As a strong proponent of the private right of action for all Internet endpoints and users, I've long been aware of the costs in complexity and chaos of any kind of "blocking" that deliberately keeps something from working. I saw this as a founder at MAPS back in 1997 or so when we created the first RBL to put some distributed controls in place to prevent the transmission of unwanted e-mail from low reputation Internet addresses. What we saw was that in addition to the expected costs (to spammers) and benefits (to victims) of this new technology there were unintended costs to system and network operators whose diagnostic and repair work for problems related to e-mail delivery was made more complex because of the new consideration for every trouble ticket: "was this e-mail message blocked or on purpose?" more
When I see glib talk about the inevitable transition to IPv6 or DNSSEC, I have to wonder what industry people think they are working in. Let me give an example that has nothing to do with networking: storage capacity. Now if there is one constant that everyone in the computing industry can agree on it is that they expect storage media capacity to increase. more
I don't know about you, but I'm starting to think that DNSSEC being so hot these days is a mixed blessing. Yes, it's wonderful that after so many years there is finally broad consensus for making DNSSEC happen. But being so prominent also means the protocol is taking shots from those who don't want to make the necessary software, hardware and operational modifications needed. And DNSSEC has taken some shots from those who just want to be contrarian. more
I consult on communication issues for Neustar, an Internet infrastructure company. As most CircleIDers know, Neustar works behind the scenes to ensure the smooth operation of many critical systems like DNS, .us and .biz, local number portability and digital rights management. One of the cool things about working for them is the chance to attend the events they sponsor. Last week Neustar held a security briefing for senior federal IT personnel focused on Cybersecurity and Domain Name System Security Extensions (DNSSEC)... more
Many of us were expecting radical changes in 2010 to the domain name market. There definitely were some of those -- just not the ones I expected. From the seizure of domains names by the US Government to ICANN's removal of restrictions on Registry/Registrar cross-ownership, 2010 was a year full of surprises. In this post, I've compiled what I think were the biggest domain name stories in 2010. more
Looking back at 2010, here is the list of top ten most popular news, blogs, and industry news on CircleID in 2010 based on the overall readership of the posts (total views as of Jan 1, 2011). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2011. Happy New Year! more
DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week. more
The city of Gävle in Sweden have a special Christmas tradition for which it is quite famous. Every year in December a giant Christmas Goat in straw is put in to place in one of the central town squares. In relation to this tradition a sub-tradition has emerged which the city is even more renowned for -- to burn down the poor Christmas Goat. This is of course an "illegal" act, but still of quite some interest! Web-cameras showing the status of the Christmas Goat have been put up by the city of Gävle, primarily in a purpose of control. However, when someone sets fire to the poor Goat, the traffic and need for bandwidth tend to go sky-high for these cams. more
All effective spam filters use DNS blacklists or blocklists, known as DNSBLs. They provide an efficient way to publish sets of IP addresses from which the publisher recommends that mail systems not accept mail. A well run DNSBL can be very effective; the Spamhaus lists typically catch upwards of 80% of incoming spam with a very low error rate. DNSBLs take advantage of the existing DNS infrastructure to do fast, efficient lookups. A DNS lookup typically goes through three computers... more
Today marks another key step in DNSSEC deployment. Congrats to Dan Kaminsky, chief scientist at Doxpara and one of our partners on the Practice Safe DNS campaign, on the release of his new code Phreebird. Announced today at Black Hat Abu Dhabi, Phreebird Suite 1.0 is a free, easy-to-use toolkit that lets organizations "test-drive" DNSSEC deployment. more
A World-Renowned Source for Internet Developments. Serving Since 2002.