DNS Security

DNS Security / Most Viewed

What Smaller Institutions Can Learn from DDoS Attacks on Big Banks

Since last fall, several waves of distributed denial of service (DDoS) attacks have targeted major players in the U.S. banking industry. JPMorgan Chase, Wells Fargo and PNC were among the first to sustain intermittent damage. Eventually, the top 50 institutions found themselves in the crosshairs... In the months to come, security experts would praise the banks' collective response, from heightened DDoS protection to candid customer communications.. these larger institutions have learned some painful lessons that smaller firms might heed as they seek to minimize risks. more

A New Phase of Measuring DNS Abuse

Today the DNS Abuse Institute (“DNSAI” or the “ Institute”) adds a new level of reporting for our measurement project: DNSAI Compass™ (“Compass”). With this new level of reporting, we intend to show the spectrum of how malicious phishing and malware is distributed across the DNS registration ecosystem.1 To demonstrate this, we are identifying registrars and TLDs with high and low volumes of malicious domain registrations in their Domains Under Management (DUM), or new registrations. more

Comcast Announces Aggressive Plan to Deploy DNSSEC, Launches First Public Trial

Leading US ISP, Comcast, has announced today its aggressive plans to deploy DNSSEC through out its netowrk. Chris Griffiths, Manager of DNS Engineering, writes: "We plan to implement DNSSEC for the websites we manage, such as comcast.com, comcast.net and xfinity.com, by the first quarter of 2011, if not sooner. By the end of 2011, we plan to implement DNSSEC validation for all of our customers." more

Domain Name Security Gains Prominence in German-Speaking World

The 2010 Domain Pulse, hosted by SWITCH (the .CH registry) was held in the snowy Swiss city of Luzern. Domain Name Security (DNS) was of particular importance in this year's meeting with DNSSEC being implemented in the root zone in 2010 by ICANN, and by many registries in the next few years. ICANN plan to have all root servers signed with DNSSEC by mid-2010 Kim Davies, Manager, Root Zone Services at ICANN told the meeting, starting with the L root server, then A root server with the last being the J root server as all are gradually signed. more

Going for Broke: Financial Services Industry Falling Behind on DNSSEC Adoption

Many CircleID readers have been watching the acceleration of DNSSEC adoption by top level domains with great interest, and after many years the promise of a secure and trustworthy naming infrastructure across the generic and country-code domains finally seems within reach. While TLD DNSSEC deployments are major milestones for internet security, securing the top level domains is not the end goal - just a necessary step in the process. more

DNSSEC Workshop on March 26 to Be Streamed Live from ICANN 49 in Singapore

If you are interested in DNSSEC and how it can make the Internet more secure, the DNSSEC Workshop at ICANN 49 in Singapore will be streamed live for anyone to listen and view. One of three DNSSEC-related technical events at ICANN 49, the DNSSEC Workshop takes place on Wednesday, March 26, from 8:30am - 2:45pm Singapore time. more

ICANN 56 in Helsinki - Schedule of DNSSEC Activities

The ICANN 56 meeting takes place in Helsinki, Finland, from June 27-30 and while it is a smaller "policy forum" style of meeting, there will still be some activities related to DNSSEC, DANE and DNS security in general. DNSSEC Workshop The DNSSEC Workshop will take place on the morning of Monday, 27 June 2016. All times are Eastern European Summer Time (EEST), which is UTC+3. more

Recognizing Lessons Learned From the First DNSSEC Key Rollover, a Year Later

A year ago, under the leadership of the Internet Corporation for Assigned Names and Numbers (ICANN), the internet naming community completed the first-ever rollover of the cryptographic key that plays a critical role in securing internet traffic worldwide. The ultimate success of that endeavor was due in large part to outreach efforts by ICANN and Verisign which, when coupled with the tireless efforts of the global internet measurement community, ensured that this significant event did not disrupt internet name resolution functions for billions of end users. more

A Report on DNS Operations, Analysis, and Research Center (DNS-OARC) 30th Meeting

DNS Operations, Analysis, and Research Center (DNS-OARC) held its 30th meeting in Bangkok on the 12th and 13th May. Here's what attracted my interest from two full days of DNS presentations and conversations, together with a summary of the other material that was presented at this workshop. Some Bad News for DANE (and DNSSEC): For many years the Domain Name X509 certification system, or WebPKI, has been the weak point of Internet security... more

DNSSEC Failure Causes Massive Website Outages on Russian Internet

A DNSSEC failure plunged hundreds of Russian-language websites into darkness on Tuesday evening, rendering .ru and .рф domains inaccessible. The outage affected users both within and outside Russia, with major platforms such as Tinkoff Bank, Avito, Wildberries, Yandex, and MTS experiencing disruptions. more

Call for Participation – ICANN DNSSEC and Security Workshop at ICANN68 Virtual Policy Forum

If you are interested in speaking at the ICANN 68 DNSSEC Workshop, please send a brief (1-2 sentence) description of your proposed presentation to [email protected] by 29 May 2020. This online workshop will be Monday, 22 June 2020, from 02:00 – 04:30 UTC (10:00 – 12:30 Kuala Lumpur) We are doing something new this time and would like to get a feel for attendance for this virtual meeting. more

Remote Work Demands Encryption

Now that we are all working from home (WFH), the need for encryption must also increase in priority and awareness. Zoom's popular video conferencing solution got in hot water because they promised "end-to-end" encryption but didn't deliver on it - prompting some organizations to ban it from use altogether. Encryption protects confidential information from being exposed in transmission, providing a secure way for the intended recipient to get the information without snooping by others. more

DNSSEC Rally

In late August the White House mandated that all of the agencies in the US government have functioning DNSSEC capabilities deployed and operational by December 2009. I am suggesting here that we, as a community, commit to the same timetable. I call upon VeriSign and other registries to bring up DNSSEC support by January 2009. more

Security Through Obscurity as an Institution

One of my staff members pointed me to an article by Mikko Hyppönen in Foreign Policy. In this article Mikko argues that a new top level domain (TLD) like .bank for some reason would prevent on-line fraud, at least partially. Mikko seems to be arguing that with a dedicated TLD registry for financial institutions and a fee high enough to act as an entry barrier you would have a trustworthy bank domains that would be immune against today's phising attempts... more

Call for Participation – ICANN DNSSEC and Security Workshop for ICANN74 Policy Forum

Do you have information about DNS security or routing security that you would like to share with the global community? Have you developed a new tool or system in this area? Do you have results from a research project that you want to share with a technical community? If so, please consider submitting a proposal to the DNSSEC and Security workshop to be held at ICANN 74 in June 2022. more