DNS

Blogs

ICANN 56 in Helsinki - Schedule of DNSSEC Activities

The ICANN 56 meeting takes place in Helsinki, Finland, from June 27-30 and while it is a smaller "policy forum" style of meeting, there will still be some activities related to DNSSEC, DANE and DNS security in general. DNSSEC Workshop The DNSSEC Workshop will take place on the morning of Monday, 27 June 2016. All times are Eastern European Summer Time (EEST), which is UTC+3. more»

Important Milestone in IANA Stewardship Transition: NTIA Says Proposal Meets Criteria

Today, the global Internet community reached an important milestone. The US Department of Commerce National Telecommunications & Information Administration (NTIA) announced that the community-developed proposal to transition the stewardship of the Internet Assigned Numbers Authority (IANA) functions meets the criteria it set out in March 2014. more»

The Path to DNS Privacy

The DNS is normally a relatively open protocol that smears its data (which is your data and mine too!) far and wide. Little wonder that the DNS is used in many ways, not just as a mundane name resolution protocol, but as a data channel for surveillance and as a common means of implementing various forms of content access control. But all this is poised to change. more»

We Need You: Industry Collaboration to Improve Registration Data Services

For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities... The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. more»

U. S. Government Blasts China's Draft Domain Regulations

In an unexpected move, the two top U.S. officials charged with the Obama Administration's Internet policy have issued a joint statement severely criticizing draft Chinese domain policies. On May 16th, the State Department's Ambassador Daniel A. Sepulveda and NTIA's Assistant Secretary for Communications and Information Lawrence E. Strickling issued an official statement titled "China's Internet Domain Name Measures and the Digital Economy". more»

Increasing the Strength of the Zone Signing Key for the Root Zone

One of the most interesting and important changes to the internet's domain name system (DNS) has been the introduction of the DNS Security Extensions (DNSSEC). These protocol extensions are designed to provide origin authentication for DNS data. In other words, when DNS data is digitally signed using DNSSEC, authenticity can be validated and any modifications detected. more»

Call for Participation - DNSSEC Workshop at ICANN 56 in Helsinki, Finland on 27 June 2016

Do you have an idea for an innovative use of DNSSEC or DANE? Have you recently deployed DNSSEC or DANE and have some "lessons learned" that you could share? Did you develop a new tool or service that works with DNSSEC? Have you enabled DNSSEC by default in your products? (And why or why not?) Do you have ideas about how to accelerate usage of new encryption algorithms in DNSSEC? more»

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

My Top Takeaways from DNS-OARC 24

The 24th DNS-OARC meeting was held last week in Buenos Aires -- a two-day DNS workshop with amazingly good, consistent content. The programme committee are to be congratulated on maintaining a high quality of presentations. Here are my picks of the workshop. They fall into three groups, covering themes I found interesting... These presentations related to the ongoing problem of DNS as a source of reflection attacks, or a victim of attempted DDoS... more»

Let Me Make Yeti-DNS Perfectly Clear

The following rather alarming text caught my eye today... Had the text appeared under a less august letterhead, or signed by less qualified authors, there would be no cause for alarm. However, the letterhead was World Economic Forum and the authors were William J. Drake, Vinton G. Cerf, and Wolfgang Kleinw├Ąchter. As one of three coordinators for the Yeti-DNS project, this feels a bit like I'm in big trouble now. So, let's discuss the matter. more»

The Path Toward Increasing the Security of DNSSEC with Elliptic Curve Cryptography

How do we make DNSSEC even more secure through the use of elliptic curve cryptography? What are the advantages of algorithms based on elliptic curves? And what steps need to happen to make this a reality? What challenges lie in the way? Over the past few months we've been discussing these questions within the community of people implementing DNSSEC, with an aim of increasing both the security and performance of DNSSEC. more»

DNSSEC Workshop Streaming Live from ICANN 55 in Marrakech on Wednesday, March 9, 2016

What is the current state of DNSSEC deployment around the world and also in Africa? How can you deploy DNSSEC at a massive scale? What is the state of using elliptic curve crypto algorithms in DNSSEC? What more can be done to accelerate DNSSEC deployment? Discussion of all those questions and much more can be found in the DNSSEC Workshop streaming live out of the ICANN 55 meeting in Marrakech, Morocco, on Wednesday, March 9, from 9:00 to 15:15 WET. more»

The CCT Review Needs You!

Come join the discussion on Wednesday 17:15 UTC. Quis custodiet ipsos custodes? As ICANN approaches its 18th birthday, it marks its ascension to adulthood and independence with a new framework of accountability. As we attempt to modernize and empower the organization with oversight of the DNS, the question of "who watches the watchmen?" is on the tip of everyone's tongue. more»

Blocking and Filtering in Collaborative Security Context - A Reflection on RFC 7754

The other day, I planned to take my 15-year-old son to the movie theatre to see "Hateful Eight" in 70mm film format. The theatre would not allow him in. Under article 240a of the Dutch penal code, it is a felony to show a movie to a minor when that movie is rated 16 or above. Even though I think I am responsible for what my son gets to see, I understand that the rating agency put a 16-year stamp on this politically-incorrect-gun-slinging-gore-and-curse-intense-comedy feature. more»

ICANN 55 Next Week In Marrakech - What to Expect

As you may know, ICANN holds three public meetings every year. The most recent one, ICANN 54, was held in Dublin... So the next ICANN meeting is being held in Marrakech, Morocco starting Saturday, March 5th through March the 10th. Up until now all three meetings were the same length and had the same basic structure. However, from this year onwards, that'll change. How that will play out in reality, however, is anyone's best guess. more»

News Briefs

US Department of Commerce Reports on Open Internet, Privatization of DNS

Neustar Announces Intention to Separate Into Two Independent and Publicly Traded Companies

Sweden Makes its TLD Zone File Publicly Available

Large Volume of DNSSEC Amplification DDoS Observed, Akamai Reports

GNU C Library Found Vulnerable to Rogue DNS Server Attacks

91.3% of Malware Use DNS as a Key Capability

Internet Root Servers Hit with Unusual DNS Amplification Attack

Hacking Increasingly Becoming a Physical Concern

IANA Contract Extended by One Year, Announces Department of Commerce

Group Working on Securing Email Using DNS

New Report on Performance Measurements of the DNS Root Service in China

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Comparing Root Server Performance Around the World

AFRINIC Partners With ICANN on AFRICA DNS Business Exchange Programme

NTIA Reveals How It Manages the Root Zone

Google Improving Location-Sensitive DNS Responses for Its 400B Responses-Per-Day Public DNS Service

DNS Based DDoS Attacks Using White House Press Releases

U.S. Court Overrules Attempt to Seize Iran's, Syria's and North Korea's Domains

Paul Vixie on How the Openness of the Internet Is Poisoning Us

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Industry Updates

Participants – Random Selection