Network managers are being urged to run a series of checks on their routers and firewalls to ensure their users will still be able to connect to the internet in the wake of a major change to the internet’s domain name system this week.
On May 5, the world’s top domain authorities, led by the Internet Corporation for Assigned Names and Numbers (ICANN), the US Government and VeriSign, will complete the first phase of the roll-out of Domain Name System Security Extensions(DNSSEC) across the Internet’s 13 root servers.
Root servers directly answer Internet requests for records in the top level of the Internet naming hierarchy and answers other requests returning a list of the designated servers for top-level domains such as .zw the Zimbabwean top level domain. In simple terms, the 13 root servers sun the core system of identification of websites on the Internet.
DNSSEC was developed in an attempt to thwart ‘man in the middle’ attacks, in which hackers intercept a request and respond with a message that fools the user system into going to a false location.
But the new protocol – much welcomed by the industry – could have an unfortunate side effect for unprepared network managers.
A number of unprepared organisations or those that use old boundary devices may start experiencing internet access issues, and a number of network administrators will be left scratching their heads as to why. To complicate the scenario further, most administrators and ICT managers may not know what has gone wrong.
So we hope Zimbabwean ISPs and Organisations are prepared for these changes to ensure we will not have any Internet blackouts.
Share
Home
3 comments
Am really touched by the story that u have published,Possible Internet Blackout, of which am not the only Sys Admin who is not fully versed with what exactly I need to check in place to ensure continual connectivity…what exactly do I need to verify to ensure am not that much affected…
check out:
https://www.dns-oarc.net/oarc/services/replysizetest
http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues
Tawanda, all you need to do is to check the configuration of your boarder systtems(Firewall and Routers).
More information is available on various forums:
eg
http://www.broadbandreports.com/forum/r24163554-Testing-your-router-for-May-5-internet-changes
http://www.dnssec.net/
Lets hope most of the sys/ Network admins have looked at their devices. Old firewalls and routers are at risk due to this assertion:
“In some older networking equipment, any larger request than this would be blocked by pre-configured factory settings, under the assumption that larger packets (and several of them) represent an anomaly of some kind.”