BGP Peers as basis of available routes
Hi! We're currently evaluating web hosting providers in the APAC region and one of the criteria that we are currently considering is the availability of routes going to the web hosting provider. In this regard, I would like to ask for your idea regarding this. Is it safe to conclude that the web hosting provider's available routes would would depend on the peers who are advertising their AS / network? (i.e if web hosting provider claims that they are peering with telco a, b, c but as seen from a third party looking glass, only C is seen advertising the web hosting provider network that would mean web hosting provider is effectively utilizing c as their upstream??) Thanks. -- -nathan
Re: Microsoft Job Poaching on NANOG
On 10/18/2011 10:02 PM, Brett Watson wrote: There's a lot more than just MS doing it after this NANOG, and it's damned annoying. I've had it happen over the years just a few times, but it's unprecedented this year, as far as I'm concerned (and did I mentioned damned annoying?). -b That's why you don't tell people your info. It has predictable results like using telnet to access your stuff at NANOG. Don't tell me no one did it; although I never understood why they didn't just block tcp/23 to protect the crazy. :) Or did they, this year? Jack
Re: Microsoft Job Poaching on NANOG
On Oct 18, 2011, at 5:03 PM, Babak Pasdar wrote: > Is Microsoft trying to poach people off the NANOG list? IMHO this is > inappropriate. There's a lot more than just MS doing it after this NANOG, and it's damned annoying. I've had it happen over the years just a few times, but it's unprecedented this year, as far as I'm concerned (and did I mentioned damned annoying?). -b
Re: Microsoft Job Poaching on NANOG
On 18 Oct 2011, at 22:06, Cutler James R wrote: > Since the message in question was not seen on the full list, it probably came > from the MS event attendance list. and they were quite open at the event about wanting contact details for recruitment purposes... f
RE: Dnssec and ptr records
> -Original Message- > From: John Curran [mailto:jcur...@arin.net] > Sent: Tuesday, October 18, 2011 11:56 AM > To: Eric J Esslinger > Cc: nanog@nanog.org Operators' Group > Subject: Re: Dnssec and ptr records > > > (Presuming, of course, that you've got an ARIN assignment > or allocation. If you're in a provider-assigned block, > you'll need to chat with your ISP about the DS linkage > for your PTR zones... /John ) > > On Oct 18, 2011, at 12:31 PM, John Curran wrote: > > On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote: > > > >> Well it makes sense we should, just that all the examples, > >> discussion, and such I've read dealt with forward records. > >> > >> I guess I get to dig some more. Thanks. > > > > Eric - > > > > Your in-addr zone first needs to be signed and then the DS > > records are put in the parent in-addr zone to link into the > > signed IN-ADDR.ARPA hierarchy. In the ARIN region, this can > > be done via the DNSSEC DS record management in ARIN Online or > > via the RESTful provisioning interface. > > > > ARIN DNSSEC Project overview: > https://www.arin.net/resources/dnssec/ > > ARIN Online/DNSEC Tutorials: > > https://www.arin.net/knowledge/dnssec/index.html > > > > FYI, > > /John > > > > John Curran > > President and CEO > > ARIN > > Thank you. That gives me information to work with, and I now have a solid understanding of what I need to do for the proper delegation setup. I'll have to talk to my current ISP for the blocks I currently have, though I don't believe they do dnssec at this time. I am expecting to get an Arin allocation shortly (and return their existing allocations to us) as we are going multihomed soon. I may just have to wait till then to get everything fully setup. This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.
