Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Unlike traditional attacks by hackers which breach a business's security systems, resulting in defaced websites, intellectual property theft and/or customer data theft, a DDoS attack focuses on making a business's Internet connected infrastructure (e.g. web servers, email servers, database servers, FTP servers, APIs, etc.) unavailable to legitimate users. A business's brand reputation, which can take years to establish, can be swept away in just a few hours from a single DDoS attack in the same way a natural disaster like a flood or earthquake can impact a traditional brick and mortar business. more
ICANN's two-year effort to purportedly preserve the Whois public directory to the greatest extent possible while complying with GDPR has failed. Under the latest proposal, the Whois database, once a contractually-required directory of domain name registrants, will be gutted to the point of virtual worthlessness, as registrars, registries, academics, and hand-wringing others ignored the public interest and imposed ever-higher barriers to legitimate, GDPR-compliant access to registration data. more
For me, one of the more interesting sessions at the recent IETF 81 meeting in July was the first meeting of the recently established Homenet Working Group. What's so interesting about networking the home? Well, if you regard challenges as "interesting", then just about everything is interesting when you look at networking in the home! more
A call to action went out: a small, California-based organization called People for Internet Responsibility (PFIR) posted an announcement for an urgent conference - "Preventing the Internet Meltdown." The meltdown that PFIR envisioned was not an impending technical malfunction or enemy attack. Instead, conference organizers foresaw "risks of imminent disruption" to the Internet that would come from an unlikely sector: government officials and bureaucrats working on the unglamorous-sounding problems of Internet Governance. more
The recent news that Mozilla and Cloudflare are deploying their own DNS recursive resolver has once again raised hopes that users will enjoy improved privacy, since they can send DNS traffic encrypted to Cloudflare, rather than to their ISP. In this post, we explain why this approach only moves your private data from the ISP to (yet another) third party. You might trust that third party more than your ISP, but you still have to trust them. In this post, we present an alternative design -- Oblivious DNS -- that prevents you from having to make that choice at all. more
So we finally have a signed root zone. Now when is someone going to answer the question I first asked over five years ago and have still not had an answer to: How do the domain name owner's keys get into the TLD? Before we have a system people can use there have to be technical standards, validation criteria and a business model. Where are they? more
VeriSign has reported that they are cooperating with a grand jury subpoena and a SEC inquiry into their historical stock option grants. More can be found here. Backdating of options is essentially a fraud against existing shareholders, as noted in the press or simply searching Google for "backdating fraud". Under the existing 2001 .com Registry Agreement, section 16.C would allow for termination of the agreement by ICANN in the event that VeriSign "is convicted by a court of competent jurisdiction of a felony or other serious offense related to financial activities... more
Poker players say if you can't spot the fish within your first 15 minutes at the table, you're the fish. With that in mind, I'm tempted to ask ICANN President Fadi Chehade who's the fish in the high-stakes game of global Internet governance we're now playing. In 2013, ICANN dramatically changed its course in the global Internet governance debate. For a decade ICANN largely stayed out of the game, allowing stakeholders to defend the multi-stakeholder model where private sector and civil society are on equal footing with governments. But in 2013 ICANN went on the offensive... more
Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals. On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). more
Tomorrow, January 12th 2012 ICANN will open the application window for new TLDs. This post includes answers to some of the based frequently asked questions. If you have any other questions/queries, or if something is unclear please let me know via the comment at the end of the post. more
Part of the stated reason for the high price point stated by Verisign was to "deter domain speculators" with a price that was high. If the price was set at $1, they claim, speculators would buy all the WLS subscriptions before any other people. So if Verisign is trying to really deter domain speculators then why are they not releasing information on who owns a WLS? Or limiting the number of WLS that a person can have. Seems like a shallow argument if the only deterring thing is raising more money for the Verisign monopoly rather than setting limits... more
The Associated Press reports this week on ICANN developments involving the Whois reform. The Whois database, which displays domain name registrant information including names, addresses, phone numbers, postal and email addresses, has been the subject of years of debate within ICANN as many in the Internet community have expressed concerns about the mandatory disclosure of such personal information. The Generic Names Supporting Organization (GNSO) has successfully pushed for reform, though it is uncertain how the ICANN board will respond. more
After attending the afternoon ICANN Security & Stability Committee meeting, I realized that the issues involved fall into several related but independent dimensions. Shy person that I am *Cough*, I have opinions in all, but I think it's worthwhile simply to be able to explain the Big Picture to media and other folks that aren't immersed in our field. In these notes, I'm trying to maintain neutrality about the issues. I do have strong opinions about most, but I'll post those separately, often dealing with one issue at a time. more
The North American Network Operators' Group (NANOG) is now quite an institution for the Internet, particularly in the North American Internet community. It was an offshoot of the Regional Techs meetings, which were part of the National Science Foundation Network (NSFNET) framework of the late 80s and early 90s. NANOG has thrived since then and is certainly one of the major network operational forums in today's Internet – if not the preeminent forum for network operators for the entire Internet. more
In the previous four installments, we've been looking at aspects of the design of the DNS. Today we look at the amount of data one can ask the DNS to store and to serve to clients. Most DNS queries are made via UDP, a single packet for query and a single packet for the response, with the packet size traditionally limited to 512 bytes. This limits the payload of the returned records in a response packet to about 400 bytes... more
A World-Renowned Source for Internet Developments. Serving Since 2002.