GeoDNS
kg9020
kg9020 at gmail.com
Thu Mar 21 14:48:46 UTC 2013
Hello
Have you tried
https://github.com/blblack/gdnsd
you can view usage at http://www.youtube.com/watch?v=WF75IGx9svM
art
On Mar 21, 2013, at 7:00 AM, nanog-request at nanog.org wrote:
> Send NANOG mailing list submissions to
> nanog at nanog.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.nanog.org/mailman/listinfo/nanog
> or, via email, send a message with subject or body 'help' to
> nanog-request at nanog.org
>
> You can reach the person managing the list at
> nanog-owner at nanog.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
>
>
> Today's Topics:
>
> 1. Re: Why are there no GeoDNS solutions anywhere in sight?
> (Constantine A. Murenin)
> 2. Re: routing table go boom (Randy Bush)
> 3. 2012 internet census (Randy Bush)
> 4. Re: Why are there no GeoDNS solutions anywhere in sight?
> (Simon Lyall)
> 5. Re: Why are there no GeoDNS solutions anywhere in sight?
> (bmanning at vacation.karoshi.com)
> 6. Cisco password implementation trubs: weakened strength?
> (jamie rishaw)
> 7. Re: Cisco password implementation trubs: weakened strength?
> (Nick Hilliard)
> 8. Re: Cisco password implementation trubs: weakened strength?
> (Jimmy Hess)
> 9. Re: Why are there no GeoDNS solutions anywhere in sight?
> (Masataka Ohta)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 21 Mar 2013 00:23:02 -0700
> From: "Constantine A. Murenin" <mureninc at gmail.com>
> To: Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp>
> Cc: nanog at nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID:
> <CAPKkNb4g++KaXmJ9Y5N-0J2Dt+P7Yn_xMvxcr7viThh4rf6rMQ at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 20 March 2013 21:29, Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp> wrote:
>> Constantine A. Murenin wrote:
>>
>>> Why even stop there: all modern browsers usually know the exact
>>> location of the user, often with street-level accuracy.
>>
>> If you think mobile, they don't, especially because "often" is
>> not at all "enough times".
>
> Are you suggesting that geolocation is inaccurate enough to misplace
> Europe with Asia?
>
>>> Why is there no way to do any of this?
>>
>> Because it is impractical to assume an IP address can be mapped
>> uniquely to a geolocation.
>
> Why is it impractical? If I have a server in Germany and in Quebec,
> why would it be impractical to have the logic in place such that
> European visitors would be contacting the server in Germany, and
> visitors from US/Canada -- the one in Quebec?
>
> C.
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 21 Mar 2013 09:23:08 +0200
> From: Randy Bush <randy at psg.com>
> To: Jared Mauch <jared at puck.nether.net>
> Cc: nanog at nanog.org
> Subject: Re: routing table go boom
> Message-ID: <m2sj3pb4ir.wl%randy at psg.com>
> Content-Type: text/plain; charset=US-ASCII
>
>> I certainly think there's a lot that can be done at middle-layers, eg: tunnels
>> to a few different providers. I can be on a Comcast CM and ATT DSL link and
>> establish a link to a tunnel destination in Chicago that is low-latency for me
>> and the bits will all flow that way.
>>
>> The last mile loop problem though?
>
> sweden and japan, among others, have some experiences (good and
> mediocre) in this area
>
> randy
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 21 Mar 2013 10:24:51 +0200
> From: Randy Bush <randy at psg.com>
> To: North American Network Operators' Group <nanog at nanog.org>
> Subject: 2012 internet census
> Message-ID: <m2ppytb1nw.wl%randy at psg.com>
> Content-Type: text/plain; charset=US-ASCII
>
> nice piece of work
>
> http://internetcensus2012.bitbucket.org/paper.html
>
> as cristel says, better coverage than atlas and no need for user
> credits! :)
>
> randy
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 21 Mar 2013 21:26:46 +1300 (NZDT)
> From: Simon Lyall <simon at darkmere.gen.nz>
> To: nanog at nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID:
> <alpine.DEB.2.00.1303212112110.28564 at green.darkmere.gen.nz>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> On Thu, 21 Mar 2013, Constantine A. Murenin wrote:
>> Why is it impractical? If I have a server in Germany and in Quebec,
>> why would it be impractical to have the logic in place such that
>> European visitors would be contacting the server in Germany, and
>> visitors from US/Canada -- the one in Quebec?
>
> But what if the server in Quebec is a little VPS on a 10Mb/s link while
> the one in Germany is a rack of servers on a 10Gb/s link?
>
> What if I just want the server in Quebec to serve people from Canada and
> the one in Germany serves the rest of the world?
>
> What if it is 4am in Quebec but 9am in Germany? (it is right now)
>
> What if I have half a dozen pops worldwide?
>
> What if I have 20? 200? 2000?
>
> What is closer to a user in New Zealand, A Pop in Japan, Singapore or LA?
>
> The main thing with GSLB is:
>
> The little guys don't need it,
> The medium sized sites outsource,
> The big guys roll their own.
>
> Personally I outsource and it works very well.
>
> --
> Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
> "To stay awake all night adds a day to your life" - Stilgar | eMT.
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 21 Mar 2013 08:41:40 +0000
> From: bmanning at vacation.karoshi.com
> To: "Constantine A. Murenin" <mureninc at gmail.com>
> Cc: nanog at nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID: <20130321084140.GB432 at vacation.karoshi.com.>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Mar 21, 2013 at 12:23:02AM -0700, Constantine A. Murenin wrote:
>> On 20 March 2013 21:29, Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp> wrote:
>>> Constantine A. Murenin wrote:
>>>
>>>> Why even stop there: all modern browsers usually know the exact
>>>> location of the user, often with street-level accuracy.
>>>
>>> If you think mobile, they don't, especially because "often" is
>>> not at all "enough times".
>>
>> Are you suggesting that geolocation is inaccurate enough to misplace
>> Europe with Asia?
>
>
> last month, while in western australia, geoloc pegged me in utah.
> this morning, geoloc pegged me in Kansas, while resident in Maryland.
>
>
>>>> Why is there no way to do any of this?
>>>
>>> Because it is impractical to assume an IP address can be mapped
>>> uniquely to a geolocation.
>>
>> Why is it impractical? If I have a server in Germany and in Quebec,
>> why would it be impractical to have the logic in place such that
>> European visitors would be contacting the server in Germany, and
>> visitors from US/Canada -- the one in Quebec?
>>
>> C.
>
> secure dynamic update works. waht is TWC's incentive to allow clients to update
> tjheir reverse DNS delegations, esp when clients are leaving them for T-Mobile?
>
>
> your sugesting the cretion and deployment of something that already exists
> in the LOC RR. Your rational is that LOC isn't used. If thats the case,
> why would your proposal be any more successful?
>
> /bill
>
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 21 Mar 2013 05:10:36 -0500
> From: jamie rishaw <j at arpa.com>
> To: NANOG <nanog at nanog.org>
> Subject: Cisco password implementation trubs: weakened strength?
> Message-ID:
> <CABL6YZQFf9_e9va0J15kdz1np-Jv-jeZ1Vi9LPnNewGKwMzDNg at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> warning: I'm tired and this email is terse.
> warning: for huge nerds only.
> disclaimer: although I've worked with actual rocket scientists(hi Roger),
> I'm. not one myself..nor am I a crypto mathnerd
>
> apparently, Cisco is changing its password schemas.
>
> old: pbkdf2 by 1k, salted
> vs
> New: (type 4) unsalted sha256
> ..
> discuss.?
>
> there is a cert and Cisco sa on this.. but I'm wondering if anyone has any
> opinions, yea or nay.?
>
> -j.
>
>
> ------------------------------
>
> Message: 7
> Date: Thu, 21 Mar 2013 10:57:02 +0000
> From: Nick Hilliard <nick at foobar.org>
> To: nanog at nanog.org
> Subject: Re: Cisco password implementation trubs: weakened strength?
> Message-ID: <514AE77E.10705 at foobar.org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 21/03/2013 10:10, jamie rishaw wrote:
>> apparently, Cisco is changing its password schemas.
>>
>> old: pbkdf2 by 1k, salted
>> vs
>> New: (type 4) unsalted sha256
>> ..
>> discuss.?
>
> security advisory:
>
>> http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
>
> which states:
>
>> Because of the issues discussed in this Security Response, Cisco is
>> taking the following actions for future Cisco IOS and Cisco IOS XE
>> releases:
>>
>> Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE
>> releases will not generate Type 4 passwords. However, to maintain
>> backward compatibility, existing Type 4 passwords will be parsed and
>> accepted. Customers will need to manually remove the existing Type 4
>> passwords from their configuration.
>
> Kudos to Cisco - this was the right thing to do.
>
> Nick
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Thu, 21 Mar 2013 06:22:52 -0500
> From: Jimmy Hess <mysidia at gmail.com>
> To: jamie rishaw <j at arpa.com>
> Cc: NANOG <nanog at nanog.org>
> Subject: Re: Cisco password implementation trubs: weakened strength?
> Message-ID:
> <CAAAwwbVxUHr4v4O3_qqJHbXDTTaY0D0juMCNNbYOVGdzZS6ciA at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 3/21/13, jamie rishaw <j at arpa.com> wrote:
>> New: (type 4) unsalted sha256
>
> Good for them; DES Crypt and MD5 crypt are dead... however, I hope
> they have misspoken then... because that move would make no
> sense... moving to simple unsalted SHA256 as the new hash type would
> definitely increase the performance of potential password cracking
> attempts against passwords stored at rest, instead of addressing the
> massive increase in cheap computing power (which will necessitate all
> software vendors who are concerned about stored password security,
> stop using older crypt algorithms yesterday).
>
> In other words; they would be moving to a weaker hashing algorithm if
> selecting unsalted SHA -- more hashes per second of SHA256 could be
> computed per second on equivalent GPU than hashes per second of MD5
> Crypt.
>
> PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required
> for a password cracker); Bcrypt stronger than PBKDF2 with appropriate
> work factor selected (more time _and_ larger amounts of memory space
> required thwarting GPUs); etc.
>
>
> Also, on what platform have they already used anything stronger than Unix crypt?
>
> As far as I knew, Cisco were always using; 'type 7' password blobs
> vigenere based symmetric encryption with a factory-defined key, type
> 6 symmetric encrypted storage (with des/aes key obscured from view),
> or type 5 basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm
> used in FreeBSD.
>
>
>> I'm. not one myself..nor am I a crypto mathnerd
>> apparently, Cisco is changing its password schemas.
>> old: pbkdf2 by 1k, salted
>> vs
>> New: (type 4) unsalted sha256
>> ..
>> discuss.?
>>
>> there is a cert and Cisco sa on this.. but I'm wondering if anyone has any
>> opinions, yea or nay.?
>
> --
> -JH
>
>
>
> ------------------------------
>
> Message: 9
> Date: Thu, 21 Mar 2013 20:36:36 +0900
> From: Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp>
> To: "Constantine A. Murenin" <mureninc at gmail.com>
> Cc: nanog at nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID: <514AF0C4.7000200 at necom830.hpcl.titech.ac.jp>
> Content-Type: text/plain; charset=ISO-2022-JP
>
> Constantine A. Murenin wrote:
>
>> Are you suggesting that geolocation is inaccurate enough to misplace
>> Europe with Asia?
>
> Yes, of course.
>
> Think mobile.
>
> Masataka Ohta
>
>
>
> End of NANOG Digest, Vol 62, Issue 67
> *************************************
More information about the NANOG
mailing list