On Oct 16, 2013, at 9:41 AM, David Conrad wrote:
> Florian,
>
> On Oct 15, 2013, at 10:24 PM, Florian Weimer wrote:
>> There's a tendency to selectively block DNS traffic, which can be a
>> pain to debug.
>
> True. Hate that. A lot.
>
>> Various network issues might only affect DNS recurso
On Oct 15, 2013, at 7:28 PM, Vernon Schryver wrote:
>> Folks like Comcast have large validating resolvers. Their customers should
>> use them. Folks here are surely going to do the right thing the majority of
>> the time. The vast majority of others are going to set things up once and
>> i
Hi,
Since october the 12th, 2013, starting at approximately 16:00 UTC, we see a
massive increase in type A6 queries. This is not due to a single resolver, but
due to several resolver exhibiting the same behaviour. We're investigating, but
want to alert the TLD community while asking for help as
On Oct 16, 2013, at 10:59 AM, Jared Mauch wrote:
>
> On Oct 15, 2013, at 7:28 PM, Vernon Schryver wrote:
>
>>> Folks like Comcast have large validating resolvers. Their customers should
>>> use them. Folks here are surely going to do the right thing the majority
>>> of the time. The vast
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Roy,
On 10/16/13 11:43 AM, Roy Arends wrote:
> Since october the 12th, 2013, starting at approximately 16:00 UTC,
> we see a massive increase in type A6 queries.
No, we don't see that phenomenon for .nl.
Regards,
- --
Marco
-BEGIN PGP SIG
On 14.10.13 19:08, Paul Hoffman wrote:
A fictitious 100-person company has an IT staff of 2 who have average IT
talents. They run some local servers, and they have adequate connectivity for
the company's offices through an average large ISP.
Should that company run its own recursive resolver
On 14.10.13 21:46, Doug Barton wrote:
We of the DNS literati tend to forget just how difficult this stuff
really is, and how hard it is for companies to prioritize spending
money on things that usually "just work." I can't count the number of
times I got "emergency" calls when I was consult
I think the problem with a "DNS appliance" is that it becomes an open DNS
resolver, unless it is configured to know the subnet(s) used internally,
and updated every time that changes. I don't think the firewall could
reasonably be asked to block only recursive DNS traffic, although perhaps
it cou
1;3202;0c
On Wed, Oct 16, 2013 at 09:43:56AM +0100, Roy Arends wrote:
> Since october the 12th, 2013, starting at approximately 16:00 UTC,
> we see a massive increase in type A6 queries. This is not due to a
> single resolver, but due to several resolver exhibiting the same
> behaviour. We're inv
On Oct 16, 2013, at 2:24 AM, Warren Kumari wrote:
> Companies *seem*[1] to follow the trajectory of:
> 1: We have 1-10 employees, we'll just use whatever Netgear / Linksys someone
> had lying around / the DSL we ordered came with. This is largely a home
> network.
>
> 2: We now have 10-50 empl
-Original Message-
From: Chris Boyd
Date: Wednesday, October 16, 2013 10:06 AM
To: "dns-operati...@mail.dns-oarc.net Operations"
Subject: Re: [dns-operations] Should medium-sized companies run their
own recursive resolver?
>
>On Oct 16, 2013, at 2:24 AM, Warren Kumari wrote:
>
>> Co
> From: Jared Mauch
> > phones, and other devices behind a NAT router owned by and remotely
> > maintained by Comcast. Instead the question concerned a business with
> > 2 IT professionals. Relying on distant DNS servers is negligent and
> > grossly incompetent for a professionally run network.
-Original Message-
From: Jared Mauch
Date: Wednesday, October 16, 2013 3:59 AM
To: Vernon Schryver
Cc: "dns-operati...@mail.dns-oarc.net"
Subject: Re: [dns-operations] Should medium-sized companies run their
own recursive resolver?
>
>On Oct 15, 2013, at 7:28 PM, Vernon Schryver w
On Oct 16, 2013, at 11:43, Roy Arends wrote:
> Hi,
>
> Since october the 12th, 2013, starting at approximately 16:00 UTC, we see a
> massive increase in type A6 queries. This is not due to a single resolver,
> but due to several resolver exhibiting the same behaviour. We're
> investigating, bu
> From: Bob Harold
> I think the problem with a "DNS appliance" is that it becomes an open DNS
> resolver, unless it is configured to know the subnet(s) used internally,
> and updated every time that changes. I don't think the firewall could
> reasonably be asked to block only recursive DNS traff
On 10/16/2013 03:24 AM, Warren Kumari wrote:
> Companies *seem*[1] to follow the trajectory of:
>
> 1: We have 1-10 employees, we'll just use whatever Netgear /
> Linksys someone had lying around / the DSL we ordered came with.
> This is largely a home network.
>
> 2: We now have 10-50 employees
On 2013-10-16, at 11:11, Keith Mitchell wrote:
> Isn't there now:
>
> 0: We have no internal IT infrastructure. Everyone BYODs, 4G/LTE on
> their mobile devices is faster and less hassle than running corporate
> broadband, and the internal workgroup collaboration all happens in 3rd
> party clou
(Just sending to dnsops as it seems all the right people are on this list.)
I don't know if this is still something that would interest us. He would like
us to continue to provide him packet captures if we take over the domains to
enable ongoing research.
I am less worried about the actual reso
Hi folks,
I sent this to the wrong list, my apologies. Please disregard.
kim
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/
> "PH" == Paul Hoffman writes:
PH> Should that company run its own recursive resolver for its
PH> employees, or should it continue to rely on its ISP?
*Every* site should run its own (preferably verifying) resolver.
-JimC
--
James Cloos OpenPGP: 1024D/ED7DAEA6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/16/2013 1:44 PM, James Cloos wrote:
>> "PH" == Paul Hoffman writes:
> PH> Should that company run its own recursive resolver for its
> PH> employees, or should it continue to rely on its ISP?
>
> *Every* site should run its own (preferabl
Comcast doesn't give me broken name servers to use, there is no cognitive
dissonance here :-)
You are a DNS expert. Most end users when DNS fails think everything has
failed, including the network.
I type URLs into my browser. Do you know how many people type google into the
google search box?
Yes, configuring bind is harder than it seems. Same for routers. :-)
> On Oct 16, 2013, at 10:58 AM, "Mike Hoskins (michoski)"
> wrote:
>
>
> I get your point, but also disagree with the subset of folks who maintain
> DNS is so hard... Really? You can install, configure and keep an AD
> fore
Understanding how this works is not networking or DNS 101. Limiting the scope
with TTL isn't that easy.
Can you point someone at docs for how to do that in a point and click fashion?
> On Oct 16, 2013, at 11:03 AM, Vernon Schryver wrote:
>
> There is a trivial and easy way to keep a recursive
> On Oct 16, 2013, at 4:58 PM, Paul Ferguson wrote:
>
>
>
> I have no problem with that as long as they are not open resolvers -- we
> already have somewhere in the neighborhood of 28-30 million of them that
> pose a direct threat to the health & wellbeing of the Internet at-large
> because t
> "PF" == Paul Ferguson writes:
JC>> *Every* site should run its own (preferably verifying) resolver.
PF> I have no problem with that as long as they are not open resolvers
Of course.
Most such devices will be behind a NAT router anyway. At least for now.
And I expect that when v6 is th
> From: Jared Mauch
> Understanding how this works is not networking or DNS 101. Limiting
> the scope with TTL isn't that easy.
>
> Can you point someone at docs for how to do that in a point and click fashion?
Can you address the issues instead of dragging in irrelevancies?
The operating syste
27 matches
Mail list logo
