Home / Blogs

The Christmas Goat, IPv6 and DNSSEC!

Torbjörn Eklöv

The city of Gävle in Sweden have a special Christmas tradition for which it is quite famous. Every year in December a giant Christmas Goat in straw is put in to place in one of the central town squares. In relation to this tradition a sub-tradition has emerged which the city is even more renowned for — to burn down the poor Christmas Goat. This is of course an "illegal" act, but still of quite some interest!

Web-cameras showing the status of the Christmas Goat have been put up by the city of Gävle, primarily in a purpose of control. However, when someone sets fire to the poor Goat, the traffic and need for bandwidth tend to go sky-high for these cams.

It is with this background that the IT-department within the city of Gävle turned to me and my company with questions about load sharing the traffic. Since the traffic is quite substantial and visitors come from all over the world, I gave it some thought and came to the following conclusion: Why not combine business with pleasure?! I accepted the request with the following therms: loadsharing for the site AND at the same time validating the use of IPv6 and DNSSEC.

So, at the time of the premier of the 2010 Christmas Goat, 28/11 - 2010, the following was done:
http://www.julbockmedipv6ochdnssec.se/kamera1 and http://www.julbockmedipv6ochdnssec.se/kamera2 were set up in order to:

• Track native IPv6 with a RR with A and AAAA.
http://www.julbockmedipv6ochdnssec.se/ipv4.jpg

• Track those who can run IPv6 with a RR with only one AAAAA.
http://pic6.julbockmedipv6ochdnssec.se/ipv6.jpg

• Track validating DNS-resolvers with a domain that has a faulty DNSSEC.
http://pic.try2readme.se/dnssec.jpg

The result we got showed that native IPv6 was in use by very few users. Quite a few of them ran 6to4 but nobody(!) used Teredo. The fact that nobody seemed to use Teredo raised some questions and we started to investigate. A standard search on Google gave us nothing so we moved on to a contact on Microsoft that supplied us with the following link.

http://msdn.microsoft.com/en-us/library/aa965910(VS.85).aspx

Basically this says that Windows Vista/7 don't do DNS-entries after AAAA RR if the only active IPv6 alternative is Teredo. Here you can start to wonder why Microsoft bothered to have Teredo active, but perhaps we should have that discussion some other time.

Upon that we changed the IPv6-link to:
http://[2001:b48:10:3::215]/ipv6.jpg

After that the use of Teredo increased.

Up until today, 13/12 - 2010, the result is as follows:

• 0,1% has reached the site with native IPv6.

• 52% of the visitors have reached http://[2001:b48:10:3::215]/ipv6.jpg and 53% of them use 6to4 and 47% use Teredo.

• 44% of the visitors validate DNSSEC but do not reach http://pic.try2readme.se/dnssec.jpg

My reaction to the results is that the use of validation of DNSSEC is surprisingly low. It is also surprising that the use of 6to4 and Teredo is this high! If we take in account that 40% of the visitors run Windows XP, the figure is even more surprising. I guess that this shows that the people with interest in the Christmas Goat in Gävle also are well prepared for the future with a dual-stack that seems to work well. (If we don't count the failure from Microsoft with Teredeo… But hey, it is soon Christmas so let´s be nice :)

Conclusion: The Gävle Christmas Goat can be used to much more than first intended.

More information about the Gävle Christmas Goat on:
http://en.wikipedia.org/wiki/G%C3%A4vle_goat
http://www.merjuligavle.se/Bocken/In-English/

Merry Christmas!

By Torbjörn Eklöv, CTO, Senior Network Architect, DNSSEC/IPv6

Related topics: DNS Security, IPv6

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

3 Questions to Ask Your DNS Host About DDoS

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

The Latest Internet Plague: Random Subdomain Attacks

Nominum Announces Future Ready DNS

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Adds Chris Griffiths As New VP of Labs

DotConnectAfrica Registry Services Participates in ICANN DNSSEC Training at AFRALTI Nairobi

Neustar Launches Enterprise Professional Services Offerings

ARI Registry Services Expands Top-Level DNS Services With Bold Plans

What's in a Name Server?

New Nixu Solution Slashes Cloud Application Delivery Times from Weeks to Milliseconds

DNS ROI: 5 Reasons Slow Website Speed Kills and Why Uptime Is a Necessity

Domain Name Registrations Pass 233 Million in the First Quarter Of 2012

Nominum selected as 2012 AlwaysOn Global 250 Top Private Company

Nominum Releases New Version of Carrier-Grade DHCP Software for Telecom Providers

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias