Cryptographic Tools for Non-Existence in the Domain Name System: NSEC and NSEC3
This is the second in a multi-part blog series on cryptography and the Domain Name System (DNS).
In my previous post, I described the first broad scale deployment of cryptography in the DNS, known as the Domain Name System Security Extensions (DNSSEC). I described how a name server can enable a requester to validate the correctness of a “positive” response to a query — when a queried domain name exists — by adding a digital signature to the DNS response returned.
(more…)
The Domain Name System: A Cryptographer’s Perspective
This is the first in a multi-part blog series on cryptography and the Domain Name System (DNS).
As one of the earliest protocols in the internet, the DNS emerged in an era in which today’s global network was still an experiment. Security was not a primary consideration then, and the design of the DNS, like other parts of the internet of the day, did not have cryptography built in.
(more…)
Chromium’s Reduction of Root DNS Traffic
As we begin a new year, it is important to look back and reflect on our accomplishments and how we can continue to improve. A significant positive the DNS community could appreciate from 2020 is the receptiveness and responsiveness of the Chromium team to address the large amount of DNS queries being sent to the root server system.
(more…)
Meeting the Evolving Challenges of COVID-19
The COVID-19 pandemic, when it struck earlier this year, ushered in an immediate period of adjustment for all of us. And just as the challenges posed by COVID-19 in 2020 have been truly unprecedented, Verisign’s mission – enabling the world to connect online with reliability and confidence, anytime, anywhere – has never been more relevant. We are grateful for the continued dedication of our workforce, which enables us to provide the building blocks people need for remote working and learning, and simply for keeping in contact with each other.
(more…)
A Balanced DNS Information Protection Strategy: Minimize at Root and TLD, Encrypt When Needed Elsewhere
Over the past several years, questions about how to protect information exchanged in the Domain Name System (DNS) have come to the forefront.
One of these questions was posed first to DNS resolver operators in the middle of the last decade, and is now being brought to authoritative name server operators: “to encrypt or not to encrypt?” It’s a question that Verisign has been considering for some time as part of our commitment to security, stability and resiliency of our DNS operations and the surrounding DNS ecosystem.
(more…)
Cybersecurity Considerations in the Work-From-Home Era
Note: This article originally appeared in Verisign’s Q3 2020 Domain Name Industry Brief.
Verisign is deeply committed to protecting our critical internet infrastructure from potential cybersecurity threats, and to keeping up to date on the changing cyber landscape.
(more…)
Verisign Q3 2020 Domain Name Industry Brief: Internet Grows to 370.7 Million Domain Name Registrations
Today, we released the latest issue of the Domain Name Industry Brief, which shows that the third quarter of 2020 closed with 370.7 million domain name registrations across all top-level domains (TLDs), an increase of 0.6 million domain name registrations, or 0.2 percent, compared to the second quarter of 2020.1,2 Domain name registrations have grown by 10.8 million, or 3.0 percent, year over year.1,2
(more…)
Authenticated Resolution and Adaptive Resolution: Security and Navigational Enhancements to the Domain Name System
The Domain Name System (DNS) has become the fundamental building block for navigating from names to resources on the internet. DNS has been employed continuously ever since its introduction in 1983, by essentially every internet-connected application and device that wants to interact online.
(more…)
Harnessing the Momentum of Women in Cybersecurity
This week, some of the brightest subject matter experts from across the U.S. and beyond gathered virtually to talk about women in cybersecurity, recognizing that the internet is filled with both opportunities and risks, and that it’s up to all of us to defend, protect and secure critical internet infrastructure.
(more…)
Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution
Data privacy and security experts tell us that applying the “need to know” principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider — or to other parties — to the minimum the service provider requires to perform a service. This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS.
(more…)