DNSSEC

Noteworthy

 Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".

 Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.

 The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!

Blogs

Refusing REFUSED

The U.S. Congress' road to Stopping Online Piracy (SOPA) and PROTECT IP (PIPA) has had some twists and turns due to technical constraints imposed by the basic design of the Internet's Domain Name System (DNS). PIPA's (and SOPA's) provisions regarding advertising and payment networks appear to be well grounded in the law enforcement tradition called following the money, but other provisions having to do with regulating American Internet Service Providers (ISPs) so as to block DNS resolution for pirate or infringing web sites have been shown to be ineffectual, impractical, and sometimes unintelligible. more»

CircleID's Top Ten Posts of 2011

Here are the top ten most popular news, blogs, and industry updates featured on CircleID in 2011 based on the overall readership of the posts for the year. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2012. Happy New Year! more»

DNS Policy is Hop by Hop; DNS Security is End to End

The debate continues as to whether ISP's can effectively filter DNS results in order to protect brand and copyright holders from online infringement. It's noteworthy that there is no argument as to whether these rights holders and their properties deserve protection - nobody is saying "content wants to be free" and there is general agreement that it is harder to protect rights in the Internet era where perfect copies of can be made and distributed instantaneously. What we're debating now is just whether controlling DNS at the ISP level would work at all and whether the attempt to insert such controls would damage Secure DNS (sometimes called DNSSEC). more»

Breaking the Internet HOWTO: The Unintended Consequences of Governmental Actions

"Breaking the Internet" is really hard to do. The network of networks is decentralized, resilient and has no Single Point Of Failure. That was the paradigm of the first few decades of Internet history, and most people involved in Internet Governance still carry that model around in their heads. Unfortunately, that is changing and changing rapidly due to misguided government intervention. more»

The Christmas Goat, IPv6 and DNSSEC - Second Season

Last year the municipality of Gavle asked my company if we could help them load share the streaming pictures of the famous Christmas goat in Gävle. I accepted the invitation and set up a separate domain. My own interest in this was of course to track the usage of IPv6 and validation of DNSSEC from the visitors of the site. more»

Technical Comments on Mandated DNS Filtering Requirements of H. R. 3261 ("SOPA")

About two months ago, I got together with some fellow DNS engineers and sent a letter to the U. S. Senate explaining once again why the mandated DNS filtering requirements of S. 968 ("PIPA") were technically unworkable. This letter was an updated reminder of the issues we had previously covered... In the time since then, the U. S. House of Representatives has issued their companion bill, H. R. 3261 ("SOPA") and all indications are that they will begin "markup" on this bill some time next week. more»

DNSSEC Update from ICANN 42 in Dakar

While the global rollout of DNSSEC continues at the domain name registry level - with more than 25% of top-level domains now signed - the industry continues to focus on the problem of registrar, ISP and ultimately end-user adoption. At the ICANN meeting in Dakar in late October, engineers from some of the early-adopting registries gathered for their regular face-to-face discussion about how to break the "chicken or egg" problems of secure domain name deployment. more»

Taking the Anti-SOPA Message to the People

It was fascinating last week to read coverage of congressional hearings around the SOPA bill, or Stop Online Privacy Act. The bill has strong support from the Motion Picture Association of America, the U.S. Chamber of Commerce and big pharmaceutical companies. It's opposed by most technology and telecom companies, plus consumer advocate groups like the Electronic Frontier Foundation and Public Knowledge. more»

Protecting Intellectual Property is Good; Mandatory DNS Filtering is Bad

It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more»

Hacking Away at the Internet's Security

The front page story of the September 13 2011 issue of the International Herald Tribune said it all: "Iranian activists feel the chill as hacker taps into e-mails." The news story relates how a hacker has "sneaked into the computer systems of a security firm on the outskirts of Amsterdam" and then "created credentials that could allow someone to spy on Internet connections that appeared to be secure." According to this news report this incident punched a hole in an online security mechanism that is trusted by hundreds of millions of Internet users all over the network. more»

DNSSEC Takes Off in Wake of Root Zone Signing

The Domain Name System Security Extensions (DNSSEC) is a suite of IETF-developed specifications designed to validate information provided by the Domain Name System (DNS). ... When the root zone was signed in June 2010, this acted as a catalyst for TLD operators to deploy DNSSEC on their side. We have seen a gradual but significant increase in signed TLDs since then. The map in this post shows the level of DNSSEC deployment in Europe. more»

Defense in Depth for DNSSEC Applications

At the time of this writing DNSSEC mostly does not work. This is not a bad thing - in fact it's expected... There is a significant last-mover advantage DNSSEC deployment (or IPv6 deployment) and that can't be helped. It's all in a good cause though - everybody knows we need this stuff and some farsighted contributors put a lot of money and other resources into DNSSEC years or decades ago to ensure that when the time comes the world will have a migration path. Sadly, this leaves current investors and application designers and developers wondering whether there's a market yet. more»

DNSSEC Baby Steps Reported at ICANN 41

The Internet is slowly beginning to adopt the new DNSSEC domain names standard, but significant challenges remain. That was the main takeaway from a four-hour workshop on the technology held during the recent ICANN 41 public meeting in Singapore, which heard from many domain registries, registrars and other infrastructure providers. more»

Six Key Issues About Operating a TLD Registry

Brand owners unfamiliar with the domain name system (DNS) are hearing that their first step in registering a top level domain (TLD) is to select a back-end TLD registry provider. The fear instilled in them is that if they don't act quickly, all available service providers will have reached their capacity. Given ICANN's tight and inflexible application submission schedule, brands don't want to be left at the starting gate. more»

DNSSEC Maintenance - Just Like Mowing the Lawn

DNSSEC is a hot topic. It's a technology newly unleashed on popular networking, which has led to countless articles and posts on the subject, including right here on CircleID. The way a lot of articles try to get your attention is to talk about a technology, like DNSSEC, in a way that makes the technology either seem really significant or really complicated. That is why a lot of articles about DNSSEC make it sound like something huge, complicated, and scary. But it's not. more»

News Briefs

NASA Website Blocked Due to DNSSEC Error

Comcast Announces Completion of DNSSEC Deployment

Internet Groups Inaugurate First of Three Cyber Security Facilities

Experts Urge Congress to Reject DNS Filtering from PROTECT IP Act, Serious Technical Concerns Raised

Nominet Rolls Out DNSSEC for 9.4 Million .UK Domains

Citrix Case Study Features Nixu DDI

Garth Bruen Discussing Whois, DNSSEC and Domain Security

DNSSEC Deployed for .COM, Internet's Largest Top-Level Domain

Most US Federal Websites More than a Year Behind Meeting DNSSEC Mandate

Free Toolkit Lets Organizations, Developers Test-Drive DNSSEC

"Practice Safe DNS" Campaign Launched to Educate on Securing DNS, Adopting DNSSEC

Study Finds Majority of U.S. Gov't Agencies Fail to Meet Security Mandate for DNSSEC Adoption

IPv6 Posing New Security Issues

Paul Kane Selected as One of Seven Security Key Holders

White House on the DNSSEC Deployment: "A Major Milestone on Internet Security"

Video: Highlights of the DNSSEC Key Signing Ceremony

ICANN Announces First DNSSEC Key Ceremony for the Root Zone

Comcast Announces Aggressive Plan to Deploy DNSSEC, Launches First Public Trial

AFNIC Invites Network Managers to Prepare for the Signing of the DNS Root in May 2010

ICANN Begins Public DNSSEC Test Plan for the Root Zone

Most Viewed

Most Commented

Afilias Updates – Sponsor

Being a .PRO When Choosing a Registry Services Partner

We're excited to bring a new top-level domain into the Afilias family and help grow the use of it. I also think it shows that the top-level domain business is a unique one -- and it's not one to be entered into lightly. ›››

Afilias Says "No" to SOPA

The Stop Online Piracy Act (SOPA) is the subject of substantial controversy in the United States, and the domain name industry is squarely in the middle of the debate. Many DNS service providers and technology developers in the industry oppose SOPA, Afilias among them. Here's why. ›››

Afilias Secures .GI, .MN, and .SC Domains with DNSSEC

Afilias, a global provider of Internet infrastructure services, today announced that it has enabled Domain Name System Security Extensions (DNSSEC) for .GI, the country code Top Level Domain (ccTLD) for Gibraltar, .MN for Mongolia, and .SC for the Seychelles. ›››

Afilias and DotAsia Collaborate on DNSSEC Implementation for .ASIA

This week, at the 79th Internet Engineering Task Force (IETF) meeting in Beijing, China, Afilias and DotAsia jointly announced that Domain Name System Security Extensions (DNSSEC) has been enabled for the .ASIA top-level domain. ›››

Afilias Improves Security for .IN Domain With DNSSEC

Afilias today announced that it has enabled Domain Name System Security Extensions (DNSSEC) for the .IN country code top-level domain (TLD) for the country of India, improving global security for this domain which houses over 700,000 .IN domains. ›››

Afilias Increases DNS Security in Latin America and the Caribbean with Deployment of DNSSEC

Afilias, a global provider of Internet infrastructure services, today announced that it has enabled Domain Name System Security Extensions (DNSSEC) for five country code Top-Level-Domains (ccTLDs) in Latin America and the Caribbean region. ›››

Afilias Receives Excellence in Online Trust Award from the Online Trust Alliance

Afilias was recognized on Thursday, September 23rd at the Online Trust Alliances' fifth annual 2010 Excellence in Online Trust Awards in Washington D.C. for its innovative leadership role in online safety initiatives over the past year. ›››

Industry Updates

Being a .PRO When Choosing a Registry Services Partner

UK Cabinet Office Looks to BlueCat Networks' Expertise and Best Practices for Securing PSN

BlueCat Networks Helps Organizations Transition to IPv6 with HP

BlueCat Networks to Host Webinar on DNS, DHCP and IPAM Featuring Independent Research Firm

Afilias Says "No" to SOPA

Giving VIP Treatment to IPAM with Nixu NameSurfer Suite 7.0.2

BlueCat Networks' IPv6-Ready Solutions Pass Critical International Security Standards

Introduction to Nixu Software: End-to-End Software-Based DNS, DHCP, IPAM Solutions for Your Network

Introducing Holistic View to DDI: Nixu NameSurfer Suite 7 Series Ships

Verisign's Matt Larson Wins 2011 InfoWorld Technology Leadership Award

Businesses Lack Safeguards Against DDoS Attacks and DNS Failures, New Research Shows

Verisign Enhances Its Managed DNS Service With Full Support for DNSSEC Compliance and Geo Location

Verisign Achieves Critical DNSSEC Milestone by Deploying Security Extensions in .com TLD

BlueCat Networks Strengthens ANZ Presence with WhiteGold Solutions Partnership

Oxford Networks Deploys BlueCat Networks DDI Technology

Participants – Random Selection