Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Microsoft announced today its plans to adopt DNS over HTTPS (DoH) protocol in Windows and will also keep other options such as DNS over TLS (DoT) on the table for consideration. more
In the previous installment, we looked at the overall design of the DNS. Today we'll look at the ways it does and does not allow clients to look up data by name. The most important limitation of the DNS, compared to other databases, is that it only does exact match lookups. That is, with a few minor exceptions, the name in the query has to match the name of the desired records exactly. more
In an unprecedented development, all stakeholder groups and constituencies comprising ICANN"s Generic Names Supporting Organization (GNSO) unanimously endorsed a joint statement in support of the creation of an independent accountability mechanism "that provides meaningful review and adequate redress for those harmed by ICANN action or inaction in contravention of an agreed upon compact with the community". The statement was read aloud during a June 26th session on the IANA transition process held on the last day of the ICANN 50 public meeting in London. more
Implementing security requires attention to detail. Integrating security services with applications where neither the security service nor the application consider their counterpart in their design sometimes make plain that a fundamental change in existing practices is needed. Existing "standard" registrar business practices require revision before the benefits of the secure infrastructure foundation DNSSEC offers can be realized. more
As you certainly noticed, a lot of traditional media has recently been focusing on click fraud. Is it as big of an issue as it is made out to be, compared to traditional advertising? Unfortunately Eytan Elbaz of Google will not answer this question with statistics, but he lets us know that Google has the problem under control. Here are some notes based on the Click Fraud Session at the Targeted Traffic Conference in Hollywood, Florida last week. more
At its 32d International Junket Meeting last week, ICANN's Board approved the GNSO Council's recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings... more
The Domain Name System, or DNS, has come a long way since its early days and the constant expansion of consumer activity and security concerns has raised further awareness about the critical role of the DNS. However, as the Yankee Group Research points out in a recent report, "there are more changes coming that are also raising the profile of DNS -- notably the move to cloud computing and the migration to IPv6." Suffice to say this is "Not Your Father's DNS". The report titled, "DNS: Risk, Reward and Managed Services" takes a fresh look at today's state of the DNS and the pros and cons of in-house, ISP and managed service provider DNS management options. more
While the majority of ICANN's Security and Stability Advisory Committee (SSAC) have given the organization the green signal to roll, or change, the "top" pair of cryptographic keys used in the DNSSEC protocol, commonly known as the Root Zone KSK (Key Signing Key), five members of the committee advised against the October 11 rollover timeline. more
On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision. more
Back from the holidays I must admit I was thinking quite a bit on what is good policy for a registry? Of course I have my own personal favorites that I can not walk away from easily, but instead of thinking for too long, I decided to write down now immediately what is in my head. The main reasons for this are two: the decision by ICANN to change the rules for change in policy regarding the Add Grace Periods. more
The results of the recent NTIA consultation made it clear that there is no real public or industry support for unilateral control of the DNS root by the U.S. government. The latest and most interesting sign of collapsing support for US unilateral control of the DNS root, which the Internet Governance Project learned of today, is a proposal being circulated by G. Beckwith Burr... more
It was only a few weeks back, in July of this year, where I remarked that an Akamai report of an outage was unusual for this industry. It was unusual in that it was informative in detailing their understanding of the root cause of the problem, describing the response that they performed to rectify the immediate problem, the measures being undertaken to prevent a recurrence of this issue, and the longer-term measures to improve the monitoring and alerting processes used within their platform. more
Some of ICANN's current proceedings on the introduction of new generic top level domains (gTLDs) provide a case study on how not to develop public policy. In particular, the Rights Protection Mechanism proceedings, with serious implications for trademark owners, have followed a course that does not correspond to the ideal of ICANN's bottom-up, consensus-based processes for policy development. More importantly, these proceedings are effectively unilateral developments in international law without the benefit of treaties or international conventions. more
This visual depicts about half of the currently approved internationalized domain names (IDNs), positioned over their respective regions. Notice the wide range of scripts over India and the wide range of Arabic domains. I left off the Latin country code equivalents (in, cn, th, sa, etc.) to illustrate what the Internet is going to look like (at a very high level) in the years ahead. more
ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC. "During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy." more
A World-Renowned Source for Internet Developments. Serving Since 2002.