Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
You may have seen media reports a few weeks ago describing how servers behind the so-called Great Firewall of China were found delivering incorrect DNS information to users in the rest of the world, thereby redirecting users to edited Web pages. Reports indicate that this apparently occurred due to a caching error by a single Internet Service Provider. While the problem was fairly limited in scope, it could have entirely been prevented in a world where DNSSEC was fully deployed. more
The NANOG list yesterday was the virtual equivalent of a nearby nocturnal car alarm: "panix.com has been hijacked!" (whoo-WEE, whoo-WEE); "those jerks at VeriSign!" (duhhhhh-WHEEP, duhhhh-WHEEP); "no one's home at Melbourne IT!" (HANK, HANK, HANK, HANK). Finally, on Monday morning in Australia, the always-competent and helpful Bruce Tonkin calmly fixed the situation. So the rest of us can get some sleep now. But as we nod off in the quietness, let's consider just exactly what happened here. more
The DNS is a crucial part of today's Internet. With the fracturing of the network's address space as a byproduct of IPv4 address run down and the protracted IPv6 transition the Internet's name space is now the defining attribute of the Internet that makes it one network. However, the DNS is not a rigid and unchanging technology. It has changed considerably over the lifetime of the Internet and here I'd like to look at what's changed and what's remained the same. more
Controversies over ICANN led to the creation of the Working Group on Internet Governance, but so far there have been few specific proposals for change. The Internet Governance Project has entered that breach with a new policy paper: "What to Do About ICANN: A Proposal for Structural Reform." The proposal, by Hans Klein and myself, proposes three clean, clear but probably controversial solutions to the criticisms that have been made of ICANN. more
The canonical specification of the DNS that is normally cited are the pair of quite venerable RFCs, RFC 1034, "Domain names - concepts and facilities", and RFC 1035, "Domain names - implementation and specification", both published in November 1987. However, these two specification documents are just the tip of a rather large iceberg. One compendium of all the RFCs that touch upon the DNS lists some 292 RFCs. more
Well, at least one part of it. As ICANN has announced, the Board approved the VeriSign Settlement Agreement. Now, there will be many questions, many pros and contras, but for me the main question is that finally this discussion is over. Here's what I think about my vote and the agreement itself. more
I'm interested in CircleID community's take on NeuStar's recent announcement of Cache Defender. While only effective for domains the company is authoritative for, that does cover a large number of big Internet brands and financial institutions. Why wouldn't an ISP deploy this now, while waiting for all the myriad issues involved in DNSSEC to be resolved? more
Way back in 2000-2001, ICANN approved a handful of new top level domains, and entered into agreements with their promoters. Three of the sponsored domains, are coming up for renewal next year, so they've sent in their renewal proposals. A sponsored domain is one that restricts who can register to members of a particular community, in this case respectively co-ops, museums, and the airline industry. Let's take a look and see how they're doing. more
The UDRP is obviously not working. Two websites, fundamentally the same (criticism at trademark.tld), two opposite decisions, both within weeks of each other! A Complainant (Biocryst Pharmaceuticals Inc) initiated a complaint to WIPO about one of my criticism websites (biocrystpharmaceuticals.com). The Panel found in my favour. Another Complainant (Eastman Chemical Inc) meanwhile made a complaint to NAF regarding another of my criticism websites (eastman-chemical.com). The Panel found against me. The two websites are fundamentally the same, both websites in criticism of the practices of the individual companies concerned... more
Much of the discussion about proposed TLDs centres around domain names as a form of classification: ".mobi" for mobile device content, ".kids" for child-safe content, language codes for language-specific content, ".museum" for museum-related entities, and so on. Notoriously little activity has been forthcoming in actually implementing these proposals, and the select few that have been allowed out into the world are, shall we say, a tad arbitrary. I'd like to engage in a little thought experiment where we abandon the "few TLDs with carefully chosen meanings" paradigm, and instead consider the benefits of a cornucopia of completely meaningless TLDs. more
I have been thinking a lot about stewardship lately in my role as CEO of Tucows and how that relates to employees, a board of directors and investors. Where I've got to, which is not necessarily relevant for this post, is that stewardship needs to exist at EVERY level of a company and a life. With the recent dustup created by Verisign's new Sitefinder service it has crystallized for me what has always bothered me about the .com/.net registry and the way Verisign has approached it.
more
Domain name registries and registrars play a critical role in the functioning of the internet, serving as gatekeepers to the DNS. As such, they have an important responsibility to ensure the security and stability of the DNS but also to promote the use of a domain name in a meaningful way for the end user. To be more efficient in achieving these goals, the domain name industry has started to become more open to the idea of leveraging their own internal data to gain insights about their current business. more
I've been privately talking about the theoretical dangers of HTTPS hacking with the developers of a major web browser since 2006 and earlier last month, I published my warnings about HTTPS web hacking along with a proposed solution. A week later, Google partially implemented some of my recommendations in an early Alpha version of their Chrome 2.0 browser... This week at the Black Hat security conference in Washington DC, Moxie Marlinspike released a tool called SSL Strip... more
In a follow up to Microsoft's Strider URL Tracer tool released a few months ago, SecurityFocus is running an article which takes a closer look at how Microsoft's free Strider URL Tracer with Typo-Patrol is aimed at fighting typo-squatters and domain parking abuse. From the article: "In most cases, the typo domain is not even selling a product or service itself. The typo domain makes its money from syndicated advertising such as Google's AdSense program. The typo-squatter simply parks the domain and the only content on the site ends up being the ads served from a syndicated advertising program..." more
Naming for today's global e-commerce is very fragmented and every corporation is trying to cope with little or no guidance at all. When a name fails to deliver a clear and distinct message no amount of bizarre branding ideas will ever save it. Now to check on the health of a name here are some key reasons and if not corrected, a name will endlessly shout and eventually die. more
A World-Renowned Source for Internet Developments. Serving Since 2002.