Call for Participation - DNSSEC Workshop at ICANN 55 in Marrakech, Morocco

Do you have an idea for a new way to use DNSSEC or DANE to make the Internet more secure? Have you recently installed DNSSEC and have a great case study you can share of lessons learned? Do you have a new tool or service that makes DNSSEC or DANE easier to use or deploy? Do you have suggestions for how to improve DNSSEC? Or new ways to automate or simplify the user experience? If you do, and if you will be attending ICANN 55 in Marrakech, Morocco (or can get there), we are now seeking proposals for the ICANN 55 DNSSEC Workshop that will take place on Wednesday, 9 March 2016. more»

RIPE 71 Meeting Report

The RIPE 71 meeting took place in Bucharest, Romania in November. Here are my impressions from a number of the sessions I attended that I thought were of interest. It was a relatively packed meeting held over 5 days. So this is by no means all that was presented through the week... As is usual for RIPE meetings, it was a well organised, informative and fun meeting to attend in every respect! If you are near Copenhagen in late May next year I'd certainly say that it would be a week well spent. more»

How DANE Strengthens Security for TLS, S/SMIME and Other Applications

The Domain Name System (DNS) offers ways to significantly strengthen the security of Internet applications via a new protocol called the DNS-based Authentication of Named Entities (DANE). One problem it helps to solve is how to easily find keys for end users and systems in a secure and scalable manner. It can also help to address well-known vulnerabilities in the public Certification Authority (CA) model. Applications today need to trust a large number of global CAs. more»

The TPP and the DNS

On November 5, 2015 the Office of the U.S. Trade Representative (USTR) released the official text of the Trans-Pacific Partnership (TPP). That text consists of 30 separate Chapters totaling more than 2,000 pages, and is accompanied by four additional Annexes and dozens of Related Instruments. Only those who negotiated it are likely to have a detailed understanding of all its provisions, and even that probably overstates reality. more»

The Incredible Value of Passive DNS Data

If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more»

Internet Society's New Policy Brief Series Provides Concise Information On Critical Internet Issues

Have you ever wanted to quickly find out information on key Internet policy issues from an Internet Society perspective? Have you wished you could more easily understand topics such as net neutrality or Internet privacy? This year, the Internet Society has taken on a number of initiatives to help fill a need identified by our community to make Internet Governance easier to understand and to have more information available that can be used to inform policymakers and other stakeholders about key Internet issues. more»

Steering Website Traffic with Managed DNS vs. IP Anycast

I recently read an interesting post on LinkedIn Engineering's blog entitled "TCP over IP Anycast -- Pipe dream or Reality?" The authors describe a project to optimize the performance of www.linkedin.com. The web site is served from multiple web server instances located in LinkedIn's POPs all over the world. Previously LinkedIn used DNS geomapping exclusively to route its users to the best web server instance, but the post describes how they tried using BGP routing instead. more»

NANOG 65 Report

NANOG 65 was once again your typical NANOG meeting: a set of operators, vendors, researchers and others for 3 days, this time in Montreal in October. Here's my impressions of the meeting... The opening keynote was from Jack Waters from Level 3, which looked back over the past 25 years of the Internet, was interesting to me in its reference to the "Kingsbury Letter". more»

Thoughts on the Open Internet - Part 5: Security

Any form of public communications network necessarily exposes some information about the identity and activity of the user's of its services. The extent to which such exposure of information can be subverted and used in ways that are in stark opposition to the users' individual interests forms part of the motivation on the part of many users to reduce such open exposure to an absolute minimum. The tensions between a desire to protect the user through increasing the level of opacity of network transactions to third party surveillance, and the need to expose some level of basic information to support the functions of a network lies at the heart of many of the security issues in today's Internet. more»

Thoughts on the Open Internet - Part 4: Locality and Interdependence

The Internet was not originally designed as a single network that serviced much of the world's digital communications requirements. Its design was sufficiently flexible that it could be used in many contexts, including that of small network domains that were not connected to any other domain, through to large diverse systems with many tens of thousands of individual network elements. If that is indeed the case, then why is it that when networks wish to isolate themselves from the Internet, or when a natural calamity effectively isolates a network, the result is that the isolated network is often non-functional. more»

Thoughts on the Open Internet - Part 3: Local Filtering and Blocking

The public policy objectives in the area of content filtering and blocking space are intended to fulfil certain public policy objectives by preventing users within a country from accessing certain online content. The motives for such public policies vary from a desire to uphold societal values through to concessions made to copyright holders to deter the circulation of unauthorised redistribution of content. more»

The Growth of DNS-OARC Highlights Great Strides in DNS Research

This past weekend several of my Dyn colleagues and I attended the DNS-OARC annual meeting and fall workshop in Montreal. "OARC" in the organization's title stands for "Operations, Analysis and Research Center". DNS-OARC was founded by the Internet Systems Consortium (best known as the maintainers of the BIND DNS software) in 2004 to address a gap in the DNS community. Engineers working to extend the DNS protocol itself have always had a home in the Internet Engineering Task Force (IETF), but there was no corresponding community for those who operated DNS infrastructure and did research using data gleaned from DNS operations. more»

Watch Live Oct 1 - Dyn's Techtoberfest: Internet Trends, Security, Net Neutrality and More

On Thursday, Oct 1, 2015, from 9:30am-4:30pm US EDT (UTC-4), Dyn will be holding their "TechToberFest" event in Manchester, NH, and also streaming the video live for anyone interested. There are a great set of speakers and a solid agenda. As I wrote on the Internet Society blog, I'll be part of the security panel from 3-4pm US EDT... and we who are on the panel are excited to participate just for the conversation that we are going to have! It should be fun! more»

Thinking Ahead on Privacy in the Domain Name System

Earlier this year, I wrote about a recent enhancement to privacy in the Domain Name System (DNS) called qname-minimization. Following the principle of minimum disclosure, this enhancement reduces the information content of a DNS query to the minimum necessary to get either an authoritative response from a name server, or a referral to another name server. more»

One Step Closer to an Accountable ICANN

We believe that certain updates in the latest draft that limit the scope of ICANN's Mission, as specified in paragraph 188, could explicitly prevent ICANN from actively enforcing its contracts with Registries and Registrars or use contracts as a tool to implement consensus policies in the future. We suggest in our comments that revised bylaw text be added explicitly stating that the enforcement and creation of ICANN's contracts with Registries and Registrars... more»

News Briefs

Hacking Increasingly Becoming a Physical Concern

IANA Contract Extended by One Year, Announces Department of Commerce

Group Working on Securing Email Using DNS

New Report on Performance Measurements of the DNS Root Service in China

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Comparing Root Server Performance Around the World

AFRINIC Partners With ICANN on AFRICA DNS Business Exchange Programme

NTIA Reveals How It Manages the Root Zone

Google Improving Location-Sensitive DNS Responses for Its 400B Responses-Per-Day Public DNS Service

DNS Based DDoS Attacks Using White House Press Releases

U.S. Court Overrules Attempt to Seize Iran's, Syria's and North Korea's Domains

Paul Vixie on How the Openness of the Internet Is Poisoning Us

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

US Ambassador and US Commerce Dept Assistant Secretary Defend Transition of IANA Oversight

U.S. Government Announces Intent to Transition DNS Functions to Global Community

Widespread Compromised Routers Discovered With Altered DNS Configurations

Asia Pac Digital Marketing & gTLD Strategy Congress to Be Held in Hong Kong on May 14-15

Upcoming Latin America and Caribbean DNS Forum

Google DNS to Be Discontinued in Brazil Ahead of New Law

Paul Mockapetris to Serve as Senior Security Advisor to ICANN's Generic Domains Division

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Industry Updates

Participants – Random Selection