DNS

Blogs

The Ageless Warning of Icarus

It wasn't that long ago that, during a visit home, my brother asked me, "Why are you so stuck on this Internet thing?" His direct question caused me to realize that I had never actually stopped and considered why I was investing so much time – and in such a highly visible manner – into Internet governance when I wasn't being compensated for doing so and, in fact, was – not putting too fine of a point on it – flat broke. more

DNS and the Internet of Things: Opportunities, Risks, and Challenges

The ICANN Security and Stability Advisory Committee (SSAC) has recently published SAC105, a report on the interplay between the DNS and the Internet of Things (IoT). Unlike typical SSAC publications, SAC105 does not provide particular recommendations to the ICANN Board, but instead is informative in nature and intends to trigger and facilitate dialogue in the broader ICANN community. more

Responding to "The Case for Regulatory Capture of ICANN"

This past Monday, as ICANN65 was beginning in Marrakesh, the technical review blog Review Signal published a detailed expose, "The Case for Regulatory Capture of ICANN" authored by site founder and "geek-in-charge" Kevin Ohashi. The post was clearly the product of extensive investigative reporting – and what it reveals is deeply disturbing. more

Trademark Owners Beware – There's a New Brand Identifier to Worry About

You might not understand how crypto-currencies or blockchain wallets work, but Facebook's announcement this week is a clear signal that these new technologies will soon become ubiquitous. Facebook's introduction of its own crypto-currency to its 2 billion users means mass adoption of crypto-currencies and digital wallets are on the horizon. This has implications that trademark owners need to be aware of. more

Network Protocols and Their Use

In June, I participated in a workshop, organized by the Internet Architecture Board, on the topic of protocol design and effect, looking at the differences between initial design expectations and deployment realities. These are my impressions of the discussions that took place at this workshop. ... In this first part of my report, I'll report on the case studies of two protocol efforts and their expectations and deployment experience. more

A Report on DNS Operations, Analysis, and Research Center (DNS-OARC) 30th Meeting

DNS Operations, Analysis, and Research Center (DNS-OARC) held its 30th meeting in Bangkok on the 12th and 13th May. Here's what attracted my interest from two full days of DNS presentations and conversations, together with a summary of the other material that was presented at this workshop. Some Bad News for DANE (and DNSSEC): For many years the Domain Name X509 certification system, or WebPKI, has been the weak point of Internet security... more

Back to the Future Part IV: The Price-Fixing Paradox of the DNS

GenX-ers may remember spending a summer afternoon at the movie theater and seeing the somewhat corny but beloved antics of Marty McFly and Doc as they used a souped-up Delorean to travel the space-time continuum. In Back to the Future Part II, Doc and Marty travel into the future, where the bullying, boorish Biff causes a time-travel paradox when he steals the Delorean and takes a joyride into the past to give his younger self a sports almanac containing the final scores of decades worth of sporting events. more

A Report on the ICANN DNS Symposium

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space... more

8th Registration Operations Workshop (ROW), May 9th, 2019, Bangkok

The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system. The 8th ROW will be held in Bangkok, Thailand on Thursday, May 9th, 2019 in the afternoon, at the end of the GDD Industry Summit, in the same venue. more

Why Passive DNS Matters in Cybersecurity

Imagine a scenario. Your website analysis shows that your page has stopped receiving visitors, yet there are no complaints that your domain is unreachable. Strange, isn't it? You are certainly wondering: What's going on? Where are my customers? You see, what happened is that you are facing the consequences of the lack of domain name system (DNS) security. more

Domain Name Variants Still Won't Work

ICANN has spent years trying to figure out what to do with domain name variants, strings that look different but mean the same thing, for some definition of "the same." They've been trying to deal with them in second level domains for a decade, and are now working on rules to allow variant top-level domains. Unfortunately, variants don't work. The problem isn't putting them in the DNS; it's that once they're in the DNS, they don't work anywhere else. more

DNS Privacy at IETF 104

From time to time the IETF seriously grapples with its role with respect to technology relating to users' privacy. Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? more

Why More Registries Should Be Talking About DNS Security

I've been incredibly lucky in my time at Neustar to lead both the exceptional Registry and Security teams. While these divisions handle their own unique product and service offerings, it's clear that they have some obvious crossovers in their risks, opportunities and challenges. Having been closely involved in the strategy of both these teams, it strikes me that there is more we as Registry Operators and service providers can and should be doing to align the world of cybersecurity with that of domain names. more

Unexpected Effects of the 2018 Root Zone KSK Rollover

March 22, 2019, saw the completion of the final important step in the Key Signing Key (KSK) rollover - a process which began about a year and half ago. What may be less well known is that post rollover, and until just a couple days ago, Verisign was receiving a dramatically increasing number of root DNSKEY queries, to the tune of 75 times higher than previously observed, and accounting for ~7 percent of all transactions at the root servers we operate. more

A Short History of DNS Over HTTP (So Far)

The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more

News Briefs

Mozilla Named "Internet Villain" for Supporting DNS-Over-HTTPS by a UK ISP Association

Use of DNS Firewalls Could Have Prevented More Than $10B in Data Breach Losses Over the Past 5 Years

A New Project Called Handshake Wants to Decentralize DNS, Says It's Unlike Previous Attempts

State-Sponsored Attack Is Manipulating DNS Systems of National Security Organizations

Unexpected Behaviour Observed With DNS Root Servers After Cryptographic Change

ICANN Makes Urgent Call for Full Deployment of Domain Name System Security Extensions (DNSSEC)

ISC Assesses DNS Flag Day

Domain Holders Urged to Ensure Their Domains Are Ready for 'DNS Flag Day'

An Investigation Shows How Bomb Threat Scammers Hijacked Thousands of Big-Name Domains

US Department of Homeland Security Issues Emergency Directive Ordering Agencies to Audit DNS Records

Global DNS Record Manipulation, Hijacking Campaign at Massive Scale Linked to Iran

DNS Inventor Impressed With Innovative Effort Behind .LUXE TLD to Integrate DNS With Blockchain

EU Should Not Be Setting US WHOIS and Privacy Policy, Says MPAA

ICANN Facing Critical Choice for Plan to Change DNS Cryptographic Key

Large-Scale Study by Security Researchers in China Sheds Light on the Scope of DNS Interception

Anti-Phishing Working Group Proposes Use of Secure Hashing to Address GDPR-Whois Debacle

European Data Regulators Throw ICANN Back to the Drawing Board for a Third Time on Whois Privacy

DNS Firewall Market Expected to Grow From $90.5 Million in 2018 to $169.7 Million by 2023

A Short-Term Suspension of GDPR Enforcement on WHOIS May Be Necessary, Says U.S. Government

DNS Server Hijacking Results in Funds Being Stolen from Popular Crypto Website, MyEtherWallet

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

When Registrars Look the Other Way, Drug-Dealers Get Paid

Squeegee Domains

Ask Vint Cerf: The Road Ahead for Top-Level Domains

Industry Updates

Verisign Q1 2019 Domain Name Industry Brief: Internet Grows to 351.8 Million Domains in Q1 of 2019

Verisign Q4 2018 Domain Name Industry Brief: Internet Grows to 348.7 Million Domains in Q4 of 2018

Afilias Appoints Ram Mohan as Chief Operating Officer

Neustar Logs Into Digital India as the New Technical Services Provider for Country’s .IN Domain

Verisign Q3 2018 Domain Name Industry Brief: Internet Grows to 342.4 Million Domains in Q3 of 2018

Neustar to Acquire Verisign's Security Services Customer Contracts

Afilias Sets GUINNESS WORLD RECORDS Title for the Largest Migration of a TLD in a Single Transition

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

eco/i2Coalition Update Webinar on ICANN Contracted Party GDPR Compliance

DNS-Based Threats: Cache Poisoning

dotPR Addresses Remain Operational Despite Puerto Rico Island Wide Power Outage

KSK Rollover Webinar to Be Held with ECO and ICANN Tuesday, April 24th

Afilias to Support ICANN Community Response to the EU's GDPR

DNS-Based Threats: DNS Reflection and Amplification Attacks

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Participants – Random Selection