Verizon Business Contact

2024-02-08 Thread Richard Laager 

Can someone from Verizon Business please contact me?

It appears that your network is losing traffic from Verizon Wireless 
(e.g. 63.59.39.232, 63.56.37.4, or 63.59.67.68) to me (AS33362, e.g. to 
69.89.207.16). Note that 63.59.166.100 -> 69.89.207.16 was successfully 
(around 2023-11-27).


This breaks email between us and it's been MONTHS of VZW getting nowhere.

Based on some traceroutes (on 2023-11-27 and again just now), the 
working ones go through 140.222.234.223 (0.ae10.GW7.CHI13.ALTER.NET) 
while the broken ones stop at 140.222.234.221 (0.ae9.GW7.CHI13.ALTER.NET).


--
Richard Laager
Wikstrom Telephone Company

Re: ru tld down?

2024-02-08 Thread Mark Andrews 



> On 9 Feb 2024, at 03:10, darkde...@darkdevil.dk wrote:
> 
> Den 31-01-2024 kl. 20:47 skrev Bjørn Mork:
>> Why do they put their DNS servers in an unsigned zone?
> 
> To try to make a more in-depth example:
> 
> At the moment, .COM/.NET is relying on GTLD-SERVERS.NET for the authoritative 
> DNS.
> 
> GTLD-SERVERS.NET is currently relying on NSTLD.COM for the authoritative DNS.
> 
> With this example, you are asking why neither GTLD-SERVERS.NET nor NSTLD.COM 
> has been DNSSEC signed?
> 
> In that case, I would probably be extending that a bit, considering a lot of 
> critical resources out there (even if announced as IPv6 /48 and IPv4 /24) 
> still do not have any RPKI ROA, at all.
> 
> (But maybe that's just me...)

The NS records in a delegation are NOT SIGNED. The glue addresses in a referral 
are NOT SIGNED.
Resolvers use those.  They should get back signed answers from signed zones 
which are verifiable.
If they get back unsigned answers for signed zones they will be rejected.  It 
they get back unsigned
answers from an unsigned zone then all bets are off.  DNSSEC sign your zones if 
you are worried
about that.  There is potential for information leakage with this strategy, but 
not wrong answers
being returned from signed zones.  Signing the zones would help a little with 
the information
leakage when the servers are not learnt by glue.  It is impossible to prevent 
all information
leakage even if all zones, delgations and glue was signed.


> -- 
> Med venlig hilsen / Kind regards,
> Arne Jensen
> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

Re: ru tld down?

2024-02-08 Thread Mark Andrews 



> On 8 Feb 2024, at 17:17, Töma Gavrichenkov  wrote:
> 
> Peace,
> 
> On Thu, 8 Feb 2024, 6:39 am Mark Andrews,  wrote:
> Given “MUST NOT” is not in RFC 4034, Appendix B, I’d take this with a grain
> of salt.
> 
> "Implementations MUST NOT assume that the key tag uniquely identifies a 
> DNSKEY RR."

Missed that in my re-reading.  

> --
> Töma

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

[NANOG-announce] Get Ready for NANOG 90! Socials, Hackathon, Committee Nominations + DEI Speaker

2024-02-08 Thread Nanog News 
*Get Ready for NANOG 90!*
 *NANOG 90 will Kick Off MONDAY! *

NANOG 90 will fully upload next week!

Sync your calendars, check out the venue floor map + more. *Can't make it
in person? There is still time to register virtually! *



*REGISTER NOW Check out our NANOG 90
Social Lineup!*

We have an excellent lineup of daily Socials for NANOG 90!

This is your opportunity to connect, brainstorm, and reflect on tech talks
with the other pros in your industry.


*VIEW NOW  *

*Committee Nominations are Still Open! **Committee Nominations will Remain
Open Until Tues. 13, Feb. *

We are looking for volunteers with valuable expertise and insight to
contribute to one of our seven diverse committees.

Check out more info and nominate TODAY!

*MORE INFO *

*Check out our DEI Speaker + DEI Lunch! *

Don't miss our DEI Speaker, Wesley Faulkner, co-host of the "Just Work"
podcast and sr. community manager NAMER at AWS.

Faulkner will present "Neurodiversity in the Workplace," followed by
further discussion during the DEI Luncheon.

*VIEW AGENDA * 

*Committee Nominations are Still Open!*
*Committee Nominations will Remain Open Until Tues. 13, Feb.*

We are looking for volunteers with valuable expertise and insight to
contribute to one of our seven diverse committees.

Check out more info and nominate TODAY!

*MORE INFO *


*It's Not Too Late to Sign Up for Hackathon!*
*Hacking Will Take Place This Sun.,11 February*

*Theme: *New Year - New Hack Format!

The NANOG 90 Hackathon will focus on "Problem Solving/Troubleshooting"
competitions. *It's not too late to sign up - we can't wait to see you
there!*

*LEARN MORE * 
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Get Ready for NANOG 90! Socials, Hackathon, Committee Nominations + DEI Speaker

2024-02-08 Thread Nanog News 
*Get Ready for NANOG 90!*
 *NANOG 90 will Kick Off MONDAY! *

NANOG 90 will fully upload next week!

