Re: unwise filtering policy from cox.net
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 20, 2007, at 6:21 PM, [EMAIL PROTECTED] wrote: (I'm sure many readers of the list know *that* feeling - you found and fixed the problem before the first complaint arrives, but you still get deluged by more complaints for another week or so...) Or another 6 months from AOL ;-] Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iD8DBQFHQ4qaElUlCLUT2d0RAsjwAKDaurQh7y7hQq2MSs8vMQqSvk7zlgCgwETG +Xd6FcNqrBq1sYyrylWNtAc= =Lg9j -END PGP SIGNATURE-
Re: AOL Postmaster issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 19, 2007, at 10:33 AM, Drew Weaver wrote: Our abuse department has been receiving e-mails daily with our feedback loop with AOL about e-mails which were 'supposedly' sent about a year ago. Does this mean that A) the message was sent almost year ago but was not read and marked as spam until today? Or b) the abuser is changing the date on the mail server which is messing with their means of reporting it in their feedback loops? (the second one doesn't seem likely, but if it is the case we would like to kick this guy off of our network...) Most likely this is A. One of the many very frustrating things about the AOL feedback loop. Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHQb+rElUlCLUT2d0RAhM2AKCxvAt9MR5N2Vj7PkLGSwBCuB2ZigCfeWXq 9ETvC9yd5US/BV5+0QsQre4= =KHBQ -END PGP SIGNATURE-
Re: Researchers ping through first full 'Internet census' in 25 years
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Oct 12, 2007, at 12:50 AM, Roy wrote: I guess no one told them that someone might consider this an attack? You can't consider every wacko on the net when doing something like this. Anyone who considers a ping an attack probably isn't worth worrying about. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHD3eTElUlCLUT2d0RAmyaAKCjU8XWlNEb7PWuWY+zz7nYc9LCBACgrp/r pPnxCKmRAwm1No9pMOGT3YI= =/0ak -END PGP SIGNATURE-
Re: NAT Multihoming
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jun 3, 2007, at 4:19 PM, Simon Leinen wrote: You write when rather than if - is ignoring reasonable TTLs current practice? Definitely. We've seen 15 minute TTLs regularly go 48 hours without updating on Cox or Comcast's name servers. I believe the most I've seen was 8 days (Cox). Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGYzdMElUlCLUT2d0RArCzAJ4rqL4eWxMzswEwibiZfYIk43bvpwCaA8Ix UkBbPlRGOiuL+6RSPZoNR7c= =TmiM -END PGP SIGNATURE-
Re: Abuse procedures... Reality Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 9, 2007, at 1:49 PM, John L wrote: I don't have PI space, but I do have a competent ISP so I've never had any mail problems due to adjacent addresses. Having a competent ISP isn't a guarantee of exemption...only a contributor. As evidenced by the discussion, some people choose the scope of their wrath arbitrarily. Nothing is a guarantee of exemption from a sufficiently perverse or hostile email administrator, but being in the middle of a well managed /20 works pretty well for me. Well, well managed to me would mean that allocations from that /20 were SWIPed or a rwhois server was running so that if any of those 4,000 IP addresses does something bad you don't get caught in the middle. Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGo9KElUlCLUT2d0RArewAKCRHTeEN9tMOvvfH6/cql6ua81qAwCg2eqd jVGT9wUPV2hRItrA3+tp5n0= =M3YG -END PGP SIGNATURE-
Re: Abuse procedures... Reality Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 9, 2007, at 3:41 PM, Pete Templin wrote: Chris Owen wrote: Well, well managed to me would mean that allocations from that / 20 were SWIPed or a rwhois server was running so that if any of those 4,000 IP addresses does something bad you don't get caught in the middle. Due diligence with SWIP/rwhois only means that one customer is well documented apart from another. As this thread has highlighted, some people filter/block based on random variables: the covering / 24, the covering aggregate announcement, and/or arbitrary bit lengths. If a particular server is within the scope of what someone decides to filter/block, it gets filtered or blocked. Good SWIPs/rwhois entries don't mean jack to those admins. Well it means something to me. I'm not one for widely cast blacklists but for something like a series of IP addresses all spewing spam from I will often put temporary /24 filters in place if I'm unable to determine exactly where the actual block boundaries are. If the addresses are SWIPed/rwhois then that is much easier and there is no need for such a wide net. Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGrCbElUlCLUT2d0RAtbYAJ9T4nFgTeFyUJ2q2uMGPjQYizk4CwCg1Vx4 b+HHAd8UgvH9sNvFHGHo+fY= =WhjM - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGrIOElUlCLUT2d0RAjEPAKDCcQyFlkC/6DC8jdIbsKFIC1bO5ACgyUk6 GOHudBwokEt56tglHnrpYV8= =00rY -END PGP SIGNATURE-
Re: Abuse procedures... Reality Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 7, 2007, at 4:20 PM, Frank Bulk wrote: Sure, block that /29, but why block the /24, /20, or even /8? Perhaps your (understandable) frustration is preventing you from agreeing with me on this specific case. Because what you usually see is an IP from a /20 or larger and the network operators aren't dealing with it. In the example I gave it's really the smaller /29 that's the culprit, it sounds like you want to punish a larger group, perhaps as large as an AS, for the fault of smaller network. Well it sounds like the original poster is trying to punish the network operator by intentionally blocking innocent bystanders and therefore causing them grief so if that is your goal then a /24 seems like a decent arbitrary size. You are mostly sure you won't block across providers that way at least. However, even if this isn't your goal it can be really hard sometimes to have any clue how big a netblock is for a particular IP address. ARIN may make small folks like us jump through hoops but apparently this isn't true for larger providers. We often run into abuse from IP addresses (or a range of addresses) where there is no rwhois sever and the entire /19 or larger is SWIPed as a single netblock. I've seen some really, really large blocks with absolutely no sub- delegation when clearly the addresses are sub-delegated. We will often temporary block a /24 on email blacklists for instance. When you're getting pounded from a range of 30 or 50 IP addresses and can't get any response from the upstream then it is farily obvious they are less than white hat so we're willing to live with the collateral damage. Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGA6nElUlCLUT2d0RAkWzAJ4mjXT5gwB0psG7e/YhmzUcFXhksgCgyx2g 5VDgB0KMLyMFIdVzrPaPGJI= =E5xl -END PGP SIGNATURE-
Re: Abuse procedures... Reality Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 7, 2007, at 11:00 PM, Fergie wrote: I would think that it's actually very easy to do when sub-allocations are SWIP'ed. Not that I'm really defending this policy, but sub-allocations are very often not SWIPed. I'd say 75% or more of the time I'm looking a problem IP address it is part of a /19 or larger block with no sub- allocation. For example, I know for a fact that 70.167.38.132 is part of a netblock assigned to a business (I believe it is a /28 or /27). It is routed to them over a DS1 or similar cable equivalent. They run a handful of servers behind including public hosting a half dozen corporate web sites and a mail server. Clearly these addresses have been assigned to this business. Yet: [EMAIL PROTECTED]:~$ whois 70.167.38.132Cox Communications Inc. NETBLK-COX- ATLANTA-10 (NET-70-160-0-0-1) 70.160.0.0 - 70.191.255.255 Cox Communications Inc. NETBLK-WI-OHFC-70-167-32-0 (NET-70-167-32-0-1) 70.167.32.0 - 70.167.63.255 No rwhois server available. And Cox is actually better than some. That's only a /19. I've seen much larger blocks than this. Somehow I doubt if we pulled that with our /20 I doubt we'd have a /19 now. Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGCmzElUlCLUT2d0RAo2fAJwPXyy6LldTs7hEwHH+KkJ9fF9EewCfTyIf 0BHI2gDJX/s3FuZlLWkWwiM= =l33X -END PGP SIGNATURE-
Re: Abuse procedures... Reality Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 7, 2007, at 11:41 PM, Fergie wrote: Please read what I wrote: I would think that it's actually very easy to do when sub-allocations are SWIP'ed. I cannot, and will not, presuppose that in cases when they are not SWIP'ed that some kind of magic happens. :-) And how do you know the difference? The Cox IP address is SWIPed. Its even sub-allocated. The allocation is just a /19. Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGC0QElUlCLUT2d0RAsmbAJ4i/YNj7vypKJ0Zv/7ajWIGdpwvbgCdECZB v+FoC+s1TRkdkSBZMzEYU94= =6CPl -END PGP SIGNATURE-
Re: Abuse procedures... Reality Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 8, 2007, at 2:51 AM, Fergie wrote: Again, a simple recursive WHOIS will show you sub-allocations if they are properly SWIP'ed. Define properly. The Cox addresses in my example are SWIPed. Are they properly SWIPed? How could you tell from whois? Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGFnSElUlCLUT2d0RAgfPAJsFe0V9tA67MDWwD3kcrNoVgNZF6wCdHdXT 5R0SMgRJdH176EvlkhIqNZE= =ZYal -END PGP SIGNATURE-
Re: Blocking mail from bad places
