DNS Security

Noteworthy

 The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!

 Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.

 Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".

 There has been quite a bit of talk lately about the best way to secure a domain, mainly centered in two camps: SSL or DNSSEC. The answer is quite simple - you should use both.

DNS Security / Featured Blogs

3 DNSSEC Sessions Happening At ICANN 50 Next Week in London

As I mentioned in a post to the Deploy360 blog today, there are three excellent sessions relating to DNSSEC happening at ICANN 50 in London next week: DNSSEC For Everybody: A Beginner's Guide; DNSSEC Implementers Gathering; DNSSEC Workshop. Find out more. more»

NANOG 61 - Impressions of Some Presentations

The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow... more»

Wow! BIND9 9.10 Is out, and What a List of Features!

Today the e-mail faerie brought news of the release of BIND9 9.10.0 which can be downloaded from here. BIND9 is the most popular name server on the Internet and has been ever since taking that title away from BIND8 which had a few years earlier taken it from BIND4. I used to work on BIND, and I founded ISC, the home of BIND, and even though I left ISC in July 2013 to launch a commercial security startup company, I remain a fan of both ISC and BIND. more»

Proceedings of Name Collisions Workshop Available

Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same. Names require context, he observed, and "computers are really bad at this" because "everything defaults to global." Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, "It would be great if we could go back 20 years and say 'Don't do that'," but concluded that policymakers have to work with DNS the way it is today. more»

DNSSEC Workshop on March 26 to Be Streamed Live from ICANN 49 in Singapore

If you are interested in DNSSEC and how it can make the Internet more secure, the DNSSEC Workshop at ICANN 49 in Singapore will be streamed live for anyone to listen and view. One of three DNSSEC-related technical events at ICANN 49, the DNSSEC Workshop takes place on Wednesday, March 26, from 8:30am - 2:45pm Singapore time. more»

Domain Name System (DNS) Security Should Be One of Your Priorities

Most people, even seasoned IT professionals, don't give DNS (the Domain Name System) the attention it deserves. As TCP/IP has become the dominant networking protocol, so has the use of DNS... Due to the reliability built into the fundamental RFC-based design of DNS, most IT professionals don't spend much time worrying about it. This can be a huge mistake! more»

CircleID's Top 10 Posts of 2013

Here we are with CircleID's annual roundup of top ten most popular posts featured during 2013 (based on overall readership). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2014. more»

The Christmas Goat Is On Fire, Fourth Season

This year, 2013, I got 24 days of IPv6 and DNSSEC measurements. All in all it created 15GB logs with more than 62 million rows. On the 21st of December, early in the morning, the goat was "traditionally" burnt down, however this year with one exception. Via the Swedish newspaper Expressen the arsonists anonymously took the blame and also filmed their own act. more»

LAC, the DNS, and the Importance of Comunidad

The 1st Latin American & Caribbean DNS Forum was held on 15 November 2013, before the start of the ICANN Buenos Aires meeting. Coordinated by many of the region's leading technological development and capacity building organizations, the day long event explored the opportunities and challenges for Latin America brought on by changes in the Internet landscape, including the introduction of new gTLDs such as .LAT, .NGO and others. more»

DNS Tunneling: Is It a Security Threat?

DNS tunneling -- the ability to encode the data of other programs or protocols in DNS queries and responses -- has been a concern since the late 1990s. If you don't follow DNS closely, however, DNS tunneling likely isn't an issue you would be familiar with. Originally, DNS tunneling was designed simply to bypass the captive portals of Wi-Fi providers, but as with many things on the Web it can be used for nefarious purposes. For many organizations, tunneling isn't even a known suspect and therefore a significant security risk. more»