Last month ICANN began soliciting comments on Stuart Lynn's A Plan for Action Regarding New gTLDs, which will be one of the Internet governance organization's primary discussion topics at its December meeting in Amsterdam.
In Part I of this article I set the stage for our discussion and overviewed the October 21st DDoS attacks on the Internet's 13 root name servers. In particular, I highlighted that the attacks were different this time, both in size and scope, because the root servers were attacked at the same time. I also highlighted some of the problems associated with the Domain Name System and the vulnerabilities inherent in BIND. Part II of this article takes our discussion to another level by critically looking at alternatives and best practices that can help solve the security problems we've raised.
The October 21 DDoS attacks against the 13 root-name servers containing the master domain list for the Internet's Domain Name System (DNS), (which reportedly took offline 9 of the 13 servers) remain a clear and daunting reminder of the vulnerabilities associated with online security. Many DNS authorities have named the most recent hit the largest DDoS attack against the root server system. Chris Morrow, network security engineer for UUNET, the service provider for two of the world's 13 root servers, recently told The Washington Post...
Suppose you wanted to know who operates a website at a given domain name. Perhaps you suspect that the domain name is pointing to a website that offers illegal content, or you may just want to send a comment to its authors. Conveniently, the Internet provides a so-called "WHOIS" system that ordinarily provides contact information for each registered domain. But in the case of many hundreds of thousands of domains, the WHOIS data just isn't accurate.
Recently, I entered my domain name in a "WHOIS" database query to test the results of the database by using WHOIS on a number of domain name registrar websites. WHOIS is a database service that allows Internet users to look up a number of matters associated with domain names, including the full name of the owner of a domain name, the name of the domain name hosting service, the Internet Protocol or I.P. number(s) corresponding to the domain name, as well as personally identifying information on those who have registered domain names. I was astonished to find...
When it comes to domain name disputes, no domain name has captured more media attention than sex.com. Of course, disputes about sex often obtain a great deal of attention, and the sex.com domain name dispute can grab its share of headlines because the case involves sex, theft, declared bankruptcy, a once-thriving Internet porn business, and fraud, instead of the typical cybersquatting allegations. Indeed, this case is remarkable for its potential impact on the development of caselaw concerning whether there is a valid basis to assume that trademark interests should overwhelm all non-commercial interests in the use of domain names. The answer is no, but the caselaw to support that answer is in tension with cases that strongly imply a contrary conclusion.