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 3, 2007, at 12:19 PM, Thomas Leavitt wrote: The current situation with email is flat out insane. There is no other way to describe it. I'd agree that the situation is bad but certainly not uncontrollable. We've had very good success keeping spam in check with a number of technologies while not really having too many problem with false positives. The last 6 months have been particularly nice. About that time we expanded our greylisting policy and that alone has made a dramatic difference. At one point before doing any greylisting we were accepting about 500,000 messages a day and delivering about 30,000. Now we accept about 80,000 and deliver about 25,000. That's a much, much more reasonable ratio. Really I don't think we are being very aggressive with our greylisting either. We currently greylist IP addresses on a handful of RBLs and ones that lack valid reverse DNS. The greylist only applies for 5 minutes and then we allow the mail through. That 5 minutes though makes all the difference in the world. We've had 2-3 senders complain (mostly about invalid reverse DNS) but really I'm fine with fix your shit for an answer to those people. If they can't then they can just wait the 5 minutes with all the other unwashed. Will spammers adapt? Sure. We've already seen stock spammers who are retrying at 5 minutes to the second. However, this is one of those issues where the cost of adapting may just be to high most of the time. Probably easier to just go after the weaker targets. My other theory on this is that if spammers really do adapt to greylisting, then they will have no choice but to actually start caring about bounces and clean their mailing lists. If they don't then they just won't be able to keep up with all the queued mail. Getting them to clean up their lists in itself would be a more than minor victory. Chris Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc www.hubris.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGEpLRElUlCLUT2d0RAtDVAKCilqRm5LlGOu0z19Z+5PyWLA2QSgCfas+A bCbab8uLdYtPG9XT7FgbPBM= =U9Nw -END PGP SIGNATURE-
Re: SaidCom disconnected by Level 3 (former Telcove property)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mar 16, 2007, at 6:59 PM, Mike Hammett wrote: Some locations are just too cost prohibitive to multihome, but that really is a select few. It isn't just cost but can be path diversity (or lack thereof). We used to be headquartered 210 miles from civilization. We had a choice of providers and could have multihomed. However, the only realistic way for any of those providers to get to us would have been Bell frame relay. Since by far the most likely point of failure was the last mile (which was 210 miles), we made a decision that actually multihoming wasn't a good use of resources. We instead went with a good quality regional provider who was themselves multihomed. Now clearly there were cases where that wouldn't have any good but given the remoteness it just seems most likely that anything that took out one provider would have taken the other one as well. Now this case we are discussing is probably the exception to our assumptions but we had a much better provider at the time than Level3 ;-] From the sounds of the original post I wouldn't be too surprised if it was also fairly remote. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFF+zOWElUlCLUT2d0RAtwLAJ9esOECOSbeXOpPhPbEL3A9vmbJ5wCfWgnU Dd4lEmIoaMtPCRU9WXJRSVo= =wxdX -END PGP SIGNATURE-
Re: what the heck do i do now?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 1, 2007, at 6:44 AM, Rich Kulawiec wrote: chuckle Perhaps you should list (in the zone) all IP addresses which are repeatedly querying the zone -- after announcing this policy, of course. ;-) Actually, looking at that list it looks like many of those addresses (including the top vote getter) are just someone's caching proxy. Probably wouldn't hurt much since those machines probably aren't relaying mail but it also wouldn't have the effect you are looking for. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (Darwin) iD8DBQFFwgT0ElUlCLUT2d0RAouSAKCADcqbnww+XbOkAriKDq3bz/gaPgCdEmS5 wrNkoPMJQ9gux5dcEQMcLQ4= =/CCE -END PGP SIGNATURE-
Re: what the heck do i do now?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jan 31, 2007, at 9:16 PM, Mark Foster wrote: list... I talked to my lawyer. And while I am not a lawyer, I can tell you that my lawyer pointed out several interesting legal theories under which I could have some serious liability, and so I don't do that any more. (As an example, consider what happens *to you* if a hospital stops getting emailed results back from their outside laboratory service because their email firewall is checking your server, and someone dies as a result of the delay) So while I think you'd be justified in doing it, I think you'd find that 1) lots of people wouldn't change their configs at all, and 2) you might find that your liability insurance doesn't cover deliberate acts. Uhm. I don't follow? I my experience, people who tell stories like this really just need to get a better lawyer. I've had several lawyers contact us on things about this lame and have found that that the one sentence reply letter is often the most effective: Dear Sir: Kiss my what? Never hear from them again. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (Darwin) iD8DBQFFwV6ZElUlCLUT2d0RArP9AKC4JaEP5QJiB70SfrCWGkI9eTdxBwCcC+wA +DFKKXKMUqluFDF1DNCBJ0o= =sndk -END PGP SIGNATURE-
