Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more
Wikileaks is still accessible -- via Google. Does that change anything? For many Internet users IP addresses as well as domain names are completely transparent. Further, Google (and other search engines) and often the first stop when these users wants to find a service, or a web site. Thus, many of us discussed over the years the eventual viability of Google (... and other search engines) as "DNS" (note the "'s). Now, don't jump at my throat quite yet... more
The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more
Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news... The spread of insecure broadband modems (DSL and Cable) is extremely wide-spread, with numerous ISPs, large and small, whose entire (read significant portions of) broadband population is vulnerable. more
Around 350 attendees came from Russia in the east to Ireland in the west, as well as a few people from elsewhere around the globe, to attend Domain Pulse 2008 in Vienna on February 21 and 22. Day one's focus was internet governance. The future of the DNS was one of the key issues addressed by Michael Nelson of Georgetown University in Washington DC, with domain names becoming less important, but their numbers still increasing, as online access by a myriad of devices skyrockets connect -- everything from the television, refrigerator, washing machine, pets, sprinkler systems and cars. more
Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more
Time Warner Cable's planned experiment with tiered charging for Internet access has generated a flurry of coverage in the blogsphere, but no new insights (at least that I've seen). The primary problem ISP's complain about is that 5% of their customers use 90% of the available bandwidth and when they examine this traffic, it's mostly peer-to-peer file sharing... more
Two principles in computer security that help bound the impact of a security compromise are the principle of least privilege and the principle of minimum disclosure or need-to-know. As described by Jerome Saltzer in a July 1974 Communications of the ACM article, Protection and the Control of Information Sharing in Multics, the principle of least privilege states, "Every program and every privileged user should operate using the least amount of privilege necessary to complete the job." more
Two US Government contractors and the National Institute of Science and Technology have released a white paper, "Statement of Needed Internet Capability," detailing possible alternatives and considerations for a Trust Anchor Repository (TAR) to support DNSSEC deployment. The document was released through the DNSSEC-Deployment Group this week with a request that it be circulated as widely as possible to gather feedback. A Trust Anchor Repository (TAR) refers to the concept of a DNS resource record store that contains secure entry point keys... more
In the first part of this trilogy, I discussed the importance of automatically provisioned second generation DNS in connection with Software Defined Networking (SDN) and Software Defined Data Centre (SDDC). In the second post, I talked about IP addressing, private enterprise networks, and how DHCP does not meet the requirements of multitenant Infrastructure-as-a-Service (IaaS) cloud environments. I will now wrap up this trilogy by putting these two thesis into real-life context. more
In order to be able to reply to the question of whether a new set of governance mechanisms are necessary to regulate the new Global Top Level Domains (gTLDs), one should first consider how efficiently the current Uniform Domain-Name Dispute-Resolution Policy (UDRP) from the Internet Corporation for Assigned Names and Numbers (ICANN) has performed and then move to the evaluation of the Implementations Recommendations Team (ITR) recommendations. more
Please pardon me if I start this story by telling about an incident that happened to me at the Madrid airport while flying to the ICANN meetings in Rio.
It was about midnight when, after flying in from Turin, my hometown, I had to go through the passport control to reach my gate for the flight to Rio. The war between the US/UK and Iraq had started two days before, and even if the Spanish government was among its supporters, security checks were apparently proceeding as usual. Passport controls inside the EU for EU citizens usually take a few seconds, and the line ahead of me was proceeding quickly. more
This past week brought word that the first nine Latin / ASCII "new Generic Top Level Domains (newgTLDs)" were delegated by ICANN and are now found in the root of DNS. This means that the registries behind these newgTLDS can now start the process of making "second-level domains" (the ones we normally register) available in each of these TLDs. more
Two things are important to stress. First, nothing was decided in this meeting, and no actions will be taken until the next meeting in 2005. Secondly, and more importantly, as with anything the devil is in the details. Given the vagueness of the documents available, there are few reliable conclusions that can be drawn from the summit...Before any judgments can be made about the effectiveness, or feasibility of the ideas outlined in the Plan of Action more concrete information is needed. The details of these plans are currently unknown to the Internet community at large, and may even be unknown to the members of the WSIS. Based on the information that is available it appears the Plan of Action needs to be thought through a little more thoroughly. more
Traceroute is a network tool that helps determine the path packets take as they travel from one location to another, identifying all of the "hops" along the way. I wonder why they are called hops*? Almost all operating systems have traceroute utilities built in. The command is just that "traceroute", Windows systems abbreviate the command as "tracert" to deal with the 8.3 file naming convention of old... So, let's look at what information traceroute gives you. more
A World-Renowned Source for Internet Developments. Serving Since 2002.