Latest news of the domain name industry

Recent Posts

IPv4 addresses to run out Thursday

Kevin Murphy, February 1, 2011, Domain Tech

ICANN will announce the final depletion of its pool of IPv4 addresses this Thursday.

The Number Resource Organization will hold a “ceremony and press conference to make a significant announcement and to discuss the global transition to the next generation of Internet addresses”.

The NRO is ICANN’s supporting organization representing Regional Internet Registries, the outfits responsible for handing out IP addresses to network operators.

ICANN, the Internet Society and the Internet Architecture Board will also participate in the event, scheduled for Thursday February 3 at 1430 UTC. It will be webcast here.

Today, APNIC, the Asia-Pacific RIR, said that it has been assigned two /8 blocks of addresses, meaning IANA is down to its Final Five chunks.

Thursday’s ceremony will presumably entail ICANN/IANA officially handing out these last five blocks to the five RIRs, one each, as called for by its allocation policy.

After that, it’s all gone. No more IPv4. The age of IPv6 is upon us.

It is currently estimated that the RIRs will themselves run out of IPv4 in September. After that, if they need IP addresses they’ll receive IPv6.

IPv4 is rapidly becoming a scarce commodity.

Many people, including ICANN chairman Peter Dengate Thrush, have predicted a “gray market” for addresses to appear, with address blocks changing hands for less than the cost of upgrading to IPv6.

The focus on Thursday, however, will be all about the measures network operators need to implement in order to remain viable on an internet increasingly running IPv6 equipment.

DNS not to blame for Egypt blackout

Kevin Murphy, January 28, 2011, Domain Tech

Egypt got disconnected from the internet last night, but it does not appear that DNS is to blame.

It what appears to be an unprecedented move, internet traffic to and from Egypt dried up to a trickle, apparently as a result of a government effort to crack down on anti-presidential protests.

While a number of reports have blamed DNS for the outage, the currently available data suggests the problem is much more deeply rooted.

Traffic monitoring firm Renesys seems to be one of the best sources of primary data so far. The company’s James Cowie blogged today:

At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet’s global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt’s service providers. Virtually all of Egypt’s Internet addresses are now unreachable, worldwide.

BGP is the Border Gateway Protocol. It’s used where networks interconnect, enabling ISPs to “announce” what IP addresses they are responsible for and exchange traffic accordingly.

With no BGP routes into or out of Egypt, whether the DNS works or not is pretty much moot.

Blocking individual domain names, such as twitter.com, is one way to stifle communication. Another way is to instruct local ISPs to turn off DNS altogether.

But in both cases users can route around the blockade by choosing overseas DNS servers, such as the services Google and OpenDNS make available for free.

Even without DNS, users can still access web resources using IP addresses, if they know what they are.

But when ISPs stop announcing their IP addresses, even that becomes impossible. Even if you know how to find a web site, it has no way of finding you.

In this case, it seems likely that Egypt has physically unplugged itself from the global internet, which means its traffic is going nowhere, no matter what protocol you’re talking about.

But even this is not foolproof. According to experts interviewed on BBC news in the last hour, ISPs outside of the country are offering free dial-up access to Egyptians.

Egyptians with access to a dial-up modem, phone jack, compatible computer and long-distance service will presumably be able to use these services to reach the outside world, albeit at 1990s speeds.

With all the inter-governmental debate about the management of domain names over the last several years, the Egypt crisis is a useful reminder that DNS is not the quintessential element of internet governance it is often made out to be.

Go Daddy’s new billion-dollar business?

Kevin Murphy, January 25, 2011, Domain Tech

Go Daddy has officially unveiled its Premium DNS service, which will enable its customers to buy and use managed DNSSEC services for the first time.

The price is $2.99 per month, which works out to $35.88 a year.

For the money, buyers also get a bunch of other tools, such as reports and audits, off-site DNS functionality and backup name servers.

