Ongoing Community Work to Mitigate Domain Name System Security Threats

December 6, 2021 • By Keith Drazek • Domain Names, Security

For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities.

(more…)

Header image: Flashing technical imagery

The Test of Time at Internet Scale: Verisign’s Danny McPherson Recognized with ACM SIGCOMM Award

August 27, 2021 • By Burt Kaliski • Domain Names

The global internet, from the perspective of its billions of users, has often been envisioned as a cloud — a shapeless structure that connects users to applications and to one another, with the internal details left up to the infrastructure operators inside.

(more…)

Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets

June 22, 2021 • By Verisign • Domain Names

Note: This article originally appeared in Verisign’s Q1 2021 Domain Name Industry Brief.

This article expands on observations of a botnet traffic group at various levels of the Domain Name System (DNS) hierarchy, presented at DNS-OARC 35.

Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign’s commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS.

(more…)

Verisign Outreach Program Remediates Billions of Name Collision Queries

January 15, 2021 • By Matt Thomas • Domain Names

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. After contacting several national internet service providers (ISPs), the outreach effort grew to include large search engines, social media companies, networking equipment manufacturers, national CERTs, security trust groups, commercial DNS providers, and financial institutions.

(more…)

Chromium’s Reduction of Root DNS Traffic

January 7, 2021 • By Verisign • Domain Names

As we begin a new year, it is important to look back and reflect on our accomplishments and how we can continue to improve. A significant positive the DNS community could appreciate from 2020 is the receptiveness and responsiveness of the Chromium team to address the large amount of DNS queries being sent to the root server system.

(more…)

A Balanced DNS Information Protection Strategy: Minimize at Root and TLD, Encrypt When Needed Elsewhere

December 7, 2020 • By Burt Kaliski • Security

Over the past several years, questions about how to protect information exchanged in the Domain Name System (DNS) have come to the forefront.

One of these questions was posed first to DNS resolver operators in the middle of the last decade, and is now being brought to authoritative name server operators: “to encrypt or not to encrypt?” It’s a question that Verisign has been considering for some time as part of our commitment to security, stability and resiliency of our DNS operations and the surrounding DNS ecosystem.

(more…)

Authenticated Resolution and Adaptive Resolution: Security and Navigational Enhancements to the Domain Name System

November 19, 2020 • By Burt Kaliski • Security

The Domain Name System (DNS) has become the fundamental building block for navigating from names to resources on the internet. DNS has been employed continuously ever since its introduction in 1983, by essentially every internet-connected application and device that wants to interact online.

(more…)

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

September 16, 2020 • By Matt Thomas • Security

Data privacy and security experts tell us that applying the “need to know” principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider — or to other parties — to the minimum the service provider requires to perform a service. This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS.

(more…)

Chromium’s Impact on Root DNS Traffic

September 1, 2020 • By Duane Wessels • Domain Names

This article originally appeared Aug. 21, 2020 on the APNIC blog.

Introduction

Chromium is an open-source software project that forms the foundation for Google’s Chrome web browser, as well as a number of other browser products, including Microsoft Edge, Opera, Amazon Silk, and Brave. Since Chrome’s introduction in 2008, Chromium-based browsers have steadily risen in popularity and today comprise approximately 70% of the market share.¹

(more…)

Browsing Tag

DNS

Introduction