Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
In looking at the general topic of trust and the Internet, one of the more critical parts of the Internet's infrastructure that appears to be a central anchor point of trust is that of the Domain Name Service, or DNS. The mapping of "named" service points to the protocol-level address is a function that every Internet user relies upon, one way or another. The ability to corrupt the operation of the DNS is one of the more effective ways of corrupting the integrity of Internet-based applications and services. If an attacker can in some fashion alter the DNS response then a large set of attack vectors are exposed. ...The more useful question is whether it is possible to strengthen the DNS. The DNS is a query -- response application, and the critical question in terms of strengthening its function is whether it is possible to authenticate the answers provided by the DNS. DNSSEC provides an answer to this question. more
In January of this year, a frontpage article on WSJ quoted Verizon Chief Executive Ivan Seidenberg "We have to make sure they (Google) don't sit on our network and chew up our capacity". Both AT&T and Bellsouth also made similar statements in the same article. A few days ago, Verizon repeat their call to "End Google's Free Lunch": "A Verizon Communications Inc. executive yesterday accused Google Inc. of freeloading for gaining access to people's homes using a network of lines and cables the phone company spent billions of dollars to build." ...it is no surprise that Network Neutrality, a concept where broadband providers are not to discriminate rivals when they charge tolls or prioritize traffic, is now on the agenda of the US Congress. more
For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server. The K-root server is one of the 13 DNS root servers that resolve lookups for domain names all over the world and form a critical part of the global Internet infrastructure. The K-root server has been operated by the RIPE NCC since 1997 when the first server was installed at the London Internet Exchange (LINX) in London, UK. more
I will first begin this post by emphasizing that this article is entirely my personal viewpoint and not to be considered as endorsed by or a viewpoint of my employer or any other organization that I am affiliated with. Neither is this to be considered an indictment of the sterling work (which I personally value very highly) that several people in Microsoft are doing against cybercrime. Microsoft's takedown of 3322.org to disrupt the Nitol botnet is partial and will, at best, have a temporary effect on the botnet itself... more
ICANN today has made a formal demand stating: "Given the magnitude of the issues that have been raised, and their potential impact on the security and stability of the Internet, the DNS and the .com and .net top level domains, VeriSign must suspend the changes to the .com and .net top-level domains introduced on 15 September 2003 by 6:00 PM PDT on 4 October 2003. Failure to comply with this demand by that time will leave ICANN with no choice but to seek promptly to enforce VeriSign's contractual obligations." What follows is a collection of commentaries made around the net and by experts in response to today's announcement...
more
I am often asked what I think of multiple root nameserver systems -- sort of like the Public-Root or the Open Root Server Confederation (ORSC) pushed by others in the past years. Whenever some well meaning person asks me for multiple roots in DNS, I answer: "DNS is a distributed, coherent, autonomous, hierarchical database. It is defined to have a single root, and every one of the hundreds of millions of DNS-speaking devices worldwide has the single-root design assumptions built into it. It would theoretically be possible to design a new system that looked superficially..." more
A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 ("PROTECT IP Act"). The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading DNS designers, operators, and researchers, responsible for numerous RFCs for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet. more
When I was growing up, one of the annoyances of life in New York City was squeegee men. When your car was stopped at a light, these guys would run up, make a few swipes at your windshield with a squeegee, then look menacing until you gave them a tip. It occurs to me that domain "monetizers'' are the Internet's squeegee men. If I make a minor typing error entering a domain name, they run up and offer to sell a link to the place I wanted to go (well, they sell the place I wanted to go a click from me, but close enough.) more
On Saturday Aug 7th, DNS provider DNS Made Easy was the target of a very large denial of service attack. As far as can be determined the total traffic volume exceeded 40 Gigabit/second, enough to saturate 1 million dialup Internet lines. Several of DNS Made Easy's upstream providers had saturated backbone links themselves. There are indications that not only DNS Made Easy suffered from this attack, but the Internet as a whole. more
According to the company, the rollout will continue over the next few weeks to confirm that no major issues are discovered as this new protocol is enabled. more
Convergence as a technology concept has been around for decades. Many have predicted the convergence of electronics and entertainment, of PC's and TV's, and more recently of WiFi and cellular. All of these areas are in fact undergoing various degrees of convergence but there is another area that many are not as familiar with. It is called ENUM...The idea can be extremely useful when you consider that most telephones are limited to twelve keys on a keypad. Ever tried to enter your alphanumeric login ID and password to a web site on a cell phone or Personal Digital Assistant? It is next to impossible! The biggest impact of ENUM will probably be for Voice Over IP (VoIP). In fact, it could be the tipping point. ENUM is a really big deal. more
I think that a large number of people buying domains can't get their first choice name because some "parked domain monetization" operation (cyber-squatter) owns it and is making money running ads on the page. The trick is to sign up for millions of domain names; set up pages and run ads on them; after 1 day delete domains that have no traffic; after 3 days delete names that have some traffic; after 5 days delete pages with marginal traffic; keep the 1% of pages that have enough traffic to be worth keeping the domain. Because of the refund policy, the 99% of pages deleted before the 5 day grace period are refunded in full and the "monetizer" gets to keep the ad revenue generated over those 5 days. ...Interestingly, I think Google AdSense probably has boosted the viability of this business. more
A long long time ago when the Internet was still young and most people were still using clunky Apples, PCs and mainframes; two documents were published by the Advanced Research Projects Agency (ARPA), part of the US Government's Department of Defense. They were called "RFC 821 - Simple Mail Transfer Protocol" and "RFC 822 - Standard for the format of ARPA Internet text messages" respectively. Written by the John Postel and Dave Crocker respectively, often referred to as some of the founding fathers of the Internet, they defined a simple text-based email system for the use of the fledging network then called the "ARPA Internet"... more
It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018. more
Imagine my surprise upon reading a BBC article which identified ISC BIND as the top security vulnerability to UNIX systems. At ISC, we have striven for a decade to repair BIND's reputation, and by all accounts we have made great progress. "What could this be about," I wondered, as I scanned the BBC article for more details. It turns out that BBC was merely parroting what it had been told by SANS. OK, let's see what SANS has to say... more
A World-Renowned Source for Internet Developments. Serving Since 2002.