DNS |
Sponsored by |
|
We are at an inflection point in our lifetimes. The Internet is broken, seriously broken... Almost all of the systems currently in use on the Internet are based on implicit trust. This has to change. The problem is that these systems are so embedded in our everyday lives that it would be, sort of like, changing gravity, very difficult. more
In a recent letter, the US Department of Commerce NTIA strongly denied being engaged in discussions about a "root zone transition" from VeriSign to ICANN. The community, ICANN President Strategic Committee (PSC), and perhaps ICANN and IANA staff are suddenly informed that no transition of root zone management is going to occur. What happened? With the touted ICANN transparency and accountability principles, why such a shift in (perceived) ICANN strategic directions coming from its overseeing government department? more
In a letter sent by bureau of the U.S. Department of Commerce, National Telecommunications and Information Administration (NTIA) to ICANN, the department has made it clear that despite recent discussions in Paris meetings, the U.S. department intends to remain in full authority over the Internet root zone. more
So I wrote earlier that I though it was good stuff when ICANN released a paper on DNS Security. Yes, I think it was good this paper was released, and yes it points out correctly how important DNSSEC is. But, now when reading it in detail, I find two things that troubles me. And it has to do with management of .ARPA. A top level domain that is used for infrastructural purposes. Like IP-addresses and E.164 numbers... more
The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more
Today ICANN releases a paper with the title "DNSSEC @ ICANN - Signing the root zone: A way forward toward operational readiness". The paper explains in more detail than earlier documents what ICANN view on signing of the root zone is. I think the key points mentioned in this paper are true, and in general, I think this document is a good read. It is not long, and summarizes what I would call the current view is. more
As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit. more
In what seems to have started with a blog post by reverse engineer Halvar Flake, and subsequent blog postings from other experts in the know, the details of the recently announced DNS vulnerability was quite likely made public today. The DNS flaw was found earlier this year by security researcher Dan Kaminsky and earlier this month announced publicly along with various tools and patches provided by numerous vendors... more
Wow. It's out. It's finally, finally out... So there's a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes...somewhere. Not where it was supposed to... I'm pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn't get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely. It was a good day... more
At its 32d International Junket Meeting last week, ICANN's Board approved the GNSO Council's recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings... more
There has been wide coverage of ICANN's decision this week to adopt a new process for creating new global Top Level Domains (gTLDs). Publishing a clear, transparent and objective process is thought likely to result in a considerable expansion of gTLDs -- although nobody really knows whether this means "quite a lot" or "many thousands"... Less attention has been given to one of the new tests ICANN will use when considering whether to approve a new gTLD, contained in GNSO's sixth recommendation... more
Ahead of next week's ICANN meeting in Paris, I would like to consult users, At-Large Structures (ALSs) and others involved in internet governance in North America. As one of the three regional representatives on the ICANN At-Large Advisory committee, I want to make sure individuals, users and ALS's are given the chance to summit their own questions, suggestions and items to the agenda of the upcoming meeting. I'd be happy to receive your comments, and/or schedule a chat with you Mon-Thur, from 13:00-18:00 EDT. Leave a comment to this post, or leave me a message. more
Two US Government contractors and the National Institute of Science and Technology have released a white paper, "Statement of Needed Internet Capability," detailing possible alternatives and considerations for a Trust Anchor Repository (TAR) to support DNSSEC deployment. The document was released through the DNSSEC-Deployment Group this week with a request that it be circulated as widely as possible to gather feedback. A Trust Anchor Repository (TAR) refers to the concept of a DNS resource record store that contains secure entry point keys... more
There must be something in the air. I'm not sure exactly what it is, but there are a lot of things going on in the ccTLD world at the moment. In the UK Nominet's Annual General Meeting (AGM) is being held this week. This would normally provoke a yawn from most people -- it's an AGM -- how exciting can that be? This year's AGM looks like it could be quite entertaining, although it probably isn't going to be particularly beneficial for its membership. more
The essay expands a cooperative solution to third-party use of brands in domain names. Like any approach that depends on cooperation, the solution will require both sides to change behavior but also allow both sides to take credit for the resulting benefits, i.e. a triangular solution. If not immediately addressed, the problem of third-party use can become a major threat to the industry. But we already know one thing: when it comes to this issue, legal action and bullying don't work. more
A World-Renowned Source for Internet Developments. Serving Since 2002.