DNSSEC & IPv6 – New tech that nobody wants?

paul-bw-linkedinNominet recently resurrected their plan to allow organisations to register second-level .uk domains. So instead of having to register under .co.uk, you could just have a domain name under .uk, like google.uk or yahoo.uk.

I don’t really have any strong thoughts on this either way. The advantage is that domain names will become shorter and easier to type (especially on a mobile phone) and it makes the UK consistent with many other countries. But on the downside, it adds additional cost and bureaucracy to the domain registration process, as organisations will effectively have to register their domain names under both .co.uk and .uk for fear of customers mistyping or not knowing whether the organisation resides under .co.uk or .uk. Add to this the domain squatting possibilities if you don’t register your brand name under .uk quickly enough, and now it seems the disadvantages outweigh the advantages, and I wonder whether this is really a money making exercise for Nominet as they would benefit enormously from the additional revenue .uk registrations would bring in.

But reading the Nominet announcement (as so eloquently quoted in The Register), it seems they have now dropped the requirement for these .uk domains to support DNSSEC. This is after Nominet put so much effort into signing .uk and .co.uk. They are clearly trying to remove as many barriers as possible to enable people to register in .uk, but surely they should be advocating more DNSSEC, not less! If the UK’s domain registry is not promoting DNSSEC, then why should anyone use it? Are we going to be stuck with an antiquated DNS protocol that is so vulnerable to spoofing, tampering, cache poisoning etc.

DNSSEC may not be the easiest technology to deploy and manage (although products such as Infoblox go a long way to help), but it’s got to be better than nothing!

Now what about IPv6? Lots of news about RIPE running out of IPv4 addresses, but most organisations who have rolled out IPv4 addressing schemes based on RFC1918 are saying “So what?”. I was on the train coming back from London recently when I overheard an IT engineer on the phone to a colleague, I only picked up a few words here and there, stuff like “…monitoring…TE’s…LSR’s…layer 2 tunnel…MPLS…” then I latched onto something I did understand, “…couldn’t ssh into 10.160.36.4…”

It was the way he rattled off the IP address that struck me. We have all done it, we have a collection of IPv4 addresses in our brains that we remember. But how will you do this if they are IPv6 addresses? How on earth will you remember an address like 3ffe:1900:4545:3:200:f8ff:fe21:67cf ? The obvious answer is to use DNS, so why on earth do we insist on remembering and using IPv4 addresses when DNS is there to help us? It seems to me that people, mainly network engineers, do not trust DNS to be accurate. Maybe they have had a bad experience. But in an IPv6 world, DNS is going to be absolutely critical, and it will need to be accurate. It seems to me that there needs to be more focus and effort put into implementing a robust and accurate DNS environment so that people feel more comfortable quoting names rather than IP addresses.

This is where we can help! Contact us here and let’s have a chat! 🙂

About Paul Roberts

Paul has spent his entire career within the IT industry and since 1997 has been deploying DNS, DHCP and IPAM solutions globally. Paul is a regular guest speaker at exhibitions and seminars.

Leave a comment