On 3/3/25 09:26, Jan Schaumann wrote:
It looks like currently the NS for nih.gov only
respond to TCP queries.
It seems fixed now.
There was much social media speculation over the weekend that this was a
DNS issue, but it seems a lot of NIH online infrastructure was taken
down without too m
On 3/2/24 11:34, John Levine wrote:
I’d be very surprised if this were the case. I’d have thought the vast
majority of what end users would use (at least on the recursive
side) would be whatever their ISP was providing, which I strongly suspect is
not pi-hole.
I'd also expect it's whatever
On 11/12/23 13:07, Randy Bush wrote:
it occurred to me that it migh tme wise to have a rancid like
(https://shrubbery.net/rancid/) equivalent for critical domains.
i.e. to git record changes and warn of radical diffs.
is there any foss tooling in this space?
It's not exactly what you are looki
On 10/7/23 04:11, Noel Butler wrote:
Hrmmm you used to be able to use rs.dns-oarc.net to test edns but it's
either gone MIA or I'm thinking of the wrong hostname, in which case I'm
sure someone will chime in with the correct one :)
Just to confirm, OARC's test servers, including reply-size we
On 9/4/23 08:27, Christoph wrote:
https://dnsviz.net/d/cmdns.dev.dns-oarc.net/dnssec/
since cmdns.dev.dns-oarc.net appears to be down,
Please report issues with OARC services to , rather
than to this entire mailing list of 1800+ people.
We have most of our team traveling and out of timezon
Now seems like a good time to remind everyone of the OARC Conduct Policy:
https://www.dns-oarc.net/oarc/policies/conduct
which applies to all interactions on OARC fora, online and in-person,
and including this mailing list.
By all means respectfully debate the subject matter, please a
On 7/13/22 13:36, Alarig Le Lay wrote:
Vodafone is sending 3k req/s (~10Mbps) of DNS garbage to my AS112 node
from 88.82.0.0/19
If someone knows somebody there, could you please tell them to fix their
resolvers?
Noting this prefix is AS5378 Vodafone UK, UKNOF has a mailman list and a
mattermo
On 10/12/21 11:14 AM, Stephane Bortzmeyer wrote:
DNSviz currently always flags the root with a warning "./DNSKEY (alg
8, id 14748): No response was received until the UDP payload size was
decreased, indicating that the server might be attempting to send a
payload that exceeds the path maximum tra
On 12/13/20 2:58 PM, Randy Bush wrote:
> tangent, but you started it
>
>> [1] IANAL, but this rather looks like a gross over-reaction to GDPR,
>> with some registries and registrars continuing to provide usable
>> contact details with no ill consequence. The practice even among
>> European ccTLDs
On 9/14/20 1:54 PM, Fernando Gont wrote:
> On 14/9/20 10:14, Stephane Bortzmeyer wrote:
>> On 1 and 2 September 2020, several French IAPs (Internet Access
>> Providers), including SFR and Bouygues, were "down". Their DNS
>> resolvers were offline, and it does indeed seem that this was the
>> result
On 9/11/20 12:47 AM, Paul Vixie wrote:
> i don't think all of the people i intend to address here have heard
> my views. they may think that dns-oarc speaks for the community
> rather than for a small self selected team. they may also think that
> i as co-founder of dns-oarc can be relied upon to
On 8/31/20 12:40 PM, Puneet Sood via dns-operations wrote:
> Is there an online tool that does mark up on RFCs to show which other
> RFCs are referring to specific sections in it?
I suspect you may find:
https://powerdns.org/dns-camel/
helpful here.
Keith
__
On 8/25/20 4:26 AM, Ondřej Surý wrote:
> The details has been provided on OARC members list, so I’ll let
> Keith and Matt to decide the level of detail to provide, but the
> service is being hosted by a professional organization and is subject
> to confidentiality agreement. OARC Mattermost (the so
On 7/2/20 12:34 PM, Stephane Bortzmeyer wrote:
> And what is the solution? A static tunnel to a Cogent POP?
On 7/3/20 5:11 AM, Roy Arends wrote:
>
>> On 2 Jul 2020, at 21:03, Matthew Pounsett
>> wrote:
>>
>> All we did was make C-root visible to DNSViz.
> Good work on fixing this, Matt. Out
ral we're fine with announcements on this list of nonprofit
activities, events, projects that are DNS operations-relevant. Promotion
of commercial activities is discouraged and unlikely to be well-received.
Keith
> On Wed, Jun 24, 2020 at 13:03 Keith Mitchell
> wrote:
> On 6/23/2
Mehmet,
On 6/23/20 4:47 PM, Mehmet Akcin wrote:
> hey there, sorry for cross-posting in few lists.
>
> A few weeks ago I've started hosting a youtube/twitch/twitter live video
> show
With regard to posting this here, please could you clarify whether the
entity publishing this show is doing so on
On 4/17/20 1:52 AM, Mark Andrews wrote:
> Subject: Re: [dns-operations] Anyone from Google here?
A reminder to OARC Members that they can use the "Contact Directory"
feature of the OARC Member Portal to find DNS Operations contacts at
other Members.
Keith
___
As per the statement at:
https://indico.dns-oarc.net/event/34/page/93-covid-19-situation
OARC has been tracking the Covid-19 situation, and exploring
contingencies should we not be able to proceed as planned with OARC33.
At this point in time, we are still working to our plans to have the
works
On 12/30/19 4:23 PM, Mehmet Akcin wrote:
> I am looking to hire a DNS expert...
Please note there is a dns-jobs list:
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
which is more appropriate for such postings.
Keith
___
dns-operations m
On 12/14/19 5:43 PM, Tony Finch wrote:
> I have been playing around with the old update journal in the saveroot
> repository, to see if I can reconstruct root zones between July 2005 and
> March 2014.
> I think reconstruction is mostly feasible, but it would be super helpful
> if anyone can give m
On 11/29/19 8:32 PM, Rubens Kuhl wrote:
> including making studies that other parties can't reproduce due to
> being limited to DITL data.
DITL data is available to any party who signs an OARC Data Sharing
agreement.
Keith
___
dns-operations mailing li
On 11/26/19 7:40 PM, Mark Allman wrote:
> I wonder if we're ever allowed to just decide this sort of thing is
> ridiculous old shit and for lots of reasons we can and should just
> garbage collect it away.
To some extent, "get rid of ridiculous old sh*t" is kind of what the DNS
Flag Days are wor
On 10/11/19 6:30 PM, Shumon Huque wrote:
> It might be much more important for diagnostic and measurement services
> like DNSviz though. At the moment, if you run IPv6 DNS servers on
> networks that are singly connected to Cogent, it will probably
> incorrectly flag those servers as unavailable. F
On 10/10/19 10:31 PM, Adam Vallee wrote:
> This is the point I've been trying to make for over 24 hours but it
> would seem that my comments are not being approved and sent to the list.
None of your postings have been intentionally blocked. The list policy
is that all new subscribers are auto-mode
On 07/21/2015 07:48 AM, Edward Lewis wrote:
> Come to think of it, does DNS-OARC have a set of such zones? I have a
> vague memory that this may have been set up once. If not, might this be a
> good idea to provide? (Alongside other test services like reply size as
> described here: https://www.
On 07/15/2015 08:49 PM, Mauricio Vergara wrote:
> There is an operational reason to have the TTLs low, the good thing is
> that it is completely temporary, and by the time you get this those TTLs
> will be back to normal "everyday" values.
> We are actually thinking, if there is interest, of shar
Thank you all for the many kind words and postings about our Amsterdam
workshop. Running successful events is very much a team effort, and on
behalf of OARC I'd like to express our gratitude to all our speakers,
sponsors, PC and other volunteers for making this one happen.
There's always room for
:cContributory
and to the RIPE NCC for their help with connectivity and meeting logistics.
Keith Mitchell
OARC President
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-job
On 05/04/2015 04:51 AM, Peter Koch wrote:
> On Mon, May 04, 2015 at 09:11:28AM +0200, Stephane Bortzmeyer wrote:
>> http://www.ssi.gouv.fr/entreprise/guide/bonnes-pratiques-pour-lacquisition-et-lexploitation-de-noms-de-domaine/
>> (in french only)
> Getting these recommendations straight is not a
venue information, see the workshop site, and
also the RIPE70 meeting site at:
https://ripe70.ripe.net/venue/meeting-venue/
Additional sponsors for this meeting and the social event remain welcome
- please contact if interested.
Keith Mitchell
OARC Pres
d the social event remain welcome
- please contact if interested.
Look forward to seeing everyone in Amsterdam !
Keith Mitchell
OARC President
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinf
Finally, we remain open to additional sponsors for this meeting - if
your organization is interested in sponsorship, please contact Denesh
Bhabuta via for more information.
Keith Mitchell
OARC President
___
dns-operations mailing list
dns-operations
On 02/27/2015 05:09 AM, Reed Loden wrote
> I notified Mozilla's release management team, and they are tracking
> this.
>
> They believe this is
> https://bugzilla.mozilla.org/show_bug.cgi?id=1093983
FWIW, I also reached out to a contact within Mozilla, who added to the
internal escalation on thi
On 01/19/2015 07:57 AM, Tim Wicinski wrote:
>
> On 1/17/15 12:12 PM, Paul Hoffman wrote:
>>> Would it be helpful if OARC maintained a page containing links to
>>> the cache flushing interfaces and/or PoCs of interested resolver
>>> operators that support such things ?
>>
>> If OARC could define
On 01/17/2015 09:35 AM, Eli Heady wrote:
> Is there a better place for such requests? Honestly curious ... as
> an operator of dns for a large-ish network, I'd like to know when our
> caches have been polluted. To that point, and to the OP and others
> making flush requests, it would be helpful to
On 12/31/2014 05:07 PM, Roland Dobbins wrote:
>
> On 31 Dec 2014, at 20:05, Alexander Neilson wrote:
>
>> Particularly looking at performance tuning and resilient architecture
>> however any good resources that provide a good understanding of the
>> deeper details of the operation of DNS.
>
> In
On 12/14/2014 11:45 AM, Keith Mitchell wrote:
> On 12/13/2014 04:30 PM, Mark Andrews wrote:
>>
>> OARC's DNS Reply Size Test Server is not EDNS compliant. It does
>> not return a OPT record to EDNS requests. This causes named from
>> BIND 9.10.0 and later to
On 12/15/2014 02:40 PM, Roland Dobbins wrote:
>
> On 16 Dec 2014, at 1:42, Mike Hoskins (michoski) wrote:
>
>> You can acknowledge things aren't a panacea, while still deriving some
>> benefits from them.
>
> My point is that the negatives far outweigh the benefits in most
> organizations.
It
On 12/13/2014 04:30 PM, Mark Andrews wrote:
>
> OARC's DNS Reply Size Test Server is not EDNS compliant. It does
> not return a OPT record to EDNS requests. This causes named from
> BIND 9.10.0 and later to classify the servers as not EDNS compliant
> and to only send plain DNS queries. This in
On 12/11/2014 05:52 PM, Livingood, Jason wrote:
>> On 12/10/14, 8:27 PM, "Dnsbed (Jeff)" wrote:
>
>> UDB is hard to be defensed, as the spooled IPs are hard to setup
>> the correct firewall rules. Can we guess the next generation of DNS
>> will service primarily using TCP?
We've been here befor
On 11/24/2014 07:22 PM, Franck Martin wrote:
> I’m not sure it is right to post job opportunities on this list, but I’m
> taking my chances :P
What, social media not working :-?
You in fact want:
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
for postings like this.
Keith
> We
If you didn't already check it out, you may find this presentation at
our last workshop adds some background:
https://indico.dns-oarc.net//contributionDisplay.py?contribId=37&sessionId=3&confId=20
Keith
On 11/02/2014 08:52 AM, Lyle Giese wrote:
> Just to flush out the details here, in case anyo
On 10/11/2014 01:43 AM, han feng wrote:
> We are working on organizing a DNS BoF at DNS OARC 2014 Fall in LA, and we
> wanted to
> share the test report regarding to DNS dynamic update and xfr (please refer
> to the
> attachment), and ask your opinions on the topics that we should cover on th
On 10/09/2014 07:32 AM, Yasuhiro Orange Morishita wrote:
> Now DNS-OARC's Web-based DNS Randomness Test site doesn't work properly...
> Is this service closed?
No, this service is still supported, though note that there have been a
number of exploits published since this test was derived which me
p-2014-10
Finally, a big Thank You to our sponsors:
* Microsoft (Platinum and Social)
* Nominet (Silver, T-shirts)
* Dyn (Bronze)
and ICANN as our meeting host, for making this event possible :-)
Keith Mitchell
OARC President
___
dns-operations ma
r workshop.
Keith Mitchell
OARC President
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
On 09/13/2014 10:45 AM, David Conrad wrote:
> On Sep 13, 2014, at 2:19 AM, Franck Martin
> wrote:
>> I’m not sure why the dot prod was not first set up to return
>> NXDOMAIN, queries logged, and then source IP contacted to warn
>> them
>> May be this is an insight now, may be this is something
On 09/10/2014 01:57 PM, Peter Losher wrote:
> On 10 Sep 2014, at 10:50, Joe Abley wrote: Sorry for the non-op
> question, but Keith's autoresponder says he's busy at UKNOF in
> Belfast and I've unfortunately left all this room booking to the
> last minute.
Please can you use for all OARC suppor
A quick reminder that *tomorrow* is the last day that you will be able
to book accommodation in OARC's room block for this workshop - the ICANN
Hyatt meeting hotel and other nearby options are all now fully booked.
Keith
On 08/27/2014 03:40 PM, Keith Mitchell wrote:
> Here's a
On 08/27/2014 04:11 PM, German Hoeffner wrote:
> Unfortunately I'll not be able to make it to the event in person. Is
> there any chance that the event (or a part of it) will be live-streamed?
> I'm especially interested in
> https://indico.dns-oarc.net//contributionDisplay.py?contribId=9&sessionI
king cut-off date of 11th September.
Finally, we remain open to additional sponsors for this meeting - if
your organization is interested in sponsorship, please contact Denesh
Bhabuta via for more information.
Keith Mitchell
OARC President
___
dns-ope
It's list policy that subscriptions from which a natural person is not
identifiable are auto-moderated. Apologies that this one slipped through.
Please can the poster identify themselves.
P Vixie wrote:
>Who is we?
>
>Why are we allowing role accounts to subscribe here?
>
>Who is intdnsops?
>
On 07/21/2014 01:57 PM, Keith Mitchell wrote:
> For those of you not already aware, many of OARC's services are
> being impacted by a significant DDoS attack against ISC who host most
> of our infrastructure. Please see below for a statement from them on
> this.
>
> We'
For those of you not already aware, many of OARC's services are being
impacted by a significant DDoS attack against ISC who host most of our
infrastructure. Please see below for a statement from them on this.
We've been seeing major packet loss to our systems hosted in Redwood
City, currently arou
sible if we do.
Keith
On 07/18/2014 09:17 AM, Keith Mitchell wrote:
> Unfortunately one of our (new) servers, ix2.dns-oarc.net, has suffered a
> major hardware failure, and is currently out of service. This means that
> number of OARC public-facing tools are not currently available
Unfortunately one of our (new) servers, ix2.dns-oarc.net, has suffered a
major hardware failure, and is currently out of service. This means that
number of OARC public-facing tools are not currently available:
- DODVR, Porttest, Reply Size Test, DLVtest, Don't Probe
Production services based on o
On 07/04/2014 07:44 AM, Stephane Bortzmeyer wrote:
> On Fri, Jul 04, 2014 at 06:00:48PM +0700, Roland Dobbins
> wrote a message of 23 lines which said:
>> and/or logging queries/responses out-of-band via packet-capture
>> taps, databases, etc.?
