DNS |
Sponsored by |
The 24th DNS-OARC meeting was held last week in Buenos Aires -- a two-day DNS workshop with amazingly good, consistent content. The programme committee are to be congratulated on maintaining a high quality of presentations. Here are my picks of the workshop. They fall into three groups, covering themes I found interesting... These presentations related to the ongoing problem of DNS as a source of reflection attacks, or a victim of attempted DDoS... more
How do we make DNSSEC even more secure through the use of elliptic curve cryptography? What are the advantages of algorithms based on elliptic curves? And what steps need to happen to make this a reality? What challenges lie in the way? Over the past few months we've been discussing these questions within the community of people implementing DNSSEC, with an aim of increasing both the security and performance of DNSSEC. more
Come join the discussion on Wednesday 17:15 UTC. Quis custodiet ipsos custodes? As ICANN approaches its 18th birthday, it marks its ascension to adulthood and independence with a new framework of accountability. As we attempt to modernize and empower the organization with oversight of the DNS, the question of "who watches the watchmen?" is on the tip of everyone's tongue. more
The other day, I planned to take my 15-year-old son to the movie theatre to see "Hateful Eight" in 70mm film format. The theatre would not allow him in. Under article 240a of the Dutch penal code, it is a felony to show a movie to a minor when that movie is rated 16 or above. Even though I think I am responsible for what my son gets to see, I understand that the rating agency put a 16-year stamp on this politically-incorrect-gun-slinging-gore-and-curse-intense-comedy feature. more
As you may know, ICANN holds three public meetings every year. The most recent one, ICANN 54, was held in Dublin... So the next ICANN meeting is being held in Marrakech, Morocco starting Saturday, March 5th through March the 10th. Up until now all three meetings were the same length and had the same basic structure. However, from this year onwards, that'll change. How that will play out in reality, however, is anyone's best guess. more
When in March 14, 2014, the NTIA announced its intention to step away from its historical oversight role over the IANA functions, something extraordinary happened. A global dialogue immediately ensued. The first part of this dialogue is expected to come to an end in the forthcoming ICANN annual meeting in Marrakech next week. After two years of vigorous discussions, the Internet community says it is now ready to move to the next part of the process - implementation. more
The North American Network Operators Group (NANOG) continues to be one of the major gatherings on network operators and admins, together with the folk who work to meet the various needs of this community. Their program committee produces a program that never fails to provide thought provoking interest. Here are my reactions to some of the presentations I heard at NANOG 66, held in San Diego in February. more
In its security bulletin, Akamai's Security Intelligence Response Team (SIRT) reported on abuse of DNS Security Extensions (DNSSEC) when mounting a volumetric reflection-amplification attack. This is not news, but I'll use this opportunity to talk a bit about whether there is a trade-off between the increased security provided by DNSSEC and increased size of DNS responses that can be leveraged by the attackers. more
A dramatic increase in DNS reflection/amplification DDoS attacks abusing Domain Name System Security Extension (DNSSEC) configured domains have been observed in the past few months, according to a security bulletin released by Akamai’s Security Intelligence Response Team (SIRT). more
Over the last couple of years, the networking industry has grown aware of the various security issues that could potentially have a huge impact on their operations. One of the topics that has raised in appeal is DNS security. Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. more
Security experts from Google's Project Zero along with researchers from Red Hat, have identified and helped patch a security flaw in the GNU C Library (glibc) that could be exploited via rogue DNS servers, reports Catalin Cimpanu from Softpedia. more
Nearly 92 percent of malware use DNS to gain command and control, exfiltrate data or redirect traffic, according to Cisco's 2016 Annual Security Report. It warns that DNS is often a security "blind spot" as security teams and DNS experts typically work in different IT groups within a company and don't interact frequently. more
Later this week, ICANN's Chartering Organizations will indicate whether they will support the third draft proposal of the CCWG-Accountability Work Stream 1 Recommendations. This is a significant moment in the IANA transition process. Support for the accountability proposal by the ICANN community will mean that we are very close to a point when the transition can move to its next phase. more
Once again it is time for CircleID's annual roundup of top ten most popular posts featured during the past year (based on overall readership). Congratulations to all the 2015 participants and best wishes in the new year. more
The Domain Name System is now over 25 years old. Since the publication of RFCs 1034 and 1035 in 1987, there have been over 100 RFC documents published that extend and clarify the original DNS specs. Although the basic design of the DNS hasn't changed, its definition is now extremely complex, enough so that it's a challenging task to tell whether a DNS package correctly implements the specs. more