DNS Security

Noteworthy

 DNSSEC technology standards have been stable and mature since 2007, with only updates, clarifications, and new functionality added since then.

 Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.

 Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".

 The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!

DNS Security / Recently Commented

Counter-eCrime Operations Summit (APWG) In Prague Next Week

The sixth annual Counter-eCrime Operations Summit (CeCOS VI) will engage questions of operational challenges and the development of common resources for the first responders and forensic professionals who protect consumers and enterprises from the ecrime threat every day. This year's meeting will focus on the shifting nature of cybercrime and the attendant challenges of managing that dynamic threatscape. more»

Why SOPA Defender Joins Internet Society as Regional Director

Internet Society recently announced the appointment of former chief technology officer of Motion Picture Association of America (MPAA). The decision has raised concerns within the Internet community as Paul Brigner had campaigned for SOPA while at MPAA as well as being on record opposing net neutrality while being an official at Verizon. more»

Slowly Cracking the DNSSEC Code at ICANN 43

As regular readers know, ICANN holds lengthy, in-depth discussions devoted to DNSSEC at each of its three annual meetings. The half-day session held at ICANN 43 in Costa Rica last month was particularly interesting. What became clear is that the industry is quickly moving into the end-user adoption phase of global DNSSEC deployment. more»

IPv6 Stat Leapfrogs Expectations and Illustrates Important Role Registrars Play in Uptake

Since 2005, Infoblox has commissioned a survey by The Measurement Factory, a research firm that specializes in performance testing and protocol compliance. The studies examine key aspects of the Internet's Domain Name infrastructure with results that uncover trends in DNS server configuration and deployed features. Some topics that have helped define the survey over the years have been arguably more leading edge (DNSSEC), while others are best described as quotidian (lame servers). more»

NASA Website Blocked Due to DNSSEC Error

A misconfiguration in NASA's DNSSEC implementation on its website caused Comcast's network to block users from the site last week. NASA had incorrectly signed DNSSEC in its implementation of the new security protocol that last week, causing Comcast's newly DNSSEC-enabled service to automatically block access to the site. the day part of the Web went dark in protest of controversial anti-piracy legislation, leading some users and pundits to inaccurately speculate this was Comcast's way of protesting the government-based bills. more»

Comcast Announces Completion of DNSSEC Deployment

Comcast, a leading ISP in the U.S., has fully deployed Domain Name System Security Extensions (DNSSEC) according to a company announcement today. Jason Livingood, Comcast's Vice President of Internet Systems writes: "As of today, over 17.8M residential customers of our Xfinity Internet service are using DNSSEC-validating DNS servers. In addition, all of the domain names owned by Comcast, numbering over 5,000, have been cryptographically signed. All of our servers, both the ones that customers use and the ones authoritative for our domain names, also fully support IPv6." more»

CircleID's Top Ten Posts of 2011

Here are the top ten most popular news, blogs, and industry updates featured on CircleID in 2011 based on the overall readership of the posts for the year. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2012. Happy New Year! more»

DNSSEC Update from ICANN 42 in Dakar

While the global rollout of DNSSEC continues at the domain name registry level - with more than 25% of top-level domains now signed - the industry continues to focus on the problem of registrar, ISP and ultimately end-user adoption. At the ICANN meeting in Dakar in late October, engineers from some of the early-adopting registries gathered for their regular face-to-face discussion about how to break the "chicken or egg" problems of secure domain name deployment. more»

Taking the Anti-SOPA Message to the People

It was fascinating last week to read coverage of congressional hearings around the SOPA bill, or Stop Online Privacy Act. The bill has strong support from the Motion Picture Association of America, the U.S. Chamber of Commerce and big pharmaceutical companies. It's opposed by most technology and telecom companies, plus consumer advocate groups like the Electronic Frontier Foundation and Public Knowledge. more»

DNSSEC Baby Steps Reported at ICANN 41

The Internet is slowly beginning to adopt the new DNSSEC domain names standard, but significant challenges remain. That was the main takeaway from a four-hour workshop on the technology held during the recent ICANN 41 public meeting in Singapore, which heard from many domain registries, registrars and other infrastructure providers. more»

Six Key Issues About Operating a TLD Registry

Brand owners unfamiliar with the domain name system (DNS) are hearing that their first step in registering a top level domain (TLD) is to select a back-end TLD registry provider. The fear instilled in them is that if they don't act quickly, all available service providers will have reached their capacity. Given ICANN's tight and inflexible application submission schedule, brands don't want to be left at the starting gate. more»

DNSSEC Maintenance - Just Like Mowing the Lawn

DNSSEC is a hot topic. It's a technology newly unleashed on popular networking, which has led to countless articles and posts on the subject, including right here on CircleID. The way a lot of articles try to get your attention is to talk about a technology, like DNSSEC, in a way that makes the technology either seem really significant or really complicated. That is why a lot of articles about DNSSEC make it sound like something huge, complicated, and scary. But it's not. more»

Beyond Limitations and What Good It Would Do to ICANN to Operate from Abundance

The ICANN community is conservative. A considerable number of dedicated ICANN volunteers from various constituencies believe that ICANN should follow the unusual logic of limiting its revenues to the levels of its CURRENT estimates of expenditure. The Board, acting on the advise of the ICANN community brought down the ICANN transaction fee per domain name from 25 cents to 16 cents and in the case of numbers, for various reasons the Address Registry fees that it collects from the Regional Internet Registries have been historically kept at a negligibly low level. more»

Internet Groups Inaugurate First of Three Cyber Security Facilities

ICANN and internet exchange firm Packet Clearing House (PCH) have joined forces with Infocomm Development Authority of Singapore (IDA) and the National University of Singapore (NUS) to launch the first of three facilities designed to boost the adoption of Domain Name System Security (DNSSEC) among country code Top-Level Domains (ccTLDs). The three new facilities, located in Singapore; Zurich, Switzerland (still under construction) and San Jose, California, provide cryptographic security using the recently deployed DNSSEC protocol. more»

Nominet Rolls Out DNSSEC for 9.4 Million .UK Domains

UK registry Nominet has enabled the deployment of domain name system security extensions (DNSSEC) for 9.4 million second level .uk domains. Completing the rollout represents over a year's work and marks an important milestone in making the web a more trusted environment for UK consumers and businesses, says Nominet, which is responsible for running the .uk internet infrastructure. more»