DNS

 Sponsored
by

DNS / Featured Blogs

Unexpected Effects of the 2018 Root Zone KSK Rollover

Mar 26, 2019

March 22, 2019, saw the completion of the final important step in the Key Signing Key (KSK) rollover - a process which began about a year and half ago. What may be less well known is that post rollover, and until just a couple days ago, Verisign was receiving a dramatically increasing number of root DNSKEY queries, to the tune of 75 times higher than previously observed, and accounting for ~7 percent of all transactions at the root servers we operate.

A Short History of DNS Over HTTP (So Far)

Mar 18, 2019

The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL.

Some Thought on the Paper: Practical Challenge-Response for DNS

Mar 11, 2019

Because the speed of DNS is so important to the performance of any connection on the 'net, a lot of thought goes into making DNS servers fast, including optimized software that can respond to queries in milliseconds, and connecting DNS servers to the 'net through high bandwidth links. To set the stage for massive DDoS attacks based in the DNS system, add a third point: DNS responses tend to be much larger than DNS queries.

Say YES to DNSSEC

Mar 06, 2019

With the latest "DNSpionage" attack, ICANN astutely prompted domain name holders to fully deploy DNSSEC on their names. Afilias absolutely supports this and encourages the same. In this post, I remind you of why DNSSEC is important and our continued role. Afilias has a long history in the development and advocacy of DNSSEC. In 2007, we partnered with Public Interest Registry to help found dnssec-deployment.org.

Building a Secure Global Network

Feb 20, 2019

Recently, the DNS has come under an extensive attack. The so-called "DNSpionage" campaigns have brought to light the myriad methods used to infiltrate networks. These attacks employed phishing, system hopping via key exfiltration, and software zero day exploits, illustrating that many secure networks may not be fully protected.

Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

Feb 11, 2019

Recent events have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports. Domains are an important element of internet infrastructure; their functionality and security rely upon many factors such as their delegated name servers.

As We Head to ICANN64 in Japan, Let’s Pay Attention to National and Global Context of the Region

Feb 11, 2019

Soon it'll be time again for some of us to pack our bags and head for the ICANN64 meeting in Kobe, Japan. Even if you plan to stay at home, it still will be helpful to understand the national and global context in which the meeting is taking place. One way to do that is by looking at Japan's Prime Minister's Shinzo Abe recent Keynote Speech at the World Economic Forum Annual Meeting, (Jan 23rd, 2019) entitled: "Toward a New Era of "Hope-Driven Economy"

Call for Proposals: ICANN 64 DNSSEC Workshop in Kobe, Japan (March 2019)

Jan 30, 2019

Will you be at the ICANN 64 meeting in March 2019 in Kobe, Japan? If so (or if you can get to Kobe), would you be interested in speaking about any work you have done (or are doing) with DNSSEC, DANE or other DNS security and privacy technologies? If you are interested, please send a brief (1-2 sentence) description of your proposed presentation before 07 February 2019.

New Book: Managing Mission Critical Domains & DNS

Jan 15, 2019

The idea behind my recent book "Managing Mission Critical Domains & DNS" is to provide a unifying overview around the area of domains and naming where I think there exists an artificial divide, and that divide exists between domain policy, and managing ones' domain portfolio; and the DNS ops side of things: running your nameservers or outsourcing to a vendor, or both. I've been doing this for over 20 years, I've seen almost every failure condition that can happen to your domain or DNS...

CircleID’s Top 10 Posts of 2018

Jan 09, 2019

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2018 participants for sharing their thoughts and making a difference in the industry.

Industry Updates

Unstoppable and Radix Launch “.pw” Domain Extension for Public Wallets

Four Steps to Mitigate Subdomain Hijacking

  • By CSC
  • Aug 06, 2024

Subdomain Hijacking in the News Again - What is It?

  • By CSC
  • May 20, 2024

DNS Deep Diving into Pig Butchering Scams

DNS Abuse: Finding Our Way Forward Together

  • By CSC
  • Dec 28, 2023

Behind the Genesis Market Infrastructure: An In-Depth DNS Analysis

Signs of Ongoing RedLine Stealer Operation Found Through a DNS Deep Dive

Rhysida, Not Novel but Still Dangerous: DNS Revelations

The Makings of ADHUBLLKA According to the DNS

The Hidden Secret About Your DNS Zones and Combatting Phishing Campaigns

  • By CSC
  • Oct 12, 2023

Examining WoofLocker Under the DNS Lens

Tracing Truebot’s Roots through a DNS Deep Dive

Potential Traces of Aurora Spread Via Windows Security Update Malvertisements in the DNS

Verisign Domain Name Industry Brief: 354.0 Million Domain Name Registrations in Q1 2023

Scouring the DNS for Traces of Bumblebee SEO Poisoning

View More