DNS Security

Sponsored
by

Noteworthy

Blogs

Why You Must Learn to Love DNSSEC

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more

Call for Participation - ICANN DNSSEC Workshop at ICANN62, Panama City

Would you like to share information about how you are using DNSSEC with the wider technical community? Do you have an idea for how to make DNSSEC or DANE work better? Or work with new applications? If so - and if you will be attending ICANN 62 in Panama City, Panama from 25-28 June 2018 - then please consider sending in a proposal to participate as a speaker in the ICANN 62 DNSSEC Workshop! more

Takeaways from the DNS-OARC's 28th Workshop

March has seen the first of the DNS Operations, Analysis, and Research Center (OARC) workshops for the year, where two days of too much DNS is just not enough! These workshops are concentrated within two days of presentations and discussions that focus exclusively on the current state of the DNS. Here are my impressions of the meeting. more

Have We Reached Peak Use of DNSSEC?

The story about securing the DNS has a rich and, in Internet terms, protracted history. The original problem statement was simple: how can you tell if the answer you get from your query to the DNS system is 'genuine' or not? The DNS alone can't help here. You ask a question and get an answer. You are trusting that the DNS has not lied to you, but that trust is not always justified. more

CircleID's Top 10 Posts of 2017

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018. more

DDOS and the DNS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of "landmark" DDOS attacks on the Internet. It's up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? more

Caribbean Businesses Can Make Good Use of Free DNS Security

IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance (GCA) unveiled a free Domain Name System (DNS) service designed to protect all Internet users from a wide range of common cyber threats. Launched on November 16 with simultaneous press events in London, Maputo and New York, the public DNS resolver has strong privacy and security features built-in and can be enabled with a few changes to network settings, as outlined on the organisation's website. more

An Overview of the 27th DNS Operations, Analysis, and Research Center Meetings

The DNS Operations, Analysis, and Research Center (DNS-OARC) meetings are an instance of a meeting that concentrates on the single topic of the DNS, and in this case, it delves as deep as anyone is prepared to go! It's two days where too much DNS is barely enough! The hot topic of the meeting was the news that the proposed roll of the Key-Signing-Key of the root zone of the DNS, originally scheduled for October 11, was to be postponed. more

A Closer Look at Postponing of the Root Zone KSK Rollover Decision

On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision. more

Evolution of the Dot Brand Domains in 5 Years

ICANN's last new gTLD application closed in 2012 with more than 600 brands applying for their dot brand. Dot brand domains associate a keyword or keyphrase and a brand name in a complete domain name... To understand better how the evolution of the dotBrand has been throughout these years, number of websites launched, redirects, registries etc, Dot Brand Observatory prepared a few visual graphics. more

Probability of ROI and Tighter Network Security by Blocking Malicious Subdomains

Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more

CAICT Holds ICANN 59 China Internet Community Readout Session

In afternoon of 14th July, the China Academy of Information and Communication Technology (CAICT) and ICANN Beijing Engagement Center jointly held the ICANN 59 China Internet Community Readout Session. Mr. Zhang Ya, Deputy Director of Information and Communication Authority under the Ministry of Industry and Information Technology (MIIT), made his presence and gave opening remarks on the meeting. Over 40 representatives from the Cyberspace Administration, the Ministry of Foreign Affairs, domain name registries and registrars, industrial organizations, institutes and universities participated in the seminar. more

Watch LIVE: ICANN 59 DNSSEC Workshop - June 26 at 7:00am UTC

Want to learn more about DNSSEC deployment challenges? Interested in learning about a DANE middlebox for HTTPS? Curious about how the upcoming DNSSEC Root Key Rollover will affect systems? And have you heard about the CDS and CDNSKEY records for DNS? What are they -- and what impact will they have on ICANN policies? more

Call for Participation - DNSSEC Workshop at ICANN 59 in Johannesburg

Do you have ideas about DNSSEC or DANE that you would like to share with the wider community? Have you created a new tool or service? Have you found a way to use DNSSEC to secure some other service? Do you have new statistics about the growth or usage of DNSSEC, DANE or other related technology? If so, and if you will be in Johannesburg, South Africa, for ICANN 59 in June 2017 (or can get there), please consider submitting a proposal to speak at the ICANN 59 DNSSEC Workshop! more

ICANN Complaint System Easily Gamed

ICANN's WDPRS system has been defeated. The system is intended to remove or correct fraudulently registered domains, but it does not work anymore. Yesterday I submitted a memo to the leadership of the ICANN At-Large Advisory Committee (ALAC) and the greater At-Large community. The memo concerns the details of a 214-day saga of complaints about a single domain used for trafficking opioids. more

News Briefs

Russia in Talks to Create Independent DNS

IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites

ICANN Delays Plans to Change DNS Cryptographic Key, Says Near 750 Million People at Risk if Rushed

NIST Publishes Guide for DNS-Based Email Security, Draft Open for Public Comments

Sweden Makes its TLD Zone File Publicly Available

Large Volume of DNSSEC Amplification DDoS Observed, Akamai Reports

91.3% of Malware Use DNS as a Key Capability

ISOC's DNSSEC Deployment Map Available In Global Internet Maps (Interactive)

Paul Vixie on How the Openness of the Internet Is Poisoning Us

GSA Looking Into .gov Outages

ISOC Joins Forces with Shinkuro and Parsons to Promote Global Deployment of DNSSEC

U.S. CERT Issues Alert on DNS Amplification Attacks

Google Announces DNSSEC Support for Public DNS Service

Report Reveals Planned DNSSEC Adoption of 2010 by Key Industries Still in Limbo

Internet Society ION Conferences: Call for Speakers - IPv6 and DNSSEC Experts

Google Notifying Half a Million Users Affected By DNSChanger

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

Why SOPA Defender Joins Internet Society as Regional Director

NASA Website Blocked Due to DNSSEC Error

Comcast Announces Completion of DNSSEC Deployment

Most Viewed

Most Commented

Afilias Updates – Sponsor

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

IDG's Computerworld announces Ram Mohan, Afilias' executive vice president and chief technology officer, as a 2016 Premier 100 Technology Leaders honoree. This year's Premier 100 spotlights 100 leaders of companies for their exceptional technology leadership and innovative approaches to business challenges. more

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

IONs are part of the Internet Society's Deploy360 Programme, which aims to foster the global adoption of key Internet technology standards such as IPv6, DNSSEC, and secure routing protocols. more

Being a .PRO When Choosing a Registry Services Partner

We're excited to bring a new top-level domain into the Afilias family and help grow the use of it. I also think it shows that the top-level domain business is a unique one -- and it's not one to be entered into lightly. more

Afilias Says "No" to SOPA

The Stop Online Piracy Act (SOPA) is the subject of substantial controversy in the United States, and the domain name industry is squarely in the middle of the debate. Many DNS service providers and technology developers in the industry oppose SOPA, Afilias among them. Here's why. more

Afilias Secures .GI, .MN, and .SC Domains with DNSSEC

Afilias, a global provider of Internet infrastructure services, today announced that it has enabled Domain Name System Security Extensions (DNSSEC) for .GI, the country code Top Level Domain (ccTLD) for Gibraltar, .MN for Mongolia, and .SC for the Seychelles. more

Afilias and DotAsia Collaborate on DNSSEC Implementation for .ASIA

This week, at the 79th Internet Engineering Task Force (IETF) meeting in Beijing, China, Afilias and DotAsia jointly announced that Domain Name System Security Extensions (DNSSEC) has been enabled for the .ASIA top-level domain. more

Afilias Improves Security for .IN Domain With DNSSEC

Afilias today announced that it has enabled Domain Name System Security Extensions (DNSSEC) for the .IN country code top-level domain (TLD) for the country of India, improving global security for this domain which houses over 700,000 .IN domains. more

Industry Updates

Participants – Random Selection