Re: [cacti-announce] Cacti 0.8.6j Released (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jan 21, 2007, at 11:35 PM, Travis H. wrote: That is, most of the dynamically-generated content doesn't need to be generated on demand. If you're pulling data from a database, pull it all and generate static HTML files. Then you don't even need CGI functionality on the end-user interface. It thus scales much better than the dynamic stuff, or SSL-encrypted sessions, because it isn't doing any computation. While I certainly agree that cacti is a bit of a security nightmare, what you suggest may not scale all that well for a site doing much graphing. I'm sure the average cacti installation is recording thousands of things every 5 minutes but virtually none of those are ever actually graphed. Those that are viewed certainly aren't viewed every 5 minutes. Even if polling and graphing took the same amount of resources that would double the load on the machine. My guess though is that graphing actually takes many times the resources of polling. Just makes sense to only graph stuff when necessary. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFtE/NElUlCLUT2d0RAtbeAJ91qMtm8VtWSLHJ/gLsg3DnqitlwQCeK1pn bqmZZoK821K76KMj/0bxDNk= =Rx6P -END PGP SIGNATURE-
Re: register.com down sev0?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Oct 27, 2006, at 7:48 PM, Donald Stahl wrote: It's pretty well-known that register.com has been a source of spam, and that complaints to them have been ineffective. I don't know about Register.com's opinion but I dare say the statement above isn't very helpful to me as an admin. When you say has been a source of spam is there a time frame involved? Was this in the last week? Month? Year? I've received spam from them in the past month (actually I got two). When this thread started I went back to see if I could find them but unfortunately I no longer had copy. When you say register.com has been the source do you mean a) their netblocks b) their mail servers or c) partners acting on their behalf? The spam I got was directly from register.com. It came with a register.com return email address, pointed to a register.com web site and came from an IP address the resolved to *.register.com (I will admit I didn't confirm the netblock belonged to them). I've never done any business with them and the spam was for a domain name renewal for a domain registered elsewhere. In other words, it was a classic whois scrapped spam. You also state that complaints have been ineffective. Again is there a time frame? Did anyone get back to you? Did they investigate? Did they give you a reason for ignoring or doing nothing about your complaint? I submitted both spams to spamcop and the appropriate abuse addresses would have been notified in both cases. I got no response from either of my submissions. As for a reason for ignoring my complaint I really couldn't say since, well they ignored me. I ask this not because I want to know but because if someone from the company came here to address the issue then perhaps we should give them as much information as possible (After all- you have a contact now) Simply saying that it's pretty well-known doesn't really help. As I've previously said, this isn't like its some sort of borderline case where someone in one part of the company is doing something that someone else doesn't know about. These guys are pretty hard core. I'd say I get 20-30 emails a year from them for various domain names I'm a contact on. I've also received USPS spam which is another story but no less unethical since they are all these BS renewal type letters. They might not be Domain Registry of America but they are hardly innocent. I frankly doubt they would bother posting here with let us know if they had no intention of looking into it- this isn't exactly a group likely to be pacified by empty promises. (It's also possible that in the past the right people never found out- or that there are new people there who take the issue more seriously). Well maybe this guys is serious about addressing the problem but if they are serious as a company the least they could do is respond to complaints that come via spamcop. Hell it think most spamcop complaints we get are mostly BS but I at least bother to respond to them. will be happy to hear that. If you're here to tell us that there never was a problem and that we're all just imagining it... you'll need these: I don't think they are going to claim there was never a problem- unfortunately sometimes the marketing folks don't consult or listen to their technical folks- it's happened at a lot of companies. That said- I haven't had spam from a register.com netblock in a long time. Then again maybe I've just been lucky. I'd go with lucky then. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFQu0TElUlCLUT2d0RAj0DAKCR1pSj/xEqYcTZAv86NRjuVO2DzACfXKVc eQ30FesWFzLWNWlwGFW6tA4= =CIB0 -END PGP SIGNATURE-
Re: register.com down sev0?
