Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
The U.S. Department of Homeland Security has issued a rare "emergency" directive ordering federal agencies to audit all DNS records within ten days. more
The latest Domain Name Industry Brief published by Verisign reports 4.5 million domain names were added to the Internet in the first three months of 2011. According to the report, the first quarter of 2011 closed with a base of more than 209.8 million domain name registrations across all Top Level Domains (TLDs), or a 2.2 percent increase over the fourth quarter of 2010. Registrations grew by 15.3 million, or 7.9 percent year over year. more
In a move that shouldn't come as a surprise to anyone, the EU Commission has given a rather mixed welcome to the IANA bid. While they obviously like a lot of what they are seeing, they're also not overly impressed with the contract only being open to US companies. more
On July 10th Architelos released the first NameSentry Report, benchmarking abuse levels in the domain name industry. For some time now, a debate has raged about the potential impact of new gTLDs on Internet safety and security, namely abusive registrations such as phishing, spam, malware, and so on. However, without benchmarking the current state, how can we realistically evaluate if new gTLDs have made any measureable difference in the level of abuse? more
Anyone who has been part of the community during its soon-to-be 12-years of existence will be the first to tell you that while ICANN's intentions are good, its execution, time and again, has been lacking. Unfortunately, the global business world does not and cannot accept only good intentions. Businesses require surety, consistency and clear evidence of stability before they can establish the foundation for their enterprises. more
What is so secret about the word, "Capacity"? As I read and talk with people I realize the word, "capacity" is typically missing from the DNS discussion. "Capacity" and "Security" are the two cornerstones to maximizing DNS resilience; both of which are typically missing from the DNS discussion. Have you seen a single DNS node easily process over 863,000 queries per second? Have you seen a network routinely handle over 50Gbits/second in outbound traffic alone without breaking a sweat? more
Over the last couple of weeks I have spent some time working on a project to develop a DNS cache for Windows that is intended to be reasonably secure against spoof attacks, in particular in situations where NAT firewalls may prevent port randomization. The program is evolving, but currently uses a couple of ideas to attempt to defeat spoof attacks... The source code is intended to be entirely un-encumbered, that is free in all respects. I would welcome any suggestions or comments on the aims of the project, the source code, the functionality of the program or other ideas. more
I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn't protected them. more
Transparency and accountability are embedded in ICANN's core values. Indeed, ICANN's Bylaws mandate that "ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner ...". Public Interest Registry believes that a dedication to transparency is fundamental to the strength and continued effectiveness of ICANN's multistakeholder model. more
I don't know about you, but I'm starting to think that DNSSEC being so hot these days is a mixed blessing. Yes, it's wonderful that after so many years there is finally broad consensus for making DNSSEC happen. But being so prominent also means the protocol is taking shots from those who don't want to make the necessary software, hardware and operational modifications needed. And DNSSEC has taken some shots from those who just want to be contrarian. more
It wasn't that long ago that, during a visit home, my brother asked me, "Why are you so stuck on this Internet thing?" His direct question caused me to realize that I had never actually stopped and considered why I was investing so much time – and in such a highly visible manner – into Internet governance when I wasn't being compensated for doing so and, in fact, was – not putting too fine of a point on it – flat broke. more
ICANN invites proposals for its DNSSEC and Security Workshop at the ICANN85 Community Forum in March 2026, offering a platform for global experts to share insights on DNS, routing security, and emerging threats. more
As I mentioned in a post to the Deploy360 blog today, there are three excellent sessions relating to DNSSEC happening at ICANN 50 in London next week: DNSSEC For Everybody: A Beginner's Guide; DNSSEC Implementers Gathering; DNSSEC Workshop. Find out more. more
They say late converts are the most passionate believers. Until now I haven't supported the Expression of Interest (EOI) for new TLDs, the proposed mechanism to measure the number and type of likely applications. Not because it won't work (I think it'll work fine) but because I didn't think it was necessary. I've changed my mind. Here's why. more
Previous posts (Part 1 and Part 2) offer background on DNS amplification attacks being observed around the world. These attacks continue to evolve. Early attacks focused on authoritative servers using "ANY" queries for domains that were well known to offer good amplification. Response Rate Limiting (RRL) was developed to respond to these early attacks. RRL, as the name suggests, is deployed on authoritative servers to rate limit responses to target names. more
A World-Renowned Source for Internet Developments. Serving Since 2002.