• Don’t drown in the IPv6 address sea

    Our Chief Operating Officer, Joe Gersch, recently authored this blog post on managing large numbers of reverse DNS records at our partner, 6connect’s, blog site: http://www.6connect.com/blog/dont-drown-ipv6-address-sea/

    Read More
    0 7162
  • Secure64 DNS Cache not vulnerable to recently announced resource exhaustion bugs

    Secure64 has confirmed that its DNS Cache product is not vulnerable to the latest BIND Vulnerability bug announced by ISC on December 8, 2014. This BIND bug is categorized as severe and remotely exploitable, and is the 9th such vulnerability in the past 24 months. The announcements describe flaws in…

    Read More
    0 856
  • Latin America Going IPv6-only

    IP address assignments around the world are handled by the Regional Internet Registries (RIR). In the beginning of May, I had the pleasure to attend and be a speaker at the LACNIC (the Latin American RIR) conference in Cancun, Mexico. My talk about IPv6 and DNS was very well received…

    Read More
    0 611
  • Heartbleed SSL Bug, DNS and the Perils of a Monoculture

      The Heartbleed flaw in OpenSSL highlights a critical vulnerability in the structure of the Internet: lack of diversity in critical software and hardware that run everything. Use of “free” open source software and commodity hardware enables a lot of applications and services to be delivered inexpensively but also leaves…

    Read More
    0 656
  • Water Torture: A Slow Drip DNS DDoS Attack

    A number of our service provider customers around the world are reporting that they see a new type of DNS DDoS attack that uses the DNS as the attack vector. The service providers themselves do not appear to be the target of this attack. Instead, the attack tries to overwhelm…

    Read More
    0 5630
  • Firezilla FTP

    Recently, a fake version of the popular Filezilla File Transfer Protocol (FTP) client has been made available for download on some sites. This fake version of Filezilla looks and works as expected but it also harvests login credentials in the background. These credentials are secretly sent to a hacker owned…

    Read More
    0 1320
  • DNS prefetching in browsers

    Some browsers such as Firefox implement various types of prefetching. The basic idea is that the browser will start to preload hyperlinked pages in the background to so that once a user clicks on a link the web page will already be ready to be displayed. Speculative prefetching like this…

    Read More
    0 717
  • RFC 7050 – Next step in IPv6 readiness for service providers

    IETF recently announced the publication of RFC 7050 – “Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis”. This is an interesting RFC that will help service providers transition their customers to an IPv6 only network. I’m happy to have been contributing with minor suggestions to the authors around…

    Read More
    0 819
  • Lies, damn lies and DNS performance statistics

    To paraphrase Mark Twain (and Benjamin Disraeli if internet search results can be trusted), there are three kinds of DNS lies: lies, damn lies and DNS performance statistics. Most networking professionals know to have a healthy skepticism about information put out by the marketing departments of networking vendors. And so…

    Read More
    0 930
  • FAQ for CVE-4854 – BIND Vulnerability

    In order to help our customers with their DNS-related questions, we wrote this blog post regarding the recently announced BIND vulnerability, CVE-4854. What happened? ISC announced a critical vulnerability in the popular BIND DNS software. This might affect you.  BIND servers configured either as caching or authoritative are vulnerable.

    Read More
    0 716