Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
In my last post, I looked at what happens when a DNS query renders a "negative" response -- i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries. The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. more
Security experts from Google's Project Zero along with researchers from Red Hat, have identified and helped patch a security flaw in the GNU C Library (glibc) that could be exploited via rogue DNS servers, reports Catalin Cimpanu from Softpedia. more
The worst thing about Brexit wasn't the referendum. It was the fallout. David Cameron decided that the best way to manage a small risk was to take a big one. Finally, over three agonizing years later, the UK looks set to move on. The Internet Society – which has run the .ORG domain since 2002 – was in the same position as Cameron. They became convinced that it was worth dealing with a small risk by taking a huge one. more
Technical management of the Internet was delegated to ICANN by the U.S. government because it was believed that the private sector would be more agile and responsive to the needs of globally distributed stakeholders. However, this optimism and the faith it has produced has proven to be misplaced since ICANN's multi-stakeholder governance continues falling far short of the basic expectations set when it was created. more
A few weeks ago, Appdetex published a blog with predictions for 2021, and admittedly, at the date of publication, there were already very clear indications that one prediction was already in flight. In our blog post, we'd said, "With the global domain name system failing to abate abuse, and, in fact, thwarting consumer protection, get ready for a patchwork of local laws targeting attribution and prosecution of bad actors... Get ready for some confusion and turmoil in the world of notice and takedown related to local laws and regulations." more
Report form U.S. Department of Commerce: "Enabling Growth and Innovation in the Digital Economy" ... "The report articulates the Department of Commerce’s philosophy for digital economy policymaking and demonstrates the many ways in which the Department has pursued its policy agenda consistent with that philosophy." –Penny Pritzker, U.S. Secretary of Commerce more
One of the discussion topics at the recent ICANN 75 meeting was an old favorite of mine, namely the topic of Internet Fragmentation. Here, I'd like to explore this topic in a little more detail and look behind the knee-jerk response of declaiming fragmentation as bad under any and all circumstances. Perhaps there are more subtleties in this topic than simple judgments of good or bad. more
Abusive behavior that leverages the domain name system (DNS) continues to be a problem, with a reach that has been widely and credibly documented. There is little doubt that bad actors continue to use the DNS for nefarious and costly purposes. While the amendments made in 2024 to ICANN's Registry Agreement (RA) and Registrar Accreditation Agreement (RAA) were a step in the right direction, more advanced tools are needed to bring abuse rates down. more
RIPE NCC will be hosting the fifth hackathon event in Amsterdam, on 20 and 21 April, 2017. Operators, designers, researchers and developers are invited to take on the challenge and join in developing new tools and visualizations for DNS measurements. more
Ahead of next week's ICANN meeting in Paris, I would like to consult users, At-Large Structures (ALSs) and others involved in internet governance in North America. As one of the three regional representatives on the ICANN At-Large Advisory committee, I want to make sure individuals, users and ALS's are given the chance to summit their own questions, suggestions and items to the agenda of the upcoming meeting. I'd be happy to receive your comments, and/or schedule a chat with you Mon-Thur, from 13:00-18:00 EDT. Leave a comment to this post, or leave me a message. more
Earlier this year, The Alliance for Safe Online Pharmacies (ASOP) released findings from their 2021 survey on American Perceptions and Use of Online Pharmacies. According to ASOP's data, U.S. residents' use of online pharmacies to purchase prescription medications continues to increase yearly. In 2021, 42% of Americans purchased medications from online pharmacies, either for themselves or family members under their care. This is a significant increase of 7% since just last year. more
In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. more
The ICANN Board meeting undertaken recently in Nairobi was indeed eventful and there were many vital topics on the agenda, in particular for the new gTLD program that kept many interested parties on the edges of their seats as the meeting unfolded. ... One of the more controversial decisions was in regard to the Expression of Interest (EOI), a program intended to allow potential new gTLD applicants to pre-register for their desired TLD and provide ICANN and the community with invaluable information regarding likely volumes of applications. more
There has been a lot of talk about how the DNS can provide network-based security, and how DNS is in the best position to detect malware traffic before it does any harm. But what does this mean for end users? How does it make their online lives easier and more secure? DNS servers that are aware of sites that host malware, perform phishing activities (harvesting bank details, for instance) and other nefarious misbehaviors, can prevent end users from ever going to those sites. more
The Domain Name System (DNS, aka Web 2) and Web3 platforms are two different naming systems available to internet users. While the DNS (Web2) has been a reliable and trusted internet standard for decades, Web3 platforms (such as ENS, Handshake and Unstoppable) are a relatively new technology deployment that presents unique and different features. more
A World-Renowned Source for Internet Developments. Serving Since 2002.