There's no DNS resolution set up on that router -- is that a BCP, or something that can be added? Frank -----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Jeremy Lumby Sent: Monday, October 10, 2011 2:31 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: [MICE-DISCUSS] New MICE Looking Glass I just wanted to let everyone know that MICE now has a public looking glass. I donated an old Cisco 7120 Router, and Doug from the ipHouse configured/installed it, as well as provided internet access to it. You can look at the routes by telneting to route-server.micemn.net The username is provided in the log in banner. Jeremy Lumby Minnesota VoIP 9217 17th Ave S Suite 216 Bloomington, MN 55425 Main: 612-355-7740 Direct: 612-392-6814 E-Fax: 952-873-7425 jlumby@mnvoip.com ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Mon, Oct 10, 2011 at 09:44:20PM -0500, Frank Bulk wrote:
There's no DNS resolution set up on that router -- is that a BCP, or something that can be added?
I don't think DNS lookups are too much a security risk. I thought I had them on. This particular platform seems to default to 'no ip domain-lookup' whereas most of the platforms I config default to it being enabled. Such is the oddness of Cisco sometimes. There are some other things taken out on purpose. Some hard limits put in place, and a bit of protection. But not super restricted on all the weird and numerous commands that cisco routers have by default at that privilege level. If you find anything egregarious, let me know and I'll config it out. But I'm not too worried about perhaps some weird LAT connect attempts out to somewhere (since its not a routable protocol.. :) -- Doug McIntyre <merlyn@iphouse.net> -- ipHouse/Goldengate/Bitstream/ProNS -- Network Engineer/Provisioning/Jack of all Trades ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
It's a BCP. Waiting for DNS when it doesn't resolve is the last thing you want to do with a looking glass and numeric results are usually far more useful anyway. Owen On Oct 10, 2011, at 7:44 PM, Frank Bulk wrote:
There's no DNS resolution set up on that router -- is that a BCP, or something that can be added?
Frank
-----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Jeremy Lumby Sent: Monday, October 10, 2011 2:31 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: [MICE-DISCUSS] New MICE Looking Glass
I just wanted to let everyone know that MICE now has a public looking glass. I donated an old Cisco 7120 Router, and Doug from the ipHouse configured/installed it, as well as provided internet access to it. You can look at the routes by telneting to route-server.micemn.net The username is provided in the log in banner.
Jeremy Lumby Minnesota VoIP 9217 17th Ave S Suite 216 Bloomington, MN 55425 Main: 612-355-7740 Direct: 612-392-6814 E-Fax: 952-873-7425 jlumby@mnvoip.com
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
I would prefer that we do not enable DNS lookups. We disable them in all of our devices due to the delays that they can cause, especially with traceroutes. Steve On 10/10/2011 09:44 PM, Frank Bulk wrote:
There's no DNS resolution set up on that router -- is that a BCP, or something that can be added?
Frank
-----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Jeremy Lumby Sent: Monday, October 10, 2011 2:31 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: [MICE-DISCUSS] New MICE Looking Glass
I just wanted to let everyone know that MICE now has a public looking glass. I donated an old Cisco 7120 Router, and Doug from the ipHouse configured/installed it, as well as provided internet access to it. You can look at the routes by telneting to route-server.micemn.net The username is provided in the log in banner.
Jeremy Lumby Minnesota VoIP 9217 17th Ave S Suite 216 Bloomington, MN 55425 Main: 612-355-7740 Direct: 612-392-6814 E-Fax: 952-873-7425 jlumby@mnvoip.com
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
This whole DNS thing on a router discussion is funny. I can use DNS to figure out an area for the IP in question... I can enter said IP into a separate query afterwards to find an area in question... Which is faster for finding the info I am looking for? Be realistic. I have used DNS in my routers and switches since IOS supported such. Funny, so has Doug :) Sure, you can add latency to your output but it doesn't slow the packets down, and I sure as hell cannot memorize the Internet to figure out which city I am in or which provider I'm crossing. That extra few ms here and there still outruns copy/paste click submit every time. Perhaps a company could run dedicatd nameservers for their networking gear, or just run better nameservers on their infrastructure. Yah, i know that sounds condescending but I don't know a better way to phrase this this morning. -- Mike Horwath via iPad 2, electric boogaloo! ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
I find the extra SECONDS, not ms, that it takes when things don't resolve, especially when it's an IOS typo command that IOS tries to turn into a host name for telnet, for example to be far more annoying than the numeric (which is usually what I want if I'm on a router or looking glass anyway) output in trace routes. Owen Sent from my iPad On Oct 11, 2011, at 10:14, Mike Horwath <drechsau@IPHOUSE.NET> wrote:
This whole DNS thing on a router discussion is funny.
I can use DNS to figure out an area for the IP in question...
I can enter said IP into a separate query afterwards to find an area in question...
Which is faster for finding the info I am looking for? Be realistic.
I have used DNS in my routers and switches since IOS supported such. Funny, so has Doug :)
Sure, you can add latency to your output but it doesn't slow the packets down, and I sure as hell cannot memorize the Internet to figure out which city I am in or which provider I'm crossing.
That extra few ms here and there still outruns copy/paste click submit every time.
Perhaps a company could run dedicatd nameservers for their networking gear, or just run better nameservers on their infrastructure. Yah, i know that sounds condescending but I don't know a better way to phrase this this morning.
-- Mike Horwath via iPad 2, electric boogaloo! ########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Tue, Oct 11, 2011 at 11:06:14AM -0400, Owen DeLong wrote:
I find the extra SECONDS, not ms, that it takes when things don't resolve, especially when it's an IOS typo command that IOS tries to turn into a host name for telnet, for example to be far more annoying than the numeric (which is usually what I want if I'm on a router or looking glass anyway) output in trace routes.
<snarky comment removed about not doing typos> :) We each have our reasons one way or another, and for MICE, I really don't care. -- Mike Horwath ipHouse - Welcome home! drechsau@iphouse.net The universe is an island, surrounded by whatever it is that surrounds universes. - Berkeley Fortune ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On 10/11/2011 09:14 AM, Mike Horwath wrote:
This whole DNS thing on a router discussion is funny. It was a logical discussion to determine what is best for MICE. I'm sorry if you find it insignificant, but I'm glad that you found humor in it.
I can use DNS to figure out an area for the IP in question...
I can enter said IP into a separate query afterwards to find an area in question...
Which is faster for finding the info I am looking for? Be realistic.
I have used DNS in my routers and switches since IOS supported such. Funny, so has Doug :)
Sure, you can add latency to your output but it doesn't slow the packets down, and I sure as hell cannot memorize the Internet to figure out which city I am in or which provider I'm crossing.
That extra few ms here and there still outruns copy/paste click submit every time.
Do a traceroute that has a few hops that haven't set up their PTR records properly. (Or in a VRF with no DNS, etc). You will wait a while for each hop to resolve. You are correct in that it doesn't slow the packets down on the network. However, it greatly delays the time between packets. It changes from a few ms to several seconds per hop (default timeout can be changed with "ip domain timeout"). Add this up for a couple of hops and you must be really slow at copy/paste for it to be worse. I know that everyone should have all of their PTR records setup properly, but it doesn't happen that way in the real world.
Perhaps a company could run dedicatd nameservers for their networking gear, or just run better nameservers on their infrastructure. Dedicated/better name servers won't solve anything when there is no valid PTR record.
Yah, i know that sounds condescending but I don't know a better way to phrase this this morning.
MICE is made up of many members that operate in different areas of the "tech" industry. What may seem best for your particular industry segment may not be the "best fit" for the majority of MICE members or the internet community. ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Tue, Oct 11, 2011 at 11:37:52AM -0500, Steve Howard wrote:
On 10/11/2011 09:14 AM, Mike Horwath wrote:
This whole DNS thing on a router discussion is funny.
It was a logical discussion to determine what is best for MICE. I'm sorry if you find it insignificant, but I'm glad that you found humor in it.
I never said it was insignificant. You look for offense and you will find it. My opinion is that this is an over-optimization that leads to wasted time in other ways. Just my opinion; I am not setting any policies for MICE on this.
Do a traceroute that has a few hops that haven't set up their PTR records properly. (Or in a VRF with no DNS, etc). You will wait a while for each hop to resolve. You are correct in that it doesn't slow the packets down on the network. However, it greatly delays the time between packets. It changes from a few ms to several seconds per hop (default timeout can be changed with "ip domain timeout"). Add this up for a couple of hops and you must be really slow at copy/paste for it to be worse.
A) if the DNS server is operational but without PTR records, it will return immediately. B) if they are lame delegations then the provider should fix it and not leave it broken. C) 5ms is always faster than 2 seconds to copy, change 'windows', click your edit box, paste, return (or click submit). Or if you are me, I'd queue up a dig or nslookup in a window then play the copy and paste game and hit return - no finding the edit box, and the time wasted will still be wasted. Why your opinion MUST override mine baffles me.
I know that everyone should have all of their PTR records setup properly, but it doesn't happen that way in the real world.
I live in the real world, since 1990 when I joined the Internet, since 1993 when I fired up my first real ISP server with Doug one very late night. I ain't no fresh kid on this block.
Perhaps a company could run dedicatd nameservers for their networking gear, or just run better nameservers on their infrastructure.
Dedicated/better name servers won't solve anything when there is no valid PTR record.
See results A and B above, one causes no issues, one needs to be fixed.
MICE is made up of many members that operate in different areas of the "tech" industry. What may seem best for your particular industry segment may not be the "best fit" for the majority of MICE members or the internet community.
No one said MICE had to abide by my rules and thought processes. If it did - we would have started charging for ports on day one as was discussed that very first day. -- Mike Horwath ipHouse - Welcome home! drechsau@iphouse.net The universe is an island, surrounded by whatever it is that surrounds universes. - Berkeley Fortune ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Do a traceroute that has a few hops that haven't set up their PTR records properly. (Or in a VRF with no DNS, etc). You will wait a while for each hop to resolve. You are correct in that it doesn't slow the packets down on the network. However, it greatly delays the time between packets. It changes from a few ms to several seconds per hop (default timeout can be changed with "ip domain timeout"). Add this up for a couple of hops and you must be really slow at copy/paste for it to be worse.
A) if the DNS server is operational but without PTR records, it will return immediately.
It is not unusual for the DNS server somewhere in the chain to be non-operational. Especially when you typo a Cisco command and it starts trying to open a telnet session.
B) if they are lame delegations then the provider should fix it and not leave it broken.
In an ideal world, yes, but, not a big help when you're trying to troubleshoot something and usually outside of the control of the person doing the traceroute.
C) 5ms is always faster than 2 seconds to copy, change 'windows', click your edit box, paste, return (or click submit). Or if you are me, I'd queue up a dig or nslookup in a window then play the copy and paste game and hit return - no finding the edit box, and the time wasted will still be wasted.
True, but, the DNS timeout I experience from these issues is usually more like 30-90s and 2s is always faster than 30s or more.
Why your opinion MUST override mine baffles me.
I can't speak for the other guy, but, I'm trying to discuss the issues and ignore the personal offense/attacks and bickering. I'm not saying my opinion or experience should override yours. Just pointing out the issues from my experience with the mechanisms and reasoning you have put forth. Owen ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Wed, Oct 12, 2011 at 09:03:07PM -0700, Owen DeLong wrote:
Especially when you typo a Cisco command and it starts trying to open a telnet session.
FWIW: That is one of the first "features" I turn off in Cisco configs.. -- Doug McIntyre <merlyn@iphouse.net> -- ipHouse/Goldengate/Bitstream/ProNS -- Network Engineer/Provisioning/Jack of all Trades ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Oct 12, 2011, at 10:09 PM, Doug McIntyre wrote:
On Wed, Oct 12, 2011 at 09:03:07PM -0700, Owen DeLong wrote:
Especially when you typo a Cisco command and it starts trying to open a telnet session.
FWIW: That is one of the first "features" I turn off in Cisco configs..
Sure, but, no ip domain-lookup solves that and so many other problems all at once. Owen ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Thanks for all the feedback -- it's as split as I anticipated. =) -----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Steve Howard Sent: Tuesday, October 11, 2011 11:38 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] New MICE Looking Glass On 10/11/2011 09:14 AM, Mike Horwath wrote:
This whole DNS thing on a router discussion is funny. It was a logical discussion to determine what is best for MICE. I'm sorry if you find it insignificant, but I'm glad that you found humor in it.
I can use DNS to figure out an area for the IP in question...
I can enter said IP into a separate query afterwards to find an area in question...
Which is faster for finding the info I am looking for? Be realistic.
I have used DNS in my routers and switches since IOS supported such. Funny, so has Doug :)
Sure, you can add latency to your output but it doesn't slow the packets down, and I sure as hell cannot memorize the Internet to figure out which city I am in or which provider I'm crossing.
That extra few ms here and there still outruns copy/paste click submit every time.
Do a traceroute that has a few hops that haven't set up their PTR records properly. (Or in a VRF with no DNS, etc). You will wait a while for each hop to resolve. You are correct in that it doesn't slow the packets down on the network. However, it greatly delays the time between packets. It changes from a few ms to several seconds per hop (default timeout can be changed with "ip domain timeout"). Add this up for a couple of hops and you must be really slow at copy/paste for it to be worse. I know that everyone should have all of their PTR records setup properly, but it doesn't happen that way in the real world.
Perhaps a company could run dedicatd nameservers for their networking gear, or just run better nameservers on their infrastructure. Dedicated/better name servers won't solve anything when there is no valid PTR record.
Yah, i know that sounds condescending but I don't know a better way to phrase this this morning.
MICE is made up of many members that operate in different areas of the "tech" industry. What may seem best for your particular industry segment may not be the "best fit" for the majority of MICE members or the internet community. ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
participants (5)
-
Doug McIntyre
-
Frank Bulk
-
Mike Horwath
-
Owen DeLong
-
Steve Howard