From camin at ripe.net Tue Oct 17 10:39:18 2017 From: camin at ripe.net (Chris Amin) Date: Tue, 17 Oct 2017 10:39:18 +0200 Subject: [dns-wg] Decommissioned anchors replaced in DNSMON Message-ID: <7721cbfa-0cc0-1463-aa06-21ba64287d43@ripe.net> Dear colleagues, You may noticed that the number of anchors actively participating in DNSMON had recently decreased somewhat. This is because they were version 1 anchors that had been decommissioned. In most cases, these anchors have since been upgraded to version 3 anchors. We have now added those replacements anchors to the DNSMON set, so you will notice new lines in the DNSMON graph on the probe view, and aggregated values of the server view will be affected slightly. For more information on version 3 anchors, see: https://labs.ripe.net/Members/alun_davies/introducing-ripe-atlas-v3-anchors Kind regards, Chris Amin RIPE NCC From zlobar at corbinatelecom.net Sat Oct 21 12:16:41 2017 From: zlobar at corbinatelecom.net (=?UTF-8?B?0KHQtdGA0LPRltC5INCh0L/RltCy0LDQug==?=) Date: Sat, 21 Oct 2017 13:16:41 +0300 Subject: [dns-wg] f.root-servers.net problem - UA-IX exchange point Message-ID: Hello, There is a problem with a F root-server node connected to UA-IX traffic exchange point (ix.net.ua, AS15645) since October, 14. IP 192.5.5.241 is unreachable from our AS48438 since this date. Troubleshooting of this problem shows trace broken at: 5 2 ms 2 ms 1 ms kbp1b.f.root-servers.ix.net.ua [195.35.65.250] 6 2 ms 1 ms 1 ms iana.r1.kbp1.isc.org [192.228.86.1] 7 * * * Request timed out. 8 * * * Request timed out. IP 192.5.5.241 is also unreachable from UA-IX looking glass ( http://lg.ix.net.ua/ ): Command: ping ipv4 Parameter: 192.5.5.241 ________________________________ Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.5.5.241, timeout is 2 seconds: ...U. Success rate is 0 percent (0/5) The route for 192.5.5.0/24 is present in routing database ( http://lg.ix.net.ua/ ): Command: show ipv4 bgp Parameter: 192.5.5.0/24 ________________________________ BGP routing table entry for 192.5.5.0/24, version 47209171 BGP Bestpath: deterministic-med: cost-community-ignore Paths: (2 available, best #1, table default) Advertised to update-groups: 73 74 76 194 231 233 Refresh Epoch 1 30128 3557, (aggregated by 30128 192.228.86.16) 185.1.50.250 from 185.1.50.250 (192.228.86.17) Origin IGP, metric 2, localpref 100, valid, external, atomic-aggregate, best Community: 3557:10 15645:5 rx pathid: 0, tx pathid: 0x0 Refresh Epoch 1 30128 3557, (aggregated by 30128 192.228.86.16) 185.1.50.248 from 185.1.50.248 (192.228.86.16) Origin IGP, metric 12, localpref 100, valid, external, atomic-aggregate Community: 15645:5 rx pathid: 0, tx pathid: 0 Please fix it. Thanks. -- Best wishes, Sergii Spivak www.corbina.com.ua -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: f-root-1-month.png Type: image/png Size: 24778 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: f-root-2-month.png Type: image/png Size: 23225 bytes Desc: not available URL: From jim at rfc1035.com Sat Oct 21 12:27:12 2017 From: jim at rfc1035.com (Jim Reid) Date: Sat, 21 Oct 2017 11:27:12 +0100 Subject: [dns-wg] f.root-servers.net problem - UA-IX exchange point In-Reply-To: References: Message-ID: <02431C14-D757-4817-B318-DBE244205970@rfc1035.com> > On 21 Oct 2017, at 11:16, ?????? ?????? wrote: > > There is a problem with a F root-server node connected to UA-IX traffic exchange point (ix.net.ua, AS15645) since October, 14. This is out of scope for the WG list. However there may well be ops people from ISC who are here. You should probably send questions about DNS operational issues (for instance routing problems or service outages) to dns-operations at oarc.net and/or the appropriate fora at the relevant IX. Contact data for ISC's NOC is also on-line. I've chosen not to provide that so you can find it for yourself. That way, you'll hopefully remember how to contact them the next time. If there is one. From dblists at icloud.com Sun Oct 22 22:03:28 2017 From: dblists at icloud.com (Denesh Bhabuta) Date: Mon, 23 Oct 2017 00:03:28 +0400 Subject: [dns-wg] f.root-servers.net problem - UA-IX exchange point In-Reply-To: <02431C14-D757-4817-B318-DBE244205970@rfc1035.com> References: <02431C14-D757-4817-B318-DBE244205970@rfc1035.com> Message-ID: <4B8C6AB6-361B-4DC0-8A51-D9CFDBE10F67@icloud.com> > On 21 Oct 2017, at 14:27, Jim Reid wrote: >> On 21 Oct 2017, at 11:16, ?????? ?????? wrote: >> There is a problem with a F root-server node connected to UA-IX traffic exchange point (ix.net.ua, AS15645) since October, 14. > This is out of scope for the WG list. However there may well be ops people from ISC who are here. > You should probably send questions about DNS operational issues (for instance routing problems or service outages) to dns-operations at oarc.net and/or the appropriate fora at the relevant IX. Contact data for ISC's NOC is also on-line. I've chosen not to provide that so you can find it for yourself. That way, you'll hopefully remember how to contact them the next time. If there is one. You mean dns-operations at dns-oarc.net :-) Regards Denesh (wearing my DNS-OARC hat) From shane at time-travellers.org Mon Oct 23 14:55:37 2017 From: shane at time-travellers.org (Shane Kerr) Date: Mon, 23 Oct 2017 16:55:37 +0400 Subject: [dns-wg] Draft minutes from the DNS working group at RIPE 74 Message-ID: <20171023165537.65473d36@pallas.home.time-travellers.org> DNS Colleagues, Draft minutes from the DNS working group at RIPE 74 are available here: https://www.ripe.net/participate/ripe/wg/dns/minutes/dns-working-group-minutes-ripe-74 Please send any corrections to the DNS working group chairs at . [ Apologies for the late e-mail notice. These were actually posted by the RIPE NCC on 2017-06-20, but I did not send this to the list. :( ] Cheers, -- Shane -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From mir at ripe.net Tue Oct 24 10:11:31 2017 From: mir at ripe.net (Mirjam Kuehne) Date: Tue, 24 Oct 2017 10:11:31 +0200 Subject: [dns-wg] New on RIPE Labs: The Future of DNSSEC at the RIPE NCC Message-ID: <03b5f922-0fe1-b5ad-c18b-541b563f6361@ripe.net> Dear colleagues, DNSSEC signing solutions and products have evolved greatly since we first began signing our zones. We are now exploring ways of doing it better and smarter. Please read about our plans on RIPE Labs: https://labs.ripe.net/Members/anandb/the-future-of-dnssec-at-the-ripe-ncc Anand will present this during the DNS WG session at RIPE 75. Kind regards, Mirjam Kuhne RIPE NCC From mir at ripe.net Wed Oct 25 09:44:09 2017 From: mir at ripe.net (Mirjam Kuehne) Date: Wed, 25 Oct 2017 09:44:09 +0200 Subject: [dns-wg] New on RIPE Labs: A Software-based Approach to Identify Heavy Hitters in DNS Traffic Message-ID: <54c93577-3d43-4971-0792-f8dace124386@ripe.net> Dear colleagues, Please find this new article on RIPE Labs, contributed by Santiago Ruano Rincon, one of the RACI fellows from RIPE 74: A Software-based Approach to Identify Heavy Hitters in DNS Traffic This article presents a software-based prototype able to estimate the most queried domain names in a stream of DNS traffic at 12Mpps (wire-rate 10GbE). The goal is to identify domains involved in random qname attacks. This prototype is a proof-of-concept of our research on software and commodity-hardware approaches to analyse high-speed network streams. https://labs.ripe.net/Members/santiago_r_r_/a-software-based-approach-to-identify-heavy-hitters-in-dns-traffic Kind regards, Mirjam Kuhne RIPE NCC