DNS / Featured Blogs

Notes from NANOG 63

The following is a selected summary of the recent NANOG 63 meeting, held in early February, with some personal views and opinions thrown in! ...One view of the IETF's positioning is that as a technology standardisation venue, the immediate circle of engagement in IETF activities is the producers of equipment and applications, and the common objective is interoperability. more»

The Why and How of DNS Data Analysis

A network traffic analyzer can tell you what's happening in your network, while a Domain Name System (DNS) analyzer can provide context on the "why" and "how." This was the theme of the recent Verisign Labs Distinguished Speaker Series discussion led by Paul Vixie and Robert Edmonds, titled Passive DNS Collection and Analysis -- The "dnstap" Approach. more»

Over 75% of All Top-Level Domains (TLDs) Now Signed With DNSSEC

As I was entering in data for the weekly DNSSEC Deployment Maps, I was struck by the fact that we are now at the point where 617 of the 795 top-level domains (TLDs) are now signed with DNSSEC. You can see this easily at Rick Lamb's DNSSEC statistics site...Now, granted, most of that amazing growth in the chart is because all of the "new generic TLDs" (newgTLDs) are required to be signed with DNSSEC, but we are still seeing solid growth around the world. more»

Where Do Old Protocols Go To Die?

In Ripley Scott's classic 1982 science fiction film Blade Runner, replicant Roy Batty (portrayed by Rutger Hauer) delivers this soliloquy... "I've...seen things you people wouldn't believe... Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those... moments... will be lost in time, like (cough) tears... in... rain. Time... to die." more»

IANA Transition Planning Proceeding in Fine Internet Style

Hundreds of individuals from across the Internet community have spent countless hours over the last several months crafting plans for the transition of the stewardship of the IANA functions from NTIA to the global multistakeholder community. The fruits of that labor have become highly evident within the past weeks, as two out of three components of the transition plan obtained the consensus of their communities while the third continued its intensive progress. more»

CircleID's Top 10 Posts of 2014

Here we are with CircleID's annual roundup of top ten most popular posts featured during 2014 (based on overall readership). Congratulations to all the participants whose posts reached top readership and best wishes for 2015. more»

DNSSEC Adoption Part 3: A Five Day Hole in Online Security

Implementing security requires attention to detail. Integrating security services with applications where neither the security service nor the application consider their counterpart in their design sometimes make plain that a fundamental change in existing practices is needed. Existing "standard" registrar business practices require revision before the benefits of the secure infrastructure foundation DNSSEC offers can be realized. more»

Call For Participation - ICANN 52 DNSSEC Workshop on 11 Feb 2015 In Singapore

If you will be at ICANN 52 in Singapore in February 2015 (or can get there) and work with DNSSEC or the DANE protocol, we are seeking proposals for talks to be featured as part of the 6-hour DNSSEC Workshop on Wednesday, February 11, 2015. The deadline to submit proposals is Wednesday, December 10, 2015... The full Call For Participation is published online and gives many examples of the kinds of talks we'd like to include. more»

Nameserver Operators Need the Ability to "Disavow" Domains

Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more»

The Resolvers We Use

The Internet's Domain Name System is a modern day miracle. It may not represent the largest database that has ever been built, but nevertheless it's truly massive. And even if it's not the largest database that's ever been built, it's perhaps one of the more intensively used... Given the fragmentation of the IPv4 address space with the widespread use of various forms of address sharing, then it increasingly looks as if the DNS is the only remaining common glue that binds the Internet together as a single network. more»