Sync your calendars, check out the venue floor map + more. *Can't make it
in person? There is still time to register virtually! *



*REGISTER NOW Check out our NANOG 90
Social Lineup!*

We have an excellent lineup of daily Socials for NANOG 90!

This is your opportunity to connect, brainstorm, and reflect on tech talks
with the other pros in your industry.


*VIEW NOW  *

*Committee Nominations are Still Open! **Committee Nominations will Remain
Open Until Tues. 13, Feb. *

We are looking for volunteers with valuable expertise and insight to
contribute to one of our seven diverse committees.

Check out more info and nominate TODAY!

*MORE INFO *

*Check out our DEI Speaker + DEI Lunch! *

Don't miss our DEI Speaker, Wesley Faulkner, co-host of the "Just Work"
podcast and sr. community manager NAMER at AWS.

Faulkner will present "Neurodiversity in the Workplace," followed by
further discussion during the DEI Luncheon.

*VIEW AGENDA * 

*Committee Nominations are Still Open!*
*Committee Nominations will Remain Open Until Tues. 13, Feb.*

We are looking for volunteers with valuable expertise and insight to
contribute to one of our seven diverse committees.

Check out more info and nominate TODAY!

*MORE INFO *


*It's Not Too Late to Sign Up for Hackathon!*
*Hacking Will Take Place This Sun.,11 February*

*Theme: *New Year - New Hack Format!

The NANOG 90 Hackathon will focus on "Problem Solving/Troubleshooting"
competitions. *It's not too late to sign up - we can't wait to see you
there!*

*LEARN MORE *

Spoofer Report for NANOG for Jan 2024

2024-02-08 Thread CAIDA Spoofer Project 
In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these ASes.

This report summarises tests conducted within usa, can.

Inferred improvements during Jan 2024:
ASNName   Fixed-By
25787  ROWE-NETWORKS  2024-01-10
6461   ZAYO-6461  2024-01-11
2024002024-01-13
40401 2024-01-24

Further information for the inferred remediation is available at:
https://spoofer.caida.org/remedy.php

Source Address Validation issues inferred during Jan 2024:
ASNName   First-Spoofed Last-Spoofed
209CENTURYLINK-US-LEGACY-QWEST   2016-08-16   2024-01-26
27364  ACS-INTERNET  2016-09-27   2024-01-31
20412  CLARITY-TELECOM   2016-09-30   2024-01-31
12083  WOW-INTERNET  2016-11-09   2024-01-15
6360   UNIVHAWAII2019-02-25   2024-01-20
22883  CONDENAST 2019-05-29   2024-01-05
22773  ASN-CXA-ALL-CCI-22773-RDC 2021-10-24   2024-01-23
469972021-12-22   2024-01-26
12183  TALKIE-COMMUNICATIONS 2022-12-10   2024-01-27
41378  KirinoNET 2023-03-23   2024-01-26
3701   NERONET   2023-04-18   2024-01-25
400282   2023-04-27   2024-01-30
393577 SCCNET2023-05-03   2024-01-12
202400   2023-05-08   2024-01-27
46690  SNET-FCC  2023-05-20   2024-01-31
272137   2023-08-12   2024-01-19
13329  KFN-001   2024-01-09   2024-01-09
394684 WISPERNET 2024-01-17   2024-01-31
151188   2024-01-18   2024-01-27
213122   2024-01-19   2024-01-19
55 UPENN 2024-01-30   2024-01-30

Further information for these tests where we received spoofed
packets is available at:
https://spoofer.caida.org/recent_tests.php?country_include=usa,can_block=1

Please send any feedback or suggestions to spoofer-i...@caida.org

Re: ru tld down?

2024-02-08 Thread Bjørn Mork 
darkde...@darkdevil.dk writes:

> With this example, you are asking why neither GTLD-SERVERS.NET nor
> NSTLD.COM has been DNSSEC signed?

That's a good point.  Yes, I guess I do.

I'm sure there is a good reason for all these examples.  I just need to
have it fed with a tiny spoon :-)



Bjørn

Re: ru tld down?

2024-02-08 Thread darkdevil 

Den 31-01-2024 kl. 20:47 skrev Bjørn Mork:

Why do they put their DNS servers in an unsigned zone?


To try to make a more in-depth example:

At the moment, .COM/.NET is relying on GTLD-SERVERS.NET for the 
authoritative DNS.


GTLD-SERVERS.NET is currently relying on NSTLD.COM for the authoritative 
DNS.


With this example, you are asking why neither GTLD-SERVERS.NET nor 
NSTLD.COM has been DNSSEC signed?


In that case, I would probably be extending that a bit, considering a 
lot of critical resources out there (even if announced as IPv6 /48 and 
IPv4 /24) still do not have any RPKI ROA, at all.


(But maybe that's just me...)

--
Med venlig hilsen / Kind regards,
Arne Jensen

Re: route: 0.0.0.0/32 in LEVEL3 IRR

2024-02-08 Thread Jérôme Nicolle 

Rubens,

Le 31/01/2024 à 06:48, Rubens Kuhl a écrit :

DoD's /8s are usually squatted by networks that run out of private IPv4 space.


Indeed, most I've seen just came to the conclusion that if there's no 
more blocks available in 10/8, just use the next best thing : 11/8.


Best regards,

--
Jérôme Nicolle
+33 6 19 31 27 14