Re: New worm / port 1434?
On Sat, Jan 25, 2003 at 08:05:33AM +, Gary Coates wrote: > > Duplicated info.. But this is an old worm ;-( > > http://www.cert.org/advisories/CA-1996-01.html This is not the worm that's spreading now. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
contact at rackspace?
Does anybody know a _working_ contact at rackspace.com? Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue http://www.blinkenlights.nl/party/ - birthday party (page in Dutch) all geeks invited - send mail to [EMAIL PROTECTED] for more info
Re: misbehaving DNS resolvers
On Sat, Dec 21, 2002 at 02:26:36AM +0100, Peter van Dijk wrote: > over the last week I have been seeing more and more resolvers (all > that I know about are BIND but I'm not drawing conclusions yet) send > my nameservers more and more *identical* queries, a *lot* of them. > > Just to keep it short: take a look at > http://www.dataloss.nl/dnsoffenders/ and > http://www.dataloss.nl/dnsoffenders2/ > > If you notice any of your boxes in those lists with a high query count > (dnsoffenders is measured over about 60-80 minutes, dnsoffenders2 is > more like 30 minutes) please contact me. Thank you. Vincent Schonau reports that 'fetch-glue no;' in the BIND config seems to help (on BIND 8.3.4). If you are listed on my page, please try this configuration option, wait for a stats update and see if it helps. Thank you. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue http://www.blinkenlights.nl/party/ - birthday party (page in Dutch) all geeks invited - send mail to [EMAIL PROTECTED] for more info
misbehaving DNS resolvers
Hi, over the last week I have been seeing more and more resolvers (all that I know about are BIND but I'm not drawing conclusions yet) send my nameservers more and more *identical* queries, a *lot* of them. Just to keep it short: take a look at http://www.dataloss.nl/dnsoffenders/ and http://www.dataloss.nl/dnsoffenders2/ If you notice any of your boxes in those lists with a high query count (dnsoffenders is measured over about 60-80 minutes, dnsoffenders2 is more like 30 minutes) please contact me. Thank you. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue http://www.blinkenlights.nl/party/ - birthday party (page in Dutch) all geeks invited - send mail to [EMAIL PROTECTED] for more info
Re: IP address fee??
On Fri, Sep 06, 2002 at 10:04:08PM +0200, Iljitsch van Beijnum wrote: [snip] > About classfulness: I think it's more relevant, even today, than many > people like to admit. Why is it that I can type "network 192.0.2.0" in my > Cisco BGP config and the box knows what I'm talking about, but "network > 192.0.2.0/24" is no good? That is because Cisco is quite classful-centric, still. I think defaults for netmasks, based on classes, are very bad. They cause trouble (like the time a certain ISP announced 62/8 to all it's peers on AMS-IX). Cisco should support the /n notation! Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: IP address fee??
On Fri, Sep 06, 2002 at 10:39:05PM +0200, Jeroen Massar wrote: [snip] > Or even better... actual popquiz question*: "What is the subnet mask of > a class E?" ;) > Does anybody know that one ? Without looking into docs that is. There is none, just as there is none for class D. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: classless delegation [Re: IP address fee??]
On Fri, Sep 06, 2002 at 11:04:36PM +0200, Brad Knowles wrote: [snip] > > 60.1.0.10.in-addr.arpa. CNAME bla-reverse.example.org. > > bla-reverse.example.org. PTR bla.example.org. > > bla.example.org. A 10.0.1.60 > > > > What's wrong with that? No RFC against it ;) > > Are you sure about that? IIRC, the definitions of CNAME records > and what they can point to are pretty strict. If that is illegal, then so is RFC2317 :) > > Cool, why does it work then? > > Just because something hasn't actually been made officially > illegal doesn't mean that it's not a really bad idea. It seems to me RFC2317 is pushing the edge of standards more than my solution is. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: classless delegation [Re: IP address fee??]
