* j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 23:21 CEST]:
- Original Message -
From: "Niels Bakker"
To: nanog@nanog.org
Sent: Wednesday, October 2, 2019 1:42:08 PM
Subject: Re: This DNS over HTTP thing
* j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 19:30 CEST]:
Fro
Denis Fondras wrote:
What if primary.childzone.parentzone.example.com
is the primary for parentzone.example.com,
and childzone.parentzone.example.com?
In that specific case it looks like you are asking for trouble regardless of
address family :)
What? It's a typical configuration with glues
Denis Fondras wrote:
What? It's a typical configuration with glues.
For example, in my organization, ns1.noc.titech.ac.jp is the
primary for noc.titech.ac.jp and titech.ac.jp.
Sorry, you are right, I probably haven't understood.
A more artificial configuration is
primary1.childzone.par
On 02/10/2019 21:44, Masataka Ohta wrote:
> The Internet was working very well to suppress child porn by
> making video freely distributed, which made child porn industry
> a lot less profitable.
I will say this very clearly: abusing children for sexual gratification
doesn't stop when it is unpro
Tom Hill wrote:
The Internet was working very well to suppress child porn by
making video freely distributed, which made child porn industry
a lot less profitable.
I will say this very clearly: abusing children for sexual gratification
doesn't stop when it is unprofitable.
Sorry that the In
On 03/10/2019 12:11, Masataka Ohta wrote:
>> Sources, please. (Disclaimer: I'm in the UK.)
>
> John Levine already mentioned "Internet Watch Foundation".
Sure, but the IWF was always intended to stop people accessing
paedophilia accidentally. It has always been well understood for there
to be ma
Tom Hill wrote:
Sure, but the IWF was always intended to stop people accessing
paedophilia accidentally.
Then, though you wrote:
> It also aides the normalisation of an entirely detestable practice.
IWF does not aide so.
look as if you were suggesting that in the UK we are very successful
On 10/2/19 9:51 PM, Mark Andrews wrote:
> What part of BCP-38 do you think needs to be updated to support IPv6?
>
> Changing the examples to use IPv6 documentation prefixes instead of IPv4
> documentation prefixes?
For a start, *add* IPv6 examples in parallel with the IPv4 examples. As
RFCs are
On 03/10/2019 15:51, Stephen Satchell wrote:
> For a start, *add* IPv6 examples in parallel with the IPv4 examples.
1000 times +1
We need (much) more IPv6 examples!
--
Marco
(pushing for IPv6 examples since 2007 or so
like in: https://youtu.be/OLEizGPoB5w?t=30)
On 03/10/2019 13:36, Masataka Ohta wrote:
>> It also aides the normalisation of an entirely detestable practice.
>
> IWF does not aide so.
No, the normalisation of an entirely detestable practice comes from the
opposite of IWF involvement; you suggested that we should permit child
pornography on
I don’t think the issue is the readability of the addresses (although hex does
confuse some people), mainly it is the length and ability to deal with any
string of numbers that long for a human, and I do realize that you can do
static addressing in IPv6 (but I sure would not want to since the ma
On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
> It appears that the only parallel paper for IPv6 is
> draft-ietf-v6ops-ipv6rtr-reqs-04, _Requirements for IPv6 Routers_, which
> currently carries a copyright of 2018. It's a shame that this document
> is still in limbo; witness this quote: "
On 10/2/19 10:27 PM, Masataka Ohta wrote:
The tricky part is in converting a domain name of a
primary nameserver to IP addresses, when the IP
addresses of the primary nameserver changes.
If the primary nameserver ask DNS its IP address
to send an update request to itself, it will get
old addre
Yes, obviously they are trying multiple levers--but who gets to draw the
line, where are they going to draw it, and why do they get to decide for me?
What prevents an absurd 'solution' like "We can not only stop child
molestation, but rape in general if we just castrate everyone" from being
one of
> At some point over night on 30th September (i.e. the night going into 1st
> October), we saw a number of Spectrum (Charter) customers stop handling
> fragmented UDP packets
To bring this thread to a close, Charter kindly investigated and fixed the
issue. It was caused by a change to their net
>Another misconception. Humans (by and large) count in decimal, base 10.
>IPv4 is not that. It only LOOKS like that. In fact, the similarity to familiar
>decimal numbers is one of the reasons that people who are new to networking
>stumble early on, find CIDR challenging, etc.
