Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Nov 04

FIR #728 – 11/4/13 – For Immediate Release

is up; Scoble-Israel Speakers and Speeches is up, listener survey results coming; Quick News: Callburner and Vodburner work fine, photo and video sharing grow online, Virgin America's new in-flight safety video, PRSA publishes 2014-2016 strategic plan; Ragan promo; News That Fits: contradictory Facebook reports from Adobe and Forrester, Michael Netzley's Asia Report, Twitter's missing retraction feature, Media Monitoring Minute from CustomScoop, listener comments, disconnect between B2B customers and marketers, Dan York's report, the rise of the Corporate Affairs director; Neville recording solo next week; how to comment; music from Michael Franti and Spearhead; and more.

Nov 01

4 Sessions About DNSSEC, DNS And DANE At IETF 88 Next Week

IETF LogoNext week IETF 88 in Vancouver will be a bit quieter on the DNSSEC and DANE front.  As I wrote in a post today on our “Internet Technology Matters (ITM)” blog, “Rough Guide to IETF 88: DNSSEC, DANE and DNS“, the only major working group related to DNSSEC that will be meeting will be the DNSOP WG on Tuesday, November 5th.  However, in that meeting there will be the very big topic of how we automate the transfer of updated DS / DNSKEY records from a child zone up to a parent zone within DNS.  There are  a couple of different proposals that will be discussed, including:

It should be an excellent discussion.  As I wrote in the ITM post, there are several other interesting drafts as well being discussed in DNSOP – all focused around improving the operations of DNSSEC.  It should be a great session at IETF!

The DANE Working Group is not meeting but as I mentioned in the other article I expect that DNSSEC / DANE will come up in some of the many conversations that will be going on next week related to how we harden the Internet against large-scale surveillance and pervasive monitoring.  The Technical Plenary on Wednesday, November 6, should be an excellent event well worth listening to.   The “Perpass” BOF session will dive into more details. I don’t know if DNSSEC / DANE will be discussed there… but it certainly could be.

The DNS-SD Working Group discussion could also be quite interesting because as you extend DNS service discovery beyond a simple local network into a multi-network environment, you need to have some way to securely communicate that information.  We’ll see what is begin talked about in that regard.

Anyway, here are four of the sessions where DNSSEC / DANE / DNS will be discussed – you can expect to find me in all of them:

NOTE: If you are not going to be in Vancouver next week, there are multiple ways that you can participate remotely in these working groups, including audio streams and Jabber chat rooms.

Nov 01

Rough Guide to IETF 88: DNSSEC, DANE and DNS

On the Internet, the Domain Name System (DNS) performs the critical role of translating human-readable domain names into the underlying IP addresses needed by computers to connect. The challenge is that attackers can subvert and modify DNS messages with the result that users and applications can be directed to wrong (and potentially malicious) sites. In response to this threat, the IETF community created DNS Security Extensions (DNSSEC), which is now being deployed across the Internet.

Dan York

Oct 31

7 Of The Many Sessions About IPv6 Next Week At IETF 88

IETF LogoThe great news for IPv6 advocates about IETF 88 in Vancouver next week is that IPv6 is everywhere! All throughout the IETF 88 agenda you can find IPv6 in various different groups.  IPv6 is definitely “the new normal” and that shows!

Our colleague Phil Roberts posted today “Rough Guide to IETF 88: All About IPv6” where  he highlights the major working groups that are tackling IPv6 topics.  There is a great amount of activity going on and Phil’s post gives a good sense of the range of work.  You can expect to find our Deploy360 team in pretty much all of these working groups monitoring what’s going on and contributing where appropriate.

To Phil’s excellent list of Working Group sessions related to IPv6 I’d add only one more that is important from a deployment/operationalization point of view.  The OPSEC Working Group has two drafts on its agenda that are both focused on IPv6 security.  With that, here is a list of some of the major groups doing IPv6 work next week… as I mentioned, you wind up finding IPv6 across all the many different groups, but here are some of the major ones.

NOTE: If you are not going to be in Vancouver next week, there are multiple ways that you can participate remotely in these working groups, including audio streams and Jabber chat rooms.

Oct 31

Bruce Schneier to Speak About Internet Surveillance at IETF 88 Technical Plenary Next Week (Featured Blog)

How do we harden the Internet against the kinds of pervasive monitoring and surveillance that has been in recent news? While full solutions may require political and legal actions, are there technical improvements that can be made to underlying Internet infrastructure? As discussed by IETF Chair Jari Arkko in a recent post on the IETF blog, "Plenary on Internet Hardening", the Technical Plenary at next weeks IETF 88 meeting in Vancouver, BC, Canada, will focus on this incredibly critical issue. More...

Oct 31

Bruce Schneier To Speak About Internet Surveillance At IETF 88 Technical Plenary Next Week (Featured Blog)

More...

Oct 31

TDYR #045 – Hardening The Internet Against Surveillance – IETF 88 Technical Plenary Next Week

What can be done to harden the Internet against large-scale surveillance and pervasive monitoring? That will be the topic of the Technical Plenary next Wednesday, Nov 6, at the IETF 88 meeting in Vancouver. In this episode I talk about the upcoming event and why this is so important. Some relevant links: http://www.circleid.com/posts/20131031_bruce_schneier_to_speak_about_internet_surveillance_at_ietf_88/ http://www.ietf.org/blog/2013/10/plenary-on-internet-hardening/ http://www.ietf.org/live/ https://www.ietf.org/mailman/listinfo/perpass

Oct 31

Video Interview: Why Use Knot DNS For DNS And DNSSEC?

Knot DNSWhat is the “Knot DNS” server all about and why would you want to use it versus one of the other DNS servers supporting DNSSEC?  At the recent ENOG 6 event in Kiev, Ukraine, I had a chance to speak with Jaromir Talir from CZ.NIC Labs and the resulting video interview can be found below. If you are interested in checking out the software, you can visit:

http://www.knot-dns.cz/

The software is available pre-packaged for several versions of Linux as well as in source-code form.

Here is my interview with Jaromir (and I apologize to Jaromir for repeatedly calling his organization by its domain “nic.cz” instead of by the organization’s name of “cz.nic”):

Prior to this interview, Jaromir had spoken on stage at ENOG 6 in more detail about Knot DNS. His ENOG 6 slides about Knot DNS are online and a video recording of his presentation is available:

It’s great to see a new entrant into the field of DNS name servers.  While the existing servers are very rock solid, it’s always great to see new people coming in with new ideas and new tools.  As Jaromir says in the interview, having diversity among your servers can be a good practice.  I’d encourage you to go check out Knot DNS and let Jaromir and the CZ.NIC team know what you think of it!

Oct 31

Knot DNS

Knot DNSKnot DNS is an authoritative DNS name server that can be used to serve out zone records and includes support for DNSSEC and DANE.  One of the key design goals is to provide simple DNSSEC support for dynamic DNS.  Knot DNS is developed by the team at CZ.NIC and can be found at:

https://www.knot-dns.cz/

It is available pre-packaged for several versions of Linux and also as source code as a release or directly from a git repository.

Knot DNS is highly scalable and used by CZ.NIC for the operation of the .CZ TLD. It was developed with the target audience of network operators and DNS operators in mind but can be used by anyone needing to serve out DNS records.

For an overview of Knot DNS, you can view this short video interview with Jaromir Talir of CZ.NIC:

Prior to this interview, Jaromir had spoken on stage at ENOG 6 in Kiev, Ukrain, in more detail about Knot DNS. His ENOG 6 slides about Knot DNS are online and a video recording of his presentation is available:

Oct 30

4 Sessions About Routing Resiliency/Security At IETF 88 Next Week

IETF LogoNext week at IETF 88 in Vancouver the topic of routing resiliency/security will be covered in a variety of different working groups.  Our colleague Andrei Robachevsky outlined what will be covered in a post on the “Internet Technology Matters (ITM)” blog: Rough Guide to IETF 88: Routing Resilience.   We’re looking forward to those sessions and you can expect to find me in most of them.  My particular interest is in what is happening within SIDR right now, but in truth all of them should be interesting.

I’d strongly suggest reading Andrei’s post to understand what’s going to be going on with routing.  Here are the relevant working groups and times.

NOTE: If you are not going to be in Vancouver next week, there are multiple ways that you can participate remotely in these working groups, including audio streams and Jabber chat rooms.