DNS

Blogs

Scaling the Root of the DNS

The DNS is a remarkably simple system. You send it queries, and you get back answers. Within the system, you see exactly the same simplicity: The DNS resolver that receives your query may not know the answer, so it, in turn, will send queries deeper into the system and collects the answers. The query and response process is the same, applied recursively. Simple. However, the DNS is simple in the same way that Chess or Go are simple... more

A Failed Whois Policy

ICANN's two-year effort to purportedly preserve the Whois public directory to the greatest extent possible while complying with GDPR has failed. Under the latest proposal, the Whois database, once a contractually-required directory of domain name registrants, will be gutted to the point of virtual worthlessness, as registrars, registries, academics, and hand-wringing others ignored the public interest and imposed ever-higher barriers to legitimate, GDPR-compliant access to registration data. more

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

Data privacy and security experts tell us that applying the "need to know" principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider -- or to other parties -- to the minimum the service provider requires to perform a service. This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS. more

A Responsible Domain Industry Needs a Responsible Registrant Appeals Process

As the steward of .ORG, Public Interest Registry is committed to serving as an "exemplary registry" for the DNS. As part of that mission, PIR published our Anti-Abuse Principles last year that serve as our north star to address questions of abuse. As PIR has stated on many occasions, generally speaking, the DNS is not the appropriate place to address questions of website content abuse because of the blunt tool we as a registry have and the collateral damage that can be caused by suspending a domain name for a piece of content. more

Only Bad Actors Should Worry About the URS

With DNS abuse a topic of increased concern throughout the community, any controversy over adopting the Uniform Rapid Suspension System (URS) for all generic top-level domains (gTLDs) seems misplaced. The URS was designed as a narrow supplement to the Uniform Domain-Name Dispute Resolution Policy (UDRP), applicable only in certain tightly defined circumstances of clear-cut and incontrovertible trademark infringement involving the registration and use of a domain name. more

How Will the New .AU Domain Licensing Rules Impact You?

The .AU Domain Administration (auDA) will soon implement new .AU domain administration licensing rules either late this year or early next year. These rules apply to new registrations and around 3 million existing domain names in the com.au, net.au, org.au, and more .AU namespaces... Previously, an Australian trademark application or registration may constitute the required Australian presence for an .AU domain name, but the domain name need not match the trademark. more

Is There Such a Thing as Technical Internet Governance?

In ICANN's "President & CEO Goals for Fiscal Year 2021", Göran Marby went out to make a curious distinction in the document's second stated goal, according to which he intends to "Implement a common strategy for Internet governance (IG) and technical Internet governance (TIG)". Proceeding to state that "we will begin by identifying the most important issues we need to address, followed by an assessment of where and how we can intervene, the venues we should use, and the resources required to be effective". more

New CSC Research Finds Significant Lack of Redundancy for Enterprise DNS

As outlined in CSC's recent 2020 Domain Security Report: Forbes Global 2000 Companies, cybercriminals are disrupting organizations by attacking the protocol responsible for their online presence -- their domain name system (DNS). When a DNS is overwhelmed with traffic due to a distributed denial of service (DDoS) attack or configuration error, content and applications become inaccessible to users, affecting both revenue and reputation. more

Call for Participation – ICANN 69 DNSSEC and Security Workshop, October 2020

If you are interested in presenting at the ICANN 69 DNSSEC and Security Workshop during the week of 17-22 October 2020, please send a brief (1-2 sentence) description of your proposed presentation to dnssec-hamburg@isoc.org by 27 August 2020. We are open to a wide range of topics related to DNS, DNSSEC, DANE, routing security, and more. There are some ideas in the Call for Participation below, but other ideas are definitely welcome, too! more

Why Platform Regulation Concerns ICANN

With the publication of the Australian Governmental report on Digital Platforms1and in the light of the ongoing work on the EU's Digital Services Act, the spotlight of policymaking is on platforms such as Google, Facebook and Amazon. It is natural that members of the ICANN community want to discuss the role of platforms within the ICANN framework, but sadly and predictably, the usual bylaws jockeys and keepers of the true ICANN faith were quick to stifle the conversation. more

How Digital Asset Management May Change Due to COVID-19

One of the "fathers of the internet," Vint Cerf, in a September 2019 article he published, said: "Today, hackers routinely break into online accounts and divert users to fake or compromised websites. We constantly need to create new security measures to address them. To date, much of the internet security innovation we've seen revolves around verifying and securing the identities of people and organizations online. more

Afilias to Protect TLDs Against Potential "Orphan Glue" Exploits

Afilias has informed registrars and registry clients that it is taking steps to remove orphan glue records from 200+ TLD zones in its care. This will eliminate the potential for a handful of domain names to be misused. "Glue records" enable websites and other uses of domain names to work on the internet. They are related to DNS domain name delegations and are necessary to guide iterative resolvers to delegated nameservers. more

The State of DNS Abuse: Moving Backward, Not Forward

ICANN's founding promise and mandate are optimistic -- ensure a stable and secure internet that benefits the internet community as a whole. Recent months, however, have highlighted the uncomfortable truth that ICANN's and the industry's approach to DNS abuse is actually moving backward, ignoring growing problems, abdicating on important policy issues, and making excuses for not acting. Further, the impending failure of ICANN's new WHOIS policy to address cybersecurity concerns will add fuel to the fire, resulting in accelerating DNS abuse that harms internet users across the globe. more

DNS: An Essential Component of Cloud Computing

The evolution of the internet is anchored in the phenomenon of new technologies replacing their older counterparts. But technology evolution can be just as much about building upon what is already in place, as it is about tearing down past innovations. Indeed, the emergence of cloud computing has been powered by extending an unlikely underlying component: the more than 30-year-old global Domain Name System (DNS). more

Evolving the Internet Through COVID-19 and Beyond

As we approach four months since the WHO declared COVID-19 to be a pandemic, and with lockdowns and other restrictions continuing in much of the world, it is worth reflecting on how the Internet has coped with the changes in its use, and on what lessons we can learn from these for the future of the network. The people and companies that build and operate the Internet are always planning for more growth in Internet traffic. more

News Briefs

New Digital Services Act Should Not Disrupt Internet's Technical Operations, Warn RIPE NCC, CENTR

Trump Admin Ramping Up Attacks on GDPR – Says It Helps Cybercrime, Threatens Public Health

Firefox Starts the Roll Out of DNS Over HTTPS (DoH) by Default for US-Based Users

The Number Resource Organization (NRO) Issues Inspection Request to ICANN Concerning the .ORG Sale

Microsoft Announces Plans to Adopt DoH in Windows

EFF: For ISPs to Retain Power to Censor the Internet, DNS Needs to Remain Leaky

Leading Domain Registries and Registrars Release Joint Document on Addressing 'DNS Abuse'

The U.S. House Judiciary Committee Is Investigating Google's Plans to Implement DNS Over HTTPS

New Zealand’s Domain Name Commission Wins Appeal in Lawsuit Against US DomainTools

Mozilla Named "Internet Villain" for Supporting DNS-Over-HTTPS by a UK ISP Association

Use of DNS Firewalls Could Have Prevented More Than $10B in Data Breach Losses Over the Past 5 Years

A New Project Called Handshake Wants to Decentralize DNS, Says It's Unlike Previous Attempts

State-Sponsored Attack Is Manipulating DNS Systems of National Security Organizations

Unexpected Behaviour Observed With DNS Root Servers After Cryptographic Change

ICANN Makes Urgent Call for Full Deployment of Domain Name System Security Extensions (DNSSEC)

ISC Assesses DNS Flag Day

Domain Holders Urged to Ensure Their Domains Are Ready for 'DNS Flag Day'

An Investigation Shows How Bomb Threat Scammers Hijacked Thousands of Big-Name Domains

US Department of Homeland Security Issues Emergency Directive Ordering Agencies to Audit DNS Records

Global DNS Record Manipulation, Hijacking Campaign at Massive Scale Linked to Iran

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Industry Updates

Augmenting Digital Risk Protection with Threat Intelligence Sources

Threat Intelligence Feeds in the Fight against Insurance-Themed Cyber Attacks

The DNS Ecosystem, Its Vulnerabilities, and Threat Mitigations

100K+ List of Disposable Email Domains Under Security Analysis

Detecting Possible Domain Generation Algorithm-Related Threats Using Typosquatting Data Feed

Subdomain Lookup as Part of Cybersecurity Best Practices

Using WHOIS History and Other Intelligence Sources for Establishing Potential Attack Surfaces

Verisign Q2 2020 Domain Name Industry Brief: Internet Grows to 370.1 Million Domains in Q2 of 2020

Host to IP and DNS Analysis of Dozens of Fortnite-Inspired Typosquatting Domains

Upward Trend Seen in "All Lives Matter," "BLM," and "Protest" Domain Registrations

Domain Security Report – Forbes Global 2000 Companies

Combating COVID-19 Cybercrime – What Internet Infrastructure Providers Like Afilias Are Doing

Blacknight Chooses Afilias for Managed DNS with Anycast

Coronavirus: Cybersecurity Implications and Fraudulent Infection Maps

How to Maintain Your Website's Network Reachability with DNS Lookup Solutions

Participants – Random Selection