June 03 2011 by
Cricket Liu (Infoblox)
Yesterday, Infoblox hosted the second annual "Inside Baseball"
event, an informal meeting of representatives from companies that work
with DNS to discuss strategic and operational issues. Dyn, Inc., who
dreamed up the event and hosted last year's meeting at their
headquarters in Manchester, New Hampshire, coordinated registration and
proposed a loose agenda.
Attendance was terrific, with representatives from Dyn, ISC, Verisign, Neustar, F5, Secure64, Google, Microsoft, Comcast, Akamai, OpenDNS, Nettica, NoIP, TZO, Cotendo, Cloudflare, CloudFloor, and Cloudfish attending. (Just kidding. There's no Cloudfish. Yet.)
Read more...
Posted in DNSSEC | IPv6 | 
0 comments
June 01 2011 by
Cricket Liu (Infoblox)
InfoWorld just gave their 2011 Technology Leadership Award to my old friend and frequent collaborator,
Matt. Matt's worked tirelessly on the deployment of DNSSEC in some of
the biggest and most important zones on the Internet, including the root
zone, .com and .net - all of which, I'll note, went off without a
hitch. That doesn't happen by chance. To think that when I met him, he
was fresh out of Northwestern, interviewing for a job at HP.
Congratulations, Matt. It's an honor you richly deserve.
Oh, and dinner's on me!
Read more...
Posted in DNSSEC | DNS Security | 0 comments
March 31 2011 by
Cricket Liu (Infoblox)
The com zone's DS record was added to the root zone today, marking an important milestone in the deployment of DNSSEC. com is the largest zone on the Internet by most measures, containing over 90 million delegations. This means that the administrators of the corresponding 90 million subzones can sign their zones, and validating recursive name servers will be able to follow a continuous chain of trust from the root zone's public Key-Signing Key to validate arbitrary data in those zones.
Read more...
Posted in DNSSEC | DNS Security | 2 comments
March 15 2011 by
Cricket Liu (Infoblox)
Here at Infoblox, we’re gearing up for World IPv6 Day. Our appliances have supported IPv6 for some time now, but we’d never gone to the trouble of providing services over IPv6, mostly for lack of demand. But we wanted to participate in World IPv6 Day, so we called around for carriers who could provide IPv6 connectivity.
Our IT guys decided to go with Cogent (“one of the world’s largest Internet Service Providers,” so they say), which already had a presence in our colocation facility and so could provide connectivity quickly. The cost was also very reasonable.
Once the connectivity was set up, IT asked Andy, one of our product managers, and me to test it, since we both have IPv6 networks at home. I’d set my connectivity up through Hurricane Electric using a free tunnel broker they offer, and so did Andy.
Read more...
Posted in IPv6 | 9 comments
March 01 2011 by
Cricket Liu (Infoblox)
In a blog entry late last month, I briefly mentioned an issue with stub resolvers that naively send queries for AAAA records (the DNS record type for IPv6 addresses) but then pass the addresses to applications that can’t consume them, causing timeouts. (I owe credit to Igor Gashinsky at Yahoo!, from whoseIETF presentation I learned about the issue.) Here’s a little more on that subject.
Many popular web sites that support IPv6 today use separate domain names to point to their sites; witness www.v6.facebook.com and ipv6.google.com. That scheme won’t hold up over time, though. As IPv6 becomes pervasive, companies won’t willingly slap protocol identifiers in front of their domain names:
- “For IPv4 customers, go to www.facebook.com.
- For IPv6 customers, go to www.v6.facebook.com.”
Read more...
Posted in DNS Best Practices | BIND | IPv6 | 2 comments
