DNS Security

Noteworthy

 Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.

 DNSSEC technology standards have been stable and mature since 2007, with only updates, clarifications, and new functionality added since then.

 Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".

 The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!

DNS Security / Featured Blogs

Watch LIVE: ICANN 59 DNSSEC Workshop - June 26 at 7:00am UTC

Want to learn more about DNSSEC deployment challenges? Interested in learning about a DANE middlebox for HTTPS? Curious about how the upcoming DNSSEC Root Key Rollover will affect systems? And have you heard about the CDS and CDNSKEY records for DNS? What are they -- and what impact will they have on ICANN policies? more»

Call for Participation - DNSSEC Workshop at ICANN 59 in Johannesburg

Do you have ideas about DNSSEC or DANE that you would like to share with the wider community? Have you created a new tool or service? Have you found a way to use DNSSEC to secure some other service? Do you have new statistics about the growth or usage of DNSSEC, DANE or other related technology? If so, and if you will be in Johannesburg, South Africa, for ICANN 59 in June 2017 (or can get there), please consider submitting a proposal to speak at the ICANN 59 DNSSEC Workshop! more»

ICANN Complaint System Easily Gamed

ICANN's WDPRS system has been defeated. The system is intended to remove or correct fraudulently registered domains, but it does not work anymore. Yesterday I submitted a memo to the leadership of the ICANN At-Large Advisory Committee (ALAC) and the greater At-Large community. The memo concerns the details of a 214-day saga of complaints about a single domain used for trafficking opioids. more»

And the Wait Continues for .Corp, .Home and .Mail Applicants

On 6 March 2017, ICANN's GDD finally responded to an applicant letter written on 14 August 2016 to the ICANN Board. This was not a response from the ICANN Board to the letter from 2016 but a response from ICANN staff. The content of this letter can best be described as a Null Response. It reminded the applicants that the Board had put the names on hold and was still thinking about what to do. more»

Here is the DNSSEC Activity at ICANN 58 in Copenhagen March 12-15, 2017

Want to learn more about the current state of DNSSEC? Want to see demos of new software to secure email? Curious about the potential impact of the Root Key Rollover happening this year? Next week in Copenhagen, Denmark, ICANN 58 will include some great technical info about DNSSEC and DANE happening in several sessions. Here is the plan... more»

At the NCPH Intersessional, Compliance Concerns Take Centre Stage

The non-contracted parties of the ICANN community met in Reykjavík last week for their annual intersessional meeting, where at the top of the agenda were calls for more transparency, operational consistency, and procedural fairness in how ICANN ensures contractual compliance. ICANN, as a quasi-private cooperative, derives its legitimacy from its ability to enforce its contracts with domain name registries and registrars... more»

The Root of the DNS

Few parts of the Domain Name System are filled with such levels of mythology as its root server system. Here I'd like to try and explain what it is all about and ask the question whether the system we have is still adequate, or if it's time to think about some further changes. The namespace of the DNS is a hierarchically structured label space. Each label can have an arbitrary number of immediately descendant labels, and only one immediate parent label. more»

Cyber-Terrorism Rising, Existing Cyber-Security Strategies Failing, What Are Decision Makers to Do?

While conventional cyber attacks are evolving at breakneck speed, the world is witnessing the rise of a new generation of political, ideological, religious, terror and destruction motivated "Poli-Cyber™" threats. These are attacks perpetrated or inspired by extremists' groups such as ISIS/Daesh, rogue states, national intelligence services and their proxies. They are breaching organizations and governments daily, and no one is immune. more»

New Report on "State of DNSSEC Deployment 2016" Shows Continued Growth

Did you know that over 50% of .CZ domains are now signed with DNS Security Extensions (DNSSEC)? Or that over 2.5 million .NL domains and almost 1 million .BR domains are now DNSSEC-signed? Were you aware that around 80% of DNS clients are now requesting DNSSEC signatures in their DNS queries? And did you know that over 100,000 email domains are using DNSSEC and DANE to enable secure email between servers? more»

Call for Participation - ICANN DNSSEC Workshop at ICANN58 in Copenhagen

Do you have new information about DNSSEC or DANE that you would like to share with the wider community? Have you created a new tool or service? Have you found a way to use DNSSEC to secure some other service? Do you have new statistics about the growth or usage of DNSSEC, DANE or other related technology? If so, and if you will be in Copenhagen, Denmark, for ICANN 58 in March 2017 (or can get there), please consider submitting a proposal to speak at the ICANN 58 DNSSEC Workshop! more»