Protect your privacy:
Get NordVPN
[
Deal: 73% off 2-year plans + 3 extra months ]
- Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
- RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
- Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
- NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
- Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.
The .net Top Level Domain (TLD) contains the names of the main group of DNS root servers as well as the names of the servers for several other large TLDs, such as .com, .org, .arpa and .mil.
Most of the focus about the .net redelegation has concerned the quality of the registration systems. But that is a minor matter next to the quality of the name server operation. If registration problems occur then the only people affected are those who are engaged in obtaining or transferring a name. But if the name servers go awry then the entire net will be strongly affected.
Because .net contains the name servers for so many other TLDs, any weakness in the .net servers could sweep across the net like a tsunami.
Perhaps part of the .net redelegation should include an effort to reduce the dependency of other TLDs on .net. Perhaps the name servers for other TLDs should be moved out of .net
Yes, this will have an impact on the effectiveness of DNS name compression. But should we not be trying to reduce the cross-dependencies in DNS and protect against cascading net failures and reduce the interdependencies that could hinder recovery from any major failure?
—-
Originally published on CaveBear Weblog.
I have always suggested that anyone setting up a domain use name servers “in bailiwick”. I think this advice should apply to all top level domains. Thus the name servers for .net should be in .net, the name servers for .com should be in .com (not in .net as they are now), and likewise for all GTLDs and CCTLDs. That leaves the root servers themselves. So how would DNS compression be affected if for a given TLD, every name server listed is in that TLD, and for a domain in that TLD, every name server is at least in that TLD, or better yet, in that domain name itself? Why would it not be very compact?
And what about the root servers? They are in the .net TLD now. I don’t know how that would affect their operation if .net went down for some reason. Since they are pre-loaded as hints, I would think they would still resolve. But would it be possible to somehow poison .root-servers.net by means of control of .net?
It shouldn’t be possible to poison the root through control of .net because the root servers themselves give authoritative answers adequate to resolve themselves without reference to the .net authority.
I am probably not expert enough in all behaviors of all resolvers to say with certainty, but I think the roots could and probably should answer that way for all of the TLD’s authorities.