Posts

Showing posts from January, 2011

Protect Your DNS Cache Without Signing a Zone....But be a Good "Netizen"

While DNSSEC technology has been specified for over a decade (though the standard was revamped about six years ago), it gained little true interest until mid-2008. With the announcement of the so-called Kaminsky vulnerability in July, 2008, momentum for DNSSEC began building and is accelerating into this year. Here's a great article describing this vulnerability in detail. The vulnerability can lead to cache poisoning of a name server performing lookups on behalf of DNS clients or stub resolvers. This name server, commonly referred to as a recursive name server, accepts recursive queries from resolver clients, and issues successive queries down the domain tree to locate the source of the queried information. Once received, the answer is cached so should another resolver request the same information, the recursive name server simply returns the cached resolution data, saving time and reducing needless resolution traffic. Thus recursive servers are also referred to as caching nam

IPAM Requirements Driven by IPAM Responsibilities - Yours or Your Organization's?

The first part of the title of this post is plainly obvious - your requirements for anything are going to be driven by what you need to get done and manage. But in the broader scheme of things, meeting your individual requirements may make your daily work easier, but will it provide the full breadth of benefits for your organization beyond making one person's or team's work more efficient? Certainly garnering efficiencies anywhere is usually a good thing. But if you're going to invest in making a particular task easier, doesn't it make sense to examine other related savings opportunities that can be gained through perhaps a smaller (proportionally) incremental investment. For example if you're a DNS administrator, procuring a set of dedicated DNS servers, perhaps a DNS GUI for easier data entry, or even a DNS hosting service, may make life easier for you. But is this benefit of this "ease" provide the maximum return on the investment in one or more of th

IPAM and New gTLDs

Thanks to a comment on my prior post predicting 2011 as the year of IPAM due to the emergence of IPv6 and DNSSEC, a third IPAM-impacting event is expected to begin this year which will affect IPAM planners perhaps not in 2011 but certainly in future years: new gTLDs. Generic Top Level Domains, gTLDs, are those domain labels directly beneath the root in the domain tree. Country Code TLDs, ccTLDs, are two letter country code domain names directly beneath the root which map to those country codes maintained by the ISO 3166 Maintenance Agency . There are about 250 ccTLDs and examples include .us (US), .ca (Canada), .eu (European Union), .jp (Japan), etc. Eight gTLDs existed prior to the formation of ICANN (Internet Corporation for Assigned Names and Numbers) which is now responsible for these domain assignments: .com, .edu, .net, .gov, .int, .mil, .org, and .arpa. ICANN accepted seven gTLD applications during 2000 (.aero, .biz, .coop, .info, .museum, .name and .pro) and six during 2004 (

IPAM in the Cloud Offerings a Bit Cloudy

If you're in need of help in managing your day-to-day IPAM functions, there is certainly a variety of solutions available. But which one is right for you? Many offerings can help offload your IT team from having to manage your public or external DNS servers and name spaces. Many service providers provide secondary DNS hosting, enabling (and requiring) you to manage your zone and resource record information on your own external master DNS server, then update the service provider's secondary DNS servers via standard zone transfers. Some service providers can also host the master server, allowing a small number of changes over a given time frame. The simplest solution albeit with limited control offered by website hosting providers integrate domain name assignment and operation of master and slave DNS servers accordingly. Beyond these various external DNS support services, fewer offerings are available for helping to manage internal DNS as well as DHCP and IP address space admin

2011 Promises to be the Year of IPAM

Two major Internet industry events will occur in 2011 that will shape the future of Internet communications and potentially increase the technical scope of IP managers: Top level IPv4 address space exhaustion Top-level domain (TLD) zone signing With only seven /8 blocks left in IANA's pool of address space, IANA is expected to run out of the IPv4 address space it is able to allocate to RIRs during the first quarter of 2011.This exhaustion will be hastened by the ICANN policy to allocate one /8 automatically to each of the five RIRs when any excess space has been allocated; that is after the next two /8 blocks are allocated, the remaining five will automatically be allocated to each RIR. As discussed in a prior post , this exhaustion of the top of the IP address space food chain will ultimately impact organizations. The signing particularly of the .com TLD will enable commercial organizations to greatly simplify the configuration of DNS security (DNSSEC). With the root zones h