- 2, Sea Road, Galway, Galway
February 2012 archive
Feb 09
IPv6exchange.net Aims To Provide Q&A-Style Forum For IPv6 Discussion
Looking to post a specific IPv6 question and receive an answer? Or looking to see what kinds of questions people are asking about IPv6? If so, the folks at Network Revolution, an IPv6 consultancy based in London, have set up a web forum at ipv6exchange.net where people can ask IPv6 questions and receive answers from others in the community. They’re seeking to make it a member-driven community where people can collectively build up a knowledgebase of information related to IPv6. While I’ve not yet set up my own free account to join the discussions, it does look like a useful resource and as we approach World IPv6 Launch on June 6 it is great to see more and more resources like this coming online!
Feb 09
DNSSEC HOWTO, a tutorial in disguise
Looking for a comprehensive guide to what DNSSEC is all about? If so, Olaf Kolkman and the team at NLnet Labs have created and maintained for many years now the extremely detailed “DNSSEC HOWTO, a tutorial in disguise.” You can find it at:
It is available as both a web page and as a PDF for download.
The document was last updated in July 2009, which unfortunately means that it pre-dates the signing of the root zone in July 2010 and therefore does not truly represent the current state of affairs with regard to DNSSEC. However, the document is still an excellent resource for anyone looking to learn more about DNSSEC in general.
The HOWTO is a long document that covers a great range of material related to DNSSEC. As Olaf Kolkman writes in the beginning, the document includes:
Part I, intends to provide some background for those who want to deploy DNSSEC.Part II, about the aspects of DNSSEC that deal with data security.
- Creating an island of security (Chapter 2, ”Configuring a recursive name server to validate answers” and Chapter 3, ”Securing a DNS zone”) by configuring a recursive name server to validate the signed zones served by your organisations authoritative name servers. When you have learnt and implemented this, you can be sure that DNS data in your organisation is protected from change. Once you have created an island of security it is a small step to become part of a chain of trust.
- Delegating signing authority; building a chain of trust (Chapter 4, ”Delegating of signing authority; becoming globally secure”). You will learn how to exchange keys with your parent and with your children.
- Chapter 5, ”Rolling keys” covers maintaining keys and ensuring that during the rollover process clients will be able to maintain a consistent view of your DNS data.
- Part IV, covering aspects that deal with server to server security and transaction security.
- Chapter 9, ”Securing zone transfers” is on the use of transaction security (TSIG) to provide authorisation and integrity for zone transfers.
Part III, describes a few tools that may turn out handy while figuring out what might have gone wrong.
We understand that the NLnet Labs team would like to update the document and would welcome any contributions of time to help bring the document up-to-date. If you are interested, we suggest you contact NLnet Labs at labs@nlnetlabs.nl.
Feb 09
Deploy360 Team
The Internet Society team that supports the Deploy360 Programme includes:
- Richard Jimmerson, Director, Deployment & Operationalization
- Dan York, Senior Content Strategist
- Megan Kruse, Outreach Manager
The team monitors email and social media channels and welcomes any communication about the programme.
Feb 08
DNSSEC-Tools Project
The goal of the DNSSEC-Tools Project is “to create a set of software tools, patches, applications, wrappers, extensions, and plugins that will help ease the deployment of DNSSEC related technologies.” The project website is at:
There you will find information about the available tools, tutorials, installation information and of course the actual DNSSEC tools available for download in a number of different formats for different operating systems.
The available DNSSEC tools can be broken down into the following categories:
- Zone Administration Tools
- Authoritative Domain Name Server Tools
- Recursive Domain Name Server Tools
- Application/Script Writers
- End Users (patches to add DNSSEC support to applications like Firefox, sendmail, jabberd, etc.)
- DNS Error Checking Tools
- DNSSEC Management Tools
The DNSSEC-Tools Project is open to public participation and operates a wiki full of documentation a number of public mailing lists, a public bug tracker, and a Subversion/SVN repository.
Feb 08
DNSSEC-Tools 1.12.1 Released – New DNSSEC apps, updated tools, Android support, more…
The DNSSEC-Tools Project today announced the release of DNSSEC-Tools version 1.12.1 with a range of new DNSSEC applications, updates to a number of tools and porting of the DNSSEC validator library to the Android platform.
The new release can be downloaded in various forms from:
The release announcement mentions these new features and capabilities:
- A new and improved DNSSEC-check utility with a completely re-written GUI and support for a number of platforms including Android and Harmattan (N9) devices.
- dnssec-nodes now parses unbound log files
- dnssec-system-tray now parses unbound log files
- rollerd
- Added support for phase-specific commands in rollerd. This allows the zone operator to customize processing of the rollerd utility during different rollerd phases.
- Added support for zone groups in rollerd. This allows a collection of zones to be controlled as a group, rather each of those zones individually.
- Improved the manner in which rollerd indexes the zones being managed, with the significantly decreased access times for rollerd’s data files. This results in rollerd being able to support a lot more zones with a single rollerd instance.
- rollctl and the rollover GUI programs may have new commands to allow for immediate termination of rollerd.
- New DNSSEC-capable applications
- Added a patch to enable DNSSEC validation in Qt based applications
- Added patch to enable local validation in NTP, with the ability to handle a specific chicken and egg problem related to the interdependency between DNSSEC and an accurate system clock.
- Validator library:
- The library has been ported to the Android OS
- Added support for hard-coding validator configuration information that gets used in the absence of other configuration data. This feature allows the validator library to be self-contained in environments where setting up configuration data at specific locations in the file system is not always feasible.
It’s very cool to see these new features added and we look forward to seeing what developers build with these new capabilities!
P.S. The DNSSEC-Tools project also seems to have a brand new Twitter account, @DNSSECTools, that could use some followers!
Feb 08
Sorry, But No, I Won’t Add a Link To A Blog Post for $60!
If you’re willing to place a link to my client, <URL-deleted> with the anchor text “<client-name-deleted>” in one of your new articles then I will send you a one-time payment of $60 via PayPal.
<client-name-deleted> provides the best deals for <deleted> across the country. If you’re interested, please let me know the email address where you’d like me to send the PayPal payment and I will send it once you add the link.
I'd seen this type of message many times before, of course, but just deleted them as a matter of course.
This time, though, I picked up on "to my client".
One wonders, does the client understand the sleazy way in which this person is going about their work? Does the client even care? Are they just paying for "results"?
I do wonder, too, how many people out there just go ahead and accept the offer... hey, $60 can buy a bit and... "why not? They're just asking for a link!" Probably a number of folks... which then only leads to more messages like this...
P.S. And no, I've never taken money to put links in articles. And I certainly wouldn't for only $60. Now... add maybe 2 or 3 zeroes to that number and maybe I'd start considering it... ;-)
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
Feb 08
Can Komen Ever Regain Our Trust?
The pain of her treatment is that felt by at least 1 in 8 women during their lifetime. Her scars on her chest are like those of my wife and so many other women for whom the "cure" involved radical changes to their bodies.
Her sense of betrayal is that of so many women.
It's not that the Susan G. Komen For The Cure organization can't choose who it wants to fund based on ideological/political reasons. It can. That is a perfectly valid way to run an organization and to choose who to fund.
But that's not what people signed up for.
It's not what they donated money for.
It's not what they ran or walked races for.
They donated/ran/walked/volunteered... FOR THE CURE.
There was never an asterisk on the "cure".
It was never "for the cure as long as said cure meets our ideological/political guidelines".
It was for the cure. Period. Full stop.
Perhaps it was naive to believe that no politics were involved, but people believed in the story of the Susan G. Komen For The Cure organization. They completely empathized with Nancy Brinker founding the organization based on a promise to her sister who died of breast cancer. They believed in the story. They supported the organization with their time, money and energy. They made the Komen organization the amazingly powerful force that that is today.
It was for the cure. Period. Full stop.
But then Komen completely mishandled communicating the Planned Parenthood issue and made it far worse with a disastrous interview with Andrea Mitchell that raised many more questions than it answered.
Sure, the Komen Board eventually reversed its position, which was pretty much guaranteed to satisfy almost no one. And certainly many people may be pleased at the departure of Komen VP Karen Handel.
But Komen has a far larger problem.
The proverbial curtain has been pulled back and Komen supporters are learning more about the organization that they have supported.
They are learning of the political activities of the organization's leaders. They are learning about other instances, such as the ending of funding to organizations that supported embryonic stem cell research, even though no Komen funding apparently went directly to such research and the Komen organization had in fact trumpeted the potential of such research back in 2006. A statement about this topic on November 30, 2011, was apparently posted to the Komen website but subsequently removed.
Regardless of how you may personally feel about embryonic stem cell research and whether you think it is should be pursued or whether you think it should be outlawed, this is another example of the politicization of Komen's grant-making.
It was for the cure. Period. Full stop. Never with an asterisk.
And more questions are being raised about Komen's methods, their choices, their staffing... and, well, pretty much everything about the organization.
And while there can be no doubt that the Komen organization has done a tremendous amount of work for breast cancer education and research (just look at the last few pages of their 2010 Form 990 to see all the many grants they've given), the question many of us (including my wife and I, who have been definite Komen supporters during my wife's ongoing fight with breast cancer) are now asking is:
Are they the right organization to whom to donate?Can we trust Komen's leaders to truly put the "cure" above their personal politics?
Are there better organizations where we should focus our time, dollars and energy? Can our dollars be more effective going to organizations directly involved with research?
How do we find a cure for breast cancer? Or at least better tools than the sledgehammers we have today?
Komen's now lost the trust of the Linda's of the world who believed so strongly in the mission and purpose of the organization. Can they regain that trust? Maybe. Maybe not.
It was for the cure. Period. Full stop. Never with an asterisk.
Feb 07
IP Best Current Operational Practices (IPBCOP) Project Launches New Website
Are you looking for “best practices” within the operations community? If so, our friends over at the IP Best Current Operational Practices (IPBCOP) effort have just launched a new website to help make their information more accessible and available. The IPBCOP project, led by Aaron Hughes and Richard Donaldson, emerged out of a series of operator meetings such as NANOG where it became clear that a need existed to collect operational best practices within the operator community and capture those in a series of documents and templates that others can use.
The project has been working via a mailing list for the past while and currently has three drafts under active consideration:
More drafts are in development and a BCOP template is available for those interested in submitting their own best practices document for consideration. The IPBCOP project is very much a community effort and all communication really happens through their mailing list, which is open for anyone interested to join. You can also connect with IPBCOP on Twitter, Facebook and Google+.
We think this is a great effort that will only help the operations community move forward with technologies like IPv6 and we encourage you all to check it out and if possible get involved!
Feb 07
Free Light Reading Webinar Feb 8th: Making the IPv6 Transition For Cable
If you have 90 minutes to spare tomorrow, Wednesday, February 8, 2012, the folks over at Light Reading are offering a free (see below) webinar at 1:00 pm US Eastern on the topic of “Making the IPv6 Transition For Cable“. It is sponsored by Arris, Cisco, Juniper Networks and Motorola, and more importantly has an expert panel of people from the cable industry:
- John Brzozowski, Distinguished Engineer & Chief Architect for IPv6, Comcast
- Jeff Finkelstein, Senior Director, Network Architecture, Cox Communications
- Lee Howard, Director of Network Technology, Time Warner Cable
Given that we know these folks ourselves, we expect their contributions to the webinar to provide solid information and case studies for other cable operators and service providers. The webinar will also apparently include presenters from the various sponsors who will probably provide their perspective on how their various products and services can help with the IPv6 transition.
Due note that this webinar is “free” in the sense that there is no direct financial cost. As is typical of these type of sponsored webinars, you do, of course, need to provide information about yourself that will then be provided to the sponsors for their marketing efforts.
Regardless of that fact, I expect that there will be some quite useful IPv6 information available during the session and I’ll be personally joining in for at least the first hour of the session. I expect, although don’t know for certain, that there will be a recording available for later viewing (subject, again, to providing all your contact information).
It’s great to see these kind of sessions out there as we get closer and closer to World IPv6 Launch on June 6th!
The folks at Light Reading also produced a brief video providing a preview of some of the topics and people involved with tomorrow’s webinar:
P.S. Hat tip to Stephen Liu over on Cisco’s blog where we saw mention of this webinar.