As Neustar sees it, there are three key elements to dedicated DDoS protection: people, process and technology.

 Why Can't a Product or Service Meet All My Needs??? With Professional Services, It Can!

 Today, professional services teams must help clients do more with less — less staff, smaller budgets and fewer resources in general.

 Real people are reporting attacks and real people are responding.

 As protests of all kinds seem to be gaining momentum these days, it will be interesting to see what develops next with DDoS attacks.

 While the danger is hardly over, these larger institutions have learned some painful lessons that smaller firms might heed as they seek to minimize risks.

DNS / Featured Blogs

Exploring Future Internet Architectures

UCLA and Washington University in St. Louis recently announced the launch of the Named Data Networking (NDN) Consortium, a new forum for collaboration among university and industry researchers, including Verisign, on one candidate next-generation information-centric architecture for the Internet. Verisign Labs has been collaborating with UCLA Professor Lixia Zhang, one of the consortium's co-leaders, on this future-directed design as part our university research program for some time. more»

Industry Association: An Implementation Model

We read carefully Scott Hollenbeck's call to form a Domain Name Industry association to promote consistency in technical operations across the many moving parts of the industry and we, the Board and members of the Domain Name Association, largely agree. More formal coordination among registry operators and domain name registrars would improve the domain name registration experience for registrants and business operations for the domain name industry in general. more»

Watch ION Belfast / UKNOF Live Tuesday, Sept 9, for IPv6, DNSSEC, BGP Security and More

On Tuesday, September 9, 2014, you have a great opportunity to watch live a very packed agenda full of great sessions about IPv6, DNSSEC, routing/BGP security and other components of Internet infrastructure streaming out of the UKNOF / ION Belfast event in Belfast, UK. All of the sessions can be seen live. more»

.भारत Brings the Promise of a New Digital India

On August 27, 2014, the world became a bit more connected as the Internet welcomed more than 400 million Hindi language speakers in their own language. .भारत (.Bharat), which means India in the Hindi language, was inaugurated on August 27 in New Delhi by Mr. Ravi Shankar Prasad, India's Minister of Law & Justice and Communications & Information Technology. more»

Some Internet Measurements

At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP. The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. more»

A Great Bit of DNSSEC and DNS at IETF 90 Next Week

For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more»

Senate Judiciary Committee Hearing on Botnet Takedowns (July 15, 2014)

The background is of course quite interesting, given how soon it has followed Microsoft's seizure of several domains belonging to Dynamic DNS provider no-ip.com for alleged complicity in hosting trojan RAT gangs, a couple of days after which the domains were subsequently returned -- without public comment -- to Vitalwerks, the operator of No-IP. This is by no means a new tactic for Microsoft, who has carried out successful seizures of various domains over the past two or three years. more»

Now Available - A Trend Chart Tracking DNSSEC Validation Globally

How can we track the amount of DNSSEC validation happening globally? Is there a way we can see the trend over time to (we hope!) see validation rise? At the recent excellent DNSSEC Workshop at ICANN 50 in London Geoff Huston let me know that his APNIC Labs team has now created this exact type of trend chart. more»

Painting Ourselves Into a Corner with Path MTU Discovery

In Tony Li's article on path MTU discovery we see this text: "The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation." Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS... more»

GNSO Constituencies Issue Unanimous Joint Statement on ICANN Accountability

In an unprecedented development, all stakeholder groups and constituencies comprising ICANN"s Generic Names Supporting Organization (GNSO) unanimously endorsed a joint statement in support of the creation of an independent accountability mechanism "that provides meaningful review and adequate redress for those harmed by ICANN action or inaction in contravention of an agreed upon compact with the community". The statement was read aloud during a June 26th session on the IANA transition process held on the last day of the ICANN 50 public meeting in London. more»