Our new Interim Trust Anchor Repository has been launched to help people more easily deploy DNSSEC.

{ 0 comments }

Last week IANA processed a request to add AAAA records for one of the thirteen DNS root-servers.

L.root-servers.net, operated by ICANN, became the seventh of of the root servers to have it’s IPv6 address records (AAAA) added into the DNS root-zone. The addition of IPv6 service is part of ICANN’s ongoing commitment to act as a leader in enabling IPv6 services throughout the DNS.

The new IPv6 address is 2001:500:3::42

{ 3 comments }

At ICANN’s meeting in Egypt last week, I had the opportunity to try and explain to various non-technical audiences why the Domain Name System (DNS) is vulnerable to attack, and why that is important, without needing a computer science degree to understand it. Here is the summary.

{ 19 comments }

IPv6 is in the news because the mainstream media have started to pick up the fact that IPv4 will be fully allocated in the next two or three years. And IPv6 deployment is important if we want to keep the Internet growing sustainably.

So where is IPv6 deployment most evident? It?s a very difficult thing to measure. It is difficult to measure the amount of IPv6 traffic as so much of it is tunneled inside of IPv4. And anyway, tunneled traffic is probably from end users rather than ISPs, but we need ISPs to deploy IPv6 to allow the Internet to grow. So how can we see where ISPs are deploying IPv6 in their networks?

{ 13 comments }

In February I commented about how we have been doing some research into the use of unallocated address space on the Internet.

{ 1 comment }

It is sometimes said that ISPs do not offer IPv6 transport and equipment vendors offer just partial IPv6 support because there is no customer demand. The counter argument is often made that consumers can only buy what is on offer so people prefer to buy production quality services and equipment.

Unfortunately, even when production quality IPv6 transport and network infrastructure are available it is not always possible to deploy a completely IPv6 accessible network. One problem is the difficulties domain name registrants have when they ask their domain name registrar to include their IPv6 glue in the DNS. Not many domain name registrars support glue registration for IPv6 addresses. This limits their ability to provide an IPv6 DNS service.

{ 3 comments }

As noticed by some in the Internet network operations community, at the beginning of May an odd event occurred as ICANN ended DNS service on the IP address formerly associated with L.ROOT-SERVERS.NET (”L-root”). Specifically, as ICANN turned off the DNS service at the address formerly used by the L-root, 198.32.64.12 (and the routing announcement by ICANN for 198.32.64.0/24), DNS root queries sent to that address instead of the new L-root address (199.7.83.42) continued to be answered.

{ 19 comments }

Back in October I wrote about how my landlord provides an Internet connection with a private IPv4 address. I explained that I want to connect several devices and so I have installed my own NAT and now sit behind a “double NAT”. The only problems I’ve had have been with some VoIP software that can’t jump multiple NATs.

My landlord isn’t the only ISP providing an Internet connection using private IPv4 addresses. As mentioned at the last AfriNIC meeting, there are many millions of connections sitting behind hierarchies of IPv4 NATs.

{ 1 comment }

Yesterday ICANN began DNSSEC signing the IDN .test zones. Over the next few days, we will be testing and carefully monitoring the system. It is not expected that DNSSEC or the testing will have any effect on normal DNS operations. Any user experiences or problems or feedback should be reported to <richard.lamb@icann.org>. This deployment is intended to demonstrate certain capabilities and also provide both ICANN and those interested in DNSSEC an opportunity to gain further experience with this new technology.

{ 8 comments }