DNS |
Sponsored by |
The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to - for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system. more
Decentralization is a big trend in IT, and everyone has their own definition of what "decentralization" really means. With more organizations fully embracing a work-from-anywhere culture, decentralization has moved past being a fad and turned into a necessity. Decentralized cybersecurity is nothing new. Many of us have been doing it since before the pandemic. more
A letter sent to ICANN and IANA by a Ukrainian representative to ICANN’s Government Advisory Council (GAC) asks for urgent and strict sanctions against the Russian Federation in “the field of DNS regulation.” The letter urges ICANN to permanently or temporarily revoke Russia’s top-level domains “.ru”, “.рф” and “.su” and to shut down DNS root servers located in Saint Petersburg and Moscow. more
Imagine that you run an organization out of a building. Imagine that the landlord comes one day and says, "Oh I didn't know you are a resident of country X or dealing with anybody from country X. I have to close this place down right now." And then you are done. You don't have an organization anymore. This very scenario happens on the Internet. more
When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers. more
ICANN hosted a Resolver Operator Forum in mid-December, and the session had several interesting presentations that I would like to comment on here... The first presentation in this forum was from Paul Mockapetris. He pointed to the original academic published paper, Development of the Domain Name System, by Paul Mockapetris and Kevin Dunlap, published in the proceedings of ACM SIGCOMM’88. The paper noted that by 1983 it was obvious that the shared HOSTS.TXT file was not a scalable solution... more
For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities. more
Earlier this year, The Alliance for Safe Online Pharmacies (ASOP) released findings from their 2021 survey on American Perceptions and Use of Online Pharmacies. According to ASOP's data, U.S. residents' use of online pharmacies to purchase prescription medications continues to increase yearly. In 2021, 42% of Americans purchased medications from online pharmacies, either for themselves or family members under their care. This is a significant increase of 7% since just last year. more
For those who follow the issue of blocking illegal content from the Internet, there is an interesting development in relation to this issue here in Germany, and I will tell you a little about it. One way to make it difficult to access illegal content is to block it directly in the DNS. But what is DNS for? Basically, it serves to translate the domain name into the IP of the server that is hosting the content. By blocking directly at the DNS level, a query to a domain will no longer bring the server's IP number, and with that, the user no longer accesses that content. more
In the 2021 Domain Security Report, we analyzed the trend of domain security adoption with respect to the type of domain registrar used, and found that 57% of Global 2000 organizations use consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning. On average, the adoption of domain security controls is two times higher for enterprise-class registrars than for those using consumer-grade registrars. more
When we deregulated the telephone industry, we replaced these national monopolies and their vertically bundled structures with a collection of separate enterprises whose actions are orchestrated by market forces rather than by the dictates of the incumbent monopoly telco. This was a comprehensive upheaval to the telecommunications industry, and one aspect of this broad sweep of changes was in the role of the regulator. Previously it was a rule-based framework: Is the incumbent playing by the rules we imposed on them? more
When we look at the intersection of cryptocurrency and domain data, we see something insidious: The prevalence of crypto-related threats. And it's not just cryptojacking. It's not even the use of cryptocurrency which has made ransomware attacks easier for threat actors to commit and all the more widespread. As with nearly every trend, there is always someone looking to capitalize on it and use it for their own, personal gain. Ever since cryptocurrency became the pandemic hobby of choice, threat actors have begun to target crypto novices for their schemes. more
Would you like to help guide the future of the Mutually Agreed Norms for Routing Security (MANRS) initiative? As the MANRS community continues to develop new efforts to make the routing layer of the Internet more secure (ex. the equipment vendor program), would you like to help lead the work? The MANRS community is seeking volunteers for its new Steering Committee. The committee will lead the community as it evolves its governance model. more
Earlier this year, the Internet Engineering Task Force’s (IETF’s) Internet Engineering Steering Group (IESG) announced that several Proposed Standards related to the Registration Data Access Protocol (RDAP), including three that I co-authored, were being promoted to the prestigious designation of Internet Standard. Initially accepted as proposed standards six years ago, RFC 7480, RFC 7481, RFC 9082 and RFC 9083 now comprise the new Standard 95. RDAP allows users to access domain registration data and could one day replace its predecessor the WHOIS protocol. more
The global internet, from the perspective of its billions of users, has often been envisioned as a cloud -- a shapeless structure that connects users to applications and to one another, with the internal details left up to the infrastructure operators inside. From the perspective of the infrastructure operators, however, the global internet is a network of networks. It's a complex set of connections among network operators, application platforms, content providers and other parties. more