On Fri, Sep 06, 2002 at 07:42:00PM +0200, Brad Knowles wrote: > At 5:11 PM +0200 2002/09/06, Peter van Dijk wrote: > > I am very willing to believe everything that you are saying, but *what > > part* of my configuration breaks those nameservers? > > $DEITY-only-knows how older/less capable nameserver software will > deal with the issue of having a zone that is also a PTR record. PTR is not special to nameserver software in any way. If it can handle an A record that is the name of the domain, it can handle a PTR. > > But there are no A records in that zone. Again, what A-records? > > The A RRs in the glue that goes along with the NS records that > are a result of making this a zone. Glue is kind of necessary, usually. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: classless delegation [Re: IP address fee??]
On Fri, Sep 06, 2002 at 04:56:09PM +0200, Brad Knowles wrote: [snip] > > I am doing separate zone files. Each IP delegated to me is a separate > > zone. Now, again, what is wrong with that? > > Technically, nothing -- at least, with the absolute latest > authoritative nameservers and the absolute latest recursive/caching > nameservers, and it doesn't seem to give much problems to modern > resolver libraries. > ['it will break with lots of software'] I am very willing to believe everything that you are saying, but *what part* of my configuration breaks those nameservers? > >> o The reverse zone contains one or more A records > >> The reverse domain "192.122.109.193.in-addr.arpa." contains one > >> or more A records. A records should only be placed in > >> forward-mapping domains. > > > > What A-records is it talking about? I am not seeing any. > > They are the ones associated with your NS records. At a > procedural level, PTR records are mutually exclusive with SOA & NS > records. But there are no A records in that zone. Again, what A-records? I have, by the way, enabled AXFR to the world for my reverse zones (all 16), so feel free to have a look. Also, I am aware that the hostmaster-address in the SOA for these zones is bogus - I will fix that shortly. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
classless delegation [Re: IP address fee??]
On Fri, Sep 06, 2002 at 04:06:40PM +0200, Brad Knowles wrote: > At 3:32 PM +0200 2002/09/06, Brad Knowles wrote: > >> Have a look, for example, at the reverses for 193.109.122.192/28 and > >> let me know if you can find anything wrong with those. [snip] > The key phrase is "A correctly operating resolving proxy DNS > server must discard them ...". Yes. This is your original complaint about matching apexes with delegations. I am not violating that condition, however. > Now, if you wanted to do separate zone files, and make sure that > each zone file doesn't contain any out-of-zone data, that would be a > different issue. But this is like handing people sticks of dynamite, > flamethrowers, and encouraging them to ignite the explosives they're > holding in their hands. I am doing separate zone files. Each IP delegated to me is a separate zone. Now, again, what is wrong with that? > DNS Expert > Detailed Report for 192.122.109.193.in-addr.arpa. >9/6/02, 4:05 PM, using the analysis setting "Everything" > == > > Information > -- > Serial number: 1031317961 > Primary name server: ns.dataloss.nl. > Primary mail server: N/A > Number of records: N/A > > > Errors > -- > o The reverse zone contains one or more A records > The reverse domain "192.122.109.193.in-addr.arpa." contains one > or more A records. A records should only be placed in > forward-mapping domains. What A-records is it talking about? I am not seeing any. [axfr is closed] [banter about SOA values] [all servers on the same subnet] > DNS Expert > Detailed Report for 193.122.109.193.in-addr.arpa. >9/6/02, 4:05 PM, using the analysis setting "Everything" > == > > Information > -- > Serial number: 1031317961 > Primary name server: ns.dataloss.nl. > Primary mail server: N/A > Number of records: N/A > > > Errors > -- > o The reverse zone contains one or more A records > The reverse domain "193.122.109.193.in-addr.arpa." contains one > or more A records. A records should only be placed in > forward-mapping domains. Again, I am not seeing any A records. [no axfr] [soa values] [all servers on the same subnet] > What about this? > > % dnswalk -ralF 122.109.193.in-addr.arpa. > Checking 122.109.193.in-addr.arpa. > Getting zone transfer of 122.109.193.in-addr.arpa. from ns2.bit.nl...done. > SOA=ns.bit.nl contact=root.bit.nl [hosts outside my /29] [failed zonetransfers] Nothing there that's wrong with my /29. > DNS Expert > Detailed Report for 122.109.193.in-addr.arpa. This is the parent zone. >9/6/02, 3:56 PM, using the analysis setting "Everything" > == > > Information > -- > Serial number: 2002090401 > Primary name server: ns.bit.nl. > Primary mail server: N/A > Number of records: 112 (34 NS, 0 MX, 0 A, 0 CNAME, 78 PTR, 0 > Other) > > > Errors > -- [hosts outside my /29] Indeed, you found some things wrong with the /24 zone, but that was not the subject, and nothing you found wrong with the /24 is related to the /29. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: IP address fee??
On Fri, Sep 06, 2002 at 03:32:00PM +0200, Brad Knowles wrote: [snip] > > Have a look, for example, at the reverses for 193.109.122.192/28 and > > let me know if you can find anything wrong with those. > > Okay, so you've made 192.122.109.193.in-addr.arpa a zone > (delegated from bit.nl within 122.109.193.in-addr.arpa, which is > delegated from RIPE's 193.in-addr.arpa), and this zone has an SOA and > NS records defined. Other than the fact that this zone is within the > in-addr.arpa tree, this would seem to be fairly normal behaviour for > any other zone in any other tree. in-addr.arpa is not special from a DNS point-of-view. > However, it doesn't appear to have a PTR record. Contrariwise, > 193.122.109.193.in-addr.arpa has an SOA, NS RRs, and a PTR. I'm sure > your other zones look similar. Indeed 192 doesn't have a PTR - it's the network number. 193 and a few others do indeed have PTR's. > Bizarre. Truly bizarre. Somehow, I feel compelled to make some > remark about "perverting the course of the DNS", or somesuch. What am I doing wrong in this case? A zone is delegated, the nameserver receiving the delegation serves this zone. No apexes mismatch. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
classless delegation [was: Re: IP address fee??]
On Fri, Sep 06, 2002 at 09:10:45AM -0400, [EMAIL PROTECTED] wrote:
> On Fri, 06 Sep 2002 14:42:39 +0200, Peter van Dijk <[EMAIL PROTECTED]> said:
> > That is a common misconception. Recursing resolvers couldn't care less
> > if they are written according to spec (unlike old BIND versions, for
> > example).
>
> Well... way back when (18 months or so)...
I'm not referring to that particular problem, but read on.
> On Thu, 01 Feb 2001 18:11:34 PST, Paul Vixie <[EMAIL PROTECTED]> said:
> >
> > [EMAIL PROTECTED] (Pim van Riezen) writes:
> >
> > > bogosity while updating 8.2.2-P7 to 8.2.3:
> > >
> > > (1) 8.2.3 Doesn't accept the "(" in the SOA string to be on the next line
> > > after the IN SOA. Our script-generated zonefiles, about 45000 of them,
> > > all had this.
> >
> > Neither do the relevant RFC's, or any other DNS implementation. Pre-8.2.3
> > was simply _wrong_ to accept that syntax.
>
> If you want to be the *next* guy who gets bit for 45K zones when the *next*
> next release starts enforcing something that was illegal-but-worked-mostly,
> be my guest
A fun note is that BIND, in that situation (I worked for Vuurwerk at
that time as well), just put some (high-ascii) garbage in the logfile
and segfaulted, instead of reporting a nice error.
Ofcourse it is also highly broken that the RFC specifies the zonefile
syntax.
[I think we're drifting offtopic here]
Greetz, Peter
--
[EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: IP address fee??
