Re: Survey on the impact of software regulation on DNS systems

2025-04-08 Thread Peter 'PMc' Much
Michael, thank You very much for this message! it came at the right time and it is truly inspiring! I missed that. On Fri, Mar 28, 2025 at 01:59:02AM +0100, Michael De Roover wrote: ! > So, while I am not strictly against regulation, the bottomline question ! > appears to be: how do we manage

Re: Survey on the impact of software regulation on DNS systems

2025-03-27 Thread Peter 'PMc' Much
On Sun, Feb 02, 2025 at 02:45:08PM -0500, Paul Kosinski via bind-users wrote: ! On Sat, 1 Feb 2025 14:47:35 + ! Marc wrote: ! ! "You have to get the bigger picture. Everything requires regulation otherwise big tech is going to fuck you. There are enough examples out there." ! ! The even big

Re: xfer-in: Transfer status: timed out (selective failures)

2025-02-25 Thread Peter 'PMc' Much
Thanks a lot, folks! The problem is solved - I put a "checksum" module between the firewall and the "nat" module (I have netgraph[1] modules), and that works now as expected. Apparently, when NAT-rewriting the address of a /locally created/ packet, at the time of rewriting the checksum has not

Re: xfer-in: Transfer status: timed out (selective failures)

2025-02-24 Thread Peter 'PMc' Much
On Mon, Feb 24, 2025 at 10:01:49PM +0100, Peter 'PMc' Much wrote: ! Packets do arrive, but are ignored. ! The local firewall is switched to pass-thru. ! ! I don't know what else could selectively swallow packets without ! notice. Okay, I figured it out. tcpdump was friendly enou

xfer-in: Transfer status: timed out (selective failures)

2025-02-24 Thread Peter 'PMc' Much
Hi, I started to get these messages, when some secondary tries to fetch a zonefile from a primary. So I looked into it - The primary is running: # ps ax | grep named 13667 - IsJ 0:00.39 /usr/local/sbin/named -n 1 -u bind -c /usr/local/etc/namedb/named.conf It has ports configured:

Re: IPv6 Geolocation per /64

2025-02-19 Thread Peter 'PMc' Much
On Tue, Feb 18, 2025 at 07:20:26PM -0500, Michael Richardson wrote: ! There is also https://www.rfc-editor.org/info/rfc9632. ! ! This document specifies how to augment the Routing Policy Specification ! Language (RPSL) inetnum: class to refer specifically to geofeed ! comma-separated values

Re: IPv6 Geolocation per /64

2025-02-18 Thread Peter 'PMc' Much
On Tue, Feb 18, 2025 at 09:48:02PM +, Andrew Pavlin wrote: ! Think about it. Who _has_ to know your physical/geographical address and its associated Internet address block to provide you with Internet service? Your ISP! Question: is an ISP legally oblidged to divulge their customer's locations

Re: IPv6 Geolocation per /64

2025-02-18 Thread Peter 'PMc' Much
On Tue, Feb 18, 2025 at 08:48:15PM +0100, Michael De Roover wrote: ! Hi all, ! ! > It may be inside DNS, or it may be elsewhere, I do not know. There ! > is a DNS "LOC" record, but that doesn't seem to be used anymore. It ! > seems to be something else. But what, and where? ! I find it a shame tha

Re: IPv6 Geolocation per /64

2025-02-18 Thread Peter 'PMc' Much
On Tue, Feb 18, 2025 at 09:51:51PM +0100, Michael De Roover wrote: ! On Tuesday, February 18, 2025 9:38:58 PM CET Peter 'PMc' Much wrote: ! > Then they make a business of selling my own information back to me - ! > and I would like to know how they do that. ! ! Hehe.. about that.

Re: IPv6 Geolocation per /64

2025-02-18 Thread Peter 'PMc' Much
On Tue, Feb 18, 2025 at 08:04:28PM +0100, Marco Moock wrote: ! Am 18.02.2025 um 18:50:31 Uhr schrieb Peter 'PMc' Much: ! ! > Consideration: ! >Since every /64 in IPv6 carries it's own distinct geolocation info, ! >there must be somewhere a database

IPv6 Geolocation per /64

2025-02-18 Thread Peter 'PMc' Much
Consideration: Since every /64 in IPv6 carries it's own distinct geolocation info, there must be somewhere a database of -quick average- 2^64 = 18446744073709551616 records. I'm currently trying to figure out where that database is located. It may be inside DNS, or it may be elsewhere, I

Re: Survey on the impact of software regulation on DNS systems

2025-02-01 Thread Peter 'PMc' Much
On Wed, Jan 29, 2025 at 03:43:23PM +, Marcus Kool wrote: ! I participated in the survey and think it is good to also have a ! public discussion. I tried to, but got the impression that the target audience is rather commercial providers of infrastructure services, like domain registrars and dns

Re: localhost name lookup

2025-01-15 Thread Peter 'PMc' Much
On Tue, Jan 14, 2025 at 10:47:35PM +0100, Emmanuel Fusté wrote: ! localhost is defined as a (local) hostname of the loopback interface, not a ! domain name. Where would that be defined? Because, what You state is a contradiction in itself: a hostname is a designation of the metal (or virtual, now

Re: SVCB/HTTPS vs. getaddrinfo: how to merge?

2024-12-26 Thread Peter 'PMc' Much
On Thu, Dec 26, 2024 at 04:53:51AM -0500, Darren Ankney wrote: ! Hi, ! ! It seems to me that the HTTPS/SVCB records describe where and how a ! service is available (could be several IPv4 and IPv6 addresses as well ! as several ports). It does nothing to select how a client might ! connect to the

SVCB/HTTPS vs. getaddrinfo: how to merge?

2024-12-25 Thread Peter 'PMc' Much
Folks, recent messages here mentioned some HTTPS and SVCB RRs. This is completely news to me, so I gave it some read. Then I found that these new tools are supposed to provide (IPv4 and IPv6) addresses, which seems to me as rather strange from a logical viewpoint. Normally, the addresses to be

Re: Recently started invalid signings

2024-11-29 Thread Peter 'PMc' Much
maintained manually (I didn't find anybody listening to CDNSKEY yet) and I have two KSK for high-availability, and the third is currently introduced or retiring (the rollover scheme works for RFC 5011 also). cheerio, PMc ! ! > On 29 Nov 2024, at 13:54, Peter 'PMc' Much

Recently started invalid signings

2024-11-28 Thread Peter 'PMc' Much
Hi, I just noticed my dns-signer recently started to create some invalid signings - the two red arrows in here: https://dnsviz.net/d/daemon.contact/Z0ka0A/dnssec/ There is a history, one can go back and see these weren't present in March '24 and earlier. The problem is, I didn't change an