Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNSSEC adoption has been slow, but is now picking up speed, thanks to organizations leading the way. ... While some registries have already signed, some have announced plans to sign and others are still trying to figure out their plan. Either way, DNSSEC is here. How can we make DNSSEC adoption quicker and easier not only for the registry but for individual name owners? more
As the unallocated IPv4 address pool runs out, are Internet Service Providers (ISPs) actually deploying IPv6? The graph, first in a series from RIPE Labs, looks at the IPv6 "ripeness" of all ISPs registered as RIPE NCC members. We created a rating system that gives ISPs up to four "stars" for IPv6 services that they provide, based on the following criteria... more
In the coming months, ICANN will ambitiously expand the number of top-level domains (TLDs). ICANN could add ".movie" and ".paris", among others, to the existing ranks of ".com", ".org", ".gov", and ".edu". Here's another they should consider: a new ".pol" TLD that is reserved exclusively for political candidates and entities. A ".pol" TLD is needed to alleviate problems linked to a now-common phenomenon called political cybersquatting... more
As the implementation of DNSSEC continues to gather momentum and with a number of ccTLDs, and the '.org' gTLD having deployed it into their production systems, I think it is worth pausing to take a look at the entire DNSSEC situation. Whilst it is absolutely clear that DNSSEC is a significant step forward in terms of securing the DNS, it is but one link in the security chain and is therefore not, in itself, a comprehensive solution to fully securing the DNS system. more
Lost in all the discussion around the recent ITU meeting (TIES account required of course) is any discussion of the current policy regarding the formation of new RIRs. You may recall that one of the reports that the ITU commissioned on this subject suggests that it would be possible, even desirable for the ITU to be allocated a /12 of IPv6 from the IANA to be further allocated to Country Internet Registries. more
With the launch of new generic Top-Level Domains (gTLDs) expected to occur early next year, many are closely examining the opportunities and risks associated with ICANN's Program. Although still in draft format and subject to change, keep these gotchas in mind as you think through your strategy. more
When it comes to stealing domain names, I suspect that there are two reasons why so many web bandits appear to be immune from ICANN (the Internet Corporation for Assigned Names and Numbers uses the acronym ICANN): the first reason I discussed in my last column on domain name theft (where I described a substantive void in domain name "regulation" as a primary factor for the increasing incidence of domain name theft), the second reason, which is the focus of this column, is the procedural anomaly that currently infuses ICANN's uniform dispute resolution process (UDRP) by providing no administrative forum for domain name registrants who become victims of domain name theft carried out by ICANN's registrars. more
Last week ICANN took another very significant step forward in the expansion of the internet by approving the delegation of a number of Chinese script IDN ccTLDs. Although we have all heard statements that portray the introduction of IDN ccTLDs as being perhaps the single most important factor in the achievement of ICANN's "One World, One Internet" vision, we should take a moment to appreciate the true significance of this latest round of IDN ccTLD approvals. more
Now that ICANN has added IPv6 name servers for the root zone, and that many registries have enabled IPv6 on their DNS servers, I thought it would have been easy to update the DNS records pointing to my domain to mention a IPv6-only DNS server. This way, we could have native name resolution end-to-end in IPv6. We are not there yet, it seems. more
On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. ... The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. more
A rewrite of the Rich Internet Application (RIA) article is my latest contribution to Wikipedia following last year's full rewrite of the Cloud Computing article (which is now finally fairly stable and one of the main authoritative sources on the topic; according to the article statistics I've just done my 500th edit, or one every eight hours on average so it's about as up-to-date as you'll find). Needless to say I agree wholeheartedly with Mozilla's Mark Finkle in saying RIA is Dead! Long Live Web Applications... more
Capacity and scalability are necessary in managing DNSSEC and D/DoS. Capacity, necessary for maintaining operations during D/DoS attacks, is also necessary for increased traffic due to DNSSEC deployment. Scalability is highly important, as DNSSEC is deployed not only will greater traffic levels will be encountered, greater demand will be placed on the DNS platform. In the interest of understanding both capacity and scalability CommunityDNS conducted tests to assess the readiness of the two main DNS server platforms, BIND and NSD... more
ICANN's 38th get-together, in Brussels, may become known as the meeting where the dust finally began to settle. Long-standing issues were settled, compromises were reached, no-one complained too much about the latest version of the Applicant Guidebook, and the Board stood by its project plan dates, even scheduling a Board retreat to solve remaining issues. Finally, there were no surprise "gotcha!" delays that generic Top-Level Domain (gTLD) applicants have been used to seeing at ICANN meeting. With one possible exception... more
It's no secret that Comcast has been leading the charge of DNSSEC deployment among ISPs. For the past couple years, Comcast has been testing and pushing for the widespread adoption of DNSSEC. In the spirit of increasing adoption, I thought I would interview the DNS gurus at Comcast to see what they've learned and what advice they would give other ISPs considering DNSSEC deployment. more
ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC. "During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy." more
A World-Renowned Source for Internet Developments. Serving Since 2002.