Some ISPs with /32 prefix do not take up the reverse delegation

I just notice some ISPs who have been allocated /32 prefixes from APNIC have not taken up the reverse delegation of their own address range.  They will face problem if the addresses are used to set up SMTP servers by their corporate customers.  One example is HGC who owns the prefix 2403:5000::/32.

[warren@dnssec ~]# nslookup
 > set type=ns
 >  0.0.0.5.3.0.4.2.ip6.arpa.
Server:         202.81.252.116
Address:        202.81.252.116#53

** server can't find 0.0.0.5.3.0.4.2.ip6.arpa.: NXDOMAIN

Here is a good example of CPCNet with 2403:2c00::/32

[warren@dnssec ~]# nslookup
 > set type=ns
 >  0.0.c.2.3.0.4.2.ip6.arpa.
 Server: 202.81.252.116
Address: 202.81.252.116#53

Non-authoritative answer:
0.0.c.2.3.0.4.2.ip6.arpa nameserver = ns1.hk.net.
0.0.c.2.3.0.4.2.ip6.arpa nameserver = ns2.hk.net.

Authoritative answers can be found from:
ns1.hk.net has AAAA address 2403:2c00:2::1

IPv6 network time service available now from the Hong Kong Observatory

IPv6 NTP service is available from the Hong Kong Observatory (HKO) now at "time.hko.hk", the public announcement is at:

http://www.info.gov.hk/gia/general/201203/29/P201203290205.htm

OFTA and CUHK have been helping the tests and configurations in the past 3 months. We are happy to work with HKO colleagues and share experience on technical issues of IPv6. This IPv6 NTP system is highly resilient, running dual-stack with v4 and v6 redundant links from two different ISPs.

[warren@ ~]# ntpdate -q time.hko.hk
server 2403:5000:171:11::2, stratum 1, offset -0.000255, delay 0.03191
server 2407:8000:8001:80::8, stratum 1, offset -0.000517, delay 0.03520
server 223.255.185.2, stratum 1, offset -0.000185, delay 0.03293
server 118.143.17.82, stratum 1, offset -0.000069, delay 0.02800
29 Mar 21:57:16 ntpdate[24631]: adjust time server 118.143.17.82 offset -0.000069 sec

It took 27 months from my first proposal to HKO to successful implementation. A great feeling of relaxation, finally.

v6 subnet calculator

Three years ago, when I taught about IPv6 subnetting, I asked the audiences to use binary or hexadecimal concept to subdivide a prefix into smaller subnets.  This is not necessary anymore.  People can use a v6 subnet calculator to do the job.  It can be downloaded at http://www.accumuli.com/pages/files/IPv6SubnetCalculator.zip

Find "Aaron Cheung" in Facebook, the 1st person to bring commercial Internet services to Hong Kong

I suddenly found an old friend whose name is "Aaron Cheung" in Facebook.  He was the first person to bring commercial Internet services to Hong Kong. I met him in around 1993. At that time, I was a system operator of Fidonet and my node was 488 in Hong Kong.  During an informal gathering, he told me that he was setting up the first 64k leased line from HK to US west coast  to run the first commercial Internet service in HK, the the Hong Kong Internet Gateway Service (HKIGS).  Later on, I was amongst the first 10 customers of HKIGS.  I did not subscribe to HKIGS service in around 1996  since then I did not hear anything about him and HKIGS.

I still remembered the HKIGS handbook (less than 20 pages)  teaching us how to send email, using gopher and other services in a Unix shell environment.  Thanks for all the great services of HKIGS in those years.

Frameset hijacking website

Today I heard news about a fake website "company-registry.com/hkma/" spoofing itself as the website of the Hong Kong Monetary Authority (HKMA).  I accessed the URL and found that the website owner used frameset to load HKMA web content into a frame.  That says, the content is real, and it comes from the official website but framed and under other people domain.  The HTML source codes are really simple below (I purposely add an extra space in <  > ):

< html>
< head>
< meta http-equiv="Content-Type" content="text/html; charset=gb2312">
< title>香港金融管理局< /title>
< meta name="Keywords" content="香港金融管理局">
< meta name="description" content="香港金融管理局（金管局）由外汇基金管理局与银行业监理处合并而成。金管局的主要职能由《外汇基金条例》和《银行业条例》规定，并向财政司司长负责,金管局是香港政府架构中负责维持货币及银行体系稳定机构....">
< /head>
< frameset border=0 frameborder=0 frameSpacing=0 rows=4%,96%>
< frame marginHeight=5 marginWidth=10 name=mainsoft src="index_.htm" scrolling="no">
< frame src=" http://www.info.gov.hk/hkma/index.htm" >
< /html>

There are many javascripts that prevent a frame from loading web content. One that I have tested is below:
 < SCRIPT LANGUAGE="JavaScript">
if (window != top) top.location.href = location.href;
< /SCRIPT>

Good luck, HKMA !!!

Knot DNS

I notice the release of Knot DNS version 1.0.0 by the CZ Internet community.  This is a high performance authoritative name server software supporting DNSSEC and NSEC3.  When tested on a 4-core Intel Xeon X3430, 2.40 GHz, 2 GB RAM, running Linux 2.6.38-11, x86_64, Knot DNS can handle 200k queries per second while BIND 9.8 can handle slighty half of Knot DNS.   Knot DNS is a perfect choice of secondary level domains (STD) or even TLDs.  However, there is still a long way to go compared with Nominum Authoritative Name Server (ANS).  This software has a stunng peformance of processing 1 million queries per second if running on same hardware config.  Nominum ANS is the king of name server software !!