DNS

DNS / Featured Blogs

Blocking and Filtering in Collaborative Security Context - A Reflection on RFC 7754

The other day, I planned to take my 15-year-old son to the movie theatre to see "Hateful Eight" in 70mm film format. The theatre would not allow him in. Under article 240a of the Dutch penal code, it is a felony to show a movie to a minor when that movie is rated 16 or above. Even though I think I am responsible for what my son gets to see, I understand that the rating agency put a 16-year stamp on this politically-incorrect-gun-slinging-gore-and-curse-intense-comedy feature. more»

ICANN 55 Next Week In Marrakech - What to Expect

As you may know, ICANN holds three public meetings every year. The most recent one, ICANN 54, was held in Dublin... So the next ICANN meeting is being held in Marrakech, Morocco starting Saturday, March 5th through March the 10th. Up until now all three meetings were the same length and had the same basic structure. However, from this year onwards, that'll change. How that will play out in reality, however, is anyone's best guess. more»

Whatever Happened with Namespace Collision Issues and the gTLD Round of 2012

The new gTLD program of 2012, based on the Generic Names Supporting Organization (GNSO) policy recommendations of 2007, has been both a success and mess. In terms of its success, many new and innovative names are being introduced on the Internet, more most every day. The mess has involved ad-hoc, independent decisions by the Board and implementation decisions by ICANN staff that have resulted in variety of problems including a broken community evaluation process... more»

The IANA Stewardship Transition: All Eyes Turn Toward ICANN 55 in Marrakech

When in March 14, 2014, the NTIA announced its intention to step away from its historical oversight role over the IANA functions, something extraordinary happened. A global dialogue immediately ensued. The first part of this dialogue is expected to come to an end in the forthcoming ICANN annual meeting in Marrakech next week. After two years of vigorous discussions, the Internet community says it is now ready to move to the next part of the process - implementation. more»

Reflections on NANOG 66

The North American Network Operators Group (NANOG) continues to be one of the major gatherings on network operators and admins, together with the folk who work to meet the various needs of this community. Their program committee produces a program that never fails to provide thought provoking interest. Here are my reactions to some of the presentations I heard at NANOG 66, held in San Diego in February. more»

ICANN CEO Farewell Letter Overlooks Innovation

Departing ICANN CEO Fadi Chehadé has penned a goodbye letter to the organisation's Board as he prepares to leave this March. The 7-page letter reads like a long list of Chehadé's achievements since he took over the helm in 2012. Whilst there can be little doubt about Chehadé's tireless energy and dedication to making ICANN a more effective governance mechanism for the Internet, his celebration of the last four years seems to overlook one important opportunity. more»

Can We Really Blame DNSSEC for Larger-Volume DDoS attacks?

In its security bulletin, Akamai's Security Intelligence Response Team (SIRT) reported on abuse of DNS Security Extensions (DNSSEC) when mounting a volumetric reflection-amplification attack. This is not news, but I'll use this opportunity to talk a bit about whether there is a trade-off between the increased security provided by DNSSEC and increased size of DNS responses that can be leveraged by the attackers. more»

DNS MythBusters - Straightening Out Common Misconceptions

Over the last couple of years, the networking industry has grown aware of the various security issues that could potentially have a huge impact on their operations. One of the topics that has raised in appeal is DNS security. Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. more»

IPv6 and DNSSEC Are Respectively 20 and 19 Years Old. Same Fight and Challenges?

A few weeks ago I came across an old interview of me by ITespresso.fr from 10 years back entitled "IPv6 frees human imagination". At the time, I was talking about the contributions IPv6 was expected to make and the challenges it had to face. After reading the article again, I realized that it has become a little dusty (plus a blurred photo of the interviewee :-)). But what caught my attention the most in the interview was my assertion: "If IPv6 does not prevail in 2006, it's a safe bet that it will happen in 2007". Wow! more»

IANA: Keeping the Ultimate Objective in Mind

Later this week, ICANN's Chartering Organizations will indicate whether they will support the third draft proposal of the CCWG-Accountability Work Stream 1 Recommendations. This is a significant moment in the IANA transition process. Support for the accountability proposal by the ICANN community will mean that we are very close to a point when the transition can move to its next phase. more»