Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
The DNS root servers were reported by Verisign to be under unexpected attack from name servers across the Internet following ICANN's recent changes to their cryptographic master keys. more
This part 3 of the selecting a back-end registry service provider series focuses on Whois and sharing data in new gTLDs. If you've ever looked up information about a domain name you've used a Whois service. It's the public information system about contact information for a domain name or IP addresses, though in this article, we will just talk about domain name Whois. In some generic and sponsored Top Level Domains (gTLDs), Whois is run authoritatively by the gTLD. In older gTLDs such as .com and .net, the authoritative Whois service is run by the registrar responsible for the domain name. While some TLD operators run their own infrastructure... more
One of the "key" questions cryptographers have been asking for the past decade or more is what to do about the potential future development of a large-scale quantum computer. If theory holds, a quantum computer could break established public-key algorithms including RSA and elliptic curve cryptography (ECC), building on Peter Shor's groundbreaking result from 1994. more
The AntiPhishing Working Group (APWG) in a letter to ICANN has expressed concern that the redaction of the WHOIS data as defined by GDPR for all domains is "over-prescriptive". more
In a video posted on her website this morning, Viviane Reding, EU Commissioner for Information Society and Media, has called for greater transparency and accountability in Internet Governance. She outlines a new Internet Governance model which includes a fully private and accountable ICANN, accompanied by an independent judicial body, as well as a "G12 for Internet Governance" -- a multilateral forum for governments to discuss general internet governance policy and security issues... more
In January we presented the glorious history of the MIT spam conference, today we present the schedule for the first day. Opening session will be from this author, Garth Buren with a topic entitled The Internet Doomsday Book, with details be released the same day as the presentation. Followed by Dr. Robert Bruen with a review of activities since the last MIT spam conference... more
The imminent expiration date (September 30) of the joint project agreement between ICANN and the US government, establishing the US as unilateral supervisor over Internet's addressing and Domain Name System (DNS) operations, has rejuvenated the call for an internationalization of Internet oversight. The average Internet user, however, is unlikely to benefit from a change in the current status quo as both alternatives, full privatization and intergovernmental oversight, are bound to affect both the Internet's innovative power and the personal liberties enjoyed by its users. more
It is not often I go out to my driveway to pick up the Washington Post -- yes, I still enjoy reading a real physical paper, perhaps a sign of age -- and the headline is NOT about how the (insert DC sports team here) lost last night but is instead is about an IT technology. That technology is the Border Gateway Protocol (BGP), a major Internet protocol that has been around for more than a quarter century, before the Internet was commercialized and before most people even knew what the Internet was. more
For three years, I've been a member of ICANN's "Interim" At-Large Advisory Committee, ALAC. At this Vancouver meeting, for the first time, the ICANN Board met with us, and Bret captured it on mp3 for podcast. ALAC criticized ICANN's proposed settlement with VeriSign, and then spoke about the problems with the current structure for at-large participation. more
As a reader of this article, you are probably familiar with the DNS cache poisoning techniques discovered a few years ago. And you have most likely heard that DNSSEC is the long term cure. But you might not know exactly what challenges are involved with DNSSEC and what experience the early adopters have gathered and documented. Perhaps you waited with our own rollout until you could gather more documentation over the operational experience when rolling out DNSSEC. This article summarizes authors' experiences and learnings from implementing the technology in production environments as well as discusses associated operational issues. more
I have written a short paper on the topic of Internet Governance. Since it includes a number of resources, it would be easier for me to just point to a link with the document itself. Below are some selected excerpts from the document. "Several myths have been spreading around the World Summit on the Information Society (WSIS), but especially after the first Internet Governance Forum (IGF): The critical Internet resources (CIR) consist only of the IP addresses and the domain name system... There are only 13 root servers..." more
In Tony Li's article on path MTU discovery we see this text: "The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation." Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS... more
For all the many reasons raised by thousands of petitioners by prominent members of the U.S. Congress, and the California Attorney General's office, this "sale" plainly should not be occurring. However, in a very real way, it is déjà vu. For me, as one of the handful of people who were members of the original InterNIC public advisory committee which oversaw the spinout of the registry activity from its DARPA government instantiation to a private enterprise business... more
Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured. more
The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010. While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet. more
A World-Renowned Source for Internet Developments. Serving Since 2002.