DNSSEC

Noteworthy

 There has been quite a bit of talk lately about the best way to secure a domain, mainly centered in two camps: SSL or DNSSEC. The answer is quite simple - you should use both.

 Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.

 The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!

 Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".

DNSSEC / Featured Blogs

Call for Nominations: M3AAWG J. D. Falk Award Seeks Stewards of a Better Online World

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them.  more»

Some Internet Measurements

At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP. The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. more»

A Great Bit of DNSSEC and DNS at IETF 90 Next Week

For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more»

Now Available - A Trend Chart Tracking DNSSEC Validation Globally

How can we track the amount of DNSSEC validation happening globally? Is there a way we can see the trend over time to (we hope!) see validation rise? At the recent excellent DNSSEC Workshop at ICANN 50 in London Geoff Huston let me know that his APNIC Labs team has now created this exact type of trend chart. more»

Painting Ourselves Into a Corner with Path MTU Discovery

In Tony Li's article on path MTU discovery we see this text: "The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation." Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS... more»

3 DNSSEC Sessions Happening At ICANN 50 Next Week in London

As I mentioned in a post to the Deploy360 blog today, there are three excellent sessions relating to DNSSEC happening at ICANN 50 in London next week: DNSSEC For Everybody: A Beginner's Guide; DNSSEC Implementers Gathering; DNSSEC Workshop. Find out more. more»

NANOG 61 - Impressions of Some Presentations

The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow... more»

Wow! BIND9 9.10 Is out, and What a List of Features!

Today the e-mail faerie brought news of the release of BIND9 9.10.0 which can be downloaded from here. BIND9 is the most popular name server on the Internet and has been ever since taking that title away from BIND8 which had a few years earlier taken it from BIND4. I used to work on BIND, and I founded ISC, the home of BIND, and even though I left ISC in July 2013 to launch a commercial security startup company, I remain a fan of both ISC and BIND. more»

Proceedings of Name Collisions Workshop Available

Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same. Names require context, he observed, and "computers are really bad at this" because "everything defaults to global." Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, "It would be great if we could go back 20 years and say 'Don't do that'," but concluded that policymakers have to work with DNS the way it is today. more»

DNSSEC Workshop on March 26 to Be Streamed Live from ICANN 49 in Singapore

If you are interested in DNSSEC and how it can make the Internet more secure, the DNSSEC Workshop at ICANN 49 in Singapore will be streamed live for anyone to listen and view. One of three DNSSEC-related technical events at ICANN 49, the DNSSEC Workshop takes place on Wednesday, March 26, from 8:30am - 2:45pm Singapore time. more»