DNS |
Sponsored by |
|
The Internet was not originally designed as a single network that serviced much of the world's digital communications requirements. Its design was sufficiently flexible that it could be used in many contexts, including that of small network domains that were not connected to any other domain, through to large diverse systems with many tens of thousands of individual network elements. If that is indeed the case, then why is it that when networks wish to isolate themselves from the Internet, or when a natural calamity effectively isolates a network, the result is that the isolated network is often non-functional. more
Since Verisign published its second SSR report a few weeks back, recently updated with revision 1.1, we've been taking a deeper look at queries to the root servers that elicit "Name Error," or NXDomain responses and figured we'd share some preliminary results. Not surprisingly, promptly after publication of the Interisle Consulting Group's Name Collision in the DNS [PDF] report, a small number of the many who are impacted are aiming to discredit the report. more
As a result of ICANN's IDN ccTLD Fast Track process, which was launched in November of last year, a number of new ccIDNs (Country Code Internationalized Domain Names) have been successfully added to the root including: China (.??, .??), Egypt (.???), Hong Kong (.?? ), Russia (.??), Saudi Arabia (.????????), Taiwan (.??, .??) and the UAE (.??????). ... With so many new registration possibilities available, and several Sunrise periods quickly approaching, many corporate domain managers are asking themselves whether new registrations should be added to portfolios which are already bursting at the seams. more
The U.S. National Telecommunications and Information Administration (NTIA) is soliciting comments on signing the DNSSEC root. Ignore the caption on the page: this is not about DNSSEC deployment, which is already happening just fine. It's about who gets to sign the root zone. more
The key to fixing any part of the Internet infrastructure is to understand the business cases for the parties whose behavior you want to influence and design the technology accordingly. People who follow this approach (Sir Tim Berners-Lee and the World Wide Web) have a chance of succeeding. People who ignore it (DNSSEC, IPv6) will fail. The root problem here is that the ICANN DNS does not differentiate between the parts of the Internet that are accountable and those that are not. more
I co-authored a book in 2005, titled "Extreme Exploits: Advanced Defenses Against Hardcore Hacks." My chapters focused on securing routing protocols such as BGP, and securing systems related to DMZs, firewalls, and network connectivity. As I look back over those chapters, I realize that the basic fundamentals of network security really haven't changed much even though technology has advanced at an incredible pace. "Defense in depth" was a hot catch phrase seven years ago, and it still applies today. more
Verisign recently published a technical report on new generic top-level domain (gTLD) security and stability considerations. The initial objective of the report was to assess for Verisign's senior management our own operational preparedness for new gTLDs, as both a Registry Service Provider for approximately 200 strings, as well as a direct applicant for 14 new gTLDs... However, in cataloging internal and external risks related to the new gTLD program, we found several far-reaching and long-standing issues that need to be further explored and/or resolved with varying levels of urgency. more
Some readers may wonder why I chose to raise the issue of "trust" now or even ask what it will take for ICANN to repair it. After all, the New gTLDs have been launched; applications have started being received, and all ICANN official announcements are that all is good and going according to plan. But many other readers and astute observers of this space, domestic and international, would not confuse the public dead silence we are hearing from ICANN and its insider community or the euphoria of the long awaited application submissions we are seeing to mean that all is perfect. more
For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities. more
Wednesday was the open public consultation preparing for the second meeting of the Internet Governance Forum, which will take place in Rio de Janaeiro on 12th-15th November. Although the inaugural Athens meeting was widely deemed a success, having largely stayed off the dread topics of wresting control of DNS from ICANN and IP addressing from the RIRs, the usual suspects were back demanding that these topics be added to the agenda. more
Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more
I had the pleasure of chairing all of the sessions of the alt.telecom policy forum held in Ottawa this past weekend. It was a great meeting, and a multi-stakeholder meeting at that -- having key people from Academia, civil society, Government, as well as the internet business sector. more
Ok, so I had a day in Wellington that was not busy with other things so I thought I'd wander over to the ICANN venue and sit in on the PUBLIC Forum... I saw friends on the walk over and we entered the venue, chatting about several different things. They pulled out their badges. I didn't have one. They were admitted, I was denied entrance... more
A wave of DNS hijacking is reported to have affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. more
ICANN's mission, and the avoidance of "mission creep", is currently the subject of intense debate in the Internet community. Multiple cross-community working groups are dealing with the proposal by an agency of the United States government, NTIA, to give up the last vestiges of its control of the IANA function. Many of the new organizational structures under consideration purport to deal with ICANN's expanding mission. more
A World-Renowned Source for Internet Developments. Serving Since 2002.