DNS

Blogs

DNS Privacy at IETF 104

From time to time the IETF seriously grapples with its role with respect to technology relating to users' privacy. Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? more

Why More Registries Should Be Talking About DNS Security

I've been incredibly lucky in my time at Neustar to lead both the exceptional Registry and Security teams. While these divisions handle their own unique product and service offerings, it's clear that they have some obvious crossovers in their risks, opportunities and challenges. Having been closely involved in the strategy of both these teams, it strikes me that there is more we as Registry Operators and service providers can and should be doing to align the world of cybersecurity with that of domain names. more

Unexpected Effects of the 2018 Root Zone KSK Rollover

March 22, 2019, saw the completion of the final important step in the Key Signing Key (KSK) rollover - a process which began about a year and half ago. What may be less well known is that post rollover, and until just a couple days ago, Verisign was receiving a dramatically increasing number of root DNSKEY queries, to the tune of 75 times higher than previously observed, and accounting for ~7 percent of all transactions at the root servers we operate. more

A Short History of DNS Over HTTP (So Far)

The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more

Some Thought on the Paper: Practical Challenge-Response for DNS

Because the speed of DNS is so important to the performance of any connection on the 'net, a lot of thought goes into making DNS servers fast, including optimized software that can respond to queries in milliseconds, and connecting DNS servers to the 'net through high bandwidth links. To set the stage for massive DDoS attacks based in the DNS system, add a third point: DNS responses tend to be much larger than DNS queries. more

Say YES to DNSSEC

With the latest "DNSpionage" attack, ICANN astutely prompted domain name holders to fully deploy DNSSEC on their names. Afilias absolutely supports this and encourages the same. In this post, I remind you of why DNSSEC is important and our continued role. Afilias has a long history in the development and advocacy of DNSSEC. In 2007, we partnered with Public Interest Registry to help found dnssec-deployment.org. more

Building a Secure Global Network

Recently, the DNS has come under an extensive attack. The so-called "DNSpionage" campaigns have brought to light the myriad methods used to infiltrate networks. These attacks employed phishing, system hopping via key exfiltration, and software zero day exploits, illustrating that many secure networks may not be fully protected. more

Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

Recent events have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports. Domains are an important element of internet infrastructure; their functionality and security rely upon many factors such as their delegated name servers. more

As We Head to ICANN64 in Japan, Let’s Pay Attention to National and Global Context of the Region

Soon it'll be time again for some of us to pack our bags and head for the ICANN64 meeting in Kobe, Japan. Even if you plan to stay at home, it still will be helpful to understand the national and global context in which the meeting is taking place. One way to do that is by looking at Japan's Prime Minister's Shinzo Abe recent Keynote Speech at the World Economic Forum Annual Meeting, (Jan 23rd, 2019) entitled: "Toward a New Era of "Hope-Driven Economy" more

Call for Proposals: ICANN 64 DNSSEC Workshop in Kobe, Japan (March 2019)

Will you be at the ICANN 64 meeting in March 2019 in Kobe, Japan? If so (or if you can get to Kobe), would you be interested in speaking about any work you have done (or are doing) with DNSSEC, DANE or other DNS security and privacy technologies? If you are interested, please send a brief (1-2 sentence) description of your proposed presentation before 07 February 2019. more

New Book: Managing Mission Critical Domains & DNS

The idea behind my recent book "Managing Mission Critical Domains & DNS" is to provide a unifying overview around the area of domains and naming where I think there exists an artificial divide, and that divide exists between domain policy, and managing ones' domain portfolio; and the DNS ops side of things: running your nameservers or outsourcing to a vendor, or both. I've been doing this for over 20 years, I've seen almost every failure condition that can happen to your domain or DNS... more

CircleID's Top 10 Posts of 2018

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2018 participants for sharing their thoughts and making a difference in the industry. more

Who Played a Major Role in Advancing the Internet? Nominations Open for 2019 Internet Hall of Fame

Do you know someone who has played a major role in the development and advancement of the Internet? Now is the time to recognize their contribution. Nominate them for the 2019 Internet Hall of Fame. With more than 100 inductees, the Internet Hall of Fame celebrates Internet pioneers and innovators who have pushed the boundaries to bring the Internet to life and make it an essential resource for billions of people today. more

Are We Ready to Defend Our Freedom? Book Review: "The Age of Surveillance Capitalism"

It is not often that you read a book where afterward nothing seems the same again. Like Adam Smith's The Wealth of Nations, Shoshana Zuboff's book: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power,, puts what we do in these times into a context and gives a focus to ongoing issues of privacy and governance with regard to the Domain Name System. This is even more astonishing as the book does not even mention the DNS, the Internet ecosystem or even Internet Governance directly. more

CPH TechOps Retrospective 2018

From the perspective of the domain name industry, 2018 was strongly influenced by, among other things, the EU General Data Protection Regulation (GDPR), the Temporary Specification and especially the Expedited Policy Development Process (EPDP). For the Contracted Parties House (CPH) TechOps Group, one year after its foundation, it was a very exciting and intensive time. This initiative was created to tackle technical and operational needs and challenges plus ideally to create best practices. more

News Briefs

State-Sponsored Attack Is Manipulating DNS Systems of National Security Organizations

Unexpected Behaviour Observed With DNS Root Servers After Cryptographic Change

ICANN Makes Urgent Call for Full Deployment of Domain Name System Security Extensions (DNSSEC)

ISC Assesses DNS Flag Day

Domain Holders Urged to Ensure Their Domains Are Ready for 'DNS Flag Day'

An Investigation Shows How Bomb Threat Scammers Hijacked Thousands of Big-Name Domains

US Department of Homeland Security Issues Emergency Directive Ordering Agencies to Audit DNS Records

Global DNS Record Manipulation, Hijacking Campaign at Massive Scale Linked to Iran

DNS Inventor Impressed With Innovative Effort Behind .LUXE TLD to Integrate DNS With Blockchain

EU Should Not Be Setting US WHOIS and Privacy Policy, Says MPAA

ICANN Facing Critical Choice for Plan to Change DNS Cryptographic Key

Large-Scale Study by Security Researchers in China Sheds Light on the Scope of DNS Interception

Anti-Phishing Working Group Proposes Use of Secure Hashing to Address GDPR-Whois Debacle

European Data Regulators Throw ICANN Back to the Drawing Board for a Third Time on Whois Privacy

DNS Firewall Market Expected to Grow From $90.5 Million in 2018 to $169.7 Million by 2023

A Short-Term Suspension of GDPR Enforcement on WHOIS May Be Necessary, Says U.S. Government

DNS Server Hijacking Results in Funds Being Stolen from Popular Crypto Website, MyEtherWallet

APNIC Labs Partners with Cloudflare for Joint DNS Research Project

ICANN Spearheading Launch of Virtual DNS Entrepreneurship Center of the Caribbean

ICANN Cancels .CORP, .HOME, and .MAIL TLDs Indefintley Due to Collision Concerns

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Industry Updates

Verisign Q4 2018 Domain Name Industry Brief: Internet Grows to 348.7 Million Domains in Q4 of 2018

Afilias Appoints Ram Mohan as Chief Operating Officer

Neustar Logs Into Digital India as the New Technical Services Provider for Country’s .IN Domain

Verisign Q3 2018 Domain Name Industry Brief: Internet Grows to 342.4 Million Domains in Q3 of 2018

Neustar to Acquire Verisign's Security Services Customer Contracts

Afilias Sets GUINNESS WORLD RECORDS Title for the Largest Migration of a TLD in a Single Transition

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

eco/i2Coalition Update Webinar on ICANN Contracted Party GDPR Compliance

DNS-Based Threats: Cache Poisoning

dotPR Addresses Remain Operational Despite Puerto Rico Island Wide Power Outage

KSK Rollover Webinar to Be Held with ECO and ICANN Tuesday, April 24th

Afilias to Support ICANN Community Response to the EU's GDPR

DNS-Based Threats: DNS Reflection and Amplification Attacks

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Participants – Random Selection