We would like to provide you with a better user experience. Please re-enable Javascript in your web browser.
One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus. How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and…
For some time now we’ve been tracking the progress of the deployment of DNSSEC in the Internet. Its been a story of an evolution of the measurement technique, starting with a technique that attempted to guess at the behaviour of resolvers, through to techniques that explicitly pose novel DNS names…
There are a number of reasons that both domain name administrators and vendors of client DNS software cite for not incorporating DNSSEC signing into their offerrings. The added complexity of the name administration process when signatures are added to the mix, the challenges of maintaining current root trust keys, and…
The Domain Name System, or the DNS, is a critical, yet somewhat invisible component of the Internet. The world of the Internet is a world of symbols and words. We invoke applications to interact with services such as Google, Facebook and Twitter, and the interaction is phrased in human readable…
At the recent ARIN XXX meeting in October 2012 I listened to a debate on a policy proposal concerning the reservation of a pool of IPv4 addresses to address critical infrastructure. The term “critical infrastructure” is intended to cover a variety of applications, including use by public Internet Exchanges and…
This is a followup article to “Counting DNSSEC” that reflects some further examination of the collected data. This time I’d like to describe some additional thoughts about the experiment, and some revised results in our efforts to count just how much DNSSEC is being used out there. And for those…
At the Nordunet 2012 conference in September, a presentation included the assertion that “more than 80% of domains could use DNSSEC if they so chose.” This is an interesting claim that speaks to a very rapid rise in the deployment of DNSSEC in recent years, and it raises many questions…
The front page story of the September 13 2011 issue of the International Herald Tribune said it all: “Iranian activists feel the chill as hacker taps into e-mails.” The news story relates how a hacker has “sneaked into the computer systems of a security firm on the outskirts of Amsterdam”…
