Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS Security |
Sponsored by |
|
This blog post and the associated report aim to provide an overview of DNS Abuse 1related issues the Governmental Advisory Committee (GAC), part of the ICANN multi-stakeholder model, has identified. We also summarize the relevant community activity taking place to address these areas of interest and highlight remaining gaps. From 2016 to June 2023, the GAC referenced four primary categories of activity related to DNS Abuse. more
ICANN hosted a Resolver Operator Forum in mid-December, and the session had several interesting presentations that I would like to comment on here... The first presentation in this forum was from Paul Mockapetris. He pointed to the original academic published paper, Development of the Domain Name System, by Paul Mockapetris and Kevin Dunlap, published in the proceedings of ACM SIGCOMM’88. The paper noted that by 1983 it was obvious that the shared HOSTS.TXT file was not a scalable solution... more
OARC held a 2-day meeting in February, with presentations on various DNS topics. Here are some observations I picked up from the presentations in that meeting... In a world where every DNS name is DNSSEC-signed, and every DNS client validates all received DNS responses, we wouldn't necessarily have the problem of DNS spoofing. Even if we concede that universal use of DNSSEC is a long time off ... more
Nearly 92 percent of malware use DNS to gain command and control, exfiltrate data or redirect traffic, according to Cisco's 2016 Annual Security Report. It warns that DNS is often a security "blind spot" as security teams and DNS experts typically work in different IT groups within a company and don't interact frequently. more
The cybersecurity landscape in 2024 has been characterised by unprecedented complexity and rapidly evolving threats, presenting significant challenges for organisations across all sectors. As the digital attack surface expands and threat actors employ increasingly sophisticated techniques, domain security has emerged as a critical component of a robust cybersecurity strategy. more
Today is a historic day as the first generic Top-Level Domain (gTLD) has been signed. Only a few other top level domains, all of which are country code Top-Level Domains (ccTLDs), have been signed to date. This step is part of the first phase of adoption. Authoritative DNS servers need to sign and publish their zones. The second part is for the resolvers on the Internet to validate the keys. Both systems working together will provide security in the DNS. more
News broke this week about an attack in Puerto Rico that caused the local websites of Google, Microsoft, Yahoo, Coca-Cola, PayPal, Nike, Dell and Nokia to be redirected for a few hours to a phony website. The website was all black except for a taunting message from the computer hacker responsible for the attack... more
Capacity and scalability are necessary in managing DNSSEC and D/DoS. Capacity, necessary for maintaining operations during D/DoS attacks, is also necessary for increased traffic due to DNSSEC deployment. Scalability is highly important, as DNSSEC is deployed not only will greater traffic levels will be encountered, greater demand will be placed on the DNS platform. In the interest of understanding both capacity and scalability CommunityDNS conducted tests to assess the readiness of the two main DNS server platforms, BIND and NSD... more
The Internet is undergoing an evolutionary transformation resulting from the explosive growth of things that are interconnected. From single purpose sensors through wearable technologies to sophisticated computing devices, we are creating, exchanging, and consuming more data at rates that would have been inconceivable just a decade ago. The market suggests the average consumer believes this is the best world possible. As technologists, we have a responsibility to consider if we are building an Internet that is in the best interest of the user. more
The Russian Security Council has proposed development of an independent DNS which would continue to work in the event of global internet malfunctions, according to a report from RT. more
Last year there was a "threat" by anonymous group to black out Internet by using DNS Reflection/Amplification attack against the Internet DNS Root servers. I even wrote a little article about it: "End of the world/Internet". In the article I was questioning if this was even possible and what was needed as general interest and curiosity. Well, looking at the "stophaus" attack last week, we are getting some answers. more
It was not without a little trepidation that I planned the 2nd DNS Abuse Institute Forum to focus on the long-standing and often contentious definitional issues surrounding DNS Abuse. While the risk of getting stuck in the usual entrenched positions was real, it seemed to me that we had an opportunity to provide some clarity and if not change minds, at least provide perspective. more
NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years. more
At the Internet Governance Forum (IGF) 2024 in Riyadh, the Internet Standards, Security and Safety Coalition (IS3C) released a new tool: 'To deploy or not to deploy, that's the question. How to convince your boss to deploy DNSSEC and RPKI'. In this report, IS3C advocates mass deployment of these two newer generation, security-related internet standards, as their deployment contributes significantly to the safety and security of all internet users. more
The NetBeacon Institute is pleased to publish its White Paper: Proposal for PDPs on DNS Abuse. We created this paper to support and advance ICANN Community discussions on potential policy development related to DNS Abuse. From our unique perspective, we believe there are a number of issues that are constrained enough to be a successful ICANN PDP and can make a meaningful difference in our collective work against DNS Abuse. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
