Press Release

  • ISC and Your Personal Data

    By vicky risk on May 4, 2018
    0

    Like many responsible organizations with an on-line presence, we have been preparing to meet our new obligations under GDPR (General Data Protection Regulations – it’s an EU thing).  We are a small business with less than 30 employees and no business activities located in Europe. We are committed to transparency because we care about public trust in ISC: we also don’t want to spend a lot of your money on lawyers.  We have created a formal written privacy policy based heavily on the one ISOC recently published, and have done our own inventory of personal and technical data we have in our systems.

    What follows is an inventory of the data we collect and use, with a link to the formal Privacy Policy statement.

     

    ISC’s Public Sites

    ISC operates a number of Sites for public collaboration and information sharing, including but not limited to: public mailing lists, fora, ISC’s main web site, project wiki pages, source code repositories, software issue trackers, our Knowledge Base, our ftp.isc.org download site, social media sites, and others.

    • We don’t use paywalls or require registration to read information on any of our Sites or to download documents or software. We do require registration to submit data to these systems in order to control spam and abuse. We may use your Personal Data submitted during registration to contact you. In some cases, your registration and other personal information provided by you will be visible to other users.
    • Users of our public mailing lists, issue trackers, code repositories, knowledge base and other ISC Sites consent to publishing their personal data when they choose to participate actively in those public sites.  ISC’s mailman service, Gitlab, source.isc.org, ftp.isc.org, kea.isc.org, bugs.isc.org, www.isc.org, ednscomp.isc.org and kb.isc.org are operated by ISC.  ISC’s Github site, Discourse forum and Nabble forum are operated by those companies on our behalf.
    • ISC maintains several databases for tracking software issue reports by users. These databases enable the public to report and view problem reports about ISC open source projects.  These include but are not limited to:

      All of these systems may store submitter username, email address and other contact data, depending on what the user shared (e.g. in the signature field in the email), as well as technical data about their software deployment, network, and issue, and possibly configuration files, log files and core dumps. We must have this information in order to communicate with the submitter to get more information about the issue and/or verify a solution.

      We don’t want anyone to refrain from submitting issues because of privacy concerns, however, so if you want to submit an issue and don’t want your submission to be publicly visible, contact us to request that we hide your personal information. Depending on the site, this may mean that the entire issue is non-public, which defeats the purpose of having a public issue tracker, so please don’t do this without a compelling reason.

    ISC’s Contact Database

    • ISC maintains a contact database for sales and marketing purposes. This database includes contact names, with organization, title, email, phone and fax contact information, contracts and purchase orders and their details and a log of emails exchanged between the contact and ISC. 
    • When you send ISC an inquiry, we log your inquiry including your contact information and the text of your inquiry in our contact database, where we also track our response to you.  Your information will be in this database if you have ever contacted ISC asking for help, or a quotation for services, either via phone, email or by visiting our table at a conference.
    • If you have made a purchase from or a donation to ISC, or visited our booth at a conference or industry event, your name and contact information may also be in this database.  We use this information to acknowledge your donation and we may use it to solicit future donations.  
    • We have also in the past purchased some lists for marketing purposes, which may have also been imported into this database.
    • We use this contact database to stay in touch with users, to sell and to provide the services that support our work. We do occasionally send bulk email to contacts in this marketing database, but that is infrequent, and always includes a clearly visible link to unsubscribe from future mailings.  Users who have unsubscribed will be marked as ‘opted out’ in the database and will not be sent further bulk emails.
    • This database is maintained for us by SugarCRM. Per our agreement with SugarCRM they are permitted to hold and process this data for ISC’s own business use only, and they may not leverage it for any other purpose. ISC does not share or sell the information with any other organization. Access is limited to a small subset of ISC employees who need the information for their business purposes.

    Webinars and Surveys

    • In order to register to participate in certain ISC activities (e.g. webinars), you may be asked to register and provide personal information including employer, physical address, and/or email and phone contact information.   This information is collected to facilitate followup incase you ask questions on the webinar that we can’t answer on the spot, and may be used in marketing our services to you or fulfilling special offers made to webinar participants. The information may be stored in the webinar conferencing application and/or our customer relationship management database (CRM), below.
    • ISC occasionally conducts surveys for marketing and product management purposes. Survey tools generally use cookies and log IP addresses to prevent duplicate responses, or to facilitate completing a partially completed survey at a later time. Depending on the survey collection method, the survey data may permit identification of the email address of the respondent. The information provided in response to the survey is stored along with any respondent identifying information collected by the survey tool.
    • Webinar registrations and survey data are processed by third parties. We currently use Zoom for conferencing services and SurveyMonkey for survey operations.
    • Access to webinar attendee and survey data is limited to ISC employees. We don’t share attendee or survey data, except in anonymized or summary form.  The exception to this are webinars or surveys that are explicitly jointly sponsored with another organization – in that case we may share the data related to the webinar or survey with our co-sponsor for their own use only.

    ISC’s Support Customers

    Subscribers to ISC’s software support services have to provide contact information for multiple (usually 4) points of contact. This information is required in order for us to provide the support service.  This information generally includes

    • First and family name
    • Email address
    • Organization name (employer)
    • Phone number (optional)

    We use the email address to communicate with support subscribers, to alert them of support ticket updates, to provide notice of new releases, to provide transactional information (such as validation of email address, to send terms and instructions for the support service, and to process forgotten passwords).  Very infrequently, we may also use the technical support contact email addresses to survey support users about our support services or product usage, or to provide roadmap updates.

    We don’t have any regular support process that uses customer telephone numbers, but some subscribers of our support services are allowed to contact us via phone and we might conceivably use the telephone number in an unusual process, e.g. for verifying identity when updating contact information or for password recovery.

    Support technical contact information is stored in our support ticketing system, which is operated by ISC in the US. (Some technical support contacts may also be included in our main (SugarCRM) contact database.) This database also includes a log of customer support tickets opened and our responses to them, and may include core dumps, configuration files and software logs.

    We use this information to support customers, and to identify and troubleshoot issues in our software. Access is limited to current ISC employees.  We retain this record even after an individual or organization terminates their support relationship with ISC, unless they specifically request we delete it, because it provides us with a valuable technical record.

    Our standard support services agreement includes an NDA. We don’t publicly identify customers or their representatives unless the customer does so first.  When we log issues in our publicly-visible issue trackers on behalf of support customers, we either make the issue private, or anonymize the support customer identity.

    Donors to ISC

    • If you have made a donation to ISC, your name and contact information may also be in our contact database, discussed above.  We use this information to acknowledge your donation and we may use it to solicit future donations.  
    • We normally acknowledge donations of $10 or more on our main web site. We are happy to refrain from this if you request anonymity.

    Credit Card Information

    In the event you choose to make a donation or purchase using your credit card, we will request credit card information, including number, expiration date, billing address and card security code so your donation can be processed.  This information passes directly to ISC’s payment processor, PayPal. ISC neither uses nor stores this information.

    Technical Data

    • We do the minimum of tracking via Google tags on our web sites to support basic statistics about # of visitors, pages visited, time spent, browsers used and geographic location of our users.
    • Our Sites use third parties for web analytics services so that we can understand how visitors interact with our sites – and how we can improve the experience for visitors. Our current services and/or vendors are:
      • Google Analytics – our primary source for website analytics
      • Google Tag Manager –  the mechanism we use for sending information into Google Analytics
      • Google Custom Search Engine (CSE) – the tool we use when people search across our sites
      • Evergreen Digital Media – a consultant helping us to maintain our Google Ads (a free benefit provided to non-profits by Google that makes it easier for non-profits to promote their web site in search results).  This organization has access to our Google Analytics data for the purpose of improving our Google Ad effectiveness.
    • We have declined to opt into any of the extended tracking and analysis that Google offers which attempts to enrich this data with other data Google may have about other user behavior or demographics.
    • Many of our on-line systems have logs, which log IP addresses of connections. We don’t do any processing to attempt to associate these addresses with usernames, email addresses or organizations.  We do analyze the logs in aggregated form to determine site usage and software download levels.
    • One exception to this is F Root: we do share some F Root data with ICANN and DNS-OARC for research purposes only. Any such traffic logs we share after the GDPR implementation date of May 25, 2018 will be anonymized.

    Third Parties who may store or process Personal Data

    We use services for interacting with users, optimizing our web sites and managing our search presence. Each of our contracts with these third parties restricts the use of personal information so it can only be used to provide the services under the contracts.  In addition, these companies are required to treat all information and protect it by processes and procedures no less strict than those used by ISC.

    Our current services and/or contractors are:

    • SugarCRM – hosts ISC’s contact database. Access is limited to a few ISC employees.
    • Github – hosts ISC open source and has Personal Data submitted by users in issues and patch requests as well as technical data Github may collect.  Access is public.
    • Discourse – hosts the public forum at forum.isc.org and has all data submitted to that site. Access to public posts is public, account registration details are visible only to a few ISC employees.
    • Nabble – provides us with a hosted forum service, an alternative public discussion venue for ISC software and services. Nabble has access only to data already published on ISC mailing lists
    • Zoom – provides conferencing services, may have data on prior conference attendance
    • SurveyMonkey – provides survey operations, has data on prior survey responses, may include technical data such as IP address from cookies

     

    We can be contacted, about this or anything else, at info@isc.org.

    Our main phone number (generally goes to voicemail) is US – 650-423-1300. Our business address is 950 Charter Street, Redwood City, CA 94063.

     

    Links

    ISC’s Privacy Policy Statement

    EUGDPR.org

    Wikipedia on GDPR

     

     

     

  • End to Bandaids for Broken EDNS

    By vicky risk on March 19, 2018
    0

    Extension Mechanisms for DNS were standardized in 2013

    Despite this, there continue to be non-compliant implementations.  DNS software developers have tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension (RFC 6891 standard) by various workarounds for non-standard behaviors. However, temporary workarounds are not a long-term solution. These workarounds excessively complicate DNS software and are now also negatively impacting the DNS as a whole. The most obvious problems caused by these workarounds are slower responses to DNS queries and the difficulty of deploying new DNS protocol features. Some of these new features (e.g. DNS Cookies) would help reduce DDoS attacks based on DNS protocol abuse.

    Open source DNS software developers agree

    To prevent further deterioration of DNS services, the developers of four major open source DNS software systems have agreed to discontinue support for these non-standard solutions. All new releases of DNS software from CZ.NIC, ISC, NLnetlabs, and PowerDNS after February 1, 2019 will not contain workaround code for non-compliance with EDNS standard RFC 6891.

    Test your domains and servers

    You can test your domains and authoritative DNS servers using the web application https://ednscomp.isc.org/ednscomp/. A test result with a green message “All Ok” indicates that you are already prepared for the changes and do not need to do anything. If the result of the test is anything else than the green message “All Ok”, please update your DNS software. If you are using the latest version of your server software, please contact its developer and ask for a fix. In this case, we recommend attaching a link to the test result, which contains technical details, to your message.

    Note to DNS software vendors

    Please note that full EDNS support (RFC 6891) in DNS software is not mandatory.

    In case you decide not to support EDNS it is mandatory to correctly answer queries with EDNS in accordance with RFC 6891 section 7, i.e. namely to answer with valid DNS message containing RCODE=FORMERR. Please follow the RFC mentioned above while implementing this. Thank you!

    Non-compliant domains may become unavailable

    Domains served by DNS servers that, according to the above mentioned tests, are not compliant with the standard, will not function reliably after February 1, 2019, and may become unavailable.

    We are aware of the importance of this change and we want to inform as many people as possible. We are going to keep drawing attention to this change, which will begin to apply in less than a year. If you have the ability to spread this information to people who are in charge of networks and DNS servers, we will be glad if you shared the link to this blog post. Our goal is a reliable and properly functioning DNS that cannot be easily attacked.

    Adapted (with permission) from a blog post at CZNIC by:
  • ISC Receives Mozilla MOSS Award

    By vicky risk on October 4, 2016
    0

    We are thankful that Mozilla chose to give a MOSS award to ISC to help fund development of the Kea DHCP server, through the Mozilla Foundational Technology track.  This is a wonderful program, through which Mozilla gives back to the Internet community by sponsoring development of the open source that everyone can use.

    Kea is modern software that we hope will eventually replace the extremely popular, but also very mature, ISC DHCP, also known as dhcpd. DHCP software is classic infrastructure.  People expect that DHCP software will be available in their operating system, but few people wonder where it comes from, or how the development is funded.  Kea is already packaged for most major Linux and Unix operating systems, but is still missing a few very desirable features.

    ISC’s MOSS award was for $100,000, which we will use to support design and development of a management api, and a secure remote management client.  Remote management is an important feature, one that is frequently requested by prospective users.  We have a preliminary requirements document posted in the Kea project wiki and are starting work on a design.

    Kea is already a fully functional DHCPv4 and DHCPv6 server.  We have just released Kea version 1.1, which greatly expanded support for leveraging an external database for host reservations, and added a flexible client classification system. Kea is accepting community contributions on Github, with significant contributions enabling initial support for a Cassandra database backend and lightweight DHCPv4 over v6 in version 1.1.

    We sometimes joke that ISC puts the “non” in “non-profit.”  ISC has been funding Kea internally, and with 3+ developers and a test engineer, it is a significant effort.  We are offering Kea support contracts, which we hope will eventually fund on-going maintenance, but grants like this are essential to add major new functionality, to continue to create open source infrastructure for the future.  We look forward to spending this award money on adding an important feature users are asking for to the Kea open source.

  • Kea 1.1 Released

    By vicky risk on October 3, 2016
    0

    Kea 1.1 is available!

    We are please to announce the availability of Kea 1.1.  Kea is ISC modern DHCP server, which brings new functionality to the datacenter, and any ISP or enterprise who needs to tie dynamic host control into external provisioning systems.

    New features in Kea 1.1 include:

    Host Reservations

    Kea 1.0 contained limited support for storing host reservations in the database backend.  Kea 1.1.0 has expanded that
    capability, allowing host reservations to be stored in a MySQL or PostgreSQL database. In particular, Kea 1.1.0:
    – Adds host reservation (DHCPv4 and DHCPv6) using the PostgreSQL backend.
    – Adds host reservation for DHCPv6 to the existing MySQL support.
    – Significantly extends the existing host reservation capabilities to include reservations of specific DHCP options, reservations of siaddr, sname, and file fields within DHCPv4 messages, and reservations of multiple IPv6 addresses/prefixes.
    – Allows the MySQL or PostgreSQL host reservation database to be configured read-only, in which case Kea will be able to retrieve reservations
    from it, but not insert or update existing reservations. This feature is useful when a database (or database view) exists for the particular deployment and the administrator doesn’t want to grant read-write access for
    security reasons.

    Client Classification

    In Kea 1.1 the client classification system has been expanded. A class definition contains a name and a test expression of
    arbitrary complexity; if the test expression evaluates to “true” the client is a member of that class.  A client may be a member of multiple
    classes and can acquire options from different classes.   If the configuration contains multiple definitions for data for an option in two or more of the global, class, subnet or host entries, the server will choose the definition from the most specific entry.

    There are a number of objects and operators available for use in the test
    expression.
    – Operators include: equal, not, and, or, substring, concat
    – Objects include:
    – literals: string, hexadecimal, IP address and integer
    – options: existence and content
    – relay options for DHCPv4 and DHCPv6: existence and content
    – subfields within vendor and vendor class options: existence, enterprise-id value and content
    – selected fields from DHCPv4 and DHCPv6 packets
    – Classes may be used to select subnets
    – Classes and class specific subnets may contain option data to serve to
    clients within that class

    Hook Library Parameters

    It is now possible to specify parameters for hook libraries in the Kea configuration file. In earlier versions of Kea, hook library authors had to use a external mechanism (such as file of a known name) to pass information across.

    DHCPv4-over-DHCPv6

    RFC7341 defines an architecture that allows dual-stack clients to communicate with DHCPv4 server in IPv6-only networks. Kea 1.1 introduces support for this mode of operation. It requires running both DHCPv4 and DHCPv6 servers in special mode, where DHCPv6 component does not allocate anything, but decapsulates incoming DHCPv4 messages, sends the to the DHCPv4 server and then relay back the responses.

    Cassandra Database Backend

    Kea 1.1.0 has added preliminary support for Cassandra as a database backend.  In this release of Kea it can only
    be used to store lease information, it is not able store host reservations. Cassandra support is currently considered experimental. Use with caution.

    MPL 2.0 License

    Kea 1.1.0 has been released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0

    Support

    Professional support for Kea is available from ISC. Free best-effort support is provided by our user community via a mailing list. Information on all
    public email lists is available at https://www.isc.org/community/mailing-list

    If you have any comments or questions about working with Kea, please share them on the Kea Users List https://lists.isc.org/mailman/listinfo/kea-users.
    Bugs and feature requests may be submitted via the ticket tracking system at http://kea.isc.org

  • 2014 Annual Report

    By vicky risk on July 17, 2015
    0

    Letter from the President

     

    We are now a trimmer and more functional organization, with financial controls, stability and predictability.

    We determined that BIND revenues had been subsidizing our other efforts, so we put more back into BIND, adding three DNS engineers in early 2015. On the operations side, we are cutting back on subsidized programs that no longer make sense, like commercial hosting and commercial SNS, while refocusing our efforts on public benefit F-Root and ccTLD DNS publishing. We have had virtually no personnel turnover in more than a year since our reductions in force, and our customers and partners have stuck with us, too, maintaining a 93% renewal rate.

    Going forward, ISC continues to balance our public benefit mission with financial stability; we are working cooperatively with other open source providers to provide commercial support for products like NLnet Lab’s Unbound and are in talks to add more. We’ve removed restrictions on our Knowledge Base so that everyone, not just paying customers, can access our technical documentation, and added 36 new feature articles and a comprehensive BIND DNSSEC guide just in 2014.

    We are reaching out to our external contributors, accepting patches as a greater priority, and granting accounts in our bug tracking system to our frequent contributors. We opened public access read-only GITs for BIND and ISC DHCP, and posted our new DHCP project, Kea, on Github. We continue making significant contributions to industry standards development and have strong roles in NANOG, the IETF, RIPE NCC, DNS/OARC, ISOC, and ICANN to name a few.

    ISC carries no debt, is approximately break even, and has sufficient financial reserves to carry us through normal downturns in the business. We are proud of our past and excited about our future. We are aggressively in discussions around the globe to research emerging problems we can help solve and playing fields we can help level. We aren’t going anywhere but forward. We hope you will consider supporting our mission financially and furthering our common goals.

     

    Regards,

    Jeff Osborn

    President, Internet Systems Consortium

    Attached: 2014 Annual Report

Last modified: January 30, 2014 at 11:49 am