On Oct 25, 2006, at 11:14 PM, [EMAIL PROTECTED] wrote:On 26 Oct 2006, Paul Vixie wrote:I'm seeing *.register.com down (including ns*) from everywhere.They are apparently under a multi-gbps ddos of "biblicalproportions".i wonder if that's due to the spam they've been sending out?Paul, this isn't nanae. Let's not sling accusations like that wildly. Good god. It isn't like they are some borderline case or anything.Chris PGP.sig Description: This is a digitally signed message part
Re: WorldNIC nameserver issues
On Oct 17, 2006, at 1:36 PM, David Ulevitch wrote:Anyone else seeing these failures? WorldNIC does a lot of authoritative DNSWe've got several customer domains in the same boat.I can ping those addresses but they don't seem to be answering queries.Chris PGP.sig Description: This is a digitally signed message part
Re: my favorite DR story
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mar 26, 2006, at 6:21 AM, neal rauhauser wrote: They had no off site backup of any of their data and there was no configuration information on their network beyond my recall of what I'd help install two years before the tornado. This is certainly a testament to the value of clean livin', but I sure wouldn't recommend that as a DR strategy. This is still my favorite tornado/network related item: http://home.hubris.net/owenc/tornado/ Back in the early days I was out of the town for I think one of the first times ever after starting the business (at ISPC maybe?). I logged on to see a huge drop in the number of people dailed up at a time when it should have been going up. I was a bit freaked out when I noticed at the same time the temperature had fallen 40 degrees in about 20 minutes. A quick call home let me connect the dots. Chris - -- ~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~ A stupidity tax Hubris Communications ~ www.hubris.net ~ ~~ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) iD8DBQFEJubTElUlCLUT2d0RAsFFAJ0QhF/Qt+q/5chaiNWwVI8TWcjkWwCeM3gV MDdprIKLFjM8FIGykOrMwfc= =rSZ1 -END PGP SIGNATURE-
Re: Martin Hannigan. In my pants!
On Thu, 26 Jan 2006, Matt Ghali wrote: On Thu, 26 Jan 2006, Martin Hannigan wrote: And in all my years running news, I never came cross fleming or williams so I wouldn't know. Someone called me and made a Denniger and an Auerbach reference. Whoa. What ever happened to Karl Denninger anyway? http://genesis3.blogspot.com/ Chris -- ~~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc ~ www.hubris.net ~ ~~~
Re: Odd policy question.
On Fri, 13 Jan 2006, Randy Bush wrote:
Maybe not such an odd question; Anywhoo, we have quite a few
people who register our IP addresses as nameservers, and then never
delete the records. I don't suppose there is any way that we can delete
these old records, we have appealed to multiple registrars such as
godaddy, enom, and the like to remove these bogus NS records from our IP
space which keep our new customers from using these IP addresses for
hosting but they claim that we have no grounds even though we are the
legitimate 'keepers' of said IP space. This is mainly a problem for
customers who use software such as cPanel which likes to always make NS
records automatically, and customers almost never remove these at their
registrar.
in named.conf
zone 2.96.192.in-addr.arpa{ type master; file primary/bogus.ia; };
in the zone file
* PTR some.schmuck.lame.delegated.to.RAIN.PSG.COM.
or
zone someschmuck.com { type master; file primary/bogus.fwd; };
and
@ MX0 some.schmuck.lame.delegated.to.RAIN.PSG.COM.
* MX0 some.schmuck.lame.delegated.to.RAIN.PSG.COM.
Don't forget:
wwwIN CNAME goatse.cx
;-]
Chris
--
~~~
Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun):
President ~ Wichita (316) 858-3000 ~A stupidity tax
Hubris Communications Inc ~ www.hubris.net ~
~~~
Re: Odd policy question.
On Fri, 13 Jan 2006, Martin Hannigan wrote: I heard something nasty about goatse.cx, but I checked www and I got: The registrar name servers have not been configured properly ..and nothing bad. I do think it's better to put up the page locally though. Granted that what your (former-) customers did was not any sort of best practice, but I think your solution is a little too extreme. Wow. I wish I was seeing what you are seeing. Is it good? Well my post was really in jest. goatse.cx hasn't existed for years. If you really want to know what was there (and you really don't) just do a quick search for goatse. I'm sure there is a Wikipedia entry for it. However, the point of my post that it really is a dumb idea for someone to point their domain at your domain name servers if they aren't a customer. You really do gain much control over the domain in such a situation. Chris -- ~~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc ~ www.hubris.net ~ ~~~
Re: AW: Odd policy question.
On Fri, 13 Jan 2006, Randy Bush wrote: it is a best practice to separate authoritative and recursive servers. why? e.g. a small isp has a hundred auth zones (secondaried far away and off-net, of course) and runs cache. why should they separate auth from cache? I absolutely hate it when we run into an ISP that does this. We often have customers who are moving form some piss poor ISP and we rescue them. Then we find out that none of ISP A's customers (often including the customer who is moving their hosting) can get to the new site. Similarly we have occasionally seen customers who moved their hosting from us and we were still delivering mail locally. In order for the root servers to do their job the two really need to be separate. Chris -- ~~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc ~ www.hubris.net ~ ~~~
RE: Two Tiered Internet
On Wed, 14 Dec 2005, Hannigan, Martin wrote: but do i get the Internet? ... your claim is that No, my claim is that users are not paying the full boat. Almost all the telecoms are still in trouble in one way or another, interest expense, billions $$ in bonds coming due ~2008, etc. They aren't making enough money. That may be a market forces reality, but that doesn't mean the services aren't under priced. I'm not sure how much of a market forces reality this is. At least around here (SBC territory but then what isn't) it is the telcos that are driving down the prices. Cable would be willing to charge reasonable prices (and have generally held the line) if it wasn't for Bell. Chris -- ~~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc ~ www.hubris.net ~ ~~~
Re: Akamai server reliability
On Mon, 28 Nov 2005, Roy wrote: Is anyone else seeing high failure rates of Akamai servers at their facilities? We had 3 boxes for 5-6 years without a problem. Then one of them failed. We've since replaced that box 5-6 times in the last year. The replacement boxes often come with non-spining CPU fans and other issues so I'm not that surprised. The last replacement was a few months ago though so maybe this one will stick around. I think whoever is doing their refurbs isn't doing a very good job. They never seem very concerned though. Chris -- ~~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc ~ www.hubris.net ~ ~~~
Re: trollage (Re: Akamai server reliability)
On Mon, 28 Nov 2005, Deepak Jain wrote: Never underestimate the amount of airbills that can be paid with KISS strategy. Especially since Akamai doesn't pay for truck rolls and man hours to get the replacements done onsite. I'm sorry, isn't that exactly what an airbill *is* paying for -- to get the equipment on site? The man hours (really, we are talking about less than a single hour to replace a server including all the mounting and repacking). The one man hour that they need (no more than 6 a year by the look of it) should offset the value the ISP is getting from not buying bandwidth to get to the content and for the improved performance they get. If that model doesn't work for the ISP in question, they should ask Akamai to pull their gear. I didn't really get the impression that people were really complaining so much (I certainly wasn't) as they were just pointing out there was an issue. However, I do think Akamai would be better off getting their issues with their replacement boxes straightened out. I agree that we get value for having the boxes on our network (and so do they lets not forget). However, it is a bit frustrating to replace the same box 3 times in less than a month. Hauling a box down to the colo is no big deal but when the box you are taking down there has a dead CPU fan and two dead case fans it's hard not to think you might be wasting your time. It isn't just that they are wasting my time. They are also wasting their own time. It's the overall lack efficiency that bothers me ;-] Chris -- ~~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc ~ www.hubris.net ~ ~~~
Re: paypal down!
On Tue, 15 Nov 2005, Steven Kalcevich wrote: www.paypal.com Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [EMAIL PROTECTED] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Works for me. Same BS splash advertising that always comes up. Damn that is annoying. Chris -- ~~~ Chris Owen~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~A stupidity tax Hubris Communications Inc ~ www.hubris.net ~ ~~~
