Frizbits’ Bits

February 24, 2009

DNSSEC slowly becoming a reality (Updated)

Filed under: Uncategorized — frizbit @ 9:48 am

Although its not the full featured implementation we would all like, DNSSEC seems to be more than just something on the drawing board now.

DNS is one of the more fragile pieces underpinning the internet.  Translating names to IP addresses seems pretty trivial.  Its just a big phone book right?  Well imagine the fraud that would ensue if people could change entries in the phone book.  Anywhere.  For anyone.  More than that even, that number you always used to dial to pay your cable bill?  One day you dial the same number and as always someone happily takes your payment details but was it really the cable company?  I could go on and on with examples but lets just say that security on the internet should get a big boost from this.

To greatly simplify, DNSSEC allows us to cryptographically sign DNS records.  Someone retrieving this record can then verify that yes this record is valid (cryptographically, not necessarily accurate).  The idea is the DNS root would be signed (by the Dept of Commerce which controls ICANN right now) and the security could flow down from there.  The reality is that politics is slowing down the process.  ICANN has a temporary workaround in place that will allow top level domains (countries, etc.) to sign their namespace and have a central area to exchange these cryptographic keys.  The key exchange is a simple list right now.  This isn’t the robust solution we need to scale to cover the entire internet but its a start.  The article below points out that there is a concern that with this in place the better more permanent solution may be delayed.

There is some meat here for those of us with actual domains to manage.  VeriSign hasn’t announced their plans for .net and .com yet.  But again a workaround solution is available in Trust Anchor Repositories.  This, similar to above, gives lower level domains the ability to sign their records and publish the public keys for everyone to validate.  Again, not a permanent scalable solution but better than nothing and a step in the right direction.

Of course all this has one catch.  Just like SPF records intended to validate the source of email, publishing them does nothing until our clients and servers are prepared and configured to check for the information and then act on it.

Full article from Network World here.

Update:  VeriSign has released a statement saying they will support DNSSEC but that .com will likely be the last to get it due to its size.  They expect to have it in 24 months.


February 16, 2009

IE RSS feeds stop updating

Filed under: Internet Explorer — frizbit @ 10:44 am

I recently started using IE8 RC1 but I remember having this same problem with IE7 a while ago and couldn’t find a fix at the time.  This week there was a power outage while I was away and my computer didn’t gracefully shut down.  Everything was fine when I turned it back on except my feeds in IE.  None of them were auto updating anymore.  I could click they sync button and they would manually update but then no further updates would happen.  A quick search turned up a fix and I though I’d include it here if anyone else runs into it.

See the original post from the Microsoft RSS team here.

The portion that fixed it for me is below:

Check if task is corrupted

schtasks /query | findstr /i "user_feed"

Look for

ERROR: The task image is corrupt or has been tampered with.

ERROR: Task cannot be loaded: User_Feed_Synchronization-{..

If corrupted, then delete and re-create the task

msfeedssync disable

msfeedssync enable

February 8, 2009

How does Virtualization Licensing work? Tech Brief answers

Filed under: Uncategorized — frizbit @ 6:32 pm

When we deal with virtualized workloads we are usually concerned about the operating system licensing.  But what about the application licensing for the server apps running in our virtualized datacenter.  It’s usually straightforward when dealing in an all Microsoft shop but when you mix in other virtualization platforms it can get pretty hairy.

Fortunately I recently found this Volume Licensing Tech Brief that covers all kinds of scenarios for both Microsoft and non-Microsoft platforms.  I’ve never seen this laid out in such plain English before.  It was almost hard to believe this was a licensing document.  I did a quick search to find a good link to this document to post here and what did I find? There are Licensing Tech Briefs on all kinds of technology.  Cold server backup DR, Apps running on Terminal Services, license transfer, reimaging rights, work at home licenses, etc.  The list goes on and on.

Check it out for yourself.  I’ve already found a treasure trove of information I didn’t know before.

Of course you can always go straight for the virtualization doc that led me here in the first place.

Blog at