On Friday 19 October 2007 01:03, Paul Vixie wrote:
>
> i agree that it's something BIND should do, to be
> comprehensive. if someone is excited enough about this to consider
> sponsoring the work, please contact me ([EMAIL PROTECTED]) to discuss details.
Sounds like a really bad idea to me.
Th
> And I'll admit, I'm not sure how to properly fix it either. My first
> thought was a BIND directive to "expire-stale-zones ;" so that
> every the server might check to be sure it is still auth, and
> if it has found authority changed, would stop giving out AAs f
The correct way to change a delegation is to:
* add the new servers as stealth servers for the
current zone.
* if the old master is to be removed, make it a slave
of the new master.
* add the new NS records to the zone.
* wait for all t
[EMAIL PROTECTED] (David Ulevitch) writes:
> I should also mention the related work starting over here:
> http://www.nanog.org/mtg-0710/presentations/Vixie-lightning.pdf
indeed. while i don't have even a tenth of the analysis expertise of someone
like robt, wessels, florian, or april, i am most
On Thu, 18 Oct 2007, Jack Bates said:
We use home-grown scripts to follow the NS trail and verify that we are
I do something similar with a nagios plugin (perl script). It
reports lameness and serial mismatch. I've put it online here:
http://www.life-gone-hazy.com/src/nagios/check_zone_a
Justin Scott wrote:
We also have home-grown scripts that figure out whether a domain is
delegated to us or not and flag the ones that aren't. In the case of
the free service we flag them for two weeks and if they still aren't
delegated to us after that period we disable them on the DNS servers
> How annoying or frustrating is it for people?
>
> Is it so annoying that you'd be willing to pay for
> a list of every public-facing NS record pointed at
> a given IP?
Nope. As I mentioned earlier, I qualify this as a minor inconvenience
on the servers that I manage. It may be for someone wh
Justin Scott wrote:
As an operator of both free and paid DNS services, I wish there was a
quick and easy way to pull a list of all of the zones that were
delegated to a specific IP address. I say IP because people can now
register their own DNS name servers at the registrar and use our IP
addr
Hi, Chuck!
This report used to be quite useful in that regard:
http://www.cymru.com/DNS/lame.html
Perhaps Rob needs a coffee injection to get that going again?
Oh, my, I'd totally forgotten about that report. I do need to get
that going again. I'll dig around now to see what we can prod
BIND directive to "expire-stale-zones ;" so that
every the server might check to be sure it is still auth, and
if it has found authority changed, would stop giving out AAs for it. But
I see all kinds of operational issues arising from that too (such as,
how do we gracefully setu
This report used to be quite useful in that regard:
http://www.cymru.com/DNS/lame.html
Perhaps Rob needs a coffee injection to get that going again?
(BTW: Need/want some more of our famous "Colo Blend" Mr. Thomas?)
--chuck
> 1) Does anyone else find this flaw in the DNS system
> as annoying as I do? If authority is to be regularly
> moved around between ISPs (who may be hosting thousands
As an operator of both free and paid DNS services, I wish there was a
quick and easy way to pull a list of all of the z
On Fri, 29 Apr 2005 [EMAIL PROTECTED] wrote:
http://en.rian.ru/russia/20050428/39757635.html
This makes Russia sound like some insane place where Big Brother
spies on the communications of all citizens,
The changes there in last 4 years seem to be in that direction. Plus also
their system of peop
On 4/29/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > The Federal Security Service proposes setting new rules for Internet
>
> This makes Russia sound like some insane place where Big Brother
> spies on the communications of all citizens, like in the United States.
Here's a hint.. the FSB
> http://en.rian.ru/russia/20050428/39757635.html
>
> The Federal Security Service proposes setting new rules for Internet
> providers so that it could prevent the spread of extremist ideas, track
> down illegal online operations, and get access to databases with mobile
> telephone subscribers' d
> There should be compulsory registration of mobile phone users with
> Internet connectivity.
does this mean that someone who does not use a mobile phone, normally, must
register before borrowing one to make a single call?
(you said user, not instrument, so i'm assuming the answer is yes.)
http://en.rian.ru/russia/20050428/39757635.html
The Federal Security Service proposes setting new rules for Internet
providers so that it could prevent the spread of extremist ideas, track
down illegal online operations, and get access to databases with mobile
telephone subscribers' details, suc
Trying to remember back that far is quite a task , the greatest authority of the time was Jon Postal since he had the uncanny ability to remember all of the things that made it work, so when he spoke it was like Moses coming down from the
mountain presenting the 10 commandments and everyone
Paul Vixie wrote:
>
> > An interesting question I've dealt with a few times:
> >
> > From whom do the root nameservers derive their authority?
>
> we (i'm speaking for f-root here) have no "authority". nobody has to
> listen to us, we are
>> Sorry Mr Bush. We derive our authority from the old IANA, who
>> assigned out the exiting roots.
>No, that's who *appointed* you. However, you derive your actual
>authority from all the named.ca hints files that point to you.
Valdis is right. I suppose I could repeat
On 16.12 07:14, Paul Vixie wrote:
> we (i'm speaking for f-root here) have no "authority". nobody has to
> listen to us, we are the most powerless bunch of folks you'll ever meet.
>
> now if you'd asked where we derive our *relevance*, i'd say the sa
> An interesting question I've dealt with a few times:
>
> From whom do the root nameservers derive their authority?
we (i'm speaking for f-root here) have no "authority". nobody has to
listen to us, we are the most powerless bunch of folks you'll ever meet.
On 15 Dec 2003, at 21:31, [EMAIL PROTECTED] wrote:
On Mon, 15 Dec 2003 14:28:05 PST, bill said:
Sorry Mr Bush. We derive our authority from the old IANA, who
assigned out the exiting roots.
No, that's who *appointed* you. However, you derive your actual
authority from all the named.ca
On Mon, 15 Dec 2003 14:28:05 PST, bill said:
> Sorry Mr Bush. We derive our authority from the old IANA, who
> assigned out the exiting roots.
No, that's who *appointed* you. However, you derive your actual
authority from all the named.ca hints files that point to you.
p
>
>
> > From whom do the root nameservers derive their authority?
>
> from me
>
Sorry Mr Bush. We derive our authority from the old IANA, who
assigned out the exiting roots.
--bill
the root nameservers derive their authority?
>
> Doug
>
>
--
http://www.icannwatch.org Personal Blog: http://www.discourse.net
A. Michael Froomkin |Professor of Law| [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285 |
> From whom do the root nameservers derive their authority?
from me
bzzzt! next troll please
An interesting question I've dealt with a few times:
>From whom do the root nameservers derive their authority?
Doug
> [EMAIL PROTECTED]
> I may not agree with everything that William does
> or how he goes about it, but I do think that his
> approach is worthwhile.
Indeed; I like the "economy of ideas" concept myself and in this case it
might be the only valid initial approach, see below.
> It gives us a chanc
curious... do you have any authority/commission from arin (or>anyone else)? >this is certainly not flame bait, but it is an honest question. you're>very self-righteous, and although you may have valid points (i withold>judgement) i really want to know what gives you the right/author
I answered questions posed here on related inet-access mail list thread
and there is also info there on my previous post why the accusations had
had basis for it. Those who are interested may read it there or in archives
and Susan will I'm sure welcome me not taking any more of nanog resource
on
>i am just curious... do you have any authority/commission from arin (or
>anyone else)?
>this is certainly not flame bait, but it is an honest question. you're
>very self-righteous, and although you may have valid points (i withold
>judgement) i really want to know what
On Wed, 10 Dec 2003 [EMAIL PROTECTED] wrote:
> P.S. Note to other - this thread may have happened because of recent
> thread on layer42 on inet-access mail list. While I generally answer
> accusations, I'm not the one who starts such threads and do not think its
> approriate for nanog mail list,
ate for nanog mail list, so this will be my only message here.
> i am just curious... do you have any authority/commission from arin (or
> anyone else)? or is yours a rogue vigilante mission? does anyone ask you
> to undertake the battles you feel justified in engaging in?
>
>
I think that most people with clue will realize that every time he
mentions or posts something thats about 50-90% innacurate, he damages his
own credibility anyways.
A lot of the stuff I've seen in regard to this issue is almost comical,
and I wonder who picked on him so badly that he decided to
,
I admit it, I'm behind with the new joiners queue. Apologies for that!)
The archive site is expected to be relocating on or about 12/31/2003
Blaxthos <[EMAIL PROTECTED]> previously wrote:
| I take issue with anyone who publically accuses another entity of
| wrongdoing beyond his scop
true statement.
Truth is an absolute defense against a charge of libel.
and it is illegal (and wrong).
And what law does it violate?
as previous respondent said
"In the north-american country I happen to live in, you do not need
'authority' to express your opinions."
I s
I apologize for further troll feeding, but, I think this warrants some
clarification...
I take issue with anyone who publicly accuses another entity of wrongdoing
beyond his scope of authority.
You can take issue, but, there is no scope of authority for accusations.
Anyone can make an accusation
>> [ sorry to use your msg as a soapbox ]
> I appreciate the apology.
it was not your message to which i was responding. but no
matter.
randy
who found out it's not the kiddies' vacation yet, but just a
snow day in some parts of the country
On Wed, 2003-12-10 at 14:34, Christian Malo wrote:
> the nanog-l is not WILLIAM LEIBZON's personnal hatered list. If he wants
> people to read on his stuff, he can just start his own list.
Actually, he has his own mailing list, and it is closed to the public.
You can read it at http://archive.hum
not to
nanog-l (the list was only cc'd).
I take issue with anyone who publically accuses another entity of
wrongdoing beyond his scope of authority.
If people are speeding in my neighborhood, I can not go and take down
their pictures, personal information, license plate numbers, etc., p
from time to time.
> And now back to things that are less fattening on my killfile.
> >
> >
> > - Original Message -
> > From: "Blaxthos" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > S
Blaxthos wrote:
hello,
i've been reading nanog-l/inet-access for many many years (just a shadow,
i don't post).
i am just curious... do you have any authority/commission from arin (or
anyone else)? or is yours a rogue vigilante mission? does anyone ask you
to undertake the battle
[ sorry to use your msg as a soapbox ]
let us not feed the trolls, they do not understand and just
puke it up. procmail is your friend.
randy,
who did not realize that school vacations began this early
lt;[EMAIL PROTECTED]>
> Sent: Wednesday, December 10, 2003 3:00 PM
> Subject: Authority
>
>
>>
>> hello,
>>
>> i've been reading nanog-l/inet-access for many many years (just a
>> shadow,
>> i don't post).
>>
>> i am just curiou
- Original Message -
From: "Blaxthos" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, December 10, 2003 3:00 PM
Subject: Authority
>
> hello,
>
> i've been reading nanog-l/inet-access for many many ye
Blaxthos wrote:
>
> hello,
>
> i've been reading nanog-l/inet-access for many many years (just a shadow,
> i don't post).
>
> i am just curious... do you have any authority/commission from arin (or
> anyone else)? or is yours a rogue vigilante mission? does
hello,
i've been reading nanog-l/inet-access for many many years (just a shadow,
i don't post).
i am just curious... do you have any authority/commission from arin (or
anyone else)? or is yours a rogue vigilante mission? does anyone ask you
to undertake the battles you feel ju
Thus spake Deepak Jain ([EMAIL PROTECTED]) [05/12/03 15:22]:
> Is there a documented process for a new CA to get their certs
> approved/added or is it a clandestine process?
AFAIK, clandestine. cacert.org has been trying to get their CA included
in Mozilla for some time now, but hasn't been abl
In message <[EMAIL PROTECTED]>, "Peter Galbavy" wr
ites:
>
>Deepak Jain wrote:
>> Is there a documented process for a new CA to get their certs
>> approved/added or is it a clandestine process?
>
>"You are in a twisty little maze of corporate back scratching, all
>political."
>
s/political/financ
Deepak Jain wrote:
> Is there a documented process for a new CA to get their certs
> approved/added or is it a clandestine process?
"You are in a twisty little maze of corporate back scratching, all
political."
Peter
Yes, it's a cartel, and yes, actions taken by said cartel are at least partially
responsible for the pop-up happening.
Is there a documented process for a new CA to get their certs
approved/added or is it a clandestine process?
Thanks,
Deepak Jain
AiNET
[EMAIL PROTECTED] writes on 12/5/2003 1:28 PM:
The three ways to disable the popup:
1) Have the user accept a CA cert for your site. Help Desk Nightmare.
2) Have the user disable the popup. Help Desk Nightmare.
3) Get the top-level-CA cartel to accept your CA cert in the list of ones
bundled int
On Fri, 05 Dec 2003 10:14:48 PST, Mark Foster said:
> The CA does not popup a warning. It is the browser or client application
> that does this.
The three ways to disable the popup:
1) Have the user accept a CA cert for your site. Help Desk Nightmare.
2) Have the user disable the popup. Help De
[EMAIL PROTECTED] wrote:
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
So what does the PKI actually buy you that using a throwaway self-signed cert
doesn't provide?
No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
The CA d
On 5 Dec 2003, at 11:55, Bob Beck wrote:
There is an expectation that URLs which do not produce "this
certificate is not trusted" messages are safe for people to use to
disclose sensitive information like credit card numbers. The average
consumer has been educated to this effect at great length
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
>
> No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
Sounds suspiciously l
>There is an expectation that URLs which do not produce "this
>certificate is not trusted" messages are safe for people to use to
>disclose sensitive information like credit card numbers. The average
>consumer has been educated to this effect at great length by
>commerce-oriented websites and
On 5 Dec 2003, at 11:01, [EMAIL PROTECTED] wrote:
On Fri, 05 Dec 2003 09:28:05 CST, Adi Linden said:
While the ssl certificate is meant to verify the owners identity, as a
consumer I would never trust a ssl certificate for that purpose. It
does
provide a reasonable effort to keep information be
[EMAIL PROTECTED] writes on 12/5/2003 11:01 AM:
So what does the PKI actually buy you that using a throwaway self-signed cert
doesn't provide?
Less headaches handling hundreds of support tickets that basically say
"browser displayed an alert about the cert being self signed", with or
without 2
> So what does the PKI actually buy you that using a throwaway self-signed cert
> doesn't provide?
No popup box on the browser asking to accept the certificate.
Adi
On Fri, 05 Dec 2003 09:28:05 CST, Adi Linden said:
> While the ssl certificate is meant to verify the owners identity, as a
> consumer I would never trust a ssl certificate for that purpose. It does
> provide a reasonable effort to keep information between me and the server
> confidential. That'
Matt Blaze said it well some years ago: "A CA will protect you against
anyone from whom it won't take money."
--Steve Bellovin, http://www.research.att.com/~smb
>I would never trust a ssl certificate for that purpose. It does
>provide a reasonable effort to keep information between me and the server
>confidential. That's worth something, I guess.
I agree with you, I just don't think this is reasonable. If the
CA's aren't going to keep tabs on your
While the ssl certificate is meant to verify the owners identity, as a
consumer I would never trust a ssl certificate for that purpose. It does
provide a reasonable effort to keep information between me and the server
confidential. That's worth something, I guess.
Adi
>So the long and the short of it is, our CA has *LOST* the
>documents showing who we are, and wants new ones.
Wow!
Have you contacted http://www.geotrust.com about this?
I'm sure they would fly people out to Calgary to personally
inspect your identity at no charge just for a chan
So, an interesting thing happened to me yesterday.
I run OpenBSD's https.openbsd.org site. Of course, we have an
SSL Site certificate for this site. When we first started the site,
(about 6 years ago) we got a site certificate from Thawte. Back in
these days they were based in So
(warning, not for the humor impaired)
In the interest of spewing even more non-op traffic on this list,
see "59% of dweebs suffer from 'False Authority Syndrome" at
http://vmyths.com/rant.cfm?id=501&page=4 and make sure you listen
to the mp3 version, it's so much bette
sed to have relevance to the infrastructure topology, so
that it indicates a place within the topology.
As to the larger goal of non-centralized address assignment, the usual
distinction is between administrative method, versus basis of assignment
authority.
Distributed (non-centralized) administ
references on non-central authority network protocols
>
>
> Stephen Sprunk wrote:
> > Interesting idea though. Perhaps someone will write an i-d
> > on autonomous
> > numbering for IPv6.
>
> RFC 3041 & http://www.tml.hut.fi/~pnr/publications/cam2001.pdf
>
On Mon, 15 Apr 2002 [EMAIL PROTECTED] wrote:
> On Mon, 15 Apr 2002 18:22:56 PDT, Bruce Williams said:
>
> > better than geo based models. Possibly a dynamic public/private key - the
> > host provides part, the routers adds a wrapper of based on it's public key,
> > and routes based on a dynamic
On Mon, 15 Apr 2002 18:22:56 PDT, Bruce Williams said:
> better than geo based models. Possibly a dynamic public/private key - the
> host provides part, the routers adds a wrapper of based on it's public key,
> and routes based on a dynamic traveling salesman solution using current
> network met
ow fast the car will go. These
are different.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Tony Hain
> Sent: Monday, April 15, 2002 11:40 AM
> To: Stephen Sprunk; Scott A Crosby
> Cc: Patrick Thomas; [EMAIL PROTECTED]
> Subject: R
Stephen Sprunk wrote:
> Interesting idea though. Perhaps someone will write an i-d
> on autonomous
> numbering for IPv6.
RFC 3041 & http://www.tml.hut.fi/~pnr/publications/cam2001.pdf
Jasper Wallace wrote:
> Location - either distribute all the addresses evenly over
> the planet or try
> to
atrick Thomas" <[EMAIL PROTECTED]>
>> > I am looking for any and all research (and perhaps your
>> > comments), references, etc. regarding replacements for the
>> > TCP/IP protocol that do not require centralized authority
>> > structures (central authority to
On Mon, 15 Apr 2002 03:41:49 BST, Jasper Wallace said:
> Location - either distribute all the addresses evenly over the planet or try
> to map to population density.
This works well (sort of) at the DNS level - that's why we have ISO country
code domains. ;)
However, you can't do this well at t
On Sat, 13 Apr 2002, Stephen Sprunk wrote:
>
> Thus spake "Patrick Thomas" <[EMAIL PROTECTED]>
> > I am looking for any and all research (and perhaps your
> > comments), references, etc. regarding replacements for the
> > TCP/IP protocol that do not requ
Thus spake "Scott A Crosby" <[EMAIL PROTECTED]>
> Rolling off the top of my head, I think its doable. The general
> trick is to make it hard to forge packets with arbitrary
> addresses (by using authentication).
No, the trick is for a distributed algorithm to generate a non-trivial
number of uni
On Fri, 12 Apr 2002, Patrick Thomas wrote:
:I am looking for any and all research (and perhaps your comments),
:references, etc. regarding replacements for the TCP/IP protocol that do
:not require centralized authority structures (central authority to assign
:network numbers).
I think this
--Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Scott A Crosby
> Sent: Saturday, April 13, 2002 6:45 PM
> To: Stephen Sprunk
> Cc: Patrick Thomas; [EMAIL PROTECTED]
> Subject: Re: references on non-central authority network protocols
>
&g
On Sat, 13 Apr 2002, Stephen Sprunk wrote:
>
> Thus spake "Patrick Thomas" <[EMAIL PROTECTED]>
> > I am looking for any and all research (and perhaps your
> > comments), references, etc. regarding replacements for the
> > TCP/IP protocol that do not requ
> Date: Sat, 13 Apr 2002 18:37:42 -0500
> From: Stephen Sprunk <[EMAIL PROTECTED]>
> Please explain how you think any protocol could support
> non-trivial numbers of users without some arbiter to prevent
> address collisions.
>
> There are several alternatives to TCP being researched, but
> the
Thus spake "Patrick Thomas" <[EMAIL PROTECTED]>
> I am looking for any and all research (and perhaps your
> comments), references, etc. regarding replacements for the
> TCP/IP protocol that do not require centralized authority
> structures (central authority to assi
> I am looking for any and all research (and perhaps your comments),
> references, etc. regarding replacements for the TCP/IP protocol that do
> not require centralized authority structures (central authority to assign
> network numbers).
> Any links, comments, etc., appreciated.
Hello,
I am looking for any and all research (and perhaps your comments),
references, etc. regarding replacements for the TCP/IP protocol that do
not require centralized authority structures (central authority to assign
network numbers).
Any links, comments, etc., appreciated.
--PT
85 matches
Mail list logo
