March 2013 archive

Mar 19

Google Public DNS – DNSSEC Validation

Google logoGoogle provides DNSSEC validation through the use of their “Google Public DNS” servers.  If your local DNS resolvers do not perform DNSSEC validation, you can change your operating system to point to the following DNS servers operated by Google for either (or both) IPv4 and IPv6:

8.8.8.8
8.8.4.4

2001:4860:4860::8888
2001:4860:4860::8844

Once configured, all future DNS queries will be resolved using these DNS servers and DNSSEC validation (if requested) will be performed by Google’s servers.  You will then benefit from the added protection of DNSSEC validation.

Typically this configuration is changed wherever you modify your network settings.  In Windows, this is usually in your “Control Panel” while in Mac OS X this will be in the Network part of your “System Preferences”.  For Linux and other operating systems the exact procedure will vary.

Note that there is one important caveat here - you have to request DNSSEC validation when you send the DNS query to Google’s Public DNS servers, i.e. they will only validate the DNS query if you request it.  To do that you need an application that supports DNSSEC.  For web browsers, there are add-ons and extensions for both Google Chrome and Mozilla Firefox:

If you are an application developer, there are DNS developer libraries that support DNSSEC available in a wide range of programming languages so that you can add DNSSEC support to your application.

You can test DNSSEC validation by attempting to visit one of the deliberately misconfigured sites listed on our DNSSEC Tools page.

Google provides the following information about using their Public DNS service:

The addition of DNSSEC was announced in March 2013 and noted that Google Public DNS is currently “serving more than 130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day.”

Note: To get the most value out of DNSSEC, you need to use a DNSSEC-validating resolver, and also sign your domains. If you have domains registered, learn about how your can sign your domains with DNSSEC using domain name registrars.

Mar 19

Huge News For Internet Security – Google Public DNS Is Now Performing DNSSEC Validation!

Google logoIn a huge step forward for Internet security today, Google announced that Google’s “Public DNS” service is now performing DNSSEC validation. What this means is that anyone using Google’s DNS servers (and anyone can do so – see below) can now get the increased security that comes with DNSSEC.  (Learn more about the value of DNSSEC on our DNSSEC Basics page.)

It also means that if you want the added security of DNSSEC, but your Internet Service Provider and local operating system don’t validate with DNSSEC,  you can simply change your operating system to point to the following DNS servers operated by Google for either (or both) IPv4 and IPv6:

8.8.8.8
8.8.4.4

2001:4860:4860::8888
2001:4860:4860::8844

Once configured, all future DNS queries will be resolved using these DNS servers and DNSSEC validation will be performed by Google’s servers.  You will then benefit from the added protection of DNSSEC validation.  (Our resource page about Google Public DNS offers a few more pointers about configuration.)

Note that there is one important caveat here - you have to request DNSSEC validation when you send the DNS query to Google’s Public DNS servers, i.e. they will only validate the DNS query if you request it.  To do that you need an application that supports DNSSEC.  For web browsers, there are add-ons and extensions for both Google Chrome and Mozilla Firefox:

If you are an application developer, there are DNS developer libraries that support DNSSEC available in a wide range of programming languages so that you can add DNSSEC support to your application.

In the announcement, Google’s Yunhong Gu noted that Google Public DNS is currently “serving more than 130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day.”  As the article further notes:

“Effective deployment of DNSSEC requires action from both DNS resolvers and authoritative name servers. Resolvers, especially those of ISPs and other public resolvers, need to start validating DNS responses. Meanwhile, domain owners have to sign their domains. Today, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. We encourage all involved parties to push DNSSEC deployment and further protect Internet users from DNS-based network intrusions.”

To that end, if you have domains registered, we strongly encourage you to learn about how your can sign your domains with DNSSEC using domain name registrars.  You can learn more about which top-level domains support DNSSEC on our DNSSEC Statistics page.

Google provides the following information about using their Public DNS service:

This move by Google to provide this DNSSEC validation is a great addition to the support for DNSSEC validation offered by large US ISPs such as Comcast (making DNSSEC validation available to their 18 million customers) as well as ISPs in a wide range of countries including Sweden, the Czech Republic and Brazil.

We look forward to seeing more public DNS providers and more ISPs turn on DNSSEC validation in their networks.  If you want to know more about what is involved with enabling DNSSEC validation on your network, including home and enterprise networks, this SURFnet white paper provides easy instructions for common DNS servers.

And in the meantime, if you don’t want to wait for your ISP and want to start getting the value in DNSSEC validation today, you now have the option of using Google’s public DNS servers!

 

Mar 18

FIR #695 – 3/18/13 – For Immediate Release

Steve Rubel interview forthcoming; Civility book review is up, discounts to FIR listeners for March conference; Quick News: the technologies that matter from SxSW according to Altimeter Group, study reveals growing comfort with smartphones worldwide, build a personal language phrasebook with Google Translate, Facebook likes can reveal personality traits; Ragan promo; News That Fits: a critical look at real-time marketing, Dan York's report, the demise of Google Reader and FeedDemon, Media Monitoring Minute from CustomScoop, listener comments, social-digital design news, Michael Netzley's Asia report, at least 10 mobile apps that help you maximuize conference attendance; music from Akaisky; and more.

Mar 15

Deploy360@IETF86: Day 5 – MIF, LISP, IPv6 Maintenance… and we’re done!

IETF LogoAnd so we reach Friday… the final day of the 86th meeting of the Internet Engineering Task Force (IETF)  where it’s a short day that ends early and for us within the Deploy360 Programme only hits two of our topics:  IPv6 and Routing Resiliency/Security.

General information about participating remotely can be found on the Remote Participation page as well as the IETF86 agenda – specific info for the groups we are following is included below.

Here’s the preview of how we’re finishing this very busy week…

0900-1100 Friday, March 15

Multiple Interfaces (MIF) – Caribbean 1
Computers and devices today have the ability to connect to multiple networks simultaneously. Think about a laptop that can connect over WiFi or Ethernet – or a smartphone that can connect over WiFi or the cellular data network.  In those cases which network interface should the device use?  The MIF working group is working to document the existing practices and outline the issues involved in a world where multiple network availability is routine.

Location/ID Separation Protocol (LISP) – Caribbean 6
The LISP working group is defining a series of experimental RFCs around a new routing protocol designed to improve the scalability of the Internet’s routing infrastructure.

1120-1220 and 1230-1330  Friday, March 15

IPv6 Maintenance (6man) – Caribbean 4

The 6man working group “is responsible for the maintenance, upkeep, and advancement of the IPv6 protocol specifications and addressing architecture.” (quoting the charter)  This is where most of the work is happening to refine the IPv6 protocol itself, and today’s session should be quite a busy one.

With those sessions, we’ll be closing out our work at IETF 86 this week.  Some of us will then be moving into a meeting of the Internet Society Advisory Council happening on Friday afternoon before we head to the Orlando airport for our flights home.

It’s been a great week and we’ve made some significant progress on a number of fronts!

On a final note, this is the first time we’ve posted these daily previews – were they helpful?  We’d love to hear your comments – either in response to this post, on social networks or via our email or feedback form. (Thanks!)

P.S. For a broader view of the Internet Society’s interest in IETF 86 beyond that of just the topics we cover here at Deploy360, please see our “Rough Guide to IETF 86′s Hot Topics“.

NEW!Listen to this post (and please follow Deploy360 on SoundCloud if you use that service):

Mar 14

Deploy360@IETF86: Day 4 – IPv6, DNSSEC and Routing, Oh, My!

IETF LogoDay 4 of the 86th meeting of the Internet Engineering Task Force (IETF)  hits all of our Deploy360 topics – IPv6, DNSSEC and Routing Resiliency/Security.

General information about participating remotely can be found on the Remote Participation page as well as the IETF86 agenda – specific info for the groups we are following is included below.

0900-1130 Thursday, March 14

Homenet – Caribbean 3
This working group focuses on the evolving networking technology within and among relatively small “residential home” networks.

Interface to the Routing System (I2RS) – Caribbean 5
This is a new working group meeting for the first time that is seeking to define a publicly documented interface into the Internet’s routing system for applications to use. The best way to understand this new group would be to read draft-atlas-i2rs-problem-statement.

1300-1500 Thursday, March 14

Port Control Protocol (PCP) – Caribbean 6

The PCP working group is back again looking at how to enable communication from applications across middleboxes such as Network Address Translation (NAT) devices and firewalls for both IPv4 and IPv6.

Two other groups also may be of interest during this time block:

1510-1710 Thursday, March 14

Dynamic Host Configuration (dhc) – Caribbean 1
The DHC working group looks at DHCP and aspects of dynamically configuring IP addresses, both for IPv4 and IPv6, although the focus these days is on DHCPv6.

Operational Security  (opsec) – Caribbean 3
The OPSEC working group looks at the operational security concerns of IP networks. In this meeting there are 3 drafts focused on the security of IPv6 networks.

1730-1830 Thursday, March 14

Dynamic Host Configuration (dhc) – Caribbean 1
The DHC working group will continue to meet during this timeslot. Information is above.

DNS Operations  (DNSOP) – Caribbean 4
The DNSOP Working Group focuses on operational aspects of the Domain Name System and at this session has multiple drafts relating to DNSSEC.

1900-2100 Bits-N-Bites

This reception / networking time in Grand Sierra D should be an interesting chance to look at new technology from a number of sponsors.

2000-?  Alternative PKI Side Meeting, Boca 4

For those people interested in authentication and the public key infrastructure (PKI) aspects of the Web, there will be an “Alternative PKI Models Side Meeting” in room Boca 4, the IAB office, to talk about the requirements, goals and the design assumptions for a Web PKI.  Given our interest in DNSSEC and DANE, I (Dan) will be in this meeting to participate.

And after all of that… we’ll be trying to figure out how to get some food.  :-)

P.S. For a broader view of the Internet Society’s interest in IETF 86 beyond that of just the topics we cover here at Deploy360, please see our “Rough Guide to IETF 86′s Hot Topics“.

NEW! Listen to this post (and please follow Deploy360 on SoundCloud if you use that service):

Mar 13

Deploy360@IETF86: Day 3 – Lots of IPv6 with a bit of Routing

For us within the Deploy360 Programme, Day 3 of the 86th meeting of the Internet Engineering Task Force (IETF)  is all about IPv6, IPv6 and more IPv6, with a tiny bit of routing thrown in for something different.  Two of the “big” working groups related to IPv6 meet today.  The Sunset4 working group is looking at what happens when you really start shutting down IPv4, and the V6ops working group is back again with more discussion of operational guidance around IPv6.

General information about participating remotely can be found on the Remote Participation page as well as the IETF86 agenda – specific info for the groups we are following is included below.

0900-1130 Wednesday, March 13

Softwire – Caribbean 2
The Softwire discussion continues from Monday with more looking at ways to connect IPv4 networks across IPv6 networks and connecting IPv6 networks across IPv4 networks… both important aspects of encouraging IPv6 deployment.

Inter-Domain Routing (IDR) – Caribbean 5
The IDR working group supports the use of Border Gateway Protocol (BGP) version 4 within IPv4 and IPv6 networks. The group works on maintenance of the BGP protocol as well as new extensions.

1300-1500 Wednesday, March 13

Sunsetting IPv4 (SUNSET4) – Caribbean 2

The Sunset4 working group is looking at issues around the transition from IPv4 to IPv6 and specifically at issues related to the shutting down of IPv4 and working in an IPv6-only environment. One important piece of work right now is related to developing a “gap analysis” between IPv4 and IPv6.

1510-1710 Wednesday, March 13

IPv6 Operations (V6ops) – Caribbean 5
Today v6ops will address several interesting drafts around design choices for IPv6 networks, security, operational guidelines for data centers and suggestions for the use of Unique Local Addresses.

1740-2010 Wednesday, March 13

IETF Operations and Administrative Plenary

While the operations and administrative plenary doesn’t usually directly relate to what we do here at Deploy360, it is a useful session to keep up with what changes are going on within the IETF as an organization and to learn about the current state of the organization.

And after that… we may try to have a team dinner, assuming we still have any energy left!  :-)

P.S. For a broader view of the Internet Society’s interest in IETF 86 beyond that of just the topics we cover here at Deploy360, please see our “Rough Guide to IETF 86′s Hot Topics“.

NEW!Listen to this post (and please follow Deploy360 on SoundCloud if you use that service):

Mar 12

The Long Days of IETF86 – And Why I Love It!

The Long Days of IETF86 - And Why I Love It! by Dan York

Mar 12

Deploy360@IETF86: Day 2 – Routing (SIDR, KARP, GROW) and NAT (PCP, BEHAVE)

IETF LogoFor the Deploy360 team, Day 2 of the 86th meeting of the Internet Engineering Task Force (IETF) yields an IETF86 agenda that primarily focuses for us on routing issue and network address translation. We’ll start the day off looking at routing in embedded networks then return into secure routing between networks.  We’ll then look at authentication in routing followed by protocols and methods of working with NAT and finishing out the day attending a session on global routing operations.

General information about participating remotely can be found on the Remote Participation page – specific info for the groups we are following is included below.

0900-1030 Tuesday, March 12

Routing Over Low power and Lossy networks (ROLL) – Caribbean 3
This working group is looking at what needs to be done for routing packets in embedded networks such as industrial networks, connected home networks and other sensor networks (sometimes called the “Internet of Things”).

I’ll note that the Aggregated Service Discovery BOF happening at the same time also looks like an interesting session and something we’ll probably want to monitor. The proposed AGGSRV charter explains the problem of service discovery that it is trying to solve.

1030-1130 Tuesday, March 12

Secure Interdomain Routing (SIDR) – Caribbean 1
This is the second session at IETF 86 of the primary working group dealing with routing security issues that we are now looking to cover in the future in our Routing Resiliency/Security section of Deploy360. There will be some good discussions here related to BGPSEC and RPKI that should be quite interesting.

1145-1245 Tuesday, March 12

While not directly related to what we do here at Deploy360, we’ll be at the “ISOC@IETF” panel on the topic of:

Internet Society Briefing Panel at IETF 86: “Content is King; How Do we Avoid Playing the Pauper?”

The Internet has stimulated innovation through disruption in any number of areas, not the least of which is redefining what it means to be a “publisher” — of written, audio, video or other content. As everyone — people, for- and not-for-profit businesses alike — becomes a publisher, what are the next steps needed in order to ensure that content is treated as its creator desires. That may mean restricted use, or facilitating widespread use. This is not new — when the first anonFTP indexer was created (Archie), it surprised some authors who thought they were sharing private draft copies of their manuscript on an FTP site. On the flip side, every now and then a photo or a video “goes viral” on the Internet generating interest and awareness beyond the creator’s capacity to track it.

Are there ways that Internet application layer infrastructure standards could be extended to capture the content creator’s intentions of use of digital content, to be as open or as restricted as that creator desires?

Given that we are a publisher of content, this general topic is certainly of great interest to us. Unfortunately, all the seats have been reserved in the session so there is no room left to attend, but you can both listen and watch the session here:

1300-1500 Tuesday, March 12

There are two groups of interest to us in this time period.

Keying and Authentication for Routing Protocols (KARP) – Boca 2

The KARP working group examines how to add communication security to routing protocols in the form of message authentication, packet integrity, and denial of service (DoS) protection.

Port Control Protocol (PCP) – Caribbean 1

The PCP working group looks at how to enable communication from applications across middleboxes such as Network Address Translation (NAT) devices and firewalls. The group is looking at solutions for both IPv4 and IPv6.

1520-1650 Tuesday, March 12

Behavior Engineering for Hindrance Avoidance (BEHAVE) – Caribbean 1

Continuing an afternoon of NAT, the BEHAVE working group looks at NAT issues as they relate to the interconnection of IPv6 and IPv4 networks.

1700-1830 Tuesday, March 12

Global Routing Operations (GROW) – Caribbean 1

The GROW working group looks at the operational aspects of the IPv4 and IPv6 global routing systems

And after all that, we’ll be a bit tired but will be heading out to the one night of IETF that is a social event. Given that it will be at the Harry Potter section of Universal Studios, one can only imagine the photos, eh? :-)

P.S. For a broader view of the Internet Society’s interest in IETF 86 beyond that of just the topics we cover here at Deploy360, please see our “Rough Guide to IETF 86′s Hot Topics“.

NEW!Listen to this post (and please follow Deploy360 on SoundCloud if you use that service):

Mar 11

Watch/Listen Live – FCC CTO Henning Schulzrinne on "The End of Plain Old Telephone System (POTS)" at 5:30pm EDT Tonight at IETF86

Ietf square 1In about 15 minutes, at 5:30pm US Eastern At around 6:00pm US EDT, Henning Schulzrinne, CTO of the US Federal Communications Commission (FCC) will be speaking on "The End of Plain Old Telephone System (POTS): Transitioning the PSTN to IP" at the technical plenary of the 86th IETF meeting happening this week in Orlando, Florida.  You can listen or watch here:

Henning's slides are also available for download.

It should be quite an interesting session!

If you found this post interesting or useful, please consider either:

Mar 11

Deploy360@IETF86: Day 1 – SIDR, Softwires and V6Ops

IETF LogoAs today’s 86th meeting of the Internet Engineering Task Force (IETF) begins, here are the sessions from the IETF86 agenda that we on the Deploy360 team will be attending (all times US Eastern).  General information about participating remotely can be found on the Remote Participation page – specific info for the groups we are following is included below.

0900-1130 Monday, March 11

There are two groups we want to follow so Jan will be probably be in one (Softwires) while I (Dan) am in the other (SIDR):

Softwires – Caribbean 2
This working group is looking at ways to connect IPv4 networks across IPv6 networks and connecting IPv6 networks across IPv4 networks… both important aspects of encouraging IPv6 deployment.

Secure Interdomain Routing (SIDR) – Caribbean 4
This is the primary working group at IETF dealing with routing security issues that we are now looking to cover in the future in our Routing Resiliency/Security section of Deploy360. There will be some good discussions here related to BGPSEC and RPKI that should be quite interesting.

1300-1500 Monday, March 11

This time block is easy as we all will be in the “v6ops” working group dealing with IPv6 operational issues. This is probably the most important working group for the IPv6 work we do here within Deploy360.

IPv6 Operations (V6ops) – Caribbean 3

1540-1710 Monday, March 11

This time block doesn’t have any sessions that are specific to the Deploy360 program, but several are of general interest:

  • History BOF – looking at ways to archive/record history of the Internet.
  • Netconf – a protocol to ease configuration of network devices
  • Oauth – an important protocol for web security
  • Transport Area – discussions of transport-related drafts and items that don’t fit in existing working groups

Links to the audio feeds and jabber rooms for those sessions can be easily found on the tools-style agenda page.

1740-1940 Monday, March 11 – Technical Plenary

The technical plenary doesn’t directly relate to the topics we cover here at Deploy360, but the lead session will be “The End of Plain Old Telephone Service (POTS)” by Henning Schulzrinne, the CTO of the US Federal Communications Committee (FCC) and should be quite interesting.

And that will be the end of a long day!

P.S. For a broader view of the Internet Society’s interest in IETF 86 beyond that of just the topics we cover here at Deploy360, please see our “Rough Guide to IETF 86′s Hot Topics“.

NEW! Listen to this post (and please follow Deploy360 on SoundCloud if you use that service):