There’s also a “Vanity Nameserver” option, which appears to let customers set their domain’s name servers to display as something like brand.domaincontrol.com, rather than ns1.domaincontrol.com.

It also appears that users of Go Daddy’s standard service will now be limited to 100 forwarded sub-domains, with Premium DNS users getting an unlimited number.

But the big deal as I see it is the addition of managed DNSSEC.

DNSSEC is a new security protocol that substantially mitigates the risk of falling prey to a DNS hijacking using, say, a cache poisoning attack.

Remember the Kaminsky Bug? DNSSEC prevents that kind of thing from happening again.

The problem with DNSSEC is that it’s massively complex and quite hard work to manage, requiring frequent key generation and rollover.

Go Daddy users can already manage their own DNSSEC records if they choose, but that’s only really an option if you’re a hard-core DNS geek.

Paying a few bucks a month to have somebody else manage it for you is an absolute bargain, if you care enough about your domain’s security.

I suggest that this could be a lucrative business for Go Daddy primarily because proponents of DNSSEC hope that one day it will be ubiquitous. Every domain will use it.

Go Daddy has over 45 million domains under management today. If customers representing only 1% of its domains choose to upgrade, that’s an extra $16 million into company coffers annually.

If they all do (which is not going to happen) we’re talking about a $1.6 billion business.

I don’t think the new service is going to lead to a massive uptick in the number of signed domains, but it will certainly get the ball rolling. For enterprises, it’s good value.

But individuals and large domain portfolio holders will not flock to return to 1999 .com prices just in order to implement a protocol they’ve been doing just fine without.

The future of broad DNSSEC adoption is more likely to be in open-source and freeware tools and services that can be easily understood by geeks and non-geeks alike.

Google and Facebook to cut off thousands for World IPv6 Day

Kevin Murphy, January 12, 2011, Domain Tech

Some of the internet’s biggest companies are going to deliberately break their web sites for a day, for hundreds of thousands of users, in order to raise awareness of IPv6.

Google, Facebook and Yahoo are among the companies that will go into production with the protocol for 24 hours, starting at midnight UTC, June 8, for World IPv6 Day.

For the day, the companies will make their sites accessible using a dual stack of IPv4 and IPv6. Most users will be unaffected and will be able to access the services as normal.

But Google predicted on its blog that 0.05% of users may “experience connectivity problems, often due to misconfigured or misbehaving home network devices.”

Facebook purportedly has 500 million users, so presumably it’s expecting 250,000 of them to be cut off from its site for the day, with a corresponding dip in ad impressions and revenue.

World IPv6 Day is being overseen by the Internet Society. ICANN/IANA does not appear to have a role, despite it having global responsibility over IP address allocations.

ISOC’s site says:

The goal of the Test Drive Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out.

The IPv4 pool is estimated to be exhausted next month, when IANA allocates the final five /8 blocks to the Regional Internet Registries. The RIRs are expected to run out of addresses in November.

Not too long after that, IPv6 will be the only choice if you want to obtain IP addresses through official channels. If you want IPv4, you’ll have to head to the gray market.

Vixie takes on ISC chief scientist role

Kevin Murphy, January 7, 2011, Domain Tech

Internet Systems Consortium president Paul Vixie plans to address a “perfect storm” of internet addressing “crises” by becoming the organization’s chairman and chief scientist.

Vixie founded the not-for-profit ISC, which provides BIND – the software that runs most of the domain name system – in 1994. He will be replaced as president by Barry Greene.

Not known for mincing words, Vixie said in brief ISC statement today:

There are two huge technical crises arising simultaneously. The Internet is running out of address space and at the same time the level of criminal activity is increasing sharply. It’s the perfect storm. We need to deploy IPv6 and DNSSEC more or less simultaneously, and we need to develop and deploy, quickly, new technologies and new methodologies to measure and understand what is happening out there. I need to turn my full attention to these pressing and difficult problems, and I know that ISC will be in good hands with Barry as president.