RE: NANOG Digest, Vol 26, Issue 142
Sent from my Windows® phone. -Original Message- From: nanog-requ...@nanog.org Sent: 30 March 2010 13:00 To: nanog@nanog.org Subject: NANOG Digest, Vol 26, Issue 142 Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-requ...@nanog.org You can reach the person managing the list at nanog-ow...@nanog.org When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..." Today's Topics: 1. Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) (Robert Kisteleki) 2. Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) (Phil Regnauld) 3. Re: IPv4 ANYCAST setup (Jens Link) 4. Re: IPv4 ANYCAST setup (bmann...@vacation.karoshi.com) 5. Re: IPv4 ANYCAST setup (Tony Finch) 6. Re: Useful URL for network operators (valdis.kletni...@vt.edu) 7. RE: Auto MDI/MDI-X + conference rooms + bored == loop (William Mullaney) -- Message: 1 Date: Tue, 30 Mar 2010 11:37:49 +0200 From: Robert Kisteleki Subject: Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) To: nanog@nanog.org Message-ID: <4bb1c66d.7000...@ripe.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed I must observe that these are not really the links you'd want to give your end users to check out. Their audience is very different. While the article on RIPE Labs comes close, they don't really answer the "does it work or does it not?" question with a green/red light, and they don't provide a good explanation to the audience Randy is referring to. Robert On 2010.03.30. 11:29, Phil Regnauld wrote: > Randy Bush (randy) writes: >> >> i.e. what can we do to maximize the odds that the victim will quickly >> find the perp, as opposed to calling our our tech support lines? > > Ah yes, there was the second good reason for actually helping netops > and security officers :) > > Tools: > > https://www.dns-oarc.net/oarc/services/replysizetest > > https://www.dnssec-deployment.org/wiki/index.php/Tools_and_Resources, > under troubleshooting: > > http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues > http://secspider.cs.ucla.edu/ > > Info sheets: > > > http://www.afnic.fr/actu/nouvelles/240/l-afnic-invite-les-responsables-techniques-reseaux-a-se-preparer-a-la-signature-de-la-racine-dns-en-mai-2010 > (click English, top right) > > ... plenty of links there too. > > Cheers, > Phil > -- Message: 2 Date: Tue, 30 Mar 2010 11:52:27 +0200 From: Phil Regnauld Subject: Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) To: Robert Kisteleki Cc: nanog@nanog.org Message-ID: <20100330095226.ge24...@macbook.catpipe.net> Content-Type: text/plain; charset=us-ascii Robert Kisteleki (robert) writes: > I must observe that these are not really the links you'd want to > give your end users to check out. Their audience is very different. > While the article on RIPE Labs comes close, they don't really answer > the "does it work or does it not?" question with a green/red light, > and they don't provide a good explanation to the audience Randy is > referring to. Fair enough. Some simple "check your DNS reply size test [what is this ?]" page ought to be set up, with a simple explanagtion. "checkmydns.org" is available. If I get 5 minutes... :) -- Message: 3 Date: Tue, 30 Mar 2010 11:58:16 +0200 From: Jens Link Subject: Re: IPv4 ANYCAST setup To: nanog@nanog.org Message-ID: <87mxxqb07b@bowmore.quux.de> Content-Type: text/plain; charset=us-ascii "Kevin Oberman" writes: > He said that if the protocols would not handle blocked 53/tcp, the > protocols would have to be changed. Opening the port was simply not > open to discussion. Let me guess: They also completely blocked ICMP. I always tell these customers to switch to IPv6 real fast and to turn of ICMPv6 to make their networks really secure. ;-) > I will say that these were at federal government facilities. I hope the > commercial world is a bit more in touch with reality. You can find clueless people everywhere. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://www.quux.de |
RE: NANOG Digest, Vol 26, Issue 142
Sent from my Windows® phone. -Original Message- From: nanog-requ...@nanog.org Sent: 30 March 2010 13:00 To: nanog@nanog.org Subject: NANOG Digest, Vol 26, Issue 142 Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-requ...@nanog.org You can reach the person managing the list at nanog-ow...@nanog.org When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..." Today's Topics: 1. Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) (Robert Kisteleki) 2. Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) (Phil Regnauld) 3. Re: IPv4 ANYCAST setup (Jens Link) 4. Re: IPv4 ANYCAST setup (bmann...@vacation.karoshi.com) 5. Re: IPv4 ANYCAST setup (Tony Finch) 6. Re: Useful URL for network operators (valdis.kletni...@vt.edu) 7. RE: Auto MDI/MDI-X + conference rooms + bored == loop (William Mullaney) -- Message: 1 Date: Tue, 30 Mar 2010 11:37:49 +0200 From: Robert Kisteleki Subject: Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) To: nanog@nanog.org Message-ID: <4bb1c66d.7000...@ripe.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed I must observe that these are not really the links you'd want to give your end users to check out. Their audience is very different. While the article on RIPE Labs comes close, they don't really answer the "does it work or does it not?" question with a green/red light, and they don't provide a good explanation to the audience Randy is referring to. Robert On 2010.03.30. 11:29, Phil Regnauld wrote: > Randy Bush (randy) writes: >> >> i.e. what can we do to maximize the odds that the victim will quickly >> find the perp, as opposed to calling our our tech support lines? > > Ah yes, there was the second good reason for actually helping netops > and security officers :) > > Tools: > > https://www.dns-oarc.net/oarc/services/replysizetest > > https://www.dnssec-deployment.org/wiki/index.php/Tools_and_Resources, > under troubleshooting: > > http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues > http://secspider.cs.ucla.edu/ > > Info sheets: > > > http://www.afnic.fr/actu/nouvelles/240/l-afnic-invite-les-responsables-techniques-reseaux-a-se-preparer-a-la-signature-de-la-racine-dns-en-mai-2010 > (click English, top right) > > ... plenty of links there too. > > Cheers, > Phil > -- Message: 2 Date: Tue, 30 Mar 2010 11:52:27 +0200 From: Phil Regnauld Subject: Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) To: Robert Kisteleki Cc: nanog@nanog.org Message-ID: <20100330095226.ge24...@macbook.catpipe.net> Content-Type: text/plain; charset=us-ascii Robert Kisteleki (robert) writes: > I must observe that these are not really the links you'd want to > give your end users to check out. Their audience is very different. > While the article on RIPE Labs comes close, they don't really answer > the "does it work or does it not?" question with a green/red light, > and they don't provide a good explanation to the audience Randy is > referring to. Fair enough. Some simple "check your DNS reply size test [what is this ?]" page ought to be set up, with a simple explanagtion. "checkmydns.org" is available. If I get 5 minutes... :) -- Message: 3 Date: Tue, 30 Mar 2010 11:58:16 +0200 From: Jens Link Subject: Re: IPv4 ANYCAST setup To: nanog@nanog.org Message-ID: <87mxxqb07b@bowmore.quux.de> Content-Type: text/plain; charset=us-ascii "Kevin Oberman" writes: > He said that if the protocols would not handle blocked 53/tcp, the > protocols would have to be changed. Opening the port was simply not > open to discussion. Let me guess: They also completely blocked ICMP. I always tell these customers to switch to IPv6 real fast and to turn of ICMPv6 to make their networks really secure. ;-) > I will say that these were at federal government facilities. I hope the > commercial world is a bit more in touch with reality. You can find clueless people everywhere. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://www.quux.de |
Re: NANOG Digest, Vol 26, Issue 142
On 3/30/2010 08:09, Stephen Tandy wrote: > > > Sent from my Windows® phone. > > -Original Message- > From: nanog-requ...@nanog.org > Sent: 30 March 2010 13:00 > To: nanog@nanog.org > Subject: NANOG Digest, Vol 26, Issue 142 > > Send NANOG mailing list submissions to > nanog@nanog.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.nanog.org/mailman/listinfo/nanog > or, via email, send a message with subject or body 'help' to > nanog-requ...@nanog.org > > You can reach the person managing the list at > nanog-ow...@nanog.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of NANOG digest..." [Snip] I keep seeing these. Is there a point? > You can find clueless people everywhere. > > Jens -- Democracy: Three wolves and a sheep voting on the dinner menu. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: NANOG Digest, Vol 26, Issue 142
>> Sent from my Windows® phone. > I keep seeing these. Is there a point? don't use a windows phone? :)
Re: NANOG Digest, Vol 26, Issue 142
On 3/30/2010 13:49, Randy Bush wrote: >>> Sent from my Windows® phone. >> I keep seeing these. Is there a point? > > don't use a windows phone? :) ??? I've got a wall-phone near the sink, but I don't use it to read email. -- Democracy: Three wolves and a sheep voting on the dinner menu. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Mindfulness (was Re: NANOG Digest, Vol 26, Issue 142)
On Mar 30, 2010, at 11:04 AM, Larry Sheldon wrote: > I keep seeing these. Is there a point? (see sub:) -Tk
