Łukasz Bromirski Jul 17, 2025
I wrote short summary after reading Real Internet Architecture on my blog: https://lukasz.bromirski.net/post/real-internet-architecture/. I'll take this opportunity to remind everyone I'm running various open projects for - you guessed it - Internet community. Check them at https://lukasz.bromirski.net/projects/ #as112 #bgp #rpki #freebsd
real internet architecture

a very interesting read to check out, especially if you’re used to books written by networking vendors. this one offers a different perspective on the Internet — a mix of academic insight and practical with real-world examples. it’s a short book, but it does a great job of clearly (and practically) explaining key elements of how the Internet is structured. using a kind of “geological” language, it explores concepts like abstraction layers and protocol stacking. it’s a quick read, and I can easily imagine that even someone with very little prior knowledge could come away with a solid understanding — and appreciation — of the Internet’s architecture. in fact, after reading it carefully, you’ll probably be able to relate to various parts of our everyday online world with technical accuracy, without needing to get deep into configuration details. that’s a pretty digestible level for non-network engineers. :)

lukasz.bromirski.net
Clement CavadoreApr 20, 2025

Anycast's mysteries: @hivane 's #AS112 node traffic went from around 3-5Mbps usual DNS traffic to 80-120Mbps for a few days... and now, back to normal 🙃

We also observed a 60W peak usage drop on the server running a VM. A drop for DC2Scale usage, but still worth it 😅

Łukasz Bromirski Jan 11, 2025
Annual reminder: I'm running various free projects for networking community - BGP feeds with bogons, FlowSpec, geo information for country filtering, full IPv4/IPv6 global table, RPKI RSes and AS112 sinkholes. All documented here: https://lukasz.bromirski.net/projects/ #bgp #as112 #anycast #freebsd #iosxr #xrv9000 #pushdastuff
projects

below you can see some of the community projects I created/actively maintaining: AS 112 - world wide project to sinkhole RFC 1918 DNS traffic locally within countries/geos and avoid slamming DNS root servers; I’m maintaining three AS112 servers in different parts of Poland BGP Blackholing - open BGP route server project, that provides “bogons” feed via dynamic BGP peering BGP Full Feed - open BGP route server that provides full DFZ view of IPv4/IPv6 BGP table

lukasz.bromirski.net
Show threadŁukasz Bromirski Sep 2, 2024
As you were asking - I added generic @nlnetlabs NSD 4.x configuration and @ondrejfilip / @marenamat BIRD 2.x. As a bonus - rc.conf and sysctl.conf for @FreeBSDFoundation 12-14.x: https://github.com/lukasz-bromirski/as112-template #as112 #anycast
GitHub - lukasz-bromirski/as112-template: AS112 config template

AS112 config template. Contribute to lukasz-bromirski/as112-template development by creating an account on GitHub.

GitHub
Łukasz Bromirski Sep 1, 2024
Hey, AS112 instance operators - there's new `service.arpa` that should be taken care by your servers! I made a short post about it - https://lukasz.bromirski.net/post/as112-service-arpa/. There's also ready-made, generic repo based on the RFC templates here: https://github.com/lukasz-bromirski/as112-template. #as112 #anycast #anycastdns
AS112 and service.arpa

you may have missed that, but IANA decided to properly use of service.arpa domain, just like they did previously to home.arpa - to avoid DNSSEC breakage. if you’re using BIND to serve your own AS112 instance, it’s enough to add following line: zone "service.arpa" { type master; file "m/db.dd-empty"; }; (assuming of course, that the file db.dd-empty is in subdirectory m of directory defined as working via directory on named.conf)

lukasz.bromirski.net
Łukasz Bromirski May 15, 2024
Moje slajdy z wczorajszego podsumowania dwóch lat utrzymywania serwerów AS112 na @PLNOG są już dostępne: https://lukasz.bromirski.net/docs/prezos/plnog2024/dns-as112-update.pdf #plnog #as112 Podziękowania dla @mjbroniarz, @adamlangepl, Radosława Potery, Adama Wiechnika i wszystkich pozostałych dobrych dusz!
Łukasz Bromirski May 11, 2024
Już w najbliższy poniedziałek zaczynamy kolejną edycję konferencji @PLNOG. Serdecznie zapraszam od rana, ja na jej zakończenie (we wtorek) opowiem o projekcie AS 112. A gościem specjalnym będzie @andrzejdragan! Nadal można kupić wejściówki: https://eventory.cc/event/plnog-32/tickets #dns #as112 #bcp
PLNOG 32

PLNOG32 - dołącz do elitarnej społeczności telekomunikacyjnej! PLNOG, jedna z najbardziej renomowanych konferencji telekomunikacyjnych w Polsce, serdecznie zaprasza Cię na swoją 32. edycję, która odbędzie się w dniach 13-14 maja 2024 roku. Jako część międzynarodowej serii Network Operators' Groups, PLNOG tworzy wyjątkową przestrzeń dla dostawców usług internetowych, operatorów sieci oraz pasjonatów rozwoju rynku ICT i ISP. Zaplanowane ścieżki tematyczne - Operatorska, Regulacje i Organizacja oraz Edukacja - gwarantują, że każdy uczestnik znajdzie coś dla siebie.  Zapisz się już dziś na PLNOG32 i bądź częścią przyszłości telekomunikacji w Polsce!

PLNOG 32
Marco d'Itri Dec 17, 2023
I have published the #Ansible playbook used to install at #MINAP an NSD-based #AS112 node: https://github.com/rfc1036/minap/blob/master/ansible/as112/as112-nsd.yaml .
minap/ansible/as112/as112-nsd.yaml at master · rfc1036/minap

Random software written for MINAP (https://www.minap.it/) - rfc1036/minap

GitHub
Łukasz Bromirski Dec 23, 2022

As I'm running four different AS112 sinkholes in Poland, here's couple of numbers you may find interesting.

The most popular private network in Poland seems to be (at least among those not or badly configured) 192.168/16. Reverse requests for this space account for 68% of AS112 sinkholed traffic. The next one, but barely, is 172.16/12 (17%) and last - 10/8 (15%).

Out of domains I can share are of interest, top is Google's thread (230 queries per second on average across four AS112 instances), and the proxy autodiscovery wpad.home.arpa (182 queries per second).

As always, I'll be reaching out to the "top talkers" to let them know they're leaking queries to internet. For those of you that reacted and fixed your systems - kudos!

Please make sure to configure properly your DNS resolvers people, and don't leak reverse queries to internet! To check for more info - please visit https://lukasz.bromirski.net/as-112-project/. #as112 #anycast #plnog #dns #atman #epix #vectra

AS 112 project

thanks to good folks at ATMAN and EPIX I was able to add additional AS 112 anycasted resolvers in Poland. this is described in more detail here. however, you may have received an email from us - let’s explain why. why I’m getting emails from you? we’re contacting you with this email, as we see traffic leaking from one of your networks to anycasted AS112 prefixes for reverse-name mapping for IP address space from RFC1918 range.

lukasz.bromirski.net