Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2 3

Author Topic: Your internet access may die on May 5th  (Read 13447 times)

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 39902
  • Penguins CAN fly
    • DSLstats
Your internet access may die on May 5th
« on: April 15, 2010, 07:26:38 AM »

This doesn't seem to have been widely discussed, but on May 5th a new, more secure, DNS protocol is being introduced. For most users this change should happen seamlessly, but users with badly configured firewalls and customers of badly prepared ISPs may find that DNS lookups no longer work, so they can't do anything on the internet.

There's a link to an El Reg article on the subject below, and near the end of that article there are links to two ways of testing if your DNS provider is ready for this change. If you get bad results from the test, it might be worth considering a change to a different DNS provider.

http://www.theregister.co.uk/2010/04/13/dnssec/
Logged
  Eric

silversurfer44

  • Kitizen
  • ****
  • Posts: 4421
  • Lord Muck
    • Ben Novice Weather
Re: Your internet access may die on May 5th
« Reply #1 on: April 15, 2010, 07:46:52 AM »

Very interesting Eric. Thank you for bringing it up. I tested out OK.
Logged
Colin II : It's no good being a pessimist, it wouldn't work anyway.

broadstairs

  • Kitizen
  • ****
  • Posts: 3419
Re: Your internet access may die on May 5th
« Reply #2 on: April 15, 2010, 08:25:38 AM »

Well I just issued the dig +short rs.dns-oarc.net txt command it it came back with the results indication a router which does not support EDNS at ip 204.74.106.104  and 204.74.106.103 which is nothing to do with my setup. So I'm a bit worried now especially as it seems there is nothing I can do. I guess I need to try to find out where this IP resides.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220

waltergmw

  • Content Team
  • Kitizen
  • *
  • Posts: 2774
Re: Your internet access may die on May 5th
« Reply #3 on: April 15, 2010, 08:52:47 AM »

@ Broadstairs,

Herewith a Whois scan

Kind reagrds,
Walter

Whois has started…

Internet Media Network IMN (NET-204-74-64-0-1)
                                  204.74.64.0 - 204.74.127.255
UltraDNS Corp ULTRADNS-GLOBAL-2 (NET-204-74-96-0-1)
                                  204.74.96.0 - 204.74.108.255

# ARIN WHOIS database, last updated 2010-04-14 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
Logged

tuftedduck

  • Senior Kitizen
  • ******
  • Posts: 29658
  • Router Luvvin Duck
Re: Your internet access may die on May 5th
« Reply #4 on: April 15, 2010, 08:53:04 AM »

I have had a look by accessing the dns-oarc link...................and I do not understand one word of what is written there.

Surely it is not expected that a whole world full of internet users, ( most of whom are like me and just want to connect without having to understand all the technicaslities ), will have to carry out tests such as that to ensure that their connections will continue to "work". ?
Surely it will be the responsibility of the ISPs to ensure that the correct systems/protocols will be put in place ?

What is a "DNS Provider" ?

Logged

UncleUB

  • Helpful
  • Senior Kitizen
  • *
  • Posts: 29542
Re: Your internet access may die on May 5th
« Reply #5 on: April 15, 2010, 09:01:44 AM »

I have had a look by accessing the dns-oarc link...................and I do not understand one word of what is written there.

Surely it is not expected that a whole world full of internet users, ( most of whom are like me and just want to connect without having to understand all the technicaslities ), will have to carry out tests such as that to ensure that their connections will continue to "work". ?
Surely it will be the responsibility of the ISPs to ensure that the correct systems/protocols will be put in place ?

What is a "DNS Provider" ?



I was just thinking the same.I haven't a clue what it means or what to do.  :no:

Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3419
Re: Your internet access may die on May 5th
« Reply #6 on: April 15, 2010, 09:16:57 AM »

Well I changed my DNS setup to use the TalkTalk default and now I get a different set of results, still not perfect but different. It now says edns or dnssec is working but the actual buffer size is smaller (about half) the advertised size (4096 vs 1993).

Yes I do understand ordinary internet users being confused by all this tech speak and I'm sure there will be loads of calls to ISP support teams if/when things stop working.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220

silversurfer44

  • Kitizen
  • ****
  • Posts: 4421
  • Lord Muck
    • Ben Novice Weather
Re: Your internet access may die on May 5th
« Reply #7 on: April 15, 2010, 09:22:25 AM »

For the vast majority of internet users they will not or do not need to know the technical side of this. For the very few unfortunate ones that are liable to find that they can no longer surf, post mail or whatever it is nice there is advanced warning that it may happen.
If you found yourself in the position of not being able to access the internet you would not be able even post on here about it.
@TD I agree it is the responsibility of the isp to maintain connection to the Domain Name Server (dns), however, if an individual user has a firewall rule on their router or pc then the responsibility is the end user. Getting assistance for such as this would mean a phone call as one would not be able to do it online.

Without the DNS system there would be no internet as you know it. The DNS servers are there to convert the http://forum.kitz.co.uk into a numerical number that the entire internet works on. This is a subject in it's own right and there is plenty of information on the web if one wishes to delve into it. It's by no means necessary to know anything about it.
Logged
Colin II : It's no good being a pessimist, it wouldn't work anyway.

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 39902
  • Penguins CAN fly
    • DSLstats
Re: Your internet access may die on May 5th
« Reply #8 on: April 15, 2010, 10:10:29 AM »

Sorry if I've caused alarm and despondency. For most people there should be no problem, and for the majority of people who use their ISP's DNS services it's certainly true to say that the ISP is responsible for ensuring that their service conforms to the new standard.

But I always think that it's better to be prepared. If you happen to be one of the unlucky few who experience problems after the changeover, you may not even have a usable internet connection to enable you to search for a solution.

Here's another way of checking, which you may find easier to use and understand. Download DNS Benchmark and run it. You don't have to install this program, just run the executable which you downloaded. It's a Windows program, but it also works perfectly in Linux using Wine. When it's running, click the 'Nameserver' tab, then right-click in the middle part of the window; a popup menu appears, and you should click on 'Test DNSSEC Authentication'. Then click the 'Run Benchmark' button and leave it to work, which takes several minutes. A progress bar at the top lets you know how it's progressing.

When it finishes, click on the 'Conclusions' tab for a report.


(Apologies to SS44 for repeating things he already said :) )
« Last Edit: April 15, 2010, 10:36:27 AM by roseway »
Logged
  Eric

silversurfer44

  • Kitizen
  • ****
  • Posts: 4421
  • Lord Muck
    • Ben Novice Weather
Re: Your internet access may die on May 5th
« Reply #9 on: April 15, 2010, 11:39:25 AM »

No apologies necessary Roseway, you just reaffirm anything I may have said  :)
Logged
Colin II : It's no good being a pessimist, it wouldn't work anyway.

camallison

  • Kitizen
  • ****
  • Posts: 1357
Re: Your internet access may die on May 5th
« Reply #10 on: April 15, 2010, 11:42:07 AM »

Did the test and am reassured!
Logged

tonyappuk

  • Reg Member
  • ***
  • Posts: 589
Re: Your internet access may die on May 5th
« Reply #11 on: April 15, 2010, 12:33:19 PM »

Did both tests (DNS Benchmark and Replysizetest). The first brings up two red conclusions, that I am using only one (my routers) nameserver configured and that the System nameserver is SLOWER than 10 public alternatives! Replysizetest says Your resolver does not have DNSSEC enabled. This has confused me and I would welcome some advice.

Am I right in thinking that the fact that DNSSEC is not enabled is because the change on 5th. May has not happened yet or should I be taking action now?

The matter of using only the routers nameserver is presumably because in the initial router internet set up it uses "Obtain DNS server address automatically" which is what I have always used in each PC set up I have configured. Would it be sensible and worthwhile to change this to using the nameservers provided by my ISP (Plusnet) as DNS Benchmark suggests? If this the way to go, is there a guide to help me accomplish this? I would be very grateful for some advice - the older I get the less I seem to know!
Tony
Logged

Azzaka

  • Reg Member
  • ***
  • Posts: 572
  • SysAdmin
    • A Designers Work in Progress
Re: Your internet access may die on May 5th
« Reply #12 on: April 15, 2010, 01:17:53 PM »

I have had a look by accessing the dns-oarc link...................and I do not understand one word of what is written there.

Surely it is not expected that a whole world full of internet users, ( most of whom are like me and just want to connect without having to understand all the technicaslities ), will have to carry out tests such as that to ensure that their connections will continue to "work". ?
Surely it will be the responsibility of the ISPs to ensure that the correct systems/protocols will be put in place ?

What is a "DNS Provider" ?



I was just thinking the same.I haven't a clue what it means or what to do.  :no:




You are Both right. This is directly to do with the ISP. Zen are testing and making sure our DNS will work properly. I feel the smaller or less customer focused ISP's will not be so quick to test and hence you may see an issue. For the most part it will/should be seemless. A lot of the information is hyped up, so ask questions follow advise to check your own firewalls and modems and if you are still not sure call your ISP and ask what they are doing to check the new DNS.
 
Logged
I Sync', I Auth', therefore I am.
Online

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 39902
  • Penguins CAN fly
    • DSLstats
Re: Your internet access may die on May 5th
« Reply #13 on: April 15, 2010, 01:30:06 PM »

Quote
Am I right in thinking that the fact that DNSSEC is not enabled is because the change on 5th. May has not happened yet or should I be taking action now?

Most DNS services should be enabled for DNSSEC by now, so that they're ready for when the changeover takes place. I think it would be sensible to take some action now.

Quote
The matter of using only the routers nameserver is presumably because in the initial router internet set up it uses "Obtain DNS server address automatically" which is what I have always used in each PC set up I have configured. Would it be sensible and worthwhile to change this to using the nameservers provided by my ISP (Plusnet) as DNS Benchmark suggests? If this the way to go, is there a guide to help me accomplish this? I would be very grateful for some advice - the older I get the less I seem to know!

There's nothing wrong in principle with using the option to obtain DNS server addresses automatically. The addresses will be obtained from the ISP (in your case Plusnet) and there will certainly be two of them. I think that the situation you have is that your PC is set up to use the router as its DNS server, so the router is acting as a DNS relay, which again is a perfectly reasonable way of operating, normally. Entering the Plusnet DNS addresses in the router manually would change nothing, because it will already be using those addresses.

I think your easiest option is to reconfigure your PC to use DNS server addresses which you enter manually. You could try the Plusnet DNS server addresses first if you like, and then try replysizetest again. This may be all you need to do. But if replysizetest still indicates a failure, then you would probably be best advised to use a couple of addresses from near the top of the DNS Benchmark results, which will give you better performance anyway.
Logged
  Eric

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5347
Re: Your internet access may die on May 5th
« Reply #14 on: April 15, 2010, 02:10:23 PM »

Sorry if I've caused alarm and despondency. For most people there should be no problem

Aw shucks, I was looking forwards to the lights going dark, phone lines going dead, and airoplanes falling out of the sky, just like I looked forwards to in the run-up to Y2K bugs  >:D

Seriusly, thanks for the heads up, it's the first I'd heard of it & I will do some checking tonight.   

I'll need to think about whether or not to call Mum & Dad and help them to check.  I know their PCs configured to use the router as DNS relay, and I don't want to attempt to talk them though changing it.  I think I'll just keep quiet til after the event, and then call and make sure they're still OK.
Logged
Pages: [1] 2 3