Re: Hey, SiteFinder is back, again...
Andrew Sullivan (andrew) writes: > > The last time I heard a discussion of this topic, though, I heard > someone make the point that there's a big difference between > authority servers and recursing resolvers, which is the same sort of > point as above. That is, if you do this in the authority servers for > _any_ domain (., .com, .info, or .my.example.org for that matter), > it's automatically evil, because of the meaning of "authority". One > could argue that it is less evil to do this at recursive servers, > because people could choose not to use that service by installing > their own full resolvers or whatever. I don't know that I accept the > argument, but let's be clear at least in the difference between doing > this on authority servers and recursing resolvers. Fully agreed. In some ways, if your ISP is stupid enough to want to do this, and they don't ever want to return NXDOMAIN to their customer's resolvers, and their ToS specify that they do it, well, they're welcome. But the moment you start to mess around with the authority that is being delegated to you, then it's Evil. I think ICANN should probably come out and specify that doing wildcard matchin on TLD delegations is Not A Good thing. Phil
Re: General question on rfc1918
Joe Abley (jabley) writes: > > You drop the packet at your border before it is sent out to the Internet. > > This is why numbering interfaces in the data path of non-internal traffic is > a bad idea. Unfortunately many providers have the bad habit of using RFC1918 for interconnect, on the basis that a) it saves IPs b) it makes the interconnect "not vulnerable" [1]. > > Packets which are strictly error/status reporting -- e.g. IMP > > 'unreachable', > > 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network > > boundaries _solely_ because of an RFC1918 source address. > > I respectfully disagree. Same here, and even if egress filtering didn't catch it, many inbound filters will. [1] I'v also heard of ISPs having an entire /16 of routable addresses for their interconnect, but they just don't advertise to peers.
Re: Network Operator Groups Outside the US
Rod Beck (Rod.Beck) writes: > Hi Folks, AfNOG, African Network Operators Group. Will be on its 9th year this year in Rabat, Marocco. It takes place back-to-back with the AFRINIC meeting: http://www.afnog.org/afnog2008/announce.html
Re: ISPs slowing P2P traffic...
Stephane Bortzmeyer (bortzmeyer) writes: > > > that appears on most packaged foods in the States, that ISPs put on > > their Web sites and advertisements. I'm willing to disclose that we > > block certain ports [...] > > As a consumer, I would say YES. And FCC should mandates it. ... and if the FCC doesn't mandate it, maybe we'll see some self-labelling, just like the some food producers have been doing in a few countries ("this doesn't contain preservatives") in the absence of formal regulation. > Practically speaking, you may find the RFC 4084 "Terminology for > Describing Internet Connectivity" interesting: Agreed. Something describing Internet service, and breaking it down into "essential components" such as: - end-to-end IP (NAT/NO NAT) - IPv6 availability (Y/N/timeline) - transparent HTTP redirection or not - DNS catchall or not - possibilities to enable/disable and cost - port filtering/throttling if any (P2P, SIP, ...) - respect of evil bit
Re: Network Operator Groups Outside the US
Rod Beck (Rod.Beck) writes: > > 3. France: FRnOG; http://www.frnog.org/ Has several meetings each year. Has > interesting discussions in French on its mailing list. Moderator makes Stalin > look easy going. Interesting point of view, I'm sure it's impartial. Note that Scandinavia doesn't have anything formal network operator meeting either, even though it's a very active area.
Re: enterprise change/configuration management and compliance software?
jamie (j) writes: > ` > device, and by 'device' i mean router and/or switch) configuration > management (and (ideally) compliance-auditing_and_assurance) software. > > We currently use Voyence (now EMC) and are looking into other options for > various reasons, support being in the top-3 ... So I guess using something tried, tested and free like Rancid + ISC's audit scripts are not within scope ? > So, I pose: To you operators of multi-hundred-device networks : what do > you use for such purposes(*) ? Rancid :) (+ and now some home developed stuff) > This topic seemed to spark lively debate on efnet, The current weather would spark lively debate on most IRC channels. Phil