From mitchkelly24 at gmail.com Thu Mar 6 12:23:10 2025 From: mitchkelly24 at gmail.com (Mitch Kelly) Date: Thu, 6 Mar 2025 09:23:10 +0800 Subject: [AusNOG] Vocus Fibre - Perth Message-ID: Hi, We have a few fibre issues in Perth, Is anyone aware of a Vocus fibre cut in the East Perth area, Services offline since around midnight last night. No Link on multiple Services, 2x 1G Internet, 1x 1G Azure Expressroute. There are rumors about a fibre cut around Royal St East Perth. Mitch -------------- next part -------------- An HTML attachment was scrubbed... URL: From bevan at slattery.net.au Sat Mar 8 22:01:42 2025 From: bevan at slattery.net.au (Bevan Slattery) Date: Sat, 8 Mar 2025 11:01:42 +0000 Subject: [AusNOG] 32 Amp single phase power cable Message-ID: Just wondering if anyone on list happens to have a 20m one just laying around doing nothing ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From bevan at slattery.net.au Sat Mar 8 22:11:40 2025 From: bevan at slattery.net.au (Bevan Slattery) Date: Sat, 8 Mar 2025 11:11:40 +0000 Subject: [AusNOG] 32 Amp single phase power cable In-Reply-To: References: Message-ID: Or a 32amp (5pin) 3 phase to 20/32amp (3 round pin) single phase board / adaptor handy in brisbane. ________________________________ From: Bevan Slattery Sent: Saturday, March 8, 2025 9:01 pm To: ausnog at lists.ausnog.net Subject: 32 Amp single phase power cable Just wondering if anyone on list happens to have a 20m one just laying around doing nothing ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From bevan at slattery.net.au Sat Mar 8 22:14:05 2025 From: bevan at slattery.net.au (Bevan Slattery) Date: Sat, 8 Mar 2025 11:14:05 +0000 Subject: [AusNOG] 32 Amp single phase power cable In-Reply-To: References: Message-ID: Basically to help someone I have a 32amp 5 pin 3 phase genset and they have a 32 amp single phase round 3 pin socket 15m meters away. Any solution would be appreciated :) ________________________________ From: Bevan Slattery Sent: Saturday, March 8, 2025 9:11:40 PM To: ausnog at lists.ausnog.net Subject: Re: 32 Amp single phase power cable Or a 32amp (5pin) 3 phase to 20/32amp (3 round pin) single phase board / adaptor handy in brisbane. ________________________________ From: Bevan Slattery Sent: Saturday, March 8, 2025 9:01 pm To: ausnog at lists.ausnog.net Subject: 32 Amp single phase power cable Just wondering if anyone on list happens to have a 20m one just laying around doing nothing ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcmurej at gmail.com Sat Mar 8 22:41:02 2025 From: mcmurej at gmail.com (Evan M) Date: Sat, 8 Mar 2025 19:41:02 +0800 Subject: [AusNOG] 32 Amp single phase power cable In-Reply-To: References: Message-ID: Let me go check my shed? although I?m in Perth, could take a while and having trouble with AusPost too On Sat, 8 Mar 2025 at 7:14?pm, Bevan Slattery wrote: > Basically to help someone I have a 32amp 5 pin 3 phase genset and they > have a 32 amp single phase round 3 pin socket 15m meters away. > > Any solution would be appreciated :) > ------------------------------ > *From:* Bevan Slattery > *Sent:* Saturday, March 8, 2025 9:11:40 PM > *To:* ausnog at lists.ausnog.net > *Subject:* Re: 32 Amp single phase power cable > > Or a 32amp (5pin) 3 phase to 20/32amp (3 round pin) single phase board / > adaptor handy in brisbane. > > > ------------------------------ > *From:* Bevan Slattery > *Sent:* Saturday, March 8, 2025 9:01 pm > *To:* ausnog at lists.ausnog.net > *Subject:* 32 Amp single phase power cable > > Just wondering if anyone on list happens to have a 20m one just laying > around doing nothing ? > _______________________________________________ > AusNOG mailing list > AusNOG at lists.ausnog.net > https://lists.ausnog.net/mailman/listinfo/ausnog > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcmurej at gmail.com Sat Mar 8 22:41:49 2025 From: mcmurej at gmail.com (Evan M) Date: Sat, 8 Mar 2025 19:41:49 +0800 Subject: [AusNOG] 32 Amp single phase power cable In-Reply-To: References: Message-ID: Apologies - need to update my email.. evanm at ieee.org On Sat, 8 Mar 2025 at 7:41?pm, Evan M wrote: > Let me go check my shed? although I?m in Perth, could take a while and > having trouble with AusPost too > > > On Sat, 8 Mar 2025 at 7:14?pm, Bevan Slattery > wrote: > >> Basically to help someone I have a 32amp 5 pin 3 phase genset and they >> have a 32 amp single phase round 3 pin socket 15m meters away. >> >> Any solution would be appreciated :) >> ------------------------------ >> *From:* Bevan Slattery >> *Sent:* Saturday, March 8, 2025 9:11:40 PM >> *To:* ausnog at lists.ausnog.net >> *Subject:* Re: 32 Amp single phase power cable >> >> Or a 32amp (5pin) 3 phase to 20/32amp (3 round pin) single phase board / >> adaptor handy in brisbane. >> >> >> ------------------------------ >> *From:* Bevan Slattery >> *Sent:* Saturday, March 8, 2025 9:01 pm >> *To:* ausnog at lists.ausnog.net >> *Subject:* 32 Amp single phase power cable >> >> Just wondering if anyone on list happens to have a 20m one just laying >> around doing nothing ? >> _______________________________________________ >> AusNOG mailing list >> AusNOG at lists.ausnog.net >> https://lists.ausnog.net/mailman/listinfo/ausnog >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From spoofer-info at caida.org Sun Mar 9 05:00:29 2025 From: spoofer-info at caida.org (CAIDA Spoofer Project) Date: Sat, 8 Mar 2025 10:00:29 -0800 Subject: [AusNOG] Spoofer Report for AusNOG for Feb 2025 Message-ID: <1741456829.565390.1074.nullmailer@caida.org> In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within aus. Inferred improvements during Feb 2025: none inferred Source Address Validation issues inferred during Feb 2025: ASN Name First-Spoofed Last-Spoofed 152107 2024-02-25 2025-02-03 4804 MPX 2024-03-19 2025-02-01 150369 2025-01-30 2025-02-28 150004 2025-02-26 2025-02-26 Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=aus&no_block=1 Please send any feedback or suggestions to spoofer-info at caida.org From g2x at juliet.emu.st Sun Mar 9 07:29:11 2025 From: g2x at juliet.emu.st (Mark Delany) Date: Sat, 8 Mar 2025 20:29:11 +0000 Subject: [AusNOG] Managed IT service providers in AU? Message-ID: <0.2.0-final-1741465751.953-0x3810ea@qmda.emu.st> Hi Ausnogs. This is a bit outside my bailiwick but hopefully broadly within the domain of this list... My question is about the existence or otherwise of managed IT support companies who offer a service above and beyond remote hands. The background is a local company looking to develop a specialised app for use by their 50-100,000 customer base. Not a large deployment, but a fairly important system to the company. The deployment will likely be on AWS or possibly a VPS pool - certainly something that is fully managed remotely. The app is straightfoward structurally in that it is a bunch of business logic backed by a database and presented as a set of web APIs using a standard tech stack. Getting the system developed is not expected to be a problem; what is expected to be a problem is managing and monitoring the deployment as the company is a small-time operation who cannot afford to hire full-time IT staff. It's largely a 9-5 business so 24/7 isn't required, but same-day fixes during Australian business hours *is* definitely required. I know of such services in the US, but do such service providers exist in the local market? If so, can folk send me a few clues? Mark. From g2x at juliet.emu.st Sun Mar 9 09:28:24 2025 From: g2x at juliet.emu.st (Mark Delany) Date: Sat, 8 Mar 2025 22:28:24 +0000 Subject: [AusNOG] Managed IT service providers in AU? In-Reply-To: References: Message-ID: <0.2.0-final-1741472904.455-0x464ed5@qmda.emu.st> On 08Mar25, Mark Delany apparently wrote: > Hi Ausnogs. > > This is a bit outside my bailiwick but hopefully broadly within the domain of this > list... My question is about the existence or otherwise of managed IT support companies > who offer a service above and beyond remote hands. Looks like the term to use is MSP and/or "Sysadmin as a Service" and the industry appears to be alive and well here. Thanks to those who responded with contact details and suggestions. The project has numerous other preconditions to meet prior to hitting the "go" button, but it's now clear that availability of the sort of deployment/prod support they need shouldn't be a problem. Mark. From lauricat at fastmail.fm Thu Mar 20 17:03:32 2025 From: lauricat at fastmail.fm (lauricat at fastmail.fm) Date: Thu, 20 Mar 2025 17:03:32 +1100 Subject: [AusNOG] Telstra 4G Wingle connection. In-Reply-To: <0.2.0-final-1741472904.455-0x464ed5@qmda.emu.st> References: <0.2.0-final-1741472904.455-0x464ed5@qmda.emu.st> Message-ID: <1791d26c-69bd-48ad-ac63-98851035c4da@betaapp.fastmail.com> Good Afternoon. I had a client today with no Telstra mobile internet connectivity - via USB. I soon diagnosed a problem with their Telstra 4G Dongle (Wingle) Huawei 8372. I removed the dongle from the customers equipment, and plugged the device into my laptop to do all the diagnosis. Called support and was soon connected to a CSR in Hervey Bay. Checked the account (not shaped), all paid up and enabled, they ran all the tests their end, and eventually instructed me to hard reset the device - which I did, meanwhile I tried to create a new profile (no good - I even fiddled with setting it up as an IPv6 device). After about 3/4 of an hour, still with a dead 8372, we both agreed I would take the Dongle to my Home office and try and swap the SIM card into my own Telstra 4G Dongle (Wingle) Huawei 8372. (They also suggested it could well be a SIM card problem.) Also, they mentioned that Telstra were working on the local base station (Regional/ Rural Victoria) _around_ _same_ _time_ as my client noticed internet connectivity was absent. So, later this afternoon, at home, I fired up my laptop again, plugged in the Client's Dongle, and it works perfectly. Please note, I connect roughly 3 km's down the road to a different, closer to me, Telstra tower. So this is obviously a base station problem. Can anyone on-list help me with this problem please? (Off-list - client is elderly and I want to get his connection sorted as soon as possible, the wait time today for support was about half an hour) Thank-you. Cheers Laurie. From Nathan.Brookfield at iperium.com.au Thu Mar 20 17:10:26 2025 From: Nathan.Brookfield at iperium.com.au (Nathan Brookfield) Date: Thu, 20 Mar 2025 06:10:26 +0000 Subject: [AusNOG] Telstra 4G Wingle connection. In-Reply-To: <1791d26c-69bd-48ad-ac63-98851035c4da@betaapp.fastmail.com> References: <0.2.0-final-1741472904.455-0x464ed5@qmda.emu.st> <1791d26c-69bd-48ad-ac63-98851035c4da@betaapp.fastmail.com> Message-ID: <213CE0D4-8109-4C71-97D0-5CFE3A353D19@iperium.com.au> I think you?ll find what has happened here is that Telstra have turned off the radios for the frequencies that your device connects to, this has been happening a lot and just means you?ll have to replace the dongle unfortunately. Nathan Brookfield Chief Executive Officer p: 1300 592 330 | m: 0412 266 008 | w: https://Iperium.com.au Level 4, Suite 2, 189 Kent Street Sydney NSW 2000 Your Connectivity Team DISCLAIMER: This document is intended solely for the named addressee. This electronic communication, which includes any files or attachments thereto, contains proprietary or confidential information and may be privileged and otherwise protected under copyright or other applicable intellectual property laws. The use, disclosure, copying or distribution of any of the information contained in this document, by any person other than the addressee, is strictly prohibited. If you received this document in error, please contact the sender immediately and delete all the material from any computer. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. Any views or opinions presented are solely those of the author and do not necessarily represent those of Iperium. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. Iperium accepts no liability for any damage caused by any virus transmitted by this email. On 20 Mar 2025, at 16:05, lauricat at fastmail.fm wrote: ?Good Afternoon. I had a client today with no Telstra mobile internet connectivity - via USB. I soon diagnosed a problem with their Telstra 4G Dongle (Wingle) Huawei 8372. I removed the dongle from the customers equipment, and plugged the device into my laptop to do all the diagnosis. Called support and was soon connected to a CSR in Hervey Bay. Checked the account (not shaped), all paid up and enabled, they ran all the tests their end, and eventually instructed me to hard reset the device - which I did, meanwhile I tried to create a new profile (no good - I even fiddled with setting it up as an IPv6 device). After about 3/4 of an hour, still with a dead 8372, we both agreed I would take the Dongle to my Home office and try and swap the SIM card into my own Telstra 4G Dongle (Wingle) Huawei 8372. (They also suggested it could well be a SIM card problem.) Also, they mentioned that Telstra were working on the local base station (Regional/ Rural Victoria) _around_ _same_ _time_ as my client noticed internet connectivity was absent. So, later this afternoon, at home, I fired up my laptop again, plugged in the Client's Dongle, and it works perfectly. Please note, I connect roughly 3 km's down the road to a different, closer to me, Telstra tower. So this is obviously a base station problem. Can anyone on-list help me with this problem please? (Off-list - client is elderly and I want to get his connection sorted as soon as possible, the wait time today for support was about half an hour) Thank-you. Cheers Laurie. _______________________________________________ AusNOG mailing list AusNOG at lists.ausnog.net https://lists.ausnog.net/mailman/listinfo/ausnog -------------- next part -------------- An HTML attachment was scrubbed... URL: From Darren.Moss at cloud365.com.au Thu Mar 20 17:34:22 2025 From: Darren.Moss at cloud365.com.au (Darren Moss) Date: Thu, 20 Mar 2025 06:34:22 +0000 Subject: [AusNOG] Telstra 4G Wingle connection. In-Reply-To: <213CE0D4-8109-4C71-97D0-5CFE3A353D19@iperium.com.au> References: <0.2.0-final-1741472904.455-0x464ed5@qmda.emu.st> <1791d26c-69bd-48ad-ac63-98851035c4da@betaapp.fastmail.com> <213CE0D4-8109-4C71-97D0-5CFE3A353D19@iperium.com.au> Message-ID: +1 what Nathan said. This happened to me last week in Darwin during an infrastructure rollout. I learned my lesson previously and always take spare dongles / SIMs. I had a (Telstra 4GX 8372 dongle) which tested fine in our office, then after heading north it stopped seeing the Telstra network. It would randomly appear with 2/5 signal strength then disappear as we moved around. I did a manual scan and it could only see Vodafone?. so we changed it out for a Vodafone SIM and now it works perfectly. I would perform a manual scan and see what networks pop up. D. From: AusNOG On Behalf Of Nathan Brookfield Sent: Thursday, 20 March 2025 5:10 PM To: lauricat at fastmail.fm Cc: ausnog at lists.ausnog.net Subject: Re: [AusNOG] Telstra 4G Wingle connection. I think you?ll find what has happened here is that Telstra have turned off the radios for the frequencies that your device connects to, this has been happening a lot and just means you?ll have to replace the dongle unfortunately. Nathan Brookfield Chief Executive Officer p: 1300 592 330 | m: 0412 266 008 | w: https://Iperium.com.au Level 4, Suite 2, 189 Kent Street Sydney NSW 2000 Your Connectivity Team DISCLAIMER: This document is intended solely for the named addressee. This electronic communication, which includes any files or attachments thereto, contains proprietary or confidential information and may be privileged and otherwise protected under copyright or other applicable intellectual property laws. The use, disclosure, copying or distribution of any of the information contained in this document, by any person other than the addressee, is strictly prohibited. If you received this document in error, please contact the sender immediately and delete all the material from any computer. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. Any views or opinions presented are solely those of the author and do not necessarily represent those of Iperium. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. Iperium accepts no liability for any damage caused by any virus transmitted by this email. On 20 Mar 2025, at 16:05, lauricat at fastmail.fm wrote: ?Good Afternoon. I had a client today with no Telstra mobile internet connectivity - via USB. I soon diagnosed a problem with their Telstra 4G Dongle (Wingle) Huawei 8372. I removed the dongle from the customers equipment, and plugged the device into my laptop to do all the diagnosis. Called support and was soon connected to a CSR in Hervey Bay. Checked the account (not shaped), all paid up and enabled, they ran all the tests their end, and eventually instructed me to hard reset the device - which I did, meanwhile I tried to create a new profile (no good - I even fiddled with setting it up as an IPv6 device). After about 3/4 of an hour, still with a dead 8372, we both agreed I would take the Dongle to my Home office and try and swap the SIM card into my own Telstra 4G Dongle (Wingle) Huawei 8372. (They also suggested it could well be a SIM card problem.) Also, they mentioned that Telstra were working on the local base station (Regional/ Rural Victoria) _around_ _same_ _time_ as my client noticed internet connectivity was absent. So, later this afternoon, at home, I fired up my laptop again, plugged in the Client's Dongle, and it works perfectly. Please note, I connect roughly 3 km's down the road to a different, closer to me, Telstra tower. So this is obviously a base station problem. Can anyone on-list help me with this problem please? (Off-list - client is elderly and I want to get his connection sorted as soon as possible, the wait time today for support was about half an hour) Thank-you. Cheers Laurie. _______________________________________________ AusNOG mailing list AusNOG at lists.ausnog.net https://lists.ausnog.net/mailman/listinfo/ausnog -------------- next part -------------- An HTML attachment was scrubbed... URL: From jrandombob at darkglade.com Thu Mar 20 18:24:48 2025 From: jrandombob at darkglade.com (Jrandombob) Date: Thu, 20 Mar 2025 18:24:48 +1100 Subject: [AusNOG] Telstra 4G Wingle connection. In-Reply-To: References: <0.2.0-final-1741472904.455-0x464ed5@qmda.emu.st> <1791d26c-69bd-48ad-ac63-98851035c4da@betaapp.fastmail.com> <213CE0D4-8109-4C71-97D0-5CFE3A353D19@iperium.com.au> Message-ID: As an aside, you can look up the towers in your client's vicinity via https://www.rfnsa.com.au, that will tell you what bands are supported by the local towers. On Thu, Mar 20, 2025 at 5:35?PM Darren Moss wrote: > +1 what Nathan said. > > > > This happened to me last week in Darwin during an infrastructure rollout. > I learned my lesson previously and always take spare dongles / SIMs. > > > > I had a (Telstra 4GX 8372 dongle) which tested fine in our office, then > after heading north it stopped seeing the Telstra network. It would > randomly appear with 2/5 signal strength then disappear as we moved around. > > > > I did a manual scan and it could only see Vodafone?. so we changed it out > for a Vodafone SIM and now it works perfectly. > > > > I would perform a manual scan and see what networks pop up. > > > > > > > > D. > > > > *From:* AusNOG *On Behalf Of *Nathan > Brookfield > *Sent:* Thursday, 20 March 2025 5:10 PM > *To:* lauricat at fastmail.fm > *Cc:* ausnog at lists.ausnog.net > *Subject:* Re: [AusNOG] Telstra 4G Wingle connection. > > > > I think you?ll find what has happened here is that Telstra have turned off > the radios for the frequencies that your device connects to, this has been > happening a lot and just means you?ll have to replace the dongle > unfortunately. > > > > *Nathan Brookfield * > Chief Executive Officer > > *p*: 1300 592 330 | *m*: 0412 266 008 | *w*: https://Iperium.com.au > > > > Level 4, Suite 2, 189 Kent Street Sydney NSW 2000 > > > *Your Connectivity Team* > > > DISCLAIMER: This document is intended solely for the named addressee. This > electronic communication, which includes any files or attachments thereto, > contains proprietary or confidential information and may be privileged and > otherwise protected under copyright or other applicable intellectual > property laws. The use, disclosure, copying or distribution of any of the > information contained in this document, by any person other than the > addressee, is strictly prohibited. If you received this document in error, > please contact the sender immediately and delete all the material from any > computer. Confidentiality and legal privilege are not waived or lost by > reason of mistaken delivery to you. Any views or opinions presented are > solely those of the author and do not necessarily represent those of > Iperium. > > WARNING: Computer viruses can be transmitted via email. The recipient > should check this email and any attachments for the presence of viruses. > Iperium accepts no liability for any damage caused by any virus transmitted > by this email. > > > On 20 Mar 2025, at 16:05, lauricat at fastmail.fm wrote: > > ?Good Afternoon. > > I had a client today with no Telstra mobile internet connectivity - via > USB. I soon diagnosed a problem with their Telstra 4G Dongle (Wingle) > Huawei 8372. I removed the dongle from the customers equipment, and plugged > the device into my laptop to do all the diagnosis. > > Called support and was soon connected to a CSR in Hervey Bay. Checked the > account (not shaped), all paid up and enabled, they ran all the tests their > end, and eventually instructed me to hard reset the device - which I did, > meanwhile I tried to create a new profile (no good - I even fiddled with > setting it up as an IPv6 device). > > After about 3/4 of an hour, still with a dead 8372, we both agreed I would > take the Dongle to my Home office and try and swap the SIM card into my own > Telstra 4G Dongle (Wingle) Huawei 8372. (They also suggested it could well > be a SIM card problem.) > > Also, they mentioned that Telstra were working on the local base station > (Regional/ Rural Victoria) _around_ _same_ _time_ as my client noticed > internet connectivity was absent. > > So, later this afternoon, at home, I fired up my laptop again, plugged in > the Client's Dongle, and it works perfectly. Please note, I connect roughly > 3 km's down the road to a different, closer to me, Telstra tower. > > So this is obviously a base station problem. > > Can anyone on-list help me with this problem please? > > (Off-list - client is elderly and I want to get his connection sorted as > soon as possible, the wait time today for support was about half an hour) > > Thank-you. > > Cheers > > Laurie. > _______________________________________________ > AusNOG mailing list > AusNOG at lists.ausnog.net > https://lists.ausnog.net/mailman/listinfo/ausnog > _______________________________________________ > AusNOG mailing list > AusNOG at lists.ausnog.net > https://lists.ausnog.net/mailman/listinfo/ausnog > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Darren.Moss at cloud365.com.au Mon Mar 24 10:05:07 2025 From: Darren.Moss at cloud365.com.au (Darren Moss) Date: Sun, 23 Mar 2025 23:05:07 +0000 Subject: [AusNOG] Temporary Rack Space for 6 month project in Melbourne Message-ID: <0e1c74097bd9433dbbd7fbe15a49a57a@mbx05.ap.myhostedexchange.email> Hi Noggers, I have a project that needs to be moved out of a facility (end of contract) and into a rack for 6 months. Looking for some colo (about 20RU) for that time until we can migrate systems into our infrastructure at ME1. If you can help please reach out via email. Thanks Darren. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Darren.Moss at cloud365.com.au Tue Mar 25 11:36:20 2025 From: Darren.Moss at cloud365.com.au (Darren Moss) Date: Tue, 25 Mar 2025 00:36:20 +0000 Subject: [AusNOG] (sorted) Temporary Rack Space for 6 month project in Melbourne In-Reply-To: <0e1c74097bd9433dbbd7fbe15a49a57a@mbx05.ap.myhostedexchange.email> References: <0e1c74097bd9433dbbd7fbe15a49a57a@mbx05.ap.myhostedexchange.email> Message-ID: Hi All, Thank you for the replies, we are now in discussions for this requirement in Melbourne. Darren. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris at thesysadmin.au Thu Mar 27 22:27:20 2025 From: chris at thesysadmin.au (Christopher Hawker) Date: Thu, 27 Mar 2025 11:27:20 +0000 Subject: [AusNOG] DNSSEC Root Key Signing Key (KSK) for the Domain Name System Message-ID: <1743074825973681216@thesysadmin.au> ?Hello Everyone, As many of you may know, one of the functions of the Internet Assigned Numbers Authority (IANA) is the global coordination of the DNS Root Zone. One of the core components to DNS is DNSSEC. The Root Key Signing Key (KSK) acts as the trust anchor for DNSSEC for the Domain Name System, and this trust anchor is configured in DNSSEC-aware resolvers to facilitate validation of DNS data. This is how your DNS servers are able to cryptographically validate the authenticity of DNS records they receive and serve. For more information pertaining to DNSSEC, how it operates, the KSK and the relevant policies and procedures, I recommend visiting https://www.iana.org/dnssec for more info. In order to ensure the security of the KSK, IANA utilises Hardware Security Modules (HSM) to generate the KSK pair of public and private keys, which in turn are used to sign the Zone Signing Key (ZSK), that itself is used to sign DNS records (RRsets) within a DNS zone. As it currently stands, both of these HSMs currently reside in high-security Key Management Facilities (KMFs) in the USA, with one facility located in Culpeper VA, and the other in El Segundo CA. Now, while the locations of these HSMs are highly secure, both of them are located on US soil. As most people who are familiar with redundancy, this is not a good idea for a number of reasons (which I won't go into detail here as it's outside the scope of this email). What we as a community MUST DO, is look at the relocation of one of these HSMs to an alternate country such as Singapore or Switzerland (regarded as two safe countries) to ensure the continued integrity of the Root KSK. Unfortunately, section 4.2(b) of the IANA Naming Function Contract (https://pti.cdn.icann.org/resources/151/IANA_Naming_Function_Contract.pdf) between the Internet Corporation for Assigned Names and Numbers (ICANN) and Public Technical Identifiers (PTI) that govern how IANA performs its functions prohibits the operation of functions outside of the US. Given that the Internet is one of the most critical pieces of global (and not just US-based) infrastructure, I feel that this section of the contract must be reviewed (and deleted or modified to allow for PTI to perform the functions from Singapore, Switzerland or another safe jurisdiction) to maintain the integrity of the Domain Name System. The Second IANA Naming Function Review Team (IFRT2) have released an initial draft report of its analysis, issues and recommendations which also incorporates a review of the Contract between ICANN and PTI. The IFRT2 have opened a public call for comments on the draft report, before they submit their Final Report to ICANN's Board of Directors which they expect to do before June this year. The Public Comment period closes for submissions on 28 April 2025 at 23:59hrs UTC, and I strongly encourage everyone to read the report and provide input regarding support to relocating one of the Key Management Facilities across the Pacific or Atlantic Oceans. To view the report and submit a comment, please go to https://www.icann.org/en/public-comment/proceeding/second-iana-naming-function-review-team-ifr2-initial-report-20-03-2025/. In order to submit a comment on the report, you will need an account on https://account.icann.org/. In closing, I cannot stress one thing enough - this is in no way speaks to the professionalism of ICANN's staff. The team at ICANN perform some of the hardest work out there, ensuring the integrity and stability of the Internet as we know it today and for that they cannot be thanked enough. This recommendation to move one of the KMFs overseas is simply to help protect it from potential political instability, bias, and to encourage neutralism. We're already doing it with the operation of the DNS Root Zone, let's take it one step further and strengthen the security of DNSSEC and the Root KSK. If you have any questions, please do feel free to ask, either on-list or off-list. Regards, Christopher Hawker -------------- next part -------------- An HTML attachment was scrubbed... URL: