Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
The DNS root servers were reported by Verisign to be under unexpected attack from name servers across the Internet following ICANN's recent changes to their cryptographic master keys. more
In Tony Li's article on path MTU discovery we see this text: "The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation." Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS... more
Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more
I have written a short paper on the topic of Internet Governance. Since it includes a number of resources, it would be easier for me to just point to a link with the document itself. Below are some selected excerpts from the document. "Several myths have been spreading around the World Summit on the Information Society (WSIS), but especially after the first Internet Governance Forum (IGF): The critical Internet resources (CIR) consist only of the IP addresses and the domain name system... There are only 13 root servers..." more
This part 3 of the selecting a back-end registry service provider series focuses on Whois and sharing data in new gTLDs. If you've ever looked up information about a domain name you've used a Whois service. It's the public information system about contact information for a domain name or IP addresses, though in this article, we will just talk about domain name Whois. In some generic and sponsored Top Level Domains (gTLDs), Whois is run authoritatively by the gTLD. In older gTLDs such as .com and .net, the authoritative Whois service is run by the registrar responsible for the domain name. While some TLD operators run their own infrastructure... more
As the name indicates, the Internet of Things (IoT) should be an extension of the Internet. However, in reality, most IoT applications are Siloed infrastructures. We will analyse the main challenges in the IoT and explain how an Internet registry could be evolved to provide a secure and privacy integrated Identity and access management service for IoT. more
The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010. While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet. more
In an unexpected move, the two top U.S. officials charged with the Obama Administration's Internet policy have issued a joint statement severely criticizing draft Chinese domain policies. On May 16th, the State Department's Ambassador Daniel A. Sepulveda and NTIA's Assistant Secretary for Communications and Information Lawrence E. Strickling issued an official statement titled "China's Internet Domain Name Measures and the Digital Economy". more
The imminent expiration date (September 30) of the joint project agreement between ICANN and the US government, establishing the US as unilateral supervisor over Internet's addressing and Domain Name System (DNS) operations, has rejuvenated the call for an internationalization of Internet oversight. The average Internet user, however, is unlikely to benefit from a change in the current status quo as both alternatives, full privatization and intergovernmental oversight, are bound to affect both the Internet's innovative power and the personal liberties enjoyed by its users. more
Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured. more
The public policy objectives in the area of content filtering and blocking space are intended to fulfil certain public policy objectives by preventing users within a country from accessing certain online content. The motives for such public policies vary from a desire to uphold societal values through to concessions made to copyright holders to deter the circulation of unauthorised redistribution of content. more
New research from the Global Cyber Alliance (GCA) released on Wednesday reports that the use of freely available DNS firewalls could prevent 33% of cybersecurity data breaches from occurring. more
The AntiPhishing Working Group (APWG) in a letter to ICANN has expressed concern that the redaction of the WHOIS data as defined by GDPR for all domains is "over-prescriptive". more
In a recent workshop, I attended, reflecting on the evolution of the Internet over the past 40 years, one of the takeaways for me is how we've managed to surprise ourselves in both the unanticipated successes we've encountered and in the instances of failure when technology has stubbornly resisted to be deployed despite our confident expectations to the contrary! What have we learned from these lessons about our inability to predict technology outcomes? more
The ICANN Security and Stability Advisory Committee (SSAC) has recently published SAC105, a report on the interplay between the DNS and the Internet of Things (IoT). Unlike typical SSAC publications, SAC105 does not provide particular recommendations to the ICANN Board, but instead is informative in nature and intends to trigger and facilitate dialogue in the broader ICANN community. more
A World-Renowned Source for Internet Developments. Serving Since 2002.