DNS |
Sponsored by |
|
Report form U.S. Department of Commerce: "Enabling Growth and Innovation in the Digital Economy" ... "The report articulates the Department of Commerce’s philosophy for digital economy policymaking and demonstrates the many ways in which the Department has pursued its policy agenda consistent with that philosophy." –Penny Pritzker, U.S. Secretary of Commerce more
ICANN Meetings can be an intimidating place for first-timers or even those who have only attended for the few years. The acronyms fly fast and furious. The participants, or at least most of them, have been working on the issues for years (even decades). The technical and policy issues are complex. Luckily, however, an attendee can overcome these barriers to entry with a few drinks at the hotel bar. .. more
The EU has been pushing for the development of DNS4EU, a public European DNS resolver with built-in filtering capabilities, as a way to strengthen the "digital sovereignty" of the EU and protect citizens, companies, and public institutions from phishing attacks and malware. In December 2021, a consortium of 13 public and private companies from ten European countries were granted the project to build a public DNS resolution service tailored for the EU. more
RIPE NCC will be hosting the fifth hackathon event in Amsterdam, on 20 and 21 April, 2017. Operators, designers, researchers and developers are invited to take on the challenge and join in developing new tools and visualizations for DNS measurements. more
To some applicants, ICANN's variant management policy in DAG4 has become a big obstacle to the new generic Top-Level Domain (gTLD) application. The policy is to delegate the string while reserving the variants, and these variants will not be delegated until a sound mechanism is developed and the desired variants are evaluated. But for some languages, Chinese for example, the so called string and its variant, namely simplified Chinese and traditional Chinese, are equivalent and must be simultaneously delegated. more
There have been a number of occasions when the Internet Engineering Task Force (IETF) has made a principled decision upholding users' expectations of privacy in their use of IETF-standardised technologies. (Either that, or they were applying their own somewhat liberal collective bias to the technologies they were working on!) The first major such incident that I can recall is the IETF's response to the US CALEA measures. more
The non-contracted parties of the ICANN community met in Reykjavík last week for their annual intersessional meeting, where at the top of the agenda were calls for more transparency, operational consistency, and procedural fairness in how ICANN ensures contractual compliance. ICANN, as a quasi-private cooperative, derives its legitimacy from its ability to enforce its contracts with domain name registries and registrars... more
In today's world with botnets, viruses and other nefarious applications that use DNS to further their harmful activities, outbound DNS security has been largely overlooked. As a part of multi-layer security architecture, a DNS Firewall should not be ignored. After serving as a consultant for multiple organizations, I have encountered many companies that allow all internal devices to send outbound DNS queries to external DNS servers - a practice that can lead to myriad problems. more
The worst thing about Brexit wasn't the referendum. It was the fallout. David Cameron decided that the best way to manage a small risk was to take a big one. Finally, over three agonizing years later, the UK looks set to move on. The Internet Society – which has run the .ORG domain since 2002 – was in the same position as Cameron. They became convinced that it was worth dealing with a small risk by taking a huge one. more
The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system. The 6th ROW will be held in Madrid, on Friday May 12th 2017 in the afternoon, immediately after the GDD Industry Summit and prior to ICANN DNS Symposium and OARC 26, using the same venue as all above-mentioned events. more
Ahead of next week's ICANN meeting in Paris, I would like to consult users, At-Large Structures (ALSs) and others involved in internet governance in North America. As one of the three regional representatives on the ICANN At-Large Advisory committee, I want to make sure individuals, users and ALS's are given the chance to summit their own questions, suggestions and items to the agenda of the upcoming meeting. I'd be happy to receive your comments, and/or schedule a chat with you Mon-Thur, from 13:00-18:00 EDT. Leave a comment to this post, or leave me a message. more
In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. more
The Internet's Domain Name System undertakes a vitally important role in today's Internet. Originally conceived as a human-friendly way of specifying the location of the other end of an Internet transaction, it became the name of a service point during the transition to a client/server architecture. A domain name was still associated with an IP address, but that 1:1 association was weakened when we started adjusting to IPv4 address exhaustion. more
A domain name is a unique alphanumeric designation that facilitates reference to sets of numbers which actually locate a particular computer on the Internet. Domain names are a fundamental part of the Internet's user interface. Improving the usability of the Internet depends upon effective domain name policy. This study is intended to contribute to improvement in Internet usability for the end users of domain names. Benefits of more usable domain names include: higher sales, customer satisfaction and productivity, and reduced support costs. more
In my last post, I looked at what happens when a DNS query renders a "negative" response -- i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries. The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. more
A World-Renowned Source for Internet Developments. Serving Since 2002.