Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Microsoft announced today its plans to adopt DNS over HTTPS (DoH) protocol in Windows and will also keep other options such as DNS over TLS (DoT) on the table for consideration. more
The Domain Name System, or DNS, has come a long way since its early days and the constant expansion of consumer activity and security concerns has raised further awareness about the critical role of the DNS. However, as the Yankee Group Research points out in a recent report, "there are more changes coming that are also raising the profile of DNS -- notably the move to cloud computing and the migration to IPv6." Suffice to say this is "Not Your Father's DNS". The report titled, "DNS: Risk, Reward and Managed Services" takes a fresh look at today's state of the DNS and the pros and cons of in-house, ISP and managed service provider DNS management options. more
In the previous installment, we looked at the overall design of the DNS. Today we'll look at the ways it does and does not allow clients to look up data by name. The most important limitation of the DNS, compared to other databases, is that it only does exact match lookups. That is, with a few minor exceptions, the name in the query has to match the name of the desired records exactly. more
At its 32d International Junket Meeting last week, ICANN's Board approved the GNSO Council's recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings... more
History is a great teacher, we are told. So, on the cusp of an explosion in new top-level domains, what can we learn from the two previous expansions of the Internet's naming space? And what are the pitfalls to avoid? Let's just assume the fundamental and obvious lessons of realistic expectations, a solid business plan and prudent resource management, and instead focus on the little talked about but still critical lessons that will separate the winners and the losers in this race. But first - a caveat! more
As you certainly noticed, a lot of traditional media has recently been focusing on click fraud. Is it as big of an issue as it is made out to be, compared to traditional advertising? Unfortunately Eytan Elbaz of Google will not answer this question with statistics, but he lets us know that Google has the problem under control. Here are some notes based on the Click Fraud Session at the Targeted Traffic Conference in Hollywood, Florida last week. more
In an unprecedented development, all stakeholder groups and constituencies comprising ICANN"s Generic Names Supporting Organization (GNSO) unanimously endorsed a joint statement in support of the creation of an independent accountability mechanism "that provides meaningful review and adequate redress for those harmed by ICANN action or inaction in contravention of an agreed upon compact with the community". The statement was read aloud during a June 26th session on the IANA transition process held on the last day of the ICANN 50 public meeting in London. more
While the majority of ICANN's Security and Stability Advisory Committee (SSAC) have given the organization the green signal to roll, or change, the "top" pair of cryptographic keys used in the DNSSEC protocol, commonly known as the Root Zone KSK (Key Signing Key), five members of the committee advised against the October 11 rollover timeline. more
The results of the recent NTIA consultation made it clear that there is no real public or industry support for unilateral control of the DNS root by the U.S. government. The latest and most interesting sign of collapsing support for US unilateral control of the DNS root, which the Internet Governance Project learned of today, is a proposal being circulated by G. Beckwith Burr... more
ICANN staff recently posted on its website an updated timeline on the new gTLD process. Attempting to be "fair and balanced," I see some good, some bad, and some potential ugly in this timeline. I know there are a lot of good people at ICANN working very hard to conclude the Herculean task of implementing the new gTLD process. However, ICANN just can't help shooting itself in the foot with poorly worded and ambiguous statements... more
Back from the holidays I must admit I was thinking quite a bit on what is good policy for a registry? Of course I have my own personal favorites that I can not walk away from easily, but instead of thinking for too long, I decided to write down now immediately what is in my head. The main reasons for this are two: the decision by ICANN to change the rules for change in policy regarding the Add Grace Periods. more
On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision. more
ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC. "During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy." more
A coalition of over 50 domain Registrars from around the world have recommended an alternative to ICANN's proposed 2004-2005 budget. The alternative proposal from the ICANNBudget.org Registrars would cap Registrar contributions at $11 million per year for the next three years. Although this proposal represents a significant expansion beyond ICANN's 2003-2004 budget of $8.6 million budget, it is still slim compared with ICANN's own $15.8 million budget proposal. Of potentially greater importance, the alternative budget differs significantly from ICANN's proposal in the structure of the Registrar fees. more
Within the last year or two, I've heard people express an opinion to the effect that if the domain name industry put as much focus on preventing distributed denial of service attacks as we have on implementing DNSSEC, the Internet would be a safer place. While there may be a grain of truth there, I suggest that this kind of thinking presents us with something of a false dichotomy. more
A World-Renowned Source for Internet Developments. Serving Since 2002.