Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
DNS-over-TLS has recently become a welcome addition to the range of security protocols supported by DNS. It joins TSIG, SIG(0) and DNSSEC to add privacy, and, in the absence of validating stub resolvers, necessary data integrity on the link between a full-service resolver and the users' stub resolver. (The authenticated source feature of TLS may also offer some additional benefits for those of a nervous disposition.) Good stuff. What is not good stuff is... more
Over the last couple of weeks I have spent some time working on a project to develop a DNS cache for Windows that is intended to be reasonably secure against spoof attacks, in particular in situations where NAT firewalls may prevent port randomization. The program is evolving, but currently uses a couple of ideas to attempt to defeat spoof attacks... The source code is intended to be entirely un-encumbered, that is free in all respects. I would welcome any suggestions or comments on the aims of the project, the source code, the functionality of the program or other ideas. more
On 24 August, fifteen applicants for the .corp, .home, or .mail (CHM) new gTLDs sent a letter to the ICANN Board asking for action on the stalled process of the their applications. This points to the answer for the question I asked in march of this year: Whatever happened with namespace collision issues and the gTLD Round of 2012. As the letter from the applicants indicates, ICANN has done little to deal with issues concerned with namespace collisions in the last 2 years. Is it now time for action? more
Imagine a scenario. Your website analysis shows that your page has stopped receiving visitors, yet there are no complaints that your domain is unreachable. Strange, isn't it? You are certainly wondering: What's going on? Where are my customers? You see, what happened is that you are facing the consequences of the lack of domain name system (DNS) security. more
There is an ongoing disagreement among various members and groups in the ICANN community regarding automation -- namely, whether and to what extent automation can be used to disclose registrant data in response to legitimate data disclosure requests. A major contributing factor to the complications around automation has been confusion about how to interpret and apply Article 22 of the GDPR. more
Anyone who has been part of the community during its soon-to-be 12-years of existence will be the first to tell you that while ICANN's intentions are good, its execution, time and again, has been lacking. Unfortunately, the global business world does not and cannot accept only good intentions. Businesses require surety, consistency and clear evidence of stability before they can establish the foundation for their enterprises. more
With the COVID-19 pandemic persisting, online shopping will be the preferred method for the 2020 holiday shopping season. While staying home to shop is the safest option right now, it means consumers are more vulnerable to online fraud, counterfeits, and cyber crime. Increased online activity provides opportunities for unscrupulous infringers to abuse trusted brand names to drive visitors to their own fraudulent content. more
I am glad to announce that the European Commission has officially launched the process to select the next Registry for the .eu Top-Level Domain (TLD). This is done through a competitive procedure that will be concluded, by October 2021, with the signature of a service concession contract between the European Commission and the entity that will be entrusted with the organisation, administration and management of the .eu TLD. more
I don't know about you, but I'm starting to think that DNSSEC being so hot these days is a mixed blessing. Yes, it's wonderful that after so many years there is finally broad consensus for making DNSSEC happen. But being so prominent also means the protocol is taking shots from those who don't want to make the necessary software, hardware and operational modifications needed. And DNSSEC has taken some shots from those who just want to be contrarian. more
The latest Domain Name Industry Brief published by Verisign reports 4.5 million domain names were added to the Internet in the first three months of 2011. According to the report, the first quarter of 2011 closed with a base of more than 209.8 million domain name registrations across all Top Level Domains (TLDs), or a 2.2 percent increase over the fourth quarter of 2010. Registrations grew by 15.3 million, or 7.9 percent year over year. more
For a number of years, there have been many different high profile incidents where major websites were defaced, taken offline, or crippled due to issues related to their domain registration. Last night, there was an incident where several high profile domains went offline due to issues at their registrar, and they are now coming back online after what I am sure was a few crazy hours for their operations teams and management. more
Could the Trump administration reverse the decision to give the Internet Corporation for Assigned Names and Numbers (ICANN) autonomy from the U.S. Department of Commerce? more
I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn't protected them. more
What is so secret about the word, "Capacity"? As I read and talk with people I realize the word, "capacity" is typically missing from the DNS discussion. "Capacity" and "Security" are the two cornerstones to maximizing DNS resilience; both of which are typically missing from the DNS discussion. Have you seen a single DNS node easily process over 863,000 queries per second? Have you seen a network routinely handle over 50Gbits/second in outbound traffic alone without breaking a sweat? more
Google today announced the release of Nomulus, a new open source cloud-based registry platform that runs Google's top level domains (TLDs) and now available to everyone. more
A World-Renowned Source for Internet Developments. Serving Since 2002.