DNS

DNS / Recently Commented

The .Corp, .Home & .Mail Quandary

On 24 August, fifteen applicants for the .corp, .home, or .mail (CHM) new gTLDs sent a letter to the ICANN Board asking for action on the stalled process of the their applications. This points to the answer for the question I asked in march of this year: Whatever happened with namespace collision issues and the gTLD Round of 2012. As the letter from the applicants indicates, ICANN has done little to deal with issues concerned with namespace collisions in the last 2 years. Is it now time for action? more»

Why Registry Service Providers Should be Accredited by ICANN

The merits of a Registry Service Provider accreditation programs have been debated across the Domain Industry since the most recent round of Domain Name Registries were introduced starting in 2012. This post discusses the early reasoning in support of an accreditation program; changes in the policy considerations between 2012 and now; the effects of competition on the landscape; a suggestion for how such a program might be implemented; and why such a program should be introduced now. more»

Court of Appeals Avoids "Doomsday Effect" in Iran ccTLD Decision

Earlier today the U.S. Court of Appeals for the DC Circuit issued its decision in Weinstein vs. Iran, a case in which families of terror victims sought to have ICANN turn over control of Iran's .IR ccTLD to plaintiffs. In a unanimous decision the three judge panel stated, "On ICANN's motion, the district court quashed the writs, finding the data unattachable under District of Columbia (D.C.) law. We affirm the district court but on alternative grounds." more»

Developing Internet of Things Building Blocks


The Internet is undergoing an evolutionary transformation resulting from the explosive growth of things that are interconnected. From single purpose sensors through wearable technologies to sophisticated computing devices, we are creating, exchanging, and consuming more data at rates that would have been inconceivable just a decade ago. The market suggests the average consumer believes this is the best world possible. As technologists, we have a responsibility to consider if we are building an Internet that is in the best interest of the user. more»

We Need You: Industry Collaboration to Improve Registration Data Services

For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities... The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. more»

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

What is Anti-Spam?

There's a lot of argument as to which "anti-spam" techniques are legitimately so called. In this article, I'd like to consider what constitutes an anti-spam technique in an ideal sense, then consider the various practiced approaches to spam mitigation in that light, drawing conclusions as to how we should frame the "anti-spam" discussion. ...For the purposes of this discussion, let "spam" refer to "unsolicited bulk email". Not everyone agrees on this definition, but it's by far the most widely accepted, and without a working definition we won't be able to define "anti-spam"... more»

Let Me Make Yeti-DNS Perfectly Clear

The following rather alarming text caught my eye today... Had the text appeared under a less august letterhead, or signed by less qualified authors, there would be no cause for alarm. However, the letterhead was World Economic Forum and the authors were William J. Drake, Vinton G. Cerf, and Wolfgang Kleinwächter. As one of three coordinators for the Yeti-DNS project, this feels a bit like I'm in big trouble now. So, let's discuss the matter. more»

DNSSEC Workshop Streaming Live from ICANN 55 in Marrakech on Wednesday, March 9, 2016

What is the current state of DNSSEC deployment around the world and also in Africa? How can you deploy DNSSEC at a massive scale? What is the state of using elliptic curve crypto algorithms in DNSSEC? What more can be done to accelerate DNSSEC deployment? Discussion of all those questions and much more can be found in the DNSSEC Workshop streaming live out of the ICANN 55 meeting in Marrakech, Morocco, on Wednesday, March 9, from 9:00 to 15:15 WET. more»

Whatever Happened with Namespace Collision Issues and the gTLD Round of 2012

The new gTLD program of 2012, based on the Generic Names Supporting Organization (GNSO) policy recommendations of 2007, has been both a success and mess. In terms of its success, many new and innovative names are being introduced on the Internet, more most every day. The mess has involved ad-hoc, independent decisions by the Board and implementation decisions by ICANN staff that have resulted in variety of problems including a broken community evaluation process... more»

ICANN CEO Farewell Letter Overlooks Innovation

Departing ICANN CEO Fadi Chehadé has penned a goodbye letter to the organisation's Board as he prepares to leave this March. The 7-page letter reads like a long list of Chehadé's achievements since he took over the helm in 2012. Whilst there can be little doubt about Chehadé's tireless energy and dedication to making ICANN a more effective governance mechanism for the Internet, his celebration of the last four years seems to overlook one important opportunity. more»

IPv6 and DNSSEC Are Respectively 20 and 19 Years Old. Same Fight and Challenges?

A few weeks ago I came across an old interview of me by ITespresso.fr from 10 years back entitled "IPv6 frees human imagination". At the time, I was talking about the contributions IPv6 was expected to make and the challenges it had to face. After reading the article again, I realized that it has become a little dusty (plus a blurred photo of the interviewee :-)). But what caught my attention the most in the interview was my assertion: "If IPv6 does not prevail in 2006, it's a safe bet that it will happen in 2007". Wow! more»

How .MUSIC Will Go Mainstream and Benefit ICANN's New gTLD Program

Since the launch of the New gTLD Program in 2012, it has become evident that new gTLD registries overestimated the demand for new Top-Level Domain name extensions. Furthermore, new gTLD registries did not anticipate the hurdles in raising awareness, not to mention creating adoption for new domains. Even the most pessimistic New gTLD Program critic did not expect such uninspiring results. It was a wake up call for many in the domain industry. The New gTLD Program currently lacks credibility. No new gTLD has yet to go mainstream and capture the world's imagination. more»

Verisign's Perspective on Recent Root Server Attacks

On Nov. 30 and Dec. 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I'd like to take this opportunity to share Verisign's perspective, including how we identify, handle and react, as necessary, to events such as this. more»

Internet Root Servers Hit with Unusual DNS Amplification Attack

On Nov. 30 and Dec. 1, several of the Internet Domain Name System's root name servers received high rate of suspicious queries, reaching as high as 5 million queries per second, according to a report released by the Root Server System Advisory Council. The incident has been categorized as a unique type of DNS amplification attack. more»