-
Blogs
-
News
-
Industry
-
Community
-
Topics
The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!
Less than nine months after the DNS root was signed, the rollout of DNSSEC across the Internet's top-level domains is approaching the tipping point.
Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.
There has been quite a bit of talk lately about the best way to secure a domain, mainly centered in two camps: SSL or DNSSEC. The answer is quite simple - you should use both.
Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".
The U.S. Congress' road to Stopping Online Piracy (SOPA) and PROTECT IP (PIPA) has had some twists and turns due to technical constraints imposed by the basic design of the Internet's Domain Name System (DNS). PIPA's (and SOPA's) provisions regarding advertising and payment networks appear to be well grounded in the law enforcement tradition called following the money, but other provisions having to do with regulating American Internet Service Providers (ISPs) so as to block DNS resolution for pirate or infringing web sites have been shown to be ineffectual, impractical, and sometimes unintelligible. more»
The debate continues as to whether ISP's can effectively filter DNS results in order to protect brand and copyright holders from online infringement. It's noteworthy that there is no argument as to whether these rights holders and their properties deserve protection - nobody is saying "content wants to be free" and there is general agreement that it is harder to protect rights in the Internet era where perfect copies of can be made and distributed instantaneously. What we're debating now is just whether controlling DNS at the ISP level would work at all and whether the attempt to insert such controls would damage Secure DNS (sometimes called DNSSEC). more»
"Breaking the Internet" is really hard to do. The network of networks is decentralized, resilient and has no Single Point Of Failure. That was the paradigm of the first few decades of Internet history, and most people involved in Internet Governance still carry that model around in their heads. Unfortunately, that is changing and changing rapidly due to misguided government intervention. more»
About two months ago, I got together with some fellow DNS engineers and sent a letter to the U. S. Senate explaining once again why the mandated DNS filtering requirements of S. 968 ("PIPA") were technically unworkable. This letter was an updated reminder of the issues we had previously covered... In the time since then, the U. S. House of Representatives has issued their companion bill, H. R. 3261 ("SOPA") and all indications are that they will begin "markup" on this bill some time next week. more»
Last year the municipality of Gavle asked my company if we could help them load share the streaming pictures of the famous Christmas goat in Gävle. I accepted the invitation and set up a separate domain. My own interest in this was of course to track the usage of IPv6 and validation of DNSSEC from the visitors of the site. more»
It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more»
The front page story of the September 13 2011 issue of the International Herald Tribune said it all: "Iranian activists feel the chill as hacker taps into e-mails." The news story relates how a hacker has "sneaked into the computer systems of a security firm on the outskirts of Amsterdam" and then "created credentials that could allow someone to spy on Internet connections that appeared to be secure." According to this news report this incident punched a hole in an online security mechanism that is trusted by hundreds of millions of Internet users all over the network. more»
The Domain Name System Security Extensions (DNSSEC) is a suite of IETF-developed specifications designed to validate information provided by the Domain Name System (DNS). ... When the root zone was signed in June 2010, this acted as a catalyst for TLD operators to deploy DNSSEC on their side. We have seen a gradual but significant increase in signed TLDs since then. The map in this post shows the level of DNSSEC deployment in Europe. more»
At the time of this writing DNSSEC mostly does not work. This is not a bad thing - in fact it's expected... There is a significant last-mover advantage DNSSEC deployment (or IPv6 deployment) and that can't be helped. It's all in a good cause though - everybody knows we need this stuff and some farsighted contributors put a lot of money and other resources into DNSSEC years or decades ago to ensure that when the time comes the world will have a migration path. Sadly, this leaves current investors and application designers and developers wondering whether there's a market yet. more»
A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 ("PROTECT IP Act"). The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading DNS designers, operators, and researchers, responsible for numerous RFCs for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet. more»
NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years. more»
Less than nine months after the DNS root was signed, the rollout of DNSSEC across the Internet's top-level domains is approaching the tipping point. Thanks to the combined efforts of registries around the world, the new security protocol will soon be available to the majority of domain name registrants in almost a quarter of all TLDs. more»
When I see glib talk about the inevitable transition to IPv6 or DNSSEC, I have to wonder what industry people think they are working in. Let me give an example that has nothing to do with networking: storage capacity. Now if there is one constant that everyone in the computing industry can agree on it is that they expect storage media capacity to increase. more»
I consult on communication issues for Neustar, an Internet infrastructure company. As most CircleIDers know, Neustar works behind the scenes to ensure the smooth operation of many critical systems like DNS, .us and .biz, local number portability and digital rights management. One of the cool things about working for them is the chance to attend the events they sponsor. Last week Neustar held a security briefing for senior federal IT personnel focused on Cybersecurity and Domain Name System Security Extensions (DNSSEC)... more»
Many of us were expecting radical changes in 2010 to the domain name market. There definitely were some of those -- just not the ones I expected. From the seizure of domains names by the US Government to ICANN's removal of restrictions on Registry/Registrar cross-ownership, 2010 was a year full of surprises. In this post, I've compiled what I think were the biggest domain name stories in 2010. more»
