Search DNSSEC Blog


Wednesday, March 7, 2012

ISPs: No New Cybersecurity Regulations Needed

IDG News Service (Washington, D.C., Bureau) — The U.S. Congress should resist any temptations to pass new cybersecurity rules affecting broadband and mobile service providers, a group of Internet service providers told lawmakers Wednesday.

Instead, Congress could remove some legal barriers for ISPs to share cyberthreat information with each other and for the government to share information with private companies, officials with five broadband and mobile network operators said during a hearing before the House of Representatives Energy and Commerce Committee's communications subcommittee.

Full Article

Thursday, December 8, 2011

Introducing DNSCrypt (Preview Release),by OpenDNS

"DNSCrypt and DNSSEC are complementary.  DNSSEC does a number of things.  First, it provides authentication. (Is the DNS record I'm getting a response for coming from the owner of the domain name I'm asking about or has it been tampered with?)  Second, DNSSEC provides a chain of trust to help establish confidence that the answers you're getting are verifiable.  But unfortunately, DNSSEC doesn't actually provide encryption for DNS records, even those signed by DNSSEC.  Even if everyone in the world used DNSSEC, the need to encrypt all DNS traffic would not go away. Moreover, DNSSEC today represents a near-zero percentage of overall domain names and an increasingly smaller percentage of DNS records each day as the Internet grows.  
That said, DNSSEC and DNSCrypt can work perfectly together.  They aren't conflicting in any way.  Think of DNSCrypt as a wrapper around all DNS traffic and DNSSEC as a way of signing and providing validation for a subset of those records.  There are benefits to DNSSEC that DNSCrypt isn't trying to address. In fact, we hope DNSSEC adoption grows so that people can have more confidence in the entire DNS infrastructure, not just the link between our customers and OpenDNS."

Wednesday, November 30, 2011

DNSSEC Update from ICANN 42 in Dakar

"Perhaps the most encouraging update came from CZ.NIC, the manager of Czech country-code top-level domain .cz, which has been aggressively promoting DNSSEC since 2009. According to CZ.NIC's Ondrej Filip, 17% of domains in the .cz zone are now signed. That's 145,000 domains, making .cz probably the most DNSSEC-saturated zone in both relative and absolute numbers."

circleid (full article)

Thursday, November 24, 2011

The Economist: Accessories after the fact

That risks damaging the internet’s vital internal addressing system, which lets people use words instead of numbers to access websites. It also clashes with DNSSEC (don’t ask), a protocol that America has long championed to increase internet security. Messing with DNSSEC could create loopholes for hackers by allowing rogue websites to pose as legitimate ones. Savvy users (who do the most downloading) will be able to bypass these filters anyway. And the bill’s vague wording leaves open the possibility that American ISPs might have to institute more intrusive forms of filtering, with the costs, performance problems and privacy issues that would inevitably entail.

Sunday, October 23, 2011

P2P DNS – Taking ownership of the internet

"DNS is one of those core technologies on which the internet runs. For most end users, DNS is pretty much invisible until they want to register their first domain for their own websites. At that point, the concept of a domain registrar suddenly pops into view."

Read the entire article here.