Where Do Old Protocols Go To Die?

By Domain Names

In Ripley Scott’s classic 1982 science fiction film Blade Runner, replicant Roy Batty (portrayed by Rutger Hauer) delivers this soliloquy:

“I’ve…seen things you people wouldn’t believe…Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those…moments…will be lost in time, like (cough) tears…in…rain. Time…to die.”

The WHOIS protocol was first published as RFC 812 in March 1982 – almost 33 years ago. It was designed for use in a simpler time when the community of Internet users was much smaller. WHOIS eventually became the default registration data directory for the Domain Name System (DNS). As interest in domain names and the DNS has grown over time, attempts have been made to add new features to WHOIS. None of these attempts have been successful, and to this day we struggle with trying to make WHOIS do things it was never designed to do.

(more…)

Exploring Future Internet Architectures

By Domain Names

UCLA and Washington University in St. Louis recently announced the launch of the Named Data Networking (NDN) Consortium, a new forum for collaboration among university and industry researchers, including Verisign, on one candidate next-generation information-centric architecture for the internet.

Verisign Labs has been collaborating with UCLA Professor Lixia Zhang, one of the consortium’s co-leaders, on this future-directed design as part our university research program for some time. The consortium launch is a natural next step in facilitating this research and its eventual application.

Van Jacobson, an Internet Hall of Fame member and the other co-leader of the NDN Consortium, surveyed developments in this area in his October 2012 talk in the Verisign Labs Distinguished Speaker Series titled, “The Future of the Internet? Content-Centric Networking.

As I stated in my summary of the talk, content-centric networking and related research areas under the heading of information-centric networking and NDN bring internet protocols up to date to match the way many of us already are using the internet. As Van noted, when people want to access content over the internet– for instance the recording of his talk – they typically reference a URL, for instance http://www.youtube.com/watch?v=3zOLrQJ5kbU.

(more…)

New from Verisign Labs: Measuring the Leakage of Onion at the Root

By Security

If you are trying to communicate anonymously on the internet using Tor, this paper may be an important read for you. Anonymity and privacy are at the core of what the Tor project promises its users. Short for The Onion Router, Tor provides individuals with a mechanism to communicate anonymously on the internet. As part of its offerings, Tor provides hidden services, specifically anonymous networking between servers that are configured to receive inbound connections only through Tor. In order to route requests to these hidden services, a namespace is used to identify the resolution requests to such services. Tor uses the .onion namespace under a non-delegated (pseudo) top-level-domain. Although the Tor system was designed to prevent .onion requests from leaking into the global DNS resolution process, numerous requests are still observed in the global DNS, causing concern about the severity of the leakage and the exposure of sensitive private data.

(more…)

Solving Challenges of Scale in Data and Language

By Domain Names

It would not be too much of an exaggeration to say that the early internet operated on the scale of kilobytes, with all spoken languages represented using a single character encoding – ASCII. Today’s global internet, so fundamental to society and the world’s economy, now enables access to orders of magnitude more information, connecting a speakers of a full spectrum of languages.

The research challenges continue to scale along with data volumes and user diversity.

(more…)

IANA 2.0: Ensuring ICANN Accountability and Transparency for the Future

By Domain Names

The National Telecommunications and Information Administration’s (NTIA) March 14, 2014, announcement proposing the transition of its legacy Internet Assigned Numbers Authority (IANA) stewardship role has presented the Internet Corporation for Assigned Names and Numbers (ICANN) multi-stakeholder community equal amounts of opportunity and responsibility. We have been handed a singular opportunity to define the terms of any stewardship transition and the fundamental responsibility to get it right.

Getting it right means ensuring, through a bottom-up, multi-stakeholder process, the reform of ICANN’s accountability structures to protect the community and the multi-stakeholder model prior to NTIA’s disengagement from its oversight and stewardship role. It also means acting quickly and efficiently so our window of opportunity is not missed.

(more…)

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

By Security

Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

(more…)

DNS Outages: The Challenges of Operating Critical Infrastructure

By Security

Recent attacks targeting enterprise websites have created greater awareness around how critical DNS is for the reliability of internet services and the potentially catastrophic impact of a DNS outage. The DNS, made up of a complex system of root and lower level name servers, translates user-friendly domain names to numerical IP addresses. With few exceptions, DNS lives in a grey area between IT and network operations. With the increasing occurrences of distributed denial of service (DDoS) attacks, advanced persistent threats (APTs) and exploitation of user errors through techniques such as typosquatting and phishing, enterprises can no longer take a passive role in managing their DNS internet infrastructure.

(more…)

Verisign Delegates Four New gTLDs to the Root Zone

By Domain Names

Guest post from Pat Kane, Senior Vice President, Naming and Directory Services

On Oct. 23, 2013, at approximately 11:00 a.m. EDT, Verisign received authorization instructions from the U.S. Department of Commerce National Telecommunications and Information Administration (NTIA) to delegate four new gTLDs into the root zone, which we are responsible for maintaining per the Cooperative Agreement between Verisign and NTIA. Verisign acted in accordance with our contractual obligation and delegated these TLDs into the root zone at 2:33 p.m. EDT the same day.

(more…)

Diversity, Openness and vBSDcon 2013

By Domain Names

“There never were in the world two opinions alike, no more than two hairs or two grains; the most universal quality is diversity”

–Michel Eyquem, seigneur de Montaigne (1533–1592)

Diversity is a central design principle of the Domain Name System. With respect to the DNS root, it’s the reason that there are 13 separately managed root servers with 12 independent operators. It’s the reason Verisign operates the two root servers we’re responsible for – the A and J roots – as well as other name servers – at multiple locations around the world. It’s also the reason that within these locations operated by Verisign, multiple physical servers handle the incoming traffic. And it’s the reason that among these multiple servers, we use multiple hardware and software platforms, as well as multiple network providers.

In other words, diversity is one reason the DNS industry in general, and Verisign in particular, doesn’t do everything the same way and in the same place.

(more…)

Connecting With Verisign: Seven Months In

By Domain Names

As a technology leader whose career objective is to help build a connected digital world, it’s hard for me to envision a better place to be at this time in internet history than Verisign.

That’s what I needed to be convinced of earlier this year when I decided to leave a good job with great people at another leading IT company to become Verisign’s CTO. Seven months later, I haven’t been disappointed.

(more…)