DNS |
Sponsored by |
|
The Associated Press reports this week on ICANN developments involving the Whois reform. The Whois database, which displays domain name registrant information including names, addresses, phone numbers, postal and email addresses, has been the subject of years of debate within ICANN as many in the Internet community have expressed concerns about the mandatory disclosure of such personal information. The Generic Names Supporting Organization (GNSO) has successfully pushed for reform, though it is uncertain how the ICANN board will respond. more
Back from the holidays I must admit I was thinking quite a bit on what is good policy for a registry? Of course I have my own personal favorites that I can not walk away from easily, but instead of thinking for too long, I decided to write down now immediately what is in my head. The main reasons for this are two: the decision by ICANN to change the rules for change in policy regarding the Add Grace Periods. more
Any form of public communications network necessarily exposes some information about the identity and activity of the user's of its services. The extent to which such exposure of information can be subverted and used in ways that are in stark opposition to the users' individual interests forms part of the motivation on the part of many users to reduce such open exposure to an absolute minimum. The tensions between a desire to protect the user through increasing the level of opacity of network transactions to third party surveillance, and the need to expose some level of basic information to support the functions of a network lies at the heart of many of the security issues in today's Internet. more
As I noted over the weekend, ICANN has instigated legal action against EPAG, an ICANN accredited registrar based in Germany that is part of the Tucows group. ICANN claims that the case is to "preserve WHOIS data", but Tucows asserts in their statement that the ICANN approach is flawed. It's not a frivolous statement, but one they've backed with fairly detailed rationale - and this is just their public statement and not a formal legal filing. more
Do you recall when you were a kid and you experienced for the first time an unnatural event where some other kid "stole" your name and their parents were now calling their child by your name, causing much confusion for all on the playground? And how this all made things even more complicated - or at least unnecessarily complex when you and that kid shared a classroom and teacher, or street, or coach and team, and just perhaps that kid even had the same surname as you, amplifying the issue! What you were experiencing was a naming collision (in meatspace). more
Unlike traditional attacks by hackers which breach a business's security systems, resulting in defaced websites, intellectual property theft and/or customer data theft, a DDoS attack focuses on making a business's Internet connected infrastructure (e.g. web servers, email servers, database servers, FTP servers, APIs, etc.) unavailable to legitimate users. A business's brand reputation, which can take years to establish, can be swept away in just a few hours from a single DDoS attack in the same way a natural disaster like a flood or earthquake can impact a traditional brick and mortar business. more
For the past two years a diverse group of stakeholders from the ICANN community, including myself, has been working hard to come to a consensus on a set of recommendations related to development and implementation of an ICANN accreditation program for privacy & proxy service providers. The result of this effort will replace the interim specification defined in the 2013 Registrar Accreditation Agreement (RAA) that is due to expire at the end of 2016. more
ICANN's call for Public Comment on Proposed Amendment 3 to the .com Registry Agreement yielded 9,040 public comments during the six-week comment period that ran from January 3, 2020 to February 14, 2020. The public response was amongst the most robust if not the most robust, that ICANN has ever received. To put this in context, the last several Public Comment periods received under 20 comments apiece. more
The October 21 DDoS attacks against the 13 root-name servers containing the master domain list for the Internet's Domain Name System (DNS), (which reportedly took offline 9 of the 13 servers) remain a clear and daunting reminder of the vulnerabilities associated with online security. Many DNS authorities have named the most recent hit the largest DDoS attack against the root server system. Chris Morrow, network security engineer for UUNET, the service provider for two of the world's 13 root servers, recently told The Washington Post... more
It was rather interesting to read this new agreement between the USDoC and ICANN talking about the mechanisms, methods and procedures necessary to effect the transition of Internet domain name and addressing system (DNS) to the private sector. What was more interesting though was to read in this very agreement the following: "...the Department continues to support the work of ICANN as the coordinator for the technical functions related to the management of the Internet DNS". OK, let's be honest! Technical? more
On February 16, 2012 ICANN took the new step of suspending the Registrar Alantron's ability to register new names or accept inbound domain transfers. This new compliance tool was used following Alantron's apparently inadequate response to a breach notice issued November 7, 2011. The issue in part concerns Alantron's perpetual problems with Port 43 WHOIS access which is required by the Registrar Accreditation Agreement. more
Geoff Huston's recent post about the rise of DNS amplification attacks offers excellent perspective on the issue. Major incidents like the Spamhaus attack Geoff mentions at the beginning of his post make headlines, but even small attacks create noticeable floods of traffic. These attacks are easy to launch and effective even with relatively modest resources and we see evidence they're occurring regularly. Although DNS servers are not usually the target of these attacks the increase in traffic and larger response sizes typically stress DNS infrastructure and require attention from operation teams. more
As Internet services go, WHOIS held a lot of promise but has repeatedly failed to live up to its potential; raising the question "is it time to retire WHOIS?" The concept behind WHOIS was simple. For each and every registered domain name, provide the facility for querying details about who owns it, who administers it, when was it created and when it will expire. Unfortunately the service lost its way practically from day one after failing to agree upon or adhere to any formal structure of the content it provides. more
Ripped from the headlines: A recent DDoS attack lasted an entire 60 days. In other news, a single site was attacked 218 times in Q2 alone. To those of us in the business of protecting Web infrastructure, these stories are hardly surprising. What's notable, though, is where they were reported, in The Financial, whose focus is banking and financial services, not technology. The reporters used the term "DDoS" as if it were as common as "hedge fund," something everyday business people, not just techies, grasp. It's this human element that caught my interest and got me thinking a little. more
In previous posts in this series, I've discussed a number of applications of cryptography to the DNS, many of them related to the Domain Name System Security Extensions (DNSSEC). In this final blog post, I'll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption. (I've also written about DNS encryption as well as minimization in a separate post on DNS information protection.) more
A World-Renowned Source for Internet Developments. Serving Since 2002.