DNSSEC is But One Link in the Security Chain

As the implementation of DNSSEC continues to gather momentum and with a number of ccTLDs, and the '.org' gTLD having deployed it into their production systems, I think it is worth pausing to take a look at the entire DNSSEC situation. Whilst it is absolutely clear that DNSSEC is a significant step forward in terms of securing the DNS, it is but one link in the security chain and is therefore not, in itself, a comprehensive solution to fully securing the DNS system. more

Current ICANN Policy Precludes the ITU Becoming an IP Address Registry

Lost in all the discussion around the recent ITU meeting (TIES account required of course) is any discussion of the current policy regarding the formation of new RIRs. You may recall that one of the reports that the ITU commissioned on this subject suggests that it would be possible, even desirable for the ITU to be allocated a /12 of IPv6 from the IANA to be further allocated to Country Internet Registries. more

Top Ten New gTLD Gotchas

With the launch of new generic Top-Level Domains (gTLDs) expected to occur early next year, many are closely examining the opportunities and risks associated with ICANN's Program. Although still in draft format and subject to change, keep these gotchas in mind as you think through your strategy. more

Domain Name Theft Part II: Did ICANN Leave Foxes Guarding the Chicken COOP?

When it comes to stealing domain names, I suspect that there are two reasons why so many web bandits appear to be immune from ICANN (the Internet Corporation for Assigned Names and Numbers uses the acronym ICANN): the first reason I discussed in my last column on domain name theft (where I described a substantive void in domain name "regulation" as a primary factor for the increasing incidence of domain name theft), the second reason, which is the focus of this column, is the procedural anomaly that currently infuses ICANN's uniform dispute resolution process (UDRP) by providing no administrative forum for domain name registrants who become victims of domain name theft carried out by ICANN's registrars. more

One Billion Internet Users

Last week ICANN took another very significant step forward in the expansion of the internet by approving the delegation of a number of Chinese script IDN ccTLDs. Although we have all heard statements that portray the introduction of IDN ccTLDs as being perhaps the single most important factor in the achievement of ICANN's "One World, One Internet" vision, we should take a moment to appreciate the true significance of this latest round of IDN ccTLD approvals. more

Are Domain Name Registrars Ready for IPv6?

Now that ICANN has added IPv6 name servers for the root zone, and that many registries have enabled IPv6 on their DNS servers, I thought it would have been easy to update the DNS records pointing to my domain to mention a IPv6-only DNS server. This way, we could have native name resolution end-to-end in IPv6. We are not there yet, it seems. more

Who is Blocking WHOIS?

On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. ... The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. more

Native Web Applications (NWA) vs. Rich Internet Applications (RIA)

A rewrite of the Rich Internet Application (RIA) article is my latest contribution to Wikipedia following last year's full rewrite of the Cloud Computing article (which is now finally fairly stable and one of the main authoritative sources on the topic; according to the article statistics I've just done my 500th edit, or one every eight hours on average so it's about as up-to-date as you'll find). Needless to say I agree wholeheartedly with Mozilla's Mark Finkle in saying RIA is Dead! Long Live Web Applications... more

DNS Platforms: A Study in Capacity and Scalability

Capacity and scalability are necessary in managing DNSSEC and D/DoS. Capacity, necessary for maintaining operations during D/DoS attacks, is also necessary for increased traffic due to DNSSEC deployment. Scalability is highly important, as DNSSEC is deployed not only will greater traffic levels will be encountered, greater demand will be placed on the DNS platform. In the interest of understanding both capacity and scalability CommunityDNS conducted tests to assess the readiness of the two main DNS server platforms, BIND and NSD... more

What the ICANN Brussels Meeting Means for New gTLDs

ICANN's 38th get-together, in Brussels, may become known as the meeting where the dust finally began to settle. Long-standing issues were settled, compromises were reached, no-one complained too much about the latest version of the Applicant Guidebook, and the Board stood by its project plan dates, even scheduling a Board retreat to solve remaining issues. Finally, there were no surprise "gotcha!" delays that generic Top-Level Domain (gTLD) applicants have been used to seeing at ICANN meeting. With one possible exception... more

DNSSEC Deployment Among ISPs: The Why, How, and What

It's no secret that Comcast has been leading the charge of DNSSEC deployment among ISPs. For the past couple years, Comcast has been testing and pushing for the widespread adoption of DNSSEC. In the spirit of increasing adoption, I thought I would interview the DNS gurus at Comcast to see what they've learned and what advice they would give other ISPs considering DNSSEC deployment. more

Video: Highlights of the DNSSEC Key Signing Ceremony

ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC. "During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy." more

The .XXX Fiasco is Almost Over

At Friday's meeting of the ICANN board in Brussels, they voted, probably for the last time, to approve the 2004 application for the .XXX domain. Purely on the merits, there is of course no need for a top level domain for porn. This isn't about the merits, this is about whether ICANN follows its own rules. Despite overheated press reports, .XXX will not make porn any more available online than it already is (how could it?), there is no chance of all porn being forced into .XXX (that's a non-starter under US law), and .XXX will have no effect on the net other than perhaps being a place to put legal but socially marginal porn far away from any accidental visitors. more

Panel Allows Woman to Keep Domain Name That Is Her First Name

In this action under the usTLD Dispute Resolution Policy (which mirrors the Uniform Domain Name Dispute Resolution Policy), Complainant sought transfer of the Domain Name grazia.us. Complainant, an Italian company, has used the mark GRAZIA for many years in several markets around the world in connection with its fashion magazine. more

New Book on Domain Name Regulation

My book, "The Current State of Domain Name Regulation: Domain Names as Second Class Citizens in a Mark-dominated World" is now available by Routledge. The following is an overview of the book. more