Hello Have you tried https://github.com/blblack/gdnsd you can view usage at http://www.youtube.com/watch?v=WF75IGx9svM art On Mar 21, 2013, at 7:00 AM, nanog-request@nanog.org wrote:
Send NANOG mailing list submissions to nanog@nanog.org
To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-request@nanog.org
You can reach the person managing the list at nanog-owner@nanog.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..."
Today's Topics:
1. Re: Why are there no GeoDNS solutions anywhere in sight? (Constantine A. Murenin) 2. Re: routing table go boom (Randy Bush) 3. 2012 internet census (Randy Bush) 4. Re: Why are there no GeoDNS solutions anywhere in sight? (Simon Lyall) 5. Re: Why are there no GeoDNS solutions anywhere in sight? (bmanning@vacation.karoshi.com) 6. Cisco password implementation trubs: weakened strength? (jamie rishaw) 7. Re: Cisco password implementation trubs: weakened strength? (Nick Hilliard) 8. Re: Cisco password implementation trubs: weakened strength? (Jimmy Hess) 9. Re: Why are there no GeoDNS solutions anywhere in sight? (Masataka Ohta)
----------------------------------------------------------------------
Message: 1 Date: Thu, 21 Mar 2013 00:23:02 -0700 From: "Constantine A. Murenin" <mureninc@gmail.com> To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Cc: nanog@nanog.org Subject: Re: Why are there no GeoDNS solutions anywhere in sight? Message-ID: <CAPKkNb4g++KaXmJ9Y5N-0J2Dt+P7Yn_xMvxcr7viThh4rf6rMQ@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
On 20 March 2013 21:29, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Constantine A. Murenin wrote:
Why even stop there: all modern browsers usually know the exact location of the user, often with street-level accuracy.
If you think mobile, they don't, especially because "often" is not at all "enough times".
Are you suggesting that geolocation is inaccurate enough to misplace Europe with Asia?
Why is there no way to do any of this?
Because it is impractical to assume an IP address can be mapped uniquely to a geolocation.
Why is it impractical? If I have a server in Germany and in Quebec, why would it be impractical to have the logic in place such that European visitors would be contacting the server in Germany, and visitors from US/Canada -- the one in Quebec?
C.
------------------------------
Message: 2 Date: Thu, 21 Mar 2013 09:23:08 +0200 From: Randy Bush <randy@psg.com> To: Jared Mauch <jared@puck.nether.net> Cc: nanog@nanog.org Subject: Re: routing table go boom Message-ID: <m2sj3pb4ir.wl%randy@psg.com> Content-Type: text/plain; charset=US-ASCII
I certainly think there's a lot that can be done at middle-layers, eg: tunnels to a few different providers. I can be on a Comcast CM and ATT DSL link and establish a link to a tunnel destination in Chicago that is low-latency for me and the bits will all flow that way.
The last mile loop problem though?
sweden and japan, among others, have some experiences (good and mediocre) in this area
randy
------------------------------
Message: 3 Date: Thu, 21 Mar 2013 10:24:51 +0200 From: Randy Bush <randy@psg.com> To: North American Network Operators' Group <nanog@nanog.org> Subject: 2012 internet census Message-ID: <m2ppytb1nw.wl%randy@psg.com> Content-Type: text/plain; charset=US-ASCII
nice piece of work
http://internetcensus2012.bitbucket.org/paper.html
as cristel says, better coverage than atlas and no need for user credits! :)
randy
------------------------------
Message: 4 Date: Thu, 21 Mar 2013 21:26:46 +1300 (NZDT) From: Simon Lyall <simon@darkmere.gen.nz> To: nanog@nanog.org Subject: Re: Why are there no GeoDNS solutions anywhere in sight? Message-ID: <alpine.DEB.2.00.1303212112110.28564@green.darkmere.gen.nz> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Thu, 21 Mar 2013, Constantine A. Murenin wrote:
Why is it impractical? If I have a server in Germany and in Quebec, why would it be impractical to have the logic in place such that European visitors would be contacting the server in Germany, and visitors from US/Canada -- the one in Quebec?
But what if the server in Quebec is a little VPS on a 10Mb/s link while the one in Germany is a rack of servers on a 10Gb/s link?
What if I just want the server in Quebec to serve people from Canada and the one in Germany serves the rest of the world?
What if it is 4am in Quebec but 9am in Germany? (it is right now)
What if I have half a dozen pops worldwide?
What if I have 20? 200? 2000?
What is closer to a user in New Zealand, A Pop in Japan, Singapore or LA?
The main thing with GSLB is:
The little guys don't need it, The medium sized sites outsource, The big guys roll their own.
Personally I outsource and it works very well.
-- Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
------------------------------
Message: 5 Date: Thu, 21 Mar 2013 08:41:40 +0000 From: bmanning@vacation.karoshi.com To: "Constantine A. Murenin" <mureninc@gmail.com> Cc: nanog@nanog.org Subject: Re: Why are there no GeoDNS solutions anywhere in sight? Message-ID: <20130321084140.GB432@vacation.karoshi.com.> Content-Type: text/plain; charset=us-ascii
On Thu, Mar 21, 2013 at 12:23:02AM -0700, Constantine A. Murenin wrote:
On 20 March 2013 21:29, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Constantine A. Murenin wrote:
Why even stop there: all modern browsers usually know the exact location of the user, often with street-level accuracy.
If you think mobile, they don't, especially because "often" is not at all "enough times".
Are you suggesting that geolocation is inaccurate enough to misplace Europe with Asia?
last month, while in western australia, geoloc pegged me in utah. this morning, geoloc pegged me in Kansas, while resident in Maryland.
Why is there no way to do any of this?
Because it is impractical to assume an IP address can be mapped uniquely to a geolocation.
Why is it impractical? If I have a server in Germany and in Quebec, why would it be impractical to have the logic in place such that European visitors would be contacting the server in Germany, and visitors from US/Canada -- the one in Quebec?
C.
secure dynamic update works. waht is TWC's incentive to allow clients to update tjheir reverse DNS delegations, esp when clients are leaving them for T-Mobile?
your sugesting the cretion and deployment of something that already exists in the LOC RR. Your rational is that LOC isn't used. If thats the case, why would your proposal be any more successful?
/bill
------------------------------
Message: 6 Date: Thu, 21 Mar 2013 05:10:36 -0500 From: jamie rishaw <j@arpa.com> To: NANOG <nanog@nanog.org> Subject: Cisco password implementation trubs: weakened strength? Message-ID: <CABL6YZQFf9_e9va0J15kdz1np-Jv-jeZ1Vi9LPnNewGKwMzDNg@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
warning: I'm tired and this email is terse. warning: for huge nerds only. disclaimer: although I've worked with actual rocket scientists(hi Roger), I'm. not one myself..nor am I a crypto mathnerd
apparently, Cisco is changing its password schemas.
old: pbkdf2 by 1k, salted vs New: (type 4) unsalted sha256 .. discuss.?
there is a cert and Cisco sa on this.. but I'm wondering if anyone has any opinions, yea or nay.?
-j.
------------------------------
Message: 7 Date: Thu, 21 Mar 2013 10:57:02 +0000 From: Nick Hilliard <nick@foobar.org> To: nanog@nanog.org Subject: Re: Cisco password implementation trubs: weakened strength? Message-ID: <514AE77E.10705@foobar.org> Content-Type: text/plain; charset=ISO-8859-1
On 21/03/2013 10:10, jamie rishaw wrote:
apparently, Cisco is changing its password schemas.
old: pbkdf2 by 1k, salted vs New: (type 4) unsalted sha256 .. discuss.?
security advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-s...
which states:
Because of the issues discussed in this Security Response, Cisco is taking the following actions for future Cisco IOS and Cisco IOS XE releases:
Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE releases will not generate Type 4 passwords. However, to maintain backward compatibility, existing Type 4 passwords will be parsed and accepted. Customers will need to manually remove the existing Type 4 passwords from their configuration.
Kudos to Cisco - this was the right thing to do.
Nick
------------------------------
Message: 8 Date: Thu, 21 Mar 2013 06:22:52 -0500 From: Jimmy Hess <mysidia@gmail.com> To: jamie rishaw <j@arpa.com> Cc: NANOG <nanog@nanog.org> Subject: Re: Cisco password implementation trubs: weakened strength? Message-ID: <CAAAwwbVxUHr4v4O3_qqJHbXDTTaY0D0juMCNNbYOVGdzZS6ciA@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
On 3/21/13, jamie rishaw <j@arpa.com> wrote:
New: (type 4) unsalted sha256
Good for them; DES Crypt and MD5 crypt are dead... however, I hope they have misspoken then... because that move would make no sense... moving to simple unsalted SHA256 as the new hash type would definitely increase the performance of potential password cracking attempts against passwords stored at rest, instead of addressing the massive increase in cheap computing power (which will necessitate all software vendors who are concerned about stored password security, stop using older crypt algorithms yesterday).
In other words; they would be moving to a weaker hashing algorithm if selecting unsalted SHA -- more hashes per second of SHA256 could be computed per second on equivalent GPU than hashes per second of MD5 Crypt.
PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required for a password cracker); Bcrypt stronger than PBKDF2 with appropriate work factor selected (more time _and_ larger amounts of memory space required thwarting GPUs); etc.
Also, on what platform have they already used anything stronger than Unix crypt?
As far as I knew, Cisco were always using; 'type 7' password blobs vigenere based symmetric encryption with a factory-defined key, type 6 symmetric encrypted storage (with des/aes key obscured from view), or type 5 basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm used in FreeBSD.
I'm. not one myself..nor am I a crypto mathnerd apparently, Cisco is changing its password schemas. old: pbkdf2 by 1k, salted vs New: (type 4) unsalted sha256 .. discuss.?
there is a cert and Cisco sa on this.. but I'm wondering if anyone has any opinions, yea or nay.?
-- -JH
------------------------------
Message: 9 Date: Thu, 21 Mar 2013 20:36:36 +0900 From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> To: "Constantine A. Murenin" <mureninc@gmail.com> Cc: nanog@nanog.org Subject: Re: Why are there no GeoDNS solutions anywhere in sight? Message-ID: <514AF0C4.7000200@necom830.hpcl.titech.ac.jp> Content-Type: text/plain; charset=ISO-2022-JP
Constantine A. Murenin wrote:
Are you suggesting that geolocation is inaccurate enough to misplace Europe with Asia?
Yes, of course.
Think mobile.
Masataka Ohta
End of NANOG Digest, Vol 62, Issue 67 *************************************