#oarc46 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #oarc46, aggregated by home.social.
-
The Internet Last Week
* OARC 46
https://indico.dns-oarc.net/event/56/
* RIPE 92
https://ripe92.ripe.net/
* LACNIC 45
https://lacnic45.lacnic.net/
* Cybercriminal VPN service takedown
https://www.europol.europa.eu/media-press/newsroom/news/cybercriminal-vpn-used-ransomware-actors-dismantled-in-global-crackdown
https://www.ic3.gov/CSA/2026/260521.pdf
* Interpol disrupts cybercrime operations in Middle East North Africa
https://www.interpol.int/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region -
The Internet Last Week
* OARC 46
https://indico.dns-oarc.net/event/56/
* RIPE 92
https://ripe92.ripe.net/
* LACNIC 45
https://lacnic45.lacnic.net/
* Cybercriminal VPN service takedown
https://www.europol.europa.eu/media-press/newsroom/news/cybercriminal-vpn-used-ransomware-actors-dismantled-in-global-crackdown
https://www.ic3.gov/CSA/2026/260521.pdf
* Interpol disrupts cybercrime operations in Middle East North Africa
https://www.interpol.int/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region -
The Internet Last Week
* OARC 46
https://indico.dns-oarc.net/event/56/
* RIPE 92
https://ripe92.ripe.net/
* LACNIC 45
https://lacnic45.lacnic.net/
* Cybercriminal VPN service takedown
https://www.europol.europa.eu/media-press/newsroom/news/cybercriminal-vpn-used-ransomware-actors-dismantled-in-global-crackdown
https://www.ic3.gov/CSA/2026/260521.pdf
* Interpol disrupts cybercrime operations in Middle East North Africa
https://www.interpol.int/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region -
The Internet Last Week
* OARC 46
https://indico.dns-oarc.net/event/56/
* RIPE 92
https://ripe92.ripe.net/
* LACNIC 45
https://lacnic45.lacnic.net/
* Cybercriminal VPN service takedown
https://www.europol.europa.eu/media-press/newsroom/news/cybercriminal-vpn-used-ransomware-actors-dismantled-in-global-crackdown
https://www.ic3.gov/CSA/2026/260521.pdf
* Interpol disrupts cybercrime operations in Middle East North Africa
https://www.interpol.int/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region -
The Internet Last Week
* OARC 46
https://indico.dns-oarc.net/event/56/
* RIPE 92
https://ripe92.ripe.net/
* LACNIC 45
https://lacnic45.lacnic.net/
* Cybercriminal VPN service takedown
https://www.europol.europa.eu/media-press/newsroom/news/cybercriminal-vpn-used-ransomware-actors-dismantled-in-global-crackdown
https://www.ic3.gov/CSA/2026/260521.pdf
* Interpol disrupts cybercrime operations in Middle East North Africa
https://www.interpol.int/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region -
-
@bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.
While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.
This is our plan.
We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.
We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.
Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.
-
@bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.
While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.
This is our plan.
We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.
We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.
Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.
-
@bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.
While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.
This is our plan.
We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.
We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.
Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.
-
@bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.
While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.
This is our plan.
We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.
We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.
Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.
-
@bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.
While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.
This is our plan.
We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.
We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.
Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.
-
#InternetHistory
Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail. -
#InternetHistory
Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail. -
#InternetHistory
Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail. -
#InternetHistory
Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail. -
#InternetHistory
Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail. -
"Good thing that we used zoom.us [since .de was broken]" 3 hours to fix (that was the evening)
Among the lessons: don't have your status page under .de.
-
Peter Koch (DENIC) on the 5 may problem in .de.
.de has almost 18 million domain names and is incrementally updated.
Validation is done once it is already published.
HSM were using different keys :-(
-
-
Nice and clever trick to recover some of the "anonymized" IP addresses in #DNS root name server traffic. ("Anonymization" is often a joke.)
-
If your employer is an OARC member, you have access to the #DNS data collected by the root name servers. (Talk by Kazunori Fujiwara)
As always, working with data is complicated. For instance, some operators (A, B, D, F, H, I, J and L) blur the IP addresses, and it is not documented. (And they don't use the same algorithm.)
#OARC46 -
Beta version of Cascade soon.
"Production-ready" Hmmmmm
Live demo (using sed to edit the config file) worked.
-
Serious rewrite since alpha versions (which were seriously brittle).
@jpmens is mentioned.
-
Serious rewrite since alpha versions (which were seriously brittle).
@jpmens is mentioned.
-
Serious rewrite since alpha versions (which were seriously brittle).
@jpmens is mentioned.
-
Serious rewrite since alpha versions (which were seriously brittle).
@jpmens is mentioned.
-
Serious rewrite since alpha versions (which were seriously brittle).
@jpmens is mentioned.
-
"Cascade [#DNSSEC key manager and signer]: Beyond alpha" by Ximon Eighteen
Written in Rust. Still alpha (beta was not released yet).
Supported (among others) by the Sovereign Tech Agency.
-
"RootViz: visualizing real-time monitoring of Root (and TLD) servers" by Giovane Moura
DIsplaying nicely the measures made by the RIPE Atlas probes:
https://rootviz.sidnlabs.nl/ (based on Grafana) -
Heard at #OARC46 "If the LLM is wrong, prompt harder"
-
"Gonemaster - A Go implementation of Zonemaster" by Patrik Wallström
Instead of using AI, let's use Go :-) Among the good things: native concurrency [I approve]
-
First talk with some AI at #OARC46 "AI-powered Dynamic Zone Checker" by Pallavi Aras
CheckMate is a competitor of named-checkzone, Zonemaster and DNSviz. "Intelligent DNS analysis". Using Google Gemini and Claude.
-
-
Many requests coming from cars...
So, use ECC (error-correcting memory) and use a tin foil hat.
-
"In Schaerbeek in 2003, MARIA initially received 4096 additional votes because of a voting computer error caused by cosmic radiation" https://en.wikipedia.org/wiki/Maria_Vindevoghel
-
-
#DNS root zone key rollover under way. (Planned for 11 october.)
"Who in the room has root access to his resolver?" (Lot of hands, this is an OARC meeting.)
-
Wonderful list of things that can go wrong (and therefore, will) in operations.
(Including an error done on friday afternoon and fixed, will you guess, on monday.)
-
The real world is complicated. For signing a .cn domain, it was necessary to send DS records by email... For .br, errors are not corrected 24x7, only during business hours. (Not always the registry's fault, sometimes you have to use a lot of intermediaries.)
-
-
"Modeling DNS Queries and Caching to Evaluate the Merits of QNAME Minimization" by Casey Deccio
Great explanation of caching dynamics, by the way.
-
Actually measuring the robustness of the Internet is hard. For instance, for #DNS resolvers (the current talk by Maynard Koch), good resolvers, actually used by people, are typically not publically reachable. The open resolvers which are easy to study are typically misconfigured and not actually used.
-
-
Good morning, Edinburgh! First day of the OARC workshop.
-
-
Next week is a busy week for the team headed to Edinburgh, including a chat with our friend Andrew!
We hope to see you there! ✈️ 🏴
-
With the help of Scotland 🏴's favorite Pleisiosaur, I will be presenting some #DNS pre-history at #OARC46 in Edinburgh this Sunday, then attending #RIPE92 all next week.
https://indico.dns-oarc.net/event/56/contributions/1206/
Excited that two of the international events that have been a huge part of my career are coming to the city I grew up in !
#dnsoarc #ripe