Categories
Internet

Talking about DNSSEC

The Austrian ISP Association (ISPA) had asked me to hold a workshop on DNSSEC as part of their “ISPA Academy” series of events. And as they had complaints that all their events are in Vienna, I agreed to hold it in Salzburg, where I had logistical support from the nic.at headquarter.

I thus spent the Wednesday traveling to Salzburg (actually: I’m usually quite productive in trains, and a good part of the presentation was prepared on the way in), then holding the workshop and riding the train back. Six hours of train for 4 hours of workshop isn’t that bad.

If anyone is interested, here are my slides. My aim was to explain the motivation for DNSSEC, the technical implementation and, most importantly, what introducing DNSSEC means for an ISP. I only touched very briefly on the commercial aspect.

In the end, this room full of techies were not exactly cheering for the adoption of dnssec.

Postscript: Just two days later, we have this: doc.gov, the entity that still has a hand in approving changes to the root zone, messed up their DNSSEC signatures. From http://dnsviz.net/d/doc.gov/dnssec/:

Categories
Tracks

Tracks: Clemens

More and more, Clemens builds tracks by himself. Up until recently, they consisted only of long stretches and hardly ever formed closed loops.

This is starting to change, below is what he managed to build yesterday:

Categories
System Administration

Dear Cisco

I’m doing a bit of network monitoring with SNMP again, and stumbled upon yet another cisco SNMP bug. Back when I wrote the pan-european NMS for KPNQwest, I had to work-around a good number of bugs in the IOS snmp agent, but this time it’s a bug in the MIB file:

Using the CISCO-BGP4-MIB, I can graph the state of my BGP peerings. All fine, when looking at


    CbgpPeerAddrFamilyPrefixEntry ::= SEQUENCE {
        cbgpPeerAcceptedPrefixes        Counter32,
        cbgpPeerDeniedPrefixes          Gauge32,
        cbgpPeerPrefixAdminLimit        Unsigned32,
        cbgpPeerPrefixThreshold         Unsigned32,
        cbgpPeerPrefixClearThreshold    Unsigned32,
        cbgpPeerAdvertisedPrefixes      Gauge32,
        cbgpPeerSuppressedPrefixes      Gauge32,
        cbgpPeerWithdrawnPrefixes       Gauge32
        }

you notice that the Gauge32 vs. Counter32 types are mixed up.

cbgpPeerAcceptedPrefixes is the only Gauge here, whereas cbgpPeerDeniedPrefixes, cbgpPeerAdvertisedPrefixes, cbgpPeerSuppressedPrefixes and cbgpPeerWithdrawnPrefixes are actually Counters, e.g.


    cbgpPeerWithdrawnPrefixes  OBJECT-TYPE
        SYNTAX      Gauge32
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
                "This counter is incremented when a route prefix,
                 which belongs to an address family, is withdrawn on
                 this connection. It is initialized to zero when the
                 connection is undergone a hard reset."
        ::= { cbgpPeerAddrFamilyPrefixEntry 8 }
Categories
Life

A Sunday Trip

After taking the kids to the election place we drove to Sparbach Park for a nice Sunday’s excursion:

Elena in the Sand Pit

The promised Ice

Am Spielplatz

Categories
Life

Tired kids

This saturday we finally ordered the new bed for the kids (roughly like the third one from here, had lunch at Kika (not advisable: why the f* is the non-smoking area of the restaurant not next to the playground?)) and when driving home the kids fell asleep in the car:

Elena:

Elena

Clemens:

Clemens

Categories
Tracks

Tracks

Categories
Tracks

Tracks

2010/04/16

Categories
Tracks

Tracks

Track 2010/04/12

Categories
Life

Ostern in Rosegg

Karfreitag früh:

Samstag:

Sonntag:

Categories
Pet Peeves System Administration

Windows 7 Fail

Initially, Windows 7 looked nice. But the longer I worked with it, it’s starting to show the usual Windows cruft:

I already wrote about the empty lists within Windows Update. Yes, that still happens.

Hibernate does not work.

And now I tried to setup a backup, and ended up with: