./Shi’ne

How would you like a domain name in your own native language or writing? Pretty fun right? But this can also be chaotic. Internationalized Domain Names (IDNs) have been a source of heated discussions among Internet evangelists at ICANN for a while. [Try out the IDNs at idn.icann.org]

This week from 25-30 October 2009 happens to be the ICANN 36 meeting in Seoul, South Korea. It’s a specially relevant meeting for us “outsiders” because several hot topics, mainly the IDNs and gTLDs, are to be discussed and decided. This in a matter of time will change or affect the course of the Internet as we know it. I am therefore all ears to the meeting sessions through their website at sel.icann.org and the webcasts (Main Ballroom and ccNSO room)

UPDATE [Oct. 30, 2009 11:00AM] I was watching the webcast and the ICANN Board has approved the resolution on IDN ccTLDs.

From @icann: Process for new Internet extensions in the world’s languages approved by the #ICANN Board. Domain name system now fully global.

Before that, do you know how many top-level domains are there? [Source: blog.icann.org]

Read more…

This is good news. DNSSEC-signed root is to be expected on July 1st, 2010.

When the presentation slide changed from page 24 to page 25, one of the important moments of the Internet history had now been announced to public and long-time waited, “The date for fully deployment of the
DNSSEC at Root Zone” was confirmed; July 1, 2010. The presentation also included a brief timeline of other important dates before the DNSSEC is fully deployed.

Source: http://blog.icann.org/2009/10/dnssec-signed-root-by-july-1-2010/

As of 2009-06-02, at 16:00 UTC, .ORG is DNSSEC-signed. I received this news from a mailing list last week.

Public Interest Registry has announced [link here] the key-signing key (KSK) below to validate signatures on the .ORG zone:

org.			IN DNSKEY 257 3 7 (
				AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDo
				dnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mm
				GssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3A
				bSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6t
				XC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2m
				x7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rj
				CG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8Kj
				DqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
				) ; key id = 21366

It uses NSEC3, which is only fully-supported in Bind 9.6.1 and up.

Read more…

I sometimes wonder how come I’ve never done any DNS-related How-To. I write them mainly to remind myself anyway, not for other people (but it’s a plus if someone gets something from it)… Maybe that’s it, I don’t need reminder for something I do so often.

At least DNSSEC is something that’s not-so new – I haven’t implemented them in authoritative nameservers before, just for resolvers and caching nameservers. So here’s a guide, mostly taken from ISC DLV with some sidenote  I inserted while working on my implementation.

Steps:

1. Enable DNSSEC on authoritative/recursive servers
2. Generate ZSK and KSK
3. Include keys into zonefile
4. Sign the zone
5. Point named.conf at the signed zone.
6. Reload zone.
7. Provide parent zone with DS records -OR-
8. Provide DLV registry with DLV record

****IN DETAIL****

Read more…

A reminder to myself. This is something I’ve been asked about a million times. In Windows, it’s very easy. But i always forget or mistype the command in Mac.

Windows

C:\>ipconfig /flushdns

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

Mac OS X

$ dscacheutil -flushcache (in Leopard)
Reminder to self: ds not dns. Ok?  

$ lookupd -flushcache (lower versions)

Linux

/etc/init.d/nscd restart
i don't use this, so it doesn't really bother me.
*NSCD is Name Service Cache Daemon