AFRINIC Finally Elects a New Board: What Next?

AFRINIC-The Regional Internet Registry for Africa has finally successfully conducted its 2025 Board of Directors Elections! The elections were held from September 10 to 12, 2025. This fresh leadership marks the beginning of a new era after years of turbulence and uncertainty for the organization. more

CIRA Suspends Participation in ICANN

The Canadian Internet Registration Authority (CIRA) has issued a public letter to ICANN calling on the organization to follow accountable, transparent, and fair processes. Until the concerns are addressed, CIRA says it is suspending its voluntary contributions to ICANN... more

International Law and Cyberspace: It’s the “How”, Stupid

The Internet has enhanced freedom of communication, ignored national borders, and removed time and space barriers. But the Internet sphere was never a law-free zone. Already ICANN's "Articles of Incorporation" (1998) constituted that the management of critical Internet resources has to take place within the frameworks of "applicable national and international law". more

Large Volume of DNSSEC Amplification DDoS Observed, Akamai Reports

A dramatic increase in DNS reflection/amplification DDoS attacks abusing Domain Name System Security Extension (DNSSEC) configured domains have been observed in the past few months, according to a security bulletin released by Akamai’s Security Intelligence Response Team (SIRT). more

Some Internet Measurements

At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP. The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. more

China Stepping Up Cryptocurrency Crackdown

China is preparing for a new crackdown on cryptocurrency, planning to stamp out remaining trading in the country, according to state media. more

Verisign Extends COVID-19 Wholesale Restore Fee Waiver

Verisign today announced that the waiver of the wholesale restore fee for .com and .net domain names is extended until August 1, 2020 at 03:59:59 UTC. more

IPv6, Phone Numbers and Analogies

My local area code (814) is running out of phone numbers. When discussing IPv6 with non-technical folks, I frequently use the hypothetical scenario of running out of phone numbers as an analogy for IPv4 address depletion. The conversation usually goes like this: "Imagine if we were running out of phone numbers. One way of solving that problem would be to make them bigger. Instead of ten digits, what if we made then thirty digits? If we did that, how many other things would we have to change? Some mundane things like business cards, letterhead, and phone books. But also more substantial things..." more

Online Registries: The DNS and Beyond

As the world grows more connected and more complicated, we all need ways of defining, identifying and keeping track of things and cross-referencing them with their owners. The simplest way to do that is with registries -- everything from the Domesday Book, a medieval registry of land, property and people; to current-day auto registries on the one hand and the worldwide Domain Name System on the other...But now, companies and organizations have to keep track of ever more things and people, not just inside their walls but across extended organizational boundaries. Call this new wrinkle an "external registry". Finally, they may want to interact with things and people, rather than just look them up, via an "active registry".  more

How to Discredit Net Neutrality

On Tuesday (November 30) Internet backbone provider Level3 publicly accused cable-based ISP Comcast of trying to thwart competing video services delivered through the internet. Comcast was, according to Level3, suddenly choosing to charge it more because of its carriage of Netflix traffic. The accusation was consciously framed to raise net neutrality alarms. It appeared as if a cable TV giant was using its control of internet access to make access to a competing, over the top video service more expensive... Then the full story came out. more

IPv6 and the Fear of Brokenness

Brokenness refers to the situation whereby a website is made accessible in dual stack, meaning both IPv4 and IP6, using records referred to as A's for IPv4 and quad A's for IPv6. Some end-users can experience slower access to the website or in some rarer instances no access at all. Brokenness is mostly attributable to older versions of the Mac Os operating system... The brokenness issue has been very well described by Eric Vyncke... more

Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more

The RIRs in a Post-IPv4 world: Is the End of IP Address Policy Making Nigh?

IANA's IPv4 pool was officially exhausted in early 2011; Regional Internet Registries (RIRs) are gradually eating through their remaining IPv4 reserves and, although there will always be a trickle of recycled IPv4 addresses coming through as businesses go bust or ISPs move entirely to IPv6, the bulk of RIR IPv4 activity in future will be maintenance of existing allocation records... While IPv6 is definitely the way of the future for the Internet, the sheer size of the IPv6 address pool, combined with simplified allocation policies that have deliberately reduced barriers to entry, means there are very few organizations that can't get IPv6 directly from the RIRs these days. more

Unreasonable ccTLD Registry Price Increases!

It highly concerns me when domain registries controlling a certain Top-Level Domain (TLD) raise the wholesale prices they charge to registrars (domain retailers) without consultation to domain registrants (domain buyers). When this happens, all the registrars will need to pay more to the registry for every domain which they register or renew for a customer. They will in turn raise their prices to cover the additional cost to them. Transferring the domains to a different registrar will not help, as all the registrars for that TLD will be forced to raise prices as they all have to pay more to the registry. Don't think it hasn't happened before? more

Anti-Phishing and Hong Kong

Planning for a short trip to Hong Kong tomorrow reminded me of Jonathan Shea, something I wanted to blog about but was waiting for the hype around the new generic Top-Level Domains (TLDs) to cool down. Jonathan Shea is an old friend who is in-charge of ".hk". I had the pleasure to catch up with him in Paris ICANN meeting. Before Jonathan, let me talk about something related that happened in Paris. At the Cross Constituency Meeting, there was a presentation by the Anti-Phishing Working Group (APWG). In summary, they were proposing working with registries to take down domain names that are suspected to be involved in phishing. more