Blog entries for "DNS"

Other Uses for Secure DNS

13 Oct 2011
vixie

In the October 2011 issue of the Usenix Associations ";login:" newsletter, I published an article entitled "Other Uses for Secure DNS", with special attention to the IETF DANE working group and the proposed protocol for replacing the X.509 certificate authority system with a secure and scalable system based on Secure DNS.

A reprint of article is attached below.

Protecting Intellectual Property is Good; Mandatory DNS Filtering is Bad

12 Oct 2011
vixie

It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns.

DNSSEC Key Management Best Practices (Part 3 of 3)

23 Sep 2011
Barry Greene

Don't wait until it is too late! Secure your DNS NOW!

Internet Systems Consortium (ISC) - the industry's core drivers of DNSSEC deployment will help you step by step to secure your DNS infrastructure. Please join us for the third of a series DNSSEC talks.

Date and Time: We will present this webinar twice to maximize time zone coverage.

UKNOF is 20...what next ?

18 Aug 2011
Keith Mitchell

The 20th meeting of the UK Network Operators' Forum will take place on Tuesday 6th September, hosted by Hewlett Packard at HP Labs in Bristol, and also sponsored by Arbor Networks.

ISC BIND 9.8.1b3 provides startup-performance improvements

13 Jul 2011
by Evan Hunt


ISC BIND 9.8.1b3 is now available. This release includes startup-performance improvements described in A Major Improvement in BIND 9 Startup Performance (see http://www.isc.org/files/imce/startup-performance.pdf).

BIND 9.8.1b3 is the third beta release of BIND 9.8.
 

Evolution of Internet Exchanges

02 May 2011
Keith Mitchell

Something we're fortunate to have at ISC is the founders of some of the most influential Internet Exchanges (IXPs) amongst our senior staff. I haven't been personally involved in the IXP business for around 7 years now, so it was a pleasure to be invited as guest speaker to the AGM of the TorIX, Canada's biggest IXP, in Toronto.

DNS forwarders

29 Apr 2011
Jelte

Recently, at a BIND 10 Face to face meeting, we scheduled a short slot of time to discuss the features of a DNS forwarder. As part of the development process of the BIND 10 recursive resolver, we initially implemented a basic forwarder. As we added actual recursive resolver features, the original 'forwarding' mode was left in, and got some of the features that were added for the 'resolving' mode, mostly on an ad-hoc basis.

Blocking DNS

17 Mar 2011
by Paul Vixie

COICA and Secure DNS

An Ending and An Opportunity

04 Feb 2011
Suzanne Woolf

A new milestone in the history and evolution of the Internet has passed: On Thursday, February 3, 2011, it was announced that the Internet Assigned Numbers Authority (IANA), steward of the Internet's reserves of unassigned IP addresses, has distributed the final blocks of IPv4 addresses to the Regional Internet Registries (RIRs). The RIRs, based in North America, Europe, Asia, South America, and Africa, will now allocate them, according to rules developed in each region, to service providers and enterprises worldwide. And then all of the IPv4 addresses will be in use.

Preparing for a world consisting of larger DNS responses.

20 Jan 2011
Peter Losher

While many of you know ISC as the maintainer of the BIND DNS server software, we have always had our hand in the DNS operations field, including operating one of the 13 DNS root servers (F.ROOT-SERVERS.NET), as well as secondaring many ccTLD and non-commercial zones for over a decade. ISC has also been at the forefront of designing and implementing DNS Security Extensions (DNSSEC) which is a mechanism to cryptographically verify that the response given to a DNS request is correct.