DNS |
Sponsored by |
|
By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills - and the quality assurance budgets - that something the size of the Internet deserves. more
Have you ever wanted to quickly find out information on key Internet policy issues from an Internet Society perspective? Have you wished you could more easily understand topics such as net neutrality or Internet privacy? This year, the Internet Society has taken on a number of initiatives to help fill a need identified by our community to make Internet Governance easier to understand and to have more information available that can be used to inform policymakers and other stakeholders about key Internet issues. more
The Globe and Mail published an embarrassing feature story on the weekend focusing on terror groups' use of the Internet and a "Canadian connection." A story on terror group use of the Internet would have made for an interesting (albeit unoriginal) story, so it appears that the Globe tried to generate greater interest in the story by adding a Canadian connection. The article begins with "Welcome to Yarmouth, Nova Scotia - pivotal battleground in the global jihad."... more
As a registrar at the front end of the DNSSEC deployment effort, our technical team has made a sustained investment in DNSSEC deployment so that our customers don't get overwhelmed by this wave of changes to the core infrastructure of the Domain Name System. Along the way, we've learnt a lot about how to implement DNSSEC which might hold useful lessons for other organizations that plan to deploy DNSSEC in their networks. more
A widespread compromise of consumer-grade small office/home office (SOHO) routers has been discovered by threat intelligence group Team Cymru. According to the report, "attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack." more
As described in New RIPE Atlas Features in the Making, each RIPE Atlas probe performs "anycast instance discovery" measurements. This means, for each DNS root name server, we determine which instance of a name server a probe uses. We compile the data from all probes and build maps showing these results for each Atlas probe. In other words, the map shows the "gravitational radius" for root DNS server instances. more
The Domain Name System (DNS) has become the fundamental building block for navigating from names to resources on the internet. DNS has been employed continuously ever since its introduction in 1983, by essentially every internet-connected application and device that wants to interact online. Emerging from an era where interconnection rather than information security was the primary motivation, DNS has gradually improved its security features. more
What is the current state of DNSSEC deployment around the world and also in Africa? How can you deploy DNSSEC at a massive scale? What is the state of using elliptic curve crypto algorithms in DNSSEC? What more can be done to accelerate DNSSEC deployment? Discussion of all those questions and much more can be found in the DNSSEC Workshop streaming live out of the ICANN 55 meeting in Marrakech, Morocco, on Wednesday, March 9, from 9:00 to 15:15 WET. more
The Domain Name System has always been intended to be extensible. The original spec in the 1980s had about a dozen resource record types (RRTYPEs), and since then people have invented many more so now there are about 65 different RRTYPEs. But if you look at most DNS zones, you'll only see a handful of types, NS, A, AAAA, MX, TXT, and maybe SRV. Why? A lot of the other types are arcane or obsolete, but there are plenty that are useful. more
ICANN is the only institution with responsibility for the functioning of DNS. And so it is natural that when there is a DNS problem for people to expect ICANN to come up with the solution. But having the responsibility to act is not the same as having the ability. Like the IETF, ICANN appears to have been designed with the objective of achieving institutional paralysis. And this is not surprising since the first law of the Internet is 'You are so not in charge (for all values of you). more
When a new TLD goes into General Availability or Land Rush, the first few days are filled with registrations that reflect how the market perceives the TLD. Registrants may register domain names to develop or for speculative purposes. Others register to protect their brand. The first major web usage survey for a new TLD is generally a Signs of Life survey where the early stages of development can be detected. These surveys were based on the May 19th, 2018 .APP zone file. more
With advancements in hardware and software, sophisticated filtering technologies are increasingly being applied to restrict access to the Internet. This happens at the level of both governments and corporations. .. given the open nature of the trust-based Internet, one country's restrictions, if not handled very carefully, can easily foul the global Internet nest we all live in. This blog is about one such story of Internet restrictions in China becoming visible (seemingly at random) from other parts of the world and going undetected for 3 weeks. more
IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance (GCA) unveiled a free Domain Name System (DNS) service designed to protect all Internet users from a wide range of common cyber threats. Launched on November 16 with simultaneous press events in London, Maputo and New York, the public DNS resolver has strong privacy and security features built-in and can be enabled with a few changes to network settings, as outlined on the organisation's website. more
On Thursday, December 8, the U.S. Senate Committee on Commerce, Science and Transportation will host a full committee hearing on "ICANN's Expansion of Top-Level Domains." According to the Committee's website, the hearing will "examine the merits and implications of this new program and ICANN's continuing efforts to address concerns raised by the Internet community." more
A fight has begun over the virtual existence of Germany's capital: Does a .berlin address space have a right to exist beside the old standby berlin.de? The outcome of the fight could have a broader effect on the future of city names on the Internet. After a recent hearing at Berlin's City Parliament, Michael Donnermeyer, speaker of the Berlin Senate, said the right to the name Berlin belonged to the city and has to be protected. For the young company dotBerlin GmbH that is applying for a new city top level domain (TLD) with the ICANN, the Senate's blockade could kill a long-nurtured project and could set a bad example for other initiatives like .london, .paris or .nyc, sources said. more
A World-Renowned Source for Internet Developments. Serving Since 2002.