DNS Security

Domain Pulse 2008: Day 2 Focuses on DNS Security

Day two of Domain Pulse 2008 last Friday (see review of day one) focused on online security issues giving the techies amongst us details of security issues, and the more policy-orientated amongst us something to chew on in a few other presentations. Kieren McCarthy, these days of ICANN, also gave some insights into the drawn out sex.com drama with more twists and turns than the average soap opera has in a year! And Randy Bush outlined the problems with IPv6. Among other presentations... more

Security Through Obscurity as an Institution

One of my staff members pointed me to an article by Mikko Hyppönen in Foreign Policy. In this article Mikko argues that a new top level domain (TLD) like .bank for some reason would prevent on-line fraud, at least partially. Mikko seems to be arguing that with a dedicated TLD registry for financial institutions and a fee high enough to act as an entry barrier you would have a trustworthy bank domains that would be immune against today's phising attempts... more

The DNSSEC “Onus of Reality Check” Shifted to gTLD Administrations by ICANN

Last month, there was an exchange of letters between a gTLD administration and ICANN about DNSSEC deployment. This gTLD administration is PIR or Public Interest Registry, the gTLD administration for the .org TLD. Interestingly, PIR is a non-profit organization that makes significant contributions to ISOC (Internet Society) initiatives: thus, both ICANN and PIR are organizations dedicated to the well-being of the Internet. more

DNSSEC Deployment at the Root

The DNSSEC is a security protocol for providing cryptographic assurance (i.e. using the public key cryptography digital signature technology) to the data retrieved from the DNS distributed database (RFC4033). DNSSEC deployment at the root is said to be subject to politics, but there is seldom detailed discussion about this "DNS root signing" politics. Actually, DNSSEC deployment requires more than signing the DNS root zone data; it also involves secure delegations from the root to the TLDs, and DNSSEC deployment by TLD administrations (I omit other participants involvement as my focus is policy around the DNS root). There is a dose of naivety in the idea of detailing the political aspects of the DNS root, but I volunteer! My perspective is an interested observer. more

How DNSXplore Strengthens Internet Trust Across the Global DNSSEC Landscape

A once-trusted internet protocol is showing its age. DNSXplore, a global DNSSEC archive, exposes weaknesses, improves diagnostics and nudges adoption, helping secure the cryptographic chain underpinning online trust. more

How Bad Actors Are Leveraging DNS: Looking at the Latest Trends

Bad actors are exploiting DNS with growing sophistication. New domains dominate threat infrastructure, daily user exposures are rising, and AI is accelerating attack creation, making DNS intelligence an increasingly critical early-warning system for modern cyber defence. more

You Are Invited to Engage in Project Jake: Shaping the Future of DNS Data Governance

Project Jake invites global DNS stakeholders to test JADDAR, a privacy-respecting framework for secure access to registration data, aiming to reduce regulatory fragmentation and modernise domain governance through collaborative, policy-aligned engineering solutions. more

Domain Security Report: Are Global 2000 Companies Doing Enough on Domain Security?

A six year study of Global 2000 firms finds progress on email authentication but worrying gaps elsewhere. Despite rising DMARC adoption, falling DNS redundancy and uneven regional uptake leave companies exposed to domain based attacks. more

The Excruciating Slow Rise of DNSSEC: A Dialogue With Roy Arends About Myths, Realities and Hard Lessons

DNSSEC promised to secure DNS with cryptographic proof, yet messy rollouts, outages, and hype backlash ruined its reputation. This piece argues that storytelling and emotions shape adoption as much as specs, and that automation enables a reset. more

Looking Ahead: ICANN’s Upcoming Policy on DNS Abuse Mitigation

ICANN is finalising a policy to curb DNS abuse, aiming to preserve internet stability while defending freedom of expression. With regulatory pressure mounting, the multistakeholder model faces a critical test. more

NANOG 95: From Faster Fibre to Route Leaks, Operators Face Old Problems with New Tools

The NANOG 95 conference spotlighted breakthroughs in fibre optics, wireless technology, routing security, and quantum computing, offering a forward-looking assessment of internet infrastructure and its vulnerabilities, as reported by APNIC's Geoff Huston. more

AWS Unveils Route 53 “Accelerated Recovery” to Bolster DNS Resilience

AWS is introducing Route 53 Accelerated Recovery to help organizations maintain DNS control during regional outages, offering a 60-minute recovery objective and sustained access to key API operations for critical updates and traffic management. more

DNS Under Strain: Technical and Policy Challenges in Supporting the Internet of Autonomous Things

A new IETF draft outlines critical limitations of DNS in supporting the Internet of Autonomous Things, highlighting challenges related to latency, mobility, security, and privacy, and proposing architectural improvements to meet evolving machine-driven demands. more

Preparing DNSSEC for the Post-Quantum Era

To prepare DNS security for a post-quantum future, Verisign and partners are testing new cryptographic strategies that balance security, performance, and feasibility, especially through the novel Merkle Tree Ladder mode for managing large signatures. more

eco and AV-Test Publish Monthly topDNS Reports for Internet Service Providers

eco's topDNS initiative and AV-Test are publishing monthly reports to help ISPs detect and mitigate DNS abuse by analysing malware, phishing, and PUA trends, creating a long-term data foundation for industry-wide transparency. more