The Domain Name System (DNS) associates various information with domain names; most importantly, it serves as the "phone book" for the Internet by translating human-readable computer hostnames, e.g. www.example.com, into IP addresses, e.g. 208.77.188.166, which networking equipment needs to deliver information. It also stores other information such as the list of mail servers that accept email for a given domain. In providing a worldwide keyword-based redirection service, the Domain Name System is an essential component of contemporary Internet use. Read the full background at DNS Wikipedia
Today ICANN releases a paper with the title "DNSSEC @ ICANN - Signing the root zone: A way forward toward operational readiness". The paper explains in more detail than earlier documents what ICANN view on signing of the root zone is. I think the key points mentioned in this paper are true, and in general, I think this document is a good read. It is not long, and summarizes what I would call the current view is. more»
In the last few weeks we've seen two very different approaches to the full disclosure of security flaws in large-scale computer systems. Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London's Oyster card will soon be available to anyone with a laptop computer and a desire to break the law. These two cases highlight a major problem facing the computing industry, one that goes back many years and is still far from being unresolved. Given that there are inevitably bugs, flaws and unexpected interactions in complex systems, how much information about them should be made public by researchers when the details could be helpful to criminals or malicious hackers? more»
On Tuesday July 8, CERT/CC published advisory #800113 referring to a DNS cache poisoning vulnerability discovered by Dan Kaminsky that will be fully disclosed on August 7 at the Black Hat conference. While the long term fix for this attack and all attacks like it is Secure DNS, we know we can't get the root zone signed, or the .COM zone signed, or the registrar / registry system to carry zone keys, soon enough. So, as a temporary workaround, the affected vendors are recommending that Dan Bernstein's UDP port randomization technique be universally deployed. Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I've heard plenty of complaints, and I've watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally... more»
Planning for a short trip to Hong Kong tomorrow reminded me of Jonathan Shea, something I wanted to blog about but was waiting for the hype around the new generic Top-Level Domains (TLDs) to cool down. Jonathan Shea is an old friend who is in-charge of ".hk". I had the pleasure to catch up with him in Paris ICANN meeting. Before Jonathan, let me talk about something related that happened in Paris. At the Cross Constituency Meeting, there was a presentation by the Anti-Phishing Working Group (APWG). In summary, they were proposing working with registries to take down domain names that are suspected to be involved in phishing. more»
Gartner, the well known IT consulting company, has published a report on the new top level domains that will appear some time next year. The report totally misses the mark. In a pure US centric vision, it focuses on ".com" as the must-have TLD, totally overlooking the fact that a ".com" is mostly worthless e.g. in Germany, where ".de" is the TLD one must have to succeed locally... more»
Wow. It's out. It's finally, finally out... So there's a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes...somewhere. Not where it was supposed to... I'm pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn't get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely. It was a good day... more»
Lost amid the furor about ICANN's rule change that may (or may not) lead to a flood of TLDs is the uncomfortable fact that almost without exception, the new TLDs created since 2000 have been utter failures. Other than perhaps .cat and .mobi, they've missed their estimates of the number of registrations by orders of magnitude, and they haven't gotten mindshare in the target community. So what went wrong? more»
The recent decision by ICANN to start a new round of applications for new generic Top-Level Domains (gTLDs) is launching a round of questions on the IETF side about its consequences. One possible issue may be with vanity gTLDs like apple, ebay etc. Some expect that every Fortune 1,000,000 company will apply for its own TLD. My guess is rather the Fortune 1,000 for a start, but this does not change the nature of the issue, i.e. those companies may want to use email addresses like user@tld. more»
At its 32d International Junket Meeting last week, ICANN's Board approved the GNSO Council's recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings... more»
In this article I will explain the motivations behind the SocialDNS Project. I will justify why the DNS system is NOT the phone book of the Internet. More concretely, DNS is not a public directory nor enables search mechanisms over meta-information related to domains. In this line, I will present the advantages of SocialDNS, a naming and directory system that aims to become the phone book of the Web. SocialDNS is NOT another alternative DNS root nor aims to replace the current DNS for resolving domain names. It complements the existing DNS to offer advanced services that are beyond the scope of the existing infrastructure for Web settings. more»
Alexa Raad, CEO of .ORG, The Public Interest Registry, has been chosen as one of the leading women in Washington business by The Washington Business Journal's fifth-annual Women Who Mean Business Awards. ›››
.ORG, The Public Interest Registry is pleased to announce the next guest blogger for our DNSSEC FUD Buster series. Ram Mohan is the Executive Vice President, & Chief Technology Officer of Afilias Limited. Ram has led the strategic growth initiatives at Afilias Limited in registry services and security as well as new product sectors such as RFID/Auto-ID, global DNS and Internationalized Domain Names (IDNs). ›››
.ORG, The Public Interest Registry is pleased to announce of first guest blogger for our DNSSEC FUD series. John Kristoff works as a research analyst for Team Cymru, a Internet Security Research company based in Chicago specializing in the 'who' and the 'why' of Internet crime. ›››
The Registry Internet Safety Group (RISG) is a global group of responsible Internet related companies whose mission is to work collaboratively to combat Internet identity theft. Even though RISG is uniquely Registry focused, it includes both gTLD and ccTLD members. RISG is intended to complement and not duplicate existing Internet security efforts. ›››
The following post is based on a recent discussion .ORG had with Dan Kaminsky, a DNS expert best know for discovering a serious DNS bug, about DNSSEC and how it is a critical step toward bolstering Internet security. ›››
World's largest and most advanced video search engine, has chosen NeuStar's UltraDNS Managed DNS Services to augment the performance, reliability, and scalability of the blinkx network infrastructure and to take advantage of NeuStar's innovative suite of traffic management services. ›››
NeuStar today announced that The LEGO Group, a leading toy manufacturer headquartered in Denmark, has chosen NeuStar's UltraDNS Managed DNS Service to enhance the reliability of The LEGO Group's web-based operations, including a significant global e-commerce presence. ›››
nugg.ad, a German company based in Berlin that provides an application service provider (ASP) solution for predictive behavioral targeting, has chosen NeuStar's UltraDNS Managed Services to bolster the scalability and reliability of nugg.ad's DNS infrastructure. ›››
Attacks on the security of the Internet have been much in the news lately, and there is an increased urgency to take the technical steps to combat these attacks. .ORG has been doing its part to lead this process by taking introductory steps to implement DNSSEC (Domain Name System Security Extensions)... In order to make DNSSEC effective, there is one additional step that is needed -- "signing the root". ›››
NeuStar has announced that Spam Arrest, a Seattle-based company that efficiently monitors and stops automated junk email, has chosen NeuStar's UltraDNS Managed DNS and Traffic Management Services to support the delivery of services to Spam Arrest's global customer base. ›››