This week marked the beginning of a new era as Canon announced their decision to initiate the application process for their own generic top-level domain (gTLD), “.canon”. On the micro-level, Canon was the first enterprise to take an advantage of ICANN’s New gTLD Program to apply for a gTLD to reflect their brand. But looking things on the macro-level, just think about the implications this will have for the Internet users at large!

The opportunity this offers to globally recognized brands is huge. Once the required logic has been incorporated into generally used web-browsers, the only thing a customer has to do is to type in the brand name in his/her browser. Canon and nothing else. With proper traffic analysis and good proxies, this allows the customer to be automatically forwarded to a localized website, without having to give any thought as to what the appropriate top-level domain used in connection with the brand name should be.

By running its own gTLD, an enterprise with a global brand no longer has to worry about the domain squatters that have reserved brand.xx(x) domain in some of the 200+ TLDs available to them, holding your brand at ransom. After all, as the customer only needs to type in the brand name, what user could be bothered with trying out addresses like canon.tv, a squatted Canon domain under Tuvalu ccTLD.

From the security perspetive, if a security concious enterprise has its own gTLD, it no longer has to worry about when and how it will be able to sign all its domains. If you are a global bank with its own gTLD and wish to utilize DNSSEC, you only need to provide the public key of “.globalbank” gTLD zone to the root (to be signed in 07/2010), after which the chain of trust to your own gTLD is complete. No need to worry about exchanging keys with various ccTLDs and gTLDs, reducing the administrative burden associated with DNSSEC.

Having worked with TLDs since the late 90s, we have seen this day coming for a long time. And so, on March 18 2010, we announced Nixu Registry Server, a productized Domain Name Registry Solution (DNRS) an entity needs when running their own gTLD and/or ccTLD. Nixu Registry Server is already being run in production by certain ccTLDs, so from the technology perspective there is nothing that prevents an organization from applying for its own gTLD. We are in the position to deliver an end-to-end solution for DNRS & DNS with look & feel customized to reflect your brand identity.

Better yet, we will also be happy to assume the responsibility for writing up the technical plan required by ICANN during the gTLD application process, to make sure that your investment in the application process yields a handsome return. Just contact our sales, and we’ll get you all set as far as the technology side of applying for -and running – a generic top-level domain is concerned!

When did you first meet a DNSSEC and/or IPv6 enthusiast?

For me, I guess this must have been sometime towards the end of the dotcom boom when I first started working closely with DNS. During those days, only the sky was the limit: the gurus I spoke with had ants in their pants and were telling me these new standards would be implemented very soon. Here’s a little illustration of what the last 10 years must have felt like for them:

In restrospect, it’s of course quite obvious why nothing really happened. By 2000 or so, practically all service providers and nearly all major enterprises had made major investments in IPv4 infrastructure. Therefore, it was more logical for them to enhance what they already had, rather than writing everything off and starting the IPv6 deployment from scratch. Not that the outcome would have necessarily been much better, either, as during those days the emerging standards were still rather immature. Heck, even IPv4 was a new thing back then in the big scheme of things.

Only 10 short years later, it finally looks like the grand vision painted a decade ago is about to unfold. During January 2010, ICANN made two announcements paving the way for both DNSSEC and IPv6 adoptation:

• DNSSEC Deployment at Root Zone
• Under 10% of IPv4 Space Remains

As far as DNSSEC is concerned, there have already been some work to nail down the Best Practices. European Network and Information Security Agency (ENISA) recently published a new guide on DNSSEC Best Practices – or a “Good Practices Guide for Deploying DNSSEC” as they called it. I believe this is one of the first guides from an organization that is not promoting their own DNSSEC solution, so it’s definitely a good read for anyone looking for impartial advice in this area.

On the IPv6 front, things are not moving quite as quickly, perhaps because both versions of IP are likely to co-exist for a long time. Yet it’s beginning to seem we are gradually getting there. Since introducing IPv6 support in Nixu NameSurfer Suite back in the early 00s, most of our customers investigating IPv6 and dual-stack networks have been focusing on DNS, routing and firewalls. But during the second half of 2009 also the RFCs for DHCPv6 were agreed upon. And although the unbiased Best Practices in this area are still being discussed and shaped, I’m fairly certain that the introduction of DHCPv6-compliant server products will speed up the pace of adoption quite significantly. Anyone who has attempted to manage IPv6 addresses manually will surely understand what I’m talking about!

From the network manager’s perspective, the perils with IPv6 and DNSSEC adoptation are largely related to the management routines that will become significantly more complex than what they currently are. With DNSSEC, a single resource record turns into five resource records that have to be edited / managed on regular basis. With IPv6, the syntax of addresses becomes so complex that manual DNS editing is simply not feasible anymore, especially in larger network environments. And this, my dear reader, is where Nixu Software steps in!

If you would like to learn more, please visit our website or contact our sales. We offer free 30-day trials at our website so if you’d like to test DNSSEC or IPv6 running Nixu DDI Products as VMs, it costs you only time.