January 2014 archive
Jan 12
TDYR #067 – Death, And Where Stories Fail
Jan 12
Video/Slides: Case Study Of TeraStream’s IPv6 Implementation (RIPE67)
How can a large carrier like Deutsche Telekom implement IPv6 to provide a new simplified service delivery network? In a presentation at the RIPE 67 meeting in October 2013, Peter Lothberg from DT outlined how they use IPv6 within the TeraStream network. His slides are available online as well as the video of the presentation:
For some background, you may want to first view either the slides or the video of Peter’s earlier presentation at RIPE67 where he explained what the TeraStream network is all about.
This kind of case study is very cool to see and we’re appreciative of Peter for taking the time to explain what they did. We certainly hope that in 2014 more carriers will look at how they can use IPv6 to provide similar service delivery capabilities!
Jan 11
TDYR #066 – Cherish The Ones You Love
Jan 11
Weekend Project: Enable DNSSEC Validation On Your DNS Resolver
Looking for a weekend project to learn more about a new technology? How about seeing if you can enable DNSSEC on the DNS resolver you use in your home network? (or in your business network?)
This whitepaper from SURFnet about deploying DNSSEC validation on recursive caching name servers provides an excellent guide to get started.
If you operate your own home server/gateway/router and use any of these three recursive name servers, the document provides step-by-step instructions:
- BIND 9.x
- Unbound
- Microsoft Windows Server 2012
Once have DNSSEC validation configured, you should be able to go to our list of DNSSEC test sites to test your installation. Specifically you should NOT be able to get to the sites with bad DNSSEC signatures.
If you do not operate your own home server, or if you just have a wireless “home router” from one of the various manufacturers, you may need to do a bit more digging to see where your DNS resolution is happening.
To start, you may want to download the DNSSEC-check tool from the DNSSEC Tools Project and run that tool on one of the computers on your network. It may be that your ISP is already providing DNSSEC validation and if so you can congratulate yourself and go find another project to work on!
If that doesn’t show that you have DNSSEC validation, you need to figure out where your DNS resolvers are located. The DNSSEC-check tool will give you the IP addresses of the DNS resolvers your computer is configured to use. Alternatively you can go into one of your computers on your home network and look in the network settings where you should be able to find the IP addresses for whatever DNS servers are being given out by DHCP on your local network.
If the IP address of the DNS resolver is in the same address range as your computer’s IP address (i.e. the same subnet), you are most likely using a DNS resolver located on your home router. You’ll need to go into the administrative interface for the home router (assuming you have access to it) and look around to see if there is a setting there for DNS resolution and if so if there is a setting to enable DNSSEC.
If you don’t see a way to enable DNSSEC, your home router vendor doesn’t support DNSSEC yet. If you have the time and patience, it would be great if you could go to the website for that router vendor and see if there is a way to file a feature request or bug ticket. It might be in support forums or in a bug tracker somewhere.
If the IP address of the DNS resolver is in a different address range from your computer’s IP address, odds are that it is probably operated by your Internet service provider (ISP) or is perhaps from a service such as Google’s Public DNS (although if it was from Google, the DNSSEC-check tool would have already shown that DNSSEC validation was working).
Again, if you have the time and patience, it would be great if you would contact your ISP to ask if you can get DNSSEC validation. We hear from both ISPs and vendors that “customers aren’t asking for DNSSEC” - and we need to change that!
Thanks for your help! Working together we’ll make a more secure Internet!
Jan 10
TDYR #065 – On Getting An Abusive Fraud Phone Call, And Needing Secure Caller ID
Jan 10
CES 2014: CEA Announces IPv6 Specification For Consumer Electronics
We were very pleased to read the news earlier this week coming out of the 2014 International CES event that the Consumer Electronics Association (CEA) had selected “IPv6 Implementation Standards” to be one of two standards programs in its “CESpec” program. As stated in the CEA’s news release:
The CESpec program aims to draw worldwide attention to important, new industry standards at CES. Standards selected for the 2014 CESpec program are expected to be completed by the 2015 International CES.
We are delighted to see this focus on IPv6 within the CEA and look forward to learning more about their plans over the next year. As long-time readers may recall, we attended the 2012 International CES event and met with multiple vendors to talk about IPv6. We also know of some of the folks involved with the CEA IPv6 Working Group and would encourage any other CEA members to become more involved with that group. As the announcement notes:
Fifteen organizations joined CEA in 2011 to form the IPv6 Working Group. The group coordinates CE manufacturers, service providers and retailers activities as the Internet transitions from IPv4 addressing to IPv6 ensuring Internet-enabled devices continue to operate without interruption. It is expected to result in a standard that defines necessary feature sets for several levels of IPv6 support, creating profiles for Basic, Basic-plus and Advanced IPv6-capable devices.
The simplest networking devices such as network printers, alarms and home automation systems are Basic devices that will support a limited set of IPv6 features. More Internet capability is appropriate for the Basic-plus profile group: optical disc players, game consoles, smart TVs and media servers. Advanced devices are those that need the most Internet capability and include PCs, tablets and smartphones.
And we very much agree with both of these quotes from the working group co-chairs, Hans Liu, director of software architecture at D-Link Systems Inc. and Dan Torbet, director of system engineering at ARRIS:
“IPv6 is the next generation of Internet protocol, and it’s being rolled out throughout the Web,” said Liu. “Our goal is to help speed this transition by providing guidance to consumer equipment manufacturers to ensure their products make maximum use of IPv6.”
“The more IPv6 capability is implemented in consumer products, the more efficiently Internet service can be delivered to consumers,” said Torbet. “We’re very happy to have this project featured as a CESpec and we look forward to demonstrating our work next year.”
We, too, are looking forward to their demonstrations of IPv6 work next year at the 2015 International CES!
Jan 09
Deadline TOMORROW to Apply to Represent the “Technical Community” at the Brazil Meeting and in 1Net (Featured Blog)
Jan 09
TDYR #064 – Why I Do What I Do
Jan 08