DNS |
Sponsored by |
|
J.D. Falk writes: Last week, MAAWG quietly published a new document titled "Overview of DNS Security - Port 53 Protection." [PDF] The paper discusses cache poisoning and other attacks on the local DNS, including likely effects of such a compromise and what access providers may be able to do to prevent it. more
The barriers to DNSSEC adoption are quickly disappearing. There are nearly 20 top-level domains that have already deployed DNSSEC including generic TLDs like .org and .gov. This July, the DNS root will also be signed, and will begin validating. At this point, the decision for remaining TLDs to deploy DNSSEC is really no longer a question. more
A fourth draft of ICANN's New gTLD Draft Applicant Guidebook has been released. In addition to the Applicant Guidebook, ICANN has also published summaries and analysis of the public comment period. The latest version includes... more
This week, 17 individuals from about a dozen organizations in the DNS space met up in Manchester, NH at the Dyn Inc. headquarters for a first of its kind Summit for DNS industry insiders. Called "Inside Baseball," we wanted to bring people together from every spectrum of the DNS industry to inspire collaboration and innovation. more
The most recent episode of The Ask Mr. DNS Podcast offers up some disturbing corroborating evidence as to the extent of DNS filtering and outright blocking occurring in China. VeriSign's Matt Larson and InfoBlox's Cricket Liu, who co-host the geeky yet engaging and extremely informative show, held a roundtable discussion including technical experts from dynamic name service providers (better known as "managed DNS" services) DynDNS, TZO, No-IP, and DotQuad, as well as Google and Comcast. more
The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010. While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet. more
Millions of websites under Germany's top-level domains, .de, went offline on Wednesday due to a technical error according to various sources. While the exact cause of the outage is still unknown, the problem is reported to have originated from DENIC, the central registry for the .de top-level domain. more
The .emarat Arabic script Internationalised Domain Name (IDN) ccTLD for the United Arab Emirates has been entered into the DNS Root Zone and is therefore now resolving. This is a truly historic moment in the development of the Internet in the United Arab Emirates and the wider Arabic-speaking world as it removes the last hurdle preventing people without English-language skills from enjoying the full benefits that the Internet has to offer. more
The project to sign the DNS root zone with DNSSEC took an additional step toward completion yesterday with the last of the "root server" hosts switching to serving signed DNSSEC data. Now every DNS query to a root server can return DNSSEC-signed data, albeit the "deliberately unvalidatable" data prior to the final launch. Another key piece for a working signed root is the acceptance of trust anchors in the form of DS records from top-level domain operators. These trust anchors are used to form the chain of trust from the root zone to the TLD. more
Announced in a blog post today, ICANN's Manager of Root Zone Services, Kim Davies, reports: "Today the first three production non-Latin top-level domains were placed in the DNS root zone. ... The three new top-level domains are ????????. (“Al-Saudiah”), ??????. ( “Emarat”) and ???. (“Misr”). All three are Arabic script domains, and will enable domain names written fully right-to-left. Expect more as we continue to process other applications using the “fast track” methodology." more
IT security specialists have known for years that the plain DNS is not to be trusted. Any hope for improvement rests on the DNSSEC protocol deployment. In this post, I will review the current status in one critical aspect, namely the DNS root signature key management. The other two foremost are the application usage of DNSSEC protocol functionality and the operational front, or the extent of deployment in the DNS infrastructure. The operational front includes the support by the DNS root nameservers, but my focus on signature key management leaves this issue aside. more
As we approach the World Cup in South Africa this June it's heartening to see the amount of attention being paid to the continent. As with ICANN's recent Nairobi meeting, the eyes of the world are focusing on Africa in a new way -- as a sophisticated marketplace, and as a destination for investment, technology, and yes, sports... Still, as we prepare for the Cup and as we celebrate ICANN's recent approval of more Internationalized Domain Names (IDNs), our job as an Internet community remains unfinished. Too many scripts and thus too many key voices remain "off the pitch". more
ICANN has given Jordan preliminary approval for its IDN (Internationalized Domain Name) ccTLD. "At this time ICANN has received a total of 21 requests for IDN ccTLD(s) through the String Evaluation process, representing 11 languages. A total of 13 requests have successfully passed through the String Evaluation and are hence ready for the requesting country or territory to initiate the application for String Delegation." more
Last month a bill in the Israeli Knesset would have required ISPs to provide portable e-mail addresses, analogous to portable phone numbers that one can take from one phone company to the other. As I noted at the time, e-mail works differently from telephone calls, and portability would be difficult, expensive, and unreliable. So I was wondering, idly, if we really wanted to provide portable e-mail addresses, how hard would it be? more
You may have seen media reports a few weeks ago describing how servers behind the so-called Great Firewall of China were found delivering incorrect DNS information to users in the rest of the world, thereby redirecting users to edited Web pages. Reports indicate that this apparently occurred due to a caching error by a single Internet Service Provider. While the problem was fairly limited in scope, it could have entirely been prevented in a world where DNSSEC was fully deployed. more
A World-Renowned Source for Internet Developments. Serving Since 2002.