September 11, 2012 archive

Tor (The Onion Router) Expands IPv6 Support in 0.2.4.1-alpha

Tor Project logoLast week the Tor Project announced a new alpha release 0.2.4.1 that includes as one of its major features expanded support for IPv6. From the release notes:

  • Bridge authorities now accept IPv6 bridge addresses and include them in network status documents. Implements ticket 5534.
  • Clients who set “ClientUseIPv6 1″ may connect to entry nodes over IPv6. Set “ClientPreferIPv6ORPort 1″ to make this even more likelyto happen. Implements ticket 5535.
  • All kind of relays, not just bridges, can now advertise an IPv6 OR port. Implements ticket 6362.
  • Directory authorities vote on IPv6 OR ports using the new consensus method 14. Implements ticket 6363.

This builds on an earlier 0.2.39 alpha in December 2011 that introduced initial IPv6 support and  follows on some plans for IPv6 support written earlier in 2011.

If you are not familiar with the Tor Project it is a widely used tool for protecting your privacy and enabling anonymous use of the Internet without being tracked.  The history of Tor is quite interesting because it originated with a desire within the U.S. Navy to protect online government communications but today is used by many people who want to access Internet services without exposing their identity and/or location.

Tor has many uses across a wide range of fields… and now, at least in an early release version, it can work even better across IPv6!

Can You Add 1 Line of HTML To Your Site To Help Measure DNSSEC Usage?

DNSSEC validator search resultsCan you please help out with efforts to measure the number of DNSSEC-validating DNS resolvers out there?

The folks at Verisign Labs are conducting some research into trying to understand what level of DNSSEC-validating resolvers are out on the open Internet. This is critical to understand as the availability of DNSSEC-validating resolvers is a key piece of getting DNSSEC deployed.

They are asking for your help.

If you operate a website, they are asking if you can please add one line of HTML to your site, preferably in a page header, footer, sidebar or other component that gets frequently loaded:

<a href=”http://prefetch.validatorsearch.verisignlabs.com”></a>

That’s it!  As they say on their page:

This HTML snippet should have no visible impact on a rendered page. Since nearly all web browsers now implement DNS prefetching, the code above results in a DNS query for the name shown and allows us to characterize the recursive name server that the query goes through.

They also mention that you can alternatively modify the HEAD element of your page to include this one line of code:

<link rel=”prefetch” href=”http://prefetch.validatorsearch.verisignlabs.com” />

I’ve chosen this latter approach here at Deploy360 and as a result visitors to our site will be helping with this important research.  If we can get more sites adding this code, Verisign Labs can get that many more data points feeding in and helping them characterize the level of DNSSEC validating resolvers out there.

Here at Deploy360, we are in favor of research like this because we’d like to get a baseline now and then see trends over time.  Encouraging the wider deployment of DNSSEC-validating resolvers by ISPs and other network operators is one of the key activities we are planning to work on over the next 12 months – and this research will help us and many others understand how successful we are collectively in encouraging that deployment.

Can you please help you by adding a line of code to your site?  (Thanks!)

P.S. For those curious to learn more about “DNS prefetching” (also called “pre-resolving” by some) and how this research works, here are some articles you may find of interest: