DNS

Blogs

DNSSEC Adoption Part 3: A Five Day Hole in Online Security

Implementing security requires attention to detail. Integrating security services with applications where neither the security service nor the application consider their counterpart in their design sometimes make plain that a fundamental change in existing practices is needed. Existing "standard" registrar business practices require revision before the benefits of the secure infrastructure foundation DNSSEC offers can be realized. more»

Call For Participation - ICANN 52 DNSSEC Workshop on 11 Feb 2015 In Singapore

If you will be at ICANN 52 in Singapore in February 2015 (or can get there) and work with DNSSEC or the DANE protocol, we are seeking proposals for talks to be featured as part of the 6-hour DNSSEC Workshop on Wednesday, February 11, 2015. The deadline to submit proposals is Wednesday, December 10, 2015... The full Call For Participation is published online and gives many examples of the kinds of talks we'd like to include. more»

Nameserver Operators Need the Ability to "Disavow" Domains

Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more»

The Resolvers We Use

The Internet's Domain Name System is a modern day miracle. It may not represent the largest database that has ever been built, but nevertheless it's truly massive. And even if it's not the largest database that's ever been built, it's perhaps one of the more intensively used... Given the fragmentation of the IPv4 address space with the widespread use of various forms of address sharing, then it increasingly looks as if the DNS is the only remaining common glue that binds the Internet together as a single network. more»

ccTLDs Might Be Property

The long-running saga of victims who are pursuing 'state sponsors of terrorism' via ICANN has taken yet another turn. Some time back the Plaintiffs in Rubin & ors -v- Islamic Republic of Iran & ors managed to obtain Writs of Attachment in the Federal court district in Washington (D.C.) courts ordering that the ccTLDs of those respective countries be seized in part-payment of the damages they are owed. ICANN, fairly predictably, became involved at this point. more»

Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia

In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more»

Summary of the Registration Operations Association Workshop

The first Registration Operations Association Workshop took place on Thursday, 16 October 2014, at the Los Angeles Hyatt Regency Century Plaza Hotel. I'd like to thank the 64 people that took the time to attend and participate in the discussion, both in-person and remote. I started the workshop with an introduction to some of the technical challenges being faced by the domain registration industry. more»

An Open Letter to the Prime Minister of India, from Within India, Through an Internet Blog

Hon' Prime Minister, Why would India table Proposal 98 for the work of the ITU Plenipotentiary Conference? Contribution 98 wants the ITU to develop an IP address plan; wants it to be a contiguous IP address platform so as to enable the Governments to map and locate every Internet user; suggests that the ITU may coordinate the distribution of IP addresses accordingly; instructs the ITU Secretary General to develop policies for... naming, numbering and addressing which are [already] systematic, equitable... more»

DNSSEC Adoption Part 2: The Current Functionality Gap

Registrars have the opportunity to fundamentally change the landscape of the Internet's security infrastructure by working to close the DNSSEC functionality gap. Virtually everything every Internet user does on the Internet depends on the DNS. DNSSEC is not just about protecting the DNS, it is about building a secure infrastructure foundation upon which new and innovative services and applications can be built to benefit us all. Registrars are the linchpins to advancing the deployment of DNSSEC. more»

The Latter is Coded to Criticize the New - Lessons from Depew

This month, we are seeing a very busy global ecosystem with the ICANN 51, UN General Assembly meeting to discuss ICT for Development in New York and now the 19th ITU Plenipotentiary in Busan. Pinktober, Oktoberfest has also become saturated with ICTober so it makes me more reflective. First I would like to make a massive shout out to all those battling cancer, survivors and families who wage war against cancer. May you all walk on and walk strong! more»

Towards More Efficient Registry-Registrar Relations

On the morning of Wednesday 15th October, the The Domain Name Association (the DNA) held an important working group meeting during ICANN 51 Los Angeles. The topic was to discuss several operational issues between registries and registrars. The meeting's unofficial ongoing name is the Registry-Registrar Operations Working Group. The meeting was a continuation of an inaugural meeting that was held back in June of this year, and covered in a Industry Association: An Implementation Model circulated by the DNA from September 17, by Executive Director Kurt Pritz. more»

DNSSEC Workshop Streaming Live From ICANN 51 On Wednesday, Oct 15

Want to learn about the state of DNSSEC usage in North America? Or what is new in DNS monitoring? Or where DNSSEC fits into the plans of operating systems? Or how DANE is being used to bring a higher level of security to email? All those questions and much more will be discussed at the DNSSEC Workshop at ICANN 51 happening on Wednesday, October 15, 2014, from 8:30 am to 2:45 pm Pacific Daylight Time (PDT, which is UTC-7). more»

ICANN in Hollywood: Foreshadowing a Happy Ending?

As we arrived in Hollywood -- the land of happy endings -- ICANN had just given us cause to hope that the ICANN accountability process might get its own Hollywood ending, despite a fitful start. As one who's been critical of ICANN management's heavy-handed attempts to control the accountability process, it's only appropriate to give credit where credit is due. In accepting the community's strenuous -- and nearly unanimous -- calls for a cross-community working group to lead the process of improving ICANN's accountability mechanisms, ICANN management says it's now prepared to follow the community's lead, rather than dictating and constraining it. more»

Some Observations from NANOG 62

NANOG 62 was held at Baltimore from the 6th to the 9th October. These are my observations on some of the presentations that occurred at this meeting. .. One of the more memorable sides in this presentation was a reference to "map" drawn by Charles Minard in 1869 describing the statistics relating to the Napoleonic military campaign in Russia, and the subsequent retreat. more»

Building a Better WHOIS for the Individual Registrant

Today, anyone can use WHOIS to identify the organization or person who registered a gTLD domain name, along with their postal address, email address, and telephone number. Publishing this data has long been controversial, creating a system riddled with problems. On one hand, anonymous access to all WHOIS data enables misuse by spammers and criminals and raises concerns about personal privacy. On the other hand, incomplete or false WHOIS data prolongs Internet outages and leaves crime victims with little recourse. more»

News Briefs

NTIA Reveals How It Manages the Root Zone

Google Improving Location-Sensitive DNS Responses for Its 400B Responses-Per-Day Public DNS Service

DNS Based DDoS Attacks Using White House Press Releases

U.S. Court Overrules Attempt to Seize Iran's, Syria's and North Korea's Domains

Paul Vixie on How the Openness of the Internet Is Poisoning Us

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

US Ambassador and US Commerce Dept Assistant Secretary Defend Transition of IANA Oversight

U.S. Government Announces Intent to Transition DNS Functions to Global Community

Widespread Compromised Routers Discovered With Altered DNS Configurations

Asia Pac Digital Marketing & gTLD Strategy Congress to Be Held in Hong Kong on May 14-15

Upcoming Latin America and Caribbean DNS Forum

Google DNS to Be Discontinued in Brazil Ahead of New Law

Paul Mockapetris to Serve as Senior Security Advisor to ICANN's Generic Domains Division

GSA Looking Into .gov Outages

ICANN, NTIA, Verisign and ANA Weighing In on 'Name Collisions' and the Readiness of New gTLD Program

Dotless Domains Considered Harmful, Says IAB

LinkedIn Outage Due to DNS Issue

UNESCO Director-General on Linguistic Diversity on the Internet: Main Challenges Are Technical

U.S. CERT Issues Alert on DNS Amplification Attacks

Google Announces DNSSEC Support for Public DNS Service

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Industry Updates

Participants – Random Selection