DNS

DNS / Featured Blogs

Routing Without Rumor: Securing the Internet’s Routing System

The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to - for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system. more

How Not to Take Russia Off the Internet

Last week the Ukrainian government sent a letter to ICANN asking them to revoke the ".ru", ".рф" and ".su" top-level domains. It also said they were asking RIPE, which manages IP addresses in Europe, to revoke Russian IP addresses. Both ICANN and RIPE said no. Other people have explained why it would have been a policy disaster, but beyond that, neither would actually have worked. more

The Ever-Evolving Problem of DNS Abuse

For several years, many within ICANN circles have raised concerns about the escalating nature of domain name system (DNS) abuse. While some strides were made toward a safer DNS, new data - this time from a comprehensive study of DNS abuse by the European Union - demonstrates that abuse remains a frustratingly obstinate problem that requires urgent attention. We've seen some registries and registrars testing innovative industry-led initiatives in an effort to address the issues. more

Decentralizing Cybersecurity Via DNS

Decentralization is a big trend in IT, and everyone has their own definition of what "decentralization" really means. With more organizations fully embracing a work-from-anywhere culture, decentralization has moved past being a fad and turned into a necessity. Decentralized cybersecurity is nothing new. Many of us have been doing it since before the pandemic. more

ICANN, Ukraine and Leveraging Internet Identifiers

Ukraine's representative to ICANN's Governmental Advisory Committee (GAC) has sent a letter to the Internet Corporation for Assigned Names and Numbers (ICANN) to remove Russian-administered top level domains (.RU, .SU and .рф) from the DNS root zone. In a separate letter, Ukraine's representative also asked RIPE NCC to withdraw the right to use all IPv4 and IPv6 addresses by all Russian members of the regional IP registry for the European region. more

.ONEWORLD .SOMEINTERNET: New gTLD Registries and Sanctioned Countries

Imagine that you run an organization out of a building. Imagine that the landlord comes one day and says, "Oh I didn't know you are a resident of country X or dealing with anybody from country X. I have to close this place down right now." And then you are done. You don't have an organization anymore. This very scenario happens on the Internet. more

Some Thoughts on DNS4EU – the European Commission’s Intention to Support the Development of a New European DNS Resolver

The last few decades have not been a story of unqualified success for European technology enterprises. The European industrial giants of the old telephone world, such as the former stalwarts Alcatel, Siemens, Philips, Ericsson and Nokia, have found it extraordinarily difficult to translate their former dominant positions in the telco world into the Internet world. To be brutally frank, none of the current generations of major players in the digital environment are European. more

Observations on Resolver Behavior During DNS Outages

When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers. more

ICANN’s Accountability Mechanisms – in Name Only?

On December 14, 2021, Dot Hip Hop, LLC (DHH) filed an Urgent Reconsideration Request following ICANN staff inaction (for its over four-month delay) of its Assignment Request for the .hiphop Registry Agreement. Not only did the ICANN Board Accountability Mechanisms Committee (BAMC) decide against considering the Reconsideration Request on an urgent basis, but on its last day of business for 2021, ICANN Org decided to retaliate against DHH for filing the Reconsideration Request in the first place ... more

ICANN DNS Resolver Symposium – the Session Had Several Interesting Presentations That I Would Like to Comment On

ICANN hosted a Resolver Operator Forum in mid-December, and the session had several interesting presentations that I would like to comment on here... The first presentation in this forum was from Paul Mockapetris. He pointed to the original academic published paper, Development of the Domain Name System, by Paul Mockapetris and Kevin Dunlap, published in the proceedings of ACM SIGCOMM’88. The paper noted that by 1983 it was obvious that the shared HOSTS.TXT file was not a scalable solution... more