DNS |
Sponsored by |
|
In its security bulletin, Akamai's Security Intelligence Response Team (SIRT) reported on abuse of DNS Security Extensions (DNSSEC) when mounting a volumetric reflection-amplification attack. This is not news, but I'll use this opportunity to talk a bit about whether there is a trade-off between the increased security provided by DNSSEC and increased size of DNS responses that can be leveraged by the attackers. more
Over the last couple of years, the networking industry has grown aware of the various security issues that could potentially have a huge impact on their operations. One of the topics that has raised in appeal is DNS security. Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. more
A few weeks ago I came across an old interview of me by ITespresso.fr from 10 years back entitled "IPv6 frees human imagination". At the time, I was talking about the contributions IPv6 was expected to make and the challenges it had to face. After reading the article again, I realized that it has become a little dusty (plus a blurred photo of the interviewee :-)). But what caught my attention the most in the interview was my assertion: "If IPv6 does not prevail in 2006, it's a safe bet that it will happen in 2007". Wow! more
Later this week, ICANN's Chartering Organizations will indicate whether they will support the third draft proposal of the CCWG-Accountability Work Stream 1 Recommendations. This is a significant moment in the IANA transition process. Support for the accountability proposal by the ICANN community will mean that we are very close to a point when the transition can move to its next phase. more
Once again it is time for CircleID's annual roundup of top ten most popular posts featured during the past year (based on overall readership). Congratulations to all the 2015 participants and best wishes in the new year. more
Since the launch of the New gTLD Program in 2012, it has become evident that new gTLD registries overestimated the demand for new Top-Level Domain name extensions. Furthermore, new gTLD registries did not anticipate the hurdles in raising awareness, not to mention creating adoption for new domains. Even the most pessimistic New gTLD Program critic did not expect such uninspiring results. It was a wake up call for many in the domain industry. The New gTLD Program currently lacks credibility. No new gTLD has yet to go mainstream and capture the world's imagination. more
The Domain Name System is now over 25 years old. Since the publication of RFCs 1034 and 1035 in 1987, there have been over 100 RFC documents published that extend and clarify the original DNS specs. Although the basic design of the DNS hasn't changed, its definition is now extremely complex, enough so that it's a challenging task to tell whether a DNS package correctly implements the specs. more
What's the difference between .local and .here? Or between .onion and .apple? All four of these labels are capable of being represented in the Internet's Domain Name System as a generic Top Level Domains (gTLDs), but only two of these are in fact delegated names. The other two, .local and .onion not only don't exist in the delegated name space, but by virtue of a registration in the IANA's Special Use Domain Name registry, these names cannot exist in the conventional delegated domain name space. more
On Nov. 30 and Dec. 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I'd like to take this opportunity to share Verisign's perspective, including how we identify, handle and react, as necessary, to events such as this. more
Do you have an idea for a new way to use DNSSEC or DANE to make the Internet more secure? Have you recently installed DNSSEC and have a great case study you can share of lessons learned? Do you have a new tool or service that makes DNSSEC or DANE easier to use or deploy? Do you have suggestions for how to improve DNSSEC? Or new ways to automate or simplify the user experience? If you do, and if you will be attending ICANN 55 in Marrakech, Morocco (or can get there), we are now seeking proposals for the ICANN 55 DNSSEC Workshop that will take place on Wednesday, 9 March 2016. more
A World-Renowned Source for Internet Developments. Serving Since 2002.