April 20, 2012 archive

Want to understand DNSSEC? Watch this excellent 1-hour elearning video.

Want to understand DNSSEC and how it can help secure the Internet?  The folks at SIDN, the registry behind the .NL country code top-level domain (ccTLD), have put together a truly excellent 1-hour video e-learning session available in either English or Dutch at:

http://www.dnsseccourse.nl/

The course touches on the basics of DNS then explains the role of DNSSEC, how it works and the steps that need to be done.  It also has some solid points about things you need to think about and also business impacts of DNSSEC.  Perhaps most usefully, the course includes a number of animations that really illustrate how DNSSEC works, as well as a few examples of what DNS zone files really look like with DNSSEC involved.

The video’s target audience is really for domain name registrars who would enable DNSSEC for their customers (domain name registrants). However, SIDN created the video in such a way that it’s quite a useful introduction to DNSSEC for anyone interested in the topic.

I found the elearning user interface quite nice in that you could skip around between sections, return to past sections, stop/start the sections and skip ahead as well.  The “Notes” tab also includes the text of what was said in each section, which I could see being quite valuable particularly for those for whom English or Dutch is not a native language.  It was also nice to have the video introductions from Bert Hubert interspersed with the slides and animations.

DNSSEC course

My one issue with the user interface was that when a section was done you have to press the “Next” button to move on to the next section.  Given that there are 74 sections, I soon found myself wishing there was an “auto-advance” that would just keep on playing the video.  A minor quibble, perhaps. Otherwise I was quite pleased.

On a technical level, my only issue was that the course oversimplified one aspect of the DNSSEC infrastructure. It states that a copy of the public key for your zone (the DNSKEY record) is stored in the parent zone as the DS record.

In fact, the DS record is a digest of the DNSKEY, as defined in section 5 of RFC 4034 and shown as an example in section 5.4.

I realize that the video couldn’t go into every detail and had to simplify some aspects in order to keep it within the presentation timeframe.  I also realize that the idea is quite similar. However, if someone left this video thinking that the DS record in the parent zone was simply the DNSKEY record from the child zone, they would be extremely surprised when the do a “dig” on the records for a DNSSEC-signed domain and see that they are quite different.

Regardless, I still see this as an outstanding introduction to DNSSEC and commend the folks at SIDN for creating this elearning video.  If you want a quick way to understand DNSSEC, definitely do check it out!

 

Civic.io – Mark Headd’s new site on Civic Hacking and Open Government

My friend Mark Headd passionately wants to open up government - and to do so through code. I've known him for years as the author of the VoiceInGov / Vox Populi blog where he has been writing about mashups and so many other ways to open up access to government information via telephony. Back in November 2010, Mark joined me and the others on the rocket ship known as Voxeo and did outstanding work for the Voxeo Labs and Tropo teams.

But just as my passions altered my career last fall, as of just a short time ago Mark is now the Director of Government Relations at Code for America and, with that, changing a bit about the way he is writing online.

His new site is civic.io, where he will be writing on "civic hacking, civic startups and the future of open government". He's brought over to the site many of his relevant older posts, so he's already got a solid amount of content.

The work he and the others at projects like Code For America are doing is incredibly important to help with keeping our networks open. I'm looking forward to reading more of what Mark is up to in the time ahead - and certainly wish him all the best in this new endeavor.

Oh, and of course you can follow him on Twitter at @civic_io.

Civic io


If you found this post interesting or useful, please consider either:


Facebook To Provide IPv6 Access For Developers On May 18th

Facebook logoAs of May 18, 2012, developers working on Facebook applications will have access over IPv6 to Facebook’s development platform to test their applications out in preparation for World IPv6 Launch.  In a blog post this week, Facebook’s Eric Osgood writes:

With the World IPv6 Launch coming on June 6th 2012, Facebook has committed to enabling IPv6 access for our users on most of our HTTP and HTTPS endpoints. Based on the results of last years IPv6 test on June 8th 2011, we are confident that enabling IPv6 on our platform will be a success. On May 18th, we will be enabling IPv6 on beta.facebook.com ahead of World IPv6 Launch to give our developer community time to discover issues and report bugs back to us.

IPv6 is vital because the Internet’s original addressing system (IPv4) has run out of free space. Since every device on the Internet relies on a unique address to communicate, we must transition to IPv6 which provides over 4 billion times more addresses than IPv4. IPv6 will ensure everyone (users, ISPs, governments, and companies) have direct and open access to the Internet.

We are thrilled to see this news out of Facebook and  look forward to learning of developers ensuring their applications work over IPv6!