>
> Following OARC workshops, it seems many operat
As per the presentation on OARC systems at the Warsaw workshop:
https://indico.dns-oarc.net//getFile.py/access?contribId=32&resId=0&materialId=slides&confId=19
OARC's e-mail, including the mailman mailing lists, is the one last
thing we need to migrate from the legacy decade-old server t
On 05/10/2014 08:25 AM, Joe Abley wrote:
>>> For remote attendance, we plan to webcast the open workshop via
>>> Google Hangouts:
> https://www.youtube.com/watch?v=gwp57mcYVQ0
This URL is now an archive of yesterday's proceedings, for today's live
stream you need to watch:
https://www.youtube.
Couple of quick updates:
On 05/09/2014 10:34 AM, Keith Mitchell wrote:
> jabber remote participation at:
>
> xmpp:dns-operati...@conference.jabber.dns-oarc.net
Note this should be:
xmpp:dns-operati...@conference..dns-oarc.net
apologies for my typo.
> For remote at
Here's final information for OARC's Spring workshop and EGM this
weekend in Warsaw.
Saturday morning will be an OARC Extraordinary General Meeting starting
at 10:00AM, with formal business and content for OARC Members only. Note
that this session will *not* be webcast.
The full workshop timetable
On 05/01/2014 01:00 PM, Stephane Bortzmeyer wrote:
> On Fri, May 02, 2014 at 01:48:59AM +0900,
> T.Suzuki wrote
>
>> Opened Pandora's box of Cache Poisoning
>> http://www.e-ontap.com/dns/endofdns-e.html
>>
>> Conclusions of this report:
>
> I'm confused. I expected a scientific/technical paper/
a potential social event
remain welcome - please contact if interested.
For accommodation, travel and venue information, please see the RIPE68
meeting site at:
https://ripe68.ripe.net/venue/meeting-venue/
though note that discounted room rates end on Monday April 21st.
See you in Wars
IPE68
meeting site at:
https://ripe68.ripe.net/venue/meeting-venue/
Keith Mitchell
OARC President
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
This is a quick note to confirm that OARC's next DNS Operations Workshop
will be taking place in Warsaw, Poland, on the 10th and 11th May, at the
same location as the subsequent RIPE68 meeting.
At this point I'd refer you to our conference server,
https://indico.dns-oarc.net for further details. U
On 02/07/2014 12:17 PM, Tony Finch wrote:
> $ host clboh-dns-cac-307.ohiordc.rr.com
> clboh-dns-cac-307.ohiordc.rr.com has address 65.24.26.42
> clboh-dns-cac-307.ohiordc.rr.com has IPv6 address 2605:a000:200:16::a
(rrcs-70-61-238-78.central.biz.rr.com, only 20ms away, wonders how he
too can get a
On 01/29/2014 01:27 PM, Stefan wrote:
> I know this may sound a little odd, but have been struggling with
> trying to identify a good candidate for a DNS (& DHCP) migration of
> a large infrastructure, from Windows based environment, to a vendor
> based appliance (and keeping such as a full time
On 12/13/2013 09:21 AM, Emmanuel Thierry wrote:
> Does material exists to explicit graphically (in an ideal way) each
> specific key and DNSSEC records life cycle, in the same manner of
> section 4.4.2.2 ?
I'm not sure it's exactly what you are looking for, but you may find
this tool helpful:
On 10/22/2013 02:41 PM, Haya Shulman wrote:
>> Yes, but as I explained privately previously, there is no record
>> of this correspondence through official OARC channels - I did
>> request you re-send, but I don't have a copy of it.
>
> I am not sure what you mean by `official OARC channels`, I for
On 10/22/2013 10:52 AM, Haya Shulman wrote:
>> Disclosing such potential vulnerabilities remains valuable work,
>> but I think careful consideration needs to be applied to the
>> engineering economics of the best operational-world mitigation
>> approaches.
>
>
On 10/21/2013 11:04 AM, Colm MacCárthaigh wrote:
>> remembering that the vulnerabilities you are reporting and the
>> workarounds you're recommending will be judged according to
>> engineering economics. if we assume that dnssec is practical on a
>> wide enough scale that it could prevent the v
On 10/16/2013 03:24 AM, Warren Kumari wrote:
> Companies *seem*[1] to follow the trajectory of:
>
> 1: We have 1-10 employees, we'll just use whatever Netgear /
> Linksys someone had lying around / the DSL we ordered came with.
> This is largely a home network.
>
> 2: We now have 10-50 employees
Here's final information for the our AGM and Fall workshop for this
weekend in Phoenix.
Saturday morning will be OARC's Annual General Meeting, with formal
business and content targeted at OARC Members. The webcast for this is
closed, if you represent a member and did not get credentials and proxy
On 09/09/2013 06:07 AM, Haya Shulman wrote:
> For instance, DNS-OARC does not detect port prediction attacks, and
> reports clients as secure, while they are vulnerable to attacks.
OARC does many things, I assume here you are referring to our port
entropy tester:
https://www.dns-oarc.ne
dation bookings is Friday
20TH SEPTEMBER.
Please contact if you need further information,
look forward to seeing you in Phoenix !
Keith Mitchell
OARC President
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns
>> From: Doug Barton
>
>> As stated before, the problem is that after the "early adopter" period
>> is over we'll be stuck with NTAs forever. This is one of those
>> fundamental disagreements between those who believe that DNS should
>> always be forgiving of operator error, and those of us wh
DNS-OARC is pleased to announce that its 2013 Fall Workshop and Member
AGM will take place in Phoenix, Arizona, USA on the 5th and 6th October.
This will be held in co-operation with the subsequent NANOG59 meeting,
and we're grateful to NANOG and ICANN for their support of our workshop.
OARC Work
On 06/14/2013 08:11 AM, Stephane Bortzmeyer wrote:
> On Fri, Jun 14, 2013 at 12:55:27PM +0100, Billy Glynn
> wrote a message of 52 lines which said:
>
>> The DNS-OARC website appears to be down...
>
> Down from 1150 UTC to 1205 UTC for maintenance.
Apologies for this - we're making good progres
Our Dublin workshop is proving to be packed, from both a content and
attendance point of view.
Our main themed session for the workshop is on the ever-topical subject
of open resolver-based attacks, with 4 speakers, chaired by Merike Kaeo
on Sunday afternoon. Much of Monday morning is devoted to t
On 04/18/2013 11:23 AM, Kaio Rafael wrote:
> Hi,
>
> I am looking for a DNS dataset for academic research. I have been
> studying .BR DNS dataset (DITL 2008 on DNS-OARC servers), however, I
> would like to investigate more recent traffic.
More recent DITL datasets are available from OARC, please
(With apologies for any duplication of this information)
We have now opened registration for our workshop in Dublin next month,
you can find full details, including a registration form and talks
approved to date at:
https://indico.dns-oarc.net/indico/conferenceDisplay.py?confId=0
Talks submitted
https://www.dns-oarc.net/oarc/workshop-201305
We gratefully acknowledge the sponsorship of this meeting by IEDR (.ie).
Keith Mitchell
President, DNS-OARC
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/m
Jason,
On 12/14/2012 01:01 PM, Sebastian Castro wrote:
> On 14/12/12 11:54, Jason Castonguay wrote:
>> Advisory — D-root is changing its IPv4 address on the 3rd of
>> January. The new IPv4 address for this authority is 199.7.91.13
>
> Also, do you have plans to capture traffic on a regular basi
Ayca Taskin (Garanti Teknoloji) wrote:
>> Well, that's zone transfers, so of course it will still work!
>>
>> You can even have your master server running BIND, and transferring
>> to other DNS servers (NSD, MS, ...) or the other way around.
>
> Yes we’re using BIND for primary and secondary DNS
84 matches
Mail list logo
