‘Tis the season for new year’s predictions, and my blog will be no exception. Some of these predictions are fairly safe bets, like the signing of the root zone and the introduction of internationalized top-level domains. Others are more speculative. Here they are, in no particular order:
- The signing of the root zone, slated for July, will spur adoption of DNSSEC. A signed root zone will make configuring DNSSEC validation much easier: Administrators will only need to configure a single key in order to validate signed data in any of the currently-signed top-level zones. But the signed root zone will also point out shortcomings in DNSSEC support. In particular, ICANN and VeriSign have announced that they’ll use RSA/SHA-256 to sign the root, and many DNSSEC implementations don’t yet support RSA/SHA-256. Expect a scramble among vendors.
- We’ll see some nasty cache poisoning attacks against stragglers who haven’t upgraded their recursive name servers to use random query ports or other anti-spoofing mechanisms. We’ve already seen some of these this year (see my “DNS Year in Review” posting); hackers have all the tools they need to mount more, and it costs them basically nothing to keep vulnerable recursive name servers constantly under attack.
- As DNSSEC and IPv6 roll out, we’ll see more organizations driven to outsource DNS. Without good tools, managing a DNSSEC-signed zone is almost embarrassingly complex (though ISC is doing its darnedest to make it easier). Many smaller organizations will throw in the towel and pay a service provider to do it for them. On the recursive side, the hassle of keeping name servers patched against cache poisoning and other threats will induce more organizations to use services like OpenDNS and Google’s Public DNS.
- We’ll begin seeing the addition of internationalized country code top-level domains (ccTLDs). ICANN is eager to expand the top-level of the Internet’s namespace and has instituted a new, fast-track process for applying for new internationalized ccTLDs. Expect to see the first of these introduced in 2010. To some of us, these top-level domains may be incomprehensible, either because we’ll see them rendered in their encoded form, as opaque strings beginning with “xn--,” or because we don’t understand the script they’re written in. But to others, these new ccTLDs will provide a more natural, understandable way to access Internet resources.
Let’s see if I can remember to tick these off as they happen over the course of the year. Assuming that any of them happen, that is.
Hope you all had a happy, relaxed holiday season!