Download PDF (PDF- 2MB)
Previous articles in IPJ have described Domain Name System Security Extensions (DNSSEC), the security system for the Domain Name System (DNS). DNSSEC introduces security into the DNS through the use of cryptographic keys and digital signatures. Interest in DNSSEC has grown in recent months, as the Internet Corporation for Assigned Names and Numbers (ICANN) and VeriSign have undertaken a phased program to deploy DNSSEC across the root server system in the first half of 2010. In an article by four DNS practitioners, we will explore some side effects of DNSSEC, and examine what happens in two widely used DNS resolver implementations when DNS clients lag behind in synchronizing their local copy of trust keys with the master keys used by the zone administrators to sign their DNS data.
Several articles in IPJ have dealt with various concerns related to scaling of the Internet. In this issue, Paul Francis and Xiaohu Xu describe Virtual Aggregation, a new routing technology being developed by the GROW working group of the IETF to reduce the size of the Forwarding Information Base (FIB) held in memory by routers.
The Request For Comments (RFC) Series has been the main publication channel for Internet standards and related documents for more than 40 years. The RFC Editor function is in the process of being restructured and moved from its original home at the University of Southern California Information Sciences Institute (USC/ISI). Leslie Daigle describes the history and future of the RFC Editor mechanism.
If you are reading this online and did not receive the March 2010 edition of IPJ, it may be because your subscription has expired. You can still renew your subscription by visiting the “Subscriber Services” section of our webpage at www.cisco.com/ipj. Enter your subscription ID and e-mail address to gain access to your subscription record. If you don’t know your subscription ID or have changed e-mail address recently, just send a message to firstname.lastname@example.org and we will take care of the renewal and update for you.
- Ole J. Jacobsen, Editor and Publisher
by George Michaelson, APNIC, Patrick Wallström, .SE, Roy Arends, Nominet, Geoff Huston, APNIC
As we are constantly reminded, the Internet can be a very hostile place, and public services are placed under constant pressure from a stream of probe traffic, attempting to exploit any one of numerous vulnerabilities that may be present at the server. In addition, there is the threat of Denial of Service (DoS) attacks, where a service is subjected to an abnormally high traffic load that attempts to saturate and take it down. This story starts with the detection of a possible hostile DoS attack on Domain Name System (DNS) servers, and narrates the investigation as to the cause of the incident, and the wider implications of what was found in this investigation. (more…)
by Paul Francis, Max Planck Institute for Software Systems, and Xiaohu Xu, Huawei Technologies
Biologists believe that human life is limited by the number of times cells can replicate; noncancerous cells have a kind of internal counter that prevents them from replicating forever. Even if humans are kept healthy in every respect, they will eventually die simply because their cells will cease to replicate. Internet routers also have a finite lifetime. They are built with a fixed amount of hardware memory for storing the forwarding table (the memory structure that tells the router where to forward any IP packet, also called the Forwarding Information Base [FIB]). As the Internet global routing table grows, it eventually overflows the FIB, and the router ceases to be able to hold the full routing table. Even if the router is healthy in every respect (all of its hardware components still operate), it can no longer function as a router in the Internet Default-Free Zone (DFZ), where no default routes can be used.
In the past, router vendors have been reasonably good at predicting how long FIBs will last because the growth of the global DFZ routing table has stayed fairly predictable. As a result, Internet Service Providers (ISPs) can plan their capital budgets, and where necessary use a set of tricks (discussed in the next section) to squeeze additional life out of routers even after their “FIB death.” But there are two problems. (more…)
by Leslie Daigle, ISOC
In April 2009, the Request For Comments (RFC) Editor published RFC 5540, “40 Years of RFCs,” which summarized the publication history of the RFC Series. The series has been the technical publication series for Internet technology since long before there was an Internet Engineering Task Force (IETF). Although the RFC Series is the publication vehicle for the IETF, it has been, and remains, scoped more broadly than that (refer to RFC 4844, “The RFC Series and RFC Editor”).The RFC Series is the archival series dedicated to documenting Internet technical specifications, including general contributions from the Internet research and engineering community as well as standards documents.