Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Let me begin by saying that I am big supporter of ICANN. But good grief ICANN, why must the ENTIRE new gTLD process be so painful? I could run through a long list of all the delays, missteps and glitches, but why bother? It's almost comical at this point -- although not for 1,930 new gTLD applicants who have been waiting for ICANN to get their act together. First we were led to believe that the batching of applications was necessary due to resourcing constraints, which I personally never understood as the evaluation of applications is being done be third-party consultants. more
ICANN is the only institution with responsibility for the functioning of DNS. And so it is natural that when there is a DNS problem for people to expect ICANN to come up with the solution. But having the responsibility to act is not the same as having the ability. Like the IETF, ICANN appears to have been designed with the objective of achieving institutional paralysis. And this is not surprising since the first law of the Internet is 'You are so not in charge (for all values of you). more
A fight has begun over the virtual existence of Germany's capital: Does a .berlin address space have a right to exist beside the old standby berlin.de? The outcome of the fight could have a broader effect on the future of city names on the Internet. After a recent hearing at Berlin's City Parliament, Michael Donnermeyer, speaker of the Berlin Senate, said the right to the name Berlin belonged to the city and has to be protected. For the young company dotBerlin GmbH that is applying for a new city top level domain (TLD) with the ICANN, the Senate's blockade could kill a long-nurtured project and could set a bad example for other initiatives like .london, .paris or .nyc, sources said. more
With advancements in hardware and software, sophisticated filtering technologies are increasingly being applied to restrict access to the Internet. This happens at the level of both governments and corporations. .. given the open nature of the trust-based Internet, one country's restrictions, if not handled very carefully, can easily foul the global Internet nest we all live in. This blog is about one such story of Internet restrictions in China becoming visible (seemingly at random) from other parts of the world and going undetected for 3 weeks. more
This past Monday, as ICANN65 was beginning in Marrakesh, the technical review blog Review Signal published a detailed expose, "The Case for Regulatory Capture of ICANN" authored by site founder and "geek-in-charge" Kevin Ohashi. The post was clearly the product of extensive investigative reporting – and what it reveals is deeply disturbing. more
I always geek out a little when I see something ICANN-related breaking out into the real world, like when the bus-stop display has borked, and its LAN is vainly searching for an IP number so it can reboot. Or the ICANN Paris meeting back in 2008 when the board gave the thumbs up to the GNSO policy to launch new gTLDs. One day we were an obscure Californian organisation doing something technical-seeming most people had never heard of, and the next we were working two phones each, giving journalists quotes and information for dozens of front-page news stories around the world. more
IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance (GCA) unveiled a free Domain Name System (DNS) service designed to protect all Internet users from a wide range of common cyber threats. Launched on November 16 with simultaneous press events in London, Maputo and New York, the public DNS resolver has strong privacy and security features built-in and can be enabled with a few changes to network settings, as outlined on the organisation's website. more
There's been a lot of emphasis on DNS performance lately because faster DNS contributes directly to a better user experience. There's an interesting flipside to DNS performance though, higher performance DNS servers may be better targets for cache poisoning attacks. Faster servers give attackers more opportunities to insert fake entries into the DNS - speed can kill (or at least inflict a nasty wound!) so it's important to understand the security implications if you're looking to upgrade DNS performance. more
The registries (gTLDS) are all moving towards signing in about a year. PIR and .org is going to be first with .edu, .biz, and others closely behind. The root is scheduled to be signed in the beginning of July (end of June looking at the holiday calendar) being the biggest milestone. Some of the roots already contain DNSSEC information. Other ccTLDs continue to turn DNSSEC on with countries on every continent signed. more
On July 28th DNSSEC took center stage at the 2010 Black Hat Conference in Las Vegas. Two years ago, at the same conference, Dan Kaminsky unveiled the infamous DNS bug that many believe became a major catalyst for DNSSEC implementation. To kick things off, Jeff Moss -- founder of Black Hat -- in his opening speech called out the fact that "we have not solved any fundamental problems" and noted that the technical community must catch up. more
When a new TLD goes into General Availability or Land Rush, the first few days are filled with registrations that reflect how the market perceives the TLD. Registrants may register domain names to develop or for speculative purposes. Others register to protect their brand. The first major web usage survey for a new TLD is generally a Signs of Life survey where the early stages of development can be detected. These surveys were based on the May 19th, 2018 .APP zone file. more
For two things that would seem to be completely unrelated there is an interesting parallel between IPv6 and DNSSEC. In both cases there is a misalignment of interests between content providers and service?providers. Content providers aren't highly motivated to deploy IPv6 because only a small proportion of users have v6 connectivity and even fewer only have v6. Service providers aren't anxious to deploy IPv6? because there isn't a lot of content on v6, and virtually none exclusively on v6 - so they don't expand the universe of interesting stuff on the web by deploying IPv6. Basically the same things could be said about DNSSEC. more
The recent attacks on the DNS infrastructure operated by Dyn in October 2016 have generated a lot of comment in recent days. Indeed, it's not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways, this DNS DDOS prominence is for all the wrong reasons! I'd like to speculate a bit on what this attack means for the DNS and what we could do to mitigate the recurrence of such attacks. more
Technical development often comes in short, intense bursts, where a relatively stable technology becomes the subject of intense revision and evolution. The DNS is a classic example here. For many years this name resolution protocol just quietly toiled away. The protocol wasn't all that secure, and it wasn't totally reliable, but it worked well enough for the purposes we put it to. more
Do you have an idea for a new way to use DNSSEC or DANE to make the Internet more secure? Have you recently installed DNSSEC and have a great case study you can share of lessons learned? Do you have a new tool or service that makes DNSSEC or DANE easier to use or deploy? Do you have suggestions for how to improve DNSSEC? Or new ways to automate or simplify the user experience? If you do, and if you will be attending ICANN 55 in Marrakech, Morocco (or can get there), we are now seeking proposals for the ICANN 55 DNSSEC Workshop that will take place on Wednesday, 9 March 2016. more
A World-Renowned Source for Internet Developments. Serving Since 2002.