Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Though I have been critical of some of ICANN's shortcomings, I remain a strong supporter of ICANN's role as a private sector-led, multi-stakeholder global regulator for the Internet's core addressing systems. My recent blog post about my concerns with the communications processes relating to the addition of the first Arabic script IDN ccTLDs has been quoted in an ITU Staff Paper prepared for the ITU Council Working Group on the World Summit on the Information Society, to be held in Geneva tomorrow. This document seems to suggest... more
Less than a week ago, I posted a short blog piece entitled "Can ICANN Please Stop Shooting Itself in the Foot?" in which I questioned ICANN's actions in connection with the recently announced key signing ceremony. At the end of this piece I asked the question: "While it seems that ICANN continues it propensity to shoot itself in the foot, does the community need to start worrying about when ICANN takes aim at other more vital organizational body parts?" Well it looks like I only had to wait five days to get the answer to that question. more
One would think with an annual budget in excess of 60 million dollars a year and a staff of upwards of 140 (including consultants), that someone would have figured out how to prevent the organization from repeatedly shooting itself in the foot. Unfortunately not even a year of star-fish management oversight by the likes of Rod Beckstrom seems to have done the trick. Exhibit One, earlier this week on CircleID we learned about the first Root Zone DNSSEC KSK Ceremony on Wednesday 2010-06-16 in Culpeper, VA, USA. Of course given the significance of this event one would reasonably assume that ICANN might mention this somewhere on the main page of their website? more
The DNS White Paper has stood the test of time remarkably well. More than a decade after it was published, its principles of stability, competition, and private-sector-led DNS management remain the gold standard for DNS governance. ICANN is struggling to achieve that standard, however, and a dramatic change in direction may need to be considered. more
As a registrar at the front end of the DNSSEC deployment effort, our technical team has made a sustained investment in DNSSEC deployment so that our customers don't get overwhelmed by this wave of changes to the core infrastructure of the Domain Name System. Along the way, we've learnt a lot about how to implement DNSSEC which might hold useful lessons for other organizations that plan to deploy DNSSEC in their networks. more
Just when you think ICANN has got it right, it shoots itself in the foot as only ICANN can. Unfortunately it seems this is yet another case of one step forward and two steps back. While we should be celebrating the fact that Internationalised Domain Names (IDN's) have finally been entered into the Root Zone, we are instead left shaking our heads at the seemingly nonexistent process lines nor communication lines between ICANN and its technical off-shoot IANA. more
The registries (gTLDS) are all moving towards signing in about a year. PIR and .org is going to be first with .edu, .biz, and others closely behind. The root is scheduled to be signed in the beginning of July (end of June looking at the holiday calendar) being the biggest milestone. Some of the roots already contain DNSSEC information. Other ccTLDs continue to turn DNSSEC on with countries on every continent signed. more
As a reader of this article, you are probably familiar with the DNS cache poisoning techniques discovered a few years ago. And you have most likely heard that DNSSEC is the long term cure. But you might not know exactly what challenges are involved with DNSSEC and what experience the early adopters have gathered and documented. Perhaps you waited with our own rollout until you could gather more documentation over the operational experience when rolling out DNSSEC. This article summarizes authors' experiences and learnings from implementing the technology in production environments as well as discusses associated operational issues. more
Complete DNSSEC implementation requires that domains are authenticated at the root by the Registry, and that DNS zones and records are authenticated as well. Now before I go any further, let me begin by stating that I fully support the development and deployment of DNSSEC and that the vulnerabilities presented by Cache Poisoning are very real, especially for those websites collecting login credentials or other types of sensitive information. more
Yesterday's Wikipedia outage, which resulted from invalid DNS zone information, provides some good reminders about the best and worst attributes of active DNS management. The best part of the DNS is that it provides knowledgeable operators with a great tool to use to manage traffic around trouble spots on a network. In this case, Wikipedia was attempting to route around its European data center because... more
With advancements in hardware and software, sophisticated filtering technologies are increasingly being applied to restrict access to the Internet. This happens at the level of both governments and corporations. .. given the open nature of the trust-based Internet, one country's restrictions, if not handled very carefully, can easily foul the global Internet nest we all live in. This blog is about one such story of Internet restrictions in China becoming visible (seemingly at random) from other parts of the world and going undetected for 3 weeks. more
In January we presented the glorious history of the MIT spam conference, today we present the schedule for the first day. Opening session will be from this author, Garth Buren with a topic entitled The Internet Doomsday Book, with details be released the same day as the presentation. Followed by Dr. Robert Bruen with a review of activities since the last MIT spam conference... more
I'm interested in CircleID community's take on NeuStar's recent announcement of Cache Defender. While only effective for domains the company is authoritative for, that does cover a large number of big Internet brands and financial institutions. Why wouldn't an ISP deploy this now, while waiting for all the myriad issues involved in DNSSEC to be resolved? more
Last week at the ICANN meeting in Nairobi, a plan was announced by ICANN staff to create a "CERT" for DNS. That's a Community Emergency Response Team (CERT) for the global Domain Name System (DNS). There are all kinds of CERTs in the world today, both inside and outside the Internet industry. There isn't one for DNS, and that's basically my fault, and so I have been following the developments in Nairobi this week very closely. more
News reports say that the Israeli government is close to passing a law that requires portable e-mail addresses, similar to portable phone numbers. Number portability has been a success, making it much easier to switch from one provider to another, and address portability might ease switching among ISPs. But e-mail is not phone calls. Is it even possible? more
A World-Renowned Source for Internet Developments. Serving Since 2002.