Re: NIST NTP servers

On Tue, May 10, 2016 at 06:48:52AM -0400, Steven Miano wrote a message of 41 lines which said: > Going with an internal GPS/GLONASS/RADIO based S1 allows you to > restrict incoming traffic and not rely on volunteers or external > entities (which may undergo maintenance or

Re: www.cisco.com no resolve?

On Sat, Mar 19, 2016 at 05:38:03AM +, Dmitry Sherman wrote a message of 13 lines which said: > dig www.cisco.com @8.8.8.8 Better to test through the authoritative name servers. The problem was there, as documented in

Re: www.cisco.com no resolve?

On Fri, Mar 18, 2016 at 10:53:15PM -0700, John Kinsella wrote a message of 49 lines which said: > Confirmed in Northern California, on all 3 primary NS servers. A > little Friday night maintenance window, maybe? Isn't it simply because the alias chain is awfully long

Re: Level3 DNS not resolving for our domains

On Wed, Dec 30, 2015 at 11:12:29PM +0100, Alarig Le Lay wrote a message of 35 lines which said: > Both are in the same AS, perhaps a routing issue? Indeed. This is a warning in ZoneMaster and I observe also that 10-15 % of

Re: Level3 DNS not resolving for our domains

On Wed, Dec 30, 2015 at 03:02:39PM -0600, Otto Monnig wrote a message of 24 lines which said: > Sorry for not providing domains - I did so intentionally, as I > believe this is a policy change at L3, rather than a technical > issue. And how are we supposed to debug,

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

On Fri, Dec 18, 2015 at 09:28:11AM +0100, Stephane Bortzmeyer <bortzme...@nic.fr> wrote a message of 6 lines which said: > http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554 The password for the first backdoor (the one regardi

[CVE-2015-7755] Backdoor in Juniper/ScreenOS

http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554 https://kb.juniper.net/InfoCenter/index?page=content=JSA10713=SIRT_1=LIST Should we blame Juniper for letting a git repository open to "unauthorized code" or should we congratulate them for

Re: DNSSEC and ISPs faking DNS responses

On Thu, Nov 12, 2015 at 10:27:01PM -0500, Jean-Francois Mezei wrote a message of 66 lines which said: > The Québec government is wanting to pass a law that will force ISPs > to block and/or redirect certain sites it doesn't like. (namely > sites that offer

Re: Bluehost.com

On Wed, Nov 25, 2015 at 08:41:55AM -0800, JoeSox wrote a message of 9 lines which said: > Anyone have the scope on the outage for Bluehost? > https://twitter.com/search?q=%23bluehostdown=tyah The two name servers ns1.bluehost.com and ns2.bluehost.com are awfully slow to

Re: Is there a DNS lookup, traceroute, ping and HTTP GET as a service?

On Wed, Nov 18, 2015 at 02:38:28PM -0200, Kurt Kraut via NANOG wrote a message of 45 lines which said: > About RIPE ATLAS, I already have one of their boxes and it never > worked. Simply doesn't appear as online. Their support just barely > gave me some tips but with no

Re: DNSSEC and ISPs faking DNS responses

On Sat, Nov 14, 2015 at 01:36:06AM -0500, Jean-Francois Mezei wrote a message of 71 lines which said: > Loto Québec is supposed to be testing for compliance, and I am not > sure how they will do that short of having a subscription to every > ISP that sells

Re: DNSSEC and ISPs faking DNS responses

On Fri, Nov 13, 2015 at 04:27:36AM -0500, Jean-Francois Mezei wrote a message of 34 lines which said: > I'll have to research how other countries tried to implement similar > schemes

Re: DNSSEC and ISPs faking DNS responses

On Fri, Nov 13, 2015 at 09:54:28AM +, a.l.m.bu...@lboro.ac.uk wrote a message of 20 lines which said: > well, in EU I dont think that would ever fly. It is done in France, for a long time .

Re: DNSSEC and ISPs faking DNS responses

On Fri, Nov 13, 2015 at 10:24:27AM -0800, Mark Milhollan wrote a message of 30 lines which said: > Would the masses ever replace their stub with a full resolver? > Doubtful, unless their OS vendor does it for them. Fedora already does it, apparently, with the excellent

Re: Chile Status?

On Thu, Sep 17, 2015 at 09:58:54AM -0400, Jared Mauch wrote a message of 11 lines which said: > If someone wants ripe ATLAS credits please send me a request > off-list with your e-mail address registered for RIPE Atlas. Even without credits, and an anonymous access,

Re: Chile Status?

On Thu, Sep 17, 2015 at 10:00:46AM -0400, Marshall Eubanks wrote a message of 34 lines which said: > shows green dots, but if you mouseover you see that the last > connects are all old (pre-Earthquake). You're right, I forgot to check that but the 17 RIPE Atlas

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Tue, Aug 04, 2015 at 10:03:33AM -0400, Jay Ashworth j...@baylink.com wrote a message of 6 lines which said: Everyone got BIND updated? For instance by replacing it with NSD or Unbound?

Re: Speaking of NTP...

On Mon, Jul 13, 2015 at 01:17:01PM +, Matthew Huff mh...@ox.com wrote a message of 14 lines which said: We have 5 NTP server: 2 x stratum 1 rubidium oscillator time servers with GPS sync, and 3 servers running NTP 4.2.6p5-3 synced to external internet based NTP stratum 1 servers. We

Re: REMINDER: LEAP SECOND

On Mon, Jun 22, 2015 at 01:15:41PM +0100, Tony Finch d...@dotat.at wrote a message of 15 lines which said: The problems are that UTC is unpredictable, That's because the earth rotation is unpredictable. Any time based on this buggy planet's movements will be unpredictable. Let's patch it

Re: REMINDER: LEAP SECOND

On Mon, Jun 22, 2015 at 12:38:28PM +, Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net wrote a message of 17 lines which said: So we need a new center of the universe and switch to stardate and thus solve the 32bit UNIX time problem for real this time? Or simply use TAI which is the

Re: AS4788 Telecom Malaysia major route leak?

On Fri, Jun 12, 2015 at 11:09:34AM +0200, Tore Anderson t...@fud.no wrote a message of 10 lines which said: I see tons of bogus routes show up with AS4788 in the path, and at least AS3549 is acceping them. E.g. for the RIPE NCC (193.0.0.0/21): [BGP/170] 00:20:29,

Re: AS4788 Telecom Malaysia major route leak?

On Fri, Jun 12, 2015 at 09:58:55AM -0500, Charles van Niman char...@phukish.com wrote a message of 25 lines which said: Does anyone at Level3 care to comment here about this event, https://twitter.com/Level3/status/609353696787496960

Re: macomnet weird dns record

On Tue, Apr 14, 2015 at 02:26:48PM +0100, Colin Johnston col...@gt86car.org.uk wrote a message of 19 lines which said: Best practice says avoid such info in records as does not aid debug since mix of dec and hex No. Pure imagination on your side. There is no such best practice. And it's not

Re: macomnet weird dns record

On Tue, Apr 14, 2015 at 04:09:42PM +0300, Nikolay Shopik sho...@inblock.ru wrote a message of 10 lines which said: How its weird? All these chars allowed in DNS records. And they probably encode the netmask, which may be useful.

Re: Google public DNS - getting SERVFAIL for any domains delegated to GoDaddy NSs

On Sun, Dec 07, 2014 at 12:01:40PM -0500, Erik Levinson erik.levin...@uberflip.com wrote a message of 25 lines which said: I'm getting SERVFAIL when trying to resolve any record in any domain whose NSs are

Re: How to track DNS resolution sources

On Wed, Dec 03, 2014 at 05:22:58PM +0100, Notify Me notify.s...@gmail.com wrote a message of 13 lines which said: I hope I'm wording this correctly. Not really :-) I had a incident at a client site where a DNS record was being spoofed. How do you know? What steps did you use to assert

Re: How to track DNS resolution sources

On Wed, Dec 03, 2014 at 11:32:08AM -0500, TR Shaw ts...@oitc.com wrote a message of 20 lines which said: On the command line: host spoofed.host.name.com Excuse me but it is useless. It tests only the local resolver (which may be unpoisoned). It provides no details that could help to debug

BGP hijacking to steal bitcoins

Good report (although I do not understand why they hide the name of the offending ISP since anyone can see it in RouteViews, or in its own BGP traffic). It's ordinary BGP hijacking but the goal is new: stealing bitcoins since the connections inside the mining pool are not authenticated.

Re: BGP Session

I love the From: field :-)

Re: RIPE Atlas data parsing

On Tue, May 27, 2014 at 12:28:30PM -0700, Ca By cb.li...@gmail.com wrote a message of 9 lines which said: Is there dummy tool for summarizing this JSON data and possibly visualizing it? On Atlas Web site, there is the Seismograph (an interactive tool). I don't use it myself. There are many

Re: All of .mil tld is down

On Tue, May 20, 2014 at 02:35:49PM -0400, Brian Henson marin...@gmail.com wrote a message of 107 lines which said: Looks like it has been corrected now Not from everywhere. From two different networks in France, I get: % check-soa -i nipr.mil CON1.nipr.mil. 199.252.157.234: ERROR:

Re: Anternet

On Sat, Apr 05, 2014 at 12:44:05AM -0500, Larry Sheldon larryshel...@cox.net wrote a message of 9 lines which said: http://kottke.org/14/04/the-anternet But what is the equivalent of 3-way handshake? And of ECN (ants carrying back messages I still bring food but it won't last)? And the

Re: Blocking of domain strings in iptables

On Sat, Feb 08, 2014 at 12:34:45AM -0800, Jonathan Lassoff j...@thejof.com wrote a message of 88 lines which said: This is going to be tricky to do, as DNS packets don't necessarily contain entire query values or FQDNs as complete strings due to packet label compression Apprently, the OP

Re: Blocking of domain strings in iptables

On Sat, Feb 08, 2014 at 01:38:13PM +0530, Anurag Bhatia m...@anuragbhatia.com wrote a message of 54 lines which said: but here I am not sure how to create such string out and script them for automation. Use this program: http://www.bortzmeyer.org/files/generate-netfilter-u32-dns-rule.py

Re: TWC (AS11351) blocking all NTP?

On Sun, Feb 02, 2014 at 02:49:49PM -0800, Matthew Petach mpet...@netflight.com wrote a message of 49 lines which said: If NTP responded to a single query with a single equivalently sized response, its effectiveness as a DDoS attack would be zero; with zero amplification, the volume of

Re: TWC (AS11351) blocking all NTP?

On Mon, Feb 03, 2014 at 04:09:39AM +, Dobbins, Roland rdobb...@arbor.net wrote a message of 20 lines which said: I also think that restricting your users by default to your own recursive DNS servers, plus a couple of well-known, well-run public recursive services, is a good idea - as

Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

On Fri, Dec 06, 2013 at 06:38:31PM +0100, Eugen Leitl eu...@leitl.org wrote a message of 357 lines which said: http://www.wired.com/threatlevel/2013/12/bgp-hijacking-belarus-iceland/ Except the remarks from Kapela, it has very little content above what was in the Renesys paper, discussed

Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

On Fri, Dec 06, 2013 at 01:05:54PM -0500, Jared Mauch ja...@puck.nether.net wrote a message of 36 lines which said: I've detected 11.6 million of these events since 2008 just looking at the route-views data. Most recently the past two days 701 has done a large MITM of traffic. The big

Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

On Fri, Dec 06, 2013 at 12:39:16PM -0600, Brandon Galbraith brandon.galbra...@gmail.com wrote a message of 43 lines which said: If your flows are a target, or your data is of an extremely sensitive nature (diplomatic, etc), why aren't you moving those bits over something more private than

Re: Renesys, Ars document wholesale BGP hijacking

On Wed, Nov 27, 2013 at 02:10:33AM -0500, Jay Ashworth j...@baylink.com wrote a message of 7 lines which said: To Belarus, Iceland. Old news, more than a week. Um, oops. http://catless.ncl.ac.uk/go/risks/27/62/2 The real URL is

Re: [renesys] The New Threat: Targeted Internet Traffic Misdirection

On Wed, Nov 20, 2013 at 01:54:00PM -0500, Christopher Morrow morrowc.li...@gmail.com wrote a message of 11 lines which said: someone has already parsed out all route announcements from ris/routeviews for the 2 specific incidents in question in the article? and posted the contents somewhere

[renesys] The New Threat: Targeted Internet Traffic Misdirection

Interesting study of what seems to be real BGP shunts: http://www.renesys.com/2013/11/mitm-internet-hijacking/

Re: How anti-NSA backlash could fracture the Internet along national borders - The Washington Post

On Sat, Nov 02, 2013 at 01:12:54PM -0400, Jay Ashworth j...@baylink.com wrote a message of 8 lines which said: The balkanizing of the Net? http://www.washingtonpost.com/blogs/worldviews/wp/2013/11/01/how-anti-nsa-backlash-could-fracture-the-internet-along-national-borders/ So, to host

Re: ipp.gov and Google DNS (8.8.8.8)

On Thu, May 30, 2013 at 09:04:44AM -0600, Josh Galvez j...@zevlag.com wrote a message of 135 lines which said: DNSSEC seems to be validating properly. Since Google Public DNS returns SERVFAIL even with the +cd option (Checking Disabled), I suspect that it is not a DNSSEC issue at all.

Re: After Being Cut From Norway, The Pirate Bay Returns From North Korea or is it just BGP Tricks

On Mon, Mar 04, 2013 at 09:43:05PM +, Bacon Zombie baconzom...@gmail.com wrote a message of 71 lines which said: But there is a lot of debate on Reddit that they are not really in North Korea and just doing some BGP trickery: And ICMP trickery, to send false ICMP replies (with a delay)

Re: Level3 worldwide emergency upgrade?

On Wed, Feb 06, 2013 at 01:04:40PM +0200, JP Viljoen froztb...@froztbyte.net wrote a message of 10 lines which said: the general guess I saw was that it was Juniper-related. Juniper Technical Bulletin PSN-2013-01-823, probably?

Re: DDoS Attacks Cause of Game Servers

On Thu, Jan 31, 2013 at 11:23:11AM +0330, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote a message of 55 lines which said: Those ip addresses I send were only sample, its 5 page :D and not only those addresses. Because the attacker attacks when they have a new opponent. They DoS it long

Re: dhcpy6d - a MAC address aware DHCPv6 server

On Mon, Nov 05, 2012 at 09:14:54AM +0100, Henri Wahl h.w...@ifw-dresden.de wrote a message of 155 lines which said: - identifies clients by MAC address, DUID or hostname Excellent, identification by MAC address was often requested. Thanks for this software. like other people we had the

Re: dhcpy6d - a MAC address aware DHCPv6 server

On Tue, Nov 06, 2012 at 05:38:32AM -0800, Owen DeLong o...@delong.com wrote a message of 68 lines which said: If you're on local subnet, why not pull the MAC address out of the received packet? Because it requires access to raw sockets, which should not be necessary for DHCP?

Re: is CERNET part of the Internet?

On Thu, Sep 27, 2012 at 11:23:34AM +0200, Eugen Leitl eu...@leitl.org wrote a message of 5 lines which said: the official Internet I wasn't aware there is an official Internet. Where is it?

Re: really nasty attacks

On Thu, Sep 27, 2012 at 08:55:58AM -0600, Miguel Mata mm...@intercom.com.sv wrote a message of 30 lines which said: Guys, No gals on NANOG? The attacks comes from various sites from the other side of the pond (46.165.197.xx, 213.152.180.yy). How can you be sure? With UDP, you have zero

Re: really nasty attacks

On Thu, Sep 27, 2012 at 12:12:50PM -0400, Patrick W. Gilmore patr...@ianai.net wrote a message of 32 lines which said: I do not know of any name servers that reply to queries with UDP packets filled with only the letter X. The DNS Headers alone require more than the letter X. Yes, you're

Re: GoDaddy down again?

On Mon, Sep 17, 2012 at 10:23:43AM -0300, Takashi Tome taka...@cpqd.com.br wrote a message of 8 lines which said: Does anyone knows whether GoDaddy is having problems again? Post *details*! dig, traceroute, etc Unlike the last outage, their name servers appear to work fine.

No DNS poisoning at Google (in case of trouble, blame the DNS)

On Wed, Jun 27, 2012 at 03:53:17AM +, Matthew Black matthew.bl...@csulb.edu wrote a message of 18 lines which said: We believe the DNS servers used by Google's crawler have been poisoned. [After reading the whole thread and discovering that Google was indeed right.] What made you think

Re: Open DNS Resolver reflection attack Mitigation

On Fri, Jun 08, 2012 at 03:09:04PM -0400, Joe Maimon jmai...@ttec.com wrote a message of 7 lines which said: Is there any publicly available rate limiting for BIND? Not as far as I know. I'm not sure it would be a good idea. BIND is feature-rich enough. How about host-based IDS that can

Re: Open DNS Resolver reflection attack Mitigation

On Fri, Jun 08, 2012 at 12:56:23PM -0700, Owen DeLong o...@delong.com wrote a message of 28 lines which said: IPv6 should be a simple matter of putting the same line in your ip6tables file. My experience with attack mitigation is that tools do not always work as advertised and sometimes do

Re: rpki vs. secure dns?

On Mon, May 28, 2012 at 10:01:59PM +, paul vixie vi...@isc.org wrote a message of 37 lines which said: i can tell more than that. rover is a system that only works at all when everything everywhere is working well, and when changes always come in perfect time-order, Exactly like

Re: rpki vs. secure dns?

On Mon, May 28, 2012 at 08:59:28PM +, Paul Vixie vi...@isc.org wrote a message of 43 lines which said: ROVER expects that we will query for policy at the instant of need. that's nuts for a lot of reasons, one of which is its potentially and unmanageably circular dependency on the

Re: DNS anycasting - multiple DNS servers on same subnet Vs registrar/registry policies

On Mon, May 28, 2012 at 06:56:29PM -0500, Brett Frankenberger rbf+na...@panix.com wrote a message of 15 lines which said: How does your employer know if two nameservers (two IP addresses) are on the same subnet? The current heuristic for IPv4 is belongs in the same /28 (and /64 for IPv6).

Re: DNS anycasting - multiple DNS servers on same subnet Vs registrar/registry policies

On Tue, May 29, 2012 at 12:21:10AM +0530, Anurag Bhatia m...@anuragbhatia.com wrote a message of 28 lines which said: I know few registry/registrars which do not accept both (or all) name servers of domain name on same subnet. Since my employer is one of these registries, let me mention

Re: Vixie warns: DNS Changer ?blackouts? inevitable

On Wed, May 23, 2012 at 03:10:38PM +0300, Frank Habicht ge...@geier.ne.tz wrote a message of 13 lines which said: Is there anywhere a page where one can type an ASN or a CIDR block and then the whois contacts get a list of IPs that still contact the unintended servers? See

Re: rpki vs. secure dns?

On Mon, Apr 30, 2012 at 09:41:51AM -0400, Russ White ru...@riw.us wrote a message of 60 lines which said: Neither a DNS based solution nor the RPKI will resolve path attacks, I want to be sure of the terminology: what is deployed presently is the bundle RPKI+ROA. As their name say, ROA can

Re: rpki vs. secure dns?

On Sun, Apr 29, 2012 at 11:28:58AM -0400, Jennifer Rexford j...@cs.princeton.edu wrote a message of 37 lines which said: How does this interact with the presence of certificates for supernets, though? That is, suppose an ISP creates a legitimate ROA for 12.0.0.0/8, after ensuring that all

Re: rpki vs. secure dns?

On Sat, Apr 28, 2012 at 03:04:07AM -0700, Randy Bush ra...@psg.com wrote a message of 9 lines which said: draft-bates-bgp4-nlri-orig-verif-00.txt was '98 and we dropped it for good reasons Unfortunately, we have RFCs for good ideas but bad ideas never get documented by the IETF (one of

Re: rpki vs. secure dns?

On Sat, Apr 28, 2012 at 12:34:52PM +0200, Alex Band al...@ripe.net wrote a message of 41 lines which said: In reality, since the RIRs launched an RPKI production service on 1 Jan 2011, adoption has been incredibly good (for example compared to IPv6 and DNSSEC). More than 1500 ISPs and large

Re: Need spamcop/ironport security contact

On Fri, Apr 27, 2012 at 11:41:57PM -0400, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote a message of 33 lines which said: I have a security incident to report and need to make contact with a senior level contact responsible for spamcop/ironport immediately. And you need a

Re: rpki vs. secure dns?

On Sat, Apr 28, 2012 at 01:17:10PM +0300, Saku Ytti s...@ytti.fi wrote a message of 27 lines which said: I think ROVER is better solution, doesn't need any changes to BGP just little software magic when accepting routes. I like Rover but RPKI+ROA does not change BGP either (it will be a

Re: DNS issues with tools.ietf.org

On Wed, Apr 04, 2012 at 10:26:11PM +0200, Marco Davids (Prive) mdav...@forfun.net wrote a message of 8 lines which said: Something seems wrong with the DNS of 'tools.ietf.org'. Can you be more specific? It works for me except that one name server does not actually exist (but it does not

Re: DNS issues with tools.ietf.org

On Wed, Apr 04, 2012 at 10:35:34PM +0200, Marco Davids (Prive) mdav...@forfun.net wrote a message of 15 lines which said: And what about this: But two name servers, gamay and shiraz still work. So the domain works, so you can email the hostmaster :-)

Re: Was b.root-servers.net under attack on Mar 31?

On Sun, Apr 01, 2012 at 11:23:31PM +0800, Che-Hoo CHENG chch...@ieee.org wrote a message of 9 lines which said: http://dnsmon.ripe.net/dns-servmon/server/plot?server=b.root-servers.net;type=drops;tstart=1333166400;tstop=1333252799;af=ipv4 There were quite a few unanswered queries from

Re: Attack on the DNS ?

On Sat, Mar 31, 2012 at 05:05:46AM -0400, Marshall Eubanks marshall.euba...@gmail.com wrote a message of 17 lines which said: Anyone seen signs of this attack actually occurring ? For serious information about this issue, see:

Re: Anonymous planning a root-servers party

On Wed, Feb 15, 2012 at 10:36:32PM +, George Bakos gba...@alpinista.org wrote a message of 13 lines which said: As I hadn't seen it discussed here, I'll have to assume that many NANOGers haven't seen the latest rant from Anonymous: There's nothing proving that it comes from the

Re: Anonymous planning a root-servers party

On Wed, Feb 15, 2012 at 04:40:47PM -0600, Grant Ridder shortdudey...@gmail.com wrote a message of 23 lines which said: If i remember right, another group tried to take down the root servers within the past 5 or 6 years and only took out around 20 or 25. No need to remember, Wikipedia does

Re: DNS zone response speed test tool?

fr $(dig +short NS fr.) # # From: Joe Abley jab...@isc.org # Modified-by: Stephane Bortzmeyer bortzme...@nic.fr # Settings max=1 verbose=0 # Some Unices like NetBSD are crazy enough to ship a dinosaurian # version of getopt, which cannot handle arguments with spaces! So, we # have a lot of work

Re: EFF call for signatures from Internet engineers against censorship

On Tue, Dec 13, 2011 at 06:12:34PM -0800, Peter Eckersley p...@eff.org wrote a message of 86 lines which said: To date, the leading role the US has played in this infrastructure has been fairly uncontroversial [sic and re-sic] because America is seen as a trustworthy arbiter and a

Re: [outages] More notes

On Mon, Nov 07, 2011 at 08:37:55PM -0700, brian nikell nickell...@gmail.com wrote a message of 38 lines which said: Actually, Juniper does disclose code bugs. Though not always to the public at first, importantly to Juniper customers. Juniper had advised all of their customers last August

Re: TATA problems?

