swinog

swinog@lists.swinog.ch

6 participants
2924 discussions

.CH/.LI DNSSEC Algorithm Rollover
by Daniel Stirnimann 12 Nov '18

12 Nov '18

Hello, for your information, SWITCH will perform a DNSSEC algorithm rollover from RSA to ECDSA for ch. and li. ECDSA uses smaller keys and signatures than their RSA counterparts, which means responses to DNS queries are smaller. ECDSA was already standardised for use in DNSSEC in 2012. While switch.ch has been signed with ECDSA since 2016, IANA the root zone operator has only recently allowed TLDs to use it. The changes to the ch. and li. zones DNSKEY record are as following with times reported in UTC: 2018-11-21T13:30 Add new ECDSA key to DNSKEY record set 2018-12-21T13:30 Remove old RSA key from DNSKEY record set Between this interval, the chain of trust for ch. and li. will be updated in the root zone to point to the new ECDSA key only. Operators of DNSSEC validating DNS resolvers do not need to do anything. In the unlikely case that your validating DNS resolver only understands RSA but not ECDSA, then it will answer to ch. or li. queries as if they were not DNSSEC signed. You can test which DNSSEC algorithms are supported by the DNS resolver(s) configured on your system by visiting: https://rootcanary.org/test.html Best regards, Daniel Stirnimann, SWITCH -- SWITCH Daniel Stirnimann, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 24 daniel.stirnimann(a)switch.ch, www.switch.ch

1 0

Mail MX Databaar
by walter＠onda.ch 05 Nov '18

05 Nov '18

Hello Could somebody from Bluewin connect to me offlist? We have some trouble sending mails. Regards Walter

1 0

*** Save the Date - SwiNOG#35 08.05.2019 ***
by Simon Ryf 04 Nov '18

04 Nov '18

Dear SwiNOG’ers Save the Date ! Put it in your Calendar - NOW :) Wednesday May 5th 2019 is SwiNOG #35 Have nice week SwiNOG Team

3 5

Google DNS on Salt Mobile
by Gregor Riepl 01 Nov '18

01 Nov '18

Hi, It seems like Salt is no longer supplying their own DNS servers when establishing an LTE connection. Instead, the network responds with Google DNS servers (8.8.8.8 8.8.4.4). Is there a particular reason for that? I'd rather not send all my DNS requests to Google. Perhaps it's time to switch to private resolvers everywhere, if not even ISPs are providing that service any more... Thanks for any info. Greg

6 12

Announcing mirror.init7.net
by Fredy Kuenzler 30 Oct '18

30 Oct '18

As SWITCH has announced the sunset of http://mirror.switch.ch/ a while ago we are happy to announce a successor mirror.init7.net. https://mirror.init7.net By supporting IPv6 and legacy IPv4 and https as well as legacy http we hope to be able to support the Opensource- and Internet-Community in the future. In case your DNS resolver is broken we gave mirror.init7.net nice and easy to memorize IP addresses: https://2001:1620::1620 https://109.202.202.202 We would like to express our gratitude to SWITCH for providing a mirror service for much longer than a decade. PS. a hint for Debian and Ubuntu users - please ensure you have the package apt-transport-https installed to use https. -- Fredy Kuenzler Init7 (Switzerland) Ltd. AS13030 Technoparkstrasse 5 CH-8406 Winterthur Twitter: @init7 http://www.init7.net/

2 1

Swinog #34 Ride on 30th - Geneva and Lausanne
by Will van Gulik 29 Oct '18

29 Oct '18

Hey Swinogers, FYI I will be taking the train at 6:42 from GVA, in 2nd class. If anyone wanna join me, I'll try to take some space for those stepping in in Lausanne. Cheers and see you all tomorrow ! :) Will

3 2

##### SwiNOG#34 - Travel Info #####
by Simon Ryf 28 Oct '18

28 Oct '18

Dear SwiNOG Community, Please find general information about the SwiNOG #34 meeting below. https://www.swinog.ch/meetings/swinog34/ Date: 30.10.2018 - Registration 08h15 - 09h15 Location: Gurtenpark, Bern: https://goo.gl/maps/kuxy4QUrcoy >From Bern main station you may take: - S-Bahn S3 Belp and exit at Wabern station - Tram 9 (Wabern) and exit at Gurtenbahn stop Then take the Gurtenbahn to the Gurtenpark. -> You DO NOT have to pay a fee, just tell you attend to the SwiNOG event. Don’t throw away the ticket - you'll need it to get back down. Map (Ground Station of the cable rail): https://goo.gl/maps/5uSKtgbianM2 Suggested trains from Geneva: 06h14 Zurich: 07h02 WIRELESS ACCESS During the meeting, you have access to free WLAN! See you at SwiNOG #34! Simon Ryf SwiNOG Organisation

1 0

Rittal racks to sell
by Olivier Beytrison 23 Oct '18

23 Oct '18

Hello! We have a pod of 10 Rittal TS8 racks (2x5), including Hot/Cold aisle containment to sell for a very low price. It is located in Fribourg. The pack includes : 9 Rack TS8 800x1000x2000 (42U) 1 Rack TS8 800x800x2000 (42U) 2x Aisle Containement sliding door Roof (2 pieces have been cut for air return intake) 9x PSM Rail (without plug modules) Cable management Everything is in very good condition (Installed 5 years ago). Some pictures : https://photos.app.goo.gl/YUcBncgXSUXyzkH5A Available until end of november, after that it goes to trash Please contact me off-list. Have a nice day Regards, Olivier B. -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: olivier(a)heliosnet.org

1 0

BGP LLGR, followup
by Vincent Bernat 22 Oct '18

22 Oct '18

Hey! A quick followup for my lightning talk from last year about BGP LLGR: - Support has been added in BIRD 1.6, BIRD 2 and GoBGP. AFAIK, Cisco still only supports it on VPN and FlowSpec families. - Draft 4 has been published and IANA has assigned capability code and well-known comunity (compatible with existing implementations). https://tools.ietf.org/html/draft-uttaro-idr-bgp-persistence-04 https://vincent.bernat.ch/en/blog/2018-bgp-llgr -- Make sure all variables are initialised before use. - The Elements of Programming Style (Kernighan & Plauger)

1 0

## Agenda - SwiNOG#34 ##
by Simon Ryf 17 Oct '18

17 Oct '18

Dear SwiNOG community, Here is the final agenda for SwiNOG #34 on Tuesday 30.10.2018 on top of Gurten. Thank you A big thank you to A10 Networks for sponsoring this event and for RETN GmbH supporting us. Registration https://register.swinog.ch (registration closes on 22.10.2018 – after that you need to pay extra fee for late reg.) We still have time for Lightning Talks, if you’re up for it, you’ll get a free voucher for the next event or if submitted before 22.10.2018 – for SwiNOG#34 Agenda https://www.swinog.ch/meetings/swinog34/ 08:15 - Registration, Coffee & Gipfeli 09:15 - Welcome, Agenda 09:20 - IPv6 first in Data Center Light | Nico Schottelius (ungleich glarus ag) Our crowdfunding campaign last year was a great success and raised more than CHF 250,000.00: with this success we built a data center in Glarus Süd, Switzerland in the heart of the Alps. It is called Data Center Light and it is operating with 100% hydropower. The idea behind this data center project is supporting the Free and Open Source Software (FOSS) community as well as empowering local communities. It is fully open source and relies on IPv6 which we strongly believe in, because we think that IPv6 will become more important in the near future and will eventually replace IPv4 in the long run. 09:40 - IoT = Internet of Threats? | Heiko Frank (A10 Networks) We are moving from 300 Gbps range attacks to 1Tbps+ attacks by using a botnet with IoT devices. A10 Presents 5 necessary steps to be prepared for colossal DDoS attacks. The A10 DDoS-One Protection is a 360 degrees solution to cover the complete lifecycle of a next generation DDoS protection. 10:10 – Coffee Break 10:40 - The new Post and Telecommunications Surveillance Act (BÜPF) | Alexandre Suter + Nils Güggi (Post and Telecommunications Surveillance Service PTSS) In November 2017, the Federal Council announced that the new Post and Telecommunications Surveillance Act (BÜPF) would enter into force on March 1st, 2018. One year later, PTSS will present the first experience with the new legislation and outline the relevant legal and technical aspects for Swiss service providers. 11:40 - Automating DNSSEC | Daniel Stirnimann (SWITCH) SWITCH has implemented a method (RFC 7344, 8078) to allow DNS operators to automatically update DNSSEC keys at the registry as opposed to manual updates through a registrar interface. This presentation will provide details about the implementation and a demonstration of securing a zone with one command. 12:05 - Lunch 13:35 - PeeringDB Update | Arnold Nipper (PeeringDB) As PeeringDB is an ongoing project this will be a short update only. 13:45 - 400G - don't get confused with this transceiver generation | Thomas Weible (Flexoptix GmbH) Transmission speed of 400G is becoming a reality, with new challenges for optical and electrical components in high speed systems emerging as well. PAM4 modulation is one key component for 400G transmission with transceivers, this talk will be a show and tell into PAM4. With this knowledge, the design decisions behind the new formfactors OSFP, QSFP-DD, SFP56-DD and µQSFP are easier to understand. This talk will help you to: * Design / build new kind of applications or connections with your networking gear in the field * Avoid pitfalls when designing your racks * Be aware how power consumption and new plugs will be part of the new world of 400G transceivers. 14:15 - OpenBGPD, gotta go fast! | Claudio Jeker (OpenBGPD) OpenBGPD was started in 2003 and became quickly popular in many smaller networks and also as route-server at many IXPs. Over the years the requirements for running BGP -- especially route servers at exchange points -- has changed but OpenBGPD did not keep up with some of them. Thanks to the RIPE NCC Community Projects Fund and donations by various IXPs a lot of improvements are done. This presentation is an update what was achieved until now and what will come. One of the show cases is how OpenBGPD can be used together with a route-server -- a config generator -- to build secure route-servers for IXPs. 14:45 - Afternoon Break 15:15 - RomandIX : Year one | Nicolas Desir + Will van Gulik (RomandIX) Broadcast/MAC learning, ARP/NDP inspection, sponge: Is there another paradigm? Let's hack a Switch and build a community ! 15:45 - McPatchbot @ DE-CIX | Arnold Nipper (DE-CIX) Tbd 16:55 – tba, not everything in the box yet but it looks like we’ll fill it up till 17:00 17:00 - Social Event Looking forward to seeing all of you!!! Simon SwiNOG A10 Networks - SwiNOG#34 Sponsor

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog