Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Capacity and scalability are necessary in managing DNSSEC and D/DoS. Capacity, necessary for maintaining operations during D/DoS attacks, is also necessary for increased traffic due to DNSSEC deployment. Scalability is highly important, as DNSSEC is deployed not only will greater traffic levels will be encountered, greater demand will be placed on the DNS platform. In the interest of understanding both capacity and scalability CommunityDNS conducted tests to assess the readiness of the two main DNS server platforms, BIND and NSD... more
To mix metaphors, my e-mail has been ringing off the hook after my previous article and I've had to think deep and difficult thoughts about what we really mean by DNSCERT, and whether DNS-OARC really has the capability or really can grow the capability to operate such a thing. I've had some discussions with ICANN and with members of the DNS-OARC board and staff, and it's time I checkpointed the current state of my thinking about all this. more
As the shorter of the ICANN interregnums comes to a close and the ICANN faithful finalize their dinner reservation agendas for Brussels, it is time again for a preview of what will be 'on-tap' at next week's ICANN meeting. While, as always, there is a lot going on in ICANN Land, a scan of the blogosphere and ICANN list serves suggests that the four most discussed topics will be... more
On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. ... The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. more
As a registrar at the front end of the DNSSEC deployment effort, our technical team has made a sustained investment in DNSSEC deployment so that our customers don't get overwhelmed by this wave of changes to the core infrastructure of the Domain Name System. Along the way, we've learnt a lot about how to implement DNSSEC which might hold useful lessons for other organizations that plan to deploy DNSSEC in their networks. more
As a reader of this article, you are probably familiar with the DNS cache poisoning techniques discovered a few years ago. And you have most likely heard that DNSSEC is the long term cure. But you might not know exactly what challenges are involved with DNSSEC and what experience the early adopters have gathered and documented. Perhaps you waited with our own rollout until you could gather more documentation over the operational experience when rolling out DNSSEC. This article summarizes authors' experiences and learnings from implementing the technology in production environments as well as discusses associated operational issues. more
Last week at the ICANN meeting in Nairobi, a plan was announced by ICANN staff to create a "CERT" for DNS. That's a Community Emergency Response Team (CERT) for the global Domain Name System (DNS). There are all kinds of CERTs in the world today, both inside and outside the Internet industry. There isn't one for DNS, and that's basically my fault, and so I have been following the developments in Nairobi this week very closely. more
News reports say that the Israeli government is close to passing a law that requires portable e-mail addresses, similar to portable phone numbers. Number portability has been a success, making it much easier to switch from one provider to another, and address portability might ease switching among ISPs. But e-mail is not phone calls. Is it even possible? more
Since my last post about DNS subversion we have had some good feedback. We had 29 responses, I agree a small sample, but what we found is very interesting. Let's remind ourselves of what we are looking at? Does your ISP redirect DNS queries? Specifically, if you try to make a port 53 UDP or TCP connection to a server outside of your ISP's network does it get there? more
In a post today on Comcast's blog, Chris Griffiths, DNS Engineering Manger, has informed customers that they have begun to role a DNS redirection service -- a controversial service offered by several other ISPs over the years to redirect mistyped URLs to ad-based pages instead of a typical 404 error page. The service called "Domain Name Helper Service" is being launched as a market trial in Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington according to the company. more
Some of the root server operators post public statistics for their domain name traffic at the top-level. For example, the graph (which can take a bit of time to generate, given ICANN's slow servers) for the L-root server's most popular Top-Level Domain (TLD) queries demonstrates, to no one's surprise, that .com is king. What's more interesting, though, especially given the new generic Top-Level Domain (gTLD) debate, is to look at the most popular invalid (non-existent) TLDs. more
Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more
Viviane Redding, the Information Society and Media Commissioner for the EC posted a video blog this week noting that the JPA between ICANN and the US Department of Commerce ends this September. In it she proposes that ICANN be overseen by a "G-12 for Internet Governance" with 12 geographically balanced government representatives from around the world. That's such a non-starter that I'm baffled that she would even propose it... more
ICANN Meetings can be an intimidating place for first-timers or even those who have only attended for the few years. The acronyms fly fast and furious. The participants, or at least most of them, have been working on the issues for years (even decades). The technical and policy issues are complex. Luckily, however, an attendee can overcome these barriers to entry with a few drinks at the hotel bar. .. more
It didn't seem to make any headlines, but it is an interesting sign of the Internet times that, effective January 1, 2009 , the United State Patent and Trademark Office ("USPTO") changed the International Classification of "domain name registration services" to Class 45 (defined below). The reason that the move is interesting is that it is just one more indication that the world of the Internet is becoming less and less about technology and more and more about law and policy. more
A World-Renowned Source for Internet Developments. Serving Since 2002.