On Mon, Nov 07, 2011 at 10:00:34AM -0500, Todd Snyder t...@borked.ca wrote a message of 12 lines which said: We seem to be having some problems with our tata links They probably use Juniper routers :-)

Re: F.ROOT-SERVERS.NET moved to Beijing?

On Sun, Oct 02, 2011 at 05:40:23PM +, Janne Snabb sn...@epipe.com wrote a message of 32 lines which said: I happened to notice the following at three separate sites around the US and one site in Europe: Good analysis at http://bgpmon.net/blog/?p=540

Re: F.ROOT-SERVERS.NET moved to Beijing?

On Sun, Oct 02, 2011 at 04:06:44PM -0700, Leo Bicknell bickn...@ufp.org wrote a message of 107 lines which said: We have found networks where a query sent to F-Root never reaches an ISC run server. For details on such behavior, i highly recommend the excellent paper Identifying and

Re: F.ROOT-SERVERS.NET moved to Beijing?

On Sun, Oct 02, 2011 at 05:40:23PM +, Janne Snabb sn...@epipe.com wrote a message of 32 lines which said: $ dig +short +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT pek2a.f.root-servers.org The next time, I suggest to also run data queries such as A www.facebook.com or A

Re: dot xxx live or not?

On Fri, May 13, 2011 at 05:03:11AM -0400, Joly MacFie j...@punkcast.com wrote a message of 19 lines which said: I recall checking at the time that http://icmregistry.xxx worked Now it doesn't. Anyone know what's going on? The TLD .xxx works. Names like sex.xxx or icmregistry.xxx have

Re: Connectivity status for Egypt

On Wed, Feb 02, 2011 at 06:23:39AM -0500, Jim Cowie co...@renesys.com wrote a message of 29 lines which said: Yes, confirmed from 09:29 UTC. Basically all major providers are back, full status quo ante (modulo reagg), major sites are up. EUN (the academic network, which includes the

Re: Connectivity status for Egypt

On Wed, Feb 02, 2011 at 12:30:45PM +0100, Stephane Bortzmeyer bortzme...@nic.fr wrote a message of 10 lines which said: EUN (the academic network, which includes the primary name server for .EG) is still unreachable (1130 UTC). It works now (1137 UTC). BGP was a bit slow.

Re: Internet to Tunisia

On Tue, Jan 11, 2011 at 05:50:09AM -0500, Marshall Eubanks t...@americafree.tv wrote a message of 10 lines which said: Can anyone confirm that there is blockage ? There exists filtering for a long time and it is widely documented. I am not aware of a global blockage today. Are there any

Re: How many legitimate cases when Origin AS in BGP announcement changed by another AS?

On Tue, Jan 04, 2011 at 04:38:19AM -0800, Akmal Shahbaz akmal_shah...@yahoo.com wrote a message of 443 lines which said: I am looking for example routing policies when any AS receiving BGP advertisement changes Origin AS in BGP AS set attribute to remove the received AS number and puts its

Re: How many legitimate cases when Origin AS in BGP announcement changed by another AS?

On Tue, Jan 04, 2011 at 08:22:35AM -0800, Akmal Shahbaz akmal_shah...@yahoo.com wrote a message of 44 lines which said: When the old origin AS was a private one? NO.Even when old origin AS is not private one. You misunderstood me. I replied to your query When is it legitimate to change an

Re: wikileaks dns (was Re: Blocking International DNS)

On Fri, Dec 03, 2010 at 12:52:29AM -0500, Ken Chase k...@sizone.org wrote a message of 24 lines which said: Anyone have records of what wikileaks (RR, i assume) A record was? 91.121.133.41 46.59.1.2 Translated into an URL, the first one does not work (virtual hosting, may be) but the

Re: wikileaks dns (was Re: Blocking International DNS)

On Fri, Dec 03, 2010 at 08:27:57AM -0600, Dan White dwh...@olp.net wrote a message of 28 lines which said: Their A records on Sunday were: (No longer working.) Several people are keeping track of working IP addresses and avertise them in the DNS (wikileaks.something.example). Other have

Re: The i-root china reroute finally makes fox news. And congress.

