Eir rural FTTH thread II

plodder

You can't trust DNS at the end of the day. Https is the only reasonable way to be sure you are talking to who you intend, though ironically even that picture can be confused by the likes of Cloudflare who are effectively a "man in the middle" pretending to be the site that you want to talk to.

ED E

We'll have DNSSec sometime...just like widespread v6 adoption

cnocbui

My son suddenly had an aha! moment a short while ago and said that the DNS problem is likely because Eir ignored ICANN's warning that they were rebooting the root name servers today to renew their encryption key.

MajesticDonkey

plodder wrote: »

You can't trust DNS at the end of the day. Https is the only reasonable way to be sure you are talking to who you intend, though ironically even that picture can be confused by the likes of Cloudflare who are effectively a "man in the middle" pretending to be the site that you want to talk to.

DNS and HTTPS are completely different things...

ED E

MajesticDonkey wrote: »

DNS and HTTPS are completely different things...

Yes but DNS preempts the application layer so if you've never been to a site before poisoned DNS can prevent HTTPs from even being used (downgrade attack).

Way OT though.

plodder

MajesticDonkey wrote: »

DNS and HTTPS are completely different things...

Not in terms of being sure who it is you are talking to. Fake data from DNS can end up sending you to the wrong site, whereas certificates/public key infrastructure provided by HTTPS/TLS can give you a fairly high level of assurance that you are talking to the right site.

So, if you click on the security information of a web site that you connect to with https and it says this is www.foo.com verified by some CA, then assuming you intended to connect to www.foo.com then you can be sure that DNS was working and everything else.

limnam

plodder wrote: »

whereas certificates/public key infrastructure provided by HTTPS/TLS can give you a fairly high level of assurance that you are talking to the right site.

Which can also be comprised as we've seen in the past.



Anyhaps for the most part my concern is availability rather than integrity.


For the most part I just want the resolution to happen. eir seem to struggle with more so than anyone else.


Which was an issue pretty much from tinet days.

plodder

limnam wrote: »

Anyhaps for the most part my concern is availability rather than integrity.

Sure. I was just answering the posts that raised the question of "trust".

Johnboy1951

Dominique Loud Waistband wrote: »

eir are having some sort of issues today. If anyone is having issues with their connection try changing DNS to 8.8.8.8 or other public servers.

https://www.eir.ie/ currently down

https://www.boards.ie/ttfthread/2057919647/

EVentually decided to change the DNS on the F2000 to 1.1.1.1

I will leave it as is now that I figured out how to get it to take

I had previously set my own PC's DNS to get on line.

9726_9726

cnocbui wrote: »

My son suddenly had an aha! moment a short while ago and said that the DNS problem is likely because Eir ignored ICANN's warning that they were rebooting the root name servers today to renew their encryption key.

I wondered the same thing!

Rollover was at 16:00 zulu on Thursday though. Sounds like it may have something to do with it though.

tuxy

Haha all news reports say it went smoothly, I guess they haven't heard of Eir

ED E

9726_9726 wrote: »

I wondered the same thing!

Rollover was at 16:00 zulu on Thursday though. Sounds like it may have something to do with it though.

Short of a fire in every DC how have citywest not recovered by now? Seems like utter lunacy.

cnocbui

9726_9726 wrote: »

I wondered the same thing!

Rollover was at 16:00 zulu on Thursday though. Sounds like it may have something to do with it though.

Yes, but the window for disruptions was up to 48 hrs thereafter.

9726_9726

ED E wrote: »

Short of a fire in every DC how have citywest not recovered by now? Seems like utter lunacy.

Nuts that they could lose DNS entirely.

A bit like the Department of Communications losing their website for a few days! I mean, if a website gets borked, you restore a backup.

If the VM is borked, give Veeam a kick, or similar. Should be very easy.


The site is back up and running now, it seems.

9726_9726

cnocbui wrote: »

Yes, but the window for disruptions was up to 48 hrs thereafter.

Interesting. Gotta be related so. Crazy.

Marlow

ED E wrote: »

Short of a fire in every DC how have citywest not recovered by now? Seems like utter lunacy.

Citywests biggest problem has lasted ever since Equinix bought Telecity. That's not going to end any time soon.

The incident in Interxion Dub2 the other day was far more entertaining

/M

fritzelly

If the DNS servers were "rebooted" then it could take 48 hours for all the regional DNS servers to update
But that is more bad form on their side for not updating them often enough - they should have scheduled an update knowing this

T-Bird

Probably won't happen, but I hope there is a clause that I can get out of the contract I unknowingly signed into..

babi-hrse

I got this all the way out in Tenerife. Perfect connection to movistar and orange but unable to get any traffic.
Did this happen to all the providers globally or was it because my home network is eir and it had to route my traffic through my home carrier?

tuxy

babi-hrse wrote: »

I got this all the way out in Tenerife. Perfect connection to movistar and orange but unable to get any traffic.
Did this happen to all the providers globally or was it because my home network is eir and it had to route my traffic through my home carrier?

It happened because your phone was set to use Eirs domain name server.

Grab All Association

Seems to be fixed now

plodder

babi-hrse wrote: »

I got this all the way out in Tenerife. Perfect connection to movistar and orange but unable to get any traffic.
Did this happen to all the providers globally or was it because my home network is eir and it had to route my traffic through my home carrier?

Maybe other operators were affected by it too, but it's not like the old days with GSM phones where traffic is routed back to your "home" network and it also would be very unusual to have your device pointing at Eir's DNS servers when abroad. Normally, the local DHCP server will point your device at a local DNS service.

ED E

plodder wrote: »

Maybe other operators were affected by it too, but it's not like the old days with GSM phones where traffic is routed back to your "home" network and it also would be very unusual to have your device pointing at Eir's DNS servers when abroad. Normally, the local DHCP server will point your device at a local DNS service.

Many many reports from abroad, does look like they're tunneling all traffic via Dublin.

plodder

ED E wrote: »

Many many reports from abroad, does look like they're tunneling all traffic via Dublin.

Hmm, why would they do that? Maybe to keep track of monthly download allowances, I suppose. Seems an inefficient way to do it though.

ED E

Three seemed to implement it to throttle data usage when the EU forced them to give home allowances abroad. 10-12Mb UK 3G dropped to 1Mb overnight.

Marlow

ED E wrote: »

Many many reports from abroad, does look like they're tunneling all traffic via Dublin.

Mobile data roaming works using tunnels. That's how it's designed.

Even when you roam abroad, you will get an irish IP on your irish mobile phone. From your irish provider. The operator, that you are a customer of has the records of who you are so also assumes the point of contact for your doings on the internet.

So yes .. anyone using an Eir Mobile, even when abroad, would have experienced the same issues. And they were only related to Eir.

/M

michaelheno

Looking at setting up a ubiquiti home network setup to improve wifi in the house. I have FTTH looking at then router element of the setup can you directly connect a USG to the ont or would it have to be connected to the provided router

tsue921i8wljb3

michaelheno wrote: »

Looking at setting up a ubiquiti home network setup to improve wifi in the house. I have FTTH looking at then router element of the setup can you directly connect a USG to the ont or would it have to be connected to the provided router

You can connect it directly to the ONT but you'll lose your VoIP, if you are with eir.

michaelheno

Dominique Loud Waistband wrote: »

You can connect it directly to the ONT but you'll lose your VoIP, if you are with eir.

No don’t have VoIP and I am with airwire thank God looking at all the hassle on the eir networks yesterday

Airwire: MartinL

michaelheno wrote: »

No don’t have VoIP and I am with airwire

Even if you had VoIP with your connection, we have no problems giving out the credentials for that separately.

So there are no issues doing, what you want to do. It is just a good idea to keep your original router around for reference (to reconnect, when you need to test), if you ever have a problem, as we only can offer you best effort support on systems we haven't tested.