DNS |
Sponsored by |
|
Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same. Names require context, he observed, and "computers are really bad at this" because "everything defaults to global." Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, "It would be great if we could go back 20 years and say 'Don't do that'," but concluded that policymakers have to work with DNS the way it is today. more
In an unexpected move, the two top U.S. officials charged with the Obama Administration's Internet policy have issued a joint statement severely criticizing draft Chinese domain policies. On May 16th, the State Department's Ambassador Daniel A. Sepulveda and NTIA's Assistant Secretary for Communications and Information Lawrence E. Strickling issued an official statement titled "China's Internet Domain Name Measures and the Digital Economy". more
In January Jörg Schweiger, DENIC's CTO from 2007 to 2014 and CEO since 2014, announced he was stepping down from his position in December. It's been quite a ride, and the domain name industry has evolved quite a lot. So we asked Jörg a few questions about his time with DENIC and the changes he's seen... he came up with some insightful views on why he thought new TLDs missed a great opportunity to do something with "innovative new business models," the importance of security to DENIC... more
Microsoft is a special company. By definition, its operating systems and Internet browser are no longer just "applications;" they constitute a platform. They are - for 90 percent of Internet users - the sole interface to all Internet content and services. The browser is its own little monopoly. Such is its dominance that Microsoft has the power of life and death over innovation. more
Network Information Centre Sweden AB (NIC-SE), which is the organization that administers .se domain names, will be introducing a new regime for registration of .se domain names.
Under the new regime, applicants from all over the world will be able to apply for registration of a .se domain name without needing to prove that the desired domain name reflects a company or organization name. There will no longer be preliminary examination of applications for registration of .se domain names nor any restriction on the number of .se domain names per applicant. It will also be possible to register geographical names as .se domain names. However, non-Swedish applicants (those without a permanent business place or address in Sweden) must provide a local contact (i.e. person or entity who is permanently resident in Sweden). more
As regular readers know, ICANN holds lengthy, in-depth discussions devoted to DNSSEC at each of its three annual meetings. The half-day session held at ICANN 43 in Costa Rica last month was particularly interesting. What became clear is that the industry is quickly moving into the end-user adoption phase of global DNSSEC deployment. more
In Tony Li's article on path MTU discovery we see this text: "The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation." Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS... more
It is not often I go out to my driveway to pick up the Washington Post -- yes, I still enjoy reading a real physical paper, perhaps a sign of age -- and the headline is NOT about how the (insert DC sports team here) lost last night but is instead is about an IT technology. That technology is the Border Gateway Protocol (BGP), a major Internet protocol that has been around for more than a quarter century, before the Internet was commercialized and before most people even knew what the Internet was. more
Today, anyone can use WHOIS to identify the organization or person who registered a gTLD domain name, along with their postal address, email address, and telephone number. Publishing this data has long been controversial, creating a system riddled with problems. On one hand, anonymous access to all WHOIS data enables misuse by spammers and criminals and raises concerns about personal privacy. On the other hand, incomplete or false WHOIS data prolongs Internet outages and leaves crime victims with little recourse. more
It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more
"The General Services Administration is analyzing what caused an outage of .gov websites for a few hours Wednesday morning," reports Federal Times. Officials said the problem involved so-called DNSSEC cybersecurity measures that affected access to certain .gov sites, according to GSA spokeswoman Mafara Hobson. more
There has been a lot of criticism about the worthiness of DNSSEC. Low adoption rates and resistance and reluctance by Registrars to take on the perceived burden of signing domains and passing-on cryptographic material are at the crux of the criticism. I'm a believer in DNSSEC as a unique and worthwhile security protocol and as a new platform for innovation. It's the reason I've long advocated for and continue to work toward a new model of DNSSEC provisioning. more
The canonical specification of the DNS that is normally cited are the pair of quite venerable RFCs, RFC 1034, "Domain names - concepts and facilities", and RFC 1035, "Domain names - implementation and specification", both published in November 1987. However, these two specification documents are just the tip of a rather large iceberg. One compendium of all the RFCs that touch upon the DNS lists some 292 RFCs. more
In a letter released on Monday, the Internet Society Board of Trustees has expressed concern with a number of U.S. legislative proposals that would mandate DNS blocking and filtering by ISPs to protect the interests of copyright holders. "Policies mandating DNS filtering undermine the open architecture of the Internet and raise human rights and freedom of expression concerns," says Internet Society (ISOC). more
The main reason for developing a new internet protocol was based on lack of address; however this was not the only reason. Unfortunately, many people think of IPv6 only as enormous address space, but there are a lot of other advantages, for example... authorizations and authentication function are implemented directly in the protocol and are mandatory... automatic configuration of network interfaces based on their physical address... protocol itself recognizes data streams which must be transmitted in real time, and the data must be processed with highest priority... more
A World-Renowned Source for Internet Developments. Serving Since 2002.