-
Blogs
-
News
-
Industry
-
Community
-
Topics
President, Internet Systems Consortium, Inc.
Joined on September 17, 2003
Total Post Views: 139,017
| About |
Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. Early in his career, he developed and introduced sends, proxynet, rtty, cron and other lesser-known tools. Paul is considered the primary modern author and technical architect of BINDv8 the Berkeley Internet Name Daemon Version 8, the open source reference implementation of the Domain Name System (DNS).
Paul Vixie founded ISC in 1994. In his role as President, Paul ensures that ISC stays true to his original mission of developing and maintaining production quality open source reference implementations of core Internet protocols, such as BIND and DHCP, and evolving those standards. In 1995, Paul co-founded PAIX (Palo Alto Internet Exchange), which was sold to AboveNet in 1999, who in turn named Paul its Chief Technology Officer in 2000, and then President of the PAIX subsidiary in 2001. Paul also co-founded MAPS (Mail Abuse Prevention System), a California nonprofit company established in 1998 with the goal of stopping the Internet's email system from being abused by spammers.
Along with Frederick Avolio, Paul co-wrote "Sendmail: Theory and Practice" (Digital Press, 1995). He has authored or co-authored more than a dozen RFCs, mostly on DNS and related topics. He is a member of ICANN RSSAC and ICANN DNSSAC, ARIN and a frequent participant in IETF and NANOG.
On Tuesday July 8, CERT/CC published advisory #800113 referring to a DNS cache poisoning vulnerability discovered by Dan Kaminsky that will be fully disclosed on August 7 at the Black Hat conference. While the long term fix for this attack and all attacks like it is Secure DNS, we know we can't get the root zone signed, or the .COM zone signed, or the registrar / registry system to carry zone keys, soon enough. So, as a temporary workaround, the affected vendors are recommending that Dan Bernstein's UDP port randomization technique be universally deployed. Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I've heard plenty of complaints, and I've watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally... more»
As a long time supporter of the universal namespace operated by IANA, it may come as a surprise that I have joined the Open Root Server Network project (ORSN). I'll try to explain what's going on and what it all means. ...If one of my kids, or anybody anywhere, sits down in front of a web browser and keys in a URL, it ought to just work. They ought to see the same web page that anybody else would see, no matter what country they're in or what their ISP wants or what their local church or government wants. This universality of naming is one of the foundations on which the Internet was built, and it is how the Internet fosters economic growth and social freedoms. It's what makes the Internet different from old Compuserve, old AOL, old MSN, old Minitel, and everything else that has come -- and gone -- before... more»
I am often asked what I think of multiple root nameserver systems -- sort of like the Public-Root or the Open Root Server Confederation (ORSC) pushed by others in the past years. Whenever some well meaning person asks me for multiple roots in DNS, I answer: "DNS is a distributed, coherent, autonomous, hierarchical database. It is defined to have a single root, and every one of the hundreds of millions of DNS-speaking devices worldwide has the single-root design assumptions built into it. It would theoretically be possible to design a new system that looked superficially..." more»
Imagine my surprise upon reading a BBC article which identified ISC BIND as the top security vulnerability to UNIX systems. At ISC, we have striven for a decade to repair BIND's reputation, and by all accounts we have made great progress. "What could this be about," I wondered, as I scanned the BBC article for more details. It turns out that BBC was merely parroting what it had been told by SANS. OK, let's see what SANS has to say... more»
I wish to correct several misstatements made by Brock Meeks in his article, "Fort N.O.C.'s", published January 20. I am speaking as an operator of the "F" root name server which was mentioned several times in this story. ..."A" root is not special in any way. Our "F" root server receives updates from an unrelated server called SRS which is operated under contract from the US Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN). These updates are received by all 13 root name servers, with "A" root a peer of the other 12, having no special capability or importance. If any one of these 13 servers (including "A" root) were temporarily unavailable due to a failure or disaster, there would be no noticeable impact on the Internet as a whole. more»
CircleID recently interview Paul Vixie, Founder & Chairman of Internet Software Consortium (ISC), to discuss ISC's newly formed Operations, Analysis, and Research Center (OARC). OARC is launched in response to DDoS attacks at the Internet's core infrastructure and the vital requirement for a formal coordination system. OARC is also a part of US homeland security initiatives, such as the formation of Information Sharing and Analysis Centers (ISACs).
"Registries and registrars, ccTLD operators, large corporate NOCs, ISPs and ecommerce companies that host many domain names are all likely candidates. This is also a natural for law enforcement groups that are worried about attacks on the Internet." more»
As a domain holder myself (of vix.com), I would not have chosen ".com" for my parent domain name back in 1988 had there been a wildcard domain name [that activates Site Finder service] under ".com". The risk of someone attempting to reach me but ending up talking to someone else instead would have been seen as "too great". I am now searching for a new parent domain whose publisher will guarantee me, in perpetuity, that there will be no wildcard name as there now is in "com". more»
Copyright © 2002-2009 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
