[161635] in North American Network Operators' Group
GeoDNS
daemon@ATHENA.MIT.EDU (kg9020)
Thu Mar 21 10:49:22 2013
From: kg9020 <kg9020@gmail.com>
In-Reply-To: <mailman.1.1363867201.30785.nanog@nanog.org>
Date: Thu, 21 Mar 2013 09:48:46 -0500
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hello=20
Have you tried
https://github.com/blblack/gdnsd
you can view usage at http://www.youtube.com/watch?v=3DWF75IGx9svM
art
On Mar 21, 2013, at 7:00 AM, nanog-request@nanog.org wrote:
> Send NANOG mailing list submissions to
> nanog@nanog.org
>=20
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.nanog.org/mailman/listinfo/nanog
> or, via email, send a message with subject or body 'help' to
> nanog-request@nanog.org
>=20
> You can reach the person managing the list at
> nanog-owner@nanog.org
>=20
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
>=20
>=20
> Today's Topics:
>=20
> 1. Re: Why are there no GeoDNS solutions anywhere in sight?
> (Constantine A. Murenin)
> 2. Re: routing table go boom (Randy Bush)
> 3. 2012 internet census (Randy Bush)
> 4. Re: Why are there no GeoDNS solutions anywhere in sight?
> (Simon Lyall)
> 5. Re: Why are there no GeoDNS solutions anywhere in sight?
> (bmanning@vacation.karoshi.com)
> 6. Cisco password implementation trubs: weakened strength?
> (jamie rishaw)
> 7. Re: Cisco password implementation trubs: weakened strength?
> (Nick Hilliard)
> 8. Re: Cisco password implementation trubs: weakened strength?
> (Jimmy Hess)
> 9. Re: Why are there no GeoDNS solutions anywhere in sight?
> (Masataka Ohta)
>=20
>=20
> ----------------------------------------------------------------------
>=20
> Message: 1
> Date: Thu, 21 Mar 2013 00:23:02 -0700
> From: "Constantine A. Murenin" <mureninc@gmail.com>
> To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
> Cc: nanog@nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID:
> =
<CAPKkNb4g++KaXmJ9Y5N-0J2Dt+P7Yn_xMvxcr7viThh4rf6rMQ@mail.gmail.com>
> Content-Type: text/plain; charset=3DISO-8859-1
>=20
> On 20 March 2013 21:29, Masataka Ohta =
<mohta@necom830.hpcl.titech.ac.jp> wrote:
>> Constantine A. Murenin wrote:
>>=20
>>> Why even stop there: all modern browsers usually know the exact
>>> location of the user, often with street-level accuracy.
>>=20
>> If you think mobile, they don't, especially because "often" is
>> not at all "enough times".
>=20
> Are you suggesting that geolocation is inaccurate enough to misplace
> Europe with Asia?
>=20
>>> Why is there no way to do any of this?
>>=20
>> Because it is impractical to assume an IP address can be mapped
>> uniquely to a geolocation.
>=20
> Why is it impractical? If I have a server in Germany and in Quebec,
> why would it be impractical to have the logic in place such that
> European visitors would be contacting the server in Germany, and
> visitors from US/Canada -- the one in Quebec?
>=20
> C.
>=20
>=20
>=20
> ------------------------------
>=20
> Message: 2
> Date: Thu, 21 Mar 2013 09:23:08 +0200
> From: Randy Bush <randy@psg.com>
> To: Jared Mauch <jared@puck.nether.net>
> Cc: nanog@nanog.org
> Subject: Re: routing table go boom
> Message-ID: <m2sj3pb4ir.wl%randy@psg.com>
> Content-Type: text/plain; charset=3DUS-ASCII
>=20
>> I certainly think there's a lot that can be done at middle-layers, =
eg: tunnels
>> to a few different providers. I can be on a Comcast CM and ATT DSL =
link and
>> establish a link to a tunnel destination in Chicago that is =
low-latency for me
>> and the bits will all flow that way. =20
>>=20
>> The last mile loop problem though?
>=20
> sweden and japan, among others, have some experiences (good and
> mediocre) in this area
>=20
> randy
>=20
>=20
>=20
> ------------------------------
>=20
> Message: 3
> Date: Thu, 21 Mar 2013 10:24:51 +0200
> From: Randy Bush <randy@psg.com>
> To: North American Network Operators' Group <nanog@nanog.org>
> Subject: 2012 internet census
> Message-ID: <m2ppytb1nw.wl%randy@psg.com>
> Content-Type: text/plain; charset=3DUS-ASCII
>=20
> nice piece of work
>=20
> http://internetcensus2012.bitbucket.org/paper.html
>=20
> as cristel says, better coverage than atlas and no need for user
> credits! :)
>=20
> randy
>=20
>=20
>=20
> ------------------------------
>=20
> Message: 4
> Date: Thu, 21 Mar 2013 21:26:46 +1300 (NZDT)
> From: Simon Lyall <simon@darkmere.gen.nz>
> To: nanog@nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID:
> <alpine.DEB.2.00.1303212112110.28564@green.darkmere.gen.nz>
> Content-Type: TEXT/PLAIN; charset=3DUS-ASCII; format=3Dflowed
>=20
> On Thu, 21 Mar 2013, Constantine A. Murenin wrote:
>> Why is it impractical? If I have a server in Germany and in Quebec,
>> why would it be impractical to have the logic in place such that
>> European visitors would be contacting the server in Germany, and
>> visitors from US/Canada -- the one in Quebec?
>=20
> But what if the server in Quebec is a little VPS on a 10Mb/s link =
while=20
> the one in Germany is a rack of servers on a 10Gb/s link?
>=20
> What if I just want the server in Quebec to serve people from Canada =
and=20
> the one in Germany serves the rest of the world?
>=20
> What if it is 4am in Quebec but 9am in Germany? (it is right now)
>=20
> What if I have half a dozen pops worldwide?
>=20
> What if I have 20? 200? 2000?
>=20
> What is closer to a user in New Zealand, A Pop in Japan, Singapore or =
LA?
>=20
> The main thing with GSLB is:
>=20
> The little guys don't need it,
> The medium sized sites outsource,
> The big guys roll their own.
>=20
> Personally I outsource and it works very well.
>=20
> --=20
> Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
> "To stay awake all night adds a day to your life" - Stilgar | eMT.
>=20
>=20
>=20
>=20
> ------------------------------
>=20
> Message: 5
> Date: Thu, 21 Mar 2013 08:41:40 +0000
> From: bmanning@vacation.karoshi.com
> To: "Constantine A. Murenin" <mureninc@gmail.com>
> Cc: nanog@nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID: <20130321084140.GB432@vacation.karoshi.com.>
> Content-Type: text/plain; charset=3Dus-ascii
>=20
> On Thu, Mar 21, 2013 at 12:23:02AM -0700, Constantine A. Murenin =
wrote:
>> On 20 March 2013 21:29, Masataka Ohta =
<mohta@necom830.hpcl.titech.ac.jp> wrote:
>>> Constantine A. Murenin wrote:
>>>=20
>>>> Why even stop there: all modern browsers usually know the exact
>>>> location of the user, often with street-level accuracy.
>>>=20
>>> If you think mobile, they don't, especially because "often" is
>>> not at all "enough times".
>>=20
>> Are you suggesting that geolocation is inaccurate enough to misplace
>> Europe with Asia?
>=20
>=20
> last month, while in western australia, geoloc pegged me in utah.
> this morning, geoloc pegged me in Kansas, while resident in Maryland.
>=20
>=20
>>>> Why is there no way to do any of this?
>>>=20
>>> Because it is impractical to assume an IP address can be mapped
>>> uniquely to a geolocation.
>>=20
>> Why is it impractical? If I have a server in Germany and in Quebec,
>> why would it be impractical to have the logic in place such that
>> European visitors would be contacting the server in Germany, and
>> visitors from US/Canada -- the one in Quebec?
>>=20
>> C.
>=20
> secure dynamic update works. waht is TWC's incentive to allow clients =
to update
> tjheir reverse DNS delegations, esp when clients are leaving them for =
T-Mobile?
>=20
>=20
> your sugesting the cretion and deployment of something that already =
exists
> in the LOC RR. Your rational is that LOC isn't used. If thats the =
case,
> why would your proposal be any more successful?
>=20
> /bill
>=20
>=20
>=20
> ------------------------------
>=20
> Message: 6
> Date: Thu, 21 Mar 2013 05:10:36 -0500
> From: jamie rishaw <j@arpa.com>
> To: NANOG <nanog@nanog.org>
> Subject: Cisco password implementation trubs: weakened strength?
> Message-ID:
> =
<CABL6YZQFf9_e9va0J15kdz1np-Jv-jeZ1Vi9LPnNewGKwMzDNg@mail.gmail.com>
> Content-Type: text/plain; charset=3DISO-8859-1
>=20
> warning: I'm tired and this email is terse.
> warning: for huge nerds only.
> disclaimer: although I've worked with actual rocket scientists(hi =
Roger),
> I'm. not one myself..nor am I a crypto mathnerd
>=20
> apparently, Cisco is changing its password schemas.
>=20
> old: pbkdf2 by 1k, salted
> vs
> New: (type 4) unsalted sha256
> ..
> discuss.?
>=20
> there is a cert and Cisco sa on this.. but I'm wondering if anyone has =
any
> opinions, yea or nay.?
>=20
> -j.
>=20
>=20
> ------------------------------
>=20
> Message: 7
> Date: Thu, 21 Mar 2013 10:57:02 +0000
> From: Nick Hilliard <nick@foobar.org>
> To: nanog@nanog.org
> Subject: Re: Cisco password implementation trubs: weakened strength?
> Message-ID: <514AE77E.10705@foobar.org>
> Content-Type: text/plain; charset=3DISO-8859-1
>=20
> On 21/03/2013 10:10, jamie rishaw wrote:
>> apparently, Cisco is changing its password schemas.
>>=20
>> old: pbkdf2 by 1k, salted
>> vs
>> New: (type 4) unsalted sha256
>> ..
>> discuss.?
>=20
> security advisory:
>=20
>> =
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco=
-sr-20130318-type4
>=20
> which states:
>=20
>> Because of the issues discussed in this Security Response, Cisco is
>> taking the following actions for future Cisco IOS and Cisco IOS XE
>> releases:
>>=20
>> Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS =
XE
>> releases will not generate Type 4 passwords. However, to maintain
>> backward compatibility, existing Type 4 passwords will be parsed and
>> accepted. Customers will need to manually remove the existing Type 4
>> passwords from their configuration.
>=20
> Kudos to Cisco - this was the right thing to do.
>=20
> Nick
>=20
>=20
>=20
>=20
> ------------------------------
>=20
> Message: 8
> Date: Thu, 21 Mar 2013 06:22:52 -0500
> From: Jimmy Hess <mysidia@gmail.com>
> To: jamie rishaw <j@arpa.com>
> Cc: NANOG <nanog@nanog.org>
> Subject: Re: Cisco password implementation trubs: weakened strength?
> Message-ID:
> =
<CAAAwwbVxUHr4v4O3_qqJHbXDTTaY0D0juMCNNbYOVGdzZS6ciA@mail.gmail.com>
> Content-Type: text/plain; charset=3DISO-8859-1
>=20
> On 3/21/13, jamie rishaw <j@arpa.com> wrote:
>> New: (type 4) unsalted sha256
>=20
> Good for them; DES Crypt and MD5 crypt are dead... however, I hope
> they have misspoken then... because that move would make no
> sense... moving to simple unsalted SHA256 as the new hash type would
> definitely increase the performance of potential password cracking
> attempts against passwords stored at rest, instead of addressing the
> massive increase in cheap computing power (which will necessitate all
> software vendors who are concerned about stored password security,
> stop using older crypt algorithms yesterday).
>=20
> In other words; they would be moving to a weaker hashing algorithm if
> selecting unsalted SHA -- more hashes per second of SHA256 could be
> computed per second on equivalent GPU than hashes per second of MD5
> Crypt.
>=20
> PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required
> for a password cracker); Bcrypt stronger than PBKDF2 with appropriate
> work factor selected (more time _and_ larger amounts of memory space
> required thwarting GPUs); etc.
>=20
>=20
> Also, on what platform have they already used anything stronger than =
Unix crypt?
>=20
> As far as I knew, Cisco were always using; 'type 7' password blobs
> vigenere based symmetric encryption with a factory-defined key, type
> 6 symmetric encrypted storage (with des/aes key obscured from view),
> or type 5 basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm
> used in FreeBSD.
>=20
>=20
>> I'm. not one myself..nor am I a crypto mathnerd
>> apparently, Cisco is changing its password schemas.
>> old: pbkdf2 by 1k, salted
>> vs
>> New: (type 4) unsalted sha256
>> ..
>> discuss.?
>>=20
>> there is a cert and Cisco sa on this.. but I'm wondering if anyone =
has any
>> opinions, yea or nay.?
>=20
> --
> -JH
>=20
>=20
>=20
> ------------------------------
>=20
> Message: 9
> Date: Thu, 21 Mar 2013 20:36:36 +0900
> From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
> To: "Constantine A. Murenin" <mureninc@gmail.com>
> Cc: nanog@nanog.org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID: <514AF0C4.7000200@necom830.hpcl.titech.ac.jp>
> Content-Type: text/plain; charset=3DISO-2022-JP
>=20
> Constantine A. Murenin wrote:
>=20
>> Are you suggesting that geolocation is inaccurate enough to misplace
>> Europe with Asia?
>=20
> Yes, of course.
>=20
> Think mobile.
>=20
> Masataka Ohta
>=20
>=20
>=20
> End of NANOG Digest, Vol 62, Issue 67
> *************************************
