DNS

DNS / Featured Blogs

DNSSEC Adoption Part 3: A Five Day Hole in Online Security

Implementing security requires attention to detail. Integrating security services with applications where neither the security service nor the application consider their counterpart in their design sometimes make plain that a fundamental change in existing practices is needed. Existing "standard" registrar business practices require revision before the benefits of the secure infrastructure foundation DNSSEC offers can be realized. more»

Call For Participation - ICANN 52 DNSSEC Workshop on 11 Feb 2015 In Singapore

If you will be at ICANN 52 in Singapore in February 2015 (or can get there) and work with DNSSEC or the DANE protocol, we are seeking proposals for talks to be featured as part of the 6-hour DNSSEC Workshop on Wednesday, February 11, 2015. The deadline to submit proposals is Wednesday, December 10, 2015... The full Call For Participation is published online and gives many examples of the kinds of talks we'd like to include. more»

Nameserver Operators Need the Ability to "Disavow" Domains

Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more»

The Resolvers We Use

The Internet's Domain Name System is a modern day miracle. It may not represent the largest database that has ever been built, but nevertheless it's truly massive. And even if it's not the largest database that's ever been built, it's perhaps one of the more intensively used... Given the fragmentation of the IPv4 address space with the widespread use of various forms of address sharing, then it increasingly looks as if the DNS is the only remaining common glue that binds the Internet together as a single network. more»

ccTLDs Might Be Property

The long-running saga of victims who are pursuing 'state sponsors of terrorism' via ICANN has taken yet another turn. Some time back the Plaintiffs in Rubin & ors -v- Islamic Republic of Iran & ors managed to obtain Writs of Attachment in the Federal court district in Washington (D.C.) courts ordering that the ccTLDs of those respective countries be seized in part-payment of the damages they are owed. ICANN, fairly predictably, became involved at this point. more»

Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia

In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more»

Summary of the Registration Operations Association Workshop

The first Registration Operations Association Workshop took place on Thursday, 16 October 2014, at the Los Angeles Hyatt Regency Century Plaza Hotel. I'd like to thank the 64 people that took the time to attend and participate in the discussion, both in-person and remote. I started the workshop with an introduction to some of the technical challenges being faced by the domain registration industry. more»

An Open Letter to the Prime Minister of India, from Within India, Through an Internet Blog

Hon' Prime Minister, Why would India table Proposal 98 for the work of the ITU Plenipotentiary Conference? Contribution 98 wants the ITU to develop an IP address plan; wants it to be a contiguous IP address platform so as to enable the Governments to map and locate every Internet user; suggests that the ITU may coordinate the distribution of IP addresses accordingly; instructs the ITU Secretary General to develop policies for... naming, numbering and addressing which are [already] systematic, equitable... more»

DNSSEC Adoption Part 2: The Current Functionality Gap

Registrars have the opportunity to fundamentally change the landscape of the Internet's security infrastructure by working to close the DNSSEC functionality gap. Virtually everything every Internet user does on the Internet depends on the DNS. DNSSEC is not just about protecting the DNS, it is about building a secure infrastructure foundation upon which new and innovative services and applications can be built to benefit us all. Registrars are the linchpins to advancing the deployment of DNSSEC. more»

The Latter is Coded to Criticize the New - Lessons from Depew

This month, we are seeing a very busy global ecosystem with the ICANN 51, UN General Assembly meeting to discuss ICT for Development in New York and now the 19th ITU Plenipotentiary in Busan. Pinktober, Oktoberfest has also become saturated with ICTober so it makes me more reflective. First I would like to make a massive shout out to all those battling cancer, survivors and families who wage war against cancer. May you all walk on and walk strong! more»