Blog Post

Keeping up with DNSSEC

By Mark Dokter, Senior Product Manager, and Ralf Weber, Senior Architect

network security

Posted on September 14, 2017 in: Network

Tags:

DNS was first conceived in 1983, back when one of the most memorable movie quotes of all time was popularized: “Go ahead, make my day” (Clint Eastwood in “Sudden Impact”). The internet as we know it today did not yet exist; however, ARPANET, its predecessor network, was the exclusive domain of a small group of academics and researchers, so no one gave much thought to security. A lot has changed.

Read more

Blog Post

A Rich Policy Language for the DNS

By Ralf Weber, Principal Architect, Special Projects

Rich Policy Language DNS

Posted on August 10, 2017 in: Network, Security

Tags: , ,

For many years ISPs in certain parts of the world have been required by their regulators/governments to redirect certain websites that were deemed malicious or suspicious. DNS offered a straightforward way to do this; and Nominum, being a DNS company, developed an early mechanism using a DNS zone file that made it simple for ISPs to comply. The technology was originally named “Malicious Domain Redirection” (MDR), and it basically allowed DNS server operators to perform a single action for a given domain name. Actions could be categorized so that each action or redirection did not have to be repeated.

Read more

Blog Post

The Importance of DNS in Security – Part 1

By Dean McDonald, Senior Director, Sales Engineering, Asia Pacific

Posted on June 13, 2017 in: Security

Tags: , ,

The importance of the DNS security protocol in general is widely understood, particularly in today’s overall security landscape. Anyone who currently manages (or has managed) caching/recursive or authoritative DNS servers knows the pain it causes when they go down. It’s bad. Without available DNS there is no internet, at least no usable internet. Generally, most, if not all applications today rely on DNS to locate resources somewhere on the internet to function. Additionally, said apps are becoming more and more reliant on the DNS.

Read more

Blog Post

The Business Parallels between IPv6 and DNSSEC

By Thomas Orthbandt

Nominum Logo

Posted on June 13, 2012 in: Network, Security

Tags: ,

 For two things that would seem to be completely unrelated there is an interesting parallel between IPv6 and DNSSEC.  In both cases there is a misalignment of interests between content providers and service?providers.   Content providers aren’t highly motivated to deploy IPv6 because only a small proportion of users have v6 connectivity and even fewer only have v6.  Service providers aren’t anxious to deploy IPv6? because there isn’t a lot of content on v6, and virtually none exclusively on v6 – so they don’t expand the universe of interesting stuff on the web by deploying IPv6.  Basically the same things could be said about DNSSEC.  Content providers don’t sign their domains so there is little reason to validate; and no one is validating so there is little reason to sign, at least until recently.  Fortunately this is starting to change on both fronts.

Blog Post

Driving DNSSEC

By Thomas Orthbandt

Nominum Logo

Posted on March 21, 2012 in: Security

Tags:

DNSSEC continues to gain momentum as network operators and domain owners watch and learn from early adopters.   The learning process is made easier by efforts such as the ongoing work conducted by researchers at Sandia labs to methodically identify and categorize the kinds of problems that are occurring.

Read more