On Wed, Nov 17, 2010 at 12:13:39PM +0530, Suresh Ramasubramanian ops.li...@gmail.com wrote a message of 17 lines which said: Man in the middle rewriting of DNS query responses is the only thing I can think of. And it's easy to detect since the rewriter tells the truth about its own name.

Re: Who controlls the Internet?

On Sun, Jul 25, 2010 at 08:24:27PM +0300, Tarig Yassin tariq198...@hotmail.com wrote a message of 27 lines which said: For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this

Re: .mil dns problems?

On Thu, May 27, 2010 at 09:16:35AM -1000, Antonio Querubin t...@lava.net wrote a message of 10 lines which said: Anyone seeing trouble resolving some .mil hostnames consistently today? Yes, most DNS servers of .MIL are unresponsive: % check_soa mil There was no response from EUR2.NIPR.mil

Re: APNIC Allocated 14/8, 223/8 today

On Wed, Apr 14, 2010 at 05:02:10PM +1000, Skeeve Stevens ske...@eintellego.net wrote a message of 37 lines which said: As the subject says, APNIC was allocated 14/8 and 223/8 today... Actually, it was a few days ago. Not sure why I haven't seen any announcements about it... There have

Re: Note change in IANA registry URLs

On Fri, Apr 02, 2010 at 11:42:25AM +0200, Robert Kisteleki rob...@ripe.net wrote a message of 20 lines which said: I don't know what good reasons you might have to pull down the current URLs. Please keep them working. I strongly agree and, by the way, it seems this was partially mentioned

Re: in-addr.arpa server problems for europe?

On Mon, Feb 15, 2010 at 10:22:17AM +0100, Michelle Sullivan matt...@sorbs.net wrote a message of 185 lines which said: 213.in-addr.arpa. 86400 IN NS NS-PRI.RIPE.NET. 213.in-addr.arpa. 86400 IN NS NS3.NIC.FR. 213.in-addr.arpa. 86400 IN NS

Re: in-addr.arpa server problems for europe?

On Mon, Feb 15, 2010 at 01:40:31PM +0100, Michelle Sullivan matt...@sorbs.net wrote a message of 298 lines which said: miche...@enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @NS3.NIC.FR Bad test: the response is too small to exercice real size problems. Try adding +dnssec to the dig

Re: in-addr.arpa server problems for europe?

On Mon, Feb 15, 2010 at 08:30:43PM +0800, Wilkinson, Alex alex.wilkin...@dsto.defence.gov.au wrote a message of 14 lines which said: Curious, why did you modify 'bufsize' ? To test response size issues, probably. Broken middleboxes are the scourge of the Internet.

Re: in-addr.arpa server problems for europe?

On Mon, Feb 15, 2010 at 01:12:55PM +0100, Mark Scholten m...@streamservice.nl wrote a message of 36 lines which said: Solution: stop using DNSSEC or checking for DNSSEC. In 2010, it is a bit backward...

Re: History of 4.2.2.2. What's the story?

On Sun, Feb 14, 2010 at 12:43:12PM -0600, John Palmer (NANOG Acct) nan...@adns.net wrote a message of 42 lines which said: A more useful resolver is ASLAN [199.5.157.128] which is an inclusive namespace resolver which shows users a complete map of the internet, There are many crooks which

Re: How polluted is 1/8?

On Wed, Feb 03, 2010 at 04:49:00PM +0100, Mirjam Kuehne m...@ripe.net wrote a message of 15 lines which said: After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs:

Re: 1/8 and 27/8 allocated to APNIC

On Fri, Jan 22, 2010 at 08:54:37AM -0500, William Allen Simpson william.allen.simp...@gmail.com wrote a message of 20 lines which said: I agree that 1/8 was probably about the *last* that should have been allocated. It's particularly frustrating that they made two assignments at the same

<    1   2   3   >