
Is your internet up to date? - BuuQu9hu
http://en.conn.internet.nl/connection/
======
hannob
Wow, this is terribly misleading DNSSEC propaganda. It tells me:

"Protected from redirection to false IP addresses (DNSSEC)"

What does that mean? It means that whatever other DNS server I use seems to
verify DNSSEC signatures (I use Google's DNS fwiw). Yet this doesn't provide
any reasonable sense of protection, as the connection to that DNS server may
very well be compromised.

This would very well show DNSSEC protection in an open public wifi if the
provider decided to enable DNSSEC.

~~~
pjc50
I thought DNSSEC was supposed to be verifiable by the _client_? If it isn't
then it's pointless in the way that you suggest, but I find it hard to believe
that hole was left.

~~~
hannob
Congratulations, you've understood the main hole of dnssec.

The thing is: you can verify dnssec on the client. In theory. It's just that
99,9% (rough estimate, may be higher) of people don't. You'd have to run your
own resolver. Which might work, if your ISP isn't doing funny things with your
DNS traffic. Which some ISPs do. Which means it can't be deployed widely.

This thing was built in the 90s when people assumed you have some dns that
some admin you trust manages in some trusted network. Moving it to today's
internet is pretty much impossible.

~~~
ribasushi
( serious question - I might not know something )

If I run my own resolver, with a hardcoded [1] trust anchor, how could an ISP
affect me regardless of what funny things it does with my DNS traffic...?

[1]
[https://sources.debian.net/src/bind9/1:9.10.3.dfsg.P4-10.1/b...](https://sources.debian.net/src/bind9/1:9.10.3.dfsg.P4-10.1/bind.keys/#L35-L45)

~~~
hannob
Well, the traffic is not encrypted or otherwise protected, so a firewall
trying to be "smart" could do all kinds of things. E.g. not letting you
connect to other DNS servers at all or filtering all queries with unusual
record types.

~~~
ribasushi
But the point of DNSSEC isn't to protect your ability to contact another
server, just like the point of SSL isn't to be a substitute for TOR.

Are we on the same page that with DNSSEC activated on a local resolver one
would either get an authentic answer, or nothing at all?

~~~
hannob
> Are we on the same page that with DNSSEC activated on a local resolver one
> would either get an authentic answer, or nothing at all?

Sure. But it's not very relevant, because almost nobody does that. And that's
unlikely to change, because getting nothing at all isn't a very desirable
state of affairs.

And given that forcing local DNSSEC resolvers in an OS or a browser would
likely mean that a large share of your userbase will get nothing at all this
is pretty much impractial.

~~~
ribasushi
> And that's unlikely to change, because getting nothing at all isn't a very
> desirable state of affairs.

It worked for HTTPS - more and more browser builds refuse to show you stuff,
with no workaround, even if there is nothing wrong with the certificates (
cough-sha1-cough-or-cough-chrome-cert-transparency-cough ). Yet I don't see
any users revolt.

Claiming that having an all-or-nothing HTTPS is a-ok, yet having all-or-
nothing DNS is unacceptable is... inconsistent.

------
alicewales
> Is Your Internet Up-To-date?

Of course it isn't. I live in the UK.

~~~
wrboyce
Mine is, and I live in the UK also. I'm not sure what joke you're making.
Sure, we may not have the best bandwidth (although at my previous house I had
250MBit), but supporting IPv6 (etc) has nothing to do with being in the UK.
Find a decent ISP, I recommend Zen (or if you can afford them, AA).

~~~
tluyben2
Depends where you live. In Storrington the internet is rubbish and no phone
signal. This is 2017 UK. Driving to London from that region you lose mobile
signal at least 5 times completely.

People act so entitled when they live in cities; I happen not to like cities
which makes me a minority, but there are plenty of wealthy business people
crying every day about their connection south of London (and probably in more
places; most places around Exeter aren't great either).

~~~
lucaspiller
My parents live in a Dorset village and have the same issues. I'm on Three and
even in the nearest towns (Dorchester, pop. 20k and Weymouth, pop. 50k) there
is usually no or a very weak signal. They finally rolled out BT Infinity last
year, so at least that's something.

I live in Lithuania now and it really shocks me how bad the UK is for these
things. Here I have 600/600 FTTH for €20/month and LTE is basically universal,
even in remote parts of the country.

~~~
DaiPlusPlus
It's cheap in Lithuania and other countries because they were was no
significant prior investment in telecoms infrastructure, and the costs of
deployment are generally lower too (cheaper labour, easier planning-
permission) - so when it comes to deploying Internet access to a previously
disconnected community it only makes sense to roll-out the bleeding-edge
technology (e.g. FTTH).

Whereas in the UK, BT was/is obsessed with squeezing every last drop of
bandwidth from POTS connections - because the cost of upgrading everyone's
last-mile connections from copper (or even aluminium in some cases) to fibre
is very cost-prohibitive: look at the sheer cost the cablecos shouldered
during the mass roll-out of coax in the early-1990s (and even then, it was
only to boxes in the street, not houses) - I understand their near-bankruptcy
from this move lead to them all coming together under NTL and Telewest, and
then Virgin Media.

(The only thing that is inexplicable is how even modern, brand-new housing
developments still have unshielded copper last-mile connections instead of
FTTH: they don't even lay conduits to make it easier for possible future
FTTH... idiocy)

Give the UK a few more years and there should be a mandate from above
requiring FTTH and we'll see progress: maybe even 10Gig FTTH as standard, then
the tables will turn and people in Lithuania will be stuck with their 1Gbps
service until their next round of major infrastructure investment, potentially
decades away.

(I'm aware that Fibre is generally more future-proof than copper, and a high-
quality fibre line that handles 1Gbps today can easily handle 10Gbps, and
potentially 40Gbps or even 100Gbps in the future - so my entire argument may
be moot)

~~~
lucaspiller
One of the things that really helped is that all passive telecommunications
infrastructure is by law "common use" \- so things like ducts, pipe work, man
holes, poles, etc can be used by any company. This has really helped to level
the playing field so a single company doesn't have an unfair monopoly because
it was there first ( _cough_ BT _cough_ ). Where I'm living right now cable
and DSL was available (maybe up to 50mbit?), but last year fibre was rolled
out by a different company. There are also guidelines on how the
infrastructure should be delivered within buildings, so most apartment
buildings have duct work going from the basement to the top floor, and space
for the providers equipment for future upgrades.

Edit: Looks like Ofcom wants to do something similar:
[http://www.ispreview.co.uk/index.php/2016/02/a-closer-
look-a...](http://www.ispreview.co.uk/index.php/2016/02/a-closer-look-at-
ofcoms-proposed-bt-openreach-duct-and-pole-access-fix.html)

~~~
extrapickles
Where I live in the states, telephone pole access is "common use" but the
bureaucracy around actually being able to do so makes it pretty much
impossible to add new lines (eg: needing to get a expensive environmental
review for adding a wire to a pole that already has wires). Last I checked it
took about a dozen permits which took ~12-24 months to get. After you got the
permits, you then needed to pay for the inspection and full replacement of any
poles found to be old/substandard that you wanted to attach to.

------
blauditore
If not, you can download the latest version here:
[http://www.downloadmoreram.com/download.html](http://www.downloadmoreram.com/download.html)

------
feld
Meanwhile irssi just removed support for DANE in the irc client which I
believe means that there are now zero irc clients that will attempt to
validate you aren't talking to a rogue irc server. Wasn't irssi the first and
only to implement it?

DNSSEC is dead on arrival. Nobody actually wants it.

~~~
iso-8859-1
I wasn't aware that DANE support was removed, but you're right, here's the
commit:
[https://github.com/irssi/irssi/commit/5a04430998ada5ae800aa0...](https://github.com/irssi/irssi/commit/5a04430998ada5ae800aa0a88638206de51287ca)

------
ccozan
Not really reliable.

I have full IPv6 connectivity and it tells me the opposite.

------
cube00
0% checking in from Australia

------
madihaawan
Yes, my internet is up to date.

------
janvha
The number of websites unreachable for not having IPv6 equals 0, so saying
your internet is not "up to date" because you don't have IPv6 doesn't mean
much

~~~
phicoh
Two things. First, it is nice if you don't have to allocate ports on a NAT box
to make a test system available. These days you can't really count on all non-
production systems having public IPv4 addresses anymore.

Obviously that only works if all systems that need access have IPv6.

However, the main killer app for IPv6 is your ISP running out of IPv4
addresses. Carrier grade NAT boxes are expensive and introduce all kinds of
issues. Better to move as much traffic to IPv6 as possible.

Finally, IPv6 seems to be catching on:
[https://www.google.com/intl/en/ipv6/statistics.html](https://www.google.com/intl/en/ipv6/statistics.html)

If at some point IPv6 traffic is the vast majority of the traffic for a
website, then IPv4 traffic engineering may start to suffer. So technically the
site will be reachable over IPv4 for a very long time. But it may be that at
some point performance will be a lot worse then over IPv6.

~~~
zeristor
It appears that Google is seeing 16% ipv6 traffic at the moment, it was 10% a
year ago, and 5% the year before that; so not quite on the Ogive climb.

Mind you on a country by country basis Belgium has cleared 50% with Greece
clearing 30%.

Heartening to see Zimbabwe pass 7%, an anomaly for the whole of Africa, does
anyone know whats going on there? Egypt is second with 0.50%.

The map isn't set up for the Caribbean, although if you check the json used
for the website Trinidad comes is at 12%. An egregious omission .

[https://www.google.com/intl/en_ALL/ipv6/statistics/data/worl...](https://www.google.com/intl/en_ALL/ipv6/statistics/data/worldmap.js)

Perhaps I need to start a fantasy ipv6 migrarion website...

~~~
p1mrx
You're right, the Caribbean region was not covered by any of the existing
links:

[https://developers.google.com/chart/interactive/docs/gallery...](https://developers.google.com/chart/interactive/docs/gallery/geochart#continent-
hierarchy-and-codes)

Should be fixed now.

