On January 18, 2012, Comcast customers found they could not access the NASA.gov website. Some users assumed that Comcast was deliberately blocking the website or that NASA, like Wikipedia and Reddit, was participating in the "blackout" protests against the Stop Online Piracy Act (SOPA) going on that day. As it turned out, the truth was much less exciting, but it offers important lessons about DNSSEC. more
Since 2005, Infoblox has commissioned a survey by The Measurement Factory, a research firm that specializes in performance testing and protocol compliance. The studies examine key aspects of the Internet's Domain Name infrastructure with results that uncover trends in DNS server configuration and deployed features. Some topics that have helped define the survey over the years have been arguably more leading edge (DNSSEC), while others are best described as quotidian (lame servers). more
As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more
The U.S. Congress' road to Stopping Online Piracy (SOPA) and PROTECT IP (PIPA) has had some twists and turns due to technical constraints imposed by the basic design of the Internet's Domain Name System (DNS). PIPA's (and SOPA's) provisions regarding advertising and payment networks appear to be well grounded in the law enforcement tradition called following the money, but other provisions having to do with regulating American Internet Service Providers (ISPs) so as to block DNS resolution for pirate or infringing web sites have been shown to be ineffectual, impractical, and sometimes unintelligible. more
Here are the top ten most popular news, blogs, and industry updates featured on CircleID in 2011 based on the overall readership of the posts for the year. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2012. Happy New Year! more
The debate continues as to whether ISP's can effectively filter DNS results in order to protect brand and copyright holders from online infringement. It's noteworthy that there is no argument as to whether these rights holders and their properties deserve protection - nobody is saying "content wants to be free" and there is general agreement that it is harder to protect rights in the Internet era where perfect copies of can be made and distributed instantaneously. What we're debating now is just whether controlling DNS at the ISP level would work at all and whether the attempt to insert such controls would damage Secure DNS (sometimes called DNSSEC). more
"Breaking the Internet" is really hard to do. The network of networks is decentralized, resilient and has no Single Point Of Failure. That was the paradigm of the first few decades of Internet history, and most people involved in Internet Governance still carry that model around in their heads. Unfortunately, that is changing and changing rapidly due to misguided government intervention. more
Last year the municipality of Gavle asked my company if we could help them load share the streaming pictures of the famous Christmas goat in Gävle. I accepted the invitation and set up a separate domain. My own interest in this was of course to track the usage of IPv6 and validation of DNSSEC from the visitors of the site. more
About two months ago, I got together with some fellow DNS engineers and sent a letter to the U. S. Senate explaining once again why the mandated DNS filtering requirements of S. 968 ("PIPA") were technically unworkable. This letter was an updated reminder of the issues we had previously covered... In the time since then, the U. S. House of Representatives has issued their companion bill, H. R. 3261 ("SOPA") and all indications are that they will begin "markup" on this bill some time next week. more
While the global rollout of DNSSEC continues at the domain name registry level - with more than 25% of top-level domains now signed - the industry continues to focus on the problem of registrar, ISP and ultimately end-user adoption. At the ICANN meeting in Dakar in late October, engineers from some of the early-adopting registries gathered for their regular face-to-face discussion about how to break the "chicken or egg" problems of secure domain name deployment. more
A World-Renowned Source for Internet Developments. Serving Since 2002.