Chief Technology Officer at DNSstuff.com
Joined on October 15, 2008
Total Post Views: 89,499
About |
Paul is the DNS brain and strategic thinker at DNSstuff.com. Whether it’s during speaking engagements for such organizations as Web Innovators Group, or being quoted in the top trade periodicals in the industry, such as Network World, Paul is able to articulate the complexities of DNS into layman terms. A gifted photographer and woodworker, he uses his exceptional sense of humor to keep the office in high spirits. The most exhilarating moment of his life was marrying his wife, followed closely by the adoptions of his two children, Dan and Kate.
Except where otherwise noted, all postings by Paul Parisi on CircleID are licensed under a Creative Commons License.
Since my last post about DNS subversion we have had some good feedback. We had 29 responses, I agree a small sample, but what we found is very interesting. Let's remind ourselves of what we are looking at? Does your ISP redirect DNS queries? Specifically, if you try to make a port 53 UDP or TCP connection to a server outside of your ISP's network does it get there? more
Over the past few weeks I have been seeing reports that some ISP's are actually subverting DNS queries to their own DNS server. Oh the humanity! What this means is that when you (your computer) does a UDP or TCP Port 53 DNS query the ISP is intercepting that and directing it to their own servers. Has anyone been told by their ISP that they are doing this? No? I didn't think so... more
Every IT person has some interaction with a DNS server, even if it is not managing it. Most DNS servers, certainly the majority are sitting in some closet or rack somewhere dutifully running and collecting dust. Like a certain battery operated bunny, these services just keep on running. The durability of DNS (Domain Name System, that is) is a testimony of just how well it was designed... How often do you think about your DNS server? Here is my plan for how to keep your relationship with your DNS server alive and well. more
Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more
So this Internet thing, as we discussed in our last article, is broken. I promised to detail some of the specific things that are broken. Implicit trust is the Achilles heel of the Internet... All of the communication between the resolver and the DNS server is in plain text that can be easily seen and changed while in transit, further, the resolver completely trusts the answer that was returned... more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
Traceroute is a network tool that helps determine the path packets take as they travel from one location to another, identifying all of the "hops" along the way. I wonder why they are called hops*? Almost all operating systems have traceroute utilities built in. The command is just that "traceroute", Windows systems abbreviate the command as "tracert" to deal with the 8.3 file naming convention of old... So, let's look at what information traceroute gives you. more
In late August the White House mandated that all of the agencies in the US government have functioning DNSSEC capabilities deployed and operational by December 2009. I am suggesting here that we, as a community, commit to the same timetable. I call upon VeriSign and other registries to bring up DNSSEC support by January 2009. more
We are at an inflection point in our lifetimes. The Internet is broken, seriously broken... Almost all of the systems currently in use on the Internet are based on implicit trust. This has to change. The problem is that these systems are so embedded in our everyday lives that it would be, sort of like, changing gravity, very difficult. more