Re: validating reachability via an ISP

If your prefix is larger than /24 you can test with a more specific prefix such as a /24. Announce the test prefix on just one transit provider. Then check with BGP services such as the looking glass service provided by the NLNOG RING network. There will be no interruption in the traffic as it wil

Re: validating reachability via an ISP

Also the only traffic you will be receiving on the other provider will be from parties that did not pick up the more specific prefix. It should therefore be really obvious. You should not receive any traffic at all, not even from the transit provider. Regards, Baldur Den tor. 29. mar. 2018 10.4

Re: Yet another Quadruple DNS?

David Ulevitch wrote: > https://twitter.com/eastdakota/status/970214433598275584 > https://twitter.com/eastdakota/status/970359846548549632 Also the very amusing https://twitter.com/eastdakota/status/970359846548549632 Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Heb

Re: Yet another Quadruple DNS?

On Wed, Mar 28, 2018 at 11:16:15PM +0300, DaKnOb wrote a message of 25 lines which said: > Out of 1,000 RIPE Atlas Probes, only 34 report it as unreachable. It's still a lot for IPv4. And it measures ony filtering, not hijacking (which seems to exist, some probes get a DNS reply without the A

Re: Yet another Quadruple DNS?

Why do we need this? We already have 8.8.8.8 and 8.8.4.4. And any reputable company or ISP should be running their own. What purpose would this serve?

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 12:16:48PM +0100, Tony Finch wrote a message of 15 lines which said: > Also the very amusing > > https://twitter.com/eastdakota/status/970359846548549632 Less amusing, for a DNS service, the brokenness of reverse service: % dig -x 1.1.1.1 ; <<>> DiG 9.10.3-P4-Debian

Re: Yet another Quadruple DNS?

Oddly, Matt, we agree again. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Matt Hoppes" To: "Stephane Bortzmeyer" Cc: "NANOG list" Sent: Thursday, March 29, 2018 6:33:08 AM Subject: Re: Yet an

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:33:08AM -0400, Matt Hoppes wrote a message of 7 lines which said: > We already have 8.8.8.8 and 8.8.4.4. And 9.9.9.9 and several others public DNS resolvers. > And any reputable company or ISP should be running their own. I fully agree. > What purpose would this

Re: Yet another Quadruple DNS?

Cloudflare’s website provides some more information: https://1.1.1.1/ According to Cloudflare’s CEO, we’ll have more news on 1/4, so in a few days. https://twitter.com/eastdakota/status/979257292938911744 From their website I can see that it is a low latency and privacy orient

Re: Yet another Quadruple DNS?

On 2018-03-29, Stephane Bortzmeyer sent: > On Thu, Mar 29, 2018 at 07:33:08AM -0400, > Matt Hoppes wrote > a message of 7 lines which said: > > > We already have 8.8.8.8 and 8.8.4.4. > > And 9.9.9.9 and several others public DNS resolvers. I think the real question is "when are we going to

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 9:07 AM, Chip Marshall wrote: > I think the real question is "when are we going to get some memorable > IPv6 public recursive DNS servers?" > > 2001:4860:4860:: or 2620:fe::fe just aren't quite as catchy as > 8.8.8.8 or 9.9.9.9. >From https://1.1.1.1/: For IPv6: *20

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 01:07:58PM +, Chip Marshall wrote: > I think the real question is "when are we going to get some memorable > IPv6 public recursive DNS servers?" No, the real question is: why do you find it desirable to centralize a distributed service? -- . ___ ___ . . ___ . \

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 6:38 AM, Izaac wrote: > > On Thu, Mar 29, 2018 at 01:07:58PM +, Chip Marshall wrote: >> I think the real question is "when are we going to get some memorable >> IPv6 public recursive DNS servers?" > > No, the real question is: why do you find it desirable to centraliz

aol login problems - my.screenname.aol.com

When going to aol.com and click "login/join" in top-right corner, brings you to a login page. when I try to login, I get nothing. just tries and tries to take me to the next page, which seems to be my.screenname.aol.com. but it never gets there. If I try from different subnets in my network, it do

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 09:38:09AM -0400, Izaac wrote: > No, the real question is: why do you find it desirable to centralize a > distributed service? I believe that centralized DNS resolvers such as 8.8.8.8 are of benefit to those folks who can't run their own recursive resolver because of OS, ha

Re: Yet another Quadruple DNS?

Once upon a time, Brian Kantor said: > I believe that centralized DNS resolvers such as 8.8.8.8 are of > benefit to those folks who can't run their own recursive resolver > because of OS, hardware, or skill limitations, and yet do not trust > the ones provided by their ISPs. I've never really und

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:01:59AM -0700, Brian Kantor wrote: > do not trust the ones provided by their ISPs. Ohhh! Is that a thing? Network operators doing crazy shit like throwing A records to local machines instead of NXDOMAIN in order to splash advertising at users? Imagine users getting so

Re: Yet another Quadruple DNS?

On 3/29/18 7:17 AM, Izaac wrote: And I'd really like not to enrich my ISP's trove of information about my browsing habits by them recording all my DNS lookups. Of course, 9.9.9.9 could be collecting that information, but they're in less of a position to insert ads than my cableco is. Don't worr

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 10:19 AM, Seth Mattinen wrote: > > On 3/29/18 7:17 AM, Izaac wrote: >>> And I'd really like not to enrich my ISP's trove of information about >>> my browsing habits by them recording all my DNS lookups. Of course, >>> 9.9.9.9 could be collecting that information, but they

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote: > I've never really understood this - if you don't trust your ISP's DNS, > why would you trust them not to transparently intercept any well-known > third-party DNS? Of course they could. But it's testable; experiments show that they are

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 07:01:59AM -0700, Brian Kantor wrote a message of 20 lines which said: > I believe that centralized DNS resolvers such as 8.8.8.8 are of > benefit to those folks who can't run their own recursive resolver > because of OS, hardware, Hardware is not a real problem. A Ras

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote a message of 12 lines which said: > I've never really understood this - if you don't trust your ISP's > DNS, why would you trust them not to transparently intercept any > well-known third-party DNS? Technically, tweaking your DNS res

Re: Yet another Quadruple DNS?

On 3/29/18 7:24 AM, Stephane Bortzmeyer wrote: That's certainly a more important issue. Even when someone has skills, he or she may not have the time and inclination to do system administration at home. The solution is proper packaging of this DNS function in ready-made boxes such as the Turris O

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 9:07 AM, Chip Marshall > wrote: > > ... > I think the real question is "when are we going to get some memorable > IPv6 public recursive DNS servers?" > > 2001:4860:4860:: or 2620:fe::fe just aren't quite as catchy as > 8.8.8.8 or 9.9.9.9. >

Re: validating reachability via an ISP

On Wed, Mar 28, 2018 at 7:22 PM, Andy Litzinger wrote: > Hi all, > I have an enterprise network and do not provide transit. In one of our > datacenters we have our own prefixes and rely on two ISPs as BGP neighbors > to provide global reachability for our prefixes. One is a large regional > pro

Re: Yet another Quadruple DNS?

> \On Mar 29, 2018, at 7:27 AM, Brian Kantor wrote: > > On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote: >> I've never really understood this - if you don't trust your ISP's DNS, >> why would you trust them not to transparently intercept any well-known >> third-party DNS? > > Of cour

Re: Yet another Quadruple DNS?

Along these same lines, we have a service that captures all DNS requests regardless the server(only non-TLS, albeit), that people pay $9.99/mo for, so they definitely want this.. We just NAT all requests to Open DNS servers to provide internet filtering as a service. It would be arbitrarily trivial

Re: Yet another Quadruple DNS?

> On Mar 29, 2018, at 7:01 AM, Brian Kantor wrote: > > I use 9.9.9.9 for my home desktop to avoid the interception of my > DNS queries by my cable company. I'd very much rather get an > NXDOMAIN than a connection to some web server that wants to offer > me a "helpful" web page, even when I'm r

Re: Yet another Quadruple DNS?

exactly. intercept/inject? why. an ISP can just run its own standard DNS servers on 8.8.8.8 and 8.8.4.4 and point their customers to those - they own their routing space, they can just route to those locallyso anyone thinking they can avoid their ISP by choosing some other addresses are mistak

Re: validating reachability via an ISP

Hi Andy, You can use Qrator.Radar API: https://api.radar.qrator.net/. The get-all-paths method will return the set of active paths for selected prefix. 2018-03-29 2:22 GMT+03:00 Andy Litzinger : > Hi all, > I have an enterprise network and do not provide transit. In one of our > datacenters w

RIPE NCC Global IPv6 Deployment Survey

Hi, just a little reminder that there are a few days left to help the RIPE NCC by filling up our Global IPv6 Deployment Survey. We have already received a considerable amount of responses, but would like to hear from more people. The goal of the survey is to get an overview of IPv6 deployment a

Re: Yet another Quadruple DNS?

From 1.1.1.1 website: Cloudflare DNS resolver: ** * For IPv4:*1.1.1.1*and/or*1.0.0.1* * For IPv6:*2001:2001::*and/or*2001:2001:2001::* Its catchy enough for IPV6 :). On 29.3.2018 15:07, Chip Marshall wrote: I think the real question is "when are we going to get some memorable IPv6 public re

Re: Yet another Quadruple DNS?

On Thu, Mar 29, 2018 at 9:27 AM, Brian Kantor wrote: > Of course they could. But it's testable; experiments show that they > aren't doing so currently. Some of the recursive DNS providers support a protocol called DNSCrypt for authenticating data between the client and the recursive nameserve

Re: Yet another Quadruple DNS?

> > > Technically, tweaking your DNS resolver to lie (and/or to log) is much > easier and faster (and way less expensive) than setting up a > packet interception and rewriting device at line rate. > It is just a static /32 route for well known DNS resolvers to the ISP resolver. It is free and

Re: Yet another Quadruple DNS?

On 29/03/2018 17:23, Jared Mauch wrote: >> On Mar 29, 2018, at 10:19 AM, Seth Mattinen wrote: >> >> On 3/29/18 7:17 AM, Izaac wrote: And I'd really like not to enrich my ISP's trove of information about my browsing habits by them recording all my DNS lookups. Of course, 9.9.9.9 cou

Re: Yet another Quadruple DNS?

Who's got visible projects looking to detect this from various points/regimes on the internet? (University of Toronto's IXMaps group whom I advised a few times over the years did something similar for routes, not that BGPlay isnt out there, but they translated it into human as a sociology project

Re: Yet another Quadruple DNS?

In regards to: spoofing DNS to 8.8.8.8 et al On 03/29/2018 09:26 AM, Baldur Norddahl wrote: Running your own resolver will not work. Why won't it work? I run a Linux box with BIND 9 set up as a recursive resolver. Are you saying that the rogues will also capture requests to the root DNS se

Re: Yet another Quadruple DNS?

On 3/29/18 10:59 AM, Stephen Satchell wrote: > In regards to: spoofing DNS to 8.8.8.8 et al > > On 03/29/2018 09:26 AM, Baldur Norddahl wrote: >> Running your own resolver will not work. > > Why won't it work?  I run a Linux box with BIND 9 set up as a > recursive resolver.  Are you saying that t

Fwd: [vi...@isc.org: Planning to stop exporting BIND libraries]

Forwarding here to expose it to a larger, possibly-interested audience. ---rsk - Forwarded message from Victoria Risk - > From: Victoria Risk > Date: Fri, 23 Mar 2018 12:30:26 + > To: bind-annou...@lists.isc.org > Subject: Planning to stop exporting BIND libraries > > BIND currentl

Re: Re: Yet another Quadruple DNS?

Is it just me, or is there a problem with the website? I get a nginx 403 Forbidden error when trying to access it. Regards, Filip > > On 29 Mar 2018 at 2:41 pm,wrote: > > > Cloudflare’s website provides some more information: https://1.1.1.1/

Re: Yet another Quadruple DNS?

> Is it just me, or is there a problem with the website? I get a nginx 403 > Forbidden error when trying to access it. > > > > Regards, > Filip I can verify it was working, but they might have gotten hammered after this thread. Still curious how they got a SSL cert for an IP address

Re: Yet another Quadruple DNS?

* eric-l...@truenet.com (Eric Tykwinski) [Fri 30 Mar 2018, 02:11 CEST]: Still curious how they got a SSL cert for an IP address, as that was definitely interesting to me. https://cabforum.org/guidance-ip-addresses-certificates/ -- Niels. --