Is it just me, or did some of Xtra's servers (specifically
alien.xtra.co.nz/www.xtra.co.nz but probably more) suddenly stop
replying to echo requests at some point this afternoon?
Certainly had me stumped/panicking when my traceroute died at the
Unleash Technology Solutions
Thankfully we have heard that Telecom is reconsidering its approach and
we say it is about time. With continued data growth, IP-based voice and
video becoming widespread, and an increasing number of networks being
developed, it is critical that local data is kept local and the most
efficient paths across the network are utilised.
Telecom has recently been reported in the media as saying it is
seriously looking at and now supports the concept of local internet
interconnection. Rumours abound of a June/July timetable. Of course for
their customers, and TelstraClear's, one would expect they never stopped
local interconnection, but this move would re-integrate Telecom with the
rest of the internet at a local level.
I'm doing a bit of DNS testing and I start noticing some weird results for
a few domains. The two below appear to be specific problems since they are
popular and I noticed them but I suspect there are others.
The problem is that www.anz.co.nz and www.anz.com have TTLs of zero
seconds. This means that *every* DNS look up for them takes either around
40 or 140ms (one server is closer/quicker than the other) since it is
Similarly the TTL for www.trademe.co.nz (and www.oldfriends.co.nz) is just
ten seconds so this must be constantly rechecked. Not as bad since their
servers are in NZ but still there is a delay.
Some companies (like google or yahoo) have very sophisticated systems that
constantly check user performance and switch them from datacenter to
datacenter in seconds if things start going slow.
However unless your company has such a system (and very reliable and
nearly DNS servers) then a TTL of a few minutes is good enough for manual
updates to quickly propagate. Lower values than that will result in
decreased performance for your customers. Even google and yahoo have TTLs
of a minute or two.
The scary thing is that both sites probably put a lot of time into making
the actual pages load as fast as possible.
Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
Call for Hosts: NZNOG 08
We are looking for potential hosts for NZNOG 06 in around a year's time.
I would like to hear off-list from people who
a) have been to at least one NZNOG conference in the past, and
b) might be interested in hosting next year's conference.
This is not about committing anybody to anything at this stage. It is a
good time to start thinking about whether this is a way in which you
could contribute to the community, whether as a single hosting
organisation or in cooperation with others.
I look forward to hearing from you before the 25th of March.
NZNOG 08 Conference Organising Committee.
In message <45F5DAA1.9070701(a)deanpemberton.com>, Dean Pemberton writes:
>I can remember a time when a similar question was raised about zero time
>TTLs on records. [...] It was with a bank. [...]
>"We want to make sure that each and every request for an IP address
>comes to our DNS server. We don't want it to be cached at all as this
>can lead to someone hijacking the cache. We like it this way"
So if someone _does_ manage to find a way to poison the cache with a
record, then they can happily set a long TTL on the poison record and
avoid any other lookups. And there's an almost zero chance that there'll
be valid cached record there to prevent the poisoned one being cached.
Seems to me some people don't think through the logical consequences of
their actions. It also seems to me that anyone needing failover in less
than about an hour wants a different solution than updating DNS entries
(load balancer, anycast, etc).
On 20-Feb-2007 Joe Abley wrote:
> On 20-Feb-2007, at 17:16, Martin Kealey wrote:
> > Question: are there any (DSL?) CPE units for sale or in development
> > that will do v6 to v4 translation, plus v6 pass-thru?
> In practical terms (and I'm being only slightly pedantic) there *is*
> no v6 to v4 translation. There are tunnels, and there is native IPv6.
Are you saying that when a v6 host says "Connect to ::ffff:cfdb:2d24", the answer will invariably be "can't"?
Otherwise we're talking about a third option that smells rather like SNAT, but running on steroids. Hence my using the term "translation".
It makes sense for this "natting" to occur as far as possible from the v6 source host and as near as possible to the target v4 host, but in any case it can only go as far away as your v6 transit allows.
Since we're only starting the game, that means the CPE border kit. Although I asked about doing both "translation and pass-thru", if the ISP at the other end is sensible it should only need to do one of those at a time.
I'm looking for a New Zealand based looking glass that's on the Internet
- so not the WIX or APE ones. The only one I've been able to find that
goes is the ICONZ one at NZIX (http://nzix.net/cgi-bin/mrlg-others.cgi)
although did also find Simon Lyall's one, which is currently offline, at
I have found a single working traceroute at
http://www.kcbbs.gen.nz/cgi-bin/trace (AS9303). There are two others
listed at traceroute.org, but neither is working.
Is it just there there aren't many of these about, or are they just a
well guarded secret? I found a few posts on the topic to this list in
July last year
(http://list.waikato.ac.nz/pipermail/nznog/2006-July/011929.html) but it
didn't seem to go anywhere. If anyone knows of any others based in New
Zealand (there are zillions elsewhere on the internet) I would greatly
appreciate knowing where!
Specifically I'm looking for traces from Orcon and Telecom / Xtra to
184.108.40.206, but the more data I can get to see why it seems that more
traffic is coming in through our expensive upstream than we thought
would the better :^)
Does anyone know if there are any websites that will create a bind reverse
zone file for a given IPv6 range? I can cope with creating the forward
entries, but trying to work out the correct zone naming (not to mention
the actual resource entries) for the reverse is more than my paw widdle
bwain can cope with at present.
"Don't use force. Get a bigger hammer."
This came from the SPAM-L mailing list. If ppl are using RBL's on their
mail servers they might want to read below.
The following text was sent to list(a)njabl.org on Jan 19, 2007. Judging
from the number of DNS queries still being handled for
dynablock.njabl.org, the message doesn't seem to have made it to a wide
If you use or know people who use dynablock.njabl.org, this is important
With the advent of Spamhaus's PBL (http://spamhaus.org/pbl/),
dynablock.njabl.org has become obsolete. Rather than maintain separate
similar DNSBL zones, NJABL will be working with Spamhaus on the PBL.
Effective immediately, dynablock.njabl.org exists as a copy of the
Spamhaus PBL. After dynablock users have had ample time to update their
configurations, the dynablock.njabl.org zone will be emptied.
Other NJABL zones (i.e. dnsbl, combined, bhnc, and the qw versions) will
continue, business as usual, except that combined will eventually lose its
If you currently use dynablock.njabl.org we recommend you switch
immediately to pbl.spamhaus.org.
If you currently use combined.njabl.org, we recommend you add
pbl.spamhaus.org to the list of DNSBLs you use.
You may also want to consider using zen.spamhaus.org, which is a
combination zone consisting of Spamhaus's SBL, XBL, and PBL zones.