October 31, 2013 archive

7 Of The Many Sessions About IPv6 Next Week At IETF 88

IETF LogoThe great news for IPv6 advocates about IETF 88 in Vancouver next week is that IPv6 is everywhere! All throughout the IETF 88 agenda you can find IPv6 in various different groups.  IPv6 is definitely “the new normal” and that shows!

Our colleague Phil Roberts posted today “Rough Guide to IETF 88: All About IPv6” where  he highlights the major working groups that are tackling IPv6 topics.  There is a great amount of activity going on and Phil’s post gives a good sense of the range of work.  You can expect to find our Deploy360 team in pretty much all of these working groups monitoring what’s going on and contributing where appropriate.

To Phil’s excellent list of Working Group sessions related to IPv6 I’d add only one more that is important from a deployment/operationalization point of view.  The OPSEC Working Group has two drafts on its agenda that are both focused on IPv6 security.  With that, here is a list of some of the major groups doing IPv6 work next week… as I mentioned, you wind up finding IPv6 across all the many different groups, but here are some of the major ones.

NOTE: If you are not going to be in Vancouver next week, there are multiple ways that you can participate remotely in these working groups, including audio streams and Jabber chat rooms.

Bruce Schneier to Speak About Internet Surveillance at IETF 88 Technical Plenary Next Week (Featured Blog)

How do we harden the Internet against the kinds of pervasive monitoring and surveillance that has been in recent news? While full solutions may require political and legal actions, are there technical improvements that can be made to underlying Internet infrastructure? As discussed by IETF Chair Jari Arkko in a recent post on the IETF blog, "Plenary on Internet Hardening", the Technical Plenary at next weeks IETF 88 meeting in Vancouver, BC, Canada, will focus on this incredibly critical issue. More...

Bruce Schneier To Speak About Internet Surveillance At IETF 88 Technical Plenary Next Week (Featured Blog)


TDYR #045 – Hardening The Internet Against Surveillance – IETF 88 Technical Plenary Next Week

What can be done to harden the Internet against large-scale surveillance and pervasive monitoring? That will be the topic of the Technical Plenary next Wednesday, Nov 6, at the IETF 88 meeting in Vancouver. In this episode I talk about the upcoming event and why this is so important. Some relevant links: http://www.circleid.com/posts/20131031_bruce_schneier_to_speak_about_internet_surveillance_at_ietf_88/ http://www.ietf.org/blog/2013/10/plenary-on-internet-hardening/ http://www.ietf.org/live/ https://www.ietf.org/mailman/listinfo/perpass

Video Interview: Why Use Knot DNS For DNS And DNSSEC?

Knot DNSWhat is the “Knot DNS” server all about and why would you want to use it versus one of the other DNS servers supporting DNSSEC?  At the recent ENOG 6 event in Kiev, Ukraine, I had a chance to speak with Jaromir Talir from CZ.NIC Labs and the resulting video interview can be found below. If you are interested in checking out the software, you can visit:


The software is available pre-packaged for several versions of Linux as well as in source-code form.

Here is my interview with Jaromir (and I apologize to Jaromir for repeatedly calling his organization by its domain “nic.cz” instead of by the organization’s name of “cz.nic”):

Prior to this interview, Jaromir had spoken on stage at ENOG 6 in more detail about Knot DNS. His ENOG 6 slides about Knot DNS are online and a video recording of his presentation is available:

It’s great to see a new entrant into the field of DNS name servers.  While the existing servers are very rock solid, it’s always great to see new people coming in with new ideas and new tools.  As Jaromir says in the interview, having diversity among your servers can be a good practice.  I’d encourage you to go check out Knot DNS and let Jaromir and the CZ.NIC team know what you think of it!

Knot DNS

Knot DNSKnot DNS is an authoritative DNS name server that can be used to serve out zone records and includes support for DNSSEC and DANE.  One of the key design goals is to provide simple DNSSEC support for dynamic DNS.  Knot DNS is developed by the team at CZ.NIC and can be found at:


It is available pre-packaged for several versions of Linux and also as source code as a release or directly from a git repository.

Knot DNS is highly scalable and used by CZ.NIC for the operation of the .CZ TLD. It was developed with the target audience of network operators and DNS operators in mind but can be used by anyone needing to serve out DNS records.

For an overview of Knot DNS, you can view this short video interview with Jaromir Talir of CZ.NIC:

Prior to this interview, Jaromir had spoken on stage at ENOG 6 in Kiev, Ukrain, in more detail about Knot DNS. His ENOG 6 slides about Knot DNS are online and a video recording of his presentation is available: