DNS |
Sponsored by |
|
The term "attack surface" is often heard in cybersecurity conversations. It refers to the sum of all possible attack vectors or the vulnerabilities that threat actors can exploit to penetrate a target network or damage an organization somehow. An unused and forgotten subdomain, for instance, can become an attack vector when taken over. Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. more
After two decades of involvement with ICANN, I am stepping down from the Board of Directors, where I served for nine years. I have spent considerable time of late reflecting on the past 20 years, and I have isolated some memories that help frame my time with ICANN. ... November 2000, ICANN07 in Marina del Rey, California - With only a scant idea of what ICANN is all about, I am warmly welcomed by the flag-wearing country code top-level domain (ccTLD) community, who come to ICANN to ensure that nothing happens to affect the independence of ccTLDs... more
There is a lot of discussion about the Expedited Policy Development Process (EPDP) Phase 2 report on evaluating a System for Standardized Access/Disclosure (SSAD) to non-public gTLD registration data after the decisions taken by the GNSO Council on September 24th. Notably, the Business Constituency (BC) and the Intellectual Property Constituency (IPC) have voted against the adoption of the Final Report of the EPDP team. more
The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more
With the latest "DNSpionage" attack, ICANN astutely prompted domain name holders to fully deploy DNSSEC on their names. Afilias absolutely supports this and encourages the same. In this post, I remind you of why DNSSEC is important and our continued role. Afilias has a long history in the development and advocacy of DNSSEC. In 2007, we partnered with Public Interest Registry to help found dnssec-deployment.org. more
It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more
Actually practical and not necessarily a problem. The Security Council of the Russian Federation, headed by Vladimir Putin, has ordered the "government to develop an independent internet infrastructure for BRICS nations, which would continue to work in the event of global internet malfunctions." RT believes "this system would be used by countries of the BRICS bloc - Brazil, Russia, India, China and South Africa." Expect dramatic claims about Russia's plan for an alternate root for the BRICs and not under Western control. more
Back in the early 2000s, several notable Internet researchers were predicting the death of the Internet. Based on the narrative, the Internet infrastructure had not been designed for the scale that was being projected at the time, supposedly leading to fatal security and scalability issues. Yet somehow the Internet industry has always found a way to dodge the bullet at the very last minute. more
On the morning of Wednesday 15th October, the The Domain Name Association (the DNA) held an important working group meeting during ICANN 51 Los Angeles. The topic was to discuss several operational issues between registries and registrars. The meeting's unofficial ongoing name is the Registry-Registrar Operations Working Group. The meeting was a continuation of an inaugural meeting that was held back in June of this year, and covered in a Industry Association: An Implementation Model circulated by the DNA from September 17, by Executive Director Kurt Pritz. more
Today, anyone can use WHOIS to identify the organization or person who registered a gTLD domain name, along with their postal address, email address, and telephone number. Publishing this data has long been controversial, creating a system riddled with problems. On one hand, anonymous access to all WHOIS data enables misuse by spammers and criminals and raises concerns about personal privacy. On the other hand, incomplete or false WHOIS data prolongs Internet outages and leaves crime victims with little recourse. more
We read carefully Scott Hollenbeck's call to form a Domain Name Industry association to promote consistency in technical operations across the many moving parts of the industry and we, the Board and members of the Domain Name Association, largely agree. More formal coordination among registry operators and domain name registrars would improve the domain name registration experience for registrants and business operations for the domain name industry in general. more
The background is of course quite interesting, given how soon it has followed Microsoft's seizure of several domains belonging to Dynamic DNS provider no-ip.com for alleged complicity in hosting trojan RAT gangs, a couple of days after which the domains were subsequently returned -- without public comment -- to Vitalwerks, the operator of No-IP. This is by no means a new tactic for Microsoft, who has carried out successful seizures of various domains over the past two or three years. more
I've often found truth in the famous George Santayana quote, "Those that cannot remember the past are doomed to repeat it." That's an apt warning for what is currently happening - again - with the hundreds of new generic Top Level Domains (gTLDs) that are launching ... and failing to work as expected on the Internet. First, a quick refresher: As most CircleID readers know, in the early 2000s, seven new gTLDs were launched: .AERO, .BIZ, .COOP, .INFO, .MUSEUM, .NAME and .PRO. Aside from Country Code TLDs (ccTLDs), these were the first top-level changes to the DNS since the early days of the Internet. more
Most people, even seasoned IT professionals, don't give DNS (the Domain Name System) the attention it deserves. As TCP/IP has become the dominant networking protocol, so has the use of DNS... Due to the reliability built into the fundamental RFC-based design of DNS, most IT professionals don't spend much time worrying about it. This can be a huge mistake! more
This post follows an earlier post about DNS amplification attacks being observed around the world. DNS Amplification Attacks are occurring regularly and even though they aren't generating headlines targets have to deal with floods of traffic and ISP infrastructure is needlessly stressed -- load balancers fail, network links get saturated, and servers get overloaded. And far more intense attacks can be launched at any time. more
A World-Renowned Source for Internet Developments. Serving Since 2002.