Taking a Closer Look at the Recent DDoS Attacks and What it Means for the DNS

The recent attacks on the DNS infrastructure operated by Dyn in October 2016 have generated a lot of comment in recent days. Indeed, it's not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways, this DNS DDOS prominence is for all the wrong reasons! I'd like to speculate a bit on what this attack means for the DNS and what we could do to mitigate the recurrence of such attacks. more»

Trust Isn't Easy: Drawing an Agenda from Friday's DDoS Attack and the Internet of Things

Last week, millions of infected devices directed Internet traffic to DNS service provider Dyn, resulting in a Distributed Denial of Service (DDoS) attack that took down major websites including Twitter, Amazon, Netflix, and more. In a recent blog post, security expert Bruce Schneier argued that "someone has been probing the defences of the companies that run critical pieces of the Internet". This attack seems to be part of that trend. This disruption begs the question: Can we trust the Internet? more»

How Did We Get Here? A Look Back at the History of IANA

October 2016 marks a milestone in the story of the Internet. At the start of the month, the United States Government let its residual oversight arrangements with ICANN over the operation of the IANA lapse. No single government now has a unique relationship with the governance of the protocol elements of the Internet, and it is now in the hands of a community of interested parties in a so-called Multi-Stakeholder framework. This is a unique step for the Internet and not without its attendant risks. How did we get here? more»

A Great Collaborative Effort: Increasing the Strength of the Zone Signing Key for the Root Zone

A few weeks ago, on Oct. 1, 2016, Verisign successfully doubled the size of the cryptographic key that generates DNSSEC signatures for the internet's root zone. With this change, root zone DNS responses can be fully validated using 2048-bit RSA keys. This project involved work by numerous people within Verisign, as well as collaborations with ICANN, Internet Assigned Numbers Authority (IANA) and National Telecommunications and Information Administration (NTIA). more»

.US Hosts its Annual Town Hall Meeting

Neustar, a leading provider of registry services, is hosting a Town Hall meeting this month for the United States' country code Top-Level Domain, .US. Neustar introduced the .US Town Hall last year to reflect our commitment -- and the Commerce Department commitment to the bottom-up, multistakeholder model of DNS management. The public forum is an important part of ensuring that .US continues to be a vibrant namespace that reflects America's diversity, creativity, and innovative spirit. more»

How to Handle an Outage Like a Pro

In just the last two weeks, there were three major DNS outages between Google, Microsoft Azure, and Fonality. But only one of these companies was able to make even bigger waves with the way they handled their blunder. Fonality, who sells VoIP services and business phone systems, offered a very rare and transparent analysis of their outage. In a detailed statement from Chief Marketing Officer Jeff Valentine, readers were given crucial insight on how to prevent the same mistakes from happening to other companies. more»

The Wild West Of Performance Measurement: Using Data To Ensure Optimal Vendor Selection

Data-driven decision making relies on contextual understanding of how data is gathered and the type of analysis used to arrive at an outcome. The popularity of data-driven decision-making has increased the number of companies using statistics to support a preference or vendor selection. The Internet Performance Management (IPM) market hasn't been spared, but, unlike other markets where institutions have codified a standard for qualification and quantification, such as the FDA's nutrition labels, Insurance Institute for Highway Safety, or the Coffee Quality Institute, the IPM market is still in the Wild West stage. more»

Increasing the Strength of the Zone Signing Key for the Root Zone, Part 2

A few months ago I published a blog post about Verisign's plans to increase the strength of the Zone Signing Key (ZSK) for the root zone. I'm pleased to provide this update that we have started the process to pre-publish a 2048-bit ZSK in the root zone for the first time on Sept. 20. Following that, we will publish root zones with the larger key on Oct. 1, 2016. more»

Refutation of the Worst IANA Transition FUD

Of all the patently false and ridiculous articles written this month about the obscure IANA transition which has become an issue of leverage in the partisan debate over funding the USG via a Continuing Resolution, this nonsense by Theresa Payton is the most egregiously false and outlandish. As such, it demands a critical, nearly line by line response. more»

DDOS Attackers - Who and Why?

Bruce Schneier's recent blog post, "Someone is Learning How to Take Down the Internet", reported that the incidence of DDOS attacks is on the rise. And by this he means that these attacks are on the rise both in the number of attacks and the intensity of each attack. A similar observation was made in the Versign DDOS Trends report for the second quarter of 2015, reporting that DDOS attacks are becoming more sophisticated and persistent in the second quarter of 2016. more»

An Internet for Identity

In World of Ends, Doc Searls and Dave Weinberger enumerate the Internet's three virtues: 1. No one owns it. 2. Everyone can use it. 3. Anyone can improve it. ... Online services and interactions are being held back by the lack of identity systems that have the same virtues as the Internet. This post describes what we can expect from an Internet for identity. more»

Want to Share Info with the DNSSEC Community? ICANN57 DNSSEC Workshop Seeking Proposals by Sept 15

Do you have information or an idea you would like to share with members of the broader DNS / DNSSEC community? Have you developed a new tool that makes DNSSEC or DANE deployment easier? Have you performed new measurements? Would you like feedback about a new idea you have? Would you like to demonstrate a new service you have? If so, we're seeking proposals for the DNSSEC Workshop to be held at ICANN57 in Hyderabad, India, in early November 2016. more»

The .Corp, .Home & .Mail Quandary

On 24 August, fifteen applicants for the .corp, .home, or .mail (CHM) new gTLDs sent a letter to the ICANN Board asking for action on the stalled process of the their applications. This points to the answer for the question I asked in march of this year: Whatever happened with namespace collision issues and the gTLD Round of 2012. As the letter from the applicants indicates, ICANN has done little to deal with issues concerned with namespace collisions in the last 2 years. Is it now time for action? more»

Why Registry Service Providers Should be Accredited by ICANN

The merits of a Registry Service Provider accreditation programs have been debated across the Domain Industry since the most recent round of Domain Name Registries were introduced starting in 2012. This post discusses the early reasoning in support of an accreditation program; changes in the policy considerations between 2012 and now; the effects of competition on the landscape; a suggestion for how such a program might be implemented; and why such a program should be introduced now. more»

Court of Appeals Avoids "Doomsday Effect" in Iran ccTLD Decision

Earlier today the U.S. Court of Appeals for the DC Circuit issued its decision in Weinstein vs. Iran, a case in which families of terror victims sought to have ICANN turn over control of Iran's .IR ccTLD to plaintiffs. In a unanimous decision the three judge panel stated, "On ICANN's motion, the district court quashed the writs, finding the data unattachable under District of Columbia (D.C.) law. We affirm the district court but on alternative grounds." more»

News Briefs

Google Announces Nomulus, Open Source Top-Level Domain Name Registry

UK's National Cyber Security Centre Reveals Plans to Scale Up DNS Filtering

US Congress Website Recovers from a Crippling 3-Day DNS Attack

US Department of Commerce Reports on Open Internet, Privatization of DNS

Neustar Announces Intention to Separate Into Two Independent and Publicly Traded Companies

Sweden Makes its TLD Zone File Publicly Available

Large Volume of DNSSEC Amplification DDoS Observed, Akamai Reports

GNU C Library Found Vulnerable to Rogue DNS Server Attacks

91.3% of Malware Use DNS as a Key Capability

Internet Root Servers Hit with Unusual DNS Amplification Attack

Hacking Increasingly Becoming a Physical Concern

IANA Contract Extended by One Year, Announces Department of Commerce

Group Working on Securing Email Using DNS

New Report on Performance Measurements of the DNS Root Service in China

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Comparing Root Server Performance Around the World

AFRINIC Partners With ICANN on AFRICA DNS Business Exchange Programme

NTIA Reveals How It Manages the Root Zone

Google Improving Location-Sensitive DNS Responses for Its 400B Responses-Per-Day Public DNS Service

DNS Based DDoS Attacks Using White House Press Releases

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Industry Updates

Participants – Random Selection