Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
In previous posts in this series, I've discussed a number of applications of cryptography to the DNS, many of them related to the Domain Name System Security Extensions (DNSSEC). In this final blog post, I'll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption. (I've also written about DNS encryption as well as minimization in a separate post on DNS information protection.) more
Association Francaise pour le Nommage Internet en Cooperation ("AFNIC"), the domain name authority managing the French country code top level domain, is introducing a new regime for registration of .fr domain names. Among the main changes, the new regime abolishes any "right to the name". Until now an applicant for registration of a .fr domain name must prove that the domain name reflects its company name, business name or trade mark that is in force in France. more
When Steve delBianco from NetChoice testified (April 2, 2014) in the Subcommittee on Communications and Technology of the US House of Representatives on "Ensuring the Security, Stability, Resilience, and Freedom of the Global Internet", he proposed a stresstest for new mechanisms which could substitute the role of the NTIA in overseeing the IANA contract with ICANN. Stresstests are good. It is good for cars, it is good for banks and it is good for new mechanisms... more
Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more
As I was entering in data for the weekly DNSSEC Deployment Maps, I was struck by the fact that we are now at the point where 617 of the 795 top-level domains (TLDs) are now signed with DNSSEC. You can see this easily at Rick Lamb's DNSSEC statistics site...Now, granted, most of that amazing growth in the chart is because all of the "new generic TLDs" (newgTLDs) are required to be signed with DNSSEC, but we are still seeing solid growth around the world. more
The House's Stop Online Piracy Act is in Judiciary Committee Markup today. As numerous protests, open letters, and advocacy campaigns across the Web, this is a seriously flawed bill. Sen. Ron Wyden and Rep. Darrell Issa's proposed OPEN Act points out, by contrast, some of the procedural problems. Here, I analyze just one of the problematic provisions of SOPA: a new"anticircumvention" provision more
Google today announced that its "Public DNS" service is now performing DNSSEC validation. Yunhong Gu, Team Lead for Google Public DNS, in post today wrote: "We launched Google Public DNS three years ago to help make the Internet faster and more secure.Today, we are taking a major step towards this security goal: we now fully support DNSSEC (Domain Name System Security Extensions) validation on our Google Public DNS resolvers." more
On May 26, 2021, I submitted a complaint to ICANN's Complaints Officer, Krista Papac. In a nutshell, my complaint centers on ICANN's blatant violation of its Bylaws, specifically Section 2.2, named Restrictions, which expressly prohibits ICANN from acting as a registrar. However, despite the absence of any exceptions to this unambiguous prohibition, ICANN is acting improperly as a registrar for the purposes of warehousing and cybersquatting on certain domain names in the .com and .net registries. more
This is the fifth part of a multi-part series reported by ICANNfocus. This part focuses on Securing the Quality of WHOIS Data. "Information for which ICANN has responsibility includes the WHOIS databases. ICANN has been given specific responsibilities for these databases under: 1) their contract with the U.S. government's Department of Commerce to perform the technical management of the Internet; and 2) their Memorandum of Understanding with the Department of Commerce." more
The Malaysian government has backtracked on its recent decision to require Internet Service Providers (ISPs) to redirect Domain Name System (DNS) traffic away from third-party servers like Google Public DNS and Cloudflare. more
Today the e-mail faerie brought news of the release of BIND9 9.10.0 which can be downloaded from here. BIND9 is the most popular name server on the Internet and has been ever since taking that title away from BIND8 which had a few years earlier taken it from BIND4. I used to work on BIND, and I founded ISC, the home of BIND, and even though I left ISC in July 2013 to launch a commercial security startup company, I remain a fan of both ISC and BIND. more
There is a current ongoing Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated. This incident is currently being handled by several operational groups. This past February, I sent an email to the Reg-Ops (Registrar Operations) mailing list. The email, which is quoted below, states how DNS abuse (not the DNS infrastructure) is the biggest unmitigated current vulnerability in day-to-day Internet security operations, not to mention abuse. more
We know that the Internet is running out of IPv4 addresses and that some in our community check twice a day Mat Ford's doomsday clock or spend an hour once a week reading the tea leaves based on Geoff Huston's exhaustive data compiled at Potaroo. Like with global warming, there is still a school of thought out there arguing that this running out of IP addresses is just fear mongering and that we are not really running out of IPv4 addresses as a NATted world is more than adequate to run the Internet for the foreseeable future. We know that the Internet is running out of AS... more
New Zealand's Domain Name Commission (DNC) wins in court against the US company DomainTools for "illegally scrapping personal information" of .nz domain name owners. more
ICANN seems to be out to re-prove Hirschman's theories of exit, voice, and loyalty by driving all of its good people to exit rather than giving them meaningful voices. Thomas Roessler, a long-time advocate of individual users' interests on the interim ALAC now suggests it's Time to Reconsider the structure of ICANN's At-Large, as he feels compelled to promise himself not to get involved with ICANN again... more
A World-Renowned Source for Internet Developments. Serving Since 2002.