[Aftld-members] Measuring Internet Resilience - Uganda Internet shutdown

Dr P Nyirenda paulos at sdnp.org.mw
Tue Jan 26 18:16:48 EAT 2021 

On 26 Jan 2021 at 10:22, Nishal Goburdhan wrote:

> ... 
> from my perspective, testing from various places, it did not.   the .UG 
> ccTLD is widely anycast, and was still operational during the shutdown.  
> i verified this at several times, but did not think this material enough 
> to write it up.
> ...

This is very good to hear ... shows good resilience then ...

However, my understabding is that this can only be true if the DNS master is outside the 
country ... or ... was moved outside the country ... during the shutdown to prevent TTL runout 
on the zones.

Anycast does not really help with resilience if the zone has timed out as when the master is 
offline, does it ?

Regards,

Paulos
=============================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD 
http://www.nic.mw
SDNP: http://www.sdnp.org.mw
Tel:  +265-(0)-882 089 166
Cell: +265-(0)-888-824787
WhatsApp: +265-(0)-887386433



On 26 Jan 2021 at 10:22, Nishal Goburdhan wrote:

> [to prevent unnecessary work for the list-admin, i have removed the -wg 
> that i am not subscribed to in my response]
> 
> On 19 Jan 2021, at 11:14, Dr P Nyirenda wrote:
> 
> > It appears that the recent Internet shutdown in Uganda may have 
> > provided a great
> > opportunity to measure Internet Resilience in Africa even if this 
> > would have been around a
> > "black hole".
> >
> > Did anyone attempt to make any such measurements ?
> > For example, how did the Uganda ccTLD .ug fare during the shutdowm?
> > Did .ug go down during shutdown?
> 
> from my perspective, testing from various places, it did not.   the .UG 
> ccTLD is widely anycast, and was still operational during the shutdown.  
> i verified this at several times, but did not think this material enough 
> to write it up.
> 
> as a reminder, if you are worried about your ccTLD´s resiliency, PCH 
> will be very happy to provide anycast services *at no cost* to any 
> ccTLD;  we already do this for a large portion of the world [1].  please 
> feel free to mail me off-list.
> 
> here´s a snapshot to show the origin asns for the ns-set for .UG.  
> there´s a good variety of ASNs here;  kudos to the .UG team!
> the script i ran, is a really simple shell-script that i´ve listed 
> below [2].
> 
> nishal at jnb:~$ bin/ns-origin.sh ug.
> Bulk mode; whois.cymru.com [2021-01-26 08:07:58 +0000]
> 42      | 204.61.216.60    | WOODYNET-1, US
> 37177   | 196.216.168.42   | AFRINIC-ANYCAST, MU
> 37177   | 2001:43f8:120::42                        | AFRINIC-ANYCAST, MU
> 20294   | 212.88.97.132    | MTN-, UG
> 197000  | 2001:67c:e0::52                          | RIPE-NCC-AUTHDNS-AS 
> Reseaux IP Europeens Network Coordination Centre (RIPE NCC), NL
> 197000  | 193.0.9.52       | RIPE-NCC-AUTHDNS-AS Reseaux IP Europeens 
> Network Coordination Centre (RIPE NCC), NL
> 26710   | 2001:500:89::53                          | 
> ICANN-ANYCASTED-SERVICES, US
> 26710   | 199.4.138.53     | ICANN-ANYCASTED-SERVICES, US
> 
> 
> > What did connectivity look like to those neighbouring Uganda network 
> > wise ?
> > Would be great to hear some answers or experience in a technical 
> > manner, just curious.
> 
> from well-connected networks in ZA and TZ, i was unable to reach the 
> regulator´s website (housed in UG).  i was able to reach the state 
> house website (https://www.statehouse.go.ug/government) because from my 
> perspective, this was *not* housed in UG at the time;  the irony was not 
> lost on me ..
> i _was_ able to get to the UIXP statistics page (housed in UG).  i was 
> also able to reach a very small set of known to be UG based resources.  
> i did not think that it was wise pointing out that there were 
> "holes" in the blanket, and to draw attention to these.
> 
> anecdotal information from colleagues in UG indicate that mobile data 
> was unavailable on handsets, and that for Joe Average, it really did 
> appear to be a blackout.
> 
> -n.
> [1] https://www.pch.net/services/dns_anycast
> 
> [2]  nishal at jnb:~$ cat bin/ns-origin.sh
> #!/bin/bash
> 
> if [[ -z $1 ]]; then
>      echo "Usage: $0 {domain}"
>      exit 1
> fi
> 
> DOMAIN="$1"
> SERVER="whois.cymru.com"
> PORT="43"
> 
> exec 3<>/dev/tcp/${SERVER}/${PORT}
> echo "begin" >&3
> dig +nssearch $DOMAIN |awk '{print $11}' >&3
> echo "end" >&3
> cat <&3
> 
> exit $?
> 
> _______________________________________________
> Aftld-members mailing list
> Aftld-members at aftld.org
> https://mail.aftld.org/cgi-bin/mailman/listinfo/aftld-members
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 



-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the Aftld-members mailing list