While I am spending time on APNIC’s security workshop here at APNIC 46, I got curious about DNSSEC deployment across ccTLDs.
For those who may be unaware, DNSSEC adds signature the DNS responses making it possible to cryptographically verify a DNS query response.
Out of 254 ccTLDs, 125 support DNSSEC with a published DS record (at least that is what I get when I check their zone) and 129 do not support it as yet. So, for now, it is at 49.21%.
I am in Noumea in New Caledonia in the Pacific Islands. Next week we have APNIC 46 conference and I would be moderating an exciting panel discussion with friends from Akamai, Cloudflare, Facebook and more about working of CDNs.
If attending APNIC 46, please come & join this session.
If you are interested in connecting to Hurricane Electric (AS6939) in this region, please do drop me a message.
(List of our PoPs in the region here)
Earlier this year after APRICOT 2018, I posted a list of visible Facebook FNA (CDN caching) nodes across the world with IPv4, IPv6 and the AS name. I got quite a few mails in following months about people mentioning that they installed nodes but do not see their names in the list (and that was normal since list was static).
I re-ran my script to see emailslatest status of nodes. During last check I saw 1689 nodes (3rd March). Now on 26th Aug i.e after close to 6 months, the total number of nodes has increased to 2204.
For folks from the non-networking world, default route means basically a path to send packets when you do not have a specific route. So e.g if you know how to send packets to Google, send it, for Netflix, send it, for say Amazon - no path? Well, no worries, just send via a default path. So default route is basically what takes traffic for everything else.
Returning to the post which is not about networking. It’s about default route for home routing table and that’s my mother. :)
Often this comes into the subnetting discussion by my friends who are deploying IPv6 for the first time. How do you calculate subnets outside the 4-bit nibble boundary? This also happens to be one of starting points of APNIC IPv6 routing workshop where I occasionally instruct as community trainer.
In IPv6 context, it refers to 4 bit and any change in multiple of 4 bits is easy to calculate. Here’s how: Let’s say we have a allocation: 2001:db8::/32. Now taking slices from this pool within 4 bit boundry is quite easy. /36 slices (1 x 4 bits) 2001:db8:0000::/36 2001:db8:1000::/36 2001:db8:2000::/36 and so on… /40 slices (2 x 4 bits) 2001:db8:0000::/40 2001:db8:0100::/40 2001:db8:0200::/40 /44 slices (3 x 4 bits) 2001:db8:0000::/44 2001:db8:0010::/44 2001:db8:0020::/44 /48 slices (4 x 4 bits) 2001:db8:0000::/48 2001:db8:0001::/48 2001:db8:0002::/48 Clearly, it seems much simple and that is one of the reasons we often strongly recommend subnetting within the nibble boundary and not outside for all practical use cases. However understanding why it’s easy this way, as well as things like how to subnet outside nibble boundary for cases, say if you are running a very large network and have a /29 allocation from RIR.
Suddenly the voice market in India is becoming very interesting. Earlier it was the case of Jio (and competitors) launching unlimited voice plans and now it’s the case of Govt. of India permitting IP telephony. IP Telephony i.e networks where telephony happens over IP (not to be confused with IP to IP calls but) where IP to PSTN interconnects happen. Till a few months ago IP telephony (or IP-PSTN) interconnection was allowed only under certain conditions like doing it inside a building only for purpose of call centres (with OSP license) or running SIP trunks over private networks. Things like termination of calls originated from the apps was not allowed (where IP-PSTN was happening within India) as well as DID or Direct Inward Dialing numbers were not allowed. There were even cases where apps/businesses had to shut down due to confusing regulation. Here’s a nice article from Medianama about it. But all those were things of past. In May Wifi calling or calls via Wifi where wifi is used loosely and it’s essentially called via any sort of Internet connections were permitted (news here). Later after TRAI’s clarification it now has been formally allowed. While it may not look as attractive as it should have been in the age of WhatsApp calling (IP to IP, not PSTN mess involved!), it still is quite interesting and going to bring some major change.
I got married a while back. My wife and I had a discussion and both were in favour that she changes her surname. This was also based on our discussion with my sister who suggested getting it done instead of keeping different surnames for us. As we were getting married certificate, we both were surprised to find that my wife’s surname cannot be simply updated on various IDs using just the marriage certificate. Instead one has to go through a process. Since I spent a bit of time on this before, here’s a quick blog post about how exactly it’s done in India. Warning: India specific post. Any International reader can just hang up right away! Plus if you are not in the process of name/surname change, this post would be useless for you anyways! :) First and foremost, name update can happen only in IDs and not on any certificate document. Certificate work with old name + a notice published in The Gazette of India. In terms of IDs, we had the following to update: author: “Anurag Bhatia” url: “/2018/05/misc/legally-changing-name-in-india/”
Railtel (the telecom arm of Indian railways) is running free wifi hotspots across the country in collaboration with Google. It’s there since last two years and started with the MoU between Railtel and Google (news here) back in 2015. Fast forward to 2018 - the free wifi project railway stations seems to be doing quite well with so many users using it. The project covers 361 stations and is expected to reach it’s target of 400 stations soon. The IP network for the service is under the name “Mahataa Information India Private Limited” and originates IP pools from AS134426 - https://bgp.he.net/AS134426#_asinfo. It is a single homed network behind Railtel’s AS24186. https://qz.com/715143/googles-free-wifi-at-indian-railway-stations-is-better-than-most-of-the-countrys-paid-services/ I put an RTI to Railtel asking them about MoU details as well as bandwidth consumption for each state. In their reply, Railtel denied the request for MoU under the exemption from disclosure as well as NDAs they have with Google but they did share detailed of state wise bandwidth consumption.
Out of curiosity, I put an RTI asking President of India Secretariat about connectivity at President’s office.
Question 1: Who is the Internet service provider?
Reply: National Informatics Centre MEITY is providing internet service at President Office.
Question 2: Speed of Internet connection at President’s Office?
Reply: Presently the speed is 100 Mbps.
Question 3: (And my favourite!) Is IPv6 deployed?
Reply: IPv6 supported by most devices. However, IPv4 addressing is used at present.
Just back from APRICOT 2018. As I mentioned in my previous blog post, APNIC had its first Hackathon and it was fun (blog post of APNIC here). There was one project on the ranking of CDNs using RIPE Atlas data. To achieve this team was trying to find strings/hostnames which they can trace to and figure out nearby CDN. As part of that, I suggested them to look into www.facebook.com and carefully noting the sources from where elements get loaded. It’s quite common that Facebook.com (or Google.com for the logic) would be hosted on some server at a large PoP while FNA (or GGC) would serve only specific static content out of it. FNA, of course, sits on the IPs of the ISP hosting it. So in the source list, we found scontent.fktm1-1.fna.fbcdn.net and that gives an idea that FNA strings are around logic: scontent.fxxx1-1.fna.fbcdn.net where xxx is the airport code. 1-1 means 1st PoP in 1st ISP over there probably (strong guess!). If there are more FNA nodes in a given area, the number goes further up. The team used it and for now, the project is over. But while I was on the way back to India, I thought that this is very interesting data if we pull the full picture by querying all possible IATA airport codes with a logic. This logic can be used for two things: