Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Feb 01
TDYR #087 – How Far Are We Willing To Go To Help Those In Need?
TDYR #087 - How Far Are We Willing To Go To Help Those In Need? by Dan York
Feb 01
Weekend Project: Install The DNSSEC/TLSA Validator for Chrome, Firefox, more
How do you know if a website has a domain signed by DNSSEC? Here’s another quick weekend project, very similar to last weekend’s project , where you can add support to your web browsers to know the DNSSEC status of sites you are visiting. Even better, as people start to use the DANE protocol to secure TLS/SSL certificates, you’ll be able to know when DANE is being use.
The great team at CZ.NIC Labs has released a new version 2.1 of their plugin for Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Opera. You can get it at:
https://www.dnssec-validator.cz/
A key difference in this version from previous versions is that it now has support for the TLSA record in DNS that is used by the DANE protocol to add an extra layer of trust to the usage of TLS/SSL certificates.
Once you have the DNSSEC/TLSA validator installed in your browser, you should be able to go to links on these pages to test out your new capabilities:
When you visit the sites, you should see additional icons in your browser’s address bar that will give you information such as this:
The addition of TLSA record support is a great new feature! While TLSA record usage is still quite small among web sites today, having this ability to see the TLSA usage will definitely help the people out there who are pioneering the usage.
Kudos to the CZ.NIC team for making this available!
P.S. Do note that in order for this to work in your web browser needs to have access to a DNSSEC-validating DNS resolver. [UPDATE: As noted in the comments to this post, the add-on no longer requires access to a DNSSEC-validating DNS resolver. The required capabilities were built into the code instead. Having said that, it's still also great to make sure your local DNS resolver does do DNSSEC validation for all the other apps you have.] The add-on can use DNSSEC-validating DNS resolvers from CZ.NIC or Google, buy why not make your network that much more secure and install your own DNSSEC-validating resolvers? Check out our recent weekend project to learn more about how to configure DNSSEC validation on your local DNS resolver.
Jan 31
TDYR #086 – A Special Thank You To Lynn St. Amour
This episode is just a special thank you to Lynn St. Amour, outgoing CEO of the Internet Society, thanking her for all the amazing work she's done in her 15 years at the Internet Society. More info at: http://www.internetsociety.org/news/thank-you-lynn-st-amour
Jan 31
First “Middle East DNS Forum” Happening Feb 3-4 in Dubai – Live Video Stream Available (Featured Blog)
The first "Middle East DNS Forum" kicks off on this coming Monday, February 3, 2014, in Dubai. The event is hosted by the Telecommunication Regulatory Authority (TRA) of the UAE and was organized jointly by ICANN and the Internet Society. The event aims to bring together people from across the region to look at opportunities to advance the domain name industry within the region. More...
Jan 31
Video – ENOG6: DNSSEC and DANE Deployment Trends, Tools And Challenges
What are DNSSEC and DANE all about? What advantages do they have? What tools are out there to help? Back in October I spoke at the ENOG 6 event in Kiev, Ukraine, about DNSSEC deployment trends and also the opportunities with the DANE protocol to build an additional secure layer of trust in TLS/SSL certificates. The video is available for viewing and the slides are also available online:
It was a great session and I had a good number of questions from people in the room. Now.. the question is… how can we help YOU deploy DNSSEC?
Jan 30
TDYR #085 – What Keeps Network Operators Away From The Internet Standards Process?
What are the barriers preventing more network operators from being engaged in the open Internet standards process of the Internet Engineering Task Force (IETF)? In this episode I raise that question and ask anyone operating a network or providing network services to please take a couple of minutes to fill out a quick survey. More info at:
http://www.circleid.com/posts/20140130_how_do_we_get_more_network_operator_feedback_into_ietf_standards/
http://www.internetsociety.org/deploy360/blog/2014/01/new-project-operators-and-the-ietf/
Jan 30
Time To Get IPv6! ARIN Starts Allocation From Its LAST Major Block Of IPv4 Addresses
Soooo… if you are in North America and have NOT started planning for a migration of your network to IPv6, now would be a REALLY good time to start doing so! The news comes today from the American Registry for Internet Numbers (ARIN) that they have now started allocating IPv4 addresses from their last contiguous block of IPv4 addresses.
Now, this doesn’t mean that ARIN is out of IPv4 addresses… but it’s getting really close! Per ARIN’s IPv4 Countdown Plan page, they only have 1.42 /8s left. Basically, they have 104.x.x.x to allocate out to Internet service providers (ISPs) and then a number of other smaller ranges and then…
Boom. That’s it!
There will be no more *new* IPv4 addresses available in the US, Canada and many Caribbean and North Atlantic islands.
Existing IPv4 addresses will continue to work just fine, of course, but any new networks or devices seeking to be connected to the public Internet are going to have to re-use existing IPv4 addresses via ugly NAT arrangements – or go IPv6. So… mobile operators looking to expand and add on more devices. All the companies looking to bring a zillion more appliances and devices onto the Internet via the “Internet of Things”. Any expansions into new geographic areas.
We’ve been saying for years that we’d be running out IPv4 addresses… but now it’s actually happening in North America! (and also in the European and Asia Pacific regions)
It’s time to get going with IPv6! What are you waiting for? And how can we help you?
Jan 30
How Do We Get More Network Operator Feedback Into IETF Standards? Please Take This Survey (Featured Blog)
How do we get more feedback from the operators of networks back into the standards process of the Internet Engineering Task Force (IETF)? How do we help know whether the open standards being developed within the IETF reflect the operational realities of the networks into which those standards will be deployed? If we could get more network operators participating in the IETF standards process, would that result in better standards that are deployed faster? More...
Jan 30
Road Trip To Montreal? Awesome Women’s Curling In Scotties Tournament of Hearts Feb 1-9
Wow! I had no idea that the amazing “Scotties Tournament of Hearts” was happening this year so close to us up in Montreal, Quebec!
From Saturday, February 1, 2014, through Sunday, February 9, you’ll have the opportunity to watch some of the best women’s curling teams out there competing in this annual Canadian curling championship. Given the Canadian love of curling, the competition is fierce and so the teams that make it into the “Scotties” play at an unbelievable level of the sport. They typically make shots that I could only dream of someday making!
Alas, I don’t think that I’ll be able to make it up to Montreal this year, but if you can it would be an amazing experience to see these curling teams in action! No news on their site or their Facebook page about a live video stream but perhaps we’ll see more about that closer to the time of the event.
