October 2013 archive

Friday Fun: An IPv6 Pumpkin At Tomorrow’s Keene (NH) Pumpkin Festival

Tomorrow, somewhere among the 30,000+ pumpkins displayed at the Keene Pumpkin Festival 2013, will be this pumpkin stating proudly “IPv6″. Probably most people won’t have a clue… but it will be a fun little thing for the geeks and technology folks out there.  Living here in Keene, New Hampshire, as I do, you wind up carving a lot of pumpkins because the pumpkin festival is really our largest annual community event.  After a while, you get tired of carving just simple faces, so it’s always fun to do something different.  If you look at some of the photos (more links to photos here), 30,000-ish pumpkins is a huge amount of pumpkins… and somewhere in there will be one saying IPv6! :-)
Pumpkin carved with IPv6

What about you?  Are you going to carve any “IPv6 pumpkins” this year?  I thought about carving “::1″, but I thought even fewer people would know what that was! ;-)

DNS Servers Supporting DNSSEC

When you install a DNS “server” on your network, it generally acts as either: 1) an “authoritative server” serving out DNS records on behalf of a zone; or 2) a “recursive nameserver” (also called a “caching nameserver“, a “caching recursive nameserver” or simply a “resolver“) that performs DNS queries.

The following DNS software is known to support DNSSEC.  If you have additions, please contact us.

[EDITORIAL NOTE: This page is still a work in progress.  Individual pages are being created for each of the servers listed that will link to the server website but also to specific pages and tutorials about using that server with DNSSEC. The goal is to have this completed by the end of October 2013.]

Authoritative DNS servers

The following DNS servers can serve out DNSSEC-signed zones and typically also include mechanisms for directly performing DNSSEC-signing within the software (listed alphabetically):

  • BIND
  • Knot DNS
  • Microsoft Windows Server 2012
  • NSD
  • PowerDNS

Recursive DNS servers (a.k.a. “resolvers”)

The following DNS servers can perform validation of DNSSEC signatures when performing DNS queries (listed alphabetically):

  • BIND
  • Microsoft Windows Server 2012
  • Unbound

If you know of additional software we should list here, please contact us.

Video/Slides: Status of Best Current Operational Practices (BCOP) at RIPE67

At the RIPE67 event last week, our Jan Zorz joined Benno Overreinder on stage to give an overview of the ongoing efforts to expand sharing of “best current operational practices” (BCOPs) between network operators around the world. Jan’s slides are available and the video of the talk can be viewed on the RIPE 67 site:

RIPE 67 BCOP Presentation

To learn more about this initiative, please visit our BCOP page.

Video/Slides: Case Study – IPv6 and Home Automation (RIPE67)

How well can a home be automated using IPv6? This week at RIPE67, Nathalie Trenaman spoke about how she and her boyfriend have been in the process of wiring up their home to work over IPv6. We previously mentioned the IPv6 home automation blog she’s been maintaining, but in this presentation she went into a great amount of detail and provided a good set of slides outlining the steps they’ve gone through and what has or hasn’t worked. You can watch the video on the RIPE67 site:

RIPE 67 - Nathalie Trenaman

Natalie concludes offering these “lessons learned”:

  • IPv6 in your house is not cheap
  • There is a lot of manual labour involved
  • Thank Goodness for Open Source!
  • Vendors of commercial “home” products are not even aware of IPv6
  • Not everything with IPv4 can be done with IPv6

It’s a good set of information and it is through efforts like this that we’ll start to see consumer electronics vendors paying attention.

Have you tried automating your home over IPv6? What has your experience been? What systems have you found that work over IPv6?

TDYR #041 – Waking Up At 4am To A GaggleAMP From FIR

I awoke this morning to a bunch of Tweetdeck notification sounds telling me someone was mentioning @danyork on Twitter. Was this a bad thing? No, it turned out to be the latest "GaggleAMP" messages related to the For Immediate Release (FIR) podcast - in this case promoting my report in the latest episode. Here's the link to the FIR interview I mention in this episode about the GaggleAMP service: http://forimmediaterelease.biz/index.php?/weblog/comments/fir_interview_update_on_firs_gaggleamp_with_founder_and_president_glenn_gau FIR can be found at http://forimmediaterelease.biz/

Introducing The DNSSEC History Project – Can You Help Complete The Story?

dnssec-history-projectCan you please help us fill in the blanks and complete the story of how DNSSEC came about?  Back in 2010 after the root of DNS was signed with DNSSEC, Steve Crocker sent out an email suggesting that the community should document the history of how DNSSEC came to be. As documented on the “About The DNSSEC History Project” page, Steve said in part:

It’s taken twenty years to reach this point, starting with Steve Bellovin’s demonstration of cache poisoning and the early proposals for adding cryptographic signatures to DNS.  A very large number of people, working in a large number of places, have contributed.  There were false starts, technical challenges, controversies and long hard marches.  The large bulk of this work is not very well documented, and there is no place to go to find anything approximating the full story.

To help, the Internet Society offered a wiki site to collect information and in 2010 a good amount of text was added. You can see the current version at:


In the years since 2010 a bit more text was added and some editing occurred, but quite honestly a great amount of the story is still left untold. A couple of us would now like to go in and capture some of this history before it gets lost. But to do so…


Some of us, such as myself, weren’t involved in the early days of DNSSEC and so we’re left to try to document the story based on what information we can find out there.  If you were involved, we’d love to have to you add in some text.  You can see the main page of the project where the information is being gathered.  We also split out the timeline into its own separate page:


Both of those pages need updates – and the main page needs, in my opinion, to be broken out into some more pages.

If you weren’t involved, but are interested in helping with the project, even just with the editing, we’d also love the assistance. The existing text could use some good editing, and this will continue to be a challenge as we add in more text from multiple people.  There are also any number of documents and events referenced in the main text for which links need to be found and inserted.  I’d also like to see the text cleaned up a bit to be more consistent across sections.

IF YOU WOULD LIKE TO HELP, please send an email message to dnssechistory@isoc.org and we can get you set up with an account for editing the wiki pages. (We’d also ask you to please read the “About” page, too, to understand the project goals.)

The end goal is to chronicle the story of how DNSSEC came to be, in part so that the larger community can remember how it all came together, but also so that developers of future protocols can perhaps gain some insight into how best to develop their protocol from the story of DNSSEC.

Please do join with us and help complete the story!  (Thank you!)

Video: Geoff Huston at RIPE67 – Great Charts On The Global State of IPv6 Deployment

Geoff Huston at RIPE 67Today at RIPE67 in Athens, APNIC’s Geoff Huston gave a great presentation on “Global State of IPv6 Deployment Since IPv6 Launch Day“.  As we’ve mentioned before (related to DNSSEC), Geoff’s team at APNIC is using an innovative system of Flash-based ads running via web ad networks to do all sorts of Internet measurements.  In this RIPE67 presentation, he looks at what they’ve seen with regard to IPv6 deployment all around the world.  His IPv6 measurements are different from those of Google and so it is useful to see results out of another measurement system.

While looking at where IPv6 is being deployed,  he looked at who is deploying IPv6 and pointed to networks like Verizon’s wireless LTE network in the US that now are running over 40% IPv6! Geoff then looked at the performance of IPv6 networks and was pleasantly surprised at what he found.   His conclusion is that IPv6 deployment is definitely happening and the excuses operators give for waiting are going away.

The video of Geoff’s talk is available from RIPE’s website.  Geoff’s slides, full of all sorts of interesting IPv6 charts, are also available.  His talk is about 20 minutes followed by a few minutes of questions.  It’s well worth the time!

What are you waiting for to get IPv6 deployed?  How can we help you?  (Check out our list of IPv6 resources as a place to start.)

Photos: ION Krakow 2013 – See What Happened There!

Missed ION Krakow but curious to see what went on?  We’ve uploaded a set of photos from Krakow to our Flickr account that give a view into what went on that day. Take a look and see what happened… (click/tap the image to go to the full set)

ION Krakow on Flickr

The slides used that day are available from the ION Krakow agenda page and we’ll have audio and video recordings available soon.

And if the photos make you interested in attending one of our ION events, do check out our ION Toronto event coming up on November 11, 2013 – it should be another outstanding event filled with IPv6, DNSSEC and routing resiliency/security info!

P.S. A special thanks to our new director, Chris Grundemann, for taking this set of photos while I was operating our livestream.

Video: IETF Chair Jari Arkko on “Pervasive Monitoring and the Internet” (Featured Blog)

Today at the RIPE 67 event in Athens, Greece, IETF Chair Jari Arkko gave a presentation on "Pervasive Monitoring and the Internet" where he spoke about the ongoing surveillance issues and: What do we know? What are the implications? What can we do? Similar to his earlier article on the topic, Jari looked at the overall issues and spoke about how Internet technology should better support security and privacy. More...

Video: IETF Chair Jari Arkko on “Pervasive Monitoring and the Internet” (Featured Blog)