Blogs

  • Blocking DNS

    COICA and Secure DNS Update: This article from March 2011 was superceded in some details by a article published in August 2011. If you reached this blog entry as a result of the SOPA markup meeting December 15 2011, you should read both articles. As a strong proponent of the private right of action for all Internet endpoints and users, I’ve long

    Read more
    0
    0
  • RTT Banding Removal From BIND 9

    In response to our customers and colleagues, ISC has chosen to remove the RTT Banding feature from BIND 9, starting with BIND 9.8.0. Other supported versions will have RTT Banding removed in their next releases. BIND 9.8.0 is scheduled to go out on March 1st, 2011. 9.8.1 will follow around a month later. Before Banding Prior to implementing RTT Banding,

    Read more
    0
    0
  • But Open Source Software is unsupported. Isn’t it?

    Open Source is not unsupported It’s a common misconception that open source software means it’s unsupported, that if you want to have 7×24 support you have to buy commercial software. Nothing could be further from the truth. The reality is that open source software is written by professional coders, is fully production quality and support is available. The major difference between

    Read more
    0
    0
  • An Ending and An Opportunity

    A new milestone in the history and evolution of the Internet has passed: On Thursday, February 3, 2011, it was announced that the Internet Assigned Numbers Authority (IANA), steward of the Internet’s reserves of unassigned IP addresses, has distributed the final blocks of IPv4 addresses to the Regional Internet Registries (RIRs). The RIRs, based in North America, Europe, Asia, South

    Read more
    0
    0
  • DNSSEC and “lazy delegation”

    Prior to deploying DNSSEC it has been possible to perform something I’m calling “lazy delegation.” This is when a parent and direct child are served from the same name servers, so NS records in the parent are unnecessary in practice. While consulting with various clients about how to best deploy their DNSSEC, this is a common discovery. Often times someone

    Read more
    0
    0
  • Preparing for a world consisting of larger DNS responses.

    While many of you know ISC as the maintainer of the BIND DNS server software, we have always had our hand in the DNS operations field, including operating one of the 13 DNS root servers (F.ROOT-SERVERS.NET), as well as secondaring many ccTLD and non-commercial zones for over a decade. ISC has also been at the forefront of designing and implementing

    Read more
    0
    0
  • How to connect to a multi-homed server over TCP

    With the world wide deployment of IPv6 in parallel with IPv4, it has become apparent that a traditional connection loop is no longer good enough. In fact, this is a large part of the reason why Google is white listing resolvers and Yahoo only wants to return to AAAA records to DNS queries made over IPv6.  The traditional connection loop

    Read more
    0
    0
  • Technology Leadership for the Common Good

    “I am relieved.”  That lovely double entendre is what Captain Pike said to Captain Kirk at the end of last summer’s most excellent reboot of the Star Trek series. I am likewise relieved to have been relieved of my long time post as President of ISC by my good friend and long associate Barry Greene. I continue at ISC as

    Read more
    0
    0
  • Implementing IPv6 is no longer optional

    The exhaustion of IPv4 space from IANA is coming as soon as February (yes, next month!) and the reserve held by the RIRs will be running dry shortly thereafter. The ability to provide (and use) IPv6 infrastructure is no longer optional; it is a requirement. ISC, unlike others who may talk the talk in regard to IPv6 experience, has been

    Read more
    0
    0
  • BIND 9: Easier GSS-TKEY configuration

    ISC has been working with Tridge from the Samba team to make it easier to configure BIND 9 to use GSS-TKEY. GSS-TKEY is used to allow Windows clients to securely update DNS zones using dynamic DNS, primarily in an Active Directory environment. These changes may be coming as early as BIND 9.8.0, which is scheduled to be released in late

    Read more
    0
    0
  • Join The Global Passive DNS (pDNS) Network Today & Gain Effective Tools To Fight Against Cyber Crime

    Why contribute passive DNS data to ISC? ISC – the Public Benefit Company that works to sustain the spirit of the Internet – is expanding the capacity of our Passive DNS System. Passive DNS provides the industry greater insight into how the cyber-criminals are using DNS to violate the Internet. Vetted organizations are invited to join the pDNS network by

    Read more
    2
    0
  • Changes to BIND 9 development helped catch bugs

    Yesterday I blogged about how ISC has been changing our internal development practices for BIND 9. Today, with the release of several security patches, I wanted to talk a bit on how they have helped us already. Test-driven Development In many projects, and previously in BIND 9, tests were written after the code was working. This left writing automated tests

    Read more
    0
    0

Last modified: November 1, 2016 at 1:25 pm