IPv6 and DNSSEC: Their Slow adaptation
In this article, we will discuss the overview of IPv6 and DNSSEC and will discuss the reason in detail with all these benefits why is IPv6 deployment is slow. Let’s discuss it one by one.
Internet isn’t as simple as it looks, It’s a merger of many protocol stacks. Many of these have gotten into many changes and gotten themselves better but why is their adaptation in the real world is not that great. In this article, we will discuss why two of the important functions of the internet being adapted slowly, the IPv6 and DNSSEC.
IPv6 Protocol :
IPv6 is latest version of Internet Protocol(IP) where IPv4 being its predecessor. IPv6 somewhat looks like 64:ff9b::22da:3e74 whereas IPv4 looks like 184.108.40.206. The main reason for creation of IPv6 is exhaustion of IPv4 addresses, IPv4 has around 4 billion and IPv6 being 3.4×1038 addresses. IPv6 also has other different benefits like IPsec being built-in, multi-casting, stateless address auto-configuration, shorter IP header fields, and more. You can learn more from below links.
With all these benefits why is IPv6 deployment is slow :
- Expensive –
The running costs of IPv6 may cheaper, but initial costs of adaptation are pretty high. Many routers and switches are created for IPv4 and changing all others are burdensome and expensive. Having an IP address is a must-have rule to communicate on the internet. Training and teaching employees about IPv6 also become a burden for the organization
- Regular developments in IPv4 space –
Development of Classless Inter-Domain Routing(CIDR) in the routing and IP address allocation for Internet, and extensive use of network address translation (NAT), delayed IPv4 address exhaustion to allow for IPv6 deployment. Even most operating systems supporting IPv6 choose NAT over it.
- Compatibility –
Compatibility of hardware and software supporting IPv6 is also a challenge. There are many older devices still operating on the internet. Adding compatibility to End-user devices may be possible in the coming years might be successful but adding it to older business infrastructure will take more time.
- The benefit of IP Dual-Stack –
Many early adopters have added IPv6 to their IPv4 devices taking benefit of both. This being successful complete transition into IPv6 is taking more time.
- Privacy –
Little loss of Privacy might not be an issue, but there is a possibility of an increase in tracking and advertising because IPv6 has so many addresses so that you can permanently attach an address to the device.
The original design of the internet (or) DNS didn’t have any security features a bit as internet grew and became a crucial part of our life there is a need for security. To make DNS queries secure from DNS spoofing and cache poisoning the DNSSEC (Domain Name System Security Extensions) is a suite of extension specifications by Internet Engineering Task Force (IETF) promoted by Internet Corporation for Assigned Names and Numbers(ICANN) for securing data exchanged in Domain Name Server and the requesting device by using cryptographic authentication of data, no availability or confidentiality, and it has authenticated denial of existence, and data integrity. You can learn more from DNSSEC, DNS Spoofing, and DNS Cache Poisoning.
Why isn’t DNSSEC is used by everyone :
- Deployment support –
Support is one of the biggest issues for adapting any technology. DNSSEC support at the registrar level is increasing, but there are still some registrars and registries that do not support DNSSEC. Azure DNS still doesn’t support it yet.
- Resolver –
DNSSEC to work completely we need resolvers that do not support it. Resolvers like 220.127.116.11, 18.104.22.168, 22.214.171.124 do support it, but there are many ISPs that are yet to start supporting it.
- One Error can Cause Major Outage –
If we make any mistake while deploying DNSSEC to our DNS zone this can cause major outages as the domain won’t be resolved into IP.
- DNSSEC –
DNSSEC is good but not the complete solution, so major players aren’t thinking to support this has slowed down its adaptation
You can check whether a domain is DNSSEC signed by performing a whois lookup as follows.