DNS |
Sponsored by |
|
The DNS Abuse Institute recently published our sixth monthly report for our project to measure DNS Abuse: DNSAI Compass ('Compass'). Compass is an initiative of the DNS Abuse Institute to measure the use of the DNS for phishing and malware. The intention is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement. more
In the previous four installments, we've been looking at aspects of the design of the DNS. Today we look at the amount of data one can ask the DNS to store and to serve to clients. Most DNS queries are made via UDP, a single packet for query and a single packet for the response, with the packet size traditionally limited to 512 bytes. This limits the payload of the returned records in a response packet to about 400 bytes... more
Wikileaks is still accessible -- via Google. Does that change anything? For many Internet users IP addresses as well as domain names are completely transparent. Further, Google (and other search engines) and often the first stop when these users wants to find a service, or a web site. Thus, many of us discussed over the years the eventual viability of Google (... and other search engines) as "DNS" (note the "'s). Now, don't jump at my throat quite yet... more
At NANOG 79 earlier this month Craig Labowitz from Nokia Deepfield presented on the impact on the COVID-19 pandemic on Internet use. The approach to the analysis used real-time streaming telemetry from Communication Service Provider (CSP) backbone and aggregation routers, and the data analysis covered content provider networks in North America, Europe and parts of Asia. more
New research from the Global Cyber Alliance (GCA) released on Wednesday reports that the use of freely available DNS firewalls could prevent 33% of cybersecurity data breaches from occurring. more
When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers. more
Throughout this series of blog posts we've discussed a number of issues related to security, stability, and resilience of the DNS ecosystem, particularly as we approach the rollout of new gTLDs. Additionally, we highlighted a number of issues that we believe are outstanding and need to be resolved before the safe introduction of new gTLDs can occur - and we tried to provide some context as to why, all the while continuously highlighting that nearly all of these unresolved recommendations came from parties in addition to Verisign over the last several years. more
The ICANN Intellectual Property Constituency (IPC) and Business Constituency (BC) will be hosting a community-wide discussion regarding the proposed accreditation and access model for non-public WHOIS data, which was first circulated to the community during ICANN 61. The discussion will take place via ICANN-supported remote participation and/or audio bridge this Friday, April 6, 2018, from 1400-1600 UTC. more
So we finally have a signed root zone. Now when is someone going to answer the question I first asked over five years ago and have still not had an answer to: How do the domain name owner's keys get into the TLD? Before we have a system people can use there have to be technical standards, validation criteria and a business model. Where are they? more
Two things are important to stress. First, nothing was decided in this meeting, and no actions will be taken until the next meeting in 2005. Secondly, and more importantly, as with anything the devil is in the details. Given the vagueness of the documents available, there are few reliable conclusions that can be drawn from the summit...Before any judgments can be made about the effectiveness, or feasibility of the ideas outlined in the Plan of Action more concrete information is needed. The details of these plans are currently unknown to the Internet community at large, and may even be unknown to the members of the WSIS. Based on the information that is available it appears the Plan of Action needs to be thought through a little more thoroughly. more
On November 5, 2015 the Office of the U.S. Trade Representative (USTR) released the official text of the Trans-Pacific Partnership (TPP). That text consists of 30 separate Chapters totaling more than 2,000 pages, and is accompanied by four additional Annexes and dozens of Related Instruments. Only those who negotiated it are likely to have a detailed understanding of all its provisions, and even that probably overstates reality. more
Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more
This week, 17 individuals from about a dozen organizations in the DNS space met up in Manchester, NH at the Dyn Inc. headquarters for a first of its kind Summit for DNS industry insiders. Called "Inside Baseball," we wanted to bring people together from every spectrum of the DNS industry to inspire collaboration and innovation. more
In our last installment we discussed MIME, Unicode and UTF-8, and IDNA, three things that have brought the Internet and e-mail out of the ASCII and English only era and closer to fully handling all languages. Today we'll look at the surprisingly difficult problems involved in fixing the last bit, internationalized e-mail addresses. more
It's a simple, straightforward fact that the root is not a TLD. However, the current policy around new gTLDs treats the root like a TLD registry and as anyone who runs a TLD registry knows, they have certain inescapable characteristics that may not be the best for the root. In almost every TLD, once a domain name has been registered, the registrant can use it commercially with few restrictions... more
A World-Renowned Source for Internet Developments. Serving Since 2002.