Go ahead and read
> On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
>
> Someone else mentioned that "IPv6 has been around for 25 years, and why
> is it taking so long for everyone to adopt it?" I present as evidence
> the lack of a formally-released requirements RFC for IPv6. It suggests
> that the "scien
On 10/3/19 8:42 AM, Fred Baker wrote:
>
>
>> On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
>>
>> Someone else mentioned that "IPv6 has been around for 25 years, and why
>> is it taking so long for everyone to adopt it?" I present as evidence
>> the lack of a formally-released requirements
On 10/3/19 8:22 AM, Fred Baker wrote:
> Speaking as v6ops chair and the editor of record for 1812.
> draft-ietf-v6ops-ipv6rtr-reqs kind of fell apart; it was intended to be
> an 1812-like document and adopted as such, but many of the
> "requirements" that came out of it were specific to the author'
Sent from my iPad
> On Oct 3, 2019, at 12:14 PM, Stephen Satchell wrote:
>
> On 10/3/19 8:42 AM, Fred Baker wrote:
>>
>>
On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
>>>
>>> Someone else mentioned that "IPv6 has been around for 25 years, and why
>>> is it taking so long for ev
On Oct 3, 2019, at 12:30 PM, Stephen Satchell wrote:
>
> On 10/3/19 8:22 AM, Fred Baker wrote:
>> And on lists like this, I am told that there is no deployment - that
>> nobody wants it, and anyone that disagrees with that assessment has
>> lost his or her mind. That all leaves me wondering whic
Masataka Ohta wrote:
>
>Livingood, Jason wrote:
>
>> The challenge of course is that in the absence of a silver bullet
>> solution, that people working to combat all forms of childsorship
>> exploitation are simultaneously trying several things, ranging from
>> going to the source as you suggest
Power DNS has a ha proxy/load balancer that does dns over https. That way
you're not limited to google's and cloudflare's dns servers which exist to
drive advertising to you and give a single shource for tracking.
dns over https: feh
On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth wrote:
> ---
Might I suggest using PowerDNS's dinsdist. it's an ha proxy that you can
put in front of your recursors and It implements dns over https if you want
it to. It's open sources and ensures that you're not limited to Google's
or Cloudflare's servers which exist to drive advertising at you (I've seen
You might recommend that to me if running DNS tunnelled through another
protocol was a thing I wanted to do.
But it's not. I think it's horrible Internet engineering hygiene, and I don't
just not want to do it myself, I don't think anybody else ought to do it
either.
And I think that if end-
On 10/2/19 15:03, Naslund, Steve wrote:
In my experience, the biggest hurdle to installing a pure IPv6 has
nothing to do with network gear or network engineers. That stuff I
expect to support v6. This biggest hurdle is the dumb stuff like
machinery interfaces, surveillance devices, the must h
hi,
the old UK reverse name notation actually comes from some sensible
ideas - firstly from the big-endian processing methods - but also the
most important part of the address
comes first - ideal for global routing decisions early. who cares
about the actual hostname , get to the actual TLD ;-)
a
hi,
> Go ahead and read your v4 address over the phone and then do the same with
> your v6 address. Which is easier? I do understand all about these addresses
> both being binary underneath ( I've been doing this for over 30 years now).
> However it is much easier to communicate using four d
Thank God for DNS ;)
-aaron
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Alan Buxey
Sent: Thursday, October 3, 2019 2:22 PM
To: Naslund, Steve
Cc: nanog@nanog.org
Subject: Re: IPv6 Pain Experiment
hi,
> Go ahead and read your v4 address over the phone a
In article ,
Stephen Satchell wrote:
My AT&T cell phone has both IPv4 and IPv6 addresses. The IPv4 address
is from my access point; the IPv6 address appears to be a public address.
My AT&T cellphone (via MVNO Tracfone) has a 10/8 IPv4 address and IPv6
address 2600:380:28be:8b34:2504:2096:6ac
Recently, someone alleged wrote wrote:
> It is hard to make the case to eliminate v4 in use cases where it is working
> perfectly fine (especially RFC1918 inside an enterprise).
In light of multiple past mergers of existing IPv4 RFC1918 networks resulting
from company acquisitions and mergers,
On Thu, 03 Oct 2019 20:11:23 +0100, Alan Buxey said:
> trivial-ish (these days) - you have so much choice...and eventually
> decent routers doing SLAAC will finally be able to serve
> other details such as DNS/time/etc via SLAAC - servers? give them
Well... if you want that...
> that gets me on
> On 4 Oct 2019, at 4:35 am, Seth Mattinen wrote:
>
> On 10/2/19 15:03, Naslund, Steve wrote:
>> In my experience, the biggest hurdle to installing a pure IPv6 has nothing
>> to do with network gear or network engineers. That stuff I expect to
>> support v6. This biggest hurdle is the dumb
On Thu, Oct 3, 2019 at 12:40 PM John R. Levine wrote:
> In article ,
> Stephen Satchell wrote:
> > My AT&T cell phone has both IPv4 and IPv6 addresses. The IPv4 address
> > is from my access point; the IPv6 address appears to be a public address.
>
> My AT&T cellphone (via MVNO Tracfone) has a
On 10/3/19 13:13, Mark Andrews wrote:
On 4 Oct 2019, at 4:35 am, Seth Mattinen wrote:
On 10/2/19 15:03, Naslund, Steve wrote:
In my experience, the biggest hurdle to installing a pure IPv6 has nothing to
do with network gear or network engineers. That stuff I expect to support v6.
This b
> On 4 Oct 2019, at 12:10 am, Marco Davids (Private) via NANOG
> wrote:
>
>
> On 03/10/2019 15:51, Stephen Satchell wrote:
>
>> For a start, *add* IPv6 examples in parallel with the IPv4 examples.
>
> 1000 times +1
>
> We need (much) more IPv6 examples!
Have you read BCP-38? Is there an
On Thursday, 3 October, 2019 11:50, Fred Baker wrote:
> A security geek would be all over me - "too many clues!".
Anyone who says something like that is not a "security geek". They are a
"security poser", interested primarily in "security by obscurity" and "security
theatre", and have no
On Thu, 03 Oct 2019 15:28:30 -0600, "Keith Medcalf" said:
> On Thursday, 3 October, 2019 11:50, Fred Baker
> wrote:
> > A security geek would be all over me - "too many clues!".
> Anyone who says something like that is not a "security geek". They are a
> "security poser", interested primarily i
Auto generated VPC in AWS use RFC1819 addresses. This should not interfere
with pub up space.
What is the exact issue? If you can't ping something in AWS chances are
it's a security group blocking you.
On Tue, Oct 1, 2019, 7:00 PM Jim Popovitch via NANOG
wrote:
> On October 1, 2019 9:39:03 PM
--- aar...@gvtc.com wrote:
From: "Aaron Gould"
Thank God for DNS ;)
No, just Paul Mockapetris... :-)
https://en.wikipedia.org/wiki/Paul_Mockapetris
scott
On 10/3/19 2:07 PM, Mark Andrews wrote:
> Now IPv6 examples are nice but getting several 1000’s people to read draft
> that
> just add addresses in the range 2001:DB8::/32 instead of 11.0.0.0/8,
> 12.0.0.0/8
> and 204.69.207.0/24, then to get the RFC editor to publish it is quite frankly
> is a w
Stephen Satchell wrote:
You still need a IPv6 version of RFC 1812. Make it as clean as
possible. Use an ax instead of a XACTO knife on the current draft.
What is the minimum necessary things that a generic IPv6 router MUST do?
As for requirements for IPv6 routers, how do you think about the
On Thu, Oct 03, 2019 at 03:20:50PM +, Naslund, Steve wrote:
> Can you imagine keeping those v6 addresses in your head the same way?
I don't have to imagine, I do it on a daily basis. Doesn't seem to cause me
any grief.
In my experience, IPv4 addresses which need to be used directly on a regu
Yep I see this on AT&t's post paid network with my Pixel 3A XL as well, one
place I really noticed it causing issues is with Facebook and Instagram
where Facebook requires constant captions to view any Facebook links I
receive and embedded Instagram content in news articles and things of that
natur
In article
you write:
>that gets me on to my small annoyance... /64 bit subnet masks for
>local networks. really?
Yup.
> ALL of that address space and then throw such
>a large range away on subnets commonly populated
>with no more than a couple of hundred clients...maybe a few thousand
>at wors
Doug Barton wrote:
Not if you configure your services (like DNS) with static addresses,
which as we've already discussed is not only possible, but easy.
That's your opinion. But, as Mark Andrews said:
> Actually you can do exactly the same thing for glue.
I show it not so easy.
> Please sto
- Original Message -
> From: "Niels Bakker"
> * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 23:21 CEST]:
>>- Original Message -
>>> From: "Niels Bakker"
>>
>>> * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 19:30 CEST]:
> From: "Livingood, Jason"
> What
On 10/3/19 5:34 PM, John Levine wrote:
In article
you write:
that gets me on to my small annoyance... /64 bit subnet masks for
local networks. really?
Yup.
Making everything is a /64 is the best because means never again having
to waste brain cycles on right-sizing subnets. And the total
In article
you write:
>Doug Barton wrote:
>
>> Not if you configure your services (like DNS) with static addresses,
>> which as we've already discussed is not only possible, but easy.
Yup.
>Automatic renumbering involving DNS was important design goal
>of IPv6 with reasons.
News flash: nobody
> On 4 Oct 2019, at 10:35 am, Masataka Ohta
> wrote:
>
> Doug Barton wrote:
>
>> Not if you configure your services (like DNS) with static addresses,which as
>> we've already discussed is not only possible, but easy.
>
> That's your opinion. But, as Mark Andrews said:
>
> > Actually you c
John Levine wrote:
Automatic renumbering involving DNS was important design goal
of IPv6 with reasons.
News flash: nobody used the A6 RRTYPE which was intended to support
IPv6 renumbering. In 2002, RFC 3363 made A6 experimental. In 2012,
RFC 6563 made A6 historic.
These days we all use ,
On 10/3/19 5:35 PM, Masataka Ohta wrote:
Doug Barton wrote:
Not if you configure your services (like DNS) with static
addresses,which as we've already discussed is not only possible, but
easy.
That's your opinion. But, as Mark Andrews said:
> Actually you can do exactly the same thing for
Hey, I posted this on r/networking and was advised to post on this list.
The small company I work for has a niche SaaS app and for the past week
Spectrum DNS servers have resolved the name to 127.0.0.54.
I found a Spectrum user on reddit to confirm the problem:
nslookup rightbridge.net dns-cac-lb
> Yep I see this on AT&t's post paid network with my Pixel 3A XL as well, one
> place I really noticed it causing issues is with Facebook and Instagram
> where Facebook requires constant captions to view any Facebook links I
> receive and embedded Instagram content in news articles and things of th
On Fri, 04 Oct 2019 08:20:22 +0900, Masataka Ohta said:
> As for requirements for IPv6 routers, how do you think about the
> following requirement by rfc4443?
3 Internet Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification. A. Conta, S. Deering, M. G
Mark Andrews wrote:
Please explain how
https://datatracker.ietf.org/doc/draft-andrews-dnsop-update-parent-zones/
would not work.
Update messages are designed to be forwarded and that includes signed
UPDATE messages be they TSIG or SIG(0). Named already forwards UPDATE
messages if your tell it
Doug Barton wrote:
Automatic renumbering involving DNS was important design goal
of IPv6 with reasons.
Lack of it is still a problem.
Meanwhile, the thing that most people miss about IPv6 is that except in
edge cases, you never have to renumber. You get a massive address block
that you can
I have a spectrum line in KCMO, I don't use their dns, but dhcp is passing me
209.18.47.61 and .63, and I'm seeing the exact same thing the reddit user you
quoted below is seeing. This is most definitely a spectrum issue.
I don't know Spectrum's dns setup, but these appear to be somewhere in T
Valdis Kletnieks wrote:
I suppose you never considered that in the 11 years intervening, we decided
that maybe things should be done differently.
I never considered?
I even know that it is called second system syndrome.
Do you?
Masataka Ohta
I'm going to reply in some detail to your points here because they are
very common arguments that have real answers. Those who have heard all
this before are free to move on. :)
You sound like someone who doesn't have experience with IPv6. I don't
intend any criticism, I'm simply saying that
Whether people make actual monetary profit off child porn is a red
herring.
Literally billions make postings to social media such as FB, Twitter,
(not child porn I mean in general) and very, very few get paid.
There are many reasons people might do this -- make child porn
available -- including
On 10/3/19 8:41 PM, Masataka Ohta wrote:
Doug Barton wrote:
Automatic renumbering involving DNS was important design goal
of IPv6 with reasons.
Lack of it is still a problem.
Meanwhile, the thing that most people miss about IPv6 is that except
in edge cases, you never have to renumber. You
On Oct 3, 2019, at 3:15 PM, Stephen Satchell wrote:
> You still need a IPv6 version of RFC 1812.
If we were to start with the current draft, I would probably want to start
over, and have people involved from multiple operators.
That said, let me give you some background on RFC 1812. The develop
63 matches
Mail list logo