On Fri, Sep 06, 2002 at 02:21:35PM +0200, Brad Knowles wrote: > At 11:11 AM +0200 2002/09/06, Peter van Dijk wrote: > > And you can do it even easier without RFC2317: > > > >http://homepages.tesco.net/~J.deBoynePollard/FGA/avoid-rfc-2317-delegation.html > > Nope. Fundamentally broken. Delegations must occur at the apex of > a zone. That is a common misconception. Recursing resolvers couldn't care less if they are written according to spec (unlike old BIND versions, for example). Also, it's easy (with tinydns) or not very hard (with BIND) to implement given solution without violating your condition. Have a look, for example, at the reverses for 193.109.122.192/28 and let me know if you can find anything wrong with those. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: IP address fee??
On Thu, Sep 05, 2002 at 03:19:08PM -0400, Christian Malo wrote: [snip] > these days you can easily delegate reverse using CIDR with BIND ... > > http://www.faqs.org/rfcs/rfc2317.html And you can do it even easier without RFC2317: http://homepages.tesco.net/~J.deBoynePollard/FGA/avoid-rfc-2317-delegation.html Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: IP address fee??
On Thu, Sep 05, 2002 at 09:58:08PM -0400, Richard Welty wrote: [snip] > about 2 years ago, interviewing fresh graduates for jobs, i found that they > were still being taught classful networking at many colleges. Only half a year ago a teacher (university, subject: networking) told us (I'm a student) 'netmasks are not really needed, you can always infer them from the class'. By then he had already decided to ignore my corrections.. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: Network Routing without Cisco or Juniper?
On Wed, Sep 04, 2002 at 11:35:52AM +0100, Neil J. McRae wrote: > > > A supplier I don't think I'm at liberty to name. When they were good, > > they were very, very good. But when they were bad they were horrid. > > > > Another supplier I don't wish to name. Mostly worked, but crashed if > > you made even the slighest configuration change. > > I'm guessing one of them is Ascend and the other Lucent :-) I don't know the first one. You're wrong about the second one. [this bit is drifting offtopic :)] Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: Network Routing without Cisco or Juniper?
On Wed, Sep 04, 2002 at 03:39:25AM -0400, Deepak Jain wrote: [snip] > Boxes like Foundry, Extreme, Redback and many others all talk BGP > (at least to a first approximation) but is their lack of use in > the core/edge/CPE a lack of scale, stability, performance or just > interest? One Dutch ISP that shall remain unnamed (and is not one I work for or have worked for) deployed Extreme on AMS-IX, with Extreme's BGP implementation. It broke horribly. The Extreme BGP implementation, instead of sending their peers just their own prefixes, would send each peer *all* prefixes and then withdraw all but their own networks. However, doing this with tens of peers at the same time was too much for the Extreme itself, which died. Extreme has supposedly fixed this bug, but this ISP switched to Juniper for routing. >From what I see around me, Juniper for routing and Extreme for switching is a popular combination. It seems both are considered to be good at one thing and bad at the other. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue
Re: AT&T NYC
On Thu, Aug 29, 2002 at 01:09:54PM -0400, [EMAIL PROTECTED] wrote: > > Has anybody mentioned the benefits of ISIS as an IGP to them. > Link-state protocols are evil, and when they break, they *really* break. > I still do not see a compeling argument for not using BGP as your IGP. Slow convergence. Greetz, Peter -- MegaBIT - open air networking event - http://www.megabit.nl/
Re: IETF SMTP Working Group Proposal at smtpng.org
On Wed, Aug 21, 2002 at 10:53:19AM -0400, Ron da Silva wrote: > > I'd like to be able to publish DNS records announcing my domain's *outbound* > > mail servers, with nice abbreviated forms to say "they're the same as my > > inbound (MX) records" or "any IP in x.y.z/24". Then cooperative ISPs (like say > > America Online) could refuse any email from my domain that originated from some > > random cable modem, instead of accepting it and then flooding me with 2 > > bounce messages. > > What about this email from you which came to me from Merit and not your > mail server? Would break mailing lists and listserves unless the from > field is overwritten. No, because a mailer doesn't look at headers - it looks at the SMTP envelope, and mailinglists set this to point to an address of themselves to monitor bounces. Greetz, Peter -- MegaBIT - open air networking event - http://www.megabit.nl/
Re: Qwest Outage?
On Fri, Aug 16, 2002 at 02:23:56AM -0500, James Ferris wrote: Interesting. No text/plain content. Please disable HTML in your mailer and we may be able to read what you are saying :) Greetz, Peter -- MegaBIT - open air networking event - http://www.megabit.nl/
Re: Is the PAIX Palo Alto taking a dump?
On Thu, Aug 01, 2002 at 10:03:12AM -0700, Stephen Stuart wrote: [snip] > They were; hopefully you mailed them and received an answer to that > effect. A software fault took down one of the switches, and the vendor > is being made aware of the problem they need to fix. Given all the trouble AMS-IX has with Foundry, I'd like to know: what vendor is that? Greetz, Peter -- MegaBIT - open air networking event - http://www.megabit.nl/
[Henk.Steenman@ams-ix.net: NOTIFICATION: KPNQWEST disconnection]
FYI. - Forwarded message from Henk Steenman <[EMAIL PROTECTED]> - Subject: NOTIFICATION: KPNQWEST disconnection From: Henk Steenman <[EMAIL PROTECTED]> To: AMS-IX Discussion list for technical issues <[EMAIL PROTECTED]>, GRX Tech mailing list <[EMAIL PROTECTED]> Date: Wed, 26 Jun 2002 10:43:42 +0200 This is to inform you that KPNQWEST has been unable to further fulfill its financial obligations towards AMS-IX, despite their repeated promises to do so over the last couple of days. We have therefore decided that the KPNQWEST ports will be disabled (both on the Internet and the GRX VLANs) at 12.00AM CET today. To allow some further time for rearranging traffic, we will allow a single KPNQWEST port to remain in use for a few more days, i.e. until July 1st. This one remaining port will be: switch 4 port 6/5 IP 193.148.15.140 (Internet VLAN) In order to avoid large amounts of broadcast traffic created by ARP requests, we request all parties currently peering with KPNQWEST to shut down their peering sessions with KPNQWEST with other IP addresses than the above mentioned one. Kind Regards -- - Henk Henk Steenman tel: +31 205 141 711 Amsterdam Internet Exchange mobile: +31 651 312 774 http://www.ams-ix.net e-mail: [EMAIL PROTECTED] ___ tech-l mailing list [EMAIL PROTECTED] http://melix.ams-ix.net/mailman/listinfo/tech-l - End forwarded message - Greetz, Peter -- MegaBIT - open air networking event - http://www.megabit.nl/
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 12:54:57PM -0700, Scott Granados wrote: > As are f5 proeducts including bigip, 3dns and hmmm they make something > else I forget:). > > On Thu, 23 May 2002, Brian wrote: > > > bsd kernel eh? i believe netapp filers are based on that as well. Indeed - bigIP is BSDI aka BSD/OS based, netapp uses NetBSD code. Greetz, Peter -- huk ~ kek
Re: Linux routing
On Tue, May 21, 2002 at 06:34:47PM -0400, Ralph Doncaster wrote: > I don't really trust the vmstat system time numbers. Based on some > suggestions I received, I ran some CPU intensive benchmarks during > different traffic loads, and determined how much system time was being > used by comparing the real and user times. The results seem to show that > if I want to do 50Mbps full-duplex on 2 ports (200M aggregate) that the > standard Linux 2.2.20 routing code won't cut it. [snip bogus benchmark] Why are you benchmarking network troughput by bzip2'ing a file in /tmp? It makes no sense. Greetz, Peter -- huk ~ kek
