Cricket on DNS
The latest on DNS Security, DNSSEC, IP Address Management... and more
The com zone's DS record was added to the root zone today, marking an important milestone in the deployment of DNSSEC. com is the largest zone on the Internet by most measures, containing over 90 million delegations. This means that the administrators of the corresponding 90 million subzones can sign their zones, and validating recursive name servers will be able to follow a continuous chain of trust from the root zone's public Key-Signing Key to validate arbitrary data in those zones.
Here at Infoblox, we're gearing up for World IPv6 Day. Our appliances have supported IPv6 for sometime now, but we'd never gone to the trouble of providing services over IPv6, mostly for lack of demand. But we wanted to participate in World IPv6 Day, so we called around for carriers who could provide IPv6 connectivity.
In a blog entry late last month, I briefly mentioned an issue with stub resolvers that naively send queries for AAAA records (the DNS record type for IPv6 addresses) but then pass the addresses to applications that can't consume them, causing timeouts. (I owe credit to Igor Gashinsky and Jason Fesler at Yahoo!, from whose IETF presentation I learned about the issue.) Here's a little more on that subject.