn't apply, of course, to corporate decisions regarding the employee experience, but that doesn't strike me as the market this is aimed at. (Their privacy policy appears decent, but I couldn't tell if they build up user profiles which they use for their ads. The Privacy Policy didn't seem to say, one way or another; the Terms of Service requires accurate registration instructions, which is sometimes done for profile-based advertising. I can't tell, nor do I know what they can or can't look our mothers in the eye about, to use their phrase.) Fifth, the service doesn't work properly in the presence of DNSsec. They can't return proper NXT records, nor can they realistically sign their own responses except for certain *very* common typos. Yes, this is better than Sitefinder, because it's not forced on the entire Internet. However, it shares many of the same flaws.
Re: Sitefinder II, the sequel...
On Jul 10, 2006, at 11:40 PM, Steven M. Bellovin wrote: I'll demur --- I don't much like it, for several reasons. [SNIP - several good points.] Yes, this is better than Sitefinder, because it's not forced on the entire Internet. However, it shares many of the same flaws. I'm not going to use the service either, but for different reasons than you state. And it does have many of the same flaws as Sitefinder. But Sitefinder had only one fatal flaw: The Lack Of Choice. Obviously that flaw is not shared. Of course, everyone should feel free to espouse their opinions on the service, and use it or not, and try to persuade others to use it or not. But just like any other service, software, protocol, or other _optional_ choice in running your network (or home computer), we will just have to let the market decide. Chances are, there's enough Internet to go around for everyone, whether they use the service or not. -- TTFN, patrick
Re: Best practices inquiry: filtering 128/1
I'd guess the Cymru team is less likely to be hax0r'ed. But that's just 'cause I'm afraid of them. (Especially if Rob's had coffee recently. Which means I'm always afraid of them. :) Muahaha! :) -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);
