Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Doug Madory from Renesys reports: "In response to recent NSA spying allegations, Brazil is pressing ahead with a new law to require Internet companies like Google to store data about Brazilian users inside Brazil, where it will be subject to local privacy laws. The proposed legislation could be signed into law as early as the end of this week. However, Google's DNS service started leaving the country on September 12th, the day President Rousseff announced her intention to require local storage of user data." more
Hot on the heels of other ICANN Internationalized Domain Name (IDN) Top-Level Domain (TLD) launch errors, we now have another example of ICANN's failure to comprehend the differences between IDN and ASCII names, this time to the detriment of potential IDN registrants and the new IDN generic TLD (gTLD) Registries. This gaff really makes you wonder whether the SSAC and Multilinguism departments at ICANN have ever met. more
It was never obvious at the outset of this grand Internet experiment that the one aspect of the network's infrastructure that would truly prove to be the most fascinating, intriguing, painful, lucrative and just plain confusing, would be the Internet's Domain Name System. After all, it all seemed so simple to start with: network applications rendezvous with their counterparts using protocol-level addresses, but we users prefer to use "natural" identifiers that act as aliases for these addresses. more
This post follows an earlier post about DNS amplification attacks being observed around the world. DNS Amplification Attacks are occurring regularly and even though they aren't generating headlines targets have to deal with floods of traffic and ISP infrastructure is needlessly stressed -- load balancers fail, network links get saturated, and servers get overloaded. And far more intense attacks can be launched at any time. more
One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus... How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time of the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack? more
When the domain name system (DNS) was first designed, security was an afterthought. Threats simply weren't a consideration at a time when merely carrying out a function - routing Internet users to websites - was the core objective. As the weaknesses of the protocol became evident, engineers began to apply a patchwork of fixes. After several decades, it is now apparent that this reactive approach to DNS security has caused some unintended consequences and challenges. more
ICANN continues to flail, pointlessly. The latest in a series of missteps that could easily have been avoided is its recommendations on what to do about a report on the potential for confusion and misaddressing when someone's internal network names match the name for a new gTLD, and they have misconfigured their routers and/or DNS to the extent that someone typing in a new gTLD name might end up in the middle of someone else's network. more
With all the focus in the TLD world on the imminent arrival of more than a thousand new TLDs and the still unfinished discussions within ICANN on what policy framework those TLDs will need to follow, it is often forgotten that there are hundreds of other TLD policy frameworks that are mature, stable and well tested. These of course are the ccTLD policy frameworks that have been actively developed over 20 years. more
Today's Internet is wonderful for solving hard problems such as connecting to Amazon to buy goods or for using Netflix. Amazon and Netflix, among others, demonstrate what is possible if you put in enough effort. Yet if we are to understand the Internet we need to look beyond those applications to the simplest application such as sending one bit of information from a light switch to a light fixture. more
Well more than a year ago, ICANN's Security and Stability Advisory Committee published SSAC 053, its paper on single-label domain names - now referred to in the community as "dotless" domains - advising against their use. In a robust comment period, the community weighed in on the utility and safety of dotless domains, with some in favor and some opposed. To address the matter, ICANN has commissioned further study of the issue with an eye toward resolving the issue for new gTLD applicants. more
Have some security aspects been overlooked in the rush to conclude the new gTLD program and "give birth to the baby before it starts to get really sick" as ICANN CEO Fadi Chehadé put it at a briefing jointly organised by ICANN and the European Commission a few days ago? Ever since 2008 when the ICANN Board approved the GNSO-evolved policy that became the new gTLD program, it has been reworked so much that it's difficult to imagine any stone has been left unturned. Yet a recent letter threatens to open up a new can of worms. more
Do you recall when you were a kid and you experienced for the first time an unnatural event where some other kid "stole" your name and their parents were now calling their child by your name, causing much confusion for all on the playground? And how this all made things even more complicated - or at least unnecessarily complex when you and that kid shared a classroom and teacher, or street, or coach and team, and just perhaps that kid even had the same surname as you, amplifying the issue! What you were experiencing was a naming collision (in meatspace). more
Although this article was first published just a few days ago, on May 8th, there have been several important intervening developments. First, on May 10th ICANN released a News Alert on "NGPC Progress on GAC Advice" that provides a timetable for how the New gTLD program Committee will deal with the GAC Communique. Of particular note is that, as the last action in an initial phase consisting of "actions for soliciting input from Applicants and from the Community', the NGPC will begin to "Review and consider Applicant responses to GAC Advice and Public Comments on how Board should respond to GAC Advice... more
It's safe to say that with just a week to go before ICANN intended to sign the first contract for a new gTLD, the last thing anyone wanted was a 12-page document from the world's governments with 16 new "safeguards", six of which it wants to see applied to every new extension. But what the industry shouldn't overlook, especially in the face of the expected critical responses this week and next, is that the Governmental Advisory Committee's (GAC's) formal advice from the ICANN Beijing meeting represents an opportunity for the domain name industry to lock-in self-regulation at a critical point in its evolution. more
Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured. more
A World-Renowned Source for Internet Developments. Serving Since 2002.