The Turkish government has reportedly blocked access to Google’s public DNS service from with its borders, as part of its recently instituted censorship of Twitter.
According to local reports, the IP addresses 184.108.40.206 and 220.127.116.11 — Google’s public DNS servers — were banned after they became widely used to circumnavigate blocks on Twitter’s domain names.
Turkish prime minister Recep Tayyip Erdogan last week vowed to “wipe out” Twitter, after the company refused to take down tweets criticizing his government over corruption allegations ahead of an election next week.
Twitter is encouraging Turkish users to use SMS to send tweets instead. Many Turks are also turning to VPNs to evade this bizarre piece of Draconian censorship.
ARI Registry Services officially announced its aggressive targeting of the DNS services market at an event in Toronto last week.
The company says it is the named DNS provider in over 450 new gTLD applications, giving it a substantial foot in the door should they be approved by ICANN.
That’s almost three times as many applications as ARI is involved with as registry provider.
“To our competitors, we are coming for you,” a tired and emotional ARI CEO Adrian Kinderis said during the launch event at a club in Toronto last Tuesday, which DI attended.
“Bring it on,” equally tired and emotional executives from larger competitors were heard to mutter in the audience.
ARI seems to be targeting just TLD operators to begin with, while competitors such as Verisign, Neustar and Afilias also offer managed DNS to enterprises.
ARI already runs the DNS for Australia’s .au.
The Dotster-owned DNS service provider ZoneEdit this morning returned from an unexplained five-day outage that has left many users extremely miffed.
The interruption affected only ZoneEdit’s management interface, not its DNS resolution, so it only affected customers who needed to make changes to their zones.
Users first started reporting they couldn’t access their accounts on Friday.
I’ve reported the story for The Register here.
Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.
CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:
The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.
Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.
If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.
That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.
Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.
Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.
In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.
Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.
Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.
This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.
Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.
According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.
Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.
To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.
The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.
The binary for the string “microsoft” is:
and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):
Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.
I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.
But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:
To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.
I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.
His conference presentations will also discuss possible hardware and software solutions.
For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.
I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.
The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.
Kaminsky is not discussing DNS this year, judging by the agendas.
The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.