Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Cyber criminals are the kings of recycling. Once they've found a tactic that works well, they'll keep doing it as long as they can get away with it. That's why it's so important for research teams to keep a close eye on what's happening behind the scenes with web traffic. Case in point? Our team at DNSFilter recently analyzed global DNS activity from the first quarter of 2025 and identified several notable trends. more
I'm in the camp that ICANN Top-Level Domains (TLDs) are businesses that should be allowed to evolve from their original charter to increase their viability in the marketplace. It was announced today that VeriSign is proposing to allow telephone numbers and other numeric identifiers in the .NAME top-level domain. This could be the Killer App that ENUM has been waiting for. more
Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities." Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN... more
A press release on the ICANN web site says that ICANN and Verisign have agreed to settle all pending lawsuits, and there’s a new .COM agreement, all tentative but if history is any guide, nothing short of DOC action is going to stop it. The good news is that VeriSign has agreed not to make unilateral changes like Sitefinder. They have to give prior notice to ICANN for any material change in the operation of the registry, and if ICANN has any concerns there’s a lengthy process full of expert panels and Consensus and the like to decide whether they can do it. more
One of the consistent chants we've always heard from ICANN is that there has to be a single DNS root, so everyone sees the same set of names on the net, a sentiment with which I agree. Unfortunately, I discovered at this week's ICANN meeting that due to ICANN's inaction, it's already too late. Among the topics that ICANN has been grinding away at is Internationalized Domain Names (IDNs) that contain characters outside the traditional English ASCII character set. more
A long time ago in an Internet far away, nobody paid for DNS services. Not directly at least. We either ran our own servers, or got DNS service as part of our IP transit contract, or traded services with others. In ~1990 I was the operator of one of the largest name servers in existence (UUCP-GW-1.PA.DEC.COM) and I exchanged free DNS secondary service with UUNET. Two thousand zones seemed like a lot of zones back then -- little did we dream that there would some day be a billion or so DNS zones world wide. more
I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more
The Internet Corporation for Assigned Names and Numbers (ICANN) has released an "Advisory" concerning VeriSign's deployment of DNS wildcard (Site Finder) service: "Since the deployment, ICANN has been monitoring community reaction, including analysis of the technical effects of the wildcard, and is carefully reviewing the terms of the .com and .net Registry Agreements. In response to widespread expressions of concern from the Internet community about the effects of the introduction of the wildcard..." more
The new and proposed ICANN registry contracts contain no definite price terms, and thus permit potential tiered pricing on a per domain name basis. This has raised concern within the community that a registry operator might abuse its sole source position to engage in pricing practices detrimental to registrants. ...Notwithstanding the possibility of tiered pricing on a per domain name basis in connection with the recently executed sponsored registry contracts (.MOBI, .JOBS, .TRAVEL, .CAT, and .TEL), there have been numerous comments submitted in connection with this possibility in connection with the proposed contracts for the .BIZ, .INFO and .ORG registry contracts. There were four messages that motivate me to write this article... more
Two weeks ago, the US government announced it would transition its role in the IANA functions to the global Internet community. It tasked ICANN with the job of arriving at a transition plan and noted that the current contract runs out in 18 months' time, 30 September 2015. This week, ICANN started that process at its meeting in Singapore. And on the ground were the two key US government officials behind the decision. more
There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more
In the prior issue of CircleID, I described registrations by John Zuccarini. Many of Zuccarini's registrations are typographic variations on well-known domain names, and Zuccarini typically redirects users to sexually-explicit content and pop-up advertisements. Despite scores of UDRP claims and ACPA suits, plus a major case brought by the Federal Trade Commission, Zuccarini's registrations remain in effect -- more than 5,000 strong, in my research. more
An Analogy: Europe is to the US controlled GPS as Europe is to the US controlled DNS root? That's not a very good title is it? But it does express the point I want to make. This week the European Union launched the first satellite of its own global positioning system, Galileo. One has to wonder why the Europeans feel they need to do this. Isn't the GPS system run by the United States a perfectly good system? more
A revolution is taking place on the Internet, with new sites redefining how we interact online. The next-generation Internet is emerging in collaborative and interactive applications and sites with rich, varied media (images, video, music). As with many revolutions, this one is driven by the younger generation, which is adopting social networking sites like MySpace and video sharing sites like Google's YouTube. But the general shift is not restricted to the young, as more mature consumers and businesses alike are exploring the possibilities of collaborative, media-rich applications. This major shift in Internet applications has its unintended victims. One of them turns out to be the Domain Name System (DNS). more
The Intellectual Property Constituency, meeting at the ICANN conference in Vancouver, was interested in increasing ICANN's budget not because they thought they deserved it, but because they wanted ICANN to actually enforce the rules on the books about fake registrations. Now there's some evidence about how prevalent that is. If there's any surprise here, it's that the numbers are so low. more
A World-Renowned Source for Internet Developments. Serving Since 2002.