DNS |
Sponsored by |
|
Every IT person has some interaction with a DNS server, even if it is not managing it. Most DNS servers, certainly the majority are sitting in some closet or rack somewhere dutifully running and collecting dust. Like a certain battery operated bunny, these services just keep on running. The durability of DNS (Domain Name System, that is) is a testimony of just how well it was designed... How often do you think about your DNS server? Here is my plan for how to keep your relationship with your DNS server alive and well. more
The ICANN Implementation Recommendation Team (IRT) working group has published its final report, which I decided to analyze a bit further. I already made a few comments last month, both in the At-Large Advisory Council framework and on my own. There are several issues raised by the recommendations of this report. The Uniform Rapid Suspension system (URS) is one. more
I gave a talk yesterday at Northwestern called A DNS in the Air. My idea is that, in order to scale, the emerging wireless Internet needs something analogous to the domain name system (DNS) -- the infrastructure that allows you to reach sites across the Net. Billions of mobile phones, and even more billions of connected sensors and other wireless devices will completely overwhelm our current spectrum management regime. AT&T Wireless estimates we will need between 250 and 600 TIMES the current wireless capacity in 2018, less than a decade from now. more
The NTIA has published a Notice of Inquiry, Assessment of the Transition of the Technical Coordination and Management of the Internet's Domain Name and Addressing System, in advance of the expiration of the Joint Project Agreement in September 2009. The document outlines the history and evolution of the Memorandum of Understanding (MOU) between the Department of Commerce (DoC) and ICANN, and the questions posed cover fairly standard territory. However, the following might be worth paying attention to... more
This past February, around 100 DNS industry experts met in Atlanta, GA for the "The Global DNS Security, Stability, & Resiliency Symposium." Organized by ICANN and hosted by Georgia Tech, this event was to strengthen personal relationships between operators and review what we know about the DNS infrastructure... The content included three breakout groups over two days: Enterprise Use of DNS, DNS in Resource Constrained Environments, and Combating Malicious Use of DNS... more
Mike Hammer's thoughtful article, A Few Thoughts on the Future of Email Authentication, should trigger thoughtfulness in the rest of us. Email abuse has been around a long time. Anti-abuse efforts have too. Yet global abuse traffic has grown into the 90+% range, with no hint of trending downward. The best we hear about current effectiveness is for last-hop filtering, if you have the money, staff and skills to apply to the problem... more
Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched... more
So this Internet thing, as we discussed in our last article, is broken. I promised to detail some of the specific things that are broken. Implicit trust is the Achilles heel of the Internet... All of the communication between the resolver and the DNS server is in plain text that can be easily seen and changed while in transit, further, the resolver completely trusts the answer that was returned... more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
ENUM (E.164 NUmber Mapping) is a technology that has been around for a little while that has promised much and, so far, delivered little to the average user. As Nominet has recently been awarded the contract to administer the UK 4.4.e164.arpa delegation, I thought it was time that I put my thoughts on this subject down in writing. I'm going to cover the potential of ENUM in the telecoms industry and what it could mean to you, along with how it is currently being used and what potential security issues surround ENUM. more
The DNSSEC Industry Coalition conducted its first face to face meeting on Friday, March 13, 2009 at Google's Washington, DC office. Google's fun filled meeting room was packed with organizations that share a keen interest in DNS Security through the implementation of DNSSEC. more
Traceroute is a network tool that helps determine the path packets take as they travel from one location to another, identifying all of the "hops" along the way. I wonder why they are called hops*? Almost all operating systems have traceroute utilities built in. The command is just that "traceroute", Windows systems abbreviate the command as "tracert" to deal with the 8.3 file naming convention of old... So, let's look at what information traceroute gives you. more
In the world of DNS, there are two types of DNS servers, 'recursion disabled' and 'recursion enabled'. Recursion disabled servers, when asked to resolve a name, will only answer for names that they are authoritative for. It will absolutely refuse to look up a name it does not have authority over and is ideal for when you don't want it to serve just any query. It isn't, however, very useful for domains you don't know about or have authority over... more
Nominet, the national registry for .uk domain names, has announced that ENUM, a registry service combining UK telephone numbers and the Domain Name System (DNS) for VoIP calls, is live. ENUM, also known as Telephone Number Mapping, is expected to allow companies and their customers and suppliers to make free or cheaper calls. In addition to the cost savings, other value-added features that ENUM is expected to provide for corporate communications include 'follow me' type function that will allow an individual to choose how (voice, fax, mobile, email, text messaging, location-based services and websites), and when they would like to be contacted throughout the day. more
It's been 15 long years since the standard for DNSSEC was developed and sadly adoption has been painfully low until recently, thanks to Dan Kaminsky, the infamous Internet Researcher who indentified that gaping hole in the DNS. The discovery of the fundamental flaw in DNS sparked industry wide attention! Every day, we move a little closer to widespread DNSSEC adoption, so I thought I'd take a moment and highlight some of the most notable milestones... more
A World-Renowned Source for Internet Developments. Serving Since 2002.