DNS |
Sponsored by |
|
I have recently been a "victim" of the domain name tasting "scam". A domain name (.COM) which is related to me personally (and which was owned by someone else previously) expired and as I knew from Whois (which is another debate on its own) that the expiry date was coming up, I kept a watch on when it would become available so I could register it. To cut a long story short, it took me nearly 6 weeks to get the domain. Each time the domain dropped off the 5 day grace period (it is not really something that would generate ad revenue), it would be picked up by a different registrant... more
In what seems to have started with a blog post by reverse engineer Halvar Flake, and subsequent blog postings from other experts in the know, the details of the recently announced DNS vulnerability was quite likely made public today. The DNS flaw was found earlier this year by security researcher Dan Kaminsky and earlier this month announced publicly along with various tools and patches provided by numerous vendors... more
This month, ICANN is driving hard to get two of its horses to the finish line. The first is barely a year old - it's the first formal review of ICANN's accountability and transparency. The second horse is going on 4 years old: ICANN's plan to introduce hundreds of new top-level domains (TLDs) for the Internet. Just as these horses have entered the home stretch, one of the racecourse officials is vigorously waving the yellow caution flag. And ICANN would do well to pull back on the reins. more
The recent meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) in China demonstrates a serious dilemma for Internet users around the world. In the name of reforming ICANN and making it more responsive, ICANN ended the seats of the At-Large directors on its board. This was the part of the ICANN structure that was supposed to be responsive to Internet users. more
UK registry Nominet has enabled the deployment of domain name system security extensions (DNSSEC) for 9.4 million second level .uk domains. Completing the rollout represents over a year's work and marks an important milestone in making the web a more trusted environment for UK consumers and businesses, says Nominet, which is responsible for running the .uk internet infrastructure. more
In the five previous exciting installments, we've been looking at aspects of the design of the DNS. Today we look at records types, and how you can tell what a DNS record means. All the records in the DNS are strongly typed. Each record includes an RRTYPE, a small number, which defines both the format of the record and what the record means. It is possible and common to have different record types with the same format, but different meanings. more
The recent attack on the Comodo Certification Authority has not only shown how vulnerable the current public key infrastructure is, but also that the protocols (e.g., OSCP) used to mitigate these vulnerabilities once exploited, are not in use, not implemented correctly or not even implemented at all. Is this the beginning of the death of the PKI dragons and what alternatives do we have? more
There was a period of time not long ago in which signature-based threat detection was cutting-edge. Antivirus, intrusion detection systems (IDS), data leakage prevention (DLP), content filtering and even anomaly detection systems (ADS) all continue to rely heavily upon static signatures. In recent years vendors have shied away from discussing their dependence on such signatures -- instead extolling supplemental "non-signature-based" detection technologies. more
The ICANN Implementation Recommendation Team (IRT) working group has published its final report, which I decided to analyze a bit further. I already made a few comments last month, both in the At-Large Advisory Council framework and on my own. There are several issues raised by the recommendations of this report. The Uniform Rapid Suspension system (URS) is one. more
In 2010, ICANN's Security and Stability Advisory Committee (SSAC) published SAC045 [PDF], a report calling attention to particular problems that may arise should a new gTLD applicant use a string that has been seen with measureable (and meaningful) frequency in queries for resolution by the root system. The queries to which they referred involved invalid Top-Level Domain (TLD) queries (i.e., non-delegated strings) at the root level of DNS, queries which elicit responses commonly referred to as Name Error, or NXDomain, responses from root name servers. more
Per their timeline, ICANN released the gTLD Applicant Guidebook on May 30th. This version contains revisions based upon both community feedback, as well as recent consultations with the Governmental Advisory Committee (GAC). more
In early November 2013, prior to ICANN's Buenos Aires meeting, I published an article at this forum, Policy Advisory Boards – A Cornerstone PICS (Public Interest Commitment Specification), that extoled the advantages of adopting a Policy Advisory Board (PAB) model as a practical, effective, and least burdensome means of effectively implementing the request of ICANN's Governmental Advisory Committee (GAC) for consumer and competitive safeguards at sensitive new gTLD "strings" - especially those that are related to regulated industries and professions. It is deeply gratifying that the article has received nearly 9,000 views since first being posted and inspired considerable discussion. more
I joined the ICANN board during the December 2004 ICANN meeting in Cape Town. I served for a three year term and stepped down at this last meeting in Los Angeles and didn't run for another term... Before joining ICANN, I thought that ICANN was the only part of the Internet that wasn't really working. I knew that there must be a better way to do what ICANN does, but I couldn't be bothered to figure it out. I'd agree with people who said things like, "it should just be distributed" or "it should just be first come first serve" or "we should just get rid of it." People from ICANN would say, "it's more complicated than that" or "at this point that would be impossible." After being part of the process for three years, I find myself saying those same things... more
ICANN comment periods on policy proposals don't normally garner much attention. In the case of the current comment period on proxy/privacy services, however, things are very different. To date several thousand comments have been filed, while the topic of the policy proposals has received media attention across hundreds of outlets. more
Readers of my blog may recall that the Canadian Internet Registration Authority wrote a public letter earlier this year to ICANN that expressed concern over the current lack of accountability (note that I am on the CIRA board). The letter indicated that CIRA was withholding payment of any voluntary fees to ICANN until the accountability concerns were addressed. This week CIRA followed up with a second public letter to ICANN... more
A World-Renowned Source for Internet Developments. Serving Since 2002.