Categories
IPV6 Social Collabration Speaker

Ripe83 is over now, grap the presentations if you could not attend

https://ripe83.ripe.net

https://ripe83.ripe.net/presentations/presentation-archive/

https://ripe83.ripe.net/wp-content/uploads/presentations/95-RIPE-83-Tech-Report.pdf

Categories
Austrian ISPs IPV6

ADSL A1.net Dual Stack Support Part2

After switching to Fritzbox 7582 as ADSL modem i might get this year 2020 at my ADSL line. No ETA given.

But on 8.07.2020 02:07 AM somebody switch it on.

2001:871:263:xxx::yyy/64 true Dualstack with a Public still dynamic IPv4 address.

DSL
verbunden, ↓ 41,8 Mbit/s ↑ 10,5 Mbit/s
Internet, IPv4
verbunden seit 08.07.2020, 02:07 Uhr, A1,
IPv4-Adresse: 80.123.28.186
Internet, IPv6
verbunden seit 08.07.2020, 02:07 Uhr, A1,
IPv6-Adresse: 2001:870:263:3a1::a:1, Gültigkeit: 9726/4326s,
IPv6-Präfix: 2001:871:263:xxx::/64, Gültigkeit: 9726/4326s
Genutzte DNS-Server
10.0.0.95 (aktuell genutzt für Standardanfragen) -> Raspi PIHole
fd00::95 (aktuell genutzt für Standardanfragen) -> Raspi PIHole
10.156.0.33 (genutzt für a1.net)
10.156.0.49 (genutzt für a1.net)

https://stat.ripe.net/2001%3A850%3A1%3A2b%3A%3A1#tabId=at-a-glance

But wait, according to A1 Hotline it is still blocked on their end. So now i have a Ipv6 Network but not Ipv6 connectivitiy.

Update: some days later connectivity started without any notice to me.

A1 Guru Service needed to help?

https://www.ripe.net/publications/docs/ripe-690#4–size-of-end-user-prefix-assignment—48—56-or-something-else-

Now asking when A1.ne may use ripe-690 ( Best Current Operational Practice for Operators: IPv6 prefix assignment for end-users – persistent vs non-persistent, and what size to choose Publication date: 16 Oct 2017 ) and assign a /56 with Prefix delegation (PD) instead of /64-

Categories
IPV6

Completing the Transition to Internet Protocol Version 6 (IPv6)

If the federal government can do #IPv6, why can’t you?

https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf announced on 19.Nov. 2020

Develop an IPv6 implementation plan by the end of FY 2021, and update the Information Resources Management (IRM) Strategic Plan  as appropriate, to update all networked Federal information systems (and the IP-enabled assets associated with these systems) to fully enable native IPv6  operation. The plan shall describe the agency transition process and include the following milestones and actions: 12

  1. At least 20% of IP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2023
  2. At least 50% of IP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2024
  3. At least 80% ofIP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2025 and
  4.  Identify and justify Federal information systems that cannot be converted to use IPv6 and provide a schedule for replacing or retiring these systems;

See details in linked pdf

Lets see if that happens as planned

Categories
IPV6

Progess at A1.net AS8447 on A1 Kombi Customers

In Austria you can have wired phone line with ADSL Data.
Normally plain IPv4. But now partly also with Dualstack.
Example: Near Graz/Austria
IPv4: Good, AS12793 – A1-TELEKOM-AT A1 Telekom Austria AG
IPv6: Good, AS8447 – TELEKOM-AT A1 Telekom Austria AG
IPv4 address: 217.149.162.209
IPv6 address: 2001:871:64:ca:b8a6:cb7:2a6b:cbb0

The PCs get IPv6 addresses and get working connection.
Cavats: No working DNS via IPv6
Hotline does not know why it works, nor customer gets information.
DNS servers kdns1.highway.telekom.at, kdns2.highway.telekom.at, kdns3.highway.telekom.at for reverse DNS are IPv4 only.
https://stat.ripe.net/2001%3A871%3A64%3Aca%3Ab8a6%3Acb7%3A2a6b%3Acbb0#tabId=at-a-glance

No way to order that for mine ADSL Kombi, nor to get a product information.

So progress, but to completed

#ipv6 #Österreich #austria  @A1Telekom

Categories
dualstack IPV6 smtp

Detecting phishing with spf macros

I run a test domain andritz.me with dual stack and mail enabled

SMTP server

ns.andritz.me 185.77.254.8 and 2a05:6740:40c0:4000:0:0:0:53

SPF record:

v=spf1 exists:i.%{i}.h.%{h}.o.%{o}.spf.andritz.me -all
%{ir} is replaced by the IP address of the sender
%{o} is replaced by the domain of the sending client
%{h} is replaced by the HELO/EHLO domain ns.andritz.me

So i need DNS entries for the exist queries according to https://tools.ietf.org/html/rfc7208

see 7.2. Macro Definitions

   The following macro letters are expanded in term arguments:

      s = <sender>
      l = local-part of <sender>
      o = domain of <sender>
      d = <domain>
      i = <ip>
      p = the validated domain name of <ip> (do not use)
      v = the string "in-addr" if <ip> is ipv4, or "ip6" if <ip> is ipv6
      h = HELO/EHLO domain

But be careful to those IP addresses in reverse notation

https://tools.ietf.org/html/rfc7208#page-32 ( examples of macro expansion, i donot use %v

i.8.254.77.185.h.andritz.me.o.ns.andritz.me.spf.andritz.me

i.3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.andritz.me.o.ns.andritz.me.spf.andritz.me.

Both entries need to exist for each mailserver and respond to a A ( also for ipv6) query with any but valid value.

DNS A records are limited <250 characters )

https://www.kitterman.com/spf/validate.html you can use ipv4 or ipv6

02-Jan-2020 10:44:51.453 queries: info: client @0x7f3f30101180 66.39.4.57#8213 (0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:51.565 queries: info: client @0x7f3f30101180 66.39.4.57#2706 (5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:51.676 queries: info: client @0x7f3f30101180 66.39.4.57#1561 (6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:51.788 queries: info: client @0x7f3f30101180 66.39.4.57#40533 (7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:51.899 queries: info: client @0x7f3f3011e0a0 66.39.4.57#30752 (4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.011 queries: info: client @0x7f3f3011e0a0 66.39.4.57#3741 (0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.122 queries: info: client @0x7f3f3011e0a0 66.39.4.57#32473 (4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.234 queries: info: client @0x7f3f3011e0a0 66.39.4.57#20129 (0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.347 queries: info: client @0x7f3f3011e0a0 66.39.4.57#59149 (c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.459 queries: info: client @0x7f3f3011e0a0 66.39.4.57#57085 (0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.571 queries: info: client @0x7f3f3011e0a0 66.39.4.57#23099 (4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.683 queries: info: client @0x7f3f3011e0a0 66.39.4.57#26783 (0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.795 queries: info: client @0x7f3f3011e0a0 66.39.4.57#59831 (0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:52.907 queries: info: client @0x7f3f3011e0a0 66.39.4.57#11262 (0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:53.019 queries: info: client @0x7f3f3011e0a0 66.39.4.57#49170 (0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:53.131 queries: info: client @0x7f3f3011e0a0 66.39.4.57#27116 (0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:53.243 queries: info: client @0x7f3f3011e0a0 66.39.4.57#55092 (0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:53.355 queries: info: client @0x7f3f3011e0a0 66.39.4.57#33274 (0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:53.467 queries: info: client @0x7f3f3011e0a0 66.39.4.57#23164 (0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:53.581 queries: info: client @0x7f3f3011e0a0 66.39.4.57#13752 (0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:53.807 queries: info: client @0x7f3f3011e0a0 66.39.4.57#53153 (0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:54.034 queries: info: client @0x7f3f3011e0a0 66.39.4.57#49398 (0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:54.372 queries: info: client @0x7f3f3011e0a0 66.39.4.57#2880 (0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:54.714 queries: info: client @0x7f3f3011e0a0 66.39.4.57#24045 (3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: 3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN DS -E(0)D (185.77.254.8)
02-Jan-2020 10:44:54.941 queries: info: client @0x7f3f3011e0a0 66.39.4.57#55280 (i.3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me): query: i.3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.c.0.4.0.4.7.6.5.0.a.2.h.ns.andritz.me.o.andritz.me.spf.andritz.me IN A -E(0)D (185.77.254.8)

Other information found

https://spf-all.com/stats.html Currently only very domains utilzed that phishing protection.

https://duo.com/labs/tech-notes/detecting-phishing-with-spf-macros

https://www.dmarcanalyzer.com/spf/checker/