RFC 7050 – Next step in IPv6 readiness for service providers
IETF recently announced the publication of RFC 7050 – “Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis”. This is an interesting RFC that will help service providers transition their customers to an IPv6 only network. I’m happy to have been contributing with minor suggestions to the authors around how the DNS pieces of […]
Lies, damn lies and DNS performance statistics
To paraphrase Mark Twain (and Benjamin Disraeli if internet search results can be trusted), there are three kinds of DNS lies: lies, damn lies and DNS performance statistics. Most networking professionals know to have a healthy skepticism about information put out by the marketing departments of networking vendors. And so they should. It is the […]
FAQ for CVE-4854 – BIND Vulnerability
In order to help our customers with their DNS-related questions, we wrote this blog post regarding the recently announced BIND vulnerability, CVE-4854. What happened? ISC announced a critical vulnerability in the popular BIND DNS software. This might affect you. BIND servers configured either as caching or authoritative are vulnerable.
Developing a Framework to Improve Critical Infrastructure Cybersecurity
Here are thoughts from our CTO, Bill Worley PhD, on properly securing critical infrastructure in our highly connected world. They are particularly applicable with what we have seen in the last year with increased DDoS attacks focused on the DNS and compromised systems for the theft of intellectual property.
DNSSEC Adoption is Slow for Government Agencies
Even though more than two years have passed since federal government agencies were required to support DNS Security Extensions (DNSSEC) on their web sites, only 57 percent of agencies have met these requirements. In other words, about 40 percent of federal agencies have not secured their domains to protect users from domain name hijacking and […]
Google Now Supports DNSSEC
Google announced this week that they have enabled Domain Name System Security Extensions (DNSSEC). This is essential for ensuring that DNS queries are directed to the real web site. With this in place Google is now checking the digital signatures on DNSSEC formatted messages. Currently 7% of the volume of all the queries Google handles […]
