DNS

Sponsored
by

DNS / Most Viewed

Security Experts Urge Shifting from Defense to Offense in Cybersecurity

A report, released today by McAfee, Inc., titled "Security Takes the Offensive," says that traditionally, security technology companies and computer users have taken a defensive posture, putting the cyber equivalent of body armor on computers, networks and in the cloud. The report's authors say it is now time to avoid enemy strikes altogether by taking a more aggressive stance, aligning forces and involving law enforcement. more

Change of Leadership at ICANN as Cerf Makes Way for Intellectual Property Expert

Intellectual property and computer law barrister Peter Dengate-Thrush has been elected as new Chairman of the Board of the Internet Corporation for Assigned Names and Numbers (ICANN). The former chairman of InternetNZ, the country-code top-level domain (ccTLD) registry for New Zealand (.nz), and cofounder of the Association of Asian Pacific ccTLDs, succeeds the legendary Vinton Cerf... more

ICANN Proposes Exclusive TLD: .INTERNAL for Private Use

The Internet Corporation for Assigned Names and Numbers (ICANN) is considering the introduction of a new top-level domain (TLD) named .INTERNAL. Unlike traditional TLDs, .INTERNAL is designed exclusively for internal use, akin to the private IPv4 block 192.168.x.x. more

Looking at Centrality in the DNS

The Internet's Domain Name System undertakes a vitally important role in today's Internet. Originally conceived as a human-friendly way of specifying the location of the other end of an Internet transaction, it became the name of a service point during the transition to a client/server architecture. A domain name was still associated with an IP address, but that 1:1 association was weakened when we started adjusting to IPv4 address exhaustion. more

Decentralizing Cybersecurity Via DNS

Decentralization is a big trend in IT, and everyone has their own definition of what "decentralization" really means. With more organizations fully embracing a work-from-anywhere culture, decentralization has moved past being a fad and turned into a necessity. Decentralized cybersecurity is nothing new. Many of us have been doing it since before the pandemic. more

Multi-Layer Security Architecture - Importance of DNS Firewalls

In today's world with botnets, viruses and other nefarious applications that use DNS to further their harmful activities, outbound DNS security has been largely overlooked. As a part of multi-layer security architecture, a DNS Firewall should not be ignored. After serving as a consultant for multiple organizations, I have encountered many companies that allow all internal devices to send outbound DNS queries to external DNS servers - a practice that can lead to myriad problems. more

Top Level Domains and a Signed Root

With DNSSEC for the root zone going into production in a couple of weeks, it is now possible for Top Level Domain (TLD) managers to submit their Delegation Signer (DS) information to IANA. But what does this really mean for a TLD? In this post we're going to try to sort that out. more

GNU C Library Found Vulnerable to Rogue DNS Server Attacks

Security experts from Google's Project Zero along with researchers from Red Hat, have identified and helped patch a security flaw in the GNU C Library (glibc) that could be exploited via rogue DNS servers, reports Catalin Cimpanu from Softpedia. more

6th Registration Operations Workshop (ROW), Madrid, Friday May 12th 2017

The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system. The 6th ROW will be held in Madrid, on Friday May 12th 2017 in the afternoon, immediately after the GDD Industry Summit and prior to ICANN DNS Symposium and OARC 26, using the same venue as all above-mentioned events. more

At the NCPH Intersessional, Compliance Concerns Take Centre Stage

The non-contracted parties of the ICANN community met in Reykjavík last week for their annual intersessional meeting, where at the top of the agenda were calls for more transparency, operational consistency, and procedural fairness in how ICANN ensures contractual compliance. ICANN, as a quasi-private cooperative, derives its legitimacy from its ability to enforce its contracts with domain name registries and registrars... more

Suggestions on IDN Variant Management

To some applicants, ICANN's variant management policy in DAG4 has become a big obstacle to the new generic Top-Level Domain (gTLD) application. The policy is to delegate the string while reserving the variants, and these variants will not be delegated until a sound mechanism is developed and the desired variants are evaluated. But for some languages, Chinese for example, the so called string and its variant, namely simplified Chinese and traditional Chinese, are equivalent and must be simultaneously delegated. more

US Department of Commerce Reports on Open Internet, Privatization of DNS

Report form U.S. Department of Commerce: "Enabling Growth and Innovation in the Digital Economy" ... "The report articulates the Department of Commerce’s philosophy for digital economy policymaking and demonstrates the many ways in which the Department has pursued its policy agenda consistent with that philosophy." –Penny Pritzker, U.S. Secretary of Commerce more

Upcoming Event: DNS Measurements Hackathon 2017

RIPE NCC will be hosting the fifth hackathon event in Amsterdam, on 20 and 21 April, 2017. Operators, designers, researchers and developers are invited to take on the challenge and join in developing new tools and visualizations for DNS measurements. more

Newer Cryptographic Advances for the Domain Name System: NSEC5 and Tokenized Queries

In my last post, I looked at what happens when a DNS query renders a "negative" response -- i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries. The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. more

It’s Time for a Referendum on Orgxit

The worst thing about Brexit wasn't the referendum. It was the fallout. David Cameron decided that the best way to manage a small risk was to take a big one. Finally, over three agonizing years later, the UK looks set to move on. The Internet Society – which has run the .ORG domain since 2002 – was in the same position as Cameron. They became convinced that it was worth dealing with a small risk by taking a huge one. more