swinog November 2018

swinog@lists.swinog.ch

14 participants
9 discussions

by Michele Capobianco

Hey all A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem. Does anybody know something? Cheers Michele -------- Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32 http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch> --------

2 months, 2 weeks

CANCELLED: SwiNOG-BE169

by Viktor Steinmann

Dear SwiNOGers, Due to scheduling conflicts, I'll have to cancel the announced Beer Event on Monday, 3rd December 2018. It seems, the Beer Events have come to an end. If someone would like to take the lead for 2019, please let me and/or Steven know off-list. Kind regards, Viktor (aka Stony)

4 years, 10 months

Do ISP still offer outgoing smtp relaying services to business customers with own smtp server?

by Benoit Panizzon

Dear List We sometimes get requests from business customers, with own mailserver, which directly receives email via smtp, for an outgoing smtp-relay. I then argue with: * Their server is absolutely capable of sending emails directly * They have better control of the sending process. * They can look for problem them self in their logs. * Anti-Spam thresholds aimed at end users, not companies. * They are not affected if another customer is spaming and therefore the IP of the relay blacklisted. But still, I then often get an "BUT... you are our ISP, isn't it your duty to offer such a relay service? Other ISP do this!" rly? Do other ISP still offer smtp relaying services to business customers with own email infrastructure? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

4 years, 10 months

Inbound DNS query filtering on "broadband" IPs?

by Claudio Luck

Hi all I'm currently experimenting to host DNS zones on dynamic IP addresses and dynamic DNS. But I'm encountering more difficulties than expected on "broadband connections" in receiving UDP port 53 DNS query packets. In one case they're filtered completely (TCP port 53 works, UDP port 53 is blacked out), while on some there seems to be some adaptive filtering requiring like 10 minutes to "open up". Does this ring a bell? I would be thankful about any hint what could be interfering, PM or here. Thanks! Best Claudio Luck

4 years, 10 months

Invalid ROA on Sunrise managed IP range

by Mike Kellenberger

Hi Could someone from Sunrise contact me off-list? We received a message about an invalid ROA of one of our customers IP-ranges, which is managed by Sunrise. I've tried contacting ip-reg(a)sunrise.net multiple times already, but I'm not getting any response. Regards, Mike -- Mike Kellenberger Teamleader Network & Security nexellent ag Sägereistrasse 33 CH-8152 Glattbrugg Phone: + 41 44 872 20 00 Direct: + 41 44 872 20 30 Mobile: + 41 79 421 17 78 www.nexellent.ch twitter.com/nexellent

4 years, 10 months

.CH/.LI DNSSEC Algorithm Rollover

by Daniel Stirnimann

Hello, for your information, SWITCH will perform a DNSSEC algorithm rollover from RSA to ECDSA for ch. and li. ECDSA uses smaller keys and signatures than their RSA counterparts, which means responses to DNS queries are smaller. ECDSA was already standardised for use in DNSSEC in 2012. While switch.ch has been signed with ECDSA since 2016, IANA the root zone operator has only recently allowed TLDs to use it. The changes to the ch. and li. zones DNSKEY record are as following with times reported in UTC: 2018-11-21T13:30 Add new ECDSA key to DNSKEY record set 2018-12-21T13:30 Remove old RSA key from DNSKEY record set Between this interval, the chain of trust for ch. and li. will be updated in the root zone to point to the new ECDSA key only. Operators of DNSSEC validating DNS resolvers do not need to do anything. In the unlikely case that your validating DNS resolver only understands RSA but not ECDSA, then it will answer to ch. or li. queries as if they were not DNSSEC signed. You can test which DNSSEC algorithms are supported by the DNS resolver(s) configured on your system by visiting: https://rootcanary.org/test.html Best regards, Daniel Stirnimann, SWITCH -- SWITCH Daniel Stirnimann, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 24 daniel.stirnimann(a)switch.ch, www.switch.ch

4 years, 10 months

Mail MX Databaar

by walter＠onda.ch

Hello Could somebody from Bluewin connect to me offlist? We have some trouble sending mails. Regards Walter

4 years, 11 months

*** Save the Date - SwiNOG#35 08.05.2019 ***

by Simon Ryf

Dear SwiNOG’ers Save the Date ! Put it in your Calendar - NOW :) Wednesday May 5th 2019 is SwiNOG #35 Have nice week SwiNOG Team

4 years, 11 months

Google DNS on Salt Mobile

by Gregor Riepl

Hi, It seems like Salt is no longer supplying their own DNS servers when establishing an LTE connection. Instead, the network responds with Google DNS servers (8.8.8.8 8.8.4.4). Is there a particular reason for that? I'd rather not send all my DNS requests to Google. Perhaps it's time to switch to private resolvers everywhere, if not even ISPs are providing that service any more... Thanks for any info. Greg

4 years, 11 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog November 2018