The Design of the Domain Name System, Part I

Over the past 30 years the Domain Name System has become an integral part of the operation of the Internet. Due to its ubiquity and good performance, many new applications over the years have used the DNS to publish information. But as the DNS and its applications have grown farther from its original use in publishing information about Internet hosts, questions have arisen about what applications are appropriate for publication in the DNS, and how one should design an application to work well with the DNS. more

DNSSEC: Will Microsoft Have Enough Time?

I have previously pointed out the shortcomings of good and user friendly support for DNSSEC in Microsoft's Server 2008 R2. During the period just after I wrote the post, I had a dialogue with Microsoft, but during the last months there has been no word at all. The reason I bring this up again is that more and more Top Level Domains (TLDs) now enable DNSSEC and also the fact that within six months the root will be signed. more

Two Stage Filtering for IPv6 Electronic Mail

I'm a guest at the MAAWG conference in San Francisco this week and several people have now mentioned to me the problem and the opportunity of anti-spam e-mail filtering for IPv6. Tomorrow is World IPv6 Day but since a bunch of the pieces have clicked together in my head I'll post this a day early. more

The Future of the Internet: A Political View

Lets face it, gathering a collection of ministerial delegations to laboriously recite prepared speeches to each other sounds about as exciting as watching paint dry. And observing meetings where the major outcome appears to be limited to the scheduling of the next meeting can become somewhat tedious after a while. It should not be surprising that the level of expectation of tangible outcomes for such governmental meetings is invariably abysmally low. So what's the value of adding yet another meeting to governments' schedule? What makes the OECD-hosted ministerial meeting on the Future of the Internet Economy so unique in the context of the Internet's current political landscape and its political future? Why would a meeting about the dismal science of economics hold any interest at all? more

Canada Finishes its Spam Task Force, Result is Pretty Good

Industry Canada, the part of the Canadian government roughly equivalent to the U.S. Commerce Department, has had a task force on spam working for the past year or so. I was invited to participate as an unofficial member, since I'm not a Canadian. Yesterday, it wrapped up its work and published its report (aussi disponsible en francais) to the government. It's quite good, and has a set of 22 recommendations. more

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more

Temporary Restraining Order Issued Against Domainer’s Use of “mylennar.com”

Companies sometimes find that opportunistic purchasers of domain names (often referred to as "domainers"), will purchase a domain name quite similar to that of the company, and establish a site at the URL loaded with revenue-generating sponsored ads. To accomplish these purposes, domainers seem to prefer the services of companies like HitFarm and Domain Sponsor. A web user types in the confusingly similar URL and is bombarded with pop-up ads and sponsored links to goods and services, often competitive to the company whose name or trademark is being appropriated in the URL... more

How the Pandemic Changed Broadband

The Washington Post recently published an article with a series of graphs showing the impact of the pandemic on various economic indicators, including unemployment, wages, air travel, grocery prices, home prices, and consumer sentiment. The article got me thinking about the impact of the pandemic on the broadband industry, and several important changes emerged from our collective pandemic experience. more

Donuts to Acquire Afilias

Donuts and Afilias announced today that Donuts is acquiring Afilias in a deal that is expected to close in December 2020 for an undisclosed amount. The combined entities will support over 25 million domain names spanning well over 400 TLDs. The deal will not include certain Afilias businesses, such as the mobile software and registrar businesses, which will remain with Afilias' original group of investors. more

1 Terabit DDoS Attacks Become a Reality; Reflecting on Five Years of Reflections

Reflection amplification is a technique that allows cyber attackers to both magnify the amount of malicious traffic they can generate, and obfuscate the sources of that attack traffic. For the past five years, this combination has been irresistible to attackers, and for good reason. This simple capability, of turning small requests into larger, 'amplified' responses, changed the Distributed Denial of Service (DDoS) attack landscape dramatically. more

Report on DNS Amplification Attacks

In this newly released paper Randal Vaughn and Gadi Evron discuss the threat of Distributed Denial of Service (DDoS) attacks using recursive DNS name servers open to the world. The study is based on case studies of several attacked ISPs reported to have on a volume of 2.8Gbps. One reported event indicated attacks reaching as high as 10Gbps and used as many as 140,000 exploited name servers. more

2004: The Year That Promised Email Authentication

As the year comes to a close, it is important to reflect on what has been one of the major actions in the anti-spam arena this year: the quest for email authentication. With email often called the "killer app" of the Internet, it is important to reflect on any major changes proposed, or implemented that can affect that basic tool that many of us have become to rely on in our daily lives. And, while many of the debates involved myriads of specialized mailing lists, standards organizations, conferences and even some government agencies, it is important for the free and open source software (FOSS) community as well as the Internet community at large, to analyze and learn lessons from the events surrounding email authentication in 2004. more

Why Vint Cerf is Wrong

At the Internet Governance Forum in Baku, I made an intervention on behalf of NL IGF, reporting on the recommendations given by the participants of Workshop 87... I concluded that more regulatory and law enforcement bodies need to become part of the IGF discussions, as they are an integral part of governing the Internet from a safety and security perspective. Mr. Cerf responded with a one-liner: "I can't help observing, if we keep the regulatories confused, maybe they will leave us alone". more

IPv6 Adoption Brings New Security Risks

Although IPv6 DDoS attacks are not yet a common occurrence, there are indications that malicious actors have started testing and researching IPv6 based DDoS attack methods. more

Google Buys VeriSign (not really)

No that's not really happening, Google is not buying VeriSign. But given Google's ravenous appetite for data, it might find VeriSign quite attractive. VeriSign has both root domain name servers and servers for the .com and .net top level domains (TLDs). VeriSign could data mine the queries coming into those servers and produce a very valuable real-time stream of what users on the net are doing... Google just bought Postini -- and one would have to be fairly naive to believe that Google does not intend to dredge through all... more