DNS |
Sponsored by |
|
Are you ready? Are your systems prepared so that DNS will keep functioning for your networks? One week from today, on Thursday, October 11, 2018, at 16:00 UTC ICANN will change the cryptographic key that is at the center of the DNS security system - what we call DNSSEC. The current key has been in place since July 15, 2010. This is a long-planned replacement. more
The North American Network Operators' Group (NANOG) is now quite an institution for the Internet, particularly in the North American Internet community. It was an offshoot of the Regional Techs meetings, which were part of the National Science Foundation Network (NSFNET) framework of the late 80s and early 90s. NANOG has thrived since then and is certainly one of the major network operational forums in today's Internet – if not the preeminent forum for network operators for the entire Internet. more
Day two of Domain Pulse 2008 last Friday (see review of day one) focused on online security issues giving the techies amongst us details of security issues, and the more policy-orientated amongst us something to chew on in a few other presentations. Kieren McCarthy, these days of ICANN, also gave some insights into the drawn out sex.com drama with more twists and turns than the average soap opera has in a year! And Randy Bush outlined the problems with IPv6. Among other presentations... more
Here is a list of the most viewed news and blog postings that were featured on CircleID in 2007. Best wishes for 2008. more
In the last article we examined the language in Stuart Lynn's A Plan for Action Regarding New gTLDs, and I addressed concerns about specific language in that document. In this article, I will examine several questions of importance that need to be addressed when discussing new gTLD policy; questions that Mr. Lynn leaves unanswered in his proposal... more
Two US Government contractors and the National Institute of Science and Technology have released a white paper, "Statement of Needed Internet Capability," detailing possible alternatives and considerations for a Trust Anchor Repository (TAR) to support DNSSEC deployment. The document was released through the DNSSEC-Deployment Group this week with a request that it be circulated as widely as possible to gather feedback. A Trust Anchor Repository (TAR) refers to the concept of a DNS resource record store that contains secure entry point keys... more
With the recent attacks against high-profile New Zealand domain names including Coca-Cola.co.nz and F-Secure.co.nz, fingers are naturally pointing to Domainz, the registrar of record for these domains, as the party responsible for this lapse in security. While domain name registrars certainly need to ensure the security and stability of their systems, domain name registries must also step up and take responsibility for mitigating risks posed by hackers... more
CENTR, the Council of European National Top Level Domain Registries, has produced the following video to help explain the functioning of the Domain Name System (DNS). more
Earlier this week, we inserted eleven new top-level domains in the DNS root zone. These represent the term "test" translated into ten languages, in ten different scripts (Chinese is represented in two different scripts, and Arabic script is used by two different languages). This blog post is not about that. (If you're interested about it, read our report on the delegations.) What I would like to talk about is some of the difficulties we face today in expressing scripts in a consistent way over the Internet... more
Following up on the big decision at the Paris ICANN meeting in June to make new Top-Level Domains available, there's lots of activity at the ICANN conference in Cairo, Egypt this week. A few of the hot topics of discussion that we are following are the applications process for new generic Top-Level Domains (gTLDs), Registry/Registrar Cross Ownership, and restructuring of the ICANN Board. more
In the first part of this trilogy, I discussed the importance of automatically provisioned second generation DNS in connection with Software Defined Networking (SDN) and Software Defined Data Centre (SDDC). In the second post, I talked about IP addressing, private enterprise networks, and how DHCP does not meet the requirements of multitenant Infrastructure-as-a-Service (IaaS) cloud environments. I will now wrap up this trilogy by putting these two thesis into real-life context. more
As the implementation of DNSSEC continues to gather momentum and with a number of ccTLDs, and the '.org' gTLD having deployed it into their production systems, I think it is worth pausing to take a look at the entire DNSSEC situation. Whilst it is absolutely clear that DNSSEC is a significant step forward in terms of securing the DNS, it is but one link in the security chain and is therefore not, in itself, a comprehensive solution to fully securing the DNS system. more
Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news... The spread of insecure broadband modems (DSL and Cable) is extremely wide-spread, with numerous ISPs, large and small, whose entire (read significant portions of) broadband population is vulnerable. more
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more
During 2012, Software Defined Networking (SDN) seemed to be all the rage. The VMware acquisition of Nicira during the summer doldrums for US $1.26 billion validated the fact that the SDN paradigm is expected to have some serious legs over the coming years. I guess the same applies to virtualized network services in general, although the acquisitions in that space were not quite as high-profile as the ones in SDN. more
A World-Renowned Source for Internet Developments. Serving Since 2002.