When did you first meet a DNSSEC and/or IPv6 enthusiast?

For me, I guess this must have been sometime towards the end of the dotcom boom when I first started working closely with DNS. During those days, only the sky was the limit: the gurus I spoke with had ants in their pants and were telling me these new standards would be implemented very soon. Here’s a little illustration of what the last 10 years must have felt like for them:

In restrospect, it’s of course quite obvious why nothing really happened. By 2000 or so, practically all service providers and nearly all major enterprises had made major investments in IPv4 infrastructure. Therefore, it was more logical for them to enhance what they already had, rather than writing everything off and starting the IPv6 deployment from scratch. Not that the outcome would have necessarily been much better, either, as during those days the emerging standards were still rather immature. Heck, even IPv4 was a new thing back then in the big scheme of things.

Only 10 short years later, it finally looks like the grand vision painted a decade ago is about to unfold. During January 2010, ICANN made two announcements paving the way for both DNSSEC and IPv6 adoptation:

• DNSSEC Deployment at Root Zone
• Under 10% of IPv4 Space Remains

As far as DNSSEC is concerned, there have already been some work to nail down the Best Practices. European Network and Information Security Agency (ENISA) recently published a new guide on DNSSEC Best Practices – or a “Good Practices Guide for Deploying DNSSEC” as they called it. I believe this is one of the first guides from an organization that is not promoting their own DNSSEC solution, so it’s definitely a good read for anyone looking for impartial advice in this area.

On the IPv6 front, things are not moving quite as quickly, perhaps because both versions of IP are likely to co-exist for a long time. Yet it’s beginning to seem we are gradually getting there. Since introducing IPv6 support in Nixu NameSurfer Suite back in the early 00s, most of our customers investigating IPv6 and dual-stack networks have been focusing on DNS, routing and firewalls. But during the second half of 2009 also the RFCs for DHCPv6 were agreed upon. And although the unbiased Best Practices in this area are still being discussed and shaped, I’m fairly certain that the introduction of DHCPv6-compliant server products will speed up the pace of adoption quite significantly. Anyone who has attempted to manage IPv6 addresses manually will surely understand what I’m talking about!

From the network manager’s perspective, the perils with IPv6 and DNSSEC adoptation are largely related to the management routines that will become significantly more complex than what they currently are. With DNSSEC, a single resource record turns into five resource records that have to be edited / managed on regular basis. With IPv6, the syntax of addresses becomes so complex that manual DNS editing is simply not feasible anymore, especially in larger network environments. And this, my dear reader, is where Nixu Software steps in!

If you would like to learn more, please visit our website or contact our sales. We offer free 30-day trials at our website so if you’d like to test DNSSEC or IPv6 running Nixu DDI Products as VMs, it costs you only time.