DNS

Internet Society Joins Opposition to Stop Online Piracy Act (SOPA)

Policies mandating DNS filtering undermine the open architecture of the Internet and raise human rights and freedom of expression concerns

[Washington, D.C. and Geneva, Switzerland – 12 December 2011] – The Internet Society Board of Trustees has expressed concern with a number of U.S. legislative proposals that would mandate DNS blocking and filtering by ISPs to protect the interests of copyright holders. While the Internet Society agrees that combating illicit online activity is an important public policy objective, these critical issues must be addressed in ways that do not undermine the viability of the Internet as a platform for innovation across all industries by compromising its global architecture. The Internet Society Board of Trustees does not believe that the Protect-IP Act (PIPA) and Stop Online Piracy Act (SOPA) are consistent with these basic principles.
Continue reading

Internet Society statement on DNS Filtering in the US

The Internet Society has noted with concern a number of U.S. legislative proposals that would mandate DNS blocking and filtering by ISPs in order to protect the interests of copyright holders. We agree with proponents of the Protect-IP Act (PIPA) and Stop Online Piracy Act (SOPA) that combating illegal online activities is a very important public policy objective. However, policies that are enacted to achieve this goal must not undermine the viability of the Internet as a globally reachable platform. After close examination and consultation with the Internet community, we do not believe that the current U.S. legislative proposals are consistent with these basic principles.

In particular, we are concerned with provisions in both laws regarding DNS filtering. DNS filtering is often proposed as a way to block illegal content consumption by end users. Yet policies to mandate DNS filtering have not proven to be effective – these approaches interfere with cross-border data flows and services undermining innovation and social development across the globe. In addition, DNS blocking raises significant concerns with respect to human rights and freedom of expression and may curtail fundamental international principles of rule of law and due process.

The United States has an important leadership role when it comes to online Internet freedoms and should show the way when it comes to balancing local responsibilities and global impact, especially with respect to Internet policy.

In short, the negative impact of DNS filtering far outweighs any short-term, narrow, legal, and commercial benefits. The Internet Society believes that sustained, global collaboration amongst all parties is needed to find ways that protect the global architecture of the Internet while combating illegal online activities. We must all work to support the principles of innovation and freedom of expression upon which the Internet was founded.

Continue reading

Milton Mueller: Networks and States: The Global Politics of Internet Governance – NYU 12/14 #icann #igf

Milton MuellerISOC-NY is delighted to present Milton Mueller’s first full exposition of his new  book  Networks and States: The Global Politics of Internet Governance at NYU on Tuesday December 14 2010.  Prof. Mueller is a co-founder of ICANN’s NonCommercial User’s Constituency and a renowned cyberlibertarian.  His 2002 book Ruling the Root has long been the definitive work on governance.  We are excited to hear details of what, in his mind,  has changed in the last 8 years.  This event is open to the public and will be webcast live.

What: Networks and States: The Global Politics of Internet Governance
When: Tuesday December 14 2010 : 7-9pm
Where: Rm 317, Warren Weaver Hall NYU, 251 Mercer St NYC (& W. 4 St)
Who: Public welcome.  No RSVP needed.  Photo ID required.
Webcast: http://www.livestream.com/isocny
Hashtag: #isocny
Facebook: http://www.facebook.com/event.php?eid=175907139093951
Continue reading

Internet Society calls for wider consultation on ICANN DNS CERT proposal

In February the Internet Corporation for Assigned Names and Numbers (ICANN) set out its Proposed Strategic Initiatives for Improved DNS Security, Stability and Resiliency (SSR) and, specifically, proposed the establishment of the Domain Name System-Computer Emergency Response Team (DNS-CERT).

At the  March ICANN meeting in Nairobi CEO Rod Beckstrom endorsed the proposals, citing increased attacks on the DNS system.

The Internet  Society (ISOC) has filed comments stating that 1) there is no evidence of a sudden increase in attacks, increased vulnerability or inadequacy of current arrangements, and 2) that ICANN has jumped the gun with its proposals which are not necessarily within its purview. Indeed it is suggested that ICANN did not even gain the full backing of its own supporting organizations and advisory committees before making the proposals, and this is backed up by the comments of At-Large Advisory Committee Chair Cheryl Langdon-Orr.

ISOC recommends that the proposals be tabled while further consultation is made with the many institutional, national and regional organizations, including existing CERTs, that are already involved in maintaining DNS stability.

ISOC believes it is vital to rely on the Internet model to get the best result. The Internet model relies on open, bottom-up, freely accessible, public, multi-stakeholder, and knowledge-based processes for both technology and policy development.
Continue reading

ISOC submits comments on implementing DNSSEC

Reston, VA, USA; and Geneva, Switzerland – 24 November 2008 – The Internet Society today submitted comments to the United States National Telecommunications and Information Administration, in response to a Notice of Inquiry on “Enhancing the Security and Stability of the Internet’s Domain Name and Addressing System.” Before developing the submission, ISOC management sought inputs from the organization’s global membership. The final version reflects comments provided during several review sessions held during the ISOC Board of Trustees’ meeting in Minneapolis, Minnesota on November 22-23, 2008. The text of the submission is available here. Comments submitted by others, including the Internet Architecture Board, may be found on the NTIA website.
Continue reading

FREE DNS BEST PRACTICES SEMINAR – Oct 1

InfobloxOn Oct 1 2008 Infoblox will present DNS expert Cricket Liu at the Microsoft Conference Center in an interactive discussion on the very latest information about recently discovered flaws in DNS software, plus a session on best practices architecture for DNS and DHCP, specifically for Microsoft environments.  Cost free. Breakfast & lunch included.

Continue reading

ICANN releases FAQ, tools, and patch for Cache Poisoning Issue

ICANN ICANN is raising awareness of a recently discovered vulnerability in the domain name system (DNS). This includes releasing an FAQ and an online tool for domain operators to test their domains.
Due to the distributed nature of the DNS, no one organization can implement a fix for this vulnerability. It requires the cooperation of all name server operators and DNS software vendors. However, ICANN sees an important goal in spreading awareness of the need to update Internet infrastructure to cope with the threat. The organization has been undertaking significant outreach efforts to top-level domain operators to advise them on the issue. It has also prepared an FAQ and online domain testing tool to raise awareness of the problem, and to encourage network operators to rectify or update their servers.

Continue reading

Lynn St Amour to participate in DNS Forum

Lynn St Amour President and CEO of the Internet Society, Lynn St Amour, will join a panel of distinguished speakers in the Royal Society of London, UK, to discuss the naming system which is critical to modern Internet operations.

The discussion “What’s in a name? The History and Future of the Domain Name System” will explore the history and future of the Internet Domain Name System (DNS). Continue reading

IPv6 finally coming to root DNS servers

The current IPv4 protocol used on the Internet is running out of the addresses needed to accommodate the growing number of users online.

The American Registry for Internet Numbers (ARIN), the organization responsible for giving out IP addresses in North America, says that 19 percent of the IPv4 addresses are still available, while 68 percent have been allocated and 13 percent are “unavailable,” whatever that could mean. There are 4.3 billion IPv4 addresses, or 2^32. IPv6 has 2^128 addresses, or 16 billion-billion.

There have been efforts to get more mileage out of IPv4 by using tricks like conversions to IPv6 or using duplicate IPv4 addresses within a firewall. This has helped extend the lifespan of IPv4 but it only prolonged the inevitable.

Until now the biggest obstacle to IPv6 has been the fact that IPv6 address information is not included in most of the root DNS servers that power the Internet. DNS (Domain Name Service) is the Internet service that translates domain names such www.example.com into the numeric IP (Internet Protocol) addresses such as 198.105.232.4 that are actually used to connect computers on the Internet.

Starting on February 4th, at least one of those adoption barriers will be addressed as records for IPv6 addresses are added to four of the key root DNS servers. The inclusion of the IPv6 records could make the adoption and operation of IPv6 a more viable option for network operators.

IETF revises IDN implementation proposals

Revised papers of the technical standards that define the implementation of IDNs — the standards are called IDNA — were recently released via the IETF editors. These revisions are an important step toward the delegation of IDN top-level domains. Continue reading

DNS Server Survey Reveals Mixed Security Picture

A new survey on the state of DNS, commissioned by infrastructure appliance vendor Infoblox, found that the use of Windows DNS Server in Internet-facing applications has fallen off dramatically as more users act on concerns about security. BIND 9, the latest version, gained against earlier, less secure versions. Continue reading