DNS

DNS / Recently Commented

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

What is Anti-Spam?

There's a lot of argument as to which "anti-spam" techniques are legitimately so called. In this article, I'd like to consider what constitutes an anti-spam technique in an ideal sense, then consider the various practiced approaches to spam mitigation in that light, drawing conclusions as to how we should frame the "anti-spam" discussion. ...For the purposes of this discussion, let "spam" refer to "unsolicited bulk email". Not everyone agrees on this definition, but it's by far the most widely accepted, and without a working definition we won't be able to define "anti-spam"... more»

Let Me Make Yeti-DNS Perfectly Clear

The following rather alarming text caught my eye today... Had the text appeared under a less august letterhead, or signed by less qualified authors, there would be no cause for alarm. However, the letterhead was World Economic Forum and the authors were William J. Drake, Vinton G. Cerf, and Wolfgang Kleinwächter. As one of three coordinators for the Yeti-DNS project, this feels a bit like I'm in big trouble now. So, let's discuss the matter. more»

DNSSEC Workshop Streaming Live from ICANN 55 in Marrakech on Wednesday, March 9, 2016

What is the current state of DNSSEC deployment around the world and also in Africa? How can you deploy DNSSEC at a massive scale? What is the state of using elliptic curve crypto algorithms in DNSSEC? What more can be done to accelerate DNSSEC deployment? Discussion of all those questions and much more can be found in the DNSSEC Workshop streaming live out of the ICANN 55 meeting in Marrakech, Morocco, on Wednesday, March 9, from 9:00 to 15:15 WET. more»

Whatever Happened with Namespace Collision Issues and the gTLD Round of 2012

The new gTLD program of 2012, based on the Generic Names Supporting Organization (GNSO) policy recommendations of 2007, has been both a success and mess. In terms of its success, many new and innovative names are being introduced on the Internet, more most every day. The mess has involved ad-hoc, independent decisions by the Board and implementation decisions by ICANN staff that have resulted in variety of problems including a broken community evaluation process... more»

ICANN CEO Farewell Letter Overlooks Innovation

Departing ICANN CEO Fadi Chehadé has penned a goodbye letter to the organisation's Board as he prepares to leave this March. The 7-page letter reads like a long list of Chehadé's achievements since he took over the helm in 2012. Whilst there can be little doubt about Chehadé's tireless energy and dedication to making ICANN a more effective governance mechanism for the Internet, his celebration of the last four years seems to overlook one important opportunity. more»

IPv6 and DNSSEC Are Respectively 20 and 19 Years Old. Same Fight and Challenges?

A few weeks ago I came across an old interview of me by ITespresso.fr from 10 years back entitled "IPv6 frees human imagination". At the time, I was talking about the contributions IPv6 was expected to make and the challenges it had to face. After reading the article again, I realized that it has become a little dusty (plus a blurred photo of the interviewee :-)). But what caught my attention the most in the interview was my assertion: "If IPv6 does not prevail in 2006, it's a safe bet that it will happen in 2007". Wow! more»

How .MUSIC Will Go Mainstream and Benefit ICANN's New gTLD Program

Since the launch of the New gTLD Program in 2012, it has become evident that new gTLD registries overestimated the demand for new Top-Level Domain name extensions. Furthermore, new gTLD registries did not anticipate the hurdles in raising awareness, not to mention creating adoption for new domains. Even the most pessimistic New gTLD Program critic did not expect such uninspiring results. It was a wake up call for many in the domain industry. The New gTLD Program currently lacks credibility. No new gTLD has yet to go mainstream and capture the world's imagination. more»

Verisign's Perspective on Recent Root Server Attacks

On Nov. 30 and Dec. 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I'd like to take this opportunity to share Verisign's perspective, including how we identify, handle and react, as necessary, to events such as this. more»

Internet Root Servers Hit with Unusual DNS Amplification Attack

On Nov. 30 and Dec. 1, several of the Internet Domain Name System's root name servers received high rate of suspicious queries, reaching as high as 5 million queries per second, according to a report released by the Root Server System Advisory Council. The incident has been categorized as a unique type of DNS amplification attack. more»

Taking Back the DNS

Most new domain names are malicious. I am stunned by the simplicity and truth of that observation. Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators. The DNS industry has a lot of highly capable and competitive registrars and registries who have made it possible to reserve or create a new name in just seconds, and to create millions of them per day. Domains are cheap, domains are plentiful, and as a result most of them are dreck or worse. more»

The TPP and the DNS

On November 5, 2015 the Office of the U.S. Trade Representative (USTR) released the official text of the Trans-Pacific Partnership (TPP). That text consists of 30 separate Chapters totaling more than 2,000 pages, and is accompanied by four additional Annexes and dozens of Related Instruments. Only those who negotiated it are likely to have a detailed understanding of all its provisions, and even that probably overstates reality. more»

Steering Website Traffic with Managed DNS vs. IP Anycast

I recently read an interesting post on LinkedIn Engineering's blog entitled "TCP over IP Anycast -- Pipe dream or Reality?" The authors describe a project to optimize the performance of www.linkedin.com. The web site is served from multiple web server instances located in LinkedIn's POPs all over the world. Previously LinkedIn used DNS geomapping exclusively to route its users to the best web server instance, but the post describes how they tried using BGP routing instead. more»

DNS Deregulation (Part 1 of 3)

The domain name system (DNS) market is going through significant change. Barriers to entry have dropped, as hundreds of new generic top-level-domains (TLDs) are being introduced. Substantial new sources of capital have invested in the market. While at the same time, overall domain name sales volume has slowed. Recent M&A activities suggest market consolidation focused on building scale. more»

Global Paradigms We Relied Upon Were Destroyed Overnight - How Prepared Are You for New Realities?

Unprecedented new Political and Cyber Security Threats are happening at a scale that has never been witnessed before. These threats are large and malicious enough to take down nuclear programs, render oil refineries inoperable, and take billion-dollar websites offline (not to mention smaller ones). Recent events confirm that NO ONE IS IMMUNE. Despite the obvious warning signs, Internet business stakeholders the world over continue to act as if nothing has changed, and seem unaware that global paradigms have undergone a seismic shift almost overnight. more»