DNS |
Sponsored by |
|
A remote exploit in the BIND 9 DNS software could allow hackers to trigger excessive memory use, significantly impacting the performance of DNS and other services running on the same server. A flaw was recently discovered in the regular expression implementation used by the libdns library, which is part of the BIND package. The flaw enables a remote user to cause the 'named' process to consume excessive amounts of memory, eventually crashing the process and tying up server resources to the point at which the server becomes unresponsive. more
This week, on a cruise ship navigating Russia's Neva river, around 250 domain registrars and resellers are gathered for the RU-CENTER annual domain conference. RU-CENTER is the largest Russian registrar in a market that is dominated by three companies. RU-CENTER and competitor Reg.Ru both manage around 28% of domains registered in the country's national suffix... RU-CENTER is also a figurehead for Russia's drive to make Internet use more palatable for those who are not natural ASCII writers. more
In today's world with botnets, viruses and other nefarious applications that use DNS to further their harmful activities, outbound DNS security has been largely overlooked. As a part of multi-layer security architecture, a DNS Firewall should not be ignored. After serving as a consultant for multiple organizations, I have encountered many companies that allow all internal devices to send outbound DNS queries to external DNS servers - a practice that can lead to myriad problems. more
Although this article was first published just a few days ago, on May 8th, there have been several important intervening developments. First, on May 10th ICANN released a News Alert on "NGPC Progress on GAC Advice" that provides a timetable for how the New gTLD program Committee will deal with the GAC Communique. Of particular note is that, as the last action in an initial phase consisting of "actions for soliciting input from Applicants and from the Community', the NGPC will begin to "Review and consider Applicant responses to GAC Advice and Public Comments on how Board should respond to GAC Advice... more
It's safe to say that with just a week to go before ICANN intended to sign the first contract for a new gTLD, the last thing anyone wanted was a 12-page document from the world's governments with 16 new "safeguards", six of which it wants to see applied to every new extension. But what the industry shouldn't overlook, especially in the face of the expected critical responses this week and next, is that the Governmental Advisory Committee's (GAC's) formal advice from the ICANN Beijing meeting represents an opportunity for the domain name industry to lock-in self-regulation at a critical point in its evolution. more
The Internet Corporation for Assigned Names and Numbers (ICANN) has released new guidance concerning the reporting and disclosure of bugs that affect the Domain Name System, including information of how ICANN itself will behave in response to vulnerabilities. Until recently, ICANN, which is responsible for maintaining the root domain servers at the heart of the DNS system, had no specific guidelines for the reporting of vulnerabilities, leaving responsible disclosure protocols up to the researchers who discovered the bug. more
The 46th meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) takes place this week in Beijing, China, and will bring together leaders from all over the world to discuss and debate a wide range of issues related to domain names and the surrounding industry. One can expect that the new gTLDs, a topic frequently discussed here on CircleID, will naturally consume a great amount of the discussion at ICANN 46. more
Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured. more
There has been plenty of buzz and chatter on the Internet recently concerning a very large DDoS attack against CloudFlare, with coverage on their blog, the New York Times, and the BBC, among many others. While attacks of this nature are certainly nothing new, the scale of this attack was surprising, reported to hit 120Gbps. For a sense of scale, your average cable modem is only about 20Mbps, or about 0.016% of that bandwidth. more
Yesterday Verisign sent ICANN a most interesting white paper called New gTLD Security and Stability Considerations. They also filed a copy with the SEC as an 8-K, a document that their stockholders should know about, It's worth reading the whole thing, but in short, their well-supported opinion is that the net isn't ready for all the new TLDs, and even if they were, ICANN's processes or lack thereof will cause other huge problems. more
A World-Renowned Source for Internet Developments. Serving Since 2002.