DNS

Noteworthy

 Why Can't a Product or Service Meet All My Needs??? With Professional Services, It Can!

 Real people are reporting attacks and real people are responding.

 Today, professional services teams must help clients do more with less — less staff, smaller budgets and fewer resources in general.

 While the danger is hardly over, these larger institutions have learned some painful lessons that smaller firms might heed as they seek to minimize risks.

 As Neustar sees it, there are three key elements to dedicated DDoS protection: people, process and technology.

 As protests of all kinds seem to be gaining momentum these days, it will be interesting to see what develops next with DDoS attacks.

Blogs

A Great Bit of DNSSEC and DNS at IETF 90 Next Week

For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more»

Senate Judiciary Committee Hearing on Botnet Takedowns (July 15, 2014)

The background is of course quite interesting, given how soon it has followed Microsoft's seizure of several domains belonging to Dynamic DNS provider no-ip.com for alleged complicity in hosting trojan RAT gangs, a couple of days after which the domains were subsequently returned -- without public comment -- to Vitalwerks, the operator of No-IP. This is by no means a new tactic for Microsoft, who has carried out successful seizures of various domains over the past two or three years. more»

Now Available - A Trend Chart Tracking DNSSEC Validation Globally

How can we track the amount of DNSSEC validation happening globally? Is there a way we can see the trend over time to (we hope!) see validation rise? At the recent excellent DNSSEC Workshop at ICANN 50 in London Geoff Huston let me know that his APNIC Labs team has now created this exact type of trend chart. more»

Painting Ourselves Into a Corner with Path MTU Discovery

In Tony Li's article on path MTU discovery we see this text: "The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation." Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS... more»

GNSO Constituencies Issue Unanimous Joint Statement on ICANN Accountability

In an unprecedented development, all stakeholder groups and constituencies comprising ICANN"s Generic Names Supporting Organization (GNSO) unanimously endorsed a joint statement in support of the creation of an independent accountability mechanism "that provides meaningful review and adequate redress for those harmed by ICANN action or inaction in contravention of an agreed upon compact with the community". The statement was read aloud during a June 26th session on the IANA transition process held on the last day of the ICANN 50 public meeting in London. more»

3 DNSSEC Sessions Happening At ICANN 50 Next Week in London

As I mentioned in a post to the Deploy360 blog today, there are three excellent sessions relating to DNSSEC happening at ICANN 50 in London next week: DNSSEC For Everybody: A Beginner's Guide; DNSSEC Implementers Gathering; DNSSEC Workshop. Find out more. more»

NANOG 61 - Impressions of Some Presentations

The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow... more»

Senate Appropriators Add IANA Language As House Requests GAO Study and Civil Society Opposes Shimkus

The Senate Appropriations Committee just reported out on June 5th its version of the Commerce-Justice-State Departments Appropriations bill for FY 15. In the course of its deliberations it added a consensus amendment on the IANA transition offered by Sen. Mike Johanns (R-NE)... Parsing the amendment's language, the requirement that NTIA conduct a thorough review and analysis of any proposed IANA transition plan amounts to telling it to do its job properly; implicit in this requirement is that the analysis be shared with Congress. more»

Universal Acceptance of All TLDs Now!

Universal acceptance of top level domains hasn't really meant much to most Internet users up until now. As long as .COM was basically the default TLD, there wasn't much of an issue. No longer. With 263 delegated strings (according to ICANN's May 12, 2014 statistics) adding to the existing 22 gTLDs that were already live on the net after the 2004 round of Internet namespace expansion, the problem of universal acceptance gets very real. more»

House Committees Taking Aim at IANA Transition Proposal

In an unanticipated move a third Committee of the US House of Representatives has weighed in with concerns regarding the NTIA's proposed transition of the US role as counterparty to ICANN's IANA functions contract to one with the "global multistakeholder community". On May 13th the House Armed Services Committee Report for HR 4435, the Defense Authorization bill, was released. more»

DNA Auction Plan to Reinvest Money Into Industry

Love them or hate them, auctions are an unavoidable reality of the new Top-Level Domain (TLD) Program. By their very nature, they create winners and losers. All that is in doubt is where the money goes -- to the losing parties under a private auction model or to ICANN under their auction of last resort. There are pros and cons for both models. But what if there was another way? more»

The Real Uneven Playing Field of Name Collisions

Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they're on an even playing field with one another. Verisign's latest public comments on ICANN's "Mitigating the Risk of DNS Namespace Collisions" Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21. more»

Wow! BIND9 9.10 Is out, and What a List of Features!

Today the e-mail faerie brought news of the release of BIND9 9.10.0 which can be downloaded from here. BIND9 is the most popular name server on the Internet and has been ever since taking that title away from BIND8 which had a few years earlier taken it from BIND4. I used to work on BIND, and I founded ISC, the home of BIND, and even though I left ISC in July 2013 to launch a commercial security startup company, I remain a fan of both ISC and BIND. more»

IANA Transition Set to Disrupt ICANN Operations

The US Government's decision to transition its oversight of the IANA function to a multi-national, multi stakeholder organisation is set to impact ICANN's standard operations. On April 25, ICANN Board Chair Steve Crocker send an email to the ICANN community leaders suggesting changes to the agenda for the upcoming 50th International ICANN meeting, set to be held in London from June 22 to 26. more»

Verisign's Preliminary Comments on ICANN's Name Collisions Phase One Report

Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more»

News Briefs

Video Interviews Highlighting ICANN 50 in London

Paul Vixie on How the Openness of the Internet Is Poisoning Us

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

US Ambassador and US Commerce Dept Assistant Secretary Defend Transition of IANA Oversight

U.S. Government Announces Intent to Transition DNS Functions to Global Community

Widespread Compromised Routers Discovered With Altered DNS Configurations

Asia Pac Digital Marketing & gTLD Strategy Congress to Be Held in Hong Kong on May 14-15

Upcoming Latin America and Caribbean DNS Forum

Google DNS to Be Discontinued in Brazil Ahead of New Law

Paul Mockapetris to Serve as Senior Security Advisor to ICANN's Generic Domains Division

GSA Looking Into .gov Outages

ICANN, NTIA, Verisign and ANA Weighing In on 'Name Collisions' and the Readiness of New gTLD Program

Dotless Domains Considered Harmful, Says IAB

LinkedIn Outage Due to DNS Issue

UNESCO Director-General on Linguistic Diversity on the Internet: Main Challenges Are Technical

U.S. CERT Issues Alert on DNS Amplification Attacks

Google Announces DNSSEC Support for Public DNS Service

ICANN Releases Guideline for Coordinated Vulnerability Disclosure Reporting

FBI Agent Thomas X. Grasso Receives First J.D. Falk Award for Establishing DNS Changer Working Group

Twitter's t.co Domain Outage Caused by Human Error

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Neustar Updates – Sponsor

Why Managed DNS Means Secure DNS

The current DNS protocol, "if my packets don't get through I'll just retransmit them and they're not critical" will no longer cut it in today's ever-changing security landscape. ›››

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

DDoS attacks have continuously been on the rise and as you may have heard plenty already, more and more attackers are targeting DNS. In the following video, Rodney Joffe, Neustar's Senior Vice-President and Technologist, explain how hardened DNS can keep your business safe. ›››

Neustar's Proposal for New gTLD Collision Risk Mitigation

Neustar has a vested interest in ensuring that the domain name system is as secure and stable as possible. We have been operating top level domains (TLDs) for more than a decade, and we intend to provide the same level of service as the back-end registry provider for more than 350 applicants for the new generic TLDs that we hope will become available in the coming months. ›››

Neustar Launches Global Partner Program

Neustar has launched a new program to allow partners to resell Neustar's cloud-based infrastructure services, including managed DNS and DDoS protection offerings, to their online customers. ›››

Neustar Launches Enterprise Professional Services Offerings

Neustar announces the launch of Neustar Professional Services with a comprehensive suite of IT service offerings for enterprise organizations of all sizes. Neustar's seasoned team of professionals provides the expertise and resources organizations need to ensure the performance, security and reliability of their IT infrastructure. ›››

Neustar Labs Innovation Center Grand Opening (Video)

In March, Neustar announced the opening of the Neustar Labs Innovation Center at the University of Illinois Urbana-Champaign. Friends of Neustar at Illinois have prepared the following video from the grand opening day. ›››

Neustar Selected as Registry Services Provider for 358 Top-Level Domain Applications

Neustar today announced that it has been selected as the registry services provider for 358 applications for new generic Top-Level domains (gTLDs). Additionally, Neustar has been selected by the City of New York as the registry service provider to manage the application process and operate .nyc. ›››

Industry Updates

Participants – Random Selection