February 15, 2012 archive

Feb 15

Slides: The Case For IPv6-Only Data Centers

Why don’t we just skip dual-stack and other transition technologies and jump straight to IPv6-only data centers that use a gateway/proxy server to service IPv4 requests? That’s the fundamental question Tore Anderson posed in his presentation to the V6 World Congress last week in Paris: “The Case For IPv6-Only Data Centers” (PDF). Here’s what was for me the key slide:

Tore goes on to explain how this can be done using Stateless IP/ICMP Translation (SIIT), also known as “Stateless NAT64″ and “IVI” and defined in RFC 6052 and RFC 6145. Through a series of examples and diagrams he shows how IPv4 traffic would pass through the SIIT gateways into the IPv6 data center and then back out again.  He explains the advantages of this setup and concludes with a configuration example and remarks that he’s using this exact setup for his own website and that of his employer.

It’s certainly an intriguing approach and I’m now thinking I may work on setting this up in my IPv6 lab I’m working on.

What do you think?  Do you like the idea of just migrating once to an IPv6-only data center?

Feb 15

Google’s Public DNS Works With IPv6 – Can Help In Your Migration

GooglePublicDNSIn a post out yesterday, “Google Public DNS: 70 billion requests a day and counting“, Google reminded us all that their Public DNS service supports IPv6 at these addresses:

2001:4860:4860::8888
2001:4860:4860::8844

From Google’s post:

We’ve also taken steps to help support IPv6. On World IPv6 Day, we announced our IPv6 addresses: 2001:4860:4860::8888 and 2001:4860:4860::8844 to supplement our original addresses, 8.8.8.8 and 8.8.4.4.

If you are working in an IPv6 environment, you can configure your system to point to these addresses for DNS services. (Typically in the settings or control panel for your operating system.) This can greatly help as you migrate your network to IPv6 or establish a trial network.

With World IPv6 Launch coming up on June 6, 2012, it’s great to have resources like these from Google that allow people to work in an IPv6 world!

Feb 15

Valuable Info In EU’s “Good Practices Guide” for DNSSEC Deployment

Looking for a good concise guide to the security issues and procedures related to deploying DNSSEC?  Back in March 2010, the European Network and Information Security Agency (ENISA) issued their “Good Practices Guide For Deploying DNSSEC” with the abstract:

Deploying DNSSEC requires a number of security details and procedures to be defined and followed with specific requirements as to timing. This guide addresses these issues from the point of view of information security managers responsible for defining a policy and procedures to secure the DNS services of a company or an organisation, and from the point of view of competent authorities defining or regulating requirements for deployment.

Coming in at only 29 pages, the document provides a good overview of the issues you need to be thinking about and the steps you need to go through when deploying DNSSEC. While the guide was created prior to the signing of the root zone in July 2010, it still is very accurate in outlining what needs to be done.

Well worth a look if you are looking for whitepapers and similar documents around DNSSEC deployment.