January 2011 Archives

Preparing for a world consisting of larger DNS responses.

20 Jan 2011
Peter Losher

While many of you know ISC as the maintainer of the BIND DNS server software, we have always had our hand in the DNS operations field, including operating one of the 13 DNS root servers (F.ROOT-SERVERS.NET), as well as secondaring many ccTLD and non-commercial zones for over a decade. ISC has also been at the forefront of designing and implementing DNS Security Extensions (DNSSEC) which is a mechanism to cryptographically verify that the response given to a DNS request is correct.

Implementing IPv6 is no longer optional

04 Jan 2011
Sue Graves

The exhaustion of IPv4 space from IANA is coming as soon as February (yes, next month!) and the reserve held by the RIRs will be running dry shortly thereafter. The ability to provide (and use) IPv6 infrastructure is no longer optional; it is a requirement.

DNSSEC and "lazy delegation"

27 Jan 2011
Michael Graff

Prior to deploying DNSSEC it has been possible to perform something I'm calling "lazy delegation." This is when a parent and direct child are served from the same name servers, so NS records in the parent are unnecessary in practice.

While consulting with various clients about how to best deploy their DNSSEC, this is a common discovery. Often times someone just forgot to add NS records, or their tools do not add them. No one notices because their DNS worked.

Technology Leadership for the Common Good

15 Jan 2011
vixie

“I am relieved.”  That lovely double entendre is what Captain Pike said to Captain Kirk at the end of last summer's most excellent reboot of the Star Trek series. I am likewise relieved to have been relieved of my long time post as President of ISC by my good friend and long associate Barry Greene. I continue at ISC as Chairman and Chief Scientist, which is the equivalent (to me) of escaping to the candy factory. When ISC was smaller, this was the half of my job I loved most.

How to connect to a multi-homed server over TCP.

19 Jan 2011
Mark Andrews

With the world wide deployment of IPv6 in parallel with IPv4, it has become apparent that a traditional connection loop is no longer good enough.

In fact, this is a large part of the reason why Google is white listing resolvers and Yahoo only wants to return to AAAA records to DNS queries made over IPv6.  The traditional connection loop does not behave well in the presence of some network errors.  It introduces excessive delays when there are good alternate addresses to use.