February 2012 archive

World IPv6 Launch Coming On June 6, 2012 – Will Your Apps Work with IPv6?

WorldIPv6Launch 250On June 6, 2012, World IPv6 Launch will mark the time when IPv6 is permanently enabled by many operators, website operators, content providers and organizations around the world.

Will your application(s) work on IPv6? What will you need to do to make sure that your apps work as well on IPv6 as on IPv4?

The main point of the book was to help you think through the questions and look at what you need to do.

Will you be ready?

ICANN DNSSEC Workshop March 14 in Costa Rica

ICANN 43 LogoWill you be at the ICANN 43 meeting taking place in San José, Costa Rica, in March 2012?  If so, on Wednesday, March 14, 2012, there will be a “DNSSEC Workshop” bringing together people to discuss current and future DNSSEC deployment.  Information is not yet available on the ICANN 43 website, but the call for proposals indicated that they were seeking talks on:

1. DNSSEC activities in Latin America

2. The realities of running DNSSEC

3. DNSSEC and the Finance Industry

4. When unexpected DNSSEC events occur

5. DNSSEC in the wild

6. DANE and other DNSSEC applications

I (Dan York) will be there in Costa Rica at the session and am definitely looking forward to joining in the conversation and listening and learning.  If you will be there at the session, please do say hello (or drop me a note in advance).  You can also expect to see information posted here to our blog coming out of that session.

P.S. If you want to attend, there is still time to register for the ICANN 43 meeting.  I’m told the DNSSEC Workshop will also be streamed live. As soon as we have the live-streaming information we’ll post that here.

NLnet Labs Makes Their DNSSEC Training Materials Freely Available For All To Use

Want to offer your own DNSSEC training courses? Or want to run an internal DNSSEC training class? Or want to give a DNSSEC presentation to a local user group? Or are you simply looking for material to help you learn more about DNSSEC?

If you answered yes to any of those questions, Olaf Kolkman and the team at NLnet Labs have given the Internet community a wonderful gift in the form of DNSSEC course materials that are freely available for usage and modification (subject to attribution). The slides are all part of a DNSSEC “Train the Trainer” course that Olaf recently gave and are available in PowerPoint, Keynote and PDF form from:

http://www.dns-school.org/Slides/index.html

The materials are licensed under a permissive Creative Commons license that basically lets you do whatever you want to the materials, including modify them and use them for commercial training, provided you include the appropriate attribution link.

It’s great that the NLnet Labs team has made this material available and we hope that people across the Internet find it a useful way to teach about DNSSEC and get more people using DNSSEC!

Thanks, Olaf and NLnet Labs!

Slides: The Status of IPv6 and Open Source/Free Operating systems

What is the status of IPv6 support in free / open source operating systems? Recently Olle Johansson gave a presentation in Sweden where he provided, in his own words:

A status report from a brief test of IPv6 support (including DHCPv6 and SLAAC) in OpenBSD, FreeBSD, Debian, Ubuntu, Fedora compared with Windows 7 and OS/X

His testing focused on trying to answer these questions:

  • Can I install a desktop operating system over IPv6?
  • Can I add and install packages over IPv6?
  • Can I configure it with combinations of Router Solicitations/Advertisements and DHCPv6?
Basically, his goal was to see – how ready are we to run IPv6 single-stack?

Olle was quite up front, too, in saying that he was doing this testing as a beginner with the operating systems because he believes it should be that easy to deploy.  While his conclusions are that there is still a good bit of work to do, his testing at least provides some pointers for where work needs to be done within the operating systems.

Olle’s nicely made his slides available for us to see in SlideShare:

Attending O’Reilly’s Tools of Change Conference (TOCCON) This Week in New York

 This week I will be in New York City at O'Reilly's Tools of Change for Publishing Conference, a.k.a. "TOC" or "TOCCON". As I wrote about recently on the Deploy360 blog, TOC is really the premiere gathering of the people behind the technology behind digital and online publishing.  While there certainly are people there from the "traditional" publishing industry, the event really brings together all of those who are disrupting publishing as we know it. 

For my part, I am going to primarily to do a deep-dive into the technology and tools behind ebook publishing. While some of my own books are offered as ebooks, the publishers have been the ones doing the actual ebook creation. I certainly understand the basics, but want to really dig deeper. I have a strong interest in seeing what we can do within the Internet Society Deploy360 Programme to take some of the long-form content we or our partners have and make that available in an ebook form. Partly I want people to be able to take the content and have it very easily accessible in an offline form. Partly I want to offer people the ability to consume our content using an ebook reader. And partly I want to experiment with marketing our content through some of the various ebook stores. LOTS of ideas... now, whether I will be able to carve out the time to implement those ideas is a different question. :-)

Anyway, if you are going to be down at TOCCON this week, please do say hello or drop me a msg via email or Twitter.

P.S. TOCCON will be an interesting event for me as I am not speaking, as I often do, nor am I staffing a booth, live tweeting, reporting or anything else. I am just there to learn, meet people and explore new ideas. I'm actually looking forward to the change of pace, bizarre as it will be for me.  :-)

U.S. Curling Championships Start Rocking Philadelphia This Weekend!

UscurlingchampionshipsFor those folks lucky enough to live in the Philadelphia area, or who can travel there, this weekend begins eight days of the US national curling championships! The best men's and women's teams will be in Philly vying for their chance to qualify in a slot for the 2012 World Championships and the 2014 U.S. Olympic Trials.

Expect to see some outstanding curling happening this week!

More on the story:

A local Philadelphia country music station also seems to have helped produce a video with interviews and shots of what is going on there:

Looks like fun, and if you are in the Philadelphia area, this is your chance to get to see some of the best curlers in the nation!

ENISA: Good Practices Guide For Deploying DNSSEC

In March 2010, the European Network and Information Security Agency (ENISA) issued their “Good Practices Guide For Deploying DNSSEC” with the abstract:

Deploying DNSSEC requires a number of security details and procedures to be defined and followed with specific requirements as to timing. This guide addresses these issues from the point of view of information security managers responsible for defining a policy and procedures to secure the DNS services of a company or an organisation, and from the point of view of competent authorities defining or regulating requirements for deployment.

While the document was created prior to the signing of the root zone in July 2010, the concise 29-page guide still provides a good overview of what is involved with working with DNSSEC and provides good guidelines for using and implementing DNSSEC.

The Table of Contents for the document is:

  • DNSSEC practices statement
  • Signing your zone
    • Value of a signed zone
    • Designing a signing system
    • Signing in a test environment
    • Checking the DNS servers
    • Key generation and management
    • Physical security
    • Use of NSEC3
    • Key rollovers
    • Performance issues
    • Publication of keys
    • Change of registrar
    • Change a zone from signed to unsigned
    • Change of domain holder (registrant)
  • Selecting a product
  • Outsourcing
  • Change of DNS provider
  • Validating DNS queries
    • Configure trust anchors
    • Routers, firewalls and other network equipment
  • Conclusions
  • ANNEX 1: Contents of a TAR’s policy and practices
  • ANNEX 2: Support of DNSSEC on commonly used nameservers
  • Reference

The document is available for free download in PDF form from the ENISA website.

DNSSEC Training: Internet Systems Consortium (ISC)

The Internet Systems Consortium (ISC), authors and maintains of the BIND DNS server, have been providing DNSSEC-related training for several years at both conferences and in training centers all over the world. Their latest schedule of courses can be found at:

http://www.isc.org/support/training

ISC offers focused classes on DNSSEC and also includes DNSSEC as a component of other DNS-related classes. Note that ISC also provides IPv6 training classes.


The Internet Society Deploy360 Programme does not recommend or endorse any particular commercial providers of training. The information provided here is to assist people in finding training providers and is part of a larger effort to list all known providers of DNSSEC-related training. If you know of an additional training providers we should include, please contact us.


DNSSEC Training: NLnet Labs Course Materials (Slides)

In February 2012, Olaf Kolkman from NLnet Labs taught a 2-day DNSSEC “Train-The-Trainer” workshop and nicely made all his course materials available online at:

http://www.dns-school.org/Slides/index.html

Olaf made all his courseware available as PDF, PowerPoint and Keynote files under a Creative Commons license that allows the course materials to be copied, modified and even used for commercial purposes – provided that an attribution link is maintained.

It’s great to see this kind of material being made available and we thank Olaf and NLnet Labs for making this material available to the broader community at no cost.

For quick reference, here are the sections of the NLnet Labs course materials (links go directly to the NLnet Labs site):

DNS vulnerabilities PDF KEY PPT
Unbound PDF KEY PPT
DNSSEC Theory PDF KEY PPT
Troubleshooting PDF KEY PPT
Practicalities PDF KEY PPT
DNSSEC Key Rollover PDF KEY PPT
OpenDNSSEC PDF KEY PPT
DNS in a Workflow PDF KEY PPT

Friday Comic: XKCD on IPv6 and Nanobot Swarms…

Yes, this XKCD comic came out in February of last year, but I still find it amusing (click on the image to see a larger version):

For those not following IPv6, the joke here is that the nanobot swarm (ex. grey goo) wound up having to stop their proliferation – and destruction of earth – because they ran out of IPv6 addresses!  This was, of course, mathematically debated in an XKCD forum along with other discussion.

Thankfully, since we haven’t yet made the full migration to IPv6, we’re nowhere near needing to worry about their exhaustion!

P.S. Speaking of IPv6, are you ready for World IPv6 Launch on June 6?