The Domain Name System is a hierarchical system, where many nameserver operators are in charge of a limited set of information pertaining to a particular place in the hierarchy. To find the address information associated with any given name, it’s necessary to traverse the hierarchy. For instance, looking up www.arstechnica.com means talking to a nameserver that knows about the “root,” then going to one with information about .com and finally one that knows about arstechnica.com. DNSSEC requires signatures at each of these steps. Several top level domains (TLDs), such as .org, .se and .nl, have already signed their “zone,” and can provide a secure pointer to domain names at the next level in the DNS hierarchy.

There has been no secure delegation towards the already signed TLDs because the root wasn’t signed. To get around this limitation, people experimenting with DNSSEC used a collection of trust anchors, basically one for each TLD. With the root signed and secure delegations to the signed TLD zones included in the root zone, only a single trust anchor is required: one that explicitly trusts the root.

Full Story: Arstechnica

According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked.

The hack relies on tricking people to visit a malicious website. From that point on, the router itself can be hijacked and the poor user redirected pretty much anywhere the hacker wants them to go.

The hack relies on a hack known as “DNS rebinding,” something that has been around for nearly 15 years: The hack exploits an element of the Domain Name System, or DNS, the Internet’s method of converting Web page names into IP address numbers. (When you visit Google.com, for instance, a domain name server might convert that name into the IP address 72.14.204.147.) Modern browsers have safeguards that prevent sites from accessing any information that’s not at their registered IP address.

Full Story: ZDNet

The first top level domains with non-Latin characters went live on Thursday, just over six months after the process for doing so was approved, with another thirteen nearing registration.

“Today the first three production non-Latin top-level domains were placed in the DNS root zone,” wrote Icann root zone services manager Kim Davies in a blog post on Thursday. “This means they are live!”

The first three countries with internationalised domain names (IDN) are Egypt: مصر, Saudi Arabia: السعودية, and United Arab Emirates: امارات.

UK registry Nominet said that non-Latin character sets would allow wider, easier internet use.

Full Story: ZDNet

Of course, some were doubtful. OpenDNS, probably the company that has the most to lose by this decision, responded quickly. Some questioned its security, while others pointed out that Google gains a lot more than you might think by serving DNS: it would now know everywhere you were going, regardless of whether you went through Google Search or whether the site had Google Analytics installed.

While we’re not going to get in to the broader debate of whether this move is Good or Evil, we were curious if their service really offered significant performance benefits. So we extracted the DNS code from our BrowserMob website monitoring service (which itself is based on the fantastic xbill Java DNS library), and built a quick-n-dirty tool to measure exactly that.

Running your own test

These results were from a Qwest DSL connection in Portland, OR. We’re curious what your results are, so we’ve made the test available for everyone. It requires Java and can be run like so:

java -jar browsermob-dns-perf.jar

If you wish to test your ISP’s DNS, just add to the command line one or more IPs:

java -jar browsermob-dns-perf.jar 123.456.789.012

We hope that you will comment on this blog with the results you get. We’re very curious to see what the worldwide performance results are.

Full Story: browsermob

The action by the server’s operator, Netnod, appears to have resolved a problem that was causing some Internet sites to be inadvertently censored by a system set up in the People’s Republic of China.

On Wednesday, operators at NIC Chile noticed that several ISPs (Internet service providers) were providing faulty DNS information, apparently derived from China. China uses the DNS system to enforce Internet censorship on its so-called Great Firewall of China, and the ISPs were using this incorrect DNS information.

Full Story: IT World