J
Weekend Reads
* DNS parser overflow in Zephyr
https://www.0xkato.xyz/CVE-2026-1678-DNS-Parser-Overflow-in-Zephyr/
* Telegram bots measurement survey
https://arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
https://arxiv.org/abs/2603.21082
* Building the largest data center
https://spectrum.ieee.org/5gw-data-center
* OpenBSD init system and boot process
https://overeducated-redneck.net/blurgh/openbsd-init-system.html
German #hosting provider Netcup (#AS197540) price adjustments coming, approximately 18%-25% increase:
Web hosting, servers, domains, e-mails, security, management services - simply everything for your successful internet presence.
netcup (www.netcup.com)
@paul_ipv6 I count 16 out of 58 (~25%) EO names that have no corresponding WWW page or that return a 404. Names that land somewhere are often just redirects to a whitehouse.gov page or tend to be pretty light on content. A few are just some sort of login page. If you're a fan of small government I guess you would be OK with this?
RE: https://mastodon.social/@botgov/116256508605400339
250, obviously todo with the 250th anniversary of july 4, 1776, but no content there yet. exec office name
@jianmin My own view of all this might best be described as budding nostalgic, doomerism skeptic.
Where there were sysadmins in the org, many are now little more than cloud vendor management admins. The skills needed are different and arguably require less techical wizardry than ever.
It seems to me, AI is going to drive many devops and in-house developers to the same fate - centralization of the engineering into big backend orgs and their platforms. Someone(s) remains behind to manage tech deployment in the org, let's call it a tech janitor.
A hollowing out of the old school geeks in every org continues, but on the bright side maybe never quite fully eliminated? Everyone becomes a little more geek in the process?
@paul_ipv6 Working on finally finishing up a paper related to this, but suffice to say I think Quad9 is taking a very reasonable position here.
There continues to be interesting DNSSEC-related outages, even "impactful" ones, but I think one could argue NTA getting it wrong is at least as risky as an outage. Hmm.. maybe something for future work . 
Weekend Reads
* Post-quantum RPKI framework
https://arxiv.org/abs/2603.06968
* DNSSEC negative trust anchors
https://quad9.net/news/blog/dnssec-ntas-no-good-compromises/
* AS112 deployment characteristics
https://0x03c0.com/files/pam26-as112-camera-ready-with-notice.pdf
* Geoff Huston on Internet timekeeping
https://www.potaroo.net/ispcol/2026-03/nts.html
* Measuring IX route servers prefix coverage
https://blog.benjojo.co.uk/post/how-far-can-you-get-with-ix-route-servers
I'm sure there are some caveats about interpreting the pretty picture and data this way, but a neat visualization just the same.
"A map of all ~2,100 Swiss municipalities showing which provider handles their official email - grouped by jurisdiction - based on public DNS records."
Interactive map showing the email providers of all ~2,100 Swiss municipalities, based on DNS analysis of MX and SPF records.
MXmap (mxmap.ch)
@i There are probably quite a few better deals financially. The alexhost hardware (CPU) in this case is also quite old. The interesting part to me was just the matter of the increase (even on this old stuff), but I think really this was an excuse to weed out some abusers.
#Hosting provider AlexHost (#AS200019) is raising the price of their low end U1 VPS (1 CPU, 1.5GB RAM, 10GB NVMe) from 4€/month to 6€/month. Two reasons for the increase are:
"The price of RAM has increased."
"[...] abuse of extremely cheap plans has also increased significantly."
IP4 prefixes for.ir TLD name servers are being announced. TCP/UDP over IP4 queries are getting responses from most of those name servers.
There are inconsistencies between what is in the root and now in ir. The root zone has IP6 addresses for each .ir name server, but the .ir zone currently does not. c.nic.ir in the root has glue for a name server in NL that is still responding authoritatively on both A and AAAA addresses, but it is surely out of sync.
Oddly, the ir zone has an OVH IP4 for c.nic.ir which is not responding.
#AS57497 (faraso .org), a hosting provider, is one of the few IR associated nets currently visible in routing tables. At least some of these prefixes appear to be originating from IR.
Monday jam: Hound Dog Taylor | Rock Me | https://song.link/s/57QydZwmh2XCNmBoZtlfCi #blues
@paul_ipv6 While you wait, here's an article I came across today you might enjoy:
RE: https://infosec.exchange/@jtk/114378253611506206
I have to assume he or whoever is responsible for the site has abandoned it, but someone is paying to keep the name and site running. Even more gambling links have since been injected throughout various pages.
[ alan-dershowitz .com ]
I never received a reply to my email about it.
RE: https://mastodon.social/@botgov/116137836000900744
aicenter, earlycareers - two new exec office names
