Most business users today can request IPv6 addressing from their Internet Service Provider, or use a free IPv6 tunnel service like the one offered by he.net. By having access to the DNS testbed, they are able to experiment with the migration from IPv4 with one less item to worry about and ultimately move their network with confidence. OpenDNS, the favorite and most trusted DNS service of network administrators everywhere, engineered the IPv6-ready service to act as a sandbox for those tasked with managing networks of any size – from large enterprises, SMBs and universities to K-12 school districts and small organizations – and moving them to IPv6. Because IPv6 addresses are so long and difficult to remember, DNS plays a key role in IPv6 adoption by allowing the familiar Domain Name System (DNS) to ease the transition. Where IPv4 allowed 32 bits in each address, IPv6 allows 128 bits, making available a significant lot of available addresses for the foreseeable future. IPv6 was developed to satisfy the long-anticipated exhaustion of available IPv4 addresses. The announcement is significant as OpenDNS is the first major recursive DNS service in the world to offer the service. So it has been a bit bumpy but it is nice to see the rough edges being rubbed off.Website Hosting – San Francisco, CA - OpenDNS, the world’s largest and fastest-growing provider of Internet navigation and security services that make networks safer, faster, smarter and more reliable, today announced it is offering IPv6 support in production for its 20+ million users, as well as any network administrator tasked with migrating their network to the new protocol. They have even promised to send me some swag in thanks! This allowed them to find the bug, and they are in the process of rolling out a fix. However this made it difficult for the OpenDNS techies to reproduce and debug the problem I reported, so I set up a test domain with a copy of dotat.at's old weird delegation. Once these changes had taken effect OpenDNS was able to resolve my domain again. So I changed the delegation NS RRset to match the apex RRset and deleted the superfluous ns4 and ns6 aliases. This prompted me to see if I could make the delegation records for dotat.at less insane, and I was happy to find out that nic.at had fixed the bug I found in June. I reported the problem to OpenDNS and I was pleased to see that they were interested in fixing it. Last week I got a report from Sevan Janiyan that OpenDNS was unable to resolve dotat.at. This was rather ugly but it worked - mostly. at zone looking like this, to appease nic.at:Īnd an an apex NS RRset in the dotat.at zone looking like this, to appease GratisDNS: So I ended up with a delegation NS RRset in the. However a few days later I got an email from GratisDNS complaining that they wanted me to list their name servers by their canonical names in my zone or they would cease slaving it. ![]() I reported this problem to nic.at, and to work around it I created lots of aliases for my name servers for use in the delegation NS records:ī. I could have one IPv4 address or one IPv6 address, not both. ![]() When I was changing my zone's delegation records in June, I was not able to put more than one IP address for each name server. Hopefully I will be able to get a secure delegation from them before very long. at zone was actually signed towards the end of last year, though they do not yet have a secure delegation from the root. The main problem is that nic.at do not yet support DNSSEC, so I am relying on the ISC DLV to provide a chain of trust to my zone. The DNSSEC side of the upgrade has been pretty trouble-free. (But that doesn't seem to be working any more.) (Google Translate to the rescue.) Puck gives me a bit of organizational diversity, and supported the remarkably shiny NOTIFY+IXFR for fast update propagation. GratisDNS has very good DNS server diversity though the web site is entirely in Danish. After a bit of searching around I settled on using and GratisDNS as my new secondary servers. Last summer I upgraded my DNS setup to support IPv6 and DNSSEC.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |