Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn't protected them. more
I don't know about you, but I'm starting to think that DNSSEC being so hot these days is a mixed blessing. Yes, it's wonderful that after so many years there is finally broad consensus for making DNSSEC happen. But being so prominent also means the protocol is taking shots from those who don't want to make the necessary software, hardware and operational modifications needed. And DNSSEC has taken some shots from those who just want to be contrarian. more
What is so secret about the word, "Capacity"? As I read and talk with people I realize the word, "capacity" is typically missing from the DNS discussion. "Capacity" and "Security" are the two cornerstones to maximizing DNS resilience; both of which are typically missing from the DNS discussion. Have you seen a single DNS node easily process over 863,000 queries per second? Have you seen a network routinely handle over 50Gbits/second in outbound traffic alone without breaking a sweat? more
It wasn't that long ago that, during a visit home, my brother asked me, "Why are you so stuck on this Internet thing?" His direct question caused me to realize that I had never actually stopped and considered why I was investing so much time – and in such a highly visible manner – into Internet governance when I wasn't being compensated for doing so and, in fact, was – not putting too fine of a point on it – flat broke. more
Could the Trump administration reverse the decision to give the Internet Corporation for Assigned Names and Numbers (ICANN) autonomy from the U.S. Department of Commerce? more
As I mentioned in a post to the Deploy360 blog today, there are three excellent sessions relating to DNSSEC happening at ICANN 50 in London next week: DNSSEC For Everybody: A Beginner's Guide; DNSSEC Implementers Gathering; DNSSEC Workshop. Find out more. more
At a workshop on the implications of Article 28 for the DNS industry organized by eco -- Association of the Internet Industry in October 2023, stakeholders from the DNS industry, the European Commission, national governments, and the ICANN community convened to discuss the challenges facing the DNS industry and to work together on avoiding fragmentation as much as possible. more
Previous posts (Part 1 and Part 2) offer background on DNS amplification attacks being observed around the world. These attacks continue to evolve. Early attacks focused on authoritative servers using "ANY" queries for domains that were well known to offer good amplification. Response Rate Limiting (RRL) was developed to respond to these early attacks. RRL, as the name suggests, is deployed on authoritative servers to rate limit responses to target names. more
Five years after ICANN approved the new gTLD policy in Paris, two years after it approved the implementation plan in Singapore, and a year after the application window closed and some concrete steps were taken toward delegation of new gTLDs, a series of scary-sounding "what if" scenarios have mysteriously taken over discussions at ICANN. From colliding names and failing life support systems to mass confusion and technological outages, the profusion of horror stories has rivaled the hype for the Y2K conversion, with about as much basis in fact. more
They say late converts are the most passionate believers. Until now I haven't supported the Expression of Interest (EOI) for new TLDs, the proposed mechanism to measure the number and type of likely applications. Not because it won't work (I think it'll work fine) but because I didn't think it was necessary. I've changed my mind. Here's why. more
A woman on the radio talks about revolution, though it's already passed. The window is now closed. A snapshot can be taken. A baseline can be set. How have the public markets valued the new gTLD program? And more importantly, how will public markets value it going forward? Until a few months ago, the new gTLD program was arcane policy discussion among a very narrow technical population of the Internet community. more
Transparency and accountability are embedded in ICANN's core values. Indeed, ICANN's Bylaws mandate that "ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner ...". Public Interest Registry believes that a dedication to transparency is fundamental to the strength and continued effectiveness of ICANN's multistakeholder model. more
For a number of years, there have been many different high profile incidents where major websites were defaced, taken offline, or crippled due to issues related to their domain registration. Last night, there was an incident where several high profile domains went offline due to issues at their registrar, and they are now coming back online after what I am sure was a few crazy hours for their operations teams and management. more
Starting in mid-September, one of the largest and most sophisticated DDoS attacks ever targeted the titans of American banking. Initially, victims included Bank of America, JPMorgan Chase, Wells Fargo, PNC Bank, and U.S. Bancorp. In the weeks to come, others would also feel the pain. Websites crashed, customers were unable to make transactions and IT professionals and PR gurus went into panic mode. Leon Panetta, U.S. Secretary of Defense, said the attacks foreshadowed a "Cyber Pearl Harbor." more
The devastation caused by several storms during the 2017 Atlantic hurricane season has destroyed neighborhoods and taken lives across a number of Caribbean island nations including Texas and Florida in the United States. Senior Director of Internet Research & Analysis at Oracle Dyn Global Business Unit has posted a blog that takes a look at the impacts. more
A World-Renowned Source for Internet Developments. Serving Since 2002.