Stéphane Bortzmeyer

Based in Paris (France)




Likes on articles

About the author

I work at AFNIC (the registry of .fr domain names), in the R&D department, on, among other things, DNS, security, statistics.

• On RIPE NCC Internet Country Report: Cyprus, Israel and Malta by Suzanne Taylor

"highly dependent on submarine cables for their connectivity" For islands, it is expected, no?

• Reply to Michael Booth on Splitting the Ping by Ben Cartwright-Cox

“Very nice write up, I like the detail of two way trip time. I'd also recommend looking in to ITU Y.1564, this works end to end at the application layer which may be more accurate. An ICMP ping may be processed by the processor on each layer three node (adding increased latency to what would be seen by other protocols such as http).”

« An ICMP ping may be processed by the processor on each layer three node (adding increased latency » Hmmm, certainly not. If you *direct* an ICMP echo request to a router, yes, the processing by the target (the router) will typically be slow, but, if you direct it to a remote machine, for all the routers on the path, it will just be an ordinary packet, forwarded like any other.

• On Splitting the Ping by Ben Cartwright-Cox

The README of sping has no usage instructions so, since it is not obvious, here is a summary: 0) Check that you have a clean path between the two machines (UDP port 6924 must pass) 1) On the responder (server / slave / pick the name you want), run sping without arguments 2) On the initiator (client / master / pick the name you want), run sping with -peers (I tried with IP addresses, may be it also works with names), for instance './sping -peers'. The result are displayed in the Web interface (by default, 'http://[::]:9523/metrics') under 'splitping_latency'. If you prefer see them in the console, add -debug.showstats to sping.

• On Who Protects You from Cyber Villains? by Youth IGF

"issues such as spam and copyright clearly cross the technical picket fence they have set" No, it is not at all clear to me and it requires explanations. How is copyright a technical issue? Also, it has nothing to do with the subject, which was protecting users (not Disney or Elsevier) from abuse.

• On NXNSAttack: Upgrade Resolvers to Stop New Kind of Random Subdomain Attack by petr_spacek

Regarding Geoff Huston's comment, and after discussion with Florian Maury, and with his authorization, I translate here his analysis : "The attack [NXNSattack] is quite different, and it has a significant impact. It was not detected at the time of iDNS. Moreover, the article  [about NXNSattack] is well written, mentions the related work and explains the differences. To summarize, this is an new and serious contribution."

• On Processing RIPE Atlas Results with jq by Stéphane Bortzmeyer

Alexandre Pion noticed a small bug: for the median too, we should exclude the null results.

• On Internet Stability in Times of Corona by Emile Aben

One may assume that, if some people delayed the changes, other people rushed in to adapt the networks to the increased load? Both behaviour may explain why the change rate is more or less the same?

• Reply to Chris Amin on RIS Live BGP Message Stream by Chris Amin

“Thanks, Stéphane! At some point I may add extra examples to the documentation. Is it okay if I include something based on your example?”

You're welcome to use this example as you see fit. A better version is available at

• On RIS Live BGP Message Stream by Chris Amin

Here is an asynchronous version of a Python client so you can do other things while waiting for updates. (In that case, we just display a timestamp.) #!/usr/bin/env python3 PERIOD = 5 RFC3339 = '%Y-%m-%dT%H:%M:%SZ' import sys import json import time import asyncio # import websockets class RISliveWebsocket(): def __init__(self, router, asn): self.router = router self.asn = asn async def __aenter__(self): self._conn = await websockets.connect("wss://") opening = json.dumps({"type": "ris_subscribe", "data": {"host": self.router, "path": self.asn}}) await self._conn.send(opening) print("Connected, %s sent" % opening) return self async def __aexit__(self, *args, **kwargs): print("Goodbye") pass async def send(self, message): await self._conn.send(message) async def receive(self): print("Trying to receive") return await self._conn.recv() async def tick(): while True: await asyncio.sleep(PERIOD) print("Waking up, it is %s" % time.strftime(RFC3339, time.gmtime(time.time()))) async def main(router, asn): sock = RISliveWebsocket(router, asn) async with sock as feed: while True: print(await feed.receive()) if __name__ == '__main__': if len(sys.argv) != 3: print("Usage: %s RIS-router ASn" % sys.argv[0], file=sys.stderr) sys.exit(1) try: loop = asyncio.get_event_loop() loop.run_until_complete(asyncio.wait([main(sys.argv[1], sys.argv[2]), tick()])) except KeyboardInterrupt: pass # Does not call __aexit__?

• Reply to Arsen Stasic on DoH - It's DNS Jim, but not as we know it! by Sara Dickinson

“Stephane, Quad9 has also DoH ( )”

OK, they should just update the FAQ :-) Thanks for the info.

Showing 47 comment(s)