GeoDNS

[kg9020 <kg9020 () gmail com>]

Hello 

Have you tried

https://github.com/blblack/gdnsd

you can view usage at http://www.youtube.com/watch?v=WF75IGx9svM
art

On Mar 21, 2013, at 7:00 AM, nanog-request () nanog org wrote:

> Send NANOG mailing list submissions to
>       nanog () nanog org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://mailman.nanog.org/mailman/listinfo/nanog
> or, via email, send a message with subject or body 'help' to
>       nanog-request () nanog org
>
> You can reach the person managing the list at
>       nanog-owner () nanog org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
>
>
> Today's Topics:
>
>   1. Re: Why are there no GeoDNS solutions anywhere in sight?
>      (Constantine A. Murenin)
>   2. Re: routing table go boom (Randy Bush)
>   3. 2012 internet census (Randy Bush)
>   4. Re: Why are there no GeoDNS solutions anywhere in sight?
>      (Simon Lyall)
>   5. Re: Why are there no GeoDNS solutions anywhere in sight?
>      (bmanning () vacation karoshi com)
>   6. Cisco password implementation trubs: weakened strength?
>      (jamie rishaw)
>   7. Re: Cisco password implementation trubs: weakened strength?
>      (Nick Hilliard)
>   8. Re: Cisco password implementation trubs: weakened strength?
>      (Jimmy Hess)
>   9. Re: Why are there no GeoDNS solutions anywhere in sight?
>      (Masataka Ohta)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 21 Mar 2013 00:23:02 -0700
> From: "Constantine A. Murenin" <mureninc () gmail com>
> To: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
> Cc: nanog () nanog org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID:
>       <CAPKkNb4g++KaXmJ9Y5N-0J2Dt+P7Yn_xMvxcr7viThh4rf6rMQ () mail gmail com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 20 March 2013 21:29, Masataka Ohta <mohta () necom830 hpcl titech ac jp> wrote:
> > Constantine A. Murenin wrote:
> >
> > > Why even stop there:  all modern browsers usually know the exact
> > > location of the user, often with street-level accuracy.
> >
> > If you think mobile, they don't, especially because "often" is
> > not at all "enough times".
>
> Are you suggesting that geolocation is inaccurate enough to misplace
> Europe with Asia?
>
> > > Why is there no way to do any of this?
> >
> > Because it is impractical to assume an IP address can be mapped
> > uniquely to a geolocation.
>
> Why is it impractical?  If I have a server in Germany and in Quebec,
> why would it be impractical to have the logic in place such that
> European visitors would be contacting the server in Germany, and
> visitors from US/Canada -- the one in Quebec?
>
> C.
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 21 Mar 2013 09:23:08 +0200
> From: Randy Bush <randy () psg com>
> To: Jared Mauch <jared () puck nether net>
> Cc: nanog () nanog org
> Subject: Re: routing table go boom
> Message-ID: <m2sj3pb4ir.wl%randy () psg com>
> Content-Type: text/plain; charset=US-ASCII
>
> > I certainly think there's a lot that can be done at middle-layers, eg: tunnels
> > to a few different providers.  I can be on a Comcast CM and ATT DSL link and
> > establish a link to a tunnel destination in Chicago that is low-latency for me
> > and the bits will all flow that way.  
> >
> > The last mile loop problem though?
>
> sweden and japan, among others, have some experiences (good and
> mediocre) in this area
>
> randy
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 21 Mar 2013 10:24:51 +0200
> From: Randy Bush <randy () psg com>
> To: North American Network Operators' Group <nanog () nanog org>
> Subject: 2012 internet census
> Message-ID: <m2ppytb1nw.wl%randy () psg com>
> Content-Type: text/plain; charset=US-ASCII
>
> nice piece of work
>
>   http://internetcensus2012.bitbucket.org/paper.html
>
> as cristel says, better coverage than atlas and no need for user
> credits! :)
>
> randy
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 21 Mar 2013 21:26:46 +1300 (NZDT)
> From: Simon Lyall <simon () darkmere gen nz>
> To: nanog () nanog org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID:
>       <alpine.DEB.2.00.1303212112110.28564 () green darkmere gen nz>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> On Thu, 21 Mar 2013, Constantine A. Murenin wrote:
> > Why is it impractical?  If I have a server in Germany and in Quebec,
> > why would it be impractical to have the logic in place such that
> > European visitors would be contacting the server in Germany, and
> > visitors from US/Canada -- the one in Quebec?
>
> But what if the server in Quebec is a little VPS on a 10Mb/s link while 
> the one in Germany is a rack of servers on a 10Gb/s link?
>
> What if I just want the server in Quebec to serve people from Canada and 
> the one in Germany serves the rest of the world?
>
> What if it is 4am in Quebec but 9am in Germany? (it is right now)
>
> What if I have half a dozen pops worldwide?
>
> What if I have 20? 200? 2000?
>
> What is closer to a user in New Zealand, A Pop in Japan, Singapore or LA?
>
> The main thing with GSLB is:
>
> The little guys don't need it,
> The medium sized sites outsource,
> The big guys roll their own.
>
> Personally I outsource and it works very well.
>
> -- 
> Simon Lyall  |  Very Busy  |  Web: http://www.darkmere.gen.nz/
> "To stay awake all night adds a day to your life" - Stilgar | eMT.
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 21 Mar 2013 08:41:40 +0000
> From: bmanning () vacation karoshi com
> To: "Constantine A. Murenin" <mureninc () gmail com>
> Cc: nanog () nanog org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID: <20130321084140.GB432 () vacation karoshi com.>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Mar 21, 2013 at 12:23:02AM -0700, Constantine A. Murenin wrote:
> > On 20 March 2013 21:29, Masataka Ohta <mohta () necom830 hpcl titech ac jp> wrote:
> > > Constantine A. Murenin wrote:
> > >
> > > > Why even stop there:  all modern browsers usually know the exact
> > > > location of the user, often with street-level accuracy.
> > >
> > > If you think mobile, they don't, especially because "often" is
> > > not at all "enough times".
> >
> > Are you suggesting that geolocation is inaccurate enough to misplace
> > Europe with Asia?
>
>
> last month, while in western australia, geoloc pegged me in utah.
> this morning, geoloc pegged me in Kansas, while resident in Maryland.
>
>
> > > > Why is there no way to do any of this?
> > >
> > > Because it is impractical to assume an IP address can be mapped
> > > uniquely to a geolocation.
> >
> > Why is it impractical?  If I have a server in Germany and in Quebec,
> > why would it be impractical to have the logic in place such that
> > European visitors would be contacting the server in Germany, and
> > visitors from US/Canada -- the one in Quebec?
> >
> > C.
>
> secure dynamic update works.  waht is TWC's incentive to allow clients to update
> tjheir reverse DNS delegations, esp when clients are leaving them for T-Mobile?
>
>
> your sugesting the cretion and deployment of something that already exists
> in the LOC RR.  Your rational is that LOC isn't used.  If thats the case,
> why would your proposal be any more successful?
>
> /bill
>
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 21 Mar 2013 05:10:36 -0500
> From: jamie rishaw <j () arpa com>
> To: NANOG <nanog () nanog org>
> Subject: Cisco password implementation trubs: weakened strength?
> Message-ID:
>       <CABL6YZQFf9_e9va0J15kdz1np-Jv-jeZ1Vi9LPnNewGKwMzDNg () mail gmail com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> warning: I'm tired and this email is terse.
> warning: for huge nerds only.
> disclaimer: although I've worked with actual rocket scientists(hi Roger),
> I'm. not one myself..nor am I a crypto mathnerd
>
> apparently, Cisco is changing its password schemas.
>
> old: pbkdf2 by 1k, salted
> vs
> New: (type 4) unsalted sha256
> ..
> discuss.?
>
> there is a cert and Cisco sa on this.. but I'm wondering if anyone has any
> opinions, yea or nay.?
>
> -j.
>
>
> ------------------------------
>
> Message: 7
> Date: Thu, 21 Mar 2013 10:57:02 +0000
> From: Nick Hilliard <nick () foobar org>
> To: nanog () nanog org
> Subject: Re: Cisco password implementation trubs: weakened strength?
> Message-ID: <514AE77E.10705 () foobar org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 21/03/2013 10:10, jamie rishaw wrote:
> > apparently, Cisco is changing its password schemas.
> >
> > old: pbkdf2 by 1k, salted
> > vs
> > New: (type 4) unsalted sha256
> > ..
> > discuss.?
>
> security advisory:
>
> > http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
>
> which states:
>
> > Because of the issues discussed in this Security Response, Cisco is
> > taking the following actions for future Cisco IOS and Cisco IOS XE
> > releases:
> >
> > Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE
> > releases will not generate Type 4 passwords. However, to maintain
> > backward compatibility, existing Type 4 passwords will be parsed and
> > accepted. Customers will need to manually remove the existing Type 4
> > passwords from their configuration.
>
> Kudos to Cisco - this was the right thing to do.
>
> Nick
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Thu, 21 Mar 2013 06:22:52 -0500
> From: Jimmy Hess <mysidia () gmail com>
> To: jamie rishaw <j () arpa com>
> Cc: NANOG <nanog () nanog org>
> Subject: Re: Cisco password implementation trubs: weakened strength?
> Message-ID:
>       <CAAAwwbVxUHr4v4O3_qqJHbXDTTaY0D0juMCNNbYOVGdzZS6ciA () mail gmail com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 3/21/13, jamie rishaw <j () arpa com> wrote:
> > New: (type 4) unsalted sha256
>
> Good for them; DES Crypt and MD5 crypt are dead... however, I hope
> they have misspoken then...  because   that move would make no
> sense... moving to simple unsalted SHA256  as the new hash type  would
> definitely increase the performance of  potential password cracking
> attempts against passwords stored at rest,  instead of addressing the
> massive increase in cheap computing power  (which will necessitate all
> software vendors who are concerned about stored password security,
> stop using older crypt algorithms  yesterday).
>
> In other words;  they would be moving to a weaker hashing algorithm if
> selecting unsalted SHA -- more hashes per second of SHA256  could be
> computed per second on equivalent GPU  than hashes per second of MD5
> Crypt.
>
> PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required
> for a password cracker); Bcrypt stronger than PBKDF2  with appropriate
> work factor selected  (more time _and_  larger amounts of memory space
> required  thwarting GPUs); etc.
>
>
> Also, on what platform have they already used anything stronger than Unix crypt?
>
> As far as I knew, Cisco were always using;  'type 7' password blobs
> vigenere based symmetric encryption with a factory-defined key,  type
> 6 symmetric encrypted storage (with des/aes key obscured from view),
> or type 5  basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm
> used in FreeBSD.
>
>
> > I'm. not one myself..nor am I a crypto mathnerd
> > apparently, Cisco is changing its password schemas.
> > old: pbkdf2 by 1k, salted
> > vs
> > New: (type 4) unsalted sha256
> > ..
> > discuss.?
> >
> > there is a cert and Cisco sa on this.. but I'm wondering if anyone has any
> > opinions, yea or nay.?
>
> --
> -JH
>
>
>
> ------------------------------
>
> Message: 9
> Date: Thu, 21 Mar 2013 20:36:36 +0900
> From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
> To: "Constantine A. Murenin" <mureninc () gmail com>
> Cc: nanog () nanog org
> Subject: Re: Why are there no GeoDNS solutions anywhere in sight?
> Message-ID: <514AF0C4.7000200 () necom830 hpcl titech ac jp>
> Content-Type: text/plain; charset=ISO-2022-JP
>
> Constantine A. Murenin wrote:
>
> > Are you suggesting that geolocation is inaccurate enough to misplace
> > Europe with Asia?
>
> Yes, of course.
>
> Think mobile.
>
>                                               Masataka Ohta
>
>
>
> End of NANOG Digest, Vol 62, Issue 67
> *************************************