Few parts of the Domain Name System are filled with such levels of mythology as its root server system. Here I'd like to try and explain what it is all about and ask the question whether the system we have is still adequate, or if it's time to think about some further changes. The namespace of the DNS is a hierarchically structured label space. Each label can have an arbitrary number of immediately descendant labels, and only one immediate parent label. more
Necessity has led Cubans to become do-it yourself (DIY) inventors -- keeping old cars running, building strange, motorized bicycles, etc. They've also created DIY information technology like software, El Paquete Semanal, street nets and WiFi hotspot workarounds. Last June the International Telecommunication Union (ITU) adopted a standard for "low-cost sustainable telecommunications infrastructure for rural communications in developing countries," L.1700. L.1700 cable should be of interest to both DIY technologists and ETECSA. more
In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more
With over 600 "dot Brands" applied for in 2012, and hundreds now launched, 2017 seems poised to be the Year of dotBrand! "dotBrands" are top level domains (TLDs) that use the brand name to the right of the dot, as in www.mabanque.bnpparibas or www.home.cern. Many large companies across nearly every industry applied, including Google, Amazon, Citibank, VISA, McDonalds, Sony, HBO, Alibaba, and Hermes. more
We had high hopes that the Domain Name Association's Healthy Domains Initiative (HDI) wouldn't be just another secretive industry deal between rightsholders and domain name intermediaries. Toward that end, we and other civil society organizations worked in good faith on many fronts to make sure HDI protected Internet users as well. Those efforts seem to have failed. more
NANOG 69 was held in Washington DC in early February. Here are my notes from the meeting. It would not be Washington without a keynote opening talk about the broader political landscape, and NANOG certainly ticked this box with a talk on international politics and cyberspace. I did learn a new term, "kinetic warfare," though I'm not sure if I will ever have an opportunity to use it again! more
Although rarely used, the usTLD Rapid Suspension Dispute Policy (usRS) allows a trademark owner to seek the suspension of a domain name in the .us country-code top-level domain (ccTLD). The usRS has many things in common with the Uniform Rapid Suspension System (URS), which applies to domain names in the new generic top-level domains (gTLD). more
Several years ago, vulnerability disclosure programs, also called "bug bounty" programs, were novel and eyed with suspicion. Given sensitivities and potential liabilities, companies are wary of public disclosure and hackers seeking to exploit research. When a hacker presented a flaw to a company, the company was more likely to be concerned about taking legal action than making a public announcement or offering a reward. That is changing. more
Largely unnoticed by technology and Brussels wonks, the European Commission's on adequacy for international data flows was released in early January. The primary aim of this document is to promote the EU's data protection regime as the global gold standard, to which other countries should aspire. In so doing, the Commission wants to remove data protection as a bargaining chip in free trade negotiations, insisting this should instead be dealt with separately, by opening adequacy negotiations with the Commission. more
Remember not very long ago when social media experts were preaching the value of a Facebook page over a website? It was not uncommon to be told to dump your website altogether in favor of a Facebook page and Twitter feed. Why bother with HTML when you could simply hashtag your way to global success? My how times have changed. more
Open Source (OS) Management and Orchestrations (MANO) is a European Telecommunications Standards Institute (ETSI) initiative that aims to develop a Network Function Virtualization (NFV) MANO software stack, aligned with ETSI NFV. The main goal of MANO is to simplify the onboarding of virtual network components in telco cloud data centers. The initiative has gained impressive momentum among leading Communication Service Providers (CSPs) around the world as part of their NFV programs. more
The domain name system is in good health. But it's about to get even better. The Domain Name Association (DNA), the Internet domain industry's trade association, undertook an effort in 2016 it named the Healthy Domains Initiative (HDI). It's an ambitious, self-motivated effort to build on the DNS' already secure and stable platform and meet select challenges head-on, before they develop. more
Five years ago today, the ICANN Board committed to opening a second application window for the New gTLD Program as expeditiously as possible. The same resolution also directed the ICANN CEO to publish a document describing the work plan required prior to initiating a second application window. Ask a Board member or ICANN staff when they expect the next application window to open, and they will inevitably suggest 2020 -- another three years away. more
US leadership and influence online stems from US innovation and corporate risk-taking. But it also is the direct result of US Government policy. In the early days of the web and e-commerce, the Clinton administration recognized they had to figure out a strategy to reconcile the internet, which is global, with laws and regulations, which are domestic. Instead of demanding negotiations for shared global rules, Administration officials put forward a set of principles, which they called the Framework for Global Electronic Commerce. more
Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byRadix
Sponsored byVerisign
Sponsored byIPv4.Global