Re: Dnssec and ptr records
(Presuming, of course, that you've got an ARIN assignment or allocation. If you're in a provider-assigned block, you'll need to chat with your ISP about the DS linkage for your PTR zones... /John ) On Oct 18, 2011, at 12:31 PM, John Curran wrote: > On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote: > >> Well it makes sense we should, just that all the examples, discussion, and >> such I've read dealt with forward records. >> >> I guess I get to dig some more. Thanks. > > Eric - > > Your in-addr zone first needs to be signed and then the DS > records are put in the parent in-addr zone to link into the > signed IN-ADDR.ARPA hierarchy. In the ARIN region, this can > be done via the DNSSEC DS record management in ARIN Online or > via the RESTful provisioning interface. > > ARIN DNSSEC Project overview: https://www.arin.net/resources/dnssec/ > ARIN Online/DNSEC Tutorials: https://www.arin.net/knowledge/dnssec/index.html > > FYI, > /John > > John Curran > President and CEO > ARIN > >
Re: Dnssec and ptr records
On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote: > Well it makes sense we should, just that all the examples, discussion, and > such I've read dealt with forward records. > > I guess I get to dig some more. Thanks. Eric - Your in-addr zone first needs to be signed and then the DS records are put in the parent in-addr zone to link into the signed IN-ADDR.ARPA hierarchy. In the ARIN region, this can be done via the DNSSEC DS record management in ARIN Online or via the RESTful provisioning interface. ARIN DNSSEC Project overview: https://www.arin.net/resources/dnssec/ ARIN Online/DNSEC Tutorials: https://www.arin.net/knowledge/dnssec/index.html FYI, /John John Curran President and CEO ARIN
Re: Dnssec and ptr records
At 9:13 -0500 10/18/11, Eric J Esslinger wrote: Are we supposed to setup signing for reverse dns zones? To the DNS, a zone is a zone. The terms "forward" and "reverse" as zone adjectives were invented by humans. ;) The high-level view of signing the "reverse zones" is the same as for "forward zones." -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Vote for the word of the day: "Papa"razzi - father that constantly takes photos of the baby Corpureaucracy - The institution of corporate "red tape"
Re: Dnssec and ptr records
On Tue, Oct 18, 2011 at 09:13:54AM -0500, Eric J Esslinger wrote: > Quick question for those who have researched things more closely. I have > signed all my forward zones and think I've crossed my I's and dotted my T's, > but one thing I'm not sure of... > > Are we supposed to setup signing for reverse dns zones? > > __ > Eric Esslinger > Information Services Manager - Fayetteville Public Utilities > http://www.fpu-tn.com/ > (931)433-1522 ext 165 > > This message may contain confidential and/or proprietary information and is > intended for the person/entity to whom it was originally addressed. Any use > by others is strictly prohibited. > you should practice the same diligence with all your DNS zones, either sign all of them or none of them. /bill
RE: Dnssec and ptr records
> -Original Message- > From: Phil Regnauld [mailto:regna...@nsrc.org] > Sent: Tuesday, October 18, 2011 9:18 AM > To: Eric J Esslinger > Cc: 'nanog@nanog.org' > Subject: Re: Dnssec and ptr records > > > Eric J Esslinger (eesslinger) writes: > > Quick question for those who have researched things more closely. I > > have signed all my forward zones and think I've crossed my I's and > > dotted my T's, but one thing I'm not sure of... > > > > Are we supposed to setup signing for reverse dns zones? > > Hi Eric, > > Let me reverse the question: why wouldn't you ? > > Cheers, > Phil Well it makes sense we should, just that all the examples, discussion, and such I've read dealt with forward records. I guess I get to dig some more. Thanks. __ Eric Esslinger Information Services Manager - Fayetteville Public Utilities http://www.fpu-tn.com/ (931)433-1522 ext 165 This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. <>
Re: Dnssec and ptr records
Eric J Esslinger (eesslinger) writes: > Quick question for those who have researched things more closely. I have > signed all my forward zones and think I've crossed my I's and dotted my T's, > but one thing I'm not sure of... > > Are we supposed to setup signing for reverse dns zones? Hi Eric, Let me reverse the question: why wouldn't you ? Cheers, Phil
Re: Dnssec and ptr records
> Are we supposed to setup signing for reverse dns zones? yes
Dnssec and ptr records
Quick question for those who have researched things more closely. I have signed all my forward zones and think I've crossed my I's and dotted my T's, but one thing I'm not sure of... Are we supposed to setup signing for reverse dns zones? __ Eric Esslinger Information Services Manager - Fayetteville Public Utilities http://www.fpu-tn.com/ (931)433-1522 ext 165 This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.