IPv6 and DNSSEC

IPv6

This site is reachable via IPv6 by way of being hosted on a server operated by Hurricane Electric.  The site itself is using self-hosted WordPress, which has been IPv6-capable for some time now.

DNS for “danyork.me” is hosted at Dyn, Inc. using their DynECT Managed DNS service.  A AAAA record was entered there pointing to the IPv6 address of the Hurricane Electric server.

When World IPv6 Launch occurred on June 6, 2012, this site was one of the thousands that were natively reachable via IPv6.

If you would like more information about how to make your website accessible over IPv6, please visit the Deploy360 page about IPv6 and DNSSEC for content providers.

DNSSEC

Dyn, Inc’s service also provides the automatic DNSSEC signing of the domain and takes care of managing all the appropriate DNSKEY and RRSIG records.  On the Deploy360 site, I have a tutorial of how to use Dyn, Inc for DNSSEC signing of DNS records.

Unfortunately, “danyork.me” is signed but not linked into the global DNSSEC “chain of trust” because, as shown in the DNSSEC analyzer, DS records are not able to be inserted into the parent “.ME” domain. The “danyork.me” domain is registered with GoDaddy, who handles DS records for quite a number of domains, but not .ME.   I have unfortunately not found any registrars who will insert DS records into the .ME domain and have contacted the .ME registry to understand what their timeframe is for allowing DS records.

Once a registrar like GoDaddy can insert DS records for the domain, it is a fairly straightforward process to copy the DS record from Dyn’s DNS hosting service over to the registrar.

 

Leave a Reply