Archives

09:58 < ALEX_BAND-RIPENCC> Hello, my name is Alex Band from the RIPE NCC. If you have any questions, please write them here and I will read them out at the microphone.
09:59 -!- AndreasWittkemper [~8b04be82 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:01 -!- ALEX_BAND-RIPENCC [~c10014e7 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC]
10:01 -!- BSS27-RIPE [~bss@2001:878::250:56ff:feb2:149] has joined #dns
10:01 -!- AlexBand is now known as AlexBand_RIPENCC
10:02 -!- ripe920 [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:03 -!- snobu [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC (EOF)]
10:04 -!- ripe841 [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:04 -!- murb [~murb [at] soapstone [dot] yuri [dot] org [dot] uk] has joined #dns
10:04 -!- ripe671 [~c10019d9 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:06 -!- ripe841 [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC]
10:07 < AlexBand_RIPENCC> Carsten has asked for questions
10:07 -!- ripe980 [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:07 -!- ripe980 [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC]
10:08 < AlexBand_RIPENCC> Willem Toorop has started his presentation on Using Path MTU Discovery (PMTUD) for better IPv6 DNS responsiveness
10:08 -!- StucchiMax [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:12 -!- gilles [~Adium [at] 212-15 [dot] vpn [dot] restena [dot] lu] has joined #dns
10:12 -!- snobu [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:13 -!- snobu [~7d1 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC (EOF)]
10:18 -!- amd2-ripe [~amd [at] not [dot] 7f [dot] dk] has joined #dns
10:18 -!- ripe417 [~c10001d0 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:18 -!- ripe417 [~c10001d0 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC]
10:19 < AlexBand_RIPENCC> Any questions for Willem?
10:19 < AlexBand_RIPENCC> Geoff Huston has started his presentation on DNS over TCP Analysis
10:29 -!- shane [~shane@2001:67c:64:42:4a5d:60ff:fe2a:dd50] has joined #dns
10:35 -!- JHP_48972 [~jhp [at] zeus [dot] jhprins [dot] org] has joined #dns
10:36 -!- shane1 [~shane@2001:67c:64:42:4a5d:60ff:fe2a:dd50] has joined #dns
10:36 -!- shane [~shane@2001:67c:64:42:4a5d:60ff:fe2a:dd50] has quit [Read error: Connection reset by peer]
10:37 -!- Michael-Nominet [~Adium [at] dhcp-24-89 [dot] ripemtg [dot] ripe [dot] net] has joined #dns
10:40 < AlexBand_RIPENCC> Ralf Weber has started his presentation on Defeating DNS Amplification Attacks
10:41 -!- ripe181 [~02 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:41 -!- cdp [~cpetrie [at] kitten [dot] ripe [dot] net] has joined #dns
10:42 -!- gilles1 [~Adium@2001:67c:64:42:e9f1:fa03:f80b:def6] has joined #dns
10:42 -!- gilles2 [~Adium@46.245.141.210] has joined #dns
10:45 -!- gilles [~Adium [at] 212-15 [dot] vpn [dot] restena [dot] lu] has quit [Ping timeout: 180 seconds]
10:45 -!- gilles [~Adium [at] dhcp-28-121 [dot] ripemtg [dot] ripe [dot] net] has joined #dns
10:45 -!- gilles [~Adium [at] dhcp-28-121 [dot] ripemtg [dot] ripe [dot] net] has quit [Quit: Leaving.]
10:45 -!- gilles [~Adium [at] 212-15 [dot] vpn [dot] restena [dot] lu] has joined #dns
10:45 -!- gilles1 [~Adium@2001:67c:64:42:e9f1:fa03:f80b:def6] has quit [Ping timeout: 180 seconds]
10:46 -!- gilles [~Adium [at] 212-15 [dot] vpn [dot] restena [dot] lu] has quit [Quit: Leaving.]
10:46 -!- gilles [~Adium [at] 212-15 [dot] vpn [dot] restena [dot] lu] has joined #dns
10:47 -!- gilles2 [~Adium@46.245.141.210] has quit [Ping timeout: 180 seconds]
10:52 < AlexBand_RIPENCC> ralf has asked for questions
10:52 -!- Righter [~02 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:53 -!- david_ripencc [~dwest [at] dhcp-27-13 [dot] ripemtg [dot] ripe [dot] net] has joined #dns
10:54 < Righter> Question: Hi it's Michael from sasag. What yould you propose: Rate Limit with IP Tables or with a Patch on BIND?
10:56 -!- ripe912 [~6d603479 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
10:57 < AlexBand_RIPENCC> Ooooh sorry Righter, I missed your question, should I approach Ralf later?
10:58 < Righter> no worries, if you get him that would be great.
10:58 < shane1> I don't see much benefit of patching BIND for this.
10:59 < AlexBand_RIPENCC> cheers
10:59 < AlexBand_RIPENCC> Tomas Hlavacek is now presenting on IP fragmentation attack on DNS
10:59 < shane1> But I don't know what Nominum would recommend of course. ;)
11:02 < Righter> @shane1 that was also my point of view. other guys told me it would better of RL on BIND because of some false positives..
11:03 -!- ripe912 [~6d603479 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC (EOF)]
11:04 < shane1> Hm... I'm curious what kind of false positives they are concerned about?
11:04 < Donnerhack1> Or stick to DNS dampening ;-)
11:05 < Righter> @shane1 I didn't expanded that discussion on the mailing-list. I'll ask the person the next meeting, I'll meet him. That's why i would ask a guy who studied that more intensive
11:05 < shane1> Sure.
11:06 < matje> I think the false positives they are talking about is that with iptables you would also block legit queries when blocking is active
11:06 < matje> RRL has a mechanism to mitigate against this
11:15 -!- gilles [~Adium [at] 212-15 [dot] vpn [dot] restena [dot] lu] has quit [Quit: Leaving.]
11:16 < AlexBand_RIPENCC> any questions for thomas?
11:20 < matje> Geoff is very hard to hear remotely
11:20 -!- marco_sidn [~02 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has joined #dns
11:20 < AlexBand_RIPENCC> Looks like your question is being answered now Righter
11:21 < matje> slightly better thanks
11:21 < AlexBand_RIPENCC> cheers
11:24 -!- shane1 [~shane@2001:67c:64:42:4a5d:60ff:fe2a:dd50] has quit [Ping timeout: 180 seconds]
11:24 -!- shane [~shane@2001:67c:64:47:4a5d:60ff:fe2a:dd50] has joined #dns
11:27 -!- ripe671 [~c10019d9 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC (Ping timeout)]
11:30 -!- brian [~bnisbet@193.1.233.70] has quit [Quit: Leaving]
11:32 -!- Michael-Nominet [~Adium [at] dhcp-24-89 [dot] ripemtg [dot] ripe [dot] net] has quit [Quit: Leaving.]
11:34 -!- AndreasWittkemper [~8b04be82 [at] rosie-arch [dot] ipv6 [dot] ripe [dot] net] has quit [Quit: CGI:IRC]
11:36 -!- shane [~shane@2001:67c:64:47:4a5d:60ff:fe2a:dd50] has quit [Ping timeout: 180 seconds]
11:38 < AlexBand_RIPENCC> thanks everyone!