DNS Security

The DNSSEC “Onus of Reality Check” Shifted to gTLD Administrations by ICANN

Last month, there was an exchange of letters between a gTLD administration and ICANN about DNSSEC deployment. This gTLD administration is PIR or Public Interest Registry, the gTLD administration for the .org TLD. Interestingly, PIR is a non-profit organization that makes significant contributions to ISOC (Internet Society) initiatives: thus, both ICANN and PIR are organizations dedicated to the well-being of the Internet. more

DNSSEC Deployment at the Root

The DNSSEC is a security protocol for providing cryptographic assurance (i.e. using the public key cryptography digital signature technology) to the data retrieved from the DNS distributed database (RFC4033). DNSSEC deployment at the root is said to be subject to politics, but there is seldom detailed discussion about this "DNS root signing" politics. Actually, DNSSEC deployment requires more than signing the DNS root zone data; it also involves secure delegations from the root to the TLDs, and DNSSEC deployment by TLD administrations (I omit other participants involvement as my focus is policy around the DNS root). There is a dose of naivety in the idea of detailing the political aspects of the DNS root, but I volunteer! My perspective is an interested observer. more

Domain Security Report: Are Global 2000 Companies Doing Enough on Domain Security?

A six year study of Global 2000 firms finds progress on email authentication but worrying gaps elsewhere. Despite rising DMARC adoption, falling DNS redundancy and uneven regional uptake leave companies exposed to domain based attacks. more

The Excruciating Slow Rise of DNSSEC: A Dialogue With Roy Arends About Myths, Realities and Hard Lessons

DNSSEC promised to secure DNS with cryptographic proof, yet messy rollouts, outages, and hype backlash ruined its reputation. This piece argues that storytelling and emotions shape adoption as much as specs, and that automation enables a reset. more

Looking Ahead: ICANN’s Upcoming Policy on DNS Abuse Mitigation

ICANN is finalising a policy to curb DNS abuse, aiming to preserve internet stability while defending freedom of expression. With regulatory pressure mounting, the multistakeholder model faces a critical test. more

NANOG 95: From Faster Fibre to Route Leaks, Operators Face Old Problems with New Tools

The NANOG 95 conference spotlighted breakthroughs in fibre optics, wireless technology, routing security, and quantum computing, offering a forward-looking assessment of internet infrastructure and its vulnerabilities, as reported by APNIC's Geoff Huston. more

AWS Unveils Route 53 “Accelerated Recovery” to Bolster DNS Resilience

AWS is introducing Route 53 Accelerated Recovery to help organizations maintain DNS control during regional outages, offering a 60-minute recovery objective and sustained access to key API operations for critical updates and traffic management. more

DNS Under Strain: Technical and Policy Challenges in Supporting the Internet of Autonomous Things

A new IETF draft outlines critical limitations of DNS in supporting the Internet of Autonomous Things, highlighting challenges related to latency, mobility, security, and privacy, and proposing architectural improvements to meet evolving machine-driven demands. more

Preparing DNSSEC for the Post-Quantum Era

To prepare DNS security for a post-quantum future, Verisign and partners are testing new cryptographic strategies that balance security, performance, and feasibility, especially through the novel Merkle Tree Ladder mode for managing large signatures. more

eco and AV-Test Publish Monthly topDNS Reports for Internet Service Providers

eco's topDNS initiative and AV-Test are publishing monthly reports to help ISPs detect and mitigate DNS abuse by analysing malware, phishing, and PUA trends, creating a long-term data foundation for industry-wide transparency. more

Overcoming DNSSEC Challenges: A Guide for TLDs

Despite offering robust protection for the Domain Name System, DNSSEC suffers from poor adoption due to its complexity, cost, and operational risks. Automation and algorithmic improvements now offer practical solutions for broader deployment. more

Centralizing DNS Data for Security, Compliance, and Performance

Private DNS data lakes consolidate fragmented logs into a centralised platform, improving visibility, security, and compliance. They enable advanced analytics, strengthen threat detection, and help organisations optimise network performance in increasingly complex IT environments. more

14th Registration Operations Workshop Set for September 30, 2025

The Registration Operations Workshop (ROW), an informal gathering of DNS professionals, is set to continue its tradition of fostering technical dialogue and knowledge-sharing across the domain name ecosystem. more

The Edgemoor Research Institute and TWNIC Launch Project Jake to Advance DNS Security and Data Transparency

The Edgemoor Research Institute (ERI) and Taiwan's .TW Registry (TWNIC) have announced a three-year strategic partnership to enhance Domain Name System (DNS) data management and internet security. The collaboration focuses on joint research, data sharing, and capacity building, aiming to strengthen global internet infrastructure and governance. more

The Latest DNS Threat Landscape: Why CISOs Must Rethink Blocking Strategies

Cybercriminals live by the tenet "If it ain't broke, don't fix it." They'll use the same tactics repeatedly until they no longer work, then switch things up. That's why CISOs and their security teams maintain constant vigilance. Underscoring this, recent analysis of global DNS activity found that new domains continue to be a major tactic for bad actors. more