I tested this in sandbox over past 24 hours - and:

it's not very affective if there are hosts in the ampr zone, and that can change
technically, to do so would be invalid/poison

I will leave as is the missing 44.15/16 - I will proceed to ask Sweeden (?) regarding 44.5/16. Regarding 44.25/16 - it's sick and unfortunate they said NO before I even asked; although I now know who encouraged them to do so.

Again, thanks HamWan for following policy - it made reconfiguration for 44.25/16 simple.

Thanks to others for your ideas and views off-reflector, I did consider them.

Lastly on a network where research should be encouraged - it's ashamed millions of dollars are given out by the regime to others; but 0 cares are given when it doesn't cost a dime for those actually making use (i.e. donated for 10+ years). Frankly, having sat here for over a year waiting to speak - I don't see with millions of dollars, how progress is slow on these AMPRNet projects, changes, broken services, etc. Given there's funding, I would again encourage ARDC to seek additional professional help. I always learned "charity begins at home". 501(c)3's should be careful about things like this - and I digress.

- Lynwood

On Thursday, April 25, 2024 at 09:29:26 AM EDT, lleachii@aol.com <lleachii@aol.com> wrote:

Rob,

I should probably note the basic logic of my reasoning that prompted the inquiry to you:

My intention is to use the "official AMPRNet" API to re-create the reverse zone (i.e. in a usable format)
I assume that it will omit or have missing 5, 15 and 25.44/16 subnets and hence, they should likewise be omitted

- KB3VWG

On Thursday, April 25, 2024 at 09:04:04 AM EDT, lleachii--- via 44net <44net@mailman.ampr.org> wrote:

Rob,

I have had off-reflector inquires. I want to see your views about simply "localizing" the /16 zones as masters for anyone who cares (since I do receive a lot of traffic). Since the networks seem to have isolated themselves and they provide their own DNS, and are BGP, it really is unnecessary to discuss with them?

Technically, the /16's "don't exist" on AMPRNet and are our of control of the ARDC (save removing their ARIN delegation). I would have asked the "admins" of those networks, but the last one said I soiled a relationship before I even sent a communication to them (funny - to me it seems someone communicated "something" to them). The IPIP mesh will pick up any islands - aside from the PTRs (which we don't have anyway)- all is well. And any bandwidth (like what AMPRGW attempted to save) due to non-cooperation is saved.They claim to run IPENCAP anyways.

I bring this up because I've seen mentioned some API?

Is there a Wiki on this?
use only Authoritative servers, when that failed
Oh, I need a gateway to use 1.1.1.1, 8.8.8.8 and 9.9.9.9
when that fails because I'm 2000km+ from the anycast endpoint server round-trip
make my own DNS
when that fails - oh well, maybe it's my language or I need to know what a DNS server is - but I have experience in IT

I'm being told those servers are down - and have have been for quite some time. Their failures (I won't speak on the current regime) are why B. Kantor and others permitted AXFR. I find it funny that the option is a failed or decommissioned server instead of RFC-documented processes. Albeit I'll acknowledge there's some myth about not allowing AXFR, DDoS, vector for malicious actors, etc. (to be honest, I'm ignoring the silliness and evasiveness - maybe it's been mistaken for my misunderstanding IT or EN).

Let's keep the conversation to the specific topic - it's my direct intent not to solicit trolling.

73,

Lynwood

KB3VWG

On Thursday, April 25, 2024 at 03:39:20 AM EDT, Rob PE1CHL via 44net <44net@mailman.ampr.org> wrote:

I think a point that has not been clear: ARDC *do* allow AXFR on ns.ardc.net. No issue there.
What people were complaining about is that some zones that have been delegated to other name servers
do not allow AXFR. E.g. Fredric Moses - W8FSM has been explaining here that he won't allow AXFR
on his zones.

Now why one would not allow AXFR on a reverse zone to someone in net44 is completely unclear to me.
It is easy to work around, after all. Probably they based their policy on considerations
about a forward zone, and about allowing transfer to everybody.

Rob

On 2024-04-25 00:02, Jeff Parrish-Personal via 44net wrote:
> Good evening, everyone,
>
> I have been passively watching this heated discussion. I usually wouldn't jump in on it, but I have some input.
>
> 1.
> We are HAMS, and one of our goals is to better the hobby for everyone.
> 2.
> I think finding a way to have multiple recursive DNS geographically disbursed is a good idea.
> 3.
> We must remember that any DNS we get from ARDC, whether ampr.org or ardc.net, is still technically an ARDC ZONE, and they have the right to choose whether they will allow AXFR.
> 4.
> While you need to have a DNS entry created in the ARCH Portal for IPIP to work, if you have your own domain name, you can still use that. I own kb9gxk.net and will publish it under my domain for anything I wish to allow others to access. I chose Cloudflare for this as I can use their CloudflareD option to allow public access via my IP but keep the actual HAM traffic going through my IPIP tunnel.
> 5.
> There are no RFCs stating that a DNS server MUST allow for AXFR. That easily allows for DNS poisoning. I'm hoping that ARDC's DNS servers are using DNSSEC to help prevent this.
> 6.
> Lynwood, if you have a server in a Data Center, why would you not work with them to get a BGP connection instead of using IPIP? I'm not saying you have to; I'm just curious.
> 7.

> The new portal has given us much more access than the old one, and there are bound to be bugs and delays as many more requests are being processed. I'm still having an issue with my DNS stuff, but I am patiently waiting. In my case, my IPs were previously assigned, and my "DNS Name" was created in the wrong domain, so when I had asked for the previous assignments to be removed, I couldn't create the proper entries for my IPs to work correctly. Again, I know they are backed up with tickets, and I will wait patiently.
>
>
> This whole discussion could have been handled differently. This could have started as a proposal of ideas and asking for implementation.
>
> As a side note, when I get passionate about something I believe and decide to write an email, I use Grammarly to a) make sure my grammar is correct and b) check the tone of the email. I have learned that my passion can be very off-putting, so I have found a way to say what I need to, but it is not demeaning.
>
> 73,
> Jeff Parrish - KB9GXK
_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org

_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org