google / massive problems

[Blair Trosper]

Can someone from Google Drive or Gmail contact me off-list?

The sign in services and applications are outright down trying to use them
in Chrome.  Trying to contact enterprise support via several numbers just
results in an immediate disconnect.

The App Status page shows no problem, but Twitter and Facebook are blowing
up with trouble reports, and I have tons of technical status codes to
share, but no one with whom to share them.

Thanks,
Blair

Re: google / massive problems

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/9/2013 9:00 AM, Blair Trosper wrote:

> Can someone from Google Drive or Gmail contact me off-list?
>
> The sign in services and applications are outright down trying to use
> them in Chrome.  Trying to contact enterprise support via several numbers
> just results in an immediate disconnect.

I can't speak to enterprise services, but I just logged in to my own
personal GMail account -- with 2 FA -- with no problems, from the Seattle
metro area.

- - ferg

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8

wj8DBQFSVYDTq1pz9mNUZTMRArDeAJ44GjAt1uzY4++dKDmrPWhBfm3a2wCcCqGB
w6FrRdogRvpTomaMdcqO9hU=
=OMUq
-END PGP SIGNATURE-


--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com

Re: google / massive problems

[Anthony Williams]

 Same. Works for me (WashDC/NoVA Area).

-Alby






On 10/9/2013 12:14 PM, Paul Ferguson wrote:
> On 10/9/2013 9:00 AM, Blair Trosper wrote:
> 
>  > Can someone from Google Drive or Gmail contact me off-list?
> 
>  > The sign in services and applications are outright down trying to use
>  > them in Chrome.  Trying to contact enterprise support via several numbers
>  > just results in an immediate disconnect.
> 
> I can't speak to enterprise services, but I just logged in to my own
> personal GMail account -- with 2 FA -- with no problems, from the Seattle
> metro area.
> 
> - ferg
> 
> 
> 

Re: google / massive problems

[Sam Moats]

Works for me from Nova, Level3 and Cogent.
Sam Moats

On 2013-10-09 12:17, Anthony Williams wrote:

Same. Works for me (WashDC/NoVA Area).

-Alby






On 10/9/2013 12:14 PM, Paul Ferguson wrote:

On 10/9/2013 9:00 AM, Blair Trosper wrote:

 > Can someone from Google Drive or Gmail contact me off-list?

 > The sign in services and applications are outright down trying to 
use
 > them in Chrome.  Trying to contact enterprise support via several 
numbers

 > just results in an immediate disconnect.

I can't speak to enterprise services, but I just logged in to my own
personal GMail account -- with 2 FA -- with no problems, from the 
Seattle

metro area.

- ferg

JANOG 33 Call for Papers

[Izumi Okutani]

Hello,


JANOG is making a call for presentation until 24th Oct.

It is a networks operators group in Japan with 400+ participants at
meetings, and + 6,000 mailing list subscribers as of June 2013.

Our Meetings are in Japanese but we have had several non-Japanese
speakers presenting at JANOG.

We are looking forward to your proposals for presentations.


Cheers,
Shinichi Yamamoto, Chin Sze (James) Yih, Izumi Okutani
JANOG Internationalization team for JANOG 33


-
JANOG 33 Call for Papers
---
The JApan Network Operators' Group (JANOG) will hold its 33th meeting in
Beppu, Japan on January 23-24, 2014. Yahoo Japan will host JANOG 33.
We invite presentations highlighting issues relating to technology
already deployed or soon-to-be deployed in the Internet.

Submissions are welcome via the e-mail at:"meeting-33[at]janog.gr.jp".

ABOUT JANOG
---
A JANOG Web Page in English can be found at: http://www.janog.gr.jp/en/

THE KEY DATE FOR JANOG 33 SUBMISSIONS
-
CFP Deadline : October 24 23:59 JST

The Program Committee will notify applicants after 8th Nov on their
decision about the submissions.

HOW TO PRESENT
--
If you are interested to give a presentation but do not have someone to
help you with the language, try consulting us at:
"meeting-33[at]janog.gr.jp".

Although we cannot guarantee, we may be able to help you on volunteer
basis.

The detail of presentation guidelines can be found under JANOG 33 Web
Page in English.
http://www.janog.gr.jp/en/index.php?JANOG33%20Programs

Let us know if you have any questions
meeting-33[at]janog.gr.jp

--

Re: google / massive problems

[Jake Mertel]

No issues from my site routing over AboveNet and using Google Apps for
Business -- Drive and Gmail working as expected.

On Wednesday, October 9, 2013, Blair Trosper wrote:

> Can someone from Google Drive or Gmail contact me off-list?
>
> The sign in services and applications are outright down trying to use them
> in Chrome.  Trying to contact enterprise support via several numbers just
> results in an immediate disconnect.
>
> The App Status page shows no problem, but Twitter and Facebook are blowing
> up with trouble reports, and I have tons of technical status codes to
> share, but no one with whom to share them.
>
> Thanks,
> Blair
>


-- 


--
Regards,

Jake Mertel
Nobis Technology Group, LLC




*Web: *http://www.nobistech.net
*Phone: *1-480-212-1710
*Mail:* 6930 East Chauncey Lane, Suite 150, Phoenix, AZ 85054

Re: google / massive problems

[Blair Trosper]

This is the delight I'm faced with, but seems to be affecting the latest
version of Chrome, both on Win7 and MacBook Pro (OS X 10.8.5)...again,
confined to Chrome (image attached).


Emails won't sent, drafts won't save, and no apps will load without an
error.  Sign-in also fails with numeric code 5.

I'm in Dallas, but I've also tried over VPN from endpoints in Atlanta, New
York, Los Angeles, Seattle, Amsterdam, Singapore, and London with no change.


On Wed, Oct 9, 2013 at 11:25 AM, Jake Mertel  wrote:

> No issues from my site routing over AboveNet and using Google Apps for
> Business -- Drive and Gmail working as expected.
>
>
> On Wednesday, October 9, 2013, Blair Trosper wrote:
>
>> Can someone from Google Drive or Gmail contact me off-list?
>>
>> The sign in services and applications are outright down trying to use them
>> in Chrome.  Trying to contact enterprise support via several numbers just
>> results in an immediate disconnect.
>>
>> The App Status page shows no problem, but Twitter and Facebook are blowing
>> up with trouble reports, and I have tons of technical status codes to
>> share, but no one with whom to share them.
>>
>> Thanks,
>> Blair
>>
>
>
> --
>
>
> --
> Regards,
>
> Jake Mertel
> Nobis Technology Group, LLC
>
>
>
>
> *Web: *http://www.nobistech.net
> *Phone: *1-480-212-1710
> *Mail:* 6930 East Chauncey Lane, Suite 150, Phoenix, AZ 85054
>
>
>
>
<>

comcast ipv6 PTR

[Blair Trosper]

Does anyone know why (or can someone from Comcast explain why) there is no
PTR on their residential/business IPv6 addresses?

Re: comcast ipv6 PTR

[Chris Adams]

Once upon a time, Blair Trosper  said:
> Does anyone know why (or can someone from Comcast explain why) there is no
> PTR on their residential/business IPv6 addresses?

I believe business customers (with a static assignment) can request
reverse DNS entries.  Residential customers are not guaranteed a static
assignment, so they can't get reverse set.

-- 
Chris Adams 

Re: comcast ipv6 PTR

[Chris Adams]

Once upon a time, Robert Webb  said:
> But how would thet differ from the IPv4 address space which has PTR
> records for all their IP's? Just the shear number they would have to
> deal with in the IPv6 space?

Oh, are you looking for auto-generated reverse for every address?
That's not going to happen for IPv6 (and it turns out that it wasn't
really a good idea for IPv4).  There's no reason to have reverse DNS
unless it has meaning, and "12-34-56-78.rev.domain.net" isn't really all
that useful.

-- 
Chris Adams 

Re: comcast ipv6 PTR

[Robert Webb]

On Wed, 9 Oct 2013 11:41:50 -0500
 Chris Adams  wrote:

Once upon a time, Blair Trosper  said:
Does anyone know why (or can someone from Comcast explain why) there 
is no

PTR on their residential/business IPv6 addresses?


I believe business customers (with a static assignment) can request
reverse DNS entries.  Residential customers are not guaranteed a 
static

assignment, so they can't get reverse set.

--
Chris Adams 



But how would thet differ from the IPv4 address space which has PTR 
records for all their IP's? Just the shear number they would have to 
deal with in the IPv6 space?


Robert

Re: comcast ipv6 PTR

[Blair Trosper]

That's essentially what I'm getting at.  If the v6 addresses/blocks are
allocated in a similar fashion to IPv4, where the octets are clearly named
by state and "hsd1", then I don't see why they should lack PTR.

However, even if they're not assigned or delegated in that way, it'd be
helpful to have SOME form of PTR on there.

Otherwise, they'd be a lot like Google, leaving the traceroute and
end-point PTR left up to our imagination (even though it's available
internally to Google employees).  I understand why Google lacks PTR to some
extent with anycast and the mobility of their v4 addresses, but I suspect
that Comcast isn't doing anything that sophisticated.


On Wed, Oct 9, 2013 at 11:47 AM, Robert Webb  wrote:

> On Wed, 9 Oct 2013 11:41:50 -0500
>  Chris Adams  wrote:
>
>> Once upon a time, Blair Trosper  said:
>>
>>> Does anyone know why (or can someone from Comcast explain why) there is
>>> no
>>> PTR on their residential/business IPv6 addresses?
>>>
>>
>> I believe business customers (with a static assignment) can request
>> reverse DNS entries.  Residential customers are not guaranteed a static
>> assignment, so they can't get reverse set.
>>
>> --
>> Chris Adams 
>>
>>
> But how would thet differ from the IPv4 address space which has PTR
> records for all their IP's? Just the shear number they would have to deal
> with in the IPv6 space?
>
> Robert
>
>

Re: comcast ipv6 PTR

[Andrew Sullivan]

On Wed, Oct 09, 2013 at 11:35:16AM -0500, Blair Trosper wrote:
> Does anyone know why (or can someone from Comcast explain why) there is no
> PTR on their residential/business IPv6 addresses?

Probably because of the considerations in
http://tools.ietf.org/html/draft-howard-isp-ip6rdns-06.  I seem to
remember someone showing up in DNSOP one time to argue for a draft
that the reverse mapping should just be optional under IPv6, but I
can't lay my hands on the draft.  The last time DNSOP tried to come up
with recommendations about the reverse tree, the resulting document
was
http://tools.ietf.org/html/draft-ietf-dnsop-reverse-mapping-considerations-06.
It says, roughly, "Well, some peple use the reverse tree and some
don't.  You might want to think about that, or not."  Despite
asserting a version of "A or not-A", we were unable to achieve
consensus, so I think the hope of consistency in the reverse tree is
not supported by operational evidence.

Best,

A

-- 
Andrew Sullivan
Dyn, Inc.
asulli...@dyn.com
v: +1 603 663 0448

Re: comcast ipv6 PTR

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/9/2013 9:49 AM, Chris Adams wrote:

> Once upon a time, Robert Webb  said:
>> But how would thet differ from the IPv4 address space which has PTR
>> records for all their IP's? Just the shear number they would have to
>> deal with in the IPv6 space?
>
> Oh, are you looking for auto-generated reverse for every address?
> That's not going to happen for IPv6 (and it turns out that it wasn't
> really a good idea for IPv4).  There's no reason to have reverse DNS
> unless it has meaning, and "12-34-56-78.rev.domain.net" isn't really all
> that useful.
>

That's not necessarily true -- some (very large) organizations using DMARC
will reject mail from hosts without a PTR record.

- - ferg

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8

wj8DBQFSVYuKq1pz9mNUZTMRAo5dAKCCuFYjseatheC9upjRRgkzcFJ5LwCfUhhd
Krgz0IA6e5dbllo8NgXbzV0=
=mehI
-END PGP SIGNATURE-


--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com

Re: comcast ipv6 PTR

[Blair Trosper]

True, but the location information, at least the state, is quasi-helpful.

You may be right about PTR being a mistake, but I guess my mind approaches
it from a practical, quasi-GeoIP approach.

IPv6 seems to be somewhat chaotic in that realm.  Plus, with web
applications and services, accurate GeoIP has implications for security.


On Wed, Oct 9, 2013 at 11:49 AM, Chris Adams  wrote:

> Once upon a time, Robert Webb  said:
> > But how would thet differ from the IPv4 address space which has PTR
> > records for all their IP's? Just the shear number they would have to
> > deal with in the IPv6 space?
>
> Oh, are you looking for auto-generated reverse for every address?
> That's not going to happen for IPv6 (and it turns out that it wasn't
> really a good idea for IPv4).  There's no reason to have reverse DNS
> unless it has meaning, and "12-34-56-78.rev.domain.net" isn't really all
> that useful.
>
> --
> Chris Adams 
>
>

Re: google / massive problems

[james]

Logging into gmail works, but Google Apps was having difficulties in Canada. 
It's working now...maybe just a hiccup?

--Original Message--
From: Sam Moats
To: nanog@nanog.org
ReplyTo: s...@circlenet.us
Subject: Re: google / massive problems
Sent: Oct 9, 2013 12:19 PM

Works for me from Nova, Level3 and Cogent.
Sam Moats

On 2013-10-09 12:17, Anthony Williams wrote:
> Same. Works for me (WashDC/NoVA Area).
>
> -Alby
>
>
>
>
>
>
> On 10/9/2013 12:14 PM, Paul Ferguson wrote:
>> On 10/9/2013 9:00 AM, Blair Trosper wrote:
>>
>>  > Can someone from Google Drive or Gmail contact me off-list?
>>
>>  > The sign in services and applications are outright down trying to 
>> use
>>  > them in Chrome.  Trying to contact enterprise support via several 
>> numbers
>>  > just results in an immediate disconnect.
>>
>> I can't speak to enterprise services, but I just logged in to my own
>> personal GMail account -- with 2 FA -- with no problems, from the 
>> Seattle
>> metro area.
>>
>> - ferg
>>
>>
>>



James

Re: google / massive problems

[Christopher Morrow]

piling on a tad: (for consumer gmail/drive)
 1) existing session cookies work fine
 2) new sessions work fine, + 2-step auth

from nova/701 connected me.

for an apps-for-your-domains account, same src location:
  1) new login works fine

err... maybe you have a bad chrome extension or profile problem if
it's only affecting chrome?

you could test with a new chrome profile:
  google-chrome --user-data-dir=$(mktemp -d)

and see how things go?


On Wed, Oct 9, 2013 at 12:29 PM, Blair Trosper  wrote:
> This is the delight I'm faced with, but seems to be affecting the latest
> version of Chrome, both on Win7 and MacBook Pro (OS X 10.8.5)...again,
> confined to Chrome (image attached).
>
>
> Emails won't sent, drafts won't save, and no apps will load without an
> error.  Sign-in also fails with numeric code 5.
>
> I'm in Dallas, but I've also tried over VPN from endpoints in Atlanta, New
> York, Los Angeles, Seattle, Amsterdam, Singapore, and London with no change.
>
>
> On Wed, Oct 9, 2013 at 11:25 AM, Jake Mertel  wrote:
>
>> No issues from my site routing over AboveNet and using Google Apps for
>> Business -- Drive and Gmail working as expected.
>>
>>
>> On Wednesday, October 9, 2013, Blair Trosper wrote:
>>
>>> Can someone from Google Drive or Gmail contact me off-list?
>>>
>>> The sign in services and applications are outright down trying to use them
>>> in Chrome.  Trying to contact enterprise support via several numbers just
>>> results in an immediate disconnect.
>>>
>>> The App Status page shows no problem, but Twitter and Facebook are blowing
>>> up with trouble reports, and I have tons of technical status codes to
>>> share, but no one with whom to share them.
>>>
>>> Thanks,
>>> Blair
>>>
>>
>>
>> --
>>
>>
>> --
>> Regards,
>>
>> Jake Mertel
>> Nobis Technology Group, LLC
>>
>>
>>
>>
>> *Web: *http://www.nobistech.net
>> *Phone: *1-480-212-1710
>> *Mail:* 6930 East Chauncey Lane, Suite 150, Phoenix, AZ 85054
>>
>>
>>
>>

Re: comcast ipv6 PTR

[Chris Adams]

Once upon a time, Blair Trosper  said:
> True, but the location information, at least the state, is quasi-helpful.

That's another good reason to have reverse records for defined router
interfaces.  Auto-generated reverse for eveything doesn't give any
useful info though.

-- 
Chris Adams 

Re: comcast ipv6 PTR

[Chris Adams]

Once upon a time, Paul Ferguson  said:
> That's not necessarily true -- some (very large) organizations using DMARC
> will reject mail from hosts without a PTR record.

And that's a good reason to have reverse records for you mail servers.
Auto-generated reverse really shouldn't be trusted for anything.
-- 
Chris Adams 

Re: comcast ipv6 PTR

[Joe Abley]

On 2013-10-09, at 10:10, Chris Adams  wrote:

> Once upon a time, Blair Trosper  said:
>> True, but the location information, at least the state, is quasi-helpful.
> 
> That's another good reason to have reverse records for defined router
> interfaces.  Auto-generated reverse for eveything doesn't give any
> useful info though.

If people really want to use generic reverse names and have realised that the 
v6 address space is much too big for $GENERATE, one approach is to delegate the 
appropriate zones to a custom nameserver that can auto-generate PTRs on demand. 
There are scaling problems here, but probably nothing that can't be fixed with 
high TTLs and multiple nameservers.

If I was doing that, my instinct would be to code against Ray Bellis' evldns 
(see ).

Note that I'm not suggesting that auto-generated v6 PTRs (or v4 PTRs) are a 
good idea. But I'm aware that a lack of reverse DNS on either protocol can make 
the helpdesk phone ring, so there is certainly a pragmatic argument in favour 
of it.


Joe

Re: comcast ipv6 PTR

[Constantine A. Murenin]

On 9 October 2013 09:58, Andrew Sullivan  wrote:
> On Wed, Oct 09, 2013 at 11:35:16AM -0500, Blair Trosper wrote:
>> Does anyone know why (or can someone from Comcast explain why) there is no
>> PTR on their residential/business IPv6 addresses?
>
> Probably because of the considerations in
> http://tools.ietf.org/html/draft-howard-isp-ip6rdns-06.  I seem to
> remember someone showing up in DNSOP one time to argue for a draft
> that the reverse mapping should just be optional under IPv6, but I
> can't lay my hands on the draft.  The last time DNSOP tried to come up
> with recommendations about the reverse tree, the resulting document
> was
> http://tools.ietf.org/html/draft-ietf-dnsop-reverse-mapping-considerations-06.
> It says, roughly, "Well, some peple use the reverse tree and some
> don't.  You might want to think about that, or not."  Despite
> asserting a version of "A or not-A", we were unable to achieve
> consensus, so I think the hope of consistency in the reverse tree is
> not supported by operational evidence.

Yet, apparently, Google has very recently completely stopped accepting
email with no PTR records.

On my Linode over the summer, it seems like this was the first mention
of IPv6 in my errorlog:


Aug 17 03:16:07 (none) dma[7de9.b8dd8ca8]: remote delivery to
gmail-smtp-in.l.google.com [2607:f8b0:400e:c01::1b] failed after final
DATA: 550-5.7.1 [2600:3c01:::  16] The sender does not meet
basic ipv6 sending#015#012550-5.7.1 guidelines of authentication and
rdns resolution of sending ip.#015#012550-5.7.1 Please
review#015#012550 5.7.1
https://support.google.com/mail/answer/81126for more information.
zo6si1884856pac.170 - gsmtp


Prior to 2013-08-17, most messages were delivered nightly without much
problems (although these cron jobs did often end up in the Spam
folder, and had to be rescued manually); after 2013-08-17, there was
only one nightly message that got through, on 2013-08-26, and
completely nothing since then:


Sep  6 03:15:50 (none) dma[7f00.b9012ca8]: remote delivery to
gmail-smtp-in.l.google.com [2a00:1450:4008:c01::1a] failed after final
DATA: 550-5.7.1 [2600:3c01:::  16] Our system has detected
that this message#015#012550-5.7.1 does not meet IPv6 sending
guidelines regarding PTR records and#015#012550-5.7.1 authentication.
Please review#015#012550 5.7.1
https://support.google.com/mail/answer/81126 for more information.
qk9si240507bkb.323 - gsmtp

Oct  9 03:15:48 (none) dma[966a.b8dc0ca8]: remote delivery to
gmail-smtp-in.l.google.com [2607:f8b0:400e:c01::1b] failed after final
DATA: 550-5.7.1 [2600:3c01:::  16] Our system has detected
that this message#015#012550-5.7.1 does not meet IPv6 sending
guidelines regarding PTR records and#015#012550-5.7.1 authentication.
Please review#015#012550-5.7.1
https://support.google.com/mail/?p=ipv6_authentication_error for
more#015#012550 5.7.1 information. vs7si29857999pbc.145 - gsmtp


C.

Re: comcast ipv6 PTR

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/9/2013 10:08 AM, Chris Adams wrote:


Once upon a time, Paul Ferguson  said:

>That's not necessarily true -- some (very large) organizations using
>DMARC will reject mail from hosts without a PTR record.



And that's a good reason to have reverse records for you mail servers.


Indeed. :-)


Auto-generated reverse really shouldn't be trusted for anything.


True. :-)

- - ferg

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8

wj8DBQFSVZPSq1pz9mNUZTMRAmVHAKCbyB6whUKbQ5Sl73+TMSE0TRcS5gCdEcZx
yXmgvG3kRpJIMRWhNNjUwag=
=CvKl
-END PGP SIGNATURE-

--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com

Re: google / massive problems

[Brandon Ross]

On Wed, 9 Oct 2013, Christopher Morrow wrote:


piling on a tad: (for consumer gmail/drive)
1) existing session cookies work fine
2) new sessions work fine, + 2-step auth


Yea, I'll pile on too.  I have 5 entities that I have gmail accounts setup 
for, plus my personal @gmail account.  I regularly keep several of them 
open at the same time, but for at lest 3 or 4 days I've been unable to 
stay logged into more than 1 at a time.  I've only used Chrome, and I'm in 
PHX at NANOG.  It's super annoying.


--
Brandon Ross  Yahoo & AIM:  BrandonNRoss
+1-404-635-6667ICQ:  2269442
Schedule a meeting:  https://doodle.com/brossSkype:  brandonross

Re: comcast ipv6 PTR

[Livingood, Jason]

On 10/9/13 12:52 PM, "Blair Trosper"  wrote:


>That's essentially what I'm getting at.  If the v6 addresses/blocks are
>allocated in a similar fashion to IPv4, where the octets are clearly named
>by state and "hsd1", then I don't see why they should lack PTR.

With the small # of IPv4 addresses, generating PTRs was not a big deal.
That is not the case for IPv6 and I believe most large scale network
operators would agree with that.

>However, even if they're not assigned or delegated in that way, it'd be
>helpful to have SOME form of PTR on there.

Helpful for what, precisely?

Jason

Re: comcast ipv6 PTR

[Livingood, Jason]

On 10/9/13 12:59 PM, "Paul Ferguson"  wrote:

>That's not necessarily true -- some (very large) organizations using
>DMARC will reject mail from hosts without a PTR record.

True, but a residential customer with a cable modem bootfile that blocks
port 25 wouldn't find that an issue.

Jason

Re: google / massive problems

[jamie rishaw]

How do I configure my router for this?


On Wed, Oct 9, 2013 at 12:52 PM, Brandon Ross  wrote:

> On Wed, 9 Oct 2013, Christopher Morrow wrote:
>
>  piling on a tad: (for consumer gmail/drive)
>> 1) existing session cookies work fine
>> 2) new sessions work fine, + 2-step auth
>>
>
> Yea, I'll pile on too.  I have 5 entities that I have gmail accounts setup
> for, plus my personal @gmail account.  I regularly keep several of them
> open at the same time, but for at lest 3 or 4 days I've been unable to stay
> logged into more than 1 at a time.  I've only used Chrome, and I'm in PHX
> at NANOG.  It's super annoying.
>
> --
> Brandon Ross  Yahoo & AIM:
>  BrandonNRoss
> +1-404-635-6667ICQ:
>  2269442
> Schedule a meeting:  https://doodle.com/brossSkype:
>  brandonross
>
>


-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

*"Reality defeats prejudice."* - *Rep. Barney Frank*

Re: comcast ipv6 PTR

[Chris Adams]

Once upon a time, Constantine A. Murenin  said:
> On my Linode over the summer, it seems like this was the first mention
> of IPv6 in my errorlog:

I didn't see a problem, but my OCD-ness kicked in immediately when I got
my Linode IPv6 - I've always had valid reverse DNS on IPv6 and IPv4
there.
-- 
Chris Adams 

Re: comcast ipv6 PTR

[Cutler James R]

On Oct 9, 2013, at 12:35 PM, Blair Trosper  wrote:

> Does anyone know why (or can someone from Comcast explain why) there is no
> PTR on their residential/business IPv6 addresses?

Which IPv6 addresses:
  
1 delegated WAN address?

2 end systems on delegated LAN prefix or with static assignments?

In my experience with Comcast Business Internet:
 
1 the delegated WAN address does have an (almost useless) PTR record which is 
essentially the  spelled backward.

2 PTR records for automatically configured end systems on a local LAN are a 
local responsibility. Static IP assignments may come with PTR entries, 
depending on business arrangements.

Since neither Comcast or any other DNS provider has any direct knowledge of 
your local network configuration, you cannot expect to see any PTR DNS records 
for local systems unless you make some business (and technical) arrangements 
with a DNS provider.

If you really need PTR record for your local SMTP servers, arrange for them 
with your DNS provider, even if that provider is you.

James R. Cutler
james.cut...@consultant.com

NANOG 59 Tuesday talks now on YouTube

[David Temkin]

Please see
http://www.youtube.com/playlist?list=PLO8DR5ZGla8j7_jnNYY3d8JB0HfdXe85X for
the video list and http://www.nanog.org/meetings/nanog59/agenda for a link
to the slides for each talk.


Regards,
-Dave Temkin
Chair, NANOG Program Committee

Re: NANOG 59 Tuesday talks now on YouTube

[Christoph Blecker]

Hi Dave,
There are a number of videos in that playlist that are showing as
"deleted". Were some sessions not able to be made available?

Cheers,
Christoph


On Wed, Oct 9, 2013 at 11:56 AM, David Temkin  wrote:

> Please see
> http://www.youtube.com/playlist?list=PLO8DR5ZGla8j7_jnNYY3d8JB0HfdXe85Xfor
> the video list and http://www.nanog.org/meetings/nanog59/agenda for a link
> to the slides for each talk.
>
>
> Regards,
> -Dave Temkin
> Chair, NANOG Program Committee
>

comcast ipv6 PTR

[Brzozowski, John]

The below is largely accurate.  Comcast will support the creation of IPv6
PTR for static commercial IPv6 customers when we launch the same.  We are
currently in trial for dynamic commercial and are expanding our dynamic
trials.  Static IPv6 trials will be starting soon, hopefully November.

John

Date: Wed, 9 Oct 2013 11:41:50 -0500
From: Chris Adams 
To: nanog@nanog.org
Subject: Re: comcast ipv6 PTR
Message-ID: <20131009164150.gg1...@cmadams.net>
Content-Type: text/plain; charset=us-ascii

Once upon a time, Blair Trosper  said:
>Does anyone know why (or can someone from Comcast explain why) there is no
>PTR on their residential/business IPv6 addresses?

I believe business customers (with a static assignment) can request
reverse DNS entries.  Residential customers are not guaranteed a static
assignment, so they can't get reverse set.

--
Chris Adams 

Re: NANOG 59 - Monday presentations on YouTube

[Niels Bakker]

* d...@temk.in (David Temkin) [Tue 08 Oct 2013, 23:43 CEST]:
We're proud to announce that all of the recorded presentations from 
Monday at NANOG 59 in Phoenix have now been posted to Youtube.


This is really neat.


-- Niels.

bcop.nanog.org issues

[Daniel Faubel]

Anyone able to confirm issues with bcop.nanog.org?



Warning: Unknown: Unable to allocate memory for pool. in Unknown on line 0
Warning: require(): Unable to allocate memory for pool. in 
/usr/local/www/mediawiki/index.php on line 54
Warning: Cannot modify header information - headers already sent in 
/usr/local/www/mediawiki/includes/WebStart.php on line 63
Warning: require_once(): Unable to allocate memory for pool. in 
/usr/local/www/mediawiki/includes/WebStart.php on line 94
Warning: require_once(): Unable to allocate memory for pool. in 
/usr/local/www/mediawiki/includes/WebStart.php on line 97
Warning: require_once(): Unable to allocate memory for pool. in 
/usr/local/www/mediawiki/includes/WebStart.php on line 100
Warning: require_once(): Unable to allocate memory for pool. in 
/usr/local/www/mediawiki/includes/WebStart.php on line 103
Warning: require_once(): Unable to allocate memory for pool. in 
/usr/local/www/mediawiki/includes/Defines.php on line 187
Warning: require_once(): Unable to allocate memory for pool. in 
/usr/local/www/mediawiki/includes/WebStart.php on line 115


-Daniel

Re: NANOG 59 - Monday presentations on YouTube

[Martin Hannigan]

Yes, very awesome!

Wanted to take a quick moment to thank Sylvie, Betty and rest of the
outgoing (past included) Board members for a job well done. So far has
NANOG come and in such a short time. Great work everyone.

Best,

-M<





On Wed, Oct 9, 2013 at 11:10 PM, Niels Bakker wrote:

> * d...@temk.in (David Temkin) [Tue 08 Oct 2013, 23:43 CEST]:
>
>  We're proud to announce that all of the recorded presentations from
>> Monday at NANOG 59 in Phoenix have now been posted to Youtube.
>>
>
> This is really neat.
>
>
> -- Niels.
>
>

Re: comcast ipv6 PTR

[Ted Cooper]

On 10/10/13 03:30, Constantine A. Murenin wrote:
> Yet, apparently, Google has very recently completely stopped accepting
> email with no PTR records.

They also don't try very hard to get the PTR record. If the packet is
lost, has a routing issue, or a DDoS prevents reliable access to the
name servers, you will also get emails hard rejected until it resolves
again. I'd always had correct rDNS so it took quite some head scratching
to figure out the hiccup.

Re: NANOG 59 - Monday presentations on YouTube

[Mehmet Akcin]

On Oct 9, 2013, at 3:03 PM, Martin Hannigan  wrote:

> Yes, very awesome!
> 
> Wanted to take a quick moment to thank Sylvie, Betty and rest of the
> outgoing (past included) Board members for a job well done. So far has
> NANOG come and in such a short time. Great work everyone.
> 
> Best,
> 
> -M<

+1 excellent job.

mehmet

smime.p7s
Description: S/MIME cryptographic signature

Re: comcast ipv6 PTR

[Barry Shein]

On October 9, 2013 at 11:49 c...@cmadams.net (Chris Adams) wrote:
 > Once upon a time, Robert Webb  said:
 > > But how would thet differ from the IPv4 address space which has PTR
 > > records for all their IP's? Just the shear number they would have to
 > > deal with in the IPv6 space?
 > 
 > Oh, are you looking for auto-generated reverse for every address?
 > That's not going to happen for IPv6 (and it turns out that it wasn't
 > really a good idea for IPv4).  There's no reason to have reverse DNS
 > unless it has meaning, and "12-34-56-78.rev.domain.net" isn't really all
 > that useful.

It's very useful for blocking spammers and other miscreants -- no
reason at all to accept SMTP connections from troublesome
*.rev.domain.net at all, no matter what the preceding NNN-NNN-NNN-NNN
is.

Perhaps not their problem, but it is useful!

-- 
-Barry Shein

The World  | b...@theworld.com   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

Re: NANOG 59 - Monday presentations on YouTube

[Joe Abley]

On 2013-10-09, at 18:04, Mehmet Akcin  wrote:

> On Oct 9, 2013, at 3:03 PM, Martin Hannigan  wrote:
> 
>> Yes, very awesome!
>> 
>> Wanted to take a quick moment to thank Sylvie, Betty and rest of the
>> outgoing (past included) Board members for a job well done. So far has
>> NANOG come and in such a short time. Great work everyone.
>> 
>> Best,
>> 
>> -M<
> 
> +1 excellent job.

I'd also like to thank the members for voting in much greater numbers than are 
normally seen, and for having the good sense to elect three new board members 
that I'm sure will do a better job than I would have done!

This all adds up to a good result for NANOG. I like it.


Joe

Re: comcast ipv6 PTR

[Chris Adams]

Once upon a time, Barry Shein  said:
> It's very useful for blocking spammers and other miscreants -- no
> reason at all to accept SMTP connections from troublesome
> *.rev.domain.net at all, no matter what the preceding NNN-NNN-NNN-NNN
> is.

If you are going to block like that, just block anybody without valid
reverse DNS.  If you don't trust provider foo.net to police their users,
why trust them to put valid and consistent xx-xx-xx-xx.dyn.foo.net
reverse?

I only see a use for reverse DNS for router interfaces (for useful
traceroute info) and servers (and only really SMTP servers).  Most of
the rest is fluff, often out-of-date, uselessly auto-generated, etc.

-- 
Chris Adams 

Re: NANOG 59 - Monday presentations on YouTube

[Shrdlu]

On 10/9/2013 6:14 PM, Joe Abley wrote:


I'd also like to thank the members for voting in much greater
numbers than are normally seen, and for having the good sense to
elect three new board members that I'm sure will do a better job than
I would have done!


*I* voted for you. Maybe I should have voted more than once?

I'm hoping that the pages will be updated soon with the results:

http://www.nanog.org/elections/2013/results

It really seems that NANOG is well on the way to becoming a going
concern. I may actually make the trek to Bellevue (which has the
virtue of being closer to home).

--
Life may not be the party we hoped for, but while we are here,
we might as well dance.

Re: comcast ipv6 PTR

[Mark Andrews]

In message <21077.65231.279689.263...@world.std.com>, Barry Shein writes:
> 
> On October 9, 2013 at 11:49 c...@cmadams.net (Chris Adams) wrote:
>  > Once upon a time, Robert Webb  said:
>  > > But how would thet differ from the IPv4 address space which has PTR
>  > > records for all their IP's? Just the shear number they would have to
>  > > deal with in the IPv6 space?
>  > 
>  > Oh, are you looking for auto-generated reverse for every address?
>  > That's not going to happen for IPv6 (and it turns out that it wasn't
>  > really a good idea for IPv4).  There's no reason to have reverse DNS
>  > unless it has meaning, and "12-34-56-78.rev.domain.net" isn't really all
>  > that useful.
> 
> It's very useful for blocking spammers and other miscreants -- no
> reason at all to accept SMTP connections from troublesome
> *.rev.domain.net at all, no matter what the preceding NNN-NNN-NNN-NNN
> is.
> 
> Perhaps not their problem, but it is useful!

And not accepting SMTP from everybody leaves your customers exposed
to NSA and others snooping the wires or ISP being subject to
warrentless requests to send all the email delivered to their
submission and other servers to various government agencies under
the idiotic notion that email is always sent in the clear so it
doesn't need a warrant.

Direct to MX reduces the risk of snooping to the two end points and
end point MITM can be detected with the use of tls.

If we want secure email, and we should want secure email, then we
should be pushing for direct to MX with every customer hosting their
own MX server and start tls on by default.

Yes that comes with the risk of additional spam but get over it and
run proper abuse desks.

Mark

> -- 
> -Barry Shein
> 
> The World  | b...@theworld.com   | http://www.TheWorld.com
> Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
> Software Tool & Die| Public Access Internet | SINCE 1989 *oo*
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: NANOG 59 - Monday presentations on YouTube

[Joe Abley]

On 2013-10-09, at 18:35, Shrdlu  wrote:

> On 10/9/2013 6:14 PM, Joe Abley wrote:
> 
>> I'd also like to thank the members for voting in much greater
>> numbers than are normally seen, and for having the good sense to
>> elect three new board members that I'm sure will do a better job than
>> I would have done!
> 
> *I* voted for you. Maybe I should have voted more than once?
> 
> I'm hoping that the pages will be updated soon with the results:
> 
> http://www.nanog.org/elections/2013/results
> 
> It really seems that NANOG is well on the way to becoming a going
> concern. I may actually make the trek to Bellevue (which has the
> virtue of being closer to home).

This probably belongs on the members list, but yes, the progress made by the 
organisation to date is very impressive. Costs are down, attendance is up, 
sponsorship is up, venues and dates have been locked in for the next two years, 
and the strategic plan looks entirely sane.

(the programme here in Phoenix was great too, in my opinion, big thumbs up to 
the PC)


Joe

Re: comcast ipv6 PTR

[John Levine]

>If people really want to use generic reverse names and have realised
>that the v6 address space is much too big for $GENERATE, one approach is
>to delegate the appropriate zones to a custom nameserver that can
>auto-generate PTRs on demand. There are scaling problems here, but
>probably nothing that can't be fixed with high TTLs and multiple
>nameservers.

In my discussions with people at some big ISPs, I got the impression
that they could do that, but it wouldn't provide any more useful
information than no rDNS at all, so they don't.  I'm on T-W cable,
and there's no way for me to set rDNS.  It'd be more trouble than
it's worth, since my /64 changes every time the modem reboots
which seems to be about once a month.

Real servers on static addresses are different, of course.  My servers
are on an HE tunnel, and all have matching forward and reverse DNS.

R's,
John

Cabling contractor in Miami

[Tri Tran]

If anyone can recommend a commercial cabling contractor in the Miami area I 
would appreciate it. Thanks in advance.
Tri Tran

Re: comcast ipv6 PTR

[Barry Shein]

On October 9, 2013 at 20:18 c...@cmadams.net (Chris Adams) wrote:
 > Once upon a time, Barry Shein  said:
 > > It's very useful for blocking spammers and other miscreants -- no
 > > reason at all to accept SMTP connections from troublesome
 > > *.rev.domain.net at all, no matter what the preceding NNN-NNN-NNN-NNN
 > > is.
 > 
 > If you are going to block like that, just block anybody without valid
 > reverse DNS.  If you don't trust provider foo.net to police their users,
 > why trust them to put valid and consistent xx-xx-xx-xx.dyn.foo.net
 > reverse?

Because they do, they just do. This isn't a math proof, it's mostly
social engineering. The providers aren't trying to fool anyone, in
general, it's just that clients and websites get botted.

 > I only see a use for reverse DNS for router interfaces (for useful
 > traceroute info) and servers (and only really SMTP servers).  Most of
 > the rest is fluff, often out-of-date, uselessly auto-generated, etc.

It's pretty amazing how much spam comes from hosts with names a lot
like ns1.example.com, their name servers. Not sure why they're so
easily abused but maybe it doesn't occur to them to lock down MTAs on
their name servers.

-- 
-Barry Shein

The World  | b...@theworld.com   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

Re: comcast ipv6 PTR

[Barry Shein]

On October 10, 2013 at 12:35 ma...@isc.org (Mark Andrews) wrote:
 > 
 > Yes that comes with the risk of additional spam but get over it and
 > run proper abuse desks.

With all due respect I don't think you have an inkling of the
magnitude of the spam problem if you can say something like this. And
what does it have to do with recipient ISP abuse desks?

Your basic point is well taken, it would be better if everyone could
do end to end TLS etc. Not so much to evade the NSA (probably hopeless
for most people) but the more run of the mill snooper.

It's all just an arms race.

-- 
-Barry Shein

The World  | b...@theworld.com   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*