Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
ICANN's authority to manage top level of the DNS comes from a two-year Joint Project Agreement (JPA) signed with the US Department of Commerce in 1997, since extended seven times, most recently until September 2009. Since the DoC can unilaterally cancel the JPA which would put ICANN out of the DNS business, when DoC speaks, ICANN listens. On Thursday, the US DoC sent a scathing letter to ICANN about the proposed plan to sell large numbers of new top-level domains (TLDs). There's a long list of issues... more
Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more
Following up on the big decision at the Paris ICANN meeting in June to make new Top-Level Domains available, there's lots of activity at the ICANN conference in Cairo, Egypt this week. A few of the hot topics of discussion that we are following are the applications process for new generic Top-Level Domains (gTLDs), Registry/Registrar Cross Ownership, and restructuring of the ICANN Board. more
Alternate DNS root server, the Open Root Server Network (ORSN) is shutting down. The project which began almost six years ago, is set to close at midnight on the last day of 2008. The following is part of the official statement released for the closure: Since start of operation in 2002 ORSN was a political alternative to ICANN/IANA operated root server network. It was also well known for technical innovation by providing IPv6 support before it was introduced in the ICANN/IANA operated root servers..." more
Igor Schegolev, the Russian Minister of Telecom and Mass Communications spoke at the opening of the InfoCom 2008 exhibition in Moscow. Among other things, which made news (for example, that the Russian government will be implementing a free and open source based operating system on all computers in the Russian schools), he also made the following remarks - translated by me in English. more
A decade has passed since Jon Postel left our midst. It seems timely to look back beyond that decade and to look forward beyond a decade hence. It seems ironic that a man who took special joy in natural surroundings, who hiked the Muir Trail and spent precious time in the high Sierras was also deeply involved in that most artificial of enterprises, the Internet. more
In late August the White House mandated that all of the agencies in the US government have functioning DNSSEC capabilities deployed and operational by December 2009. I am suggesting here that we, as a community, commit to the same timetable. I call upon VeriSign and other registries to bring up DNSSEC support by January 2009. more
Over the last couple of weeks I have spent some time working on a project to develop a DNS cache for Windows that is intended to be reasonably secure against spoof attacks, in particular in situations where NAT firewalls may prevent port randomization. The program is evolving, but currently uses a couple of ideas to attempt to defeat spoof attacks... The source code is intended to be entirely un-encumbered, that is free in all respects. I would welcome any suggestions or comments on the aims of the project, the source code, the functionality of the program or other ideas. more
We are at an inflection point in our lifetimes. The Internet is broken, seriously broken... Almost all of the systems currently in use on the Internet are based on implicit trust. This has to change. The problem is that these systems are so embedded in our everyday lives that it would be, sort of like, changing gravity, very difficult. more
In a recent letter, the US Department of Commerce NTIA strongly denied being engaged in discussions about a "root zone transition" from VeriSign to ICANN. The community, ICANN President Strategic Committee (PSC), and perhaps ICANN and IANA staff are suddenly informed that no transition of root zone management is going to occur. What happened? With the touted ICANN transparency and accountability principles, why such a shift in (perceived) ICANN strategic directions coming from its overseeing government department? more
In a letter sent by bureau of the U.S. Department of Commerce, National Telecommunications and Information Administration (NTIA) to ICANN, the department has made it clear that despite recent discussions in Paris meetings, the U.S. department intends to remain in full authority over the Internet root zone. more
So I wrote earlier that I though it was good stuff when ICANN released a paper on DNS Security. Yes, I think it was good this paper was released, and yes it points out correctly how important DNSSEC is. But, now when reading it in detail, I find two things that troubles me. And it has to do with management of .ARPA. A top level domain that is used for infrastructural purposes. Like IP-addresses and E.164 numbers... more
The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more
Today ICANN releases a paper with the title "DNSSEC @ ICANN - Signing the root zone: A way forward toward operational readiness". The paper explains in more detail than earlier documents what ICANN view on signing of the root zone is. I think the key points mentioned in this paper are true, and in general, I think this document is a good read. It is not long, and summarizes what I would call the current view is. more
As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit. more
A World-Renowned Source for Internet Developments. Serving Since 2002.