Re: questions about ARIN ipv6 allocation

> On Dec 6, 2021, at 19:28, Gary Buhrmaster wrote: > > On Mon, Dec 6, 2021 at 5:59 PM Owen DeLong wrote: > >> The situation is such that the current economic incentives would be most >> advantageous to me to preserve my LRSA and abandon my RSA, which would >> involve simply turning off IP

Re: questions about ARIN ipv6 allocation

On 7 Dec 2021, at 2:51 PM, Randy Bush mailto:ra...@psg.com>> wrote: I can't imagine, as a percentage, a significant amount of voting ARIN members give a crap about what happens with legacy resources. there are more legacy non-members than total members. wonder why? Randy - While that was inev

Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

Bit of a long stretch given the US audience, but I'm seeing lots of things like this at the moment: info: validation failure : key for validation european-union.europa.eu. is marked as invalid because of a previous validation failure : DS got unsigned CNAME answer from 2600:9000:5301:a200::1 a

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

Hi Laura, Something seems the matter, indeed: https://dnsviz.net/d/european-union.europa.eu/YbCzrQ/dnssec/ It's weird; 1.1.1.1 resolves, 8.8.8.8 and 9.9.9.9 return SERVFAIL. -- Marco Op 08-12-2021 om 14:27 schreef Laura Smith via NANOG: Bit of a long stretch given the US audience, but I'm

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

On 12/8/21 15:27, Laura Smith via NANOG wrote: Bit of a long stretch given the US audience, but I'm seeing lots of things like this at the moment: info: validation failure : key for validation european-union.europa.eu. is marked as invalid because of a previous validation failure : DS got

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

On Wed, Dec 08, 2021 at 01:27:23PM +, Laura Smith via NANOG wrote a message of 18 lines which said: > Bit of a long stretch given the US audience, but I'm seeing lots of things > like this at the moment: Indeed, they botched DNSSEC

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

Thanks Stephane. I've subsequently had confirmation on the grapevine (indirect comms with CERT-EU) that they are indeed aware of a DNS issue but no detail or estimated fix time. ‐‐‐ Original Message ‐‐‐ On Wednesday, December 8th, 2021 at 13:40, Stephane Bortzmeyer wrote: > On Wed,

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

Den 08-12-2021 kl. 14:35 skrev Marco Davids (Private) via NANOG: Hi Laura, Something seems the matter, indeed: https://dnsviz.net/d/european-union.europa.eu/YbCzrQ/dnssec/ It's weird; 1.1.1.1 resolves, 8.8.8.8 and 9.9.9.9 return SERVFAIL. It is my understanding that the CNAME should never hav

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

* darkde...@darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]: To me, that part of it also points towards a broken implementation at CloudFlare, letting a bogus (insecure) responses take effect anyway. Or they prefer allowing people to visit websites over punishing system administrators

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

On Wed, Dec 8, 2021 at 6:35 AM Niels Bakker wrote: > * darkde...@darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]: > >To me, that part of it also points towards a broken implementation at > >CloudFlare, letting a bogus (insecure) responses take effect anyway. > > Or they prefer allowing pe

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

Arne Jensen wrote: It is my understanding that the CNAME should never have been followed, Wrong. since there isn't any covering RRSIG for the actual CNAME, exactly as the elaborative message on dnsviz.net claims. That CNAME RR is authenticated means it securely points to some other domain

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

Ca By wrote: It’s quite common for DNSSEC to fail at spectacular scale What’s uncommon? Attacks that DNSSEC is intended to solve. DNSSEC is considered harmful on the internet Correct. The problem is that PKI, in general, does not offer cryptographic security but just assumes intelligent

Re: questions about ARIN ipv6 allocation

hi john > While that was inevitable at ARIN’s inception and continued for many > years, it is not currently the case that there are more legacy > customers than paying customers i am easily confused. so just to keep my nouns the same over history, could you phrase that in terms of resource holde

Re: questions about ARIN ipv6 allocation

On Wed, Dec 8, 2021 at 9:49 AM Randy Bush wrote: > > While that was inevitable at ARIN’s inception and continued for many > > years, it is not currently the case that there are more legacy > > customers than paying customers > > i am easily confused. so just to keep my nouns the same over history

Spoofer Report for NANOG for Nov 2021

In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address.

Re: questions about ARIN ipv6 allocation

On Wed, Dec 8, 2021 at 9:54 AM William Herrin wrote: > > On Wed, Dec 8, 2021 at 9:49 AM Randy Bush wrote: > > > While that was inevitable at ARIN’s inception and continued for many > > > years, it is not currently the case that there are more legacy > > > customers than paying customers > > > > i

Webinar on Friday + N84 Talk Submissions

Don't Miss Friday's Webinar Register TODAY for Network Automation Panel Discussion Don't miss an incredible opportunity to join industry leaders for an intimate conversation revealing pro insider information highlighting a future in Network Automation. *Agenda will include: * • Advantages/challen

Looking for a Microsoft contact for helping a long lasting email delivery problem between Google and MS 365

Hi Sorry guys if this message bothers you. I would really appreciate it if someone from Microsoft, from the org deals with spam/quarantine Microsoft 365 Business email service could contact me offlist. We have a long-standing email delivery problem between Google (Google Workspace) and Microso