Nom•i•num
Nominum was formed from the Latin Nomen (“name”) and Numerus (“number”) joined with a distinctive “i”. Just as Latin was the basis for many other languages that spread around the world, Nominum naming and numbering software is the basis of large numbers of networks spread around the world.
[names & numbers] blog
February 21, 2012 |
DNSSEC Implementation
I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn’t protected them.
[Read More]
February 14, 2012 |
Ghosts in the DNS machine
There was an intriguingly named vulnerability revealed this week: Ghost Domains. A paper describing it can be found here. A team of researchers in China discovered a way to allow a domain to remain reachable in the DNS even after it has been revoked from a TLD.
[Read More]
February 8, 2012 |
Best practices for running DNS caching servers
Your new DNS infrastructure is up and running! Here’s what to watch for, how to monitor, and tips for patches and upgrades.
[Read More]
January 31, 2012 |
Best practices for designing and deploying caching DNS
After making decisions about scale, latency targets, and additional DNS based features that will be supported it’s time to define the next level of details.
Choose a suitable hardware platform
[Read More]
January 24, 2012 |
Best practices for DNS design and architecture
The DNS is a critical component of ISP infrastructure. It’s usually described in two forms, Authoritative and Caching. Authoritative DNS Servers host your domains like www.yourcompany.com, and associated resource records, as well as their location. It does this by mapping names of hosts to their IP-addresses. Caching DNS Servers help applications and services – browsers, VOIP, IPTV, etc. – navigate the DNS hierarchy to find the appropriate Authoritative servers and eventually the target host of your domain. [Read More]
January 19, 2012 |
Intelligent DNS Will Be Critical in Mobile Networks
Mobile exploits aren’t yet widespread; inherent security protections built into mobile devices, operating systems and networks have thus far largely deterred malware that gets secretly downloaded to mobile devices. But mobile users are still subjected to socially engineered attacks like phishing, and technologies (like QR codes) expose them in new ways. [Read More]
January 17, 2012 |
Advantage DNS
The DNS has played an essential role since the earliest days of the Internet, resolving an IP address when given a domain name. Now it’s being considered for security applications. There are many fundamental reasons why it makes sense: [Read More]
January 10, 2012 |
The Power of the Control Plane
Today’s hackers are all about money, they constantly change the face of their exploits to maximize their returns. These agile attacks require agile defenses. Moving security protections into the network is essential to enabling more reliable updates of threat information; aggregation also provides significant scaling and manageability benefits. DNS-based security protections improve agility because DNS queries are a leading indicator of security exposure; from a strategic vantage point the DNS participates in web transactions that provide visibility into the presence of security threats. [Read More]
January 5, 2012 |
A Strategic Vantage Point
The idea of using the DNS for security might be unfamiliar but it has several important characteristics that lend themselves beautifully to addressing today’s dynamic threats.
To start with, DNS servers occupy a strategic vantage point with tremendous visibility into what’s happening on networks. Every end user, device, and IP application uses the DNS to locate resources; legitimate applications like web browsers, VoIP, and email use it, and malicious applications use it too. [Read More]
December 20, 2011 |
Smarter DNS Makes a Smarter Security Solution
Network operators and IT departments constantly reassess their security exposure and evaluate the best methods for protecting their networks and end users. New security solutions are always emerging to help them and one that’s starting to receive a lot of attention is the DNS. That’s raising an obvious question: “how in the world does the DNS become a security platform?”. [Read More]
December 15, 2011 |
A Better Way to Protect Networks and End Users
Everyone agrees protecting Internet users from malware and social engineering exploits like phishing is a valuable thing to do. At minimum these attacks are a nuisance because they degrade the Internet experience, worst case they can be costly and dangerous. But protecting networks and end users is becoming more difficult… [Read More]
December 8, 2011 |
Resilient DNS: Maximizing Internet Performance and Preparing for DDOS (part 3 of 3)
Just as it’s important for service providers and enterprises to maximize the performance and availability of their caching DNS servers, it’s important for brand owners and IT departments to ensure the robustness of their Authoritative DNS. Some of the issues are similar, but ensuring security of Authoritative data also has to be considered. [Read More]
December 5, 2011 |
Resilient DNS: Maximizing Internet Performance and Preparing for DDOS (part 2 of 3)
An earlier post talked about how important it is to maximize the responsiveness and availability of caching DNS in order to maintain a good user experience. It focused on the benefits of using Anycast. There are several other things worth considering for caching DNS as covered below: [Read More]
NOVEMBER 14, 2011 |
Resilient DNS: Maximizing Internet Performance and Preparing for DDOS (part 1 of 3)
For network operators, recursive (caching) DNS is a critical service. Without good, fast DNS service, the Internet service appears slow and unresponsive. Caching DNS systems must also be capable of absorbing “spikes” in traffic which can occur for a multitude of reasons – peak loads, Internet events, DoS etc. [Read More]
OCTOBER 27, 2011 |
Ready for IPv6?
Service providers everywhere are executing on IPv6 transition strategies, some with more urgency than others. Numerous approaches to enable the transition are being implemented, with a goal of maximizing the utility of IPv4 addresses while ensuring 100% connectivity to the small but rapidly growing base of IPv6 addressed hosts. [Read More]
OCTOBER 19, 2011 |
Building Broadband Bridges in Brazil
Countries around the world are seeking to spur broadband development, recognizing direct benefits in the form of economic growth, national competitiveness and improvements in social and cultural development. [Read More]
SEPTEMBER 12, 2011 |
FutureCom Focus on Cybersecurity
The vibrancy of Latin American economies and rapid growth in broadband in the region were on full display at the FutureCom show held in mid September in Sao Paulo, Brazil. Paul Mockapetris gave a keynote speech “The Future of Defense Against Cybersecurity Threats” and conducted interviews as linked below. [Read More]
SEPTEMBER 2, 2011 |
Q&A Session with Nominum’s New CEO, Gary Messiana
What attracted you to Nominum?
Nominum is a major player in the networking world with incredible product and technology assets. Hundreds of millions of users depend on us for DNS every day, making us a force in most markets and geographies. Our unparalleled market success has been fueled by some of the world’s brightest DNS minds, [Read More]
SEPTEMBER 1, 2011 |
Welcome to Our Blog
Domain [names] and IP addresses [numbers] are the foundation of the Internet. People at Nominum spend a lot of time thinking about DNS and how to use it to make the Internet better. That’s why we’ve created the [names & numbers] blog. It’s a place to start conversations and stimulate thought. It aims to be deeply informative, provocative, and non-commercial. We welcome your comments. [Read More]