DNS Security

 Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 22, 2019 |   Read More |   17,213

Reverse WHOIS: A Powerful Process in Cybersecurity

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider Jun 14, 2019 |   Read More |   18,242

Domain Research and Monitoring: Keeping an Eye on the Web for You

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 24, 2019 |   Read More |   17,010

DNS Security / News Briefs

Experts Urge Congress to Reject DNS Filtering from PROTECT IP Act, Serious Technical Concerns Raised

May 26, 2011

A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 ("PROTECT IP Act"). The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading DNS designers, operators, and researchers, responsible for numerous RFCs for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet.

Nominet Rolls Out DNSSEC for 9.4 Million .UK Domains

May 18, 2011

UK registry Nominet has enabled the deployment of domain name system security extensions (DNSSEC) for 9.4 million second level .uk domains. Completing the rollout represents over a year's work and marks an important milestone in making the web a more trusted environment for UK consumers and businesses, says Nominet, which is responsible for running the .uk internet infrastructure.

Garth Bruen Discussing Whois, DNSSEC and Domain Security

Apr 04, 2011

NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years.

DNSSEC Deployed for .COM, Internet’s Largest Top-Level Domain

Mar 31, 2011

DNS Security Extensions (DNSSEC) has been deployed for .COM, Internet's largest domain extension with more than 90 million registrations. The announced was made today by VeriSign, the registry operator for .COM.

“Practice Safe DNS” Campaign Launched to Educate on Securing DNS, Adopting DNSSEC

Oct 20, 2010

.ORG, The Public Interest Registry (PIR) has announced today the launch of a new campaign aimed at educating IT professionals about securing DNS and the adoption of Domain Name System Security Extensions (DNSSEC). The key purpose of the "Practice Safe DNS" website, according to PIR, is to "serve as a key resource for domain holders, registrars, web developers and IT professionals to learn how they can respectively play a increasingly relevant role in providing a safer and more secure Internet."

Study Finds Majority of U.S. Gov’t Agencies Fail to Meet Security Mandate for DNSSEC Adoption

Sep 23, 2010

Majority of U.S. Federal agencies using .gov domains have not signed their DNS with DNSSEC (Domain Name Security Extensions) despite a December 2009 Federal deadline for adoption, according to the latest report by IID (Internet Identity). IID analyzed the DNS of more than 2,900 .gov domains and has released the results in its "Q3 State of DNS Report".

White House on the DNSSEC Deployment: “A Major Milestone on Internet Security”

Jul 23, 2010

Andrew McLaughlin reporting in the White House website: "Last week marked a significant advance in the security of the Internet. After years of intensive design, testing, and implementation work, the Internet's domain name system now has a new security upgrade that allows Internet service providers and end users alike to protect against an important online vulnerability: the clandestine redirecting of online communications to unwanted destinations."

Video: Highlights of the DNSSEC Key Signing Ceremony

Jun 21, 2010

ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC. "During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy."

Comcast Announces Aggressive Plan to Deploy DNSSEC, Launches First Public Trial

Feb 23, 2010

Leading US ISP, Comcast, has announced today its aggressive plans to deploy DNSSEC through out its netowrk. Chris Griffiths, Manager of DNS Engineering, writes: "We plan to implement DNSSEC for the websites we manage, such as comcast.com, comcast.net and xfinity.com, by the first quarter of 2011, if not sooner. By the end of 2011, we plan to implement DNSSEC validation for all of our customers."

ICANN Begins Public DNSSEC Test Plan for the Root Zone

Jan 27, 2010

The deployment of Domain Name System Security Extensions (DNSSEC) for the root zone got an official start today with its public signing for the first time. DNSSEC for the root zone is a joint effort between ICANN and VeriSign, with support from the U.S. Department of Commerce to improve security of the Internet's naming infrastructure. Kim Davies, ICANN's Manager of Root Zone Services, says: "What happened today was the deliberately un-validatable root zone started being published on l.root-servers.net. It is anticipated this will be rolled out across the other root servers over the coming months. This phase is designed to identify any issues with the larger DNS response sizes associated with DNSSEC data."

Arbor Networks: Internet Architecture and Operations Facing Perfect Storm

Jan 20, 2010

According to the latest Infrastructure Security Report by Arbor Netowrks, the Internet architecture and operations is about to face a perfect storm with the convergence of issues including IPv4 to IPv6 migration, implementation of DNS Security Extensions (DNSSEC) and to 4-byte ASNs (used for inter-domain routing on the Internet). "Any one of these changes alone would constitute a significant architectural and operational challenge for network operators; considered together, they represent the greatest and potentially most disruptive set of circumstances in the history of the Internet, given its growth in importance to worldwide communications and commerce," says the report.

DNS Survey Results Pandora’s Box of Both Frightening and Hopeful Results, Says Cricket Liu

Nov 16, 2009

The fifth-annual survey of domain name servers (DNS) on the public Internet -- called a "Pandora's box of both frightening and hopeful results" -- was released today by The Measurement Factory in partnership with Infoblox.

Canada Launching DNSSEC Test-Bed for Country’s .CA Domain

Oct 07, 2009

The Canadian Internet Registration Authority (CIRA) for the .ca country code Top-Level Domain yesterday announced the launch of a test-bed initiative for DNSSEC. CIRA’s Chief Information Officer, Norm Ritchie who made the official announcement at the SecTor security conference in Toronto, says it began the process of implementing DNSSEC in early 2009 and the implementation date is set for 2010. So far, over 15 Top-Level Domains have already deployed DNSSEC including dot-gov and dot-org.

DNSSEC Signed ROOT by 1 July 2010

Oct 06, 2009

Mehmet Akcin writes: As announced today as part of RIPE meeting in Lisbon, Portugal by Joe Abley, DNS Group Director at ICANN, and Matt Larson, Vice President of DNS Research at VeriSign, in their presentation (Page 25), DNSSEC for the root zone is proposed to be fully deployed by July 1, 2010. The Draft Timeline suggests Root zone being signed by December 1, 2009 while initially staying internal to ICANN and VeriSign. The incremental roll out of the signed root would then take place from January until July 2010.

Root Scaling Study Report is Out

Sep 21, 2009

Earlier this year, ICANN began to seriously consider the various effects of adding DNS protocol features and new entries into the Root Zone. With the NTIA announcement that the Root Zone would be signed this year, a root scaling study team was formed to assess the scalability of the processes used to create and publish the Root Zone. Properly considered, this study should have lasted longer than the 120 days -- but the results suggest that scaling up the root zone is not without risk -- and these risks should be considered before "green-lighting" any significant changes to the root zone or its processes. I, for one, would be interested in any comments, observations, etc. (The caveats: This was, by most measures, a rush job. My spin: This is or should be a risk assessment tool.) Full report available here [PDF].

Industry Updates

A New DNS Validation Method for Simplified Certificate Automation

Hard Data on DDoS, DNS, and the Race for Resilience

Going DNS Deep Diving Into GhostCall and GhostHire

COLDRIVER’s MAYBEROBOT in the DNS Spotlight

Burrowing Into the Beamglea Campaign DNS Infrastructure

Chasing After RacoonO365 IoCs Using DNS and Domain Intelligence

Spelunking Into SVG Phishing: Amatera Stealer and PureMiner DNS Deep Dive

Global Domain Activity Trends Seen in Q3 2025

Scouring the DNS for Traces of the Hiddengh0st and Winos SEO Poisoning Campaign

Understanding DNSSEC: Best Practices and Implementation Challenges

False Positive Rate Reduced to 1.66% on WhoisXML API’s First Watch Malicious Domains Data Feed

Thumbing through the DNS Trail of the TAOTH Campaign

Deep Dive: 3 Lazarus RATs Caught in Our DNS Trap

Cross-Examining the CAPTCHAgeddon Brought on by ClickFix

A Deep Dive Into the GreedyBear Attack

View More