- NZNOG - lists.nznog.org

InternetNZ .nz DNSSEC KSK Standby Chain Rollover
by Felipe Barbosa 18 Nov '24

18 Nov '24

InternetNZ will begin a DNSSEC Key Signing Key rollover in our current standby chain. This should not affect the active chain used in DNS resolution for .nz. The status and scheduling will be posted to status.internetnz.nz. This will consist of three maintenance windows, in each window we will pause zone distribution to make changes, perform validation, and resume zone distribution for the following zones: nz, ac.nz, co.nz, cri.nz, geek.nz, gen.nz, govt.nz, health.nz, iwi.nz, kiwi.nz, maori.nz, mil.nz, net.nz, org.nz, parliament.nz, and school.nz The first change window will be tomorrow: https://status.internetnz.nz/incidents/10yq25ffq2z7 For questions or issues please contact registry(a)internetnz.net.nz, for updates please subscribe to the IRS Production > Zone Publish component of status.internetnz.nz -- Ngā mihi Felipe Agnelli Barbosa DNS Specialist InternetNZ | Ipurangi Aotearoa We are the home of .nz and we work for an Internet that benefits all of Aotearoa. www.internetnz.nz GPG: 95C1 8BDC EFA7 9CAC 303D 003E A058 2449 D152 8580

1 0

BNZ Contact
by George Mitchinson 24 Oct '24

24 Oct '24

Apologies if this is not the correct forum, but if there is anyone from the BNZ team on the list could they please make contact. We have an Email issue we are trying to resolve and struggling to make contact with anyone from the BNZ to assist. Cheers, Mandos

2 2

APRICOT 2025: Call for Programme Committee Volunteers
by Mark 21 Oct '24

21 Oct '24

Hello! The APRICOT 2025 Organising Committee would like to welcome everyone to join us in Petaling Jaya, Malaysia, from 19th to 27th February 2025. The APRICOT 2025 Programme Committee is responsible for the solicitation and selection of suitable presentations and tutorial content for the APRICOT 2025 conference (https://2025.apricot.net/). We are now seeking VOLUNTEERS from the community to join the APRICOT 2025 PC to assist with the development of the programme for APRICOT 2025. Eligible PC candidates must have attended recent APRICOT events, have broad technical knowledge of Internet operations, and have good familiarity with the format of APRICOT. Having constructive opinions and ideas about how the programme content might be improved is of high value too. PC members are expected to work very actively to solicit content, follow through speaker updates and review submissions for technical merit . The PC meets by conference call, weekly in frequency during the three months prior to APRICOT. While participation in the weekly calls is not obligatory, active participation in content reviews is required at all times to help the PC reach consensus. PC members who are unable to fully participate in the programme development will be excused from the PC. If you are interested in joining the PC and meet the above eligibility criteria, please send a brief note to "pc-chairs at apricot.net". The note must include affiliation (if any) and a brief description about why you would make a good addition to the PC. The PC Chairs will accept nominations received by 17:00 UTC+8 on Sunday 27th October 2024, and will announce the new PC shortly thereafter. Many thanks! Mark Tinka, Achie Atienza & Mark Duffell APRICOT 2025 Programme Committee Chairs

1 0

InternetNZ .nz DNSSEC ZSK Standby Chain Rollover
by Josh Simpson 01 Oct '24

01 Oct '24

InternetNZ will begin a DNSSEC Zone Signing Key rollover in our standby chain, this should not affect the active chain used in DNS resolution for .nz, the status and scheduling will be posted to status.internetnz.nz. This will consist of two maintenance windows, in each window we will pause zone distribution to make changes, perform validation, and resume zone distribution for the following zones nz, ac.nz, co.nz, cri.nz, geek.nz, gen.nz, govt.nz, health.nz, iwi.nz, kiwi.nz, maori.nz, mil.nz, net.nz, org.nz, parliament.nz, and school.nz The first change window will be used to add new Zone Signing Keys. https://status.internetnz.nz/incidents/xlygrzg6d3tg The second change window will be used to remove inactive Zone Signing Keys. https://status.internetnz.nz/incidents/tftwdv101sz0 For questions or issues please contact registry(a)internetnz.net.nz, for updates please subscribe to the IRS Production > Zone Publish component of status.internetnz.nz -- Josh Simpson Product Infrastructure Lead InternetNZ | Ipurangi Aotearoa www.internetnz.nz

1 0

L4S
by Jay Daley 05 Sep '24

05 Sep '24

This is related to my day job at the IETF. If anyone here is considering or already implementing L4S and is willing to share their experiences for an industry briefing paper then please drop me a line. thanks Jay -- Jay Daley jay(a)daley.org.nz

1 0

Submit a paper for APIX30!
by Narelle Clark 28 Jul '24

28 Jul '24

Hi all! APIX#30 is scheduled for Tuesday 3 September 2024 and will be held alongside APNIC58 in Wellington, NZ. APIX is the Asia-Pacific Internet Exchange Association. The APIX Program Committee therefore invites presentations for the upcoming APIX#30 meeting. Suitable topics include:- * Internet Exchange ecosystem: topics related to the technical components of IXPs and their architectures * Internet Exchange operations: adopting new technology, monitoring and management of IXPs * Internet Exchange security: threats, mitigations and use cases in the IXP context * Internet Exchange growth and organisation: attracting new members, onboarding them and keeping them involved * Assessment and analysis of the impact of Internet Exchanges on the Internet ecosystem * Internet landscape generally: what big picture issues affect IXPs or their members * Data centre ecosystem: what trends are we seeing, what features and technology makes a DC a good home for an IXP? * Any other topics related to Internet and IXP operations. Presentations need to be of a practical orientation and directly assist the IXP community in establishing, running and growing IXPs. The intention is knowledge sharing and skill enhancement. Presentations aimed just at trying to sell services will not be accepted. Presentations can be in person or remote, you must tell us your preference. Hope to see you there -- Narelle Clark Chief Executive Officer Internet Association of Australia Ltd [cid:image001.png(a)01DAE1C7.1114FAA0] Suite 1.05, 150 Pacific Highway * North Sydney, NSW 2060 [Smart Phone with solid fill] +61 2 9037 6403 [Receiver outline] 1300 653 132 [Envelope with solid fill] ceo(a)internet.asn.au<mailto:ceo(a)internet.asn.au> [Earth globe: Asia and Australia with solid fill] www.internet.asn.au<http://www.internet.asn.au/> [cid:image006.jpg(a)01DAE1C7.1114FAA0]<https://internet.asn.au/events/nsw-ix-400gbps-ports/>

1 1

AS Number Management Study by TU Delft
by Nachiket Kondhalkar 18 Jul '24

18 Jul '24

Hello NZNOG community, APNIC and RIPE NCC have introduced an annual ASN maintenance fee from January 2025. As part of a research group currently studying AS Number management at TU Delft, we would like to understand the perspectives of network administrators in reference to this change. Your experience and expertise will help us understand and present the consensus of the community through our research. The link for the survey is : https://tudelft.fra1.qualtrics.com/jfe/form/SV_6DzjvsCOXjto8R0 For more information about the study: https://blog.apnic.net/2024/07/16/a-comprehensive-review-of-rir-policies-in… We would be grateful if you could take a few minutes to complete the survey. Your participation will help develop solutions for network operators. Thank you for your time and your input, Nachiket Kondhalkar TU Delft

1 0

nz DNSSEC KSK rollover - Standby Chain
by Josh Simpson 07 Jul '24

07 Jul '24

Kia ora koutou, InternetNZ is beginning its return to routine DNSSEC operations. Starting on 15-07-2024, we will begin our improved process, which incorporates changes from internal and external reviews following the DNSSEC incident in May 2023. This will consist of four short maintenance windows, in which we will pause zone distribution to make changes, perform validation, and resume zone distribution. The status and scheduling will be posted to status.internetnz.nz. To be notified, subscribe to IRS Production > Zone Publish Window 1 We will change the DS TTL in DNSSEC policy for the standby chain of second level domains. This change addresses the issues encountered in May 2023. Window 2 We will perform a KSK rollover on the standby DNSSEC chain for nz, ac.nz, co.nz, net.nz, gen.nz, org.nz, govt.nz, parliament.nz, geek.nz, school.nz, kiwi.nz, iwi.nz, maori.nz, cri.nz, health.nz, and mil.nz This will generate new DNSSEC keys and add them to the standby signing chain. Window 3 We will mark the keys generated in window 2 as active in the standby DNSSEC chain. Window 4 Window 4 will occur after the TTL safety period (2xTLL, 2 Days) has lapsed and DNSSEC RRSET validation is possible via both the old keys and new keys. The DNSSEC policies updated in Window 1 with the correct TTL timing will be enforced, this will result in the safe retirement of the old keys and allow us to remove redundant keys from the zones. The current standby chain key tags for each zone are as follows: nz: 49157, ac.nz: 5938, co.nz: 59176, cri.nz: 19190, geek.nz: 7171, gen.nz: 48574, govt.nz: 18181, health.nz: 33694, iwi.nz: 58454, kiwi.nz: 47464, maori.nz: 21689, mil.nz: 43906, net.nz: 25105, org.nz: 24626, parliament.nz: 49424, school.nz: 27382 We would like to emphasise that if you encounter any DNSSEC issues, please report them to us via registry(a)internetnz.net.nz. We will keep you updated, and provide a summary report at the conclusion of incident-related work. Ngā mihi Josh -- Josh Simpson Product Infrastructure Lead InternetNZ | Ipurangi Aotearoa www.internetnz.nz

1 0

Webinar on LibreQos June 14rh
by Dave Taht 09 Jun '24

09 Jun '24

<blatant advert> We are doing an hour long deep dive webinar on LibreQos June 14th, courtesy of the APNIC Academy, with an astounding 196 signups so far. We are pushing multiple terabits of traffic around the world through it now, not just for ISPs, but for MDUs, post VPN processing, upstream DIY circuits, on everything from DSL to fiber. As an open source, eBPF based transparent bridge, it only takes a few minutes to install in-band, and be able to pull stats about your networks' behaviors that you've never seen before, and then apply the best shaping and bufferbloat-beating code in the world to it. Sign up here: https://academy.apnic.net/en/events?id=a0BOc000000Pgk1MAC - especially if you have been deploying fq_codel or cake, replacing brittle policers, etc, etc. We have a very popular chat too: https://chat.libreqos.io/join/fvu3cerayyaumo377xwvpev6/ PS The upcoming v1.5 release of libreqos is about 30% faster (example: pushing over 60Gbits through a $1500 Ryzen box), which is enough for 10s of thousands of customer networks on the other side of it. We have the ability to model and debloat complicated networks 8 hops deep, or along a troublesome edge, new support for emitting netflow, and quite a few other useful things in that release. and we hope to put it into beta by the end of this month, or earlier. Please come to the webinar to see the latest code, live, in production! https://github.com/LibreQoE/LibreQoS/tree/develop </blatant advert> I am in general deliriously happy with the stability, and performance of this stuff and the growth of uptake worldwide over the last 6 months, (and also watching starlink get thoroughly debloated a few months back was a real high, tho they just used fq and something codel-ly not LibreQos) Y'all are just minutes and minor CAPEX away from a vastly better internet. -- https://www.linkedin.com/feed/update/urn:li:activity:7203400057172180992/ Donations Drive. Dave Täht CSO, LibreQos

1 0

Spoofer Report for NZNOG for May 2024
by CAIDA Spoofer Project 08 Jun '24

08 Jun '24

In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within nzl. Inferred improvements during May 2024: ASN Name Fixed-By 38299 REANNZ-CORP-NZ-AP 2024-05-12 Further information for the inferred remediation is available at: https://spoofer.caida.org/remedy.php Source Address Validation issues inferred during May 2024: none inferred Please send any feedback or suggestions to spoofer-info(a)caida.org

1 0