44net June 2015

44net@mailman.ampr.org

41 participants
47 discussions

Re: [44net] Strange Broadcasts...
by Steve L 07 Jun '15

07 Jun '15

Maybe we should recommend some outbound firewalling for such known nuisances? To reduce traffic, drop neighbor discovery and smb as well as MikroTik Neighbor Discovery Protocol on tunl0 (optional, but a good idea): iptables -A OUTPUT -o tunl0 -p udp --dport 10001 -j DROP iptables -A OUTPUT -o tunl0 -p udp --dport 137:139 -j DROP iptables -A OUTPUT -o tunl0 -p udp --dport 5678 -j DROP 81.174.253.193 2014-02-23 11:14:58 G7UOD 24.85.103.226 2014-05-22 15:26:56 VE7ASS

6 5

Re: [44net] Strange Broadcasts...
by Rob Janssen 06 Jun '15

06 Jun '15

> Subject: > Re: [44net] Strange Broadcasts... > From: > "Marius Petrescu" <marius(a)yo2loj.ro> > Date: > 06/06/2015 08:54 AM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > The iptables solution doesn't apply to Mikrotik equipment since they don't > run Linux. Of course they are! It is easy to add iptables rules like that to a MikroTik router. But even easier to just turn off the sending of the MNDP packets. > The Mikrotik Neighbor Discovery Protocol (MNDP) is enabled by default on > newly created IPIP interfaces. > And since there is such an interface for each mesh partner, they are > probable programatically generated by a script. Well, running IPIP mesh on a MikroTik may not be a good idea. At least not until it supports ampr-ripd so you can run just a single IPIP interface for the entire mesh, and use a separate routing table updated by RIP messages. (similar to the situation with other commercial routers like Cisco and Juniper) Did anyone ever try to get such a change incorporated by the MikroTik people? I have no idea how friendly they are to such specialized requests, but on the other hand they have a very broad collection of exotic protocols and configuration items. (I just got a 2011UiAS-2HnD this week, and I am impressed. I will use it as my home router, but not on the IPIP mesh, it will be connected to my Ubiquiti Airgrid with a link to the local HAMNET which again is linked to our gateway) Rob

2 1

RIPE Atlas Probe on 44net?
by Bryan Fields 06 Jun '15

06 Jun '15

I was at NANOG 64 <https://www.nanog.org/meetings/nanog64/home> this week and picked up an Atlas Probe from RIPE. <https://atlas.ripe.net> I've got it online here on my 44net space in Florida. https://atlas.ripe.net/probes/18550/ Don't know if anyone else has one online on 44net, or the AMPRnet, but it might be of interest to the group. You can also sign up and get a probe, might be cool to have a few spread out on the BGP speakers and at the main gateway. They are trivial to configure, DHCP and then it manages it self from there. 73's, W9CR -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

1 0

Strange Broadcasts...
by jerome schatten 06 Jun '15

06 Jun '15

So on my jnos machine, every minute without fail, I see the following broadcast on tun0: Fri Jun 5 14:22:01 2015 - tun0 recv: IP: len 168 81.174.253.193->192.168.1.149 ihl 20 ttl 243 tos 160 prot IP IP: len 148 44.131.160.1->255.255.255.255 ihl 20 ttl 64 DF prot UDP UDP: len 128 5678->5678 Data 120 0000 ..<.....teqgate01....6.27....MikroTik....."".....ILXI-T3GZ....RB 0040 1200......................Ug.....ipip-ampr-24.85.103.226 Fri Jun 5 14:22:01 2015 - tun0 recv: IP: len 168 81.174.253.193->192.168.1.149 ihl 20 ttl 243 tos 160 prot IP IP: len 148 44.131.160.1->255.255.255.255 ihl 20 ttl 64 DF prot UDP UDP: len 128 5678->5678 Data 120 0000 ..<.....teqgate01....6.27....MikroTik....."".....ILXI-T3GZ....RB 0040 1200......................Ug.....ipip-ampr-24.85.103.226 (encap) 44.131.160.1->255.255.255.255 DF UDP 0000 ..<.....teqgate01....6.27....MikroTik....."".....ILXI-T3GZ....RB 0040 1200......................Ug.....ipip-ampr-24.85.103.226 Fri Jun 5 14:22:01 2015 - tun0 sent: IP: len 148 44.131.160.1->255.255.255.255 ihl 20 ttl 63 DF prot UDP UDP: len 128 5678->5678 Data 120 0000 ..<.....teqgate01....6.27....MikroTik....."".....ILXI-T3GZ....RB 0040 1200......................Ug.....ipip-ampr-24.85.103.226 Why is this happening? Anyone else seeing this stuff? Best, jerome - ve7ass Vancouver

3 4

Re: [44net] Bad MX records in the ampr.org DNS
by Rob Janssen 03 Jun '15

03 Jun '15

> Subject: > Re: [44net] Bad MX records in the ampr.org DNS > From: > Tom Hayward <esarfl(a)gmail.com> > Date: > 06/02/2015 10:01 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > >> I'm not sure if this is how everyone does it, but we (HamWAN) had to >> make DNS changes via our regional coordinator. We would construct an >> email in AMPR DNS robot format and send it to him, then he would >> forward it to the robot. This added quite a bit of latency (half day >> plus) to our updates and quite a workload for our regional coordinator >> (our network is growing fast). I think when you are responsible for some subnet and you have frequent updates, it would be trivial to get you registered as submitter of updates to the DNS robot. Also, there should be DNS update functionality in the portal and it should be possible to be a regional coordinator there, so you can approve the updates for your network. However, that function is still not completed. I think that when problems are encountered, solutions should be sought that result in a clear and workable solution for everyone, not a fork of the main system. Effort spent on running a DNS for a subdomain had better been spent on a usable update mechanism for the main DNS. Rob

1 0

Re: [44net] Bad MX records in the ampr.org DNS
by Rob Janssen 03 Jun '15

03 Jun '15

> Subject: > Re: [44net] Bad MX records in the ampr.org DNS > From: > Brian Kantor <Brian(a)UCSD.Edu> > Date: > 06/02/2015 04:08 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > There are seven AMPR.ORG and 44.in-addr DNS servers located around the > world. The chance that all of them will be down at once is close to zero. > We allow people to AXFR their content so it is perfectly possible > to have a redundant DNS server on your local net which can answer queries > regarding those zones even if you are partitioned from the Internet somehow. > Indeed... I don't see a reason to have a private nameserver for a subdomain either. The ampr.org nameserver works well, it allows updates, maybe the only thing that could be nice is the ability to set TXT and other records. Having a subdomain just makes things more complex. The only reason I did a replication of the zone is that a local amateur who is running a newscast was telling the world that one of the advantages of AMPRnet/HAMNET is that it would continue to work when Internet was down. I explained him that it is not that straightforward as we depend on Internet services, most notably DNS. I thought a bit and decided to load the ampr.org zone in a nameserver on our gateway that already is working as a caching resolver for our 44.137.0.0/16 subnet. I think now it will resolve ampr.org names even without a connection (although I have not fully tested that yet). Of course only those names that are in the ampr.org zone, not those that are below a subdomain served by some other server. But we cannot cache the entire world's DNS, and only the ampr.org zone should be sufficient to connect most wellknown systems. I did not use AXFR, I download the zone from ftp://hamradio.ucsd.edu/pub/ampr.tar.gz Both methods have their advantages/disadvantages, I think. Rob

3 2

Re: [44net] Bad MX records in the ampr.org DNS
by Rob Janssen 02 Jun '15

02 Jun '15

> Subject: > Re: [44net] Bad MX records in the ampr.org DNS > From: > Don Fanning <don(a)00100100.net> > Date: > 05/28/2015 02:45 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > On Wed, May 27, 2015 at 5:36 PM, Bryan Fields<Bryan(a)bryanfields.net> wrote: > >> >>> > >That is not true at all. The previous paragraph states that it must >>> > >process the entire FQDN and not many any inferences as to the domain's >>> > >relationship with the FQDN. >> > >> >I'd like to try it out then, as I'm certain this doesn't work that way in >> >most >> >resolvers for MX's. I've run into it before even. >> > >> > > I can tell you that GMail's MX RR's work in this fashion. I don't need to > know their A record for my DNS. I just add their CNAME'ed MX records to my > domain files and my mail shows up. And my domain isn't hosted by them. > Just my mail hosting. > > https://support.google.com/a/answer/33915?hl=en Indeed, it is allowed to have some record like: sub.domain IN CNAME another.domain with another.domain IN MX 10 hostname But that is not what I mean. What is NOT allowed (by the spec) is to have: name IN MX 10 mail mail IN CNAME some.mail.server So you can have a CNAME pointing to MX, but not MX pointing to CNAME. Also, I don't understand the relation to the Google example. The support page you mention gives a list of MX records with names that are all A and AAAA records, no CNAME involved at all. In practice, it appears that the CNAME works with some mail transfer agents. But bind9 is complaining. The literal IP address in an MX record results in 2 warnings, one that there is an address in the MX record and another that the 111.222.333.444.ampr.org is not defined. This of course is because an address is not expected there, and it is treated as a domain name relative to the $origin of the zone. When your server has no associated name, of course you can assign one within ampr.org. Also, when you want your server to SEND mail in addition to RECEIVING it, you need to have a name and a matching reverse, or many spamfilters will just drop your mail on the floor. Rob